FTDIgate 2.0?

[mtdoc]

Whether this helps or hurts FTDI in the long run, they made this decision, and they will ultimately be the ones dealing with the results.

I don't think the impact on FTDI will be that big as they are likely to keep most of the business they have. The biggest question is how many design-ins they will miss due to people not using FTDI USB-UART bridges anymore for various reasons. Also note that WIndows 10 comes with drivers for almost every USB UART bridge out there so the advantage of having the drivers delivered with Windows and only FTDI's products working out of the box diminishes quickly.

Does anyone know what percentage of FTDI's business comes from this chip?

[all_repair]

I don't think the impact on FTDI will be that big as they are likely to keep most of the business they have. The biggest question is how many design-ins and new business they will miss due to people not using FTDI USB-UART bridges anymore for various reasons. Also note that WIndows 10 comes with drivers for almost every USB UART bridge out there so the advantage (unique selling point of FTDI) of having the drivers delivered with Windows and only FTDI's products working out of the box diminishes quickly.

The win10 thing makes the FDTI moves look so comical.  I didn't know win10 shall eliminate FDTI previous advantage, and also didn't know that some compatibles are actually better than FDTI.  If they didn't pull these silly moves, they can charge their premium price and people like me shall always be paying and recommending.  We just could not afford to play these childish games, and we do not run the security services of all the FDTI supply chain and can never be sure of what containmination may happen.  For nothing, they have thrown away their brand advantage. 

[madsci1016]

They probably assumed (perhaps wrongly?  That's not for me to say) that most people wouldn't blame them, they would blame the manufacturer who built the device.  If the manufacturer was the one responsible, they had it coming (charging people for real devices and putting in fakes to increase profits), otherwise the manufacturer would blame their build house or distributor.  If the build house/distributor was the one responsible, they had it coming (again, charging customers for real devices and supplying them with fakes), and so on up the chain.  Maybe they thought this unfolding of events and the resulting tightening of supply chains would outweigh the backlash from end-users.  I imagine they had discussions on the topic and came to this conclusion, but I don't have any inside information.

Exactly. The companies who chose to use risky supply channels are the ones that are going to have angry customers. This is how you force the issue and identify bad supply channels.

To me, the interesting thing about this whole mess is why FTDI chose the approach they did.

I'm still waiting for an alternative to be suggested and not defeated. To recap, so there's no more spinning in circles in this thread, here's what's been suggested and defeated.

Use the laws to go after counterfeiters and cloners
Ineffective and prohibitively expensive, intentional trade law is useless.

Pop-up a message
Can't; driver runs outside user-space

Then just log a message in the system log
Really? Who reads their system log all the time?

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI.

Design a new chip with security features
Extremely expensive to redesign silicon. Not to mention any security/encryption features in the communications would mean there could be no Linux support. At least without binary blobs and we all know how linux people feel about binary blobs.

[mtdoc]

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI..

How does that not happen with their current approach?

Also you left out Dave's suggestion (from the AmpHour) about some sort of holographic on the chip surface. Or to paraphrase him "they're the geniuses they need to figure it out".

Even if there is no perfect benign way to do it - it still doesn't justify their current approach IMO. 2 wrongs don't make a right, etc.

[nctnico]

There is one option missing:
Do the FUD dance like Microsoft does: yell loud and hard illegal copies are unreliable and likely to cause damage but do nothing to disable illegal copies effectively because god forbid people start using a different OS. Better have people locked into your solution even if they can't afford than having them use someone else's solution they might be able to afford in the future.

Translated to FTDI's situation: let the driver work with any chip and spend money on a FUD campaign. Much more effective because in the end nobody wants fake chips in their circuit.

[madsci1016]

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI..

How does that not happen with their current approach?

Because it sorta works, with odd results any decent engineer will pull up the serial stream to debug. And hey look, it says what's going on right there.

[mtdoc]

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI..

How does that not happen with their current approach?

Because it sorta works, with odd results any decent engineer will pull up the serial stream to debug. And hey look, it says what's going on right there.

Yeah, but it's not the design engineers who are going to discover it in most cases.

[mtdoc]

Translated to FTDI's situation: let the driver work with any chip and spend money on a FUD campaign. Much more effective because in the end nobody wants fake chips in their circuit.

Bingo! More effective and preserves good will with users.

[madsci1016]

Pop-up a message
Can't; driver runs outside user-space

ExRaiseHardError() sends a message to csrss, then csrss will pop up a message box.

I'm not a driver devloper so I asked a few i know before I made that suggestion. From a quick google of ExRaiseHardError() I can only find a social.msdn thread that says it's undocumented and a stack exchange one that says it wont work, and is only a message queue scheme for admins.

[madsci1016]

Translated to FTDI's situation: let the driver work with any chip and spend money on a FUD campaign. Much more effective because in the end nobody wants fake chips in their circuit.

Bingo! More effective and preserves good will with users.

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not? What in the hell is an ad campaign going to do if that is true?

[mtdoc]

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not?

No.

What in the hell is an ad campaign going to do if that is true?

The ad campaign may be able to do what you and others keep claiming their recent practices will do: That is convince manufacturers to carefully check and secure their supply chains.  No, it will not impact what the average consumer does -but neither does their current approach (other than in a negative way).

[madsci1016]

Showing message to Admins is not a bad idea. Most users, even with UAC enabled, are logged in as admins, except for enterprise environments.

Do you know if this call works the way you think it does? (I don't) By just with experience using Windows workstations and Windows server versions, I would guess messages made by this call would never be seen by a windows workstation, even if logged in as admin. Windows Servers versions have mandatory click through when you bootup or shutdown that has messages like driver failures. And the stack exchange mentions when the 'admin logs in next time' so I assume it's that mechanism. You don't have that in non-server version.

But I can be dead wrong on this. Not a driver developer.

[nctnico]

Actually the campaign could also target the electronics designers and makers so they are more careful with buying stuff from Ebay.
What triggered FTDI gate 1.0 here was me buying some boards (intended for one of my customers) from Ebay with fake chips which where then bricked by the new driver and me creating a posting. Had I known there where fake chips circulating I would have been more careful with selecting the boards. Now my customer is using boards with a Silabs chip.

[madsci1016]

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not?

No.

Really?

the majority of consumers would likely not know about it - since most will know nothing about FTDI, usb-serial conversion, etc.  IOW - people with no knowledge or intention to buy a device with a cloned chip (or make a device with a cloned chip) are being adversly affected.

Hmmmmm....

[mtdoc]

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not?

No.

Really?

the majority of consumers would likely not know about it - since most will know nothing about FTDI, usb-serial conversion, etc.  IOW - people with no knowledge or intention to buy a device with a cloned chip (or make a device with a cloned chip) are being adversly affected.

Hmmmmm....

Oh get over it.  I didn't say that was never an issue I raised I said it was not the point of my posts.  So once again - since you seem to want to troll -  here is the summary of mine and others main points:

1) FTDIs actions have/will adversely affect end users and some manufacturers who had/have no intention of buying fake chips.
2) Those consumers have other inexpensive options with equal or better function they will choose.
3) FTDIs actions are causing distrust of their brand name and causing people to design products with different chips or in the case of  informed end users avoid products with FTDI chips
4) FTDI's actions with it's drivers and social media demonstrate poor judgement (IMO of course) and will only hurt them.
5) There are other actions they could take that would likely be equally effective but not have the same adverse effects.

BTW - since you seem to be trying to personalize it. Let me ask you a question:  You seemed to have joined this forum only to defend FTDI - all of your posts are in this thread. Do you have any financial relationship with FTDI to disclose?  If not, fine - but it's a question that needs to be asked since a similar thing happened during the first FTDI gate thread.

[station240]

Despite releasing another round of "screw you" drivers, FTDI still have a problem.
The clone/fake/alternative USB to comms are both cheaper and don't have hardware bugs.

So given the choice of:
a) Spin new silicon.
b) Discount FTDI parts.
c) Sabotage clones by rewriting the driver (again).
They went with C because they are cheap bastards, the other two options cost real money.
Now new silicon could resolve the issues their customers have with bugs, and likely result in a cheaper product (eg use smaller process)

Perhaps FTDI know they have little time left as a company, this is a last ditch attempt to keep them from going broke.

[madsci1016]

BTW - since you seem to be trying to personalize it. Let me ask you a question:  You seemed to have joined this forum only to defend FTDI - all of your posts are in this thread. Do you have any financial relationship with FTDI to disclose?  If not, fine - but it's a question that needs to be asked since a similar thing happened during the first FTDI gate thread.

Well, does working with companies that have millions of $ and years in development invested in selling products that have FTDI in them count? I joined to try and give alot of the people here, which are mostly hobbyists and a few small product producers another view. One where we don't blame manufactures for breakdowns in supply chains. One where we can't easily switch to another serial chip without halting production for months of development and regression testing. One of the companies is in the industry a lot of people are citing as a metaphorical case for bad stuff happening,  as far as I heard, no bad stuff happened.

Oh get over it. 

Well subtle insults escalating to this I can tell you don't have interest in keeping this civil anymore. Let me summarize my opinion for you and call it done. (Notice these are opinions of yours and mine, not facts.)

1) FTDIs actions have/will adversely affected end users and some manufacturers who had/have no intention of buying fake chips.
Yep, much like issues that arise with use of any counterfeit chip, end users usually are affected.

2) Those consumers have other inexpensive options that with equal or better function.
Go ahead, we aren't arguing to stop you. Us on the other hand can't change like that, nor do we want to. See above.

3) FTDIs actions are causing distrust of their brand name and causing people to design products with different chips or in the case of  informed end users avoid products with FTDI chips.
Count me as a product designer that doesn't agree. We trust FTDI for many reasons, and trust our supply lines to give us real chips.

4) FTDI's actions with it's drivers and social media demonstrate poor judgement (IMO of course) and will only hurt them.
Social media tends to always be handles poor in this day in age. But I don't disagree, blocking everyone was silly.

5) There are other actions they could take that would likely be equally effective but not have the same advers effects.
I disagree. All the other suggested actions are marginal at best, in my opinion.

[mtdoc]

By just with experience using Windows workstations and Windows server versions, I would guess messages made by this call would never be seen by a windows workstation, even if logged in as admin. Windows Servers versions have mandatory click through when you bootup or shutdown that has messages like driver failures. And the stack exchange mentions when the 'admin logs in next time' so I assume it's that mechanism. You don't have that in non-server version.

If true, is that really relevant?  What percentage of end users of FTDI chips are using them on windows workstations?  My guess is very low. You seem to be trying to sidestep blueskull's point

One where we don't blame manufactures for breakdowns in supply chains.

I've seen no one here do that.  The blame is being placed on FTDI for their destructive choices in how they deal with clones.

[cdev]

Could the offending devices be used with generic open source drivers if they had different USB IDs?


The alternative is diving into a black hole that we all know will then be used as another rationale to create a whole new surveillance and metadata providing infrastructure.

[miguelvp]

I've seen no one here do that.  The blame is being placed on FTDI for their destructive choices in how they deal with clones.

Their first choice was impairing the fake chip, pretty aggressive but not destructive.
Their 2nd choice was obfuscating the fake chip, less aggressive but not destructive either.

We haven't seen a single example that something got destroyed in the literal sense of the word.

destroyed hopes and reputations, maybe but not the hardware.

[cdev]

Every component of a system has its own microcomputer with its own ethernet and wifi embedded in it, because silicon is cheap and network bandwidth is cheap.

Internal to the device, they all communicate via a tamper proof bus that has internet connectivity, so if any component discovers another component thats not interacting properly, it phones home about it. Then a signal is sent to query it and if it cannot identify itself adequately, the signal is sent to deactivate it while a special squad is dispatched to bring it and whatever is attached to it in. All parts will have a globally unique ID and IPv6 address.

[Karel]

It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.

Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?

You can find the Integral IZ232R datasheet here http://www.bms.by/eng/spec/index.php?pass=inf1

Thanks. Unfortunately, I'm not able to find any info regarding the USB VID & PID.
Also, they don't provide any information about which driver to use.

Please let me know if you know where to find this info.

So, if this IZ232R isn't using the USB VID of FTDI, that's completely fine to me.
And if that's the case,  it will not be harmed by FTDI's driver.

[Karel]

Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.
But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips..

So, when you buy a car and it brakes down, you don't go back to the place where you bougth it but
buy another brand instead?
When I buy a device and it stops working, I go back to the seller and he will fix it, no matter what the cause is.

[janekm]

They probably assumed (perhaps wrongly?  That's not for me to say) that most people wouldn't blame them, they would blame the manufacturer who built the device.  If the manufacturer was the one responsible, they had it coming (charging people for real devices and putting in fakes to increase profits), otherwise the manufacturer would blame their build house or distributor.  If the build house/distributor was the one responsible, they had it coming (again, charging customers for real devices and supplying them with fakes), and so on up the chain.  Maybe they thought this unfolding of events and the resulting tightening of supply chains would outweigh the backlash from end-users.  I imagine they had discussions on the topic and came to this conclusion, but I don't have any inside information.

Exactly. The companies who chose to use risky supply channels are the ones that are going to have angry customers. This is how you force the issue and identify bad supply channels.

To me, the interesting thing about this whole mess is why FTDI chose the approach they did.

I'm still waiting for an alternative to be suggested and not defeated. To recap, so there's no more spinning in circles in this thread, here's what's been suggested and defeated.

Use the laws to go after counterfeiters and cloners
Ineffective and prohibitively expensive, intentional trade law is useless.

Pop-up a message
Can't; driver runs outside user-space

Then just log a message in the system log
Really? Who reads their system log all the time?

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI.

Design a new chip with security features
Extremely expensive to redesign silicon. Not to mention any security/encryption features in the communications would mean there could be no Linux support. At least without binary blobs and we all know how linux people feel about binary blobs.

I made several completely sensible suggestions that would actually protect their business:

• Help companies identify whether the chips they buy are genuine (turn the challenge of copycats into an advantage of "Genuine FTDI"). This can be done through serial number verification as I suggested (i.e. show the number of times a serial number has been verified on the server, this is a long solved problem in the verification industry, if your serial number has been queried 100000 times you know something is weird).
• Widen distribution of your genuine ICs so that customers with tight deadlines (or a dislike of customs hassles) can actually buy your chips when they need them.

Instead, they're doing the opposite in both cases, "forcing the issue" indeed but towards alternative ICs.

[nctnico]

Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.
But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips..

So, when you buy a car and it brakes down, you don't go back to the place where you bougth it but
buy another brand instead?
When I buy a device and it stops working, I go back to the seller and he will fix it, no matter what the cause is.

You are being naive again. In many cases it turns out a seller is incapable of providing a fix it because the manufacturer doesn't respond. The only alternative is to take your loss/get a refund and buy something else. Yes, this happens with cars too!