Slashdot Mirror
Linux Drivers For Free Barcode Scanner Cease-And-D...
> How complicated is the driver/what does it do?
It isn't terribly complicated. There's two programs that I wrote in the package, and one I did not. All are based on the "libcue" I wrote, also in the package. The deocder algorithm is a simple modified base-64 XOR 67. Jean-Philippe 'JP' Sugarbroad figured it out, and Colin Cross wrote code based on it and made me aware of it. I re-implemented it for the learning experience. The program named "decode" reads in a line of output from the cuecat for stdin or as first argument. CueCat output looks like this:
<ALT-F10>.C3nZC3nZC3nYDhv7D3DWCxnX.cGf2.ENr7C3b3DNbWChPXDxzZDNP6.
decode splits the Cue output into fields separeted buy ".". It ignores the first field and runs the rest through the base64+XOR decoder. This becomes the first line output. Digital Converegence added some additional "encryption" to their Web service; their program takes the output of the cuecat and inverts its case befoe sending it off to http://[server].dcnv.com/CRQ/1..[activation code].04.[cuecat scan].0
[Server] can be a, o, s, t, or u. [activation code] is supposed to be the activation code you get from your registration, but can be simply "ACTIVATIONCODE", which is actually what my spftware puts there. [cuecat scan] is the raw output of the device, minus the ALT-F10, with case inverted. Their servers send back a little blob of text containing several fields, including a suggested URL and description. Libcue parses those out and makes them available to its clients. Here's the scan of an NADA car-guide book:
The output of decode looks like this
DATA 000000001768443202 IB5 978034533392650599
CUE 0345333926
AMAZON 0345333926
http://www.amazon.com/exec/obidos/ASIN/0345333926/104-2159322-9263954
Ringworld Larry Niven
http://images.amazon.com/images/P/0345333926.01.LZZZZZZZ.gif
The gnome panel applet reads in CueCat scans, looks up the :Cue at DCNV servers, and redirects Netscape to the suggested site, if any.
> What does their commercial software do exactly?
The same thing mine does, without the amazon lookup and with some annoying GUI features, like a tabbed CueCat panel.
> How many lines of code?
1258 according to "cat cuecat-applet.c cuecat-applet.h decode.c decode.h libcue.c libcue.h | wc -l"
Michael makes another interesting point in a seperate e-mail
When they sent the letter (Aug. 30), my software did not touch the DCNV servers to look up :Cues. It simply decoded the data, and if an ISBN number was scanned, the panel applet made Netscape go to the Amazon page blindly: http://www.amazon.com/exec/obidos/ASIN/[isbn number here].
So it was not the use of DCNV servers they objected to, but the mere decoding of the output of the cuecat. I didn't release the :Cue and Amazon lookup-enabled version until yesterday (Aug. 31), when the FedEx letter arrived by overnight delivery.
Thanks to Michael for taking the time to answer this stuff. It's pretty scary when the stuff that you have can't be poked at without a corporation demanding you stop. Imagine if Ford had said you can't open the hoods of your car a hundred years ago.
Update: 09/01 02:49 PM by CT : Freshmeat has a perl script CueCat Decoder that will also decode the CueCat's output.
Update: 09/01 02:57 PM by CT : Russel Nelson pointed out that Lineo's Driver has also been taken down following a cease and desist from Digital Convergence (CueCat's parent).
Every cuecat scan results in some garbage that looks like the following:
Hidden inside that code is the barcode type, and its numeric or alphanumeric equivilent. But there's more: There's also a serial number. And that serial number is probably easily matched up to the store where you picked up your cuecat device, or even to your name if you gave it to the clerk at the store.
The first item in the second line is the serial number. Then the barcode, and then the numeric value of the UPC type A code. This serial number stuff is real bad news. It's like a cookie that can't be turned off, and it gets sent to Digital Convergence every time you scan a barcode that brings you to a web site using their software.
Of course, they're going to be pissed about people using their barcode scanners without their spying software: They want to make money by seling your personal information. They know where you live. They know what books you read, and they know what products you buy, all by what you scan with their little cuespy.
The cease and desist letter they've sent is a vague piece of crap. Its sole intent is to intimidate. They have no legal standing. First spying, now intimidation tactics? I think perhaps it's time for a TLO to investigate Digitial Convergence.
I've mirrored the standalone cuecat decoder software at http://osiris.978.org/~brianr/cuecat/.
Nader calls this Corporate Socialism. I'm beginning to think he has a point.
Some days I wonder if we're headed toward a society where you can't even wipe your own butt for yourself, instead of having some corporation do it for you (for a nominal fee).
If you did it yourself, you'd be depriving some butt-wiping company of revenue, you see. Putting honest, hard-working people out of jobs, for heaven's sakes!
(if you disagree, you're a communist butt pirate and should be shipped off for re-education)
This is severe hyperbole, of course, but unfortunately something very near that mindset is truly already out here in corporate-land.
DNA just wants to be free...
In addition, the item was not free, but given to me (and everybody else) for good and fair compensation, namely the personal information. It can be shown that this information has a monitary value (just look at how much email lists and snailmail lists sell for), and therefore the exchange could likely be viewed as a "sale" for the purposes of the uniform commercial code.
Software is a special case because it has labels on it stating that you are agreeig to a license, plus presents you with the license and a chance to repudiate the license and get a refund (in theory at least, when was the last time someone was able to return software they didn't like the license terms to, say, CompUSA).
So I think they are SOL unless you installed their driver software. Which I've never done. I've not even taken it out of the packaging.
P.S. If I were the author that got such a C&D letter, then I'd demand they get a whole lot more specific about what, exactly, was in violation. Such vague letters are easy and cheap to write and are meaningless in many cases because they aren't specific. Ask them for specifics. What, specifically, are they objecting to. What gives them the legal right to object to it (copyright claim, granted patent claim, trade secret, etc) so you have a chance to audit their claims. If they refuse, then you are in a much better position later if they file legal action against you.
Its probably not worth it. They're just sending threatening letters with vague comments about "intellectual property". I fail to see any protectable intellectual property in what they do, or what the Linux drivers do. You can't copyright protocols, they have not patents I'm aware of, there's no trademark infringement. All thats been done is the reverse engineering of something they might consider to be a trade secret, but in themselves trade secrets have not legal protection.
They haven't a leg to stand on, and I doubt they'll even find grounds to sue.
Ummm... I have seen punctuation marks used in other names too: /.
Exactly. Sega vs. Accolade established that reverse engineering was legal. DMCA says that reverse engineering isn't allowed except for the purpose of interoperability. I don't see libcue as doing anything besides allowing interoperability, so libcue seems to be legal even if DMCA is upheld.
From his page: I'm beginning to think we're headed into a new age where private property is abolished -- but instead of everything being owned by the state, it will be owned by corporations.
I'm sending $100 to the EFF today. This kind of crap has got to stop.
I hope everyone who reads this article (and who can afford it) will join me.
--
My word processor was written by Stanford Professor Donald Knuth. Who wrote yours?
My company uses tethered barcode scanners on a regular basis, in fact each of my in-process workstation have one connected. These puppies cost about $300 a pop, connect to PS/2 port and provide a pass-through for standard keyboard attachment to it. What's even better is that the piece of hardware will scan just about any barcode, decode it, and send it as if it were a keyboard input stream ...with a hit to the enter key at the end of the input string.
these have no driver requirements whatsoever
they work on every OS I've tested them on (NT, 9x, *nix/x86)
Why did this CueCat (yup, next is the CueDog right? or CueMouse?) require so much effort to just dump for free into the hands of the end user??? Call me crazy, but if I were going to hand something out for free, I wouldn't devote any time to serious development like a minor encryption scheme... I bet the next version of it is supposed to have an IP address per CueCat.
This kind of thing should be covered under Fair Use. Though I'll lay money (in the hands of EFF) that they'll continue blithely on their prosecution path and try to pull the DMCA down on the developer's head because it defeats a 'digital copy protection' scheme of some format.
If they're angry that they lost money on the development of the device, they have nobody to blame but their own developers and marketers. KIS - Keep It Simple.
If I get my hands on one of these things I do have a door that doesn't like to stay open, sounds like an adequate door stop. Will I get a Cease and Desist order too?
please
zerodvyd
I'm sure the person that typed up that cease and desist letter kept a straight face.
I can see that conversation:
Law firm: So you want to sue flying butt monkeys?
DC: Yup.
Law firm: Riiiight...
But anyhow, this is just ridiculous, it's a physical product that sends output like a keyboard, basically, it is a keyboard. We can do anything we want to with it. We can destroy it, we can pee on it, we can set it on fire, we can strap gi joes and 74 bottle rockets to it and boldy send it where no cat-shaped bar code reader has gone before. We paid for it (granted it cost $0), it's ours.
The nerve of this company is absolutely absurd. Tonight, I'm going to write as many useless (maybe even useful) programs that use the scanner as I can just to piss them off.
Really, what is the world coming to (or at least the US)? I feel that there's going to have to be a revolution before too long, ya know? Kill all the stupid people!
Mike
"I would kill everyone in this room for a drop of sweet beer."
One to be filed in the round file, methinks. A cease-and-desist letter worth paying attention to would have said exactly what IP was being infirnged (clue: none is) and used the words "cease", "desist" and "remove". This is just something threatening dire consequences in unspecific terms.
Charitably, one might assume that they are putting a marker down; they don't know whether they might have a problem with flying butt monkeys, but they do know that if they ever need to prosecute in future, they'd better not be found in proof that they knew about this software for a while, but did nothing about it.
Irritating, perhaps, but part of the price we have to pay for a common-law based system. The alternative would be for there to be government-provided coding licenses and prior restraints of what code you can write.
-- the most controversial site on the Web
http://www.cuecat.com/faq.html Has a link to their privacy policy. There they admit they collect 'demographic' data and makers of the decode program acknoledge that your 'id' number is sent and can be replaced witha generic code. They dont care about the scanner or the software. They property they are protecting is thier ability to track your internet usage.
The cease and desist letter says they're protecting :Cue's "intellectual property". I fail to see how writing an independent program that simply makes use of the output of the :Cue scanner in any way infringes on the company's intellectual property.
Reverse engineering of file formats are the closest example and my understanding is that courts have rules that this is fine.
I don't see how they have a leg to stand on. Hack on...
When I walked into my local Radio Shack, the guy didn't even know what a CueCat was. I had to say, "You know, the barcode reader?" He acknowledged and handed me the thing. He took my name and address (I still can't figure out why I didn't use fake info). He never said anything about a license to use it. He also never said, on the phone or in person, that it was on loan from DigitalConvergence.com. He said they were "giving" it to me, for free.
After opening the package I plugged the thing into my machine, and glanced at the card they give you. I've just now read the entire card, and it says nothing about a license agreement, or even a mandatory look at crq.com. It only says to go to crq.com to get a unique activation code.
Unfortunately, in screw-you lawyer style, the back of the CD jacket says, in tiny print on the bottom, "Opening of this software constitutes acceptance of our License terms contained herein. Copies can also be found at www.digitalconvergence.com/ula.html. [...]" Although I don't recall a EULA in the package, it does direct you to online information. It also doesn't say installation constitutes acceptance, only opening the software. And that happened when you eagerly ripped open the plastic containing the device.
Therefore, unfortunately, we are all bound by those license terms. I could imagine, if one took it all the way to the Supreme Court, one could claim that decoding the CueCat output is merely reinterpretation of public information (since the CueCat dumps its code into any text editor you choose, they aren't making an effort to conceal the code).
If mine gets recalled, though, I won't give it back. The reason? I paid for it. That's right: when I was at Radio Shack, and before I could even see a hint of a license agreement in the package (the message was obstructed by the informational booklet), I gave away my name and address (it's even printed on the receipt they gave me), which is valuable marketing information. So Radio Shack (and potentially DigitalConvergence.com) can send me shit I don't want, and I have nothing to show for it? I don't think so. I deserve compensation for giving up my privacy.
Maybe that's why I didn't use fake info.
I do not belong in the spam.redirect.de domain.
1. Convert the DeCSS source code to groups of three-number octects (000-255) representing the ASCII characters of the source.
.mp3.
/. users with high UIDs are trolls dammit!
2. For additional fun, before step one, invert the bits of the source code. Claim this is a copyright protection device and nobody can attempt to circumvent it under the DMCA.
3. Use a barcode printer to print out the resulting sequence of numbers in barcode format.
4. Give to a friend.
5. Friend scans barcodes with free scanner and Linux driver.
6. Friend converts source code back into original form, saves it in a file whose name starts with Metallica and ends with
7. Publish the resulting file on Napster, Gnutella, Freenet, etc...
8. Lather, Rinse, Repeat.
.sig: Not all