Open-source hardware hacking effort 'smacked down' by USB overlords

Cough up $$$$s like the big boys for your ID codes

Application security programs and practises

The USB Implementers Forum (USB-IF), the organisation that oversees the USB standard, has apparently sent the director of a small British electronics firm away with a flea in his ear for daring to suggest how it could make the lives of open-source hardware developers easier and cheaper.

Arachnid Labs’ Nick Johnson decided that if the forum insisted every gadget that supports the universal bus must sport both a vendor ID number and a product ID number - an allocation for which the forum charges - he would seek partners to buy a vendor ID to share and use as a source of free product IDs for makers of open-source electronics.

A laudable notion, you might think. Not everyone who wants to build USB-equipped kit sells sufficient quantities to warrant the $5,000 the forum wants in exchange for a vendor ID, a recent rise from the $2,000 it used to charge. Devices supply their ID numbers to the connected computer so that they can be accurately identified and the correct drivers loaded, and so on.

The construction of open-source kit, by definition, can’t be tightly controlled by the developer: the blueprints are publicly distributed under an open-source licence so that anyone can build and improve the electronics, after all.

Johnson wrote to the forum to ask how he should go about “licensing a vendor ID... explicitly for the purpose of enabling small developers producing open=source hardware to more easily produce USB devices”. He sensibly suggested the vendor ID should be assigned to “a not-for-profit foundation, whose members are allocated product IDs [PIDs] from a vendor ID [VID] owned by the foundation”. The forum is itself a not-for-profit entity.

“Membership would be free of charge, and PIDs would not be charged for either," he said. "PIDs would not be available to anyone outside the foundation, or anyone producing hardware that is not open source; if needed, additional restrictions on number of units could be imposed.”

The forum’s response, we're told, was thus: a cease-and-desist request demanding written assurances from Johnson that he “will no longer promote the purchase of a community vendor ID or product IDs for sale, transfer, or use by a third party”. It also apparently told him to “delete all references to the USB-IF, VIDs and PIDs for transfer, resale or sublicense from your website and other marketing materials”.

Prototype products

The forum’s executive director Traci Donnell points out that her organisation has vendor IDs available for hobbyists. It makes a number of VIDs available for the development of “prototype products”, and it will supply this provided the resulting kit isn’t going to be sold.

Fair enough, perhaps, for the lone hardware developer or team working on a personal project, but such a prototype ID number isn’t much use to, say, the creator of low-run hardware that isn’t going to sell in anywhere near the volumes for which the forum designed its licensing regime.

It’s doubly an issue for open-source hardware designs that can be taken, made and sold by someone other than the creator - and vendor ID buyer, if they have followed the rules.

Openmoko opens kimono

Many better-known open-source hardware engineers have indeed coughed up to the forum, among them Adafruit - it needed one to code the USB bootloader of its immensely cute Arduino-friendly microcontroller board Trinket.

Meanwhile, Openmoko, the community that arose out of the open-source phone firm of the same name, owns the latter’s vendor ID and sub-licenses product IDs to hardware projects distributed under free and open licences. It insists “the USB device you are developing is... an open hardware project (as per the OSHW Definition) with at least publicly available schematics”, but you’re free to sell it as long as that condition is made.

Even if your hardware isn’t open source, as long as your firmware is, you can get an Openmoko-sourced product ID. Openmoko lists more than 100 devices that use one of its Product IDs together with its Vendor ID.

Separately, USB chip company FTDI will provide its vendor ID and associated product IDs to “instances where production runs of a device may not be very large, or companies are working on a limited budget” because “membership [of] the USB-IF, in these cases, may cause a USB project to become economically infeasible” - it costs $4,000 a year.

But FTDI only provides this service to its customers, as do a few other firms that sub-license vendor ID and product ID pairs.

The USB Forum, of course, has to acknowledge the intellectual-property rights of the minds behind the technology that underpins the interface standard. But since USB is so ubiquitous, perhaps it’s time the organisation demonstrated it is able to think outside the mass-market box and help those whose business does not lie within it. ®

The Power of One Infographic


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.