Arduino FTDI driver issue with Windows update

If the "counterfeit" chips are actually mask-level clones (in breach of copyright) of the genuine article, then the driver shouldn't be able to tell the difference.

That suggests that the "counterfeit" chips are actually chips reverse engineered to work with the FTDI driver. Such chips would be perfectly lawful, and if FTDI is deliberately damaging them, I'd think it could get itself into trouble, notwithstanding its licence conditions.

Sylvia.

I believe you are correct with one exception. I have yet to see anyone selling these cables as FTDI "compatible" rather than as FTDI cables. Even if the chip maker doesn't claim they are FTDI chips, the cable seller most likely is. Have you seen anyone selling these cables and not claiming they contain an FTDI chip?

Yeah, as long as you don't claim USB compatibility you're fine. if you do you're using the device ID given to FTDI (or the name USB) without permission.

This is why I *never* let Windows update drivers, only itself. If a driver update is needed for any reason (and I believe in "if it ain't broke then don't fix it") then I get it from the hardware supplier.

Most likely unknowingly as a consumer. That fact alone makes the FTDI action reprehensible.

(Seems a bit daft that one can claim ownership of a 16-bit integer.)

We use FTDI devices, thousands of them in industrial equipment costing up to $10k each.

We buy via "normal", mainstream distribution, RS, Farnell (historically), Digikey, Arrow, etc. So I expect we are OK, but how am I supposed to *know* how good their supply chains are, really? I do remember getting a reel of parts from RS at a much better price than usual, during a period when they were trying to get production business...

FTDI's action could have easily bricked $1M of our end-user equipment,

I will try to avoid designing their parts into anything else, the risk is too great that someone somewhere will mess up, and we won't even know about it until years later with years worth of production in the field. Then BAM, 100's of dead machines and enraged customers after a windows update.

John Devereux wrote in news: snipped-for-privacy@devereux.me.uk:

The only way they could be trusted again is if they "clean house" by initiating an independent investigation with full disclosure and remove anyone complicit in this from any position of responsibility and ensure they are actually prosecuted if they have broken British law.

It should also be noted that although end users can debrick affected devices they cannnot currently do so legally using FTDI's tools as they need the FTDI driver loaded which will invove patching the .inf to accept the bricked PID, at which point one is knowingly breaching the original EULA.

FTDI need as a minimum to authorise users to debrick any chip or device that does not have the infringing trademarked logo or partnumbers visible and provide a friendly utility to assist with doing so.

Also this doesn't just affect PID 0x6001 but can affect any FTDI compatible device with a PID 0x60nn. That means they have destroyed data they did not own as you have to know the correct PID for the device to restore the original functionality.

On Sun, 26 Oct 2014 19:31:44 +0000, John Devereux Gave us:

I think it should be a crime to have a bricking capacity in such a simple glue type device to begin with.

I have always considered FTDI to be the gold standard. But now I have to be leery of sabotage from FTDI themselves.

Someone had posted that they sometimes bricked their own older units with this code. What is to prevent them from putting the code back in once they figure out how to not brick their own units?

These devices were squatting on FTDI's USB device-id space, FTDI evicted them but did no other damage. In the process disabling much counterfeit hardware.

Yeah a warning would have been nice, or perhaps only a count-down dialogue that starts higher each time.

They could have even made USB adaptor dongles that disguise the counterfeit chip and sell them for RRP $25 each or something, yeah, this is still punishing the suckers. but atleast it gives them an option.

I feel they have the right to maybe at least show a nag screen but not disable the device.

At best, FTDI could do a nag screen notification of this and alert the users. In most cases they users most likely wouldn't care however, in cases where licenses maintain due to the sensitivity of the application, it can cause lots of damage to those that supplied the devices with such fraudulent chips in them, FTDI wouldn't have to get deeply involved to cause that much damage but it sure would help them and not cause havoc.

We recently had a compatible FTDI interface fail but I know it's nothing to do with this matter, bad choices made at installation caused that problem ;)

I find that some of these USB-RS232 are not well protected and have poor protocol support.

Jamie

It's only claimed in the context of USB. USB is regulated and the IDs are assigned but the regulating body and become the property of the assignee. It's not a trademarking of the integer, Intel tried that once, and failed.

EAN/UPC is the same deal, numbers are assigned and become the property of the assignee when used in the EAN context.

Internet is the same only the numbers are 32 bits, they are bought and sold. The going rate seems to be $13 each in blocks of 4096 and slightly cheaper in bulk

MAC addresses. same deal.

Phone numbers remain the property of the provider/regulator, but you can rent them.

In all these cases the number is only "owned" in a specific context

So, what do you do? go with prolific's PL230x parts and hope the don't "update" their drivers again, or go with SiLabs CP2101 because they haven't pulled a similar stunt (yet), or roll your own?

As a maker of expensive equipment can you get a commitment from FTDI that will allow a mutually beneficial solution should you ship a load of fake parts?

Or the letters of the alphabet (like "IBM", or "Intel", or more recently in the news here, "KC"). It's not the integer but the context in which it's used.

I got some USB-RS232 daughter boards for uC projects still sitting in their shipping package I got from an unnamed but well known source, they are either FTDI or FTDI compatibles, can't remember which. Maybe I should open the package and check?

I got them because at the time the price was right and thought they were a good thing to have around for interfacing the PC for uC projects. I suppose they should be marked with FTDI logos if they are authentic chips. Bit still, if they are willing to dup the software, what stops them from marking the chips as so marked?

Jamie

It's far from clear that FTDI even had the right to do that. The only legal significance of the PID is that FTDI had an agreement with USB-IF that the latter will not allocate that PID to anyone else.

FTDI don't have to take any particular care to avoid damaging hardware that responds with that PID, but they can't do so deliberately.

Sylvia.

It is not "owned" at all. It is registered and the people using that registration agree not to make equipment with the same numbers as someone else.

Many MACs can be programmed in the field and it is not unheard of to do so. By your reasoning it would be ok for the registrant of that MAC address to trash the computer which is using "their" MAC address.

What problem does Prolific have? I have a number of Prolific devices and they all work with every driver I have used. It is only under Win 8 that the older devices won't work, not because there is a new driver, but because they aren't supported under Win 8. They still work perfectly under Win 7, Vista and XP.

Lol, they weren't evicted, they were beat about the head and shoulders and ordered to never return. The point is FTDI did damage to the devices. The fact that the damage can be repaired is not significant. If someone pours paint all over your car, but the paint can be washed off and buffed out, doesn't mean it wasn't damaged. The incidental damage of not being able to use the device may well be the worst of it like the loss of use of the car while being repaired.

Indeed, that is the question. I was not aware of problems with the prolific stuff until I read this thread; we use those too. Although tracking down the correct drivers always seemed a bit harder.

We use Prolific in bought-in serial "adapter cables", FTDI for building a USB port into equipment.

Why do manufacturers make it so hard to acheive such a simple function? (And why do FTDI cables cost ~$15 for a simple USB UART when I can get a

They don't care about how much our equipment costs, they might care how many chips they sell, but we put a $3 chip into a $10k box so our influence is negligible.

So I shall content myself with a rant on usenet...

They probably don't *have* any really big "end-user" customers, any such would make the effort to program their own microcontrollers and write their own drivers.

Really we use them out of lazyness (or a cost-benefit analysis of our time if you prefer). These days all the microcontrollers have USB hardware. So I suppose we should roll our own.

I haven't seen anything indicating Prolific has a problem with their drivers. Where was that posted? I'm not counting the above statement.

That is a good point.

There is a $4 eval board from TI with an ARM CM3 on it (or is it a CM4). It also has another chip which is the same sort of USB to UART which can be broken off of the rest of the board and used separately. I wish I had incorporated one of these into my test fixture so it just had a USB port on it. Heck, if this board had been around when I designed my test fixture I would have just added the entire module as a daughter board to control the FPGA. Well, more likely I would add something like the rPi or Beagle Board at this point, but maybe not. Hard to say. I doubt if I will roll my own for a low quantity system again.