For example, the company FTDI snuck in code that was in a series of Windows updates that was able to detect counterfeit FTDI and brick them via software to send back all 0's. This anti-consumer behavior on behalf of comapnies can a be a headache for end-users and programmers alike.
The original FT232R chips have a clocking bug that makes bitbang mode unusable for many applications, with no workaround (their errata sheet suggests a bullshit workaround of setting the clock speed to max, that is unusable in practice because USB can't keep up). It's supposedly fixed in a revision that I've never seen, and I believe they never manufactured it.
The clones... work perfectly fine: https://twitter.com/marcan42/status/695292366639378433
In fact, I reverse engineered FTDI's bricker, and it works by exploiting the fact that their own chips violate their own interface design by requiring EEPROM words to be written back to back - even word writes alone are staged and ignored without an odd word write. The clones honor the writes independently, like FTDI's other chips. Their bricker code only writes even EEPROM words and preimage attacks their own checksum algorithm (since the real checksum is at an odd word they can't touch) to make it work, so it has no effect on the real chips (which get sent the same commands). It's hilarious.
Don't buy FTDI. They're just bad.
We switched to the FT230X, which works great.
Our detailed investigation: https://stb-tester.com/blog/2016/05/26/ir-post-mortem
> The original FT232R chips have a clocking bug that makes bitbang mode unusable for many applications, with no workaround
One of the problems with this situation is that if clones are allowed to permeate the market unencumbered the manufacturer of the genuine device might not have the financial capability to address problems and continue to innovate. Every single fake chip takes revenue away from the legitimate supplier.
Not arguing that your technical point isn't valid. It is. My point is that causing damage to the legitimate manufacturer by substituting their chips with clones has a non-zero non-trivial effect. Clone chip makers have zero interest and expend zero effort, time and money supporting the ecosystem they infect. All they care about is pushing their hardware and nothing else.
This also causes damage to consumers because it is impossible to know what issues fake chips might bring to the table across a wide range of vectors, safety and reliability being just two of them.
The better path is to take design wins away from FTDI and adopt hardware from legitimate part suppliers with solutions that meet your requirements. That's fine and that's how a healthy market works. Choosing fakes over legitimate parts hurts everyone. Today it's FTDI, tomorrow it could be your own products. Having experienced the "attack of the clones" myself, I can tell you this is not pleasant at all and it can, quite literally, destroy your company, costing jobs and your future.
Not a simple problem.
The 3rd-party chips, on the other hand, perform each write immedately per the official documentation. The malicious driver uses this difference to overwrite the firmware of the 3rd-party chips with carefully-crafted nonsense that has the same checksum as the legitimate firmware.
I was nervous about the CH340 because the Windows drivers seemed to come from some weird place in China, but maybe US sourced drivers aren't any more of a comfort in these times.
And yet, these rockets (mostly) got off the ground quite safely!
Because these statistical vulnerabilities are rather obvious, and it isn't quite just the "cheapest bidder", and because their parts are tested, and because people took care to allow for 2 million of those 3 million parts to fail without disaster being inevitable.
The risks of remote-bricking counterfeits are rather obvious, indeed.
But it's just as trivially obvious that it is intended to protect the supply chain. Or, for the cynical: that its intend to protect these companies' profits is aligned with protecting the supply chain.
It's a trade-off, unlikely to have a single, generic best answer.
I strongly disagree with this. I see no way to rationalize that a company should be responsible for ensuring that counterfeit devices work correctly by releasing drivers that are tolerant of them or do not stop them from functioning. FTDI's products are the combination of their hardware with their drivers. Both are required in order to delivery functionality and reliability to meet their specifications.
Imagine your drivers are used in some sort of a critical application and a counterfeit device causes a failure that, in turn, causes harm to someone. An example might be a wired remote control for an industrial machine. It seems to met that bricking that device as soon as possible before harm is done is what we would want from a company that delivers a quality product.
Another way to put it is: Let the counterfeiters engineer a real product and be responsible for their own drivers, quality and safety.
The way to see clearly through some of these problems is to extend the definition towards extremes. Let's forget FTDI for a moment and generalize the problem to a microprocessor and a vendor-provided RTOS used to run the flight system of an airliner. This is a contrived hypothetical, forgive me for taking artistic license.
Imagine counterfeit processor make it into the supply chain. Should the avionics OS do its best to work with every possible fake or should it brick it on power-up before that potentially dangerous aircraft gets off the ground?
Another hypothetical could be one where we eliminate hardware completely. Imagine someone creates a fake Amazon, Facebook, NY Times or online brokerage site. Imagine proposing that the real companies would be anti-consumer if they created software that revealed the impostors. I could not imagine anyone who would propose they allow the fakes to continue to deceive consumers.
From my perspective this isn't anti-consumer at all. It's as pro-consumer as you can get: You work hard to ensure quality, consistency, performance and reliability.
The real anti-consumers are the counterfeit manufacturers. They, quite literally, could not care less. All they care about is tricking engineers and consumers into thinking they are designing and buying a quality product when, in reality, they might be dealing with dangerous junk.
However, the FTDI debacle didn't punish those people, they're not the consumers. It punished end users who have no idea what an FTDI chip is or does or that one exists in the products they buy.
In your airliner microcontroller example, you have much more informed consumers. They could reasonably be expected to know what processor is in their hardware, and to want to validate it. That's not the same.
It would be more like a good packaging manufacturer finding that their packaging was being counterfeited and their proprietary plastic blend was somehow being leaked up the supply chain. If they changed their recipe to something toxic, but using good plastic internally, and when people started dying said "they should have bought potato chips packaged in genuine FoodSafeStuff bags". People don't know what their packaging is made from or who it's made by. They have no way to verify it prior to purchase, and even after purchase, it would take an expert to identify. And there's no customer loyalty based on the plastic bag, after the food manufacturer switches away from the counterfeit they won't be significantly harmed. But everyone who innocently bought those bags and got poisoned suffered real harm.
For food, you can't change the game without prior notice, but if it is clear that faked goods are toxic, people would start buying from trusted providers themselves. For electronics, I don't see a problem. If a device is bricked, go to your dealer and let him replace it. He will do the same for his supplier, etc.
Somebody in the chain will discover that his supplier is a fraud. He will have to swallow the costs, but has learned a valuable lesson.
If people have brought the product from some unstable source, then they most likely got it cheaper and they are now paying the price for the increased risk they took. It doesn't feel good but I don't think that it is unfair.
Getting hardware to just work on windows was a mess (not sure if they have corrected this).
You are making the mistake of taking a hypothetical and arguing against it. These are contrived examples designed to communicate a concept rather than an absolute reality that one should argue against.
I'll just say that it is very common to see comments relating to hardware issues on HN from people who obviously don't have experience building hardware at scale. And so, it is hard to discuss these things due to the asymmetry of knowledge and experience.
Any non-trivial hardware development and manufacturing operation has or should have professional supply chain management. It is their responsibility to ensure they build product as designed by engineers. If the hardware engineer specified an FTDI chip he or she did not mean "anything that is labeled similarly to FTDI". No, they meant to design in an FTDI chip. Anything else could fail or perform differently at any time.
Blame for the bricking of devices given a change of driver code isn't with FTDI, it is with whoever manufactured the product that was supposed to use FTDI chips and did not.
Let's also mention the very real potential for someone knowingly using clone chips in order to save money.
It is preposterous to charge the chip manufacturer with this responsibility.
There could be many tentacles to this kind of an issue, but the manufacturer ensuring that their drivers only work correctly with their chips isn't anti-consumer at all, quite to the contrary.
Yet another angle: The crappy clone manufacturer --who could not care less about the consumer-- make a bad chip and it is the responsibility of the legitimate manufacturer to write the drivers and ensure it works well? In what alternate reality is that reasonable or required?
Fault is at the feet of the clone makers and those who used clone chips, not the legitimate manufacturer.
I am actually astounded by some of these responses. However, I do understand that they likely come from a lack of experience delivering hardware products at scale, and so I can't fault people for getting it wrong. Hence my favorite quote:
"A man holding a cat by the tail learns something he can learn in no other way" --Mark Twain
Would you say that they also have "the absolute right to create drivers that sabotage counterfeits of their products"?
That's a different argument. You could argue that they should have the right given that (elsewhere you have argued) their governments have abrogated their responsibility to protect their IP. And that would be an interesting and compelling argument. But it's entirely different to "[having] the absolute right to create drivers that only work with their products in order to assure quality, performance and function." - and it would be disingenuous to keep arguing that.
> the FTDI case was a case of the company intentionally shipping malicious code used to brick the clones
don't you understand? FTDI does indeed have the absolute right to create drivers that only work with their products, but to intentionally damage a third party product so that it no longer works anywhere else, including with that third party's drivers, seems egregious.
One is the issue of intellectual property theft and what a company has a right to do in order to protect itself.
FTDI invested massive amounts of money to produce excellent solutions for a number of problems. I have personally been using their chips in my designs for over twenty years. I don't even remember when I started, it's possible it was at the very start of their history.
The fake chip makers --mostly in China-- steal intellectual property with impunity, hurting companies, ecosystems and costing job. In some cases they have completely imploded companies in the West.
We can either accept this at our peril or take a stand against it. The only people who are OK with intellectual property theft are those who don't understand the subject or haven't lived it.
My experience? I've had the experience of mortgaging my home to fund a business and then watch a company out of China clone my product and bring it into the US and European markets at half my price. I can't even begin to describe what this did do my business, the people who worked for me, my family and my health. I didn't lose it all because I am a resilient SOB, but it put me in the hospital twice in four years due to the stress.
It's really easy to voice opinions from behind a keyboard when the consequences of said opinions carry no personal consequences.
A company like FTDI and their products did not materialize from nothing. There are people, families, investment and hard work behind such offerings. Clones are not a victimless crime.
The other issue, of the two that I said were separable, is the damage to consumers due to fake chips being bricked by FTDI.
That, in my mind, is a separate matter and a very complex one at that.
There are at least two angles to this one. The first is that the hardware they were using was intentionally made with fake FTDI chips. This is likely the case for most cheap hardware coming out of China. If that garbage doesn't work it is 100% the responsibility of the designers of the hardware. They are thieves. Plain and simple.
If, on the other hand, the designers of the hardware had no idea and fake chips got into the supply chain, the problem is far more complex. At that point it is a question of tracing the supply chain in order to understand, if possible, how it happened. I won't go into the many permutations this could put on the table. Suffice it to say that anyone dealing with China knows full-well what they could be in for. Caveat emptor applies in the case of the OEM.
This is where the problem becomes far more complex and it becomes political. It is our politicians (US/Europe) who allowed us to come to a moment in time where an entire country is openly stealing intellectual property at almost every layer in industry as well as freely distributing it across the world with impunity. This is a far larger problem than a bunch of USB devices getting bricked because a company in Europe decides to defend themselves from what must be a massive loss of revenue of unimaginable scale. I can only imagine what FTDI could be, the people they could employ and the technologies they could develop if fakes could not exist in the market.
Counterfeit products have real and non-trivial consequences to entire societies and their existence should not be taken lightly.
I don't have the solution to this problem. Sadly, it's political. What I do know is that I'll be damned if I am going to blame the victim.
Perhaps you think it strengthens your argument to use a miscategorisation that both you and most of your readers know to be a false equivalence. It does not. It shows you're happy to ignore the truth in order to cast those you disagree with as criminals; or, you're ignorant, which I doubt.
You don't need to be happy with IP infringement in order to be not-happy with corporate (group A) [criminal] destruction of the property of others (group C) based on tortuous infringement of a third party (group B).
Not to mention that IPR goes against an established culture in the country of some of the infringers (group B).
TRIPS Art.35 requires IC circuit layouts to be protected for 10 years (as in 17USC S.904), IIRC. I don't know Chinese law though, perhaps IC related IPR has lapsed for the chips in question?
The OP headline chip is 20 years old (edit: I had the date wrong). Counterfeit, trademark infringement, is wrong of course.
>What I do know is that I'll be damned if I am going to blame the victim. //
You seem happy that one of the victims, the unwitting purchaser of an item having an copied FTDI chip in it, gets punished? In preparation of the sui generis IC mask rights the USA senate committees apparently were careful to ensure that users - "innocent purchasers" they're referred as - could only be punished by paying a royalty and that devices would not be destroyed or confiscated. That seems balanced and avoids punishing victims beyond what is reasonable.
The question of who the victim is under the FTDI scenario is a really interesting one and likely one that is difficult to resolve with absolute certainty. By this I mean that the consequences of various permutations of potential and actual actions require the benefit of time in order to fully grasp. All we can do is attempt predict outcomes based on experience, knowledge of technology, markets, and, of course, the bias every human being brings to the table.
It is important to note that FTDI devices don't just exist in Windows PC's. They are part of a wide range of products covering an unimaginable range of applications. Defects in clones, therefore, can have an equally large and unknowable range of consequences.
In my case I see two scenarios.
The first is what took place: FTDI was forced to retreat, effectively allowing millions of clones to exist unencumbered and without suffering any financial or legal consequences.
On first inspection forcing FTDI to back off was a pro-consumer stance. The victim, in this line of argument, was the consumer and FTDI --to be dramatic-- was the evil greedy corporate actor wanting it all. How dare they!
It is interesting to note that in this narrative the true criminals, the counterfeiters, never seem to be characterized as the culprit, when in fact, they are. It is easy to demonstrate that the marketplace would be safer without fakes.
This, BTW, applies to any product category, not just chips. Simple example: Fake dog food that could potentially kill your dog because the producers don't really care and have no responsibility or accountability to society, whether it be legal or moral.
And yet, if you analyze this scenario, it is also easy to demonstrate that the actual long term outcome is precisely opposite to the desired outcome (protecting the consumer).
By forcing a retreat at such a high level (FTDI devices are everywhere) the message was clear: Counterfeit chips got away with it, will get away with it. Legal and market forces only care about the here and now and will force legitimate companies to not interfere with counterfeiters.
One might say "Nobody issued a statement even remotely resembling what you just said".
True. Nobody ever does. We are defined by our actions. Society and individuals. In this case society cared more about immediate effects rather than the promotion and maintenance of a healthy ecosystem based on laws and regulations that, among other things, respect intellectual property and ownership rights.
The net result of taking this path is easy to predict: Nobody is ever going to challenge counterfeits because of the way the marketplace --due to shortsightedness-- pushed back on FTDI. Nobody wants to be the focus of a mob.
And so we are now in a situation where consumers, because of this path, will remain the victims for decades to come. Today, they, quite literally, have no idea what's inside the devices they purchase and legitimate hardware manufacturers dare not challenge counterfeits for fear of what the mob might do.
This is, at least to me, a clear case of good intentions not thought through to completion actually causing more damage to consumers in the long term in exchange for a short term benefit. This is why I think it was a terrible decision not to take the pain, support FTDI, repair/replace devices and send a strong message to counterfeiters that they risk going bankrupt rather than the opposite.
Part of that encapsulates the second scenario, one where counterfeiters are not allowed to derive financial gains from their operations. That would have been the true pro-consumer stance. And one that would have delivered a future where consumers could have a reasonable certainty of quality, safety and performance from the products they purchase.
I am not going to lay the entire responsibility of the counterfeit problem on the FTDI event, that would be preposterous. However, this was a very clear cause-and-effect case where one choice was to punish counterfeit makers (and the companies who knowingly use their products to increase profits) and the other was to think consumers were being protected by pounding down the legitimate manufacturer when, in reality, the outcome was precisely the opposite when a long term view is taken.
I can't imagine anyone making an argument proposing the unencumbered proliferation of counterfeits (anything, not just chips) is good for consumers. I think what was done with the FTDI case was extremely shortsighted and damaging.
In brief, that products are necessarily worse if they're fake; that societies approach should conform more to your model rather than being more liberal (in all except trademark infringement).
Wouldn't have corrected you if you didn't make the gasping for air pun with the typo.
A lot of fakes were distributed through reputable sources as originals. So you could for example build a medical device using expensive original components from digikey, only to see it breaking in the hospital for no apparent reason.
I bet people have _died_ due to FTDIs actions.
Medical device manufacturers would want both certificates of conformity and traceable parts. They'd want these if they built the product themself; they'd specify this if they got a sub-contract manufacturer. If the component supplier can't offer traceability back to the real manufacturer you'd probably want to buy from someone else.
I don't think bricking the devices is the right thing for FTDI to do. The consumer friendly thing to do is give warning and an FDTI contact email to report the product so FDTI can talk to the manufacturer.
I can't understand how a component supplier would comingle their traceable stock.
EDIT: since this is getting downvotes.
A component supplier would destroy customer trust if they supplied fakes with traceability certificates. It would mean anyone building for aerospace or military or medical or mining or etc etc (all large, multibillion dollar industries) would have to avoid that supplier. So what's in it for the component supplier?
I accept the fakes are common. I accept people bought fakes from reputable suppliers. What I don't accept is that people bought fakes when they asked for traceable components. I don't accept that companies buyign direct from FTDI got fake components.
They raise truly legitimate first approximation concerns about damage to consumers without understanding the long term damage to, again, consumers is far greater when a hard stance isn't adopted on fake hardware. It's the satisfaction of "doing the right thing" in the one case (FTDI) at the expense of never again being able to protect consumers from fake devices by disabling them if identified.
Counterfeiters continue to exist because they are allowed to make money. Stop their ability to profit and they will evaporate as quickly as they popped up. That's what everyone is missing, it's this feeling that the consumer was actually protected by forcing FTDI to pull back when, in reality, the mob created lasting damage to the safety, security and quality of consumer electronics products until someone else has the intestinal fortitude to make a stand, which, given the ferociousness of what is social media today could easily take decades.
Not only is it it a lack of understanding of how the electronics supply chain works, it also represents a lack of understanding of how the economics of fraudulent products works and how it is affecting people, companies and jobs globally.
We need to get very serious about intellectual property protection or Europe, the US and the world will be converted into nothing more than service and agrarian economies in a matter of decades.
I'll bet that's an exaggeration. If you are going to say something like that you have to back it up with data.
I could just as easily make the claim that people have died due to fakes. We can do that and go round and round a silly pointless circle.
The problem of fakes is real. And it is likely very much political (addressed in another comment). What is is NOT is the legitimate manufacturer's fault, even if they defend their existence by refusing to allow fakes to function with their drivers.
Fake chip manufacturers are perfectly free to do the required R&D, issue and support their own drivers. However, they are thieves, and prefer to steal rather than do the hard work and take the risks their victims undertake.
I don’t think anyone is arguing that FTDI has to let those chips be supported by FTDI drivers. I believe that intentionally sabotaging devices that have clone chips in them (such that they won’t work even once disconnected from the computer running their driver or that the device will be damaged simply by plugging it into a computer with that driver) goes well beyond simply “refusing to allow fakes to function with their drivers.”
That’s not OK, IMO.
There's a difference between not taking steps to ensure counterfeit devices function, and purposefully causing hardware to fail on a remote system. For example, I'm pretty sure purposefully causing the problem is illegal, if the user didn't request it, as it seems the same as hacking to me.
> Imagine counterfeit processor make it into the supply chain. Should the avionics OS do its best to work with every possible fake or should it brick it on power-up before that potentially dangerous aircraft gets off the ground?
Refusing to function is acceptable. Bricking the hardware is not.
In some/most cases there is no difference.
That's why you can kill someone and be either glorified as a war hero, hanged by a jury of your peers, or ordered to retake your driving exam.
They destroyed devices that worked perfectly well, but maybe (or maybe not) had a fake FTDI branding on a chip inside the device.
Even the manufacturer may have been a victim of commingled inventory. For this reason I stopped buying anything with FTDI in it, because I didn't want to take the chance it would be bricked because the smalltime seller on Tindie.com bought from a bad supplier.
I would hate to think what you would have Apple do to Hackintosh hardware.
You are looking at it precisely backwards. The key question here goes something like this:
Is Apple responsible for ensuring that fakes function correctly as it issues software updates for its own hardware?
In other words, just because someone decided to make a Hackintosh or a fake iPhone is Apple now instantly saddled with having to support this hardware for the lifetime of the fake products? And this is the case whether there's just one clone or 100 different variants?
As I have asked others, in what alternate reality does this make any sense?
My guess is that none of you have ever designed or manufactured hardware products at scale and don't fully comprehend the implications of what you so vehemently believe. No hardware manufacturer would ever take the side of having to ensure fakes work correctly; this would be sheer insanity.
To use your example, imagine if Apple released an update to iOS that would scan any jailbroken iPhones on the same network, and if it detected one, would use a backdoor to send it malware that wipes the device's bootloader.
The proper example would be fake iPhones made in Switzerland sold in the US as through they were real iPhones. If that's the case, then, YES, Apple would be right to brick them with an update. Absolutely.
I ask again: In what alternate reality would Apple be required to allow fake iPhones, look the other way and just let them be?
A key point here is that it’s impossible for the malicious driver to know what representation the seller made to the consumer— the presence of a nonoriginal part doesn’t necessarily mean there was any fraud involved.
Edit to add:
> ... fake iPhones made in Switzerland sold in the US as through they were real iPhones. If that's the case, then, YES, Apple would be right to brick them with an update. Absolutely.
Only after obtaining a court order to that effect. Destroying someone else’s property without due process is generally not acceptable, regardless of how right you are. To step away from technology for a moment, is it ok for a glassmaker to go around town breaking windows because they’re allegedly made with counterfeit glass?
Counterfeit goods is not a victimless crime. It costs jobs. It costs progress. It costs entire industries. Don't blame the victim. Consumers just happen to be caught in the middle of what, at the end of the day, is a political mess.
One could argue consumers are the victims of politicians and their terrible policies. That's where this gets complicated and we could end-up understanding that the FTDI problem has its genesis a decade or two ago.
I mean, what's FTDI supposed to do? Shut down and let the fakes take the market? What would happen to quality, reliability and support then? A business like FTDI doesn't run on pink unicorns. If fakes destroy their market they are out, a bunch of people lose their jobs and good luck with support for any chip or predictable performance and quality from anyone.
The choices we make have consequences in the short and long term. This is just a microcosm of what the world has allowed China to get away with.
I’m not saying that FTDI or a similar company should sit idly by, but the vigilante justice you’re advocating leads to bad places. We have customs enforcement to stop goods at the border and a court system to deal with internal disputes; use them.
In that alternative reality where, for example, mobile phone carriers are required to allow 911 calls even if your account is otherwise locked because you fraudulently paid with someone else's credit card.
That is why you are struggling to understand what everyone else is saying.
That is a reasonable action and would be enough to cause at least one more round of cat and mouse with the clone makers, putting a massive dent into their economics.
If they’d done that, it might have given FTDI a positive reputation (like the top brands of Taiwanese capacitors) instead of this self-inflicted punch-in-the-face.
I’m just a hobbyist (50-100 boards/year) and so don’t matter to FTDI economics, but CH340s go in my devices now because I don’t trust FTDI at all.
An emergency comes up, and the instant the emergency system comes up, it turns out to have been bricked. People die. Is this a good outcome?
If I were a manufacturer, I'd want to know about this ASAP. Would I want devices to stop working? Especially the examples you gave where people's lives are on the line? Absolutely not. I'd want them to work as well as possible until a replacement can go out.
Pro-consumer would be a pop-up letting the user know they received a counterfeit devices. I can then contact whoever sold me the device, and ask for a replacement. During cross-shipping, I can keep working. Anti-consumer is having my business trip and fall on its face when all the pen tablets which allow people to work from home are bricked during a pandemic.
Of course the counterfeit manufacturers are the bad guys. But FTDI is a company I'd never do business with either. If I'm an FTDI partner, and I got the wrong product, we were both cheated. I'm no more at fault than FTDI.
Should FTDI smack me and my customers upside the head for it? Well, that means we're not really partners.
> Pro-consumer would be a pop-up letting the user know they received a counterfeit devices.
This from driver code?
The party at fault here is whoever sourced the devices. If the design engineer called for FTDI and they put in FunTDI instead, well, they didn't build what they were contracted to build. Period.
Something as simple as a driver revision to, for example, improve performance, could break a fake chip. Is the legitimate manufacturer supposed to now be aware of every fake and design their drivers forever more to ensure fakes work perfectly? C'mon, that's preposterous.
If I design a board and someone decides to use a cloned version in their machine and somebody gets killed because of a software update I can assure you that the case wouldn't even get to court. The instant it is discovered that the board was a fake the entire thing would be thrown out. There is no way anyone is going to hold the manufacturer responsible for ensuring that clones work property. That is not what they are in business to do.
When we updated the ftdi driver, the board was bricked. Fortunately the system was still in development so we found a different board - it was only a bit of pain.
However, if that system had been shipped (as it was 6 months later), that board being bricked could have had much more significant ramifications. It would have caused a slipped schedule and tangible costs.
What should I have done differently?
I mentioned in another thread that we had one of the top two US electronics distributors knowingly ship us low "B" grade components many, many years ago. These components were in allocation and an enterprising young man at the distributor thought he would be smart and ship us a lower qualified component instead of what we ordered. That was twenty years ago or so. It cost our company dearly, nearly took us out of business.
This was that learning moment for me and it changed my approach to sourcing as well as the level of trust I grant anyone providing us with components. I will never put anything into a design where an illegitimate or lower grade component could jeopardize the safety, reliability or operation of the system.
At some level this is what engineering is about, isn't it? It's that old "Trust but verify?" concept.
We are working on industrial, flight (aircraft) and space (lunar) projects at the moment. No component will go into any of these systems without full knowledge and verification of its origins. This is true for individual components or contracted sub-assemblies.
BTW, this issue of failures being caused by not verifying components isn't anything new. The history of engineering is full of examples. One reasonably recent example of this happened to SpaceX a number of years ago:
For reliability, where that trade-off sits depends on the application. Aerospace, medical, consumer electronics, and disposable toys will sit in different places. If I lose a mission to Mars saving $100 on part which had a 5% chance of failure within a year, that's very poor engineering. If I include that same part in a $3 toy, bringing the price to $103, that's equally poor engineering.
Whether I trust or trust-and-verify depends on how much the "verify" part costs, how strong my trust is, and what the costs of failure are. Normally, the ROI calculation is easy; capitalist markets work well for this. I can ballpark expected costs.
When working with a customer like the government, the boundaries might be a little bit distorted, since the customer is process-oriented. The government might have a hard salary cap which makes it impossible to bring in qualified engineers, and I might take 3 years with a team of 5 people at $100k to do what one person at $300k could do in 6 months. At the same time, I might have hard requirements on process, such as origin-tracing every part.
The danger is when that becomes in-cultured and spills over to other places. If I'm working for the government, I'll follow government processes, and I understand why those are there. But I won't confuse those processes with good engineering. Once people do, they become poor engineers.
If I've shipped a toy which unwittingly has thousands of fake parts which I thought you made, we'll both have been cheated, and I'll expect you to solve that with me cooperatively. If you hack into my product and brick it, even if you were legally in the right (and you're not), you've lost a customer. That's bad business too.
To answer your questions:
(1) Yes, driver code can do things like this. If you don't believe me, buy an HP printer, and see the driver code pop up all sorts of advertisements, deals, and other crap. Driver code has access to your system's low-level internals. From there, it can do whatever it likes.
(2) The parties at fault here are multiple. One of the keys to building robust systems is to understand failures can take place anywhere in the system. In medical device, the terminology is "single point of failure." If one failure can kill a person, a medical device won't be certified by the FDA. In the same way you want the hardware to be tolerant of a single-point-of-failure, you want your organizational processes, logistics, etc. to also be tolerant. Mistakes will happen, and when they do, people shouldn't die.
(3) No one would hold FTDI responsible for making sure clones work properly. Plenty of people would hold FTDI responsible for intentionally attacking my hardware because I had a clone, if things go wrong. Two wrongs don't make a right. There is plenty of case law around this. Here's a nice chain for you to go down to get you started:
If FTDI's drivers stop working with my device incidentally, they're not responsible. If they intentionally brick a piece of hardware I own, for any reason, including believing I violated or contributed to a violation of their IP, that's a pretty clearly digital trespass under CFAA.
Would I pursue FTDI for breaking a cheap consumer device? That's not worth anyone's time. Had it, as in your example, killed someone or took down a planeload of people, you can bet your butt there would be both civil and criminal prosecutions for stuff like that.
(4) Any regarding supply chains, whenever I've done this, I've worked for small companies that wanted to keep logistics simple. We'd try to make sure complete designs could be sourced from one distributor (usually Newark, sometimes Digikey). And no one had resources to do any kind of tracing of parts. I understand that's done in aerospace, but that's not done in hardly anything else.
If there's some mixup in the supply chain, and I've shipped a thousand consumer widgets with a bad FTDI chip, FTDI should go after the parties responsible: my distributor, and the pirate company. Not me. Not my customer. And it should do it properly through the legal system and pursue damages, not break devices vigilante-style.
a) > company should be responsible for ensuring that counterfeit devices work correctly
b) > bricking [the counterfeit] device as soon as possible
The answer is almost always c) let it be, if it works fine, if not, not your problem.
Adding any kind of bricking code anywhere, unnecessarily introduces the possibility that it will be unintentionally (or maliciously) activated. Personally I don't have that kind of confidence in software or the people that write it (and I am one of those people)
Go ask the manufacturer of the fake chip to support it with their own driver.
Really. As a hardware manufacturer, if you use a fake version of my product and demand that my software work with it you will hear the loud sound of the phone being hung up forcefully.
The legitimate manufacturer can do anything it wants with the software and their hardware. If someone wants support for fakes they can provide it themselves.
We are talking about encouraging or tolerating theft of intellectual property here. Having been the victim of this I am quite sensitive to the idea.
> It is difficult to get a man to understand something when his salary depends upon his not understanding it.
No one is suggesting encouraging or tolerating theft of intellectual property. People are _discouraging_ vigilante justice against IP thieves.
In this instance, because it harms consumers (an innocent party).
You're arguing against strawmen when you claim that people are arguing for FTDI to support these chips. Instead what people are arguing for is for FTDI to not brick them _intentionally_.
In other words, when viewed with a long term perspective the mob actually succeeded at protecting the counterfeiters rather than consumers.
That's what people disagreeing with my perspective are missing in this argument.
Show me a legitimate scenario where giving counterfeiters a free pass leads to long term (decades) protections for consumers and there might be something to argue about.
My quote is far better, BTW:
Most everyone voicing opinions on this thread has zero experience manufacturing products at scale and perhaps even running a non-trivial company. Nobody has held any of these cats by the tail and yet everyone seems to think they understand market and business dynamics.
As my wife puts it (she is a doctor): A google search isn't a medical degree.
What you are calling "malicious code" could --and likely is-- quality control code.
The fact that fakes fail isn't the responsibility of the legitimate manufacturer.
I don't know how many hypothetical examples I have to concoct to drive the point home.
OK, here's another one. Fake Tesla. The real Tesla writes code that bricks the entire fake car. This is 100% pro-consumer. The fake Tesla could literally kill people.
What you guys are arguing for is that Tesla should ensure that fakes are able to function. And, at the extremes, that Tesla is responsible for their proper function and safety.
Think about that for a moment.
OK, I'll play your game. The car would not turn on after being parked somewhere for four hours. Only an idiot software developer would brick it at high speed on the Autobahn.
If I receive constant 1Mbps stream, the PLL doesn't even have time to stop/start? Or drivers are supposed to handle upgrade hand-off? Sounds crazy complicated, and I don't see the point of such a feature
A counterfeiter commiting crimes against FTDI does not excuse FTDI committing crimes against a third party (i.e. the consumer).
The world being safer without the counterfeit products also does not excuse the FTDI destroying things that aren't theirs.
The justice system being ineffective at addressing counterfeiters is also no excuse for FTDI to take matters into their own hands. Vigilante justice is usually illegal.
Programmers make mistakes. A bug in your counterfeit detection code may end up destroying legit products. In addition, you can not be sure destroying a product will be safe - if the chip is in a medical device, you might be killing someone. The entire idea of destroying a product without explicitly being told to do so is fraught with peril.
You deal in false binaries. The third, imo correct, option is for FTDI to design software that works correctly with their own product, and spend no effort on the counterfeits - neither to get them to work correctly, nor to brick them on purpose.
A fourth option, if you want to spend some effort on something other than destruction of property, is to take option three, and also alert the user that they are using a counterfeit chip with unpredictable behaviour, and in your airplane example, advise the user they should probably not take off. If you want to be pro-consumer, this is a better way to go about it than smashing their stuff.
From the consumer's perspective, they had a working device, and a firmware update bricked it on purpose. It is possibly out of warranty, in which case they end up footing the bill (or experiencing frustration) for replacement and downtime. It takes Olympic levels of mental gymnastics to view that as 'pro-consumer', imo.
The primary counter argument to mine requires an inversion of responsibilities and ascribes criminality to the victim.
Devices got bricked because counterfeiters committed a crime in the first place.
Along the same lines, there are supply chain questions that are impossible to answer:
How many of these device manufacturers knowingly used fake chips because they cost less?
How many distributors knowingly shipped fake components because, again, they cost less and delivered higher margins?
How many device manufacturers were true innocent victims who did not know fake devices had been substituted for the real thing?
How many failures of import controls led to consumers receiving devices with fake chips?
I have had the experience of having major US electronics parts distributors knowingly substitute defective --yet genuine-- parts instead of the top grade parts we ordered. The effect was what the hardware sector generally refers to as "infant mortality", where your hardware fails early or becomes unreliable due to substandard components.
It took months for these effects to come out into the open and for the major US distributor to own up to this against the threat on our part of legal action. Not only did they replace all components with legitimate top grade parts, they also paid the costs involved in replacing the affected systems for our customers.
My guess is that the context lacking most, if not all, who disagree with my position perspective that comes from having "skin in the game" in the domain we are discussing.
The knee-jerk reaction is to think bricking these devices is bad for consumers, as if that would have been the end of the story. No, in a properly functioning economy and legal system this would and should lead to tracing through levels of responsibility as far as possible, with consumers being made whole with properly engineered and manufactured devices.
The end result of forcing FTDI to not protect their product from counterfeiters is that not one consumer today can be assured the devices they purchase has quality reliable parts that will function according to specifications. A chip can, quite literally, go up in flames (I had this happen to me with a cheap Chinese device) because we did not support FTDI in disallowing fake chips from the market.
Sure, there would have been short term pain and a bunch of companies and suppliers fixing their pipelines and designs. Yet, we would have emerged with an above-average guarantee of quality and performance and counterfeiters thinking real hard before doing what they do.
Instead the feedback we gave counterfeiters is "you win".
And the result we obtained for consumers is "you lose, forever".
This incident extends well past FTDI. Because the mob won and forced FTDI to accept fakes it now means nobody is going to take similar steps towards protecting their products. Which, in turn, means counterfeiters know they won and know they can get away with it. Consumers, once more, lose, big and in unknown ways.
We are swimming in a sea of fake products. The only way to stop this is if fake products become losing propositions for producers, suppliers, manufacturers and consumers.
I mentioned I had a chip go up in flames. A while back I bought a little humanoid robot directly from a vendor in China. One of these things with 15 to 20 servos and, typically, a mobile phone class processor powering it and the touch screen on the chest. I bought several of them as part of a business venture.
A couple of days after receiving them one of my kids was working with it on the table in the garage. As the robot walked, it failed to take a step and fell. It just planked onto the table, a 90 degree rotation from the toes, nothing too dramatic.
In an instant flames were shooting out of the chest. Flames, not smoke. Since we were in the garage it was an easy matter to open the door and toss the thing onto the driveway.
Upon inspection we found a crater at the center of the ARM processor on the main board. It failed and took a bunch of other parts with it.
I contacted the company and very specifically asked about the source of this processor. We were actually considering importing and modifying this robot in quantity for educational purposes. In other words, we had established an engineering relationship with this company, this wasn't a case of just another consumer buying their product.
They pretty much told me they bought the cheapest ARM processor clone they could source in China.
This was and was not a revelation to me. Having done business with China for some time, as well as having a number of friends and business acquaintances doing business in China, nothing surprises me any more.
The degree of supervision and cross checking you have to engage in when doing business with China is impossible for someone outside of manufacturing to grasp. It takes a lot of work to ensure safe products are landed in Europe and the US. When you deal with European or US companies this requirement almost disappears because you can generally trust they will deliver what they agreed to supply at the required level of quality.
Taking the case of this real product, this robot, as an example, it would have been far better if --through whatever mechanism-- the thing had been bricked by the processor manufacturer before it got into the hands of any consumer.
I cringe to think that this company likely sold tens of thousands of these units into homes and schools that could, due to fake chip issues and low component quality, go up in flames any time. We got lucky in that the robot ignited while we were there and under circumstances that were easy to control. This could have happened in the middle of the night and the story would have been potentially horrific.
Be careful to think that allowing consumers to be fed fake products of unknown quality and traceability equates to having a pro-consumer stance.
Due to this FTDI event it is likely consumers today have no clue what quality and safety has gone into the products they are using. This is not a good outcome. The right path would have been to take the pain of fixing the real problem and make consumers whole through both corporate responsibility and the legal system.
In other words, FTDI is a victim and consumers are now even larger victims because the fake chip content of their devices is likely to go well beyond a little USB chip. No way to know how far and wide this has gone. A clear case of good intentions actually causing more damage to consumers.
OK, I'm done. I don't expect to change anyone's mind. Just stating a perspective I think many don't have because they don't have practical experience at scale in the world of hardware manufacturing and support. If it makes even one person think this through, research and perhaps understand, I am satisfied.
Be tolerant of contrasting perspectives...you might just be wrong and not know it...or, even worse, one day you will be correct and the mob will dismiss you just as you have to others when you think you are right.
Tolerance is important. Don't punish, dismiss and ignore those who you do not agree with because one day that person could be you.
Digikey certainly has a premium, but their speciality is small numbers/cut tape/etc and they have a small order size which makes them ok for hobby work, and I've used them for small production runs when I didn't want to end up with a ton of excess materials.
Makes you wonder what other junk is out there, and what purchasing guy figured he'd save $10 and get it from ebay...?
Both Digikey and Mouser will charge me $20+ to ship anything (tried with a small capacitor). Farnell will let me put stuff in the shopping cart, then when I select "individual" as the customer type, tells me that they only ship to companies and redirects me to a "partner site" for individuals, which promptly fails to load (things like this have conditioned me to avoid official distributors). RS will gladly sell me 4000 of those capacitors.
For a hobbyist outside of the US, AliExpress is often the only realistic source aside from the local RadioShack equivalent which probably doesn't have what you need.
Now I wouldn't mind this nearly as much if I could get the shipping rate upfront but it seems 80%+ of sites won't give you a real rate until you have almost completed check out which takes a lot of time. The funny thing is if they have a phone number you sometimes can get them to ship it more reasonably if their system has the flexibility to do that.
This is where ebay is a godsend as a lot of sellers will have the odd part around and work at having cheap shipping. But it is caveat emptor.
Last time I made heavy use of Digikey was in Australia and it worked really well. I'd order on Thursday and it would arrive by ~Monday, which was pretty awesome. You're right shipping, I remember correctly, was $20-$30, but on $200 of parts it was a small cost.
But as I said, this was done in my professional life, so I didn't blink an eye at it. Hobby world I get is different, but also the cost is frustration as opposed to 1000s, 10,000s of badly built boards.
I can safely say the site is not usable for electronics. It returned valves, pipes,nuts - pretty much useless for anything in Europe, being non-metric.
I've never had any trouble getting individual parts from RS either.
Disclaimer: I only ordered full boards from them so shipping seemed reasonable. No idea about ordering one small capacitor.
You often just need to fill that form entry, and not have any sort of official company. Things like Self, or your name again will work just fine. I have a fake company name that one day I'll need to actually register, but in the mean time is used whenever someone is willing to take my money, but not provide service without a company name.
Flip note: US companies selling to customers in the EU do require EU VAT number as well.
Overall living in the US and applying the same rules/advice to people not living there tends to be wrong.
So much stuff on eBay is free shipping, that's huge when you only need a few dollars worth of stuff. If I could convince Digi-Key to lick a 55-cent stamp when I need ten of something, instead of charging me $7 for shipping, I'd have a lot fewer counterfeit parts around.
The envelope is of course another matter.
* allegedly of course.
A recent change allows the USPS to increase rates for epacket. It looks like the new rates will go up slowly, so shipping from China will still be cheaper for packages under 3 ounces for a few years.
Also, it is painful to wait for these packages from China. Digikey ships same day and its at your door step in the morning (I overnight it) and if you use $7, it is usually 2-3 days.
Plus, you're supporting legit businesses and not the shenzhen market.
I can understand total hobbyist who cannot afford $7 shipping often. But even then, you can bundle all your parts and order once.
Any engineer who earns a salary can afford $7 shipping. If you're a business, there is absolutely no excuse to penny pinch here. You're losing money by using unreliable parts, if not now, at some point in the future.
I fall for this trap every. single. time.
_HOURS_ spent racking my brain to think of all the things I might need in different scenarios, so I can be absolutely, positively, 100% sure that I have everything in that one single order.
... and end up placing 2 to 3 more orders before the project is done.
Most of these sites offer free shipping to trade accounts with no MOQ as well.
But also you want that customer service as a business. Mouser once sent me a replacement camera at work (university) because they supplied one with the wrong interface. No doubt we have a big order book, but I've had similar experiences with RS as a hobbyist customer - ordered tools which are not up to scratch or slightly out of tolerance - "just keep it, we'll send a replacement".
Or, like me, pretty much go "Meh, its counterfeits all the way down!" and frequently tack on a buck or twos worth of other "That's interesting looking, I might want one of those one day, I'll grab a few on this order" stuff when you're buying things you need for a current (hobby grade) project, so you've got a few boxes full of (hopefully sufficiently well enough labelled and documented" junk on-hand for the next random project idea... I bet I have a dozen or so "DS18b20"s here from that approach. I _think_ I could probably find then in under 10 minutes if I had an idea that needed one right now. Maybe... (Actually, I do have that idea. I want to put temp logging on a little LiPo battery that sits under a small solar panel to run an ESP32. I _think_ it's probably failing early because the whole thing gets too hot in the du5rect sunlight. Logging will confirm/deny that, and let me measure changes with insulation and/or fan cooling. Maybe I'll go hunt for one tonight...)
Now it feels like I'm paying some kind of tax.
I understand that. But please charge me for what it costs. Don't let people with small orders pay the price for people with large orders. They already get discount for their order size!
Or if this is not possible at least call it an order-picking fee, don't lump it in the shipping costs.
I do have ethical qualms about supporting/funding "stolen IP", but then I've kinda got ethical qualms about the whole concept of IP anyway, and if you wanted to go hardline on IP compliance you'd probably have to avoid everything out of China (and everything that contains components out of China)... I wonder how often Apple get counterfeit components slipping through on Foxconn production lines, and how much effort they put into stopping it beyond extensive QA - which only ensures any counterfeits that make it through need to be close-enough to functionally equivalent to pass all the tests? The "test after" approach kinda pushes towards more IP infringement rather than less, since it's likely parts built from stolen designs would pass more often that parts reimplemented according to the spec?
Going further, if I'm in Germany, and order from a local place (e.g. a local ebay seller), I pay like $0.80 for postage on a delivery.
If I order from a reputable store... it's like 2 weeks waiting time with $15 on delivery.
In the past there used to be small stores everywhere selling every tiny part, but nowadays...
It didn't used to be that way -- mail order suppliers used to charge high fake "Shipping & Handling" fees.
That's why Amazon introduced 'free' shipping.
But $5 doesn't feel bad for shipping to get good parts quickly from a company I trust. But your point is taken. Sucks to put a $0.30 temp sesnor and pay $5 to ship it. =)
I also keep a "gift list" for myself of things I've always meant to experiment with but haven't gotten around to ordering. I ended up playing with MSP430 controllers this way.
So sellers pay for shipping, which is cheap, then gets subsidy, then there’s delay between Buy Now and actual transfers and financing to compensate it, those supposedly all add up and turn profits.
Digi-Key on the other hand probably has employee pension plans and that would be as far they go in terms of global financial investment techniques, so...
I never expect random chips bought off AliExpress/eBay/Amazon/etc to work, much less be genuine. I do expect breakout modules and the like to work, though I don't expect them to contain genuine parts. (That implies I'd never source from these places when it's a critical function.)
I'm always surprised when people expect grey-market crud to perform just as well as top-dollar stuff....
So far I've seen a ton of fake audio op-amps.
For discrete parts like transistors things are much simpler. Just build a simple test rig and test a few parameters. If they fall within the specs they're probably good enough. Of course it's not worth it to do this for jellybeans like 2N3904, but when some parts get obsoleted without a replacement (or they're too pricey) there isn't much else a lone hobbyist can do.
Links? That sounds fun...
I'm Canadian, and last I checked, the shipping costs to get parts from places like digikey was just ridiculous.
In professional engineering, where time is money, Digi-Key or Mouser is always more efficient, if they've got what you need. For personal stuff, where the value of your time is ~zero, the opposite can be true.
If I were working on something more important that dinking around for fun, sure, I might care a bit more about what's actually on the board. But as it is, the clones are more than adequate for my needs, particularly at their price point.
We ended up with 3 spools of counterfeit WS2812Bs that had cheapskated out on some data line capacitors on the die. Totally fucked the emitted RF noise levels compared to the same thing build with genuine ones, and intermittently flaked out when trying to run high speed data updates long-ish distance - the lights 6-7m and 40-50 leds from the controller weren't reliable...
Manufacturer and their supplier were very good at fixing things for us once the problem was discovered and attributed to bad components, but it was a very stressful lead to the xmas supply chain back then. (Then the entire company fell apart for different reasons, but the stress and expense of that incident was quite likely a strong contributor to those the triggering of those company-ending reasons... :shrug:)
Sparkfun and adafruit deserve commendation here, as their designs are open enough to even have low effort clones work reasonably well. (I'd buy a legit version if I was doing something professional, but prototyping for the sake of research is a different story)
I'm a special case though, since deliveries from the local AVNET subsidiary to my employer are often comped due to volume/location.
Then you pot the sensor with something thermally conductive and waterproof - waterproof potting compound is cheap (e.g. "RS PRO White Epoxy Potting Compound"). Finally heatshrink the outside.
You will never beat China prices, but this is one of those parts that's relatively easy to make yourself and shouldn't cost a fortune. The most expensive stuff is the epoxy, but it will last for a while.
Purely on performance, does it matter? If it doesn't matter if you're off by a degree or two, then the cheap versions will be OK. If you need the guarantee of a genuine sensor, or a different cable length, or whatever, it'll cost about $20 for five.
At least that was my experience 8 or so years ago when I made the mistake of purchasing a lot of 100 MAX7219 off eBay for $100 shipped from China...$1/ea was such a tempting deal to a younger, more naive self when these chips were selling for upwards of $7/ea from ECIA-authorized distributors at the time.
Never fell for that trap again.
Motorola microcontrollers on the other hand.
(Of course these days Digikey hassles customers by pointlessly firewalling arbitrary netblocks, so maybe the convenience tides are changing)
Digikey got it's opening when the mainline distributors decided that didn't want to deal with piddly little orders and imposed $250 minimums. Digikey swiped a bunch of their customers.
Now days ordering off Digikey is easy. But the cost of shipping is murder unless you want to wait a week plus for ground. Same time if you know what you want places like Allied will ship small orders for not much. And Jameco Electronics if they have it you can will call from their warehouse in Belmont.
Why was it a mistake? I've used the 'fake' ones. Did not have any problem with them.
It was so long ago, I had to dig up notes.
On the performance side, the counterfeits I received couldn't be clocked anywhere near the 10 MHz limit specified by a genuine MAX7219; one package pin that should be tied to GND was floating internally (contributing to poor thermal performance); but the real showstopper was that intensity control didn't work for shit.
My records reflect nigelectronics on eBay as the counterfeit seller. This is the address I was instructed to return the counterfeits to when I called them out on it for a refund (I eventually got the refund, but threw these counterfeits in the trash where they belong):
Cheng Kwok Hang
15F, BLK 1, Aldrich Garden, 2 Oi Lai Street, Shau Kei Wan, Hong Kong
This was my first semi-pro side gig out of college, and juggling all the unexpected curve balls with a fulltime day job was quite stressful.
You'd pay a pretty penny for things and support local/national businesses. Now, you're funneling fuel into the dragon's mouth. For what? A hobby project? Just spend the $7 shipping and get it from Digikey.
As someone who doesn't do this for work - I've never seen/heard of digikey or farnel before. Maybe if I was ordering enough to hit the $60 free shipping limit - but I don't think I've spent that on electrical bits in the last year.
Also check out RS Components Australia. They often offer free shipping with no minimums. https://au.rs-online.com/web/p/temperature-sensors-humidity-...
RS is also a good place to buy decent mechanical bits and pieces (bearings, drill bits, etc) if you don't want to play the lottery on Amazon. They even do their own 3D printing filament which I've had some good results with.
If you need small quantities (like one-of), you should look at sample requests. This is still alive and well - almost all the big manufacturers still honour them. I've gotten some $40 RTD digitising chips from Analog, micro-coax cables from Samtec and lots of random bits over the years. You may need a non-generic email address, but that's easy to sort.
For example you can sample the DS18B20 straight from Maxim: https://www.maximintegrated.com/en/products/sensors/DS18B20....
In addition to the shipping price for DigiKey which means batching up stuff is essential, one reason I buy stuff on AliExpress is that there are tons of ready-made breakout modules for easier prototyping.
Adafruit and SpakFun do make some, but there are quite a lot of interesting modules you cannot get from those sources.
Of course they usually worked about 70% as well as the real thing.
You may be subject to it if you send your designs and BOMs to a PCB house who also source and populate the components, then you're at the mercy of their procurement process
I haven't gotten around to doing anything with the 10, but the genuine one has been hooked up to an RPi for a while, which is controlling a space heater.
That was still using a solderless breadboard, so it was an easy matter to swap in the 10 one by one and check if they were genuine. As was probably to be expected, they are all counterfeit.
They all seemed to be fairly consistent with each other and with the genuine one, although it turns out that these things are really sensitive to body heat--just holding one pinched between two fingers while slightly spreading the leads to fit the breadboard would heat it up 2-3 C. This made comparing different ones a bit confusing.
The genuine one seems to cool back down to room temperature noticeably faster than the counterfeits. I wonder if the genuine ones take more care to ensure that the die is not too insulated from the outside world so it will be more responsive?
Anyway, since I'm still using a solderless breadboard, and then things are designed to chain, it was not hard to rig it up so all 11 are hooked up at once . (And yes, the resister is hooked up correctly. It is just a really bad angle in the photo that makes it look like it is off by one).
I've got a program running now that checks them all periodically and logs all the readings. Here are results after it has been running about 20 minutes:
22.437 [22.375, 22.25, 22.187, 22.312, 22.375, 22.187, 22.25, 22.25, 22.375, 22.25]
Still, I always recommend running an extra +VDC wire (3 wires vs 2 wires isn't a big inconvenience). When running large 1-wire buses (>100m long, dozens of sensors each), a dedicated power line is always a must.
Another funny use for these sensors is a source of nonce/id. Weirdly, every single DS18B20 I've bought had a unique ROM address, even when I got large batches. I still PTSD about that batch of PCIE network cards with identical MAC addresses...
You know you're dealing with counterfeits and you know they're unreliable, but you've somehow convinced yourself that despite all the uncovered variance sitting on the table, if you keep poking long enough until the component returns some non-edge-case value, then it "works fine".
I must have hopped on the sanity train quicker than I should have because it seems like I'm missing something critical in the narrative here.
Yes? Because it usually does? If you test a bunch of fakes and they tend to be either basically accurate xor really inaccurate, and your project isn't super critical, why not? It's like unit testing; if you trust your tests, then any function which passes is probably fine to use. I wouldn't do it for something mission-critical, but for fun hobby stuff I probably would.
I poke fun at the OP because his qualifier for "works fine" is an indeterminate definition of eventually establishing some semblance of compliant 1-wire communication with a counterfeit component without even so much as batting an eye to question the accuracy of the sensor measurement being read in, let alone:
a) environmental constraints
b) electrical constraints
c) timing constraints
d) system integration considerations
e) counterfeit variance/unpredicability
Long 1-wire networks are notoriously unreliable . Something that works fine today can stop working tomorrow. That doesn't mean that they shouldn't be used anywhere. They have their niche.
If I want my heating system monitor to report temperatures once per hour and it takes me 5 tries and 10 seconds to read a sensor, I call it good enough. If monitor doesn't succeed after 20 retries, it sends an alert to replace the sensor (so far that only happened due to damaged wiring, not the sensor itself).
It is possible (and quite fun) to build reliable systems using somewhat reliable components :)
First, on design. In your cited app note, Maxim explicitly denotes from the onset:
> Operating a 1-Wire network beyond the limits or disregarding advice given in this document may result in unreliable network performance.
The key operator that I see here is "beyond the limits", to which Maxim engineers appear to have done a fair job of specifying. Indeed, there's a lot of fine print in the published datasheet alone on "parasite power mode", but a first pass suggests this is nothing more than a nuanced design challenge, not one of questionable reliability. If your long 1-wire network works today but not tomorrow, then it's difficult to swallow attribution of the issue to a singular authentic component constrained by documented performance specs rather than the system's overarching design.
Second, on reliability. Since practicing engineers don't have the leisure of independently validating every bit of specified electrical minutae, we generally have to extend some level of trust to what the component vendors specify in datasheets unless presented with evidence to the contrary (because bugs). I poke fun at your "works fine" remark above because it reads like what you care about is some semblance of establishing trivial, intermittent communication while handwaving the accuracy of the reported temperature measurement, especially given all the effort to demonstrate and document that the physical implementations of these counterfeits are clearly different...which renders the reference datasheet null and void in its entirety...which I therefore conclude nothing about these counterfeit sensors can be trusted in any application with meaningful skin in the game. To describe these counterfeits as "somewhat reliable" strikes me as somewhere between naively optimistic and outright delusional.
But hey, your hardware, your problems...just saying. :)
This whole story about not using things where they shouldn't be used is like saying "don't use an arduino on a chemical plant". Thanks, we get it.
> The key operator that I see here is "beyond the limits", to which Maxim engineers appear to have done a fair job of specifying
Except that limits are not well specified since they depend on too many factors (ambient temperature, parasitic cable capacitance, noise pickup, etc). These are recommendations on improving reliability, not hard guarantees. I'd recommend actually reading that note.
> If your long 1-wire network works today but not tomorrow, then it's difficult to swallow attribution of the issue to a singular authentic component constrained by documented performance specs rather than the system's overarching design.
This is again a trivial statement. Where did I claim the opposite?
If a weather monitor equipped with 1-wire devices has intermittent communication issues, do you immediately replace the entire system? Good luck with that proposal :)
If you replace your 1-wire driver on the above mentioned system to the one with active pullup and issues go away, do you still scrap the system because it's "out of spec" according to recommendations?
> Since practicing engineers don't have the leisure of independently validating every bit of specified electrical minutae, we generally have to extend some level of trust to what the component vendors specify in datasheets unless presented with evidence to the contrary (because bugs).
Again not sure what's the point of this trivial statement. Yes, bugs. I, "practicing engineer", have the leisure to independently validate datasheets when required. I also rely on them when I can. So what?
> especially given all the effort to demonstrate and document that the physical implementations of these counterfeits are clearly different...which renders the reference datasheet null and void in its entirety...
I invite you to research re. FDTI-gate and its widespread use, including medical devices.
Are you comfortable using light bulbs purchased from amazon in your kitchen without looking at the reference datasheet?
If I need an accuracy of +/- 5 degrees for not critical monitoring purposes, can I use "counterfeit" DS18B20 sensors?
If I need an accuracy of +/- 0.1 degrees for critical monitoring purposes, can I use "authentic" DS18B20 sensors?
Answers are as obvious as your statement.
> which I therefore conclude nothing about these counterfeit sensors can be trusted in any application with meaningful skin in the game
Your subjective "meaningful skin in the game" doesn't tell much. What sensors do you trust? Do you require calibration certificates traceable to a secondary standard for each component for them to be blessed for "application with meaningful skin in the game"?
And sure enough that happens about 1/3 of the time regardless of equipment or facility.
So "just doesn't feel right" is something that absolutely happens in the real world. Not taking that into account is sloppy engineering
Would you have bought it, at the same price, if they had?
Judging by what the page says, they do --- but someone down the line from the manufacturer remarks them to DS18B20s.
Try to find a popular 16-bit ADS1115 ADC on digikey. They offer SMD 10X2QFN chip for $8, 10VSSOP for $10, assembled adafruit board for $22 (!!!) or DFRobot board for $15 (exact same board is half the price on ebay).
In comparison, ADS1115 boards from aliexpress are $2.
I suspect that a significant number of Bluetooth chips are fake; even in very expensive kit.
I got tired of having expensive headsets croak after less than a year, while my cheap 20-dollar exercise headsets lasted for four years.
Then again, hardware is a hobby for me. My level of "buyer beware" means a slew of parts cannot be purchased from ebay so maybe that is a factor?
I can't fathom anyone using ebay for serious products that would be sold to a supported customer with any kind of actual warranty. The mind boggles. I have, however, dabbled with alixpress and found speaking Chinese useful to the extent I made a short run of my own gadgets with humble success. No I'm not a hardware company. Just had an issue that needed a gadget so I made it happen.
* No flash memory or any similar memory devices. No FTDI gadgetry. No battery of any kind. Nothing that involves oddball power supplies. I parts bin any power supply "ebay-direct-from-China" as I don't trust any of them.
Darn, my sensor from usbtemp.com has 28 FF EC C5 21 17 04 99
The general mechanism (to use 1 io pin as both an input and an output) though is to have the io-pin operate in "open collector" mode. Essentially: it assumes that there is something external "pulling up" the io _line_ (normally a resistor attached to the positive logic level), and all devices attached to the io-line only "pull down" (ie: output the 0 logic level, normally 0v) on their io-pin. The io-pins, thus, have 2 states: low (ie: 0v), and hi-z (high impedance, ie: not driving the output in any direction)
This ensures that no device on the io-line will directly push/pull against the level being driven by the other device (because all devices only drive 0v, and none drive the the logic 1 level, they rely on the pull up).
Then to allow communication to occur reasonably (without both ends pulling the io-line low all the time), buses like 1wire specify how the devices decide which one "wins" (ie: gets to transmit it's data), or which one goes first, or which one directs the other devices to "talk".
The DS18B20 is, indeed, a 1-Wire device.
What's fun is one of them updated a driver, which bricks counterfeits.
Thankfully, 1-2 companies came up with their own competing solutions which you now can buy for cents. If you are still using FTDI chips (fake or original) you might want to update your designs.
This isn't a peer-reviewed piece of work, it's a writeup of someone's fairly exhaustive research into a problem they encountered.
I don't see why you'd need confirmation from another person that something you bought doesn't do what it's part number claims it should.
Probably he is right though, but to me it reads like the conclusion is the premise. (Might be due to the writeup though)
Edit: here is my bone: it says: how do I know? If the ROM does not follow the pattern 28-xx-xx-xx-xx-00-00-xx then the DS18B20 sensor is a clone .
And here I would have expected  to be the datasheet or something, but not 'own research'. The idea of citations is also to make your claims more verifiable.
Now, if we look at the Datasheet: https://datasheets.maximintegrated.com/en/ds/DS18B20.pdf
it actually says:"The least significant 8 bits of the ROM code contain the DS18B20’s 1-Wire family code: 28h. The next 48 bits contain a unique serial number. The most significant 8 bits contain a cyclic redundancy check (CRC) byte that is calculated from the first 56 bits of the ROM code. A detailed explanation of the CRC bits is provided in the CRC Generation section."
So the 28 is required. The '00-00' part is ust the higher bits of the unique serial number.
I wouldnt be surprised if different factories get different higher bits.
But... while I fully understand the ethical issues, there is also an interesting engineering challenge here were you can sometimes get your design to work even with crappy fake components.
Btw, if you think this is bad, try ordering some jfets from China...
I've had worse luck with assemblies than components; switching supply modules from ebay / amazon don't come with decoupling caps or RFI inductors or RFI chokes.
I've received fake electronics from 3rd party Amazon sellers and eBay.
For testing a PoC I will buy knowing there is a risk it's likely fake - but once I've validated a design I'll go to Farnell.