
Have FTDI kicked-off round 2 of the clone wars? - linker3000
http://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/
======
ohazi
This is (still) a stupidly reckless approach to "addressing" the supply chain
counterfeit problem.

One of these days they're going to brick a pacemaker and kill someone. You
have to be a special kind of delusional to think that the courts are going to
care about your "good intentions" when you knowingly release a driver like
this.

And "pacemaker" is really a placeholder for any system that could end up
affecting safety of life, regardless of whether it was intentionally designed
to. How many of these FTDI chips do you suppose are on a 747? An elevator
controller? A fire suppression system? A one-off alarm system at a power
plant? A nuclear power plant? How many hoops do you have to jump through
before you start to leave your comfort zone? Not many...

A single lawsuit from a bad enough accident could end the company in one fell
swoop. This should be a much bigger existential concern for FTDI than _any_
amount of potential IP theft. If I were their general council, I would be
looking for the vigilante engineer to sumarily fire, and put in place
mechanisms to ensure that this never happens in the future.

~~~
noonespecial
I think the damage is done and more subtle than a huge public disaster.

When the fake-killer driver burst onto the scene previously, I just switched
to microchip MCP2221's. It just wasn't worth the risk that I might
accidentally source a counterfeit on a BOM and not find out until later.

If it says FTDI on it, its now a no go. Just no way to be sure anymore.

~~~
duskwuff
Holy crap, that part's incredible. Let me count the ways...

1\. It's half the price of a FT232R.

2\. It's available in SOIC. Much easier to solder.

3\. It's USB CDC compliant. No drivers required on most OSes.

4\. Along with GPIOs, its spare pins can also be configured for ADC or DAC
operation. Also, it's got an I2C master.

It doesn't have a full set of UART signals, unfortunately, but it does have a
couple of configurable GPIOs. There's also the MCP2200 which sacrifices I2C
for RTS/CTS.

~~~
noonespecial
What sold it for us was my friend said, "Hey that one comes in DIP so we can
breadboard and test..." Never looked back.

~~~
quadrature
woah

------
flashingleds
If anyone out there is looking for alternatives, last time this happened I
switched to the MCP2221 from microchip. It's been in about 6 hobby projects
now and I'm very happy with it. Half the price in small quantities and easier
to hand solder (14SO or even DIP vs 28TSSOP)

~~~
CountSessine
Does it use a class CDC interface? Or does it require special drivers like the
FTDI and Prolific chips? Are the drivers available for all OS's?

~~~
CountSessine
Answering my own question, it looks like it's a plain-Jane CDC device, which
seems to me like really great progress - now that we've put Windows XP behind
us, these chips really should be using CDC rather than proprietary drivers.

------
andmarios
It is time we get a meme with Richard Stallman saying “I told you so”.

~~~
kybernetyk
> “I told you so”.

That breaking a license and using software with hardware it wasn't ever
intended to be used with might produce undefined behaviour?

Don't get me wrong: It would be great if we had an open source FTDI driver.
But putting the blame on FTDI for all the people effectively pirating their
software isn't the way to go.

If you are a stern supporter of Free/open source licenses you also need to
accept other peoples' rights to license their work as they think is right.
Because without a strong licensing framework GPL & co. don't work either.

~~~
deelowe
Here we go again. The issue here is that it's really difficult to buy chips
directly from FTDI. So.. you have to buy from a distributor. Those
distributors also buy from 3rd parties, trade inventory, issue new old stock,
etc...

How can I, as consumer, be absolutely positive that that the "FTDI" chip in my
device is genuine? I'll go ahead and answer that. I can't. Anyone who works in
the electronics industry knows this. When everything is made in china, it's
very hard to be sure that fakes don't end up where they shouldn't belong.

Why do I bring this up? Because, last time they pulled this crap, reputable
brand's products were damaged. Somehow some fakes ended up in their supply and
those customers got screwed.

OK, so sure, we can fix the supply chain, add expensive testing to the
manufacturing process, buy direct from manufacturer, etc... or hey, I got a
better idea. Let's just not buy FTDI any longer. That sounds much cheaper and
less painful.

~~~
drzaiusapelord
>So.. you have to buy from a distributor. Those distributors also buy from 3rd
parties

In countries that respect IP this isn't a problem. The larger issue is China,
Taiwan, etc don't respect IP and hard tactics like the FTDI driver bricking
becomes a reality. No one wants to talk about the elephant in the room: Asian
manufacturer corruption and lack of accountability with IP issues in those
countries.

Lets get one thing straight here. Multiple people/management in the supply
chain here know these things are fake. They aren't stupid. They know that a
no-name manufacturer who suddenly undercuts everyone else and uses FTDI's
driver is a counterfeit. They chose this knowingly to save cost and said 'fuck
all' to any issues later down the line.

>Let's just not buy FTDI any longer.

Dell didn't need to buy FTDI to have the nightmarish capacitor plague issue.
FTDI didn't make all the toxic dogfood that killed all those US dogs in 2007.
FTDI had nothing to do with putting melamine in infant formula. Again, you're
ignoring the real issues of how China and Taiwan and other governments do a
"wink, wink, nod, nod" when its comes to IP issues and encourage and even
protect counterfeiters for the sake of economic output and underselling those
who respect IP.

Oh well, here comes the downvotes because on HN you can't criticize China,
only Western nations.

edit: to the person who thinks the capacitor issue was just a 'QA issue.' It
was corporate espionage against Japan from China to get around IP issues:

[https://en.wikipedia.org/wiki/Capacitor_plague#Industrial_es...](https://en.wikipedia.org/wiki/Capacitor_plague#Industrial_espionage_implicated)

~~~
deelowe
> In countries that respect IP this isn't a problem.

I don't disagree with you, but you can't ignore the realities of the world.
One of those is that almost all electronics are made in these regions (fake
and genuine). This is why supply chain control is very difficult in these
places. Additionally, supply chain control is not _my_ problem to solve. It's
the vendor's (FTDI).

> Dell didn't need to buy FTDI to have the nightmarish capacitor plague issue.

None of those issues were created intentionally by a reputable company. Dell
didn't intentionally start building bad caps. It was due to a QA process gap
at a fairly reputable capacitor manufacturer. It was a mistake... In this
case, FTDI is doing this on purpose. It's totally reasonable to blame FTDI for
a problem they created.

~~~
sokoloff
I think GP's point was the capacitor issue was still a corporate IP issue. A
(tampered) formula for electrolytic capacitor dielectric was stolen and the
resulting capacitors were prone to premature failure.

I don't see that as a "QA process gap".

~~~
deelowe
Dell didn't intentionally create that issue. They simply should have been
performing better HALT to ensure they had coverage for bad caps. That's the qa
escape.

In this case, there is no way to test for this as ftdi doesn't provide any way
to do so. They simply break stuff after the fact. The only way to prevent this
from happening is to not use ftdi branded parts.

------
a2tech
And the calls from my manufacturing clients are already beginning to roll in.
Lots of expensive CNC machines are going to be idle this morning while local
stores are raided for serial to USB adapters, tested, then returned.

------
kefka
There's a term we in random ee blogs call this: being ftdicked

If you run a windows platform and you introduce FTDI chips in your design
schematic, you run afoul of using accidentally counterfeit chips. Digikey and
Mouser both have had this problem of counterfeits in their supply chain. And
we aren't discussing FTDI-compatible chips, that do not counterfeit or claim
to be FTDI. But the FTDI kills them all.

The safer alternative is to use a USB-serial chip that's cheaper, and doesn't
harass users or nuke their chips: ch340G

Datasheet: [https://www.olimex.com/Products/Breadboarding/BB-
CH340T/reso...](https://www.olimex.com/Products/Breadboarding/BB-
CH340T/resources/CH340DS1.PDF)

~~~
Tomte
And the real solution is to get a grip on your supply chain.

Somehow with FTDI chips it's "normal", "okay" and expected to get counterfeit
goods. And heaven forbid the original manufacturer doesn't support you in your
innocence.

But if someone ships you a fake ATtiny all hell breaks loose and the Chinese
ebay seller must be punished, hours and hours are spent communicating with
ebay, with PayPal, with other users' on web forums.

Hobbyist electronics people are strange. Wake up and give Mouser hell if they
send you faked goods!

~~~
quadrature
Well, that's kind of what FTDI is trying to accomplish. You won't buy from the
same supplier again after getting a counterfeit.

~~~
deelowe
LOL! Don't buy from farnell, mouser, or digikey? They've all had issues with
fakes getting into the supply. Are we supposed to just up and boycott them
all? And, once I've exhausted the top 3 distributors, now where do I go? I'm
sure I can just call up FTDI and order 10k chips on a weekly basis right?

Actually, that's a pretty good idea. Anyone who works in supply chain, switch
to ordering directly from FTDI. They'll soon realize the folly in this
decision.

~~~
st3v3r
It's their responsibility to make sure that they're selling me what they
promised me. If they can't do that, then maybe I shouldn't be purchasing from
them.

~~~
deelowe
Ok fine. Link me the spec that allows me to determine whether an FTDI part is
genuine and I'll gladly inform the supply chain, manufacturing and testing
teams I work with to reference that spec moving forward. Until then, we have
to avoid anything with an FTDI brand as there's no way to be sure. Going with
whomever I think is the most reputable supplier and then praying my products
aren't bricked at some point in the future isn't the solution.

~~~
st3v3r
Again, that is all their responsibility.

~~~
deelowe
Who is this they you are referring to? If ftdi doesn't provide specs,
resellers can't create them out of thin air. My only option is to not buy
ftdi.

------
mkj
Why do people need a FTDI driver, it appears that Windows has a USB Serial
Class driver? [https://msdn.microsoft.com/en-
us/library/windows/hardware/dn...](https://msdn.microsoft.com/en-
us/library/windows/hardware/dn707976\(v=vs.85\).aspx)

At least on recent OSX the OS CDC one seems more robust than the FTDI provided
one if you pull a cable while it's running. (I assume it's a genuine chip, who
knows!)

~~~
cnvogel
People need a FTDI driver because the UARTs by FTDI aren't "class compliant".
Just as most other interface chips aren't "class compliant".

Here are all the drivers for "proprietary" USB UARTs that are currently
supported by Linux:
[https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux....](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/usb/serial)

Here's the class compliant "Abstract Control Model driver for USB modems and
ISDN adapters":
[https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux....](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/usb/class/cdc-
acm.c)

~~~
creshal
One gem in the driver heap is Linux' FTDI driver:
[https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux....](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/usb/serial/ftdi_sio_ids.h#n33)

~~~
theGimp
Hah. Wonderful.

    
    
      /*
       * Certain versions of the official Windows FTDI driver reprogrammed
       * counterfeit FTDI devices to PID 0. Support these devices anyway.
       */
      #define FTDI_BRICK_PID		0x0000

------
daphreak
While I don't like that FTDI is pushing their brick-making drivers out over
automatic updates, I think the folks calling for everyone to ditch their chips
are a little over the top.

Personally, I would love to have a reliable way to detect counterfeit chips.
For FTDI I do! Now it is trivial to lot test my chips: Just put one (or a few
depending on your level of quality) on a test jig and use the latest driver
with it.

Contrast that with one of these other generic pieces of silicon. Is the
argument that since the drivers are generic it doesn't matter if counterfeits
make it into your products? Of course it still matters! Every single datasheet
value that you used in your design is now out the window.

FTDI should absolutely be more forthcoming with their counterfeit detection
process. It is going to be a tough call next time I need a USB-Serial chip.
FTDI has a great product and documentation, but a future update might break my
device if it used counterfeit components that were so far undetected.

~~~
tw04
The correct thing to do would be to throw the user a warning... not cause
irrevocable harm. It's not going to stop the counterfeiters, it's just going
to hurt legitimate customers.

This would be akin to the government poisoning cocaine shipments with anthrax
to try to stop the drugs from flowing in. You won't stop anything, you'll only
hurt "innocent" people.

~~~
tremon
No, not cocaine. That implies the end users are actually doing something
socially undesirable.

A better analogy would be the government enforcing an import ban by adding
sugar to the petrol imported from specific countries.

------
headShrinker
Recently I bought a 3D printer from China, and surprise, can't flash the
Arduino chip. This was a bit of a set back but after a little googling, I
found a work around and was backup and running.

Here is the patch for anyone who's interested,
[http://kiguino.moos.io/2014/12/31/how-to-use-arduino-nano-
mi...](http://kiguino.moos.io/2014/12/31/how-to-use-arduino-nano-mini-pro-
with-CH340G-on-mac-osx-yosemite.html)

------
felhr
Somedays ago discovered that my FT232 which I used to develop a FTDI user-
space driver for Android is a counterfeit one. Ironically the feedback I've
received about this project is mostly positive.

I now have to test the Flow control and the parity/frame... signals so I hope
I wont have to buy one.

Before the 1st FTDIGate, as a guy who has implemented user-space drivers for
the most common USB to serial converters my opinions about the FTDI were quite
good (from an engineering standpoint I really like the solution they use to
send the CTS,Parity status, Break... in a two bytes packet every 40ms which it
is a good simulation of a serial port instead of having to poll sending
control commands) but now I would recommend to avoid them.

From my humble experience I would recommend CP2102, they work fine (and have a
nice documentation for driver developers). The CH340/CH341 is real pain.

------
ChuckMcM
I can't say I'm feeling sorry for the counterfeiters. Now it sucks if you got
suckered into thinking you had bought one thing and ended up with another,
back when RAM was both expensive and in short supply(and Intel was still
making it) it was not uncommon to have "grey market" RAM with Intel markings
but substandard chips.

It is always interesting to see the mechanics at play too, people who get
counterfeit chips are more often (but not always) people who have released all
"quality" requirements in order to achieve the lowest possible price. As being
price preferred they put themselves at risk of getting substandard parts, and
then when they get parts that don't work or work anomalously, they frame that
problem as someone else's problem rather than their own choice.

In the referenced forum post you have a person using "Chinese clone" Arduino
nanos which happen to have chips on them that report as FTDI USB to serial
converters but are in fact something else. So drop the vendor or have the
vendor write their own USB driver for windows but why hate on FTDI for
identifying the bogus chip and refusing to work with it?

~~~
bri3d
Because they're breaking the _consumer_ 's experience, not the vendor's. I
guess their assumption is that angry consumers will trickle up to the vendor
and cause them to go "genuine," but that seems unlikely to me. Why? Because as
a consumer, I have no way of knowing whether the FTDI product I'm buying is
genuine. It adds risk to buying anything that says "FTDI" on it. I'm not going
to vote with my wallet for some nebulous, unverifiable assertion that a chip
will be real FTDI before I get it. I'm going to vote for something I know I
can plug in and use.

Already a lot of counterfeit users of FTDI (i.e. knockoff Arduinos and cheap
"VAG-COM KKL" auto diagnostic cables) are switching to CH340 instead of buying
real FTDI.

~~~
tzs
> Already a lot of counterfeit users of FTDI (i.e. knockoff Arduinos and cheap
> "VAG-COM KKL" auto diagnostic cables) are switching to CH340 instead of
> buying real FTDI.

The driver situation for CH340 seems a bit sketchy. Whenever I've considered
buying cheap Arduino Uno R3 clones via aliexpress.com, but then first went
searching for CH340 OS X drivers, all I've found have been drivers on random
sites whose provenance seems to be "I found this somewhere". Often these are
unsigned drivers so I'd have to disable driver signing to use them, although
last time I looked there was a set of signed drivers floating around.

For Arduino knockoffs, I prefer something that uses the same hardware that a
genuine Arduino would use, or something that works with the CDC driver that
comes with the OS. For Uno R3, this is the clone I'm using for development
[1]. It uses an ATmega16u2 to handle the USB, which is what a genuine Uno R3
uses.

[1]
[http://www.amazon.com/gp/product/B00P2FX9WY?psc=1&redirect=t...](http://www.amazon.com/gp/product/B00P2FX9WY?psc=1&redirect=true&ref_=oh_aui_search_detailpage)

------
5ilv3r
Whatever is on the knockoff nanos now seems great. cg340 or something. 5 years
ago I had a hell of a time trying to unlearn parallel port crap and figure out
all the ftdi hype, aaand now I don't have to worry about it. Stupid move ftdi.

------
mrob
It is impossible to detect counterfeit chips electronically. The driver can
only check if something produces signals that when interpreted as USB protocol
indicate the FTDI PID/VID, but crucially it cannot know if this is the correct
interpretation. That depends on the presence or absence of the trademarked USB
logo on the device. It's entirely possible that the device has no USB logo, in
which case it is not officially USB and the data the driver is interpreting as
FTDI PID/VID could mean anything.

~~~
throwaway7767
If the device doesn't have the USB logo, it means they didn't pay the USB
implementors forum. There are plenty of devices which implement USB, but don't
pay the license fees. It doesn't mean they just output garbage. I've also seen
devices with the vaunted logo on them which failed spectacularly when it came
to following USB specs.

I'm not sure what point you're making regarding the infeasibility of detecting
counterfeit chips. It's not like these chips were bricked by accident. FTDI is
specifically going out of its way to exploit bugs in these clones to brick
them. So it looks like they have the detection thing pretty well covered.

You'll note that the opensource linux drivers works just as well with the
clones. That's because they do not expend extra effort to make them not work.

~~~
mrob
The point is it's possible to build something that does not use USB, but which
uses an almost identical protocol differing only in the meanings of the
PIDs/VIDs. If it's based off USB 1.0 then any patents have expired, and if you
don't call it "USB" or "FTDI" there is no trademark violation. In that case
you would be doing absolutely nothing wrong, but the FTDI driver would still
falsely detect it as "counterfeit".

~~~
mrob
Not sure why I'm being downvoted here. In the USA, deliberately using
counterfeit trademarks is a crime, not just a tort (see
[https://en.wikipedia.org/wiki/Trademark_Counterfeiting_Act_o...](https://en.wikipedia.org/wiki/Trademark_Counterfeiting_Act_of_1984)
). The standard for being found guilty of a crime is "beyond reasonable
doubt", not just "preponderance of the evidence" as it would be for a tort.
There is no way to electronically establish counterfeiting has occurred beyond
reasonable doubt, because the completely legal scenario I described is
electronically indistinguishable. It's not acceptable to go accusing people of
crimes when you know you can't meet that standard of proof.

EDIT: As a practical example, consider the case of I2C. This is a proprietary
NXP protocol, and you have to pay to get slave addresses. So instead people
use "Two Wire Interface", which is not I2C but is electronically
indistinguishable. The only way to detect counterfeit use of I2C is looking at
the packaging/documentation.

~~~
Dylan16807
>you have to pay to get slave addresses

You what? But there's only a hundred of them.

~~~
mrob
There's also 10bit addressing mode. I couldn't find a reference to address
fees on NXP's current website, but as recently as 2013 they had a FAQ on their
website mentioning address allocation fees:
[https://web.archive.org/web/20130401000000*/http://www.nxp.c...](https://web.archive.org/web/20130401000000*/http://www.nxp.com/products/interface_control/i2c/faq/)

