|Which brings me back ON topic: Is there any evidence that OTPs are
|vulnerable to attack?  I know there were some infamous problems with
|early OTPs and selective EPROM erasure attacks.  But the fact is
|that many of us have ruined more recent /JW parts by programming
|the code protects.  I suspect MicroChip buried the code protect bits
|on the newer dies, or that they aren't EPROM.  I'm guessing you'd
|need a Voltage Contrast electron microscope or other exotics to
|defeat this.  Any comments?

All Microchip would have to do to make lots of people on this list
very happy would be to release, and adhere to a spec something like
the following:

**NOTE** NOT A REAL MICROCHIP SPEC **
  "On all PICmicro devices produced after 5/15/99, with the exception of
   those windowed parts featuring an unerasable code-protect fuse, the LSB
   of the memory cell following the last documented customer-ID address
   will be "zero".  On windowed parts with an unerasable code-protect fuse,
   that bit will be "one".  On windowed parts with an erasable code-protect
   fuse, the bit will be initially "zero", but UV exposure may subsequently
   change it to a "one".
**NOTE** NOT A REAL MICROCHIP SPEC **

Although I don't know the specifics of the PICs' "factory test" area, I
would suspect that there's at least one bit in there that Microchip could
burn on OTP's and leave blank on UV devices.  If Microchip were to do this
and document it, it would allow programming devices to avoid destroying
window parts (when burning older PICmicro OTP's, it would be necessary to
override the feature, but that shouldn't be a problem).

Could any of the Microchip people reading the list comment on the feasibi-
lity of this?  Note that it would probably not entail *ANY* change to the
silicon--merely to the documentation and (possibly) testing procedure.