"Cloudy Future" For CueCat

Edgester writes "There is an article at Security Focus about Digital Convergence and the CueCat Barcode Scanner. DC thinks that those Cease and Desist letters completely stopped the hacker community from hacking the CueCat scanners." Oh - and we should just point that in the continuing example of Digital Convergence's wonderful security their site was cracked and all user info was captured.

Please leave DC alone.

[Kickasso]

They don't want their intellectual property to be reverse engineered. Of course there's no legal backing of this desire of theirs, but can't you show minimal respect for the mentally challenged (taking into account actual amount of intellect involved)?
--

Don't Believe It. Devel still going strong...

[Billy+Donahue]

Since the C&D letters, the CueCat
Linux Driver has steadily progressed
from 0.0.8 to 0.1.3, and has gotten a
lot better. Pierre Coupard and other
folks have done a lot with the device.
Since the C&D letters, the driver has
added support for multiple CueCats, we've
put together 2 different models of serial
port converters for the CueCat (think Palm)...
and added support for using the CueCat on
a serial port, keyboard port, or mouse port.
The driver is now a loadable module, and even
supports the USB CueCat which isn't even
officially RELEASED yet!! We've also been able
to test the CueCat with all kinds of different
barcodes and figure out many of the CueCat
codes for them.. On a hardware level, we've
figured out how to wipe or even reprogram
the ID code... I don't know about you folks
or about Kevin Poulsen for that matter,
but I see this as a successful project so far..

For the 1 week after the C&D letters, people
were a bit worried and the development went
more private, but that's only 1 week! That's
a reasonable amount of lag time to allow lawyers
to digest the problem. After 1 week without
response from Digital Convergence, we all just
started breathing again and went back to work.

PS... Happy RSA Freedom day..

Oh the shame! Oh the horrors!

[Private+Essayist]

[From the article]

"An Internet company that's given away one million cat-shaped barcode scanners to magazine subscribers and Radio Shack shoppers is claiming victory in a skirmish with hackers over how the feline freebies can be used."

PR 101: Manage expectations. When you have completely lost, declare unconditional victory.

"We had to make a bold statement up front that we didn't authorize you to do this, we encrypted our cat data, and you're not allowed to take over that output," says David Mathews, vice president of new technology at Dallas-based Digital Convergence.

Bold statement (n.) - Impotent claim that is ignored by everyone. See political speech, press release.

"Digital Convergence was aghast. "If people take over our cat and start using their own databases, the world becomes cloudy," says Mathews. "Our revenue model is being the gate keeper between codes and their destinations online."

Oh the horrors! The world will become cloudy if we don't stop using our own databases! Why, we might even get access to our own information and then where would we be? I mean, think it through people! Is a free world the kind of world you want for your children?

"By way of example, Mathews points to one hack, created by network engineer Michael Rothwell, that allows users to scan the ISBN number on the back of a book with the CueCat. "You could swipe a code, and it would serve up a page on Amazon.com. But what if [the publisher] doesn't want it to go to Amazon.com, they want it to go to web site under their control..."

Think of the implications! We might wind up at a web site that is not under their control!

"By the Linux community taking over and redirecting where these swipes go to, they were circumventing our software."

Oh the shame of it all...
________________

Re:Why Stop?

[Col.+Klink+(retired)]

> I'm wondering why people have stopped hacking the ::CueCat::

You believe what DC said? Go to freshmeat and search for cuecat. As far as I can see, the *only* one who doesn't still have their code up is flyingbuttmonkeys. Online decoders like http://www.jounce.net/~maarken/decode.html are still up (never went down, as far as I know).

I wonder if DC really believes the hacking has stopped or if they see this as the only face-saving stance that they could take.

The only other reason I can think that there is any "less" hacking is that the decoding is 100% solved in 7 lines of perl:

#! /usr/bin/perl -n
printf "%s %s %s\n",
map {
tr/a-zA-Z0-9+-/ -_/;
$_ = unpack 'u', chr(32 + length()*3/4) . $_;
s/\0+$//;
$_ ^= "C" x length;
} /\.([^.]+)/g;

Re:Loss-leader hacks

[StoryMan]

Actually, making the things "damn near worthless if hacked" seems to be the point of loss-leader products -- iOpener, CueCat, TIVO, etc.

But the irony of it all is that this "damn near worthless" situation is exactly what drives the so-called "hackers" in the first place. When you have a piece of hardware sterilized by lack of software (or lack of a monthly 'hookup' in the case of the TIVO or iOpener), it's only human nature to examine closely the relationship between the hardware and the software that some business guy says we need to operate it.

Moreover, this loss-leader shit does expose some pretty lousy business models. TIVO is an exception here because they actually take a pretty generous view of their boxes and the hackers that tweak them -- but take a look at the iOpener, for example: why in the world would they seriously expect everyone to just sit back, not touch their boxes, and pay their US$21.95 a month for internet service when (in most cases) the people who take the most interest in their boxes are people who (a) already have an ISP subscription, (b) probably already have a home LAN, and (c) don't like to be told what they can and can't do with hardware once it's in the confines of their own home?

It's a lousy business plan -- and that's why (despite the fact that iOpener continues to try to be generous to the "open-source" community) iOpener substantially raised the price of their hardware. (They have other reasons, of course -- service reasons -- but I think it's pretty obvbious that they raised the prices because their initial business plan was a piece of shit, they realized it, and now they want to, uh, 'reposition' [as the suits love to say] themselves in the market.)

What, do these companies expect a bunch of "laws" to stop hackers? (I say this tongue in cheek -- and while I know they *do* expect laws to stop the hackers, they can't *really* expect the laws to stop hackers.)

What's even more insidious is the fact that -- if you look at this stuff in a more general, big picture sort of way -- these companies -- iOpener, Dig Converg -- are really attempting to 'reposition' themselves into our private spaces. And by that, I mean that they're attempting to control their products even when their products -- and I'm talking hardware here, the physical stuff -- are in the confines of our private bedrooms, living rooms, and kitchens.

What's at stake here isn't some dumb lawyer letter from a dumb, corporate lawyer paid by the dumb corporate shitheads at DC -- or wherever -- what's at stake here is control of our private space and far the corporations (thanks to the government) will be allowed to intrude upon our private space.

I'm not talking 'privacy' here as it is traditally used -- privacy of information like our names, credit card numbers, and medical records -- I'm talking about our private spaces: the walls in which we live, eat, breed, and sleep. This isn't about some dumb reverse engineered algorith that would take a freshman compsci student 45 minutes to crack -- it's about how far are we (consumers, slashdotters, geeks, whatever) going to let business control our physical, private space.

That's what's at stake here. And, IMHO, it's even more insidious than information -- the bits and bytes that make up our identity and our credit history and the files on our computers, etc -- it's the actual, physical space that -- up until recently -- we've considered our homes.

It's clear that the government -- at least in the past few months -- is siding with the corporations: the government (our fat cat elected officials) is saying, look, we know stuff like copyright and intellectual property is important, so, um, we'll keep passing legislation so that you (Big Business) can keep making profits.

But what are the implications of these laws? The implications are simple: the physical space that I consider my private space -- my home, my car -- is being given away, given up, and sold down the river by government to big business. We'll soon not be able to 'touch' hardware inside our homes.

I mean, for chrissake: imagine what would have happened if 40, 50, 60 years ago, Henry Ford declared the engines of automobiles off limits. "If you fuck with my engine, I'm gonna sue your ass so hard and so deep you won't be able to feed yourself and your family, much less ride around town in my automobile. You can ride in my automobile, Pal, and you can *pay me* for my automobile, but god dammit almighty: if you so much as pop the hood and clean those valves, I'll get my lawyers on your ass and make you weep. You can't look at that engine or touch that engine. Why? Because that's my life. That's my livelihood. And, come to think of it, not only can you not touch it, I want US$21.95 a month before I allow you to take the gas cap off to fill it with gas. Hell, I'll be generous: I'll give you one free tank of gas. But once that's gone, it's $21.95 a month for rights to unscrew that gas cap." (Which translates -- in the case of legal MP3s, for example -- into this: you pay me a monthly fee so that you won't get sued.)

It's madness.

DC is focusing on the pennies...

[plover]

when they should be watching the dollars.

I think they're really barking up the wrong tree trying to shut down the hobbyists and the LINUX driver writers. Their true revenue stream lies with the AOLers of the world, and not with the bitheads that read Slashdot.

They should recognize that 5% of the people are going to hack their cats NO MATTER WHAT THEY WANT, and that the other 95% will be firing up AOL so they can quick scan the barcode on the front of the Radio Shack catalog.

Even if a Windoze version comes along (AOL compatible), over 75% of the users will still not circumvent their device. Mr. Matthews should chalk these up to "acceptable losses" and make sure that the content he provides to his "real" subscribers is good enough that the hacker substitutes don't compete in features.

When did "Cease and Desist" become an acceptable substitute for "Common Sense"?

John

The Church of the SubGenius -- because somebody had to put all that slack in there...

Dumb

[roman_mir]

still remember my ECO101 from UofT, talking about utility functions, indifference curves, perfect competition, monopolies, monopsonies etc.
The CueCat case is a problematic one. On one hand you can not deny obvious user benefits from the product, everybody seems to want one, so in a way the company has created a market for the product. On the other hand the company failed to realize that the consumers tend to minimize their costs, just like the eco classes teach them. Nobody wishes to pay more than is required by the law, and the law does not require making any payments to the CueCat, since CueCat did not bother to protect themselves. So what is CueCat to do in order to stay in business? I imagine the costs are already high for the CueCat. To save the situation they should think of some kind of user benefit they can offer to the customer to buy CueCat software, maybe they should offer an UPGRADE and SUPPORT for the CueCat hardware only to the customers that buy their software.
But, what would I know, I only took the first level of economics...