Slashdot Mirror
"Cloudy Future" For CueCat
Edgester writes "There is an article at Security Focus about Digital Convergence and the CueCat Barcode Scanner. DC thinks that those Cease and Desist letters completely stopped the hacker community from hacking the CueCat scanners." Oh - and we should just point that in the continuing example of Digital Convergence's wonderful security their site was cracked and all user info was captured.
They should have forgone the serial number part(I don't need a serial number on mine. if it gets stolen, I'll buy a new one. I mean come on! heh), and sold it for $10 a piece, and made a ton on software bundling. Home inventory(CDs), quickie hardware identification(run the cuecat on your video card, and it'll find the drivers for you!), and such. Forget about the Rat Shack stuff, that's peanuts compared to selling a piece of hardware cheap, and doing bundling with it.
They don't want their intellectual property to be reverse engineered. Of course there's no legal backing of this desire of theirs, but can't you show minimal respect for the mentally challenged (taking into account actual amount of intellect involved)?
--
Since the C&D letters, the CueCat
Linux Driver has steadily progressed
from 0.0.8 to 0.1.3, and has gotten a
lot better. Pierre Coupard and other
folks have done a lot with the device.
Since the C&D letters, the driver has
added support for multiple CueCats, we've
put together 2 different models of serial
port converters for the CueCat (think Palm)...
and added support for using the CueCat on
a serial port, keyboard port, or mouse port.
The driver is now a loadable module, and even
supports the USB CueCat which isn't even
officially RELEASED yet!! We've also been able
to test the CueCat with all kinds of different
barcodes and figure out many of the CueCat
codes for them.. On a hardware level, we've
figured out how to wipe or even reprogram
the ID code... I don't know about you folks
or about Kevin Poulsen for that matter,
but I see this as a successful project so far..
For the 1 week after the C&D letters, people
were a bit worried and the development went
more private, but that's only 1 week! That's
a reasonable amount of lag time to allow lawyers
to digest the problem. After 1 week without
response from Digital Convergence, we all just
started breathing again and went back to work.
PS... Happy RSA Freedom day..
-- The Funk, The Whole Funk, And Nothing But The Funk
"An Internet company that's given away one million cat-shaped barcode scanners to magazine subscribers and Radio Shack shoppers is claiming victory in a skirmish with hackers over how the feline freebies can be used."
PR 101: Manage expectations. When you have completely lost, declare unconditional victory.
"We had to make a bold statement up front that we didn't authorize you to do this, we encrypted our cat data, and you're not allowed to take over that output," says David Mathews, vice president of new technology at Dallas-based Digital Convergence.
Bold statement (n.) - Impotent claim that is ignored by everyone. See political speech, press release.
"Digital Convergence was aghast. "If people take over our cat and start using their own databases, the world becomes cloudy," says Mathews. "Our revenue model is being the gate keeper between codes and their destinations online."
Oh the horrors! The world will become cloudy if we don't stop using our own databases! Why, we might even get access to our own information and then where would we be? I mean, think it through people! Is a free world the kind of world you want for your children?
"By way of example, Mathews points to one hack, created by network engineer Michael Rothwell, that allows users to scan the ISBN number on the back of a book with the CueCat. "You could swipe a code, and it would serve up a page on Amazon.com. But what if [the publisher] doesn't want it to go to Amazon.com, they want it to go to web site under their control..."
Think of the implications! We might wind up at a web site that is not under their control!
"By the Linux community taking over and redirecting where these swipes go to, they were circumventing our software."
Oh the shame of it all...
________________
________________
Private Essayist
1. It's a dumb idea to scan barcodes just to go to a web page.
2. The thing is really really hard to get to install.
3. It doesn't even work right when installed.
Yep, mine is still in the box and staying there.
"sweet dreams are made of this..."
> I'm wondering why people have stopped hacking the ::CueCat::
/usr/bin/perl -n
/\.([^.]+)/g;
You believe what DC said? Go to freshmeat and search for cuecat. As far as I can see, the *only* one who doesn't still have their code up is flyingbuttmonkeys. Online decoders like http://www.jounce.net/~maarken/decode.html are still up (never went down, as far as I know).
I wonder if DC really believes the hacking has stopped or if they see this as the only face-saving stance that they could take.
The only other reason I can think that there is any "less" hacking is that the decoding is 100% solved in 7 lines of perl:
#!
printf "%s %s %s\n",
map {
tr/a-zA-Z0-9+-/ -_/;
$_ = unpack 'u', chr(32 + length()*3/4) . $_;
s/\0+$//;
$_ ^= "C" x length;
}
-- Don't Tase me, bro!
DC's also alienating a potential market... while I'd agree that a good amount of their business would be from AOL'ers, there are a surprising number of hackers that shop Radio Shack. (Geez... how many times do I go there for batteries and walk out having spent $200?!!)
/., Freshmeat or an alternate Linux/open source community site as a thank you, extend the functionality, and re-release them back to the community (under GPL, of course). Make them simple to install, include some goodies, whatever. In otherwords, make a superior open source product.
Amateur radio hobbyists, especially those from the Linux community, end up sending part of their paychecks to places like RShack. I'm there at least once a week buying stuff. But how can I use the CueCat when the DC PHB's forgot to develop a Linux driver for it? Sorry boys, but the five boxes down in my shack don't have a single Microsoft product on them!
Instead of firing up the attorneys, why not pull the Microsoft "embrace and extend" trick. Grab those drivers, thank the community, contribute $10,000 to
Instead of boycotts, hacking and general disasterous public relations that is a serious abuse of their investor's bucks, you might find a bunch of new customers (who are usually the bigger spenders at RShack) who'd cost you only an occasional un-intercepted barcoding scan of their books in the home library.
*scoove*
"Poor sportsmanship: They just can't stand to see the other man win."
The truth about this is that the only devices that have been exploited have been loss-leader type electronics, and built on useful hardware, which often makes the best loss-leader (ie, it's a good product).
Things that haven't done so well, and haven't been hacked have been *extremely* proprietary devices like the Mailsite personal email box (man that'd make a sweet portable bash terminal).
So... useful things tend to get reused if they're given to us. The only way companies can avoid a situation like this is to make something damn near worthless if hacked (funky hardware, no ram, no hd, odd processors, etc)... The problem of course is that those types of things don't always make good products.
----
"Our revenue model is being the gate keeper between codes and their destinations online."
In other words, they want to protect their bottom line. The truth is, they should have thought of this sort of thing happening, and taken steps to protect their interests before releasing their product. It's their own damn fault, and I have no sympathy.
psmylie's dictionary: Godzillion (noun) Any number large enough to destroy Tokyo
When I first heard about the Cue Cat on Slashdot, I thought that Digital Convergence seem to have created an excellent product, but are a little short on the old grey matter.
It seems pretty obvious that here's a company who have read "New Economy 101" and decided that their tangible product should be free so they can create money on the spin-off merchandise (the software). Shame they didn't think one step further.
Now they seem to be *proving* their ignorance of the real world. I mean, how naive can these people be? Does their whole business plan smack of "pointy haired boss" or what? "Our revenue model is being the gate keeper between codes and their destinations online!
Sorry DC, but I think you'll find that your (Cue) Cat is out of the bag and no amount of bullsh*t is going to put it back again. Better rethink that business plan.
"Give the anarchist a cigarette"
A little planning goes a long way...
Seems that DC have a real issue with things. Like coherent thought.
Now, if someone were to pull apart a cat, and build one and market it to emulate the original, yes, that'd be infringement.
However, their encryption isn't of their own devising, so, no real reverse engineering there. Just application of existing algorithms.
Data generated from the cat isn't Intellectual Property at all.. Merely generated statistics.
Ok, I understand their stance that it'll affect their revenue stream by hijacking the cat, and using it for things it was never intended.
Still, what percentage of their market will persue this track? If they've done their marketing correctly, an absolutely minimal amount. And some of those may still use it for it's intended purpose.
Basically, if someone doesn't want their device pulled apart, and reverse engineered, don't throw it mainly at the tinkerers market segment.
It's like putting your hand in a tank of hungry pirhanas, and expecting them to ignore it.
In just about every venture, there's the concept of 'acceptible losses'.
As DC don't seem to be tying the whole thing down, and chasing it carefully, I think they just hit the kneejerk 'Call in the legal vultures, and the world will conform', and ignored it.
Not the kind of behaviour of a company really worried about the release of this info.
Malk.
I think they're really barking up the wrong tree trying to shut down the hobbyists and the LINUX driver writers. Their true revenue stream lies with the AOLers of the world, and not with the bitheads that read Slashdot.
They should recognize that 5% of the people are going to hack their cats NO MATTER WHAT THEY WANT, and that the other 95% will be firing up AOL so they can quick scan the barcode on the front of the Radio Shack catalog.
Even if a Windoze version comes along (AOL compatible), over 75% of the users will still not circumvent their device. Mr. Matthews should chalk these up to "acceptable losses" and make sure that the content he provides to his "real" subscribers is good enough that the hacker substitutes don't compete in features.
When did "Cease and Desist" become an acceptable substitute for "Common Sense"?
John
The Church of the SubGenius -- because somebody had to put all that slack in there...
John
still remember my ECO101 from UofT, talking about utility functions, indifference curves, perfect competition, monopolies, monopsonies etc.
The CueCat case is a problematic one. On one hand you can not deny obvious user benefits from the product, everybody seems to want one, so in a way the company has created a market for the product. On the other hand the company failed to realize that the consumers tend to minimize their costs, just like the eco classes teach them. Nobody wishes to pay more than is required by the law, and the law does not require making any payments to the CueCat, since CueCat did not bother to protect themselves. So what is CueCat to do in order to stay in business? I imagine the costs are already high for the CueCat. To save the situation they should think of some kind of user benefit they can offer to the customer to buy CueCat software, maybe they should offer an UPGRADE and SUPPORT for the CueCat hardware only to the customers that buy their software.
But, what would I know, I only took the first level of economics...
You can't handle the truth.
Chief Wiggum (to Ralph): "What IS your fascination with my forbidden closet of mystery?"
----