Feeds

Open-source hardware hacking effort 'smacked down' by USB overlords

Cough up $$$$s like the big boys for your ID codes

SANS - Survey on application security programs

The USB Implementers Forum (USB-IF), the organisation that oversees the USB standard, has apparently sent the director of a small British electronics firm away with a flea in his ear for daring to suggest how it could make the lives of open-source hardware developers easier and cheaper.

Arachnid Labs’ Nick Johnson decided that if the forum insisted every gadget that supports the universal bus must sport both a vendor ID number and a product ID number - an allocation for which the forum charges - he would seek partners to buy a vendor ID to share and use as a source of free product IDs for makers of open-source electronics.

A laudable notion, you might think. Not everyone who wants to build USB-equipped kit sells sufficient quantities to warrant the $5,000 the forum wants in exchange for a vendor ID, a recent rise from the $2,000 it used to charge. Devices supply their ID numbers to the connected computer so that they can be accurately identified and the correct drivers loaded, and so on.

The construction of open-source kit, by definition, can’t be tightly controlled by the developer: the blueprints are publicly distributed under an open-source licence so that anyone can build and improve the electronics, after all.

Johnson wrote to the forum to ask how he should go about “licensing a vendor ID... explicitly for the purpose of enabling small developers producing open=source hardware to more easily produce USB devices”. He sensibly suggested the vendor ID should be assigned to “a not-for-profit foundation, whose members are allocated product IDs [PIDs] from a vendor ID [VID] owned by the foundation”. The forum is itself a not-for-profit entity.

“Membership would be free of charge, and PIDs would not be charged for either," he said. "PIDs would not be available to anyone outside the foundation, or anyone producing hardware that is not open source; if needed, additional restrictions on number of units could be imposed.”

The forum’s response, we're told, was thus: a cease-and-desist request demanding written assurances from Johnson that he “will no longer promote the purchase of a community vendor ID or product IDs for sale, transfer, or use by a third party”. It also apparently told him to “delete all references to the USB-IF, VIDs and PIDs for transfer, resale or sublicense from your website and other marketing materials”.

Prototype products

The forum’s executive director Traci Donnell points out that her organisation has vendor IDs available for hobbyists. It makes a number of VIDs available for the development of “prototype products”, and it will supply this provided the resulting kit isn’t going to be sold.

Fair enough, perhaps, for the lone hardware developer or team working on a personal project, but such a prototype ID number isn’t much use to, say, the creator of low-run hardware that isn’t going to sell in anywhere near the volumes for which the forum designed its licensing regime.

It’s doubly an issue for open-source hardware designs that can be taken, made and sold by someone other than the creator - and vendor ID buyer, if they have followed the rules.

Openmoko opens kimono

Many better-known open-source hardware engineers have indeed coughed up to the forum, among them Adafruit - it needed one to code the USB bootloader of its immensely cute Arduino-friendly microcontroller board Trinket.

Meanwhile, Openmoko, the community that arose out of the open-source phone firm of the same name, owns the latter’s vendor ID and sub-licenses product IDs to hardware projects distributed under free and open licences. It insists “the USB device you are developing is... an open hardware project (as per the OSHW Definition) with at least publicly available schematics”, but you’re free to sell it as long as that condition is made.

Even if your hardware isn’t open source, as long as your firmware is, you can get an Openmoko-sourced product ID. Openmoko lists more than 100 devices that use one of its Product IDs together with its Vendor ID.

Separately, USB chip company FTDI will provide its vendor ID and associated product IDs to “instances where production runs of a device may not be very large, or companies are working on a limited budget” because “membership [of] the USB-IF, in these cases, may cause a USB project to become economically infeasible” - it costs $4,000 a year.

But FTDI only provides this service to its customers, as do a few other firms that sub-license vendor ID and product ID pairs.

The USB Forum, of course, has to acknowledge the intellectual-property rights of the minds behind the technology that underpins the interface standard. But since USB is so ubiquitous, perhaps it’s time the organisation demonstrated it is able to think outside the mass-market box and help those whose business does not lie within it. ®

SANS - Survey on application security programs

More from The Register

next story
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.