Arch Your Eyebrow at Impression Products V. Lexmark International

When it comes to recycled printer consumables, the world seems to divide sharply into those who think they’re great, and those who have had their printer or their work ruined by a badly filled cartridge containing cheaper photocopy toner, or God knows what black stuff masquerading as inkjet ink. It doesn’t matter though whether you’re a fan or a hater, a used printer cartridge is just a plastic shell with its printer-specific ancilliaries that you can do with what you want. It has performed its task the manufacturer sold it to you for and passed its point of usefulness, if you want to fill it up with aftermarket ink, well, it’s yours, so go ahead.

There is a case approaching the US Supreme Court though which promises to change all that, as well as to have ramifications well beyond the narrow world of printer cartridges. Impression Products, Inc. v. Lexmark International, Inc. pits the printer manufacturer against a small cartridge recycling company that refused to follow the rest of its industry and reach a settlement.

At issue is a clause in the shrink-wrap legal agreement small print that comes with a new Lexmark cartridge that ties a discounted price to an agreement to never offer the cartridge for resale or reuse. They have been using it for decades, and the licence is deemed to have been agreed to simply by opening the cartridge packaging. By pursuing the matter, Lexmark are trying to set a legal precedent allowing such licencing terms to accompany a physical products even when they pass out of the hands of the original purchaser who accepted the licence.

There is a whole slew of concerns to be addressed about shrink-wrap licence agreements, after all, how many Lexmark owners even realise that they’re agreeing to some legal small print when they open the box? But the concern for us lies in the consequences this case could have for the rest of the hardware world. If a precedent is set such that a piece of printer consumable hardware can have conditions still attached to it when it has passed through more than one owner, then the same could be applied to any piece of hardware. The prospect of everything you own routinely having restrictions on the right to repair or modify it raises its ugly head, further redefining “ownership” as  “They really own it”. Most of the projects we feature here at Hackaday for example would probably be prohibited were their creators to be subject to these restrictions.

We’ve covered a similar story recently, the latest twist in a long running saga over John Deere tractors. In that case though there is a written contract that the farmer buying the machine has to sign. What makes the Lexmark case so much more serious is that the contract is being applied without the purchaser being aware of its existence.

We can’t hold out much hope that the Supreme Court understand the ramifications of the case for our community, but there are other arguments within industry that might sway them against it. Let’s hope Impression Products v. Lexmark doesn’t become a case steeped in infamy.

Thanks to [Greg Kennedy] for the tip.

Lexmark sign by CCC2012 [CC0].

The Icon Of American Farming That You Now Have To Hack To Own

If you wanted to invoke American farming with colour, which colours would you pick? The chances are they would be the familiar green and yellow of a John Deere tractor. It’s a name that has been synonymous with US agriculture since the 1830s, when the blacksmith whose name appears on the tractors produced his first steel plough blade. The words “American icon” are thrown around for many things, but in the case of John Deere there are few modern brands with as much history to back up their claim to it.

A trip across the prairies then is to drive past Deere products in use from most of the last century. They will still supply parts for machines they made before WW2, and farmers will remain loyal to the brand throughout their lives.

Well… That used to be the case.  In recent years a new Deere has had all its parts locked down by DRM, such that all maintenance tasks on the tractors must be performed by Deere mechanics with the appropriate software. If your tractor breaks in the field you can fit a new part as you always have done, but if it’s a Deere it then won’t run until a Deere mechanic has had a look at it. As a result, Motherboard reports that American farmers are resorting to Ukrainian-sourced firmware updaters to hack their machines and allow them to continue working.  An icon of American farming finds itself tarnished in its heartland.

We’ve reported on the Deere DRM issue before, it seems that the newest development is a licence agreement from last October that prohibits all unauthorised repair work on the machines as well as insulating the manufacturer from legal action due to “crop loss, lost profits, loss of goodwill, loss of use of equipment … arising from the performance or non-performance of any aspect of the software”. This has sent the farmers running to illicit corners of the internet to spend their dollars on their own Deere electronic updating kits rather than on call-out fees for a Deere mechanic. Farmers have had centuries of being resourceful, this is simply the twenty-first century version of the hacks they might have performed decades ago with baler twine and old fertiliser sacks.

You might ask what the hack is here, as in reality they’re just buying a product online, and using it. But this is merely the latest act in a battle in one industry that could have ramifications for us all. Farmers are used to the model in which when they buy a machine they own it, and the Deere DRM is reshaping that relationship to one in which their ownership is on the manufacturer’s terms. How this plays out over the coming years, and how it affects Deere’s bottom line as farmers seek tractors they can still repair, will affect how other manufacturers of products non-farmers use consider DRM for their own business models.

Outside the window where this is being written is a Deere from the 1980s. It’s a reliable and very well-screwed-together tractor, though given the subject of this piece it may be our last green and yellow machine. Its dented badge makes a good metaphor for the way at least for us the brand has been devalued.

Thanks [Jack Laidlaw] for the tip.

Philips Says: No Internet of Things for You!

The 900-pound gorilla in the corner of the Internet of Things (IoT) hype that everyone is trying to ignore is interoperability. In the Internet of Internets (IoI) everything works on a few standards that are widely accepted: IP and HTML. The discrepancies are in the details and the standards wars are in the past. Websites are largely interoperable. Not so in the wild-west ethos of the IoT.

Philips makes a line of ZigBee-enabled RGB lightbulbs that took the enthusiast community by storm. And initially, Philips was very friendly to other devices — it makes a ZigBee-to-WiFi bridge that would let you control all of your ZigBee-based lights, regardless of their manufacturer, from your phone. Until now.

Philips has just rolled out a “Friends of Hue” certification process, and has since pushed out a firmware update where their Hue bridges stop interoperating with non-certified devices. You can read Philips’ version of the story here.

Philips Locks Out 3rd Party ZigBee Hardware

The hub shown on the right is what's being locked down.
The hub shown on the right is what’s being locked down.

The short version is that, ZigBee standards be damned, your future non-Philips lights won’t be allowed to associate with the Philips bridge. Your GE and Osram bulbs aren’t Friends of Hue. DIY RGB strips in your lighting mix? Not Friends of Hue. In fact, you won’t be surprised to know who the “Friends of Hue” are: other Philips products, and Apple. That’s it. If you were used to running a mixed lighting system, those days are over. If you’re not on the friends list, you are an Enemy of Hue.

Their claim is that third party products may display buggy behavior on a Philips network, and that this loads up their customer-response hotlines and makes people think that Philips is responsible. Of course, they could simply tell people to disable the “other” devices and see how it works, putting the blame where it belongs. Or they could open up a “developer mode” that made it clear that the user was doing something “innovative”. But neither of these strategies prevent consumers from buying other firms’ bulbs, which cost only 30-50% of Philips’ Hue line.

While Philips is very careful to not couch it as such, the Friends of Hue program really looks like an attempt to shut out their competitors; Philips got an early lead in the RGB LED game and has a large share of the market. As they say themselves in their own press release “Today these 3rd party bulbs represent a minimal fraction of the total product connected to our bridges so the percentage of our users affected is minimal.” And they’d like to keep it that way, even though the people they’re hurting are probably their most vocal and dedicated customers.

Who owns the IoT?

This Techdirt response to the situation is positively apoplectic, and there’s been the predictable flood of tirades in the comments on Slashdot. [Joel Ward], who in January was celebrating the ability to afford enough colored lights to appease his son is not so happy anymore.

And while we, with our manual light switches, laugh comfortably at the first-world problems of Hue consumers, we have to ask ourselves whether we’re next. Today they come for our RGB lightbulbs, but tomorrow it might be our networked toasters. A chilling thought!

Snark aside, the IoT brings two of the saddest realities of the software world into your home appliances: Where there’s code, there’s vulnerabilities, and when you can’t control the code yourself you aren’t really in control. You may own the lightbulb, but you’re merely licensing the firmware that runs it. The manufacturer can change the rules of the game, or go out of the product line entirely, and you’re high and dry. What can you do? Pull out your JTAG debugger.

Of course it’s insane to suggest that everyone needs to become an embedded-device firmware hacker just to keep their fridge running. As we’ve written before, we need to come up with some solution that puts a little more control in the hands of the ostensible owners of the devices, while at the same time keeping the baddies out. We suggest a press-to-revert-firmware button, for instance. When Philips pushes a non-consumer-friendly upgrade, you could vote with your fingertips — but then you’d miss out on bug fixes as well. Maybe it’s better to just give in an learn to love Windows 10.

There are no easy solutions and no perfect software. The industry is still young and we’ll see a lot of companies staking out their turf as with any new technology. It seems to us that IoT devices leave consumers with even less choice and control than in the past, because they are driven by firmware that’s supposed to be invisible. It’s just a lightbulb, right?

What do you think? Any ideas about how to put the power back in the hands of the “owner” of the device without everyone’s refrigerators becoming botnet zombies? Let us know in the comments.

Thanks [djxfade] for the tip!

Edit: Shortly after we ran this piece, Philips backed down:

“We underestimated the impact this would have upon the small number of our customers who currently use uncertified lights from other brands in the Philips Hue system. We have decided to continue to enable our customers who wish to integrate these uncertified products within their Philips Hue system.”

Cory Doctorow Rails Against the Effect of DRM and the DMCA

If you weren’t at [Cory Doctorow’s] DEF CON talk on Friday you missed out. Fighting Back in the War on General Purpose Computing was inspiring, informed, and incomparable. At the very lowest level his point was that it isn’t the devices gathering data about us that is the big problem, it’s the legislation that makes it illegal for us to make them secure. The good news is that all of the DEF CON talks are recorded and published freely. While you wait for that to happen, read on for a recap and to learn how you can help the EFF fix this mess.

Continue reading “Cory Doctorow Rails Against the Effect of DRM and the DMCA”

Hackaday Links: May 10, 2015

Here’s a cool crowdfunding campaign that somehow escaped the Hackaday Tip Line. It’s a remote control SpaceShipOne and White Knight. SpaceShipOne is a ducted fan that has the high-drag feathering mechanism, while White Knight is a glider. Very cool, and something we haven’t really seen in the scratchbuilding world.

[Sink] has a Makerbot Digitizer – the Makerbot 3D scanner – and a lot of time on his hands. He printed something, scanned it, printed that scan… you get the picture. It’s a project called Transcription Error.

Keurig has admitted they were wrong to force DRM on consumers for their pod coffee cups.

The Apple ][, The Commodore 64, and the Spectrum. The three kings. Apple will never license their name for retro computer hardware, and there will never be another computer sold under the Commodore label. The Spectrum, though… The Sinclair ZX Spectrum Vega is a direct-to-TV console in the vein of [Jeri Ellisworth]’s C64 joystick doohickey.

Infinity mirrors are simple enough to make; they’re just one mirror, some LEDs, and another piece of glass. How about a 3D infinity mirror? They look really, really cool.

Here’s the six-day notice for some cool events: Hamvention in Dayton, OH. [Greg Charvat] will be there, and [Robert] is offering cold drinks to anyone who mentions Hackaday. If anyone feels like scavenging for me, here’s a thread I created on the Vintage Computer Forum.  Bay Area Maker Faire is next weekend. Most of the rest of the Hackaday crew will be there because we have a meetup on Saturday night

Beating DRM to Extend the Life of an Anti-Aging Therapy Light Mask

It’s becoming more common to see DRM cropping up in an increasing number of hardware products nowadays. Quite often, its used to prevent the use of unauthorized consumables and some may argue that it helps prevent counterfeiting and help shore up revenues. But it’s a totally different matter when DRM is used to severely limit the operational life of a product. When [travis] wrote in about the run time limitation on an “Illumimask” light therapy device, we first had to look up what that device was. Apparently, these are anti-acne or anti-aging light therapy masks that use red and blue LEDs to kill skin bacteria, stimulate skin cells and reduce blemishes. While these claims most likely may not hold water, the device itself is cheap enough not to hurt you at $30 a pop.

The trouble is, it is limited to 30 daily uses of 15 minutes each, totaling just 7 1/2 hours, effectively lasting you a month. At the end of which, you just discard the device and get a new one. That seems like a ridiculous waste of a perfectly fine, functional device whose LED’s can last at least 30,000 to 40,000 hours. [travis]’s wife [Bebefuzz] was obviously pissed at this situation. So she did a simple hack to bypass the microcontroller that imposed the goofy restrictions. In [travis]’s own words “Not a crazy-technical hack…. but a very functional one to bypass a manufacturer’s ‘WTF'”. It involved soldering a slide switch across the circuit terminals that the micro-controller uses to monitor the LED current (likely). Unfortunately, this also breaks the 15 minute timer measurement, so she now has to manually switch off the device at the end of the 15 minute therapy cycle.

To check out more DRM hacks, check out these we covered earlier, from Coffee Makers to 3D printer filaments to Cat Litter boxes and even furniture.

Cracking Litter Box DRM

DRM on a specific brand of cat litter box has been cracked. In other news, DRM on cat litter boxes exists.

[Jorge] moved into a new apartment with a feline companion and wanted one of those fancy, auto-cleaning litter boxes. Apparently only one such device exists, the CatGenie. This ‘Rolls Royce of cat litter boxes’ uses little pieces of plastic granules as ‘functional medium’ that are scooped up, cleaned, and returned to use. These granules are washed with a cartridge full of fresh-smelling cleaning solution that comes in a container with an RFID tag. Yep, DRM’ed cat boxes. Welcome to the future.

After cruising around the Internet, [Jorge] found a CatGenie community that has released open source firmware for a litter box and something called a CartridgeGenius, a drop-in replacement for the cartridge tag reader in the litter box. It simulates both the RFID tag and its reader, allowing any robotic litter box owner to select between 120 cycle cartridges, 60 cycle cartridges, a maintenance cartridge, and set the fill level of those cartridges.

Previously, [Jorge] was spending about $350 a year on the solution to clean these plastic granules, so in a few months this CartridgeGenius has already paid for itself.