And stick with F/OSS drivers!
FTDI's CEO Fred Dart has given a rare interview to explain that the company's sometimes-unpopular anti-counterfeiting practices are part of a fightback against a professional Chinese knock-off operation. Adafruit scored the chat, which is published here. Scotland-based FTDI ran into users' ire last year when people found its …
F/OSS drivers are all very well, and in general to be applauded - but at present it would seem that they lack the ability to inform the user that the chip being driven is not a genuine part. Which is unfortunate, given the inability of the fake parts to behave as well as the genuine article; the user needs to know that they don't have the part they thought they paid for - particularly if the software they're using is affected by fake external chips. (This has happened with some of my software).
There is exactly no excuse for faking chips, and every reason for the makers of the genuine article to try and stop the use of such chips. Any reputable maker should be doing the best to ensure that only chips either made by or licensed by them are available in the supply chain.
And any sane person should be doing their best to avoid the knock-offs. Do you *really* want bits of your system that not only don't behave as the putative manufacturer claims, but may have other unknown and possibly undesirable behaviours?
---> from orbit, it's the only way to be sure.
"it would seem that they lack the ability to inform the user that the chip being driven is not a genuine part."
The proposed FTDI linux driver update was more than capable of identifying the device as fake - and bricking it. It was reverse engineering which proved that the detection and reaction was deliberate, not some "by chance" happenstance.
Ideally the Linux driver would notify you with a printk in dmesg so you know it is not a legit FTDI device, but still perform its driver functions. That way if you experience problems you will know it is probably because it is a copycat, but if it works for you you're no worse off.
The end user has almost no way of telling if he's buying a device that contains a legit FTDI chip or a cloned one (unless you buy the cheapest whatever you can find on eBay that's shipped via "epacket delivery from China" - then you should know odds are good it is cutting corners)
After last year's criticism, Dart reckons today's approach, in which the driver refuses to work if it detects a counterfeit (without bricking the product), is endorsed by most of its customers.
I work for an authorized distributor that sells FTDI chips and I can tell you the above statement is true. Serious customers want to know they are buying genuine chips and they quiz us to make certain we sell the real stuff.
It's funny when people that bought counterfeit FTDI chips off eBay call us and demand we switch them for genuine chips "because it's not my fault I bought a counterfeit!!!".
No manufacturer wants to risk the reputation of their company's end products by putting counterfeit components in their system.
I did but point is that they are making claims that just aren't true to justify disabling them which is not in the best interest of the consumer, I mean criminal gangs, Were there no terrorists available?
If the fakes break why bother disabling them in the first place?
Why not go to all the people you supply and then list the products that are genuine on a website?
> If the fakes break why bother disabling them in the first place?
Well firstly, if they break then FTDI gets blamed for making unreliable hardware. If they don't break, then as pointed out above, they may not work as expected causing various problems ranging from "doesn't work" to "works in strange ways" - both of which get the users criticising FTDI for producing crap chips.
It really is a tricky one for them. They have every right to protect themselves - both from the financial fraud and from the reputational damage. But they have to do it in a responsible way.
I have no idea what is technically possible, but actually popping up a warning when the device driver is loaded would be (IMO) the best way. I'm guessing that isn't possible.
I have no idea what is technically possible, but actually popping up a warning when the device driver is loaded would be (IMO) the best way. I'm guessing that isn't possible.
With headless systems the driver could register its complaint with the system logger, but with embedded controllers you may not even have that option.
"The fakes break, so therefore the genuine company gets blamed for selling shit hardware."
The fakes break harder when the genuine company deliberately nobbles them - and gives zero indication that the device was disabled because it's not genuine.
If it can ID the fake bits then it can refuse to work with them. Deliberately damaging hardware crosses the line.
Imagine a world where the first opamp, the 709, could not be functionally copied, and improved versions made that slot into the original socket. Where would we be if the microprocessor stopped at the 8080? If any other manufacturer can replicate the function, but without reverse engineering the actual chip, then that is legal and beneficial to all - except those who would prefer a lifetime monopoly. It's a shame since FTDI do make some newer parts (EVE) and these are every bit as ground-breaking as the '232. Come on guys, you've had a good run with this, let it go, and realise that copying the VID is no worse than copying a regular opamp pinout.
No, it's not. The replacements for the 709 and the 8080 and all the others were identified as different from the original (and I seem to recall that the 6501? was a plug in replacement for the 6800, which the makers of the 6800 got nuked, hence the pinout change for the 6502). They weren't sold as the genuine original article.
By all means make a pin compatible equivalent; if it's better (for whichever definition of 'better' you prefer) than the original then people will use it. But don't pass it off as an original part - and pay for your own VID so people (i.e. operating systems) have an easy way to know what they're buying.
"The replacements for the 709 and the 8080 and all the others were identified as different from the original"
The replacements for the FDTI chips are shipped as identified differently. They support the same instruction set as the FDTI in the same way that "AT" modems all copied Hayes functionality.
What happens after that is an issue. Repackagers do put them in fake FDTI plastic encapsulation but the vast majority are sold as "FDTI compatible" chips, not as genuine ones.
The irony is that the main "knock off" part is actually _better_ than the FDTI and adheres to the published specification better than the original. That's shades of the VT100 terminal, which had several major bugs in its operation that meant it didn't fully comply with the VT100 specification - and when fully compliant terminals were used that would throw strange TABs across the screen all the time, DEC's response would be "Your problem is because you're not using a genuine DEC terminal"
"The irony is that the main "knock off" part is actually _better_ than the FDTI and adheres to the published specification better than the original."
How is the counterfeit part better than the FTDI part? (except being cheaper)
Modems adopted the Hayes commands, but still each of the responded to the ATI command differently and identified themselves as non-Hayes. These FTDI counterfeits claim to be genuine parts and have the USB IDs that are reserved to FTDI. Those VT100 compatibles didn't feature DEC logos etc.
This post has been deleted by its author
FTDI spent a lot of time, money and resources developing their product range.
Someone is stealing their IP and no one is doing anything to stop the fraudsters.
Legit businesses are getting caught as well, as fakes do make their way into the supply chains.
These things don't meet the specification. Do you want them in a medical device that's treating you?
They ARE stealing their IP, which includes FTDI's reputation. They are putting a fake FTDI logo on and faking the PID/VID, which is IP owned by FTDI.
It is like you coming up with your own crap-coke then putting it in a Coke bottle, with the Coke logo etc... and claiming to be Coke.
It is illegal. Period.
No, all they are doing is using the FTDI driver as a standard in order to avoid paying the USB monopoly for a vendor ID. The popularity of these drivers is precisely because of the number of cheap devices using them. The story that FTDI are now spinning that their prized brand earnt that and is now being hijacked, is a pure fabrication.
If they "stole" a vendorId, then he probably "stole" his employees jobs and moved them to China.
Fair enough to not want to support other people's hardware, but isn't USB to serial port completely standard (like day 1, first line of USB protocol specs). Isn't there an OS driver for this?
Lets spin this situation on its head a little.
Lets say a chinese vendor starts selling x86 processors and branding them as "intel processors" with the logo and everything...is that okay?
That is what is happening here, these aren't just people using FTDI's drivers and USB VID, many of the chips feature an FTDI logo. They are counterfeit....
The fact is that if you are a company selling USB chips you aren't meant to use other peoples VID, they actually cost money...
I have designed electronics for years and have used FTDI chips, they are awesome little devices and some can do JTAG, SPI and I2C as well as just being UARTS.
Suppose a web site only supported IE and your Mozilla browser "stole" Microsoft's agent string and claimed it was IE?
And who exactly would that inconvenience? Microsoft? Nope. Mozilla? Not at all. The web site's operator? Maybe, if he was inundated by support calls: "Your site doesn't work right. Oh, I'm not using a real IE, but Mozilla set to claim it's IE" that he doesn't reject out of hand, and probably offset by a larger number of visitors. And a visitor is quite likely more inconvenienced by being forced to use a particular browser, than having the browser fake its identity.
So, wrong analogy.
"Lets say a chinese vendor starts selling x86 processors and branding them as "intel processors" with the logo and everything...is that okay?"
Let's say a chinese vendor starts repackaging Godsoon chips so they're pin-compatible with Intel, then another chinese vendor grinds off the Godsoon markings, rebranding the package as genuine Intel.
Is it a fake because it's a fully compatible workalike without Intel branding? Is it a fake when the labelling is changed? Would Intel be in the right to look for Godsoon CPUs and zap them?
I think you have just single handedly managed to prove FTDI's point here !!! The FTDI hardware/driver was pretty much the first, and continued to be the best for a long time, so much so that it is considered the defacto standard.
So much so that fakers want to ride on the back of their drivers and reputation.
I have a small batch of components, purchased from a respectable source, that turned out to be fake. The other day, just out of curiosity, I checked what I think it's an original arduino adaptor and it didn't work in windows 7, but it did in Linux, so I assume it is fake too (either the whole thing or only the chip).
I am also concerned about the quality of the fake chips (and the possibility that the driver issue hits my customers), so given my inability to be sure of the origin of what I buy, I am moving to the silicon labs solution (sorry FTDI chaps).
These crooks have already harmed FTDI, possibly beyond repair.
I don't think fleaBay counts as a respectable source.
If you really did get from a respectable source then I guarantee you can contact them, let them know they sold you fakes and they will do everything they possibly can to rectify your immediate concerns, and will investigate the source of the fake devices.
Do you think FTDI are the only target for fakes? The real root cause is your 'respected' supplier, who really aren't.
Bricking other people's hardware - daft evil dumb approach, karma owing...
Refusing to function their parts with your driver - acceptable
Providing a pop-up notice about why the driver won't work - saintly
Shouldn't FTDI move on? USB to Serial is kind of old hat. Did they expect this now-trivial function to provide a lifetime of steady income? 20-year patent or Forever Copyright doesn't mean that one's business model can be immortal.
I suspect FTDI's own beligerant approach to the fakes has cost them more sales than the fakes ever did.
I don't buy 'stuff' I can see has FTDI named in the spec or that I can see on the board, it's not that FTDI are bad devices, they're good, it's not even that they're pissed off by the pirates (they've every right to be) but it's that they have pulled stunts like this which mean that I, as a consumer, have to be able to verify the provenance of the FTDI device before I buy the gadget or I run the very real risk of it being a useless lump of crap when it arrives.
So, I don't buy it.
While that doesn't directly cost FTDI sales of any significant numbers, it does mean that if other people realise buying 'FTDI' is a gamble too, FTDI will lose design in for new products and that will eventually hurt them an awful lot.
Fair play to FTDI, they've got every right to refuse to allow their drivers to work with the fakes but the way they do it sucks.
if they'd approached this differently, lots of publicity, lots of user interaction, handy utilities that verify genuine chips, guides to spotting fakes etc. then it could have been so much better for them, even a publicity win, I'd certainly respect them a lot more.
Instead they went about it in a very underhand way, bricking hardware with no warning, sending wrong data in the second.
Hells, even the Chinese gangs who made 'homebrew' cards for games consoles managed to do better than FTDI when their products were being forged, they offered utilities to verify your homebrew cartridge was genuine, pictures of real vs fake etc. (researched for legitimate reasons BTW)
Someone's gotta do it. I use their gear every day and will chose it over the alternatives any day. I think many people fail to realise that there are industries out there that do most of their data transmission over RS232 and RS485. And these aren't little cottage industries, we're talking squillions of dollars at stake. It's not unreasonable to expect that a failed USB-Serial converter could cost quite literally hundreds of thousands of dollars a day until it's replaced.
Trust me, I know how difficult it can be to get changes made in some industries (40 year old control computers still in use and actively maintained) but by the same token, those industries also have incredibly stringent QC and supply chain management which I and many others can't hope to emulate.
So, in my personal life, I avoid FTDI, as I said, I can't guarantee the parts built into products I might buy are genuine and there are perfectly acceptable alternatives. While I could easily replace dodgy parts with genuine (I have the skills and tools) it's just as easy to buy something that doesn't use them in the first place.
If I were still designing products for sale (I designed a few that were moderately successful in the automotive diagnostics market) I would be avoiding FTDI like the plague, purely because I don't need to find out in six months time that I can't get hold of genuine parts as they have no stock and need to rely on brokers who may or may not have bought dodgy counterfeit parts.
Yes, I appreciate that might happen with other brands too but FTDI have form, bricking embedded designs, rendering them useless and generally causing mayhem.
BWAHAHAHAHAA.... no, dude, they could never possibly touch the monumental amount of damage you did to your own reputation with being a colossal dick - TWICE. I know I'll never, ever design an FTDI chip into anything ever again - there is no such thing as a guaranteed supply chain unless one buys from YOU directly, and that's not something everyone is able to (or want to - see delivery times) do. Oh, and by the way - the clones were actually MORE faithfully following your spec than your own damn chips did - which is why you could erase VID/PID in a clone with the exact same code a "genuine" chip failed to execute due to a bug...
How long do you think your suppliers are going to keep using dodgy chips after you return a whole batch of boards because they haven't used the right parts? The only way to get good results from your suppliers is if you don't accept crap from them. If you're going to accept knock-off chips in your product without pushing it back to your suppliers you probably need to have a good hard look at your QC systems. If any of my suppliers tried that sort of crap I'd crucify them. In fact, I did exactly that about 6 weeks ago. And whadda-ya-know, after discussions with their CEO and QC people they are getting their act together and putting better controls in place to assure their supply chain.
Yup. I've run into fake FTDI products before, it never caused me to think less of FTDI. What caused me to think less of FTDI was their stupid, possibly criminal and certainly anti-social, response to the fakes. And they've done it again. FTDI mate, the person who's damaging the reputation of your products is you.
I too stopped specifying or buying FTDI products or sub-assemblies with FTDI products after the first fiasco. My purchasing power in these regards is small but I know of hundreds of others who've said the same and I know some of those have some serious purchasing power. Anybody who doubts this, just try searching FTDI on the EEVBLOG forum where a lot of professional electronic design engineers hang out.
"there is no such thing as a guaranteed supply chain unless one buys from YOU directly"
People have reported finding fakes in the genuine parts stream. The issue of fake branding is major, but it's clear that FTDI can't keep its house in order. I wonder if they've employed management who used to run British Leyland.
Dropbear: there is no such thing as a guaranteed supply chain unless one buys from YOU directly
Wrong, all you need to do is buy from an authorized distributor. They are listed on the manufacturer's website. It's as easy to buy from an authorized FTDI distributor such as Mouser Electronics as it is to buy a book off Amazon.
Pay a few cents more than the fake and you get a reliable device.
Even if the FTDI drivers worked with the fake, there is a good chance the fake will stop working a year from now. These are cheap counterfeit chips, and the counterfeiters are overclocking a cheap MCU to do it. The FTDI design techniques are insufficient to prevent the cheap counterfeits from eventually overheating. Go read the product reviews on Amazon. Manufacturers that knowingly buy counterfeits put out cheap products that eventually fail (think they give a damn about you???).
Dropbear: the clones were actually MORE faithfully following your spec than your own damn chips did
Now you are just making stuff up.
FTDI refusing to let their device drivers operate with a fake device is the best resolution for this situation.
Most buyers have to trust their suppliers when ordering small quantities. Those suppliers also have to trust their brokers / wholesalers too. How on earth are small scale customers supposed to ensure that their device is kosher?
FTDI have authorities that can help them stem the flow of these fakes in the UK at least (Trading Standards and Customs & Excise.) They should be using those instead of bricking an innocent third parties components.
But only in the ridiculous "IP" sense of the word (no copyright legislation has ever defined infringement as theft).
On the other hand, shoddy products deserve to fail, if that is in fact the case, rather than just sour grapes.
And yes, making false claims for commercial gain is also fraud (but again this is quite orthogonal to stealing).
I find it odd that the Free Marketeers constantly eulogise the doctrine of "letting the market decide" ... until they need the privilege of a state-enforced monopoly, at which point they hypocritically demand tougher regulation.
The FTDI clones (clone FT232R for example) work better than the FTDI chips - not only do they work just fine as USB-UARTS (which is not rocket science) but the clone "bit bang" and SPI modes work BETTER; on official FTDI chips the timing is pretty horribly broken.
I refer the learned viewer to the posts and scope captures by "Marcan" (who has an excellent pedigree in the low-level hacking world)
Another post pointing out bit-bang mode is hopelessly broken
And FTDI bury the admission in an errata (3.1.2 "BitBang Mode variable Pulse Width")
You'd assume because they mention it in RevA silicon that it's fixed in later version but apparently not.
I sympathise with FTDI regarding "clones", but you're right about their "bit bang" mode and reluctance to admit it. The erratum (version 1.0) which you mention is dated November 2010, but they admitted the fault in an email to us in November 2008: The uneven pulse width is due to a flaw in the clock synchronization (sic) between the usb and output stage. Knowing that the device didn't work as described would have saved my designing to use it in that way and several more hours investigation to discover that it was their fault, not mine.
A USB to serial interface is really something that ought to be implemented as a HID class device, the same as a keyboard or mouse. If it had been then FTDI would have nothing at all to gripe about because the PID and VID would not need to be the same. The Chinese devices are not copies as is claimed, they just provide similar functionality, the same as the plethora of keyboard and mouse chips do. Having used several Chinese parts I also disagree completely that they perform badly - indeed it is difficult to see how something as simple as a serial interface could perform badly.
The use of FTDI's PID and VID is necessary in order to allow it to use the FTDI driver, and I'm not convinced that deliberately altering necessary values so that a device is compatible with someone else's software is either unlawful or unethical - it is really little different to the way that OpenOffice has "stolen" the tag values and formatting from Microsoft so as to be compatible with Word documents.
I am however quite certain that writing software that deliberately damages someone else's product is unethical, and may well be unlawful.
"I also disagree completely that they perform badly"
You have no idea how the next ones you buy will perform because being fakes you have no idea who made them or who made the ones you already have. Large numbers of the fakes even copy single FTDI date codes.
"FTDI's PID and VID is necessary in order to allow it to use the FTDI driver"
A driver which isn't licensed for use with non-genuine FTDI parts - using the driver is unlawful and FTDI are helping you not to break the law.
Trade mark violation and IP copyright violation in the chips (if there is any) is FTDI's problem to be taken up with the fake manufacturers/markers. Your problem is not having any legal drivers for the fake chips you bought.
> We can't please everyone, but the vast majority voted for this approach and that's what we did," he said.
Bullshit. What users would have said "sure, go ahead and brick the device or have it output random garbage" ?
The honourable path is to identify the device as fake and refuse to work with it.
The dishonourable path is to inject random crap into the datastream or reprogram the USB IDs without telling the user why.
FTDI decided to fight back by fighting dirty - and the fact that they're in Soctland means that someone's likely to try using the Computer Misuse Act on them.
Why can't FTDI write a program to test a given device's supposedly FTDI branded chips to make sure they're real?
All it needs do is return a "Yes, it's one of ours" or a "Nope, we didn't make it" reply, then the customer with the evidently faked chip including device can immediately return the device for a refund citing that fact.
Couple that program with the drivers doing the same thing & simply refusing to work with the fakes (not bricking them, not injecting false data, just flat-out refusing to work, Period.), the customer would then return the product to the place of purchase & demand a refund. YES, purchasing online would make that a bit more difficult, but a quick call to your CC issuer to contest the purchased device as having been fraudulently advertised (it's not a real FTDI chip after all) should get the charges reversed in the seller's face like a brick wall to the nose.
Wouldn't writing a simple validation program that the customer can run, and having the driver refuse to work *at all* with the fakes, be an infinitely saner & ethical solution?
Or am I missing something obvious?
I don't mind if you disagree & down vote this, but at least have the decency to leave a reply as to WHY. If I have inaccurate information at my disposal that you can correct, yet you refuse to DO so, then is it my fault I'm using info I believe to be accurate (like I'm running a real FTDI chipped device) or YOU for not helping to show me how it's false?
Your 3rd paragraph describes what the Windows FTDI driver released in January 2016 is doing. It injects "NON GENUINE DEVICE FOUND!" into the received serial data to alert the user (assuming the 'user' is a human watching a terminal console rather than a program using the serial link for embedded communications).
Combining the human operated terminal with the FTDI Windows driver is how the device-check you propose in paras 1 & 2 is performed.
The driver package released in October 2014 (and subsequently withdrawn) used an operation that would fail on a genuine FTDI device, but was accepted by a counterfeit FTDI device, to reprogram the device's EEPROM with a different USB Product ID (0) which isn't recognised by the FTDI licensed Windows driver.
Users could fix that up by re-writing a Windows driver .inf file to recognise the changed Product ID. That was the change the Linux kernel driver implemented (an additional Vendor/Product ID pair is recognised).
One of the alternatives devices, using the Prolific PL2303 chipsets, has been disabled in the latest Prolific Windows 8+ drivers as some (genuine) devices have been classified End-Of-Life. Additionally, the Prolific also disabled counterfeit devices with the same Windows "Code 10" error.
"Windows 8/8.1/10 are NOT supported in PL-2303HXA and PL-2303X EOL chip versions."
We're dealing with a widespread industry counterfeiting problem, similar in nature to the counterfeit and just plain fraudulent USB Flash-based mass-storage devices, where USB device controllers are programmed to report a reputable USB manufacturer Vendor ID, and much larger capacities than they actually have, using address wrap-around to mask the fraud until the device has had a lot of writes.
Recently I've seen several (Linux) users burned by this latter issue, buying suspiciously cheap 'terabyte' USB thumb mass storage devices that report file-system errors due to the address wrap-around - usually they're actually 8GB-32GB devices with fraudulently programmed firmware in the device controller. Kingston, SanDisk and other major reputable brands have been suffering this for several years.
If, as a user, you condone and use a counterfeit device but expect an unrelated 3rd party to write and provide a licensed driver (FTDI/Prolific), then at the point you're aware the problem is between you and your supplier, not FTDI/Prolific.
If you disagree, then I know of several users of unlicensed copies of Windows who would like you (an unrelated 3rd party) to provide them with free updates and support.
>The driver package released in October 2014 (and subsequently withdrawn) used an operation that would fail on a genuine FTDI device, but was accepted by a counterfeit FTDI device, to reprogram the device's EEPROM with a different USB Product ID (0) which isn't recognised by the FTDI licensed Windows driver.
>Users could fix that up by re-writing a Windows driver .inf file to recognise the changed Product ID. That was the change the Linux kernel driver implemented (an additional Vendor/Product ID pair is recognized).
That is hardly bricking the device, just making your driver no longer talk to the device. Now, I agree that that was the best thing you could do. From the other comment@rds I thought the driver had re-programmed the EEPROM with complete garbage.
As for the fix on Linux, I am pretty sure writing a udev rule would fix that there, as well.
This story reminds me of the PalmOS-iTunes integration, where Palm used the Apple USB id's to "imitate" an ipod.
DISCLAIMER: I am not too much into electronics hacking, not yet, anyway.
FTDI failed on two counts:
1. NOT having a clear section on their website identifying the fakes, so people don't get suckered
2. Not warning users that they have a fake when the driver detects it.
Simply fucking up the data stream is a massive time waste and completely unprofessional.
I know since it took me over a week to debug what I thought were genuine FTDI parts.
If they had not done this stupidity, I could have returned the parts , got a refund and had the agent de-listed.
Biting the hand that feeds IT © 1998–2020