Slashdot Mirror
Ritz Disposable Digital Camera Hacked
morgue-ann writes "The $10.99 Dakota reusable digital camera announced in July was usefully hacked on November 6. First attempts to extract picture data took 10 hours to read out 16MB, but new code for Linux and Mac and Windows lets you get pictures quickly over USB and view or print them without Ritz's help (and with fewer of your $$)."
That would truely be funny, using the DMCA to stop you from transfering pictures that you have taken and hence own the copyright to.
Well, this is exactly the sort of example the masses might understand, when you're trying to explain why the DMCA sucks. They are used to cameras. They are sued to the idea that if you buy a camera, you can_optionally_ develop the film youself. Or, if digital, download the images.
It would be the clearest illustration of intellectual "property" law being used to prop up a fundamentally assinine business model yet, and one where even non-computer users can go "that's bloody stupid".
This business-model deserves to die a painful, CueCat-style death.
sulli
RTFJ.
I really have never sympathized with that line of reasoning. It's not as bad as the "but these new horseless buggys will put God-fearing men out of work" anti-technology advocates, but it's in the same ballpark.
/. these days means to seem it automatically becomes morally clean...), everyone saw this hack coming.
As others have noticed, Ritz put together a business that relies on security through obscurity rather than through, y'know, actual security features. Some of the ideas posted elsewhere on this topic included a cheap, pattented Ritz-controlled cable, limiting the hacking to extreme hardware hackers, or using an open or closed-source encryption method rather than a standard picture file type. Whether or not the hacking is "morally" clean (although it's almost certainly violating the DMCA, which on
Ritz didn't think far enough ahead to prevent something that that was (apparently) relatively simple.
And to stem off responses, this is not an argument about how hacking is good because it shows your "vulnurabilities." The majority of Slashdot has _seemed_ to agree that this argument is bullshit, as it would be if you said you broke down someone's door to prove its weakness. But Ritz didn't even put up a door in the first place. They seemingly made no effort to prevent such hacking and, as I've repeatedly said, seeing how it was so predictable that, as I said at the start of my post, I don't have a huge amount of sympathy for them.
-Trillian
Those film disposables are actually reuseable.. The film is in a normal 35mm cartridge.. The trick is the winding mechanism rolls the film into the camera when a shot is taken (most cameras do it the other way around). so reloading the camera is practically imposible and not worth it (you'd have to do it complete darkness)
I'm surprised they didn't do something similar to the digital cameras. Don't make it imposible, just not worth the effort. I gues they didn't try hard enough.
Example, rather than use, say, USB cabling, use some proprietory GPIO system that only Ritz controls
Too much effort and cost. This problem can be handled in software; much cheaper.
How? I haven't seen these cameras, so I don't know for sure, but for $11 I really doubt they have an LCD display, which means that the camera has no need to be able to read the images it has taken.
Since that's the case, Ritz could just add a little bit of code to their camera and encrypt each image as it's written to flash. Simplest case, just give each camera a DES key, stored in ROM or NVRAM, and have it encrypt each while writing. DES is fast enough that it can be implemented in software on itty bitty microprocessors with no problem. AES is even faster, but DES is simpler (and there are a zillion PD implementations in whatever language you like). Users can feel free to find ways to download the images, but they'll get nothing useful.
Of course, if you could hack your camera to dig out the encryption key, you could get your pictures out without paying for "developing", but that's way too much effort.
If that's not secure enough, Ritz should just have the camera generate a random 3DES key for each image, encrypt with it, encrypt the 3DES key with a Ritz RSA public key and store the key with the photo. To break that one, someone would have to either break RSA or find a way to monitor the internals of the camera and extract the 3DES key while it's still in cleartext. Doable, but you'd pretty much have to have your camera hooked up to a bunch of equipment while taking the photos. So you could get "free" pictures of your basement... Might actually be easier just to hook inside and read the image out before it gets encrypted.
All of the code for either solution (on-camera code, manufacturing code for injecting keys, download and decrypt code for the printing) can easily be written, tested and debugged in two weeks by a competent programmer familiar with such things.
Shoot, I should apply to be a corporate consultant!
Me too!
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Is this whole thing a DMCA violation? I doubt it, but that doesn't mean Ritz won't try to use the DMCA to stop it.
Do the Faux News Channel t-shirts sold on www.agitproperties.com violate Fox News Channel's copyrights? Probably not, but that didn't stop Fox from leaning on the site to stop selling them. In that case, the site owners called Fox's bluff by ignoring the C&D, and Fox didn't pursue the matter, probably because they were getting ridiculed on other news channels. However, they made threatening noises, even though they didn't have a legal leg to stand on. In many cases, this strategy works, so, justified or not, don't be surprised if Ritz uses it.
Since being publicly ridiculed seems to be the only thing that scares corporations from bullying anyone who gets in their way, perhaps we need a site that does nothing but chronicle these abuses. Do it in a humorous way that uttlerly humiliates these goons, and maybe they'll give these matters a little more consideration before they go shooting from the hip. Or does such a site already exist?
The more often I hear this argument, the shallower it sounds.
All business is based on some assumption of law. For example, you can't just beat up your competitors. Is it moral that the law protects the weak from the strong? I think so, but there is a case to be made for the opposite.
In this case, we're the strong, and it's the artists, writers, programmers who are the weak. The DMCA is an effort to protect them. Is it therefore a shaky, ambiguous, and morally reprehensible law? Or just inconvenient to us?
Maybe I shouldn't reply to this, but it sounds like a sincere statement, so...
... the same DVD. Which I can't use. However, fortunately for me, other people have found themselves in the same boat. And they have the smarts to be able to figure out how to make this work. Unfortunately, the DMCA makes it illegal for them to tell me this information.
Here's some food for thought (and I admit that this may be a philosophically weak argument, but I've yet to find anybody to help debate this and make it better), and in particular, this is a basis for some sort of morality (yes, an attempt at a universal right and wrong, good and evil, etc).
When a person is born into this world, that person has a fixed amount of time until death. That person is then able to trade their time (eventually) for stuff which is either desired or needed, such as food, shelter, entertainment, etc. In our society, we tend to use money to represent the value of said time (quite literally, time is money). Yes, there is much more to this, and I need to write it all down someday, but this summary will do for this discussion.
Now, where does this idea tie in with the discussion? Well, anything which takes time from me without giving me back something that I value equally could be considered to be wrong or evil. For instance, if somebody steals $20 from me, then I have lost the time it took me to earn that $20, and it cannot be recovered. Hence, stealing is wrong in this system.
Now, put it in terms of the DMCA and the limitations which are placed on those subject to its rule. I buy a DVD with the expectation that I will be able to enjoy the contents on that DVD. I have equipment which is sufficient to allow me to do so (to wit: A computer equipped with a DVD-ROM drive), and so this would seem to be a reasonable expectation. I bring it home, pop it in, and find out that, for no better reason than I choose to use Linux (instead of Windows), I am unable to play the contents of this media.
Now, nobody will give me a refund on this opened DVD. The best I can do is exchange it for
Under the DMCA, it is very possible for me to find myself out the money for a DVD which I might actually enjoy. Somebody has stolen some time from me, and I have no recourse. Now, before you tell me to use Windows, keep in mind that I must buy Windows, somehow, some way. Which means that I am out even more time. Or a stand-alone DVD player, which has the same issue.
The DMCA steals from me the ability to help others make use of the items which they have rightfully purchased with their time.
Now, for the counter-argument: The DMCA is meant to stop mass copyright infringement as has been enabled by the internet. I'll simply point out that mass infringers are already convictable under other laws. The DMCA gives no other benefits to help prevent actual infringment. None. It only allows producers of content to steal from me (and yes, they are stealing my time, by virtue of requiring potentially pricy extras that I may not already have to enjoy what they produce).
Gah, it's getting late here, and my brain is shutting down as I type this (I think the first part is more coherent than the second part). Thoughts from you?
GPL made simple: What was my stuff is now our stuff. If you improve our stuff, please keep it our stuff.
I'll buy that argument for the first time you buy a DVD - if you weren't aware of the DMCA, etc.
But now that you are aware of the DMCA, if you buy a DVD expecting to play it on a Linux system, then you're an idiot, pure and simple. From the point the law was passed, that was THE LAW and being ignorant of it is not a valid excuse.
No - they are not stealing your time. If you buy a DVD, then you are a willing participant in the so-called "theft" of your time and it is not really theft anymore.
If you happen to live a country not being crushed under the heels of the DMCA, good for you. If not, quit bitching and get the right equipment, or change the law.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
here is the main issue w/ your argument, as i see it. The content producers can't steal anything from you since it is you who are initiating the transaction. Now you CAN argue that the publisher of the DVD is engaging in false advertising or providing a broken product because it says it's a DVD and your drive says it's a DVD drive yet the disk won't play. But then again maybe it's a fault of the DVD drive manufacturer. You can get the two manufacturers to fight it out because one of the two isn't working to spec. However, what i think you'll find out is that the DVD drive maker probably included a windows DVD playing program for windows with the drive and you just happen to be using the drive in an unsupported way. So really, your beef is with the DVD drive maker for not supporting Linux, or perhaps with Linux itself for not running "Windows " programs. As you can see, this gets pretty strange, but philosophically, i don't really see a problem here.
I'm fascinated by your argument...and I'll be spending several days thinking about it. The economist in me is amused.
... the same DVD.
For the most part, humans do think this way, but there is one area we don't: children. The loss of a child's life is amazingly tragic, whereas the loss of an adult's life is less so. This doesn't make much sense, in that the adult had more time on them, and more learning...consider a 30 year old has 30 years of investment for life, whereas a newborn does not, and a newborn is easily replicated using the old fashioned way, with a fairly small time investment.
Now, nobody will give me a refund on this opened DVD. The best I can do is exchange it for
Fortunately there's ebay. An invention which has made it possible for people to redeem time for other forms of time much more effeciently than ever before.
I have to suspect that the engineers who made the camera are laughing themselves silly. Flash ram is the only really costly item in the box, and theres very little of that. the plastic lens and CMOS sensor is probably not more than $2 at the worst for a run of several hundred thousand cameras.
You also have to consider the cost in time. Someone who could rig a custom interface, and do the code needed would likely be able to charge $75+ for the time they burned on a silly project like this if they had rather used it to do something usefull.
But then photography has always been funny on the cost issue. You can buy 35mm film by 100 foot lengths, make your own customs roll, and do you own film development if you are a real hardcore film nut.
The majority though will buy 24 exposure rolls for $3-4 then pay another $10 or so to get em processed. And shoot the film in cameras that they paid $70-$200 for, and probably not shoot more than a dozen rolls a year max.
Digital photos though, even with a modest $30 closeout sale priced intel 640x480 jpeg producing cam, you can run off hundreds of exposures in a week. These give you somewhere between the old
110 film and low end 35mm film quality. Even printouts at standard 3x5 size look good.
You go up a bit to the new autofocus with flash and 2-3 megapixel quality, buy a cheap 128 meg flashram stick, and how you have something thats worth paying to have printed with a photo grade printer.
You have true freedom then. You can alter, crop, zoom, whatever you want before getting printouts. And if 99 out of 100 shots you made were worthless, you aren't out much more than some rechargeable battery power. Needless to say, for the people out there who simple totally suck at photography, this is a great thing. It now opens up a whole new world, and for the photo shop out there with the right equipment, it could mean business for them. Plug in your memory stick, and get multiple copies instantly of whatever.
Customer satisfaction would then be at the highest. Course, those investing in silver are gonna get killed unless they sell short as Kodak and other film makers are the highest consumption of silver of all users. So I suppose the future
isn't totally wonderfull for all.
They'll still have the high speed film users for a while though. 1600-6400 speed film will likely not be replaced by anything as cheap for quite some time.
I know I'll probably be kicked off /. for saying this, but I don't see how you can say hacking this is not immoral, unethical, harmful or wrong. They are selling this camera at below wholesale cost so they can make their money on the back end, in the prints. As I understand it from when I first read about these cameras (this may have changed), they even give you a CD-r with your pictures on it when you get the camera "developed", so you can even print more copies without going through them. I think their approach is the most consumer-friendly yet- certainly more consumer friendly then a PhotoCD, where you pay an outrageous price for low-res files.
By hacking this camera, you're not only hurting Ritz by negating their ROI, but also hurting other digital camera manufacturers by making a $10.99 digital camera do what a $199 one will.
Now obviously everyone isn't going to hack the camera's, and hopefully enough non-geeks will buy and use them as intended to make it a viable product. But consider this- would it also be moral, ethical, harmless and right if someone bought 100 if these, hacked them, and sold them for say $50 each on the street or on eBay?
This is exactly the type of thing that the ludite politicians will use to keep the DMCA in place, and to introduce "Super DMCA" legislation in the future. Would you consider that harmless as well?
666-607: 6th floor apartment of the beast
Excuse me, but THEY decided to use this hardware that could be hacked easily. Don't feel sorry for someone just because they made a bad business plan. Do you think people felt sorry for MS when Bob flopped? Do you think people felt sorry Apple when the Apple /// flopped?
I have 3 cameras (35mm SLR, 6MP Digital SLR, 3.3MP Digital P&S). This 1.3MP digital P&S camera with a fixed focal lengh/fixed focus lens competes with none of mine for image quality.
My friend (also a photo enthusiast and major geek) and I went to Ritz and bought one of these Dakota digitals (I had to drop off a roll of film). About an hour later, he had the software and made a connector out of a ruler, some tape, and a spare USB cable. He was pleasantly surprised with the quality of the images after downloading them into his computer. 1280x960 JPEGs aren't bad, and you can get 25 of them on the built-in 16MB flash memory.
When we went back to Ritz later (among other reasons, to pick up the prints), my friend wanted to buy a good 10 or 20 of these cameras. The guy behind the counter didn't flinch. He was very helpful. "There's more of them over in that corner." He also told us that they have a new model coming in a month with an LCD screen to preview the image for $18. My friend decided to wait for the ones with the LCD screen.
I like the Ritz camera store. They do a good job with prints, and some of the sales staff are very helpful and knowledgeable. Mind you, this was one of their bigger stores (a Cameras West) in the area. Some of the smaller stores have complete airheads behind the counters.
Anyway, just like the XBox hacking, the cheap DC hacking is not likely to hurt the revenue for these devices. My friend hacked his XBox, too... It has all of the NES games and Quake on the HD.
One interesting tidbit: Ritz charges about $11 for the developing and printing of a roll of 35mm film with 24/25 exposures. If you consider that by not returning the camera, they don't have to process your photos, it seems like a winning proposition. The camera certainly felt like its COGS (cost of goods sold) was $2-$5, so they should still be able to make money on it.
Great pictures are made by the vision of the photographer, and the processing skills of the developer, not the camera.