Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Thursday August 07 2014, @07:57AM   Printer-friendly
from the mask-your-dumb-practices-with-immoral-practices dept.

From Hack a Day:

Last week we published a post about how it was discovered through trial and error that Tektronix application modules are designed with laughable security. We'll get to that part of it in a minute. We received a DMCA Takedown Notice from Tektronix (which you can read after the break) demanding that we remove the post. We have altered the original post, but we believe our coverage of this story is valid and we don't agree that the post should be completely removed.

First off, Tektronix sells the modules to unlock the features already present on the Oscilloscope in questions. We're operating on the moral assumption that using these features without paying their asking price is wrong. If you want the features they've developed you should pay for them.

The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you're ever designing a hardware key, don't do it like this!

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Marand on Thursday August 07 2014, @09:32AM

    by Marand (1081) on Thursday August 07 2014, @09:32AM (#78359) Journal

    The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you're ever designing a hardware key, don't do it like this!

    No, the real story here is that they think "security through legal muscle" is a valid approach to security. Now that it's out (Streisand effect, ever heard of it guys?), they basicaly painted a giant "easy target, hack me please" sign on everything with their logo on it. It's like they just invented negative security.

    • (Score: 3, Insightful) by Anonymous Coward on Thursday August 07 2014, @01:36PM

      by Anonymous Coward on Thursday August 07 2014, @01:36PM (#78394)

      security through legal muscle

      web archive still has it up [archive.org]. let the lawyer critters deal with them

    • (Score: 2) by DeathMonkey on Thursday August 07 2014, @06:14PM

      by DeathMonkey (1380) on Thursday August 07 2014, @06:14PM (#78547) Journal

      Hate to break it to everone but the summary makes this sound like a pretty clear-cut violation of the DMCA. Sounds like they are bypassing access controls with is pretty explicitly outlawed.
       
      Analogy time: the cheap lock I put on my front door can be picked easily with a piece of wire. Doesn't make it legal....
       
      The focus of anger here should be on the horrible law that is the DMCA.

      • (Score: 0) by Anonymous Coward on Thursday August 07 2014, @08:58PM

        by Anonymous Coward on Thursday August 07 2014, @08:58PM (#78599)

        Trademarks, copyright, and patents are all specified in law.
        DRM is NOT; it is an extralegal mechanism.
        If you think anyone will honor your DRM, you are delusional.
        ...and if you can't even do DRM that a 5 year old can't circumvent, it will be defeated immediately.

        Oh, and look up "Streisand Effect".

        -- gewg_ (on behalf of the buying public)

      • (Score: 1) by SparkyGSX on Thursday August 07 2014, @09:11PM

        by SparkyGSX (4041) on Thursday August 07 2014, @09:11PM (#78605)

        The whole point is that the DMCA is about circumventing copyright, as in, something is being duplicated without a license to do so. The firmware is already there, NOTHING is being copied except the SKU, which you can hardly claim copyright to. If you would actually try to copyright the SKU, you'd have to sue everyone who ever photocopied an invoice!

        Tektronix sold an oscilloscope which contained the firmware for features the user didn't pay for, tried to hide the switch for activating this firmware capabilities, and is now pissed someone figured out how to turn it on.

        If HaD was actually sharing a cracked firmware version with the features enabled, Tektronix would have a strong case, because HaD doesn't have the right to distribute the firmware in either the original or modified state.

        How would you feel if someone had written completely new firmware with these features from scratch? They might be pissed, but they still wouldn't have a case.

        --
        If you do what you did, you'll get what you got
      • (Score: 2) by Marand on Thursday August 07 2014, @11:14PM

        by Marand (1081) on Thursday August 07 2014, @11:14PM (#78637) Journal

        Hate to break it to everone but the summary makes this sound like a pretty clear-cut violation of the DMCA. Sounds like they are bypassing access controls with is pretty explicitly outlawed.

        Whether it is or not (I was making no judgments there) doesn't matter in regard to the statement I made. They used half-assed security, it got out, and they tried to bury it with legal threats to a site that caters to technically-minded folk. As a bonus, a hack-a-day article that would have largely gone unnoticed elsewhere is now showing up on sites like this, also catering to the technically-minded. That's a great way to paint a bullseye on yourself, regardless of whether it was a legitimate use of the DMCA or not.

        They could have approached it in a number of other ways that wouldn't have 1) made them an interesting target 2) increased the exposure. 3) been completely ineffective because it's still on archive.org as an AC above mentioned.

        The focus of anger here should be on the horrible law that is the DMCA.

        I completely agree that it's horrible, but it's been horrible for a while now and seems to be generally disliked by everyone but the businesses that paid for it in the first place, and it hasn't been fixed yet. Of course, that's why it's still there -- the people with the money still like it, so it won't be fixed, regardless of how many other people hate it.

      • (Score: 1) by Nollij on Friday August 08 2014, @12:36AM

        by Nollij (4559) on Friday August 08 2014, @12:36AM (#78665)

        Picking someone else's lock probably isn't legal (Unauthorized entry, etc), but documenting the weakness probably is.
        Google for "Kryptonite lock bic pen" for more info.

        Similarly, providing tools like DeCSS was ruled illegal, but sites that analyzed the weaknesses were AFAIK not affected.
        A quick search revealed this paper [cmu.edu] from 1999.

        This does, however, seem very reminiscent of this case [wikipedia.org].

  • (Score: 4, Informative) by Urlax on Thursday August 07 2014, @09:40AM

    by Urlax (3027) on Thursday August 07 2014, @09:40AM (#78361)

    So it seems like tektronix has a scope which captures signals.
    these signals can be decoded using specific libraries, which are present on each scope.

    they have to be unlocked with a hardware dongle, which can easily be cloned. (less than 5$ of parts)
    the codes for each library are text, which is present on the tektronix website. they claim copyright on them, but i don't know if that is valid.

    so eventually this story is about tektronix blocking knowledge. knowledge about obtaining 500$ licenses for unlocking software that is already included in the product when you buy it.

    their reasoning is (it seems) that the license content is copyrighted, which seems ridiculous. copyright is for works of art, not to prevent users from sharing small pieces of ascii text.

    so this is not about pirating software (it's part of the firmware) nor is it about hacking/modifying software. it's about a keygen, in which case the key is a direct quote from their product page.

  • (Score: 2) by BradTheGeek on Thursday August 07 2014, @10:12AM

    by BradTheGeek (450) on Thursday August 07 2014, @10:12AM (#78365)

    I know it was copy pasta, but can we change the person submissions are in? The way this was written, it appeared as if soylent had suffered a takedown notice at first. The addition of "(hackaday)" after pronouns would have made a world of difference!

    • (Score: 3, Informative) by janrinok on Thursday August 07 2014, @02:30PM

      by janrinok (52) Subscriber Badge on Thursday August 07 2014, @02:30PM (#78418) Journal

      Damned if we do, and damned if we don't again.

      We do not edit the quoted text - which is indicated by the blockquote indentation - because we could be accused of a. putting words into someone else's mouth by claiming that they said something that they didn't, and b. we could, by editing, inadvertently change the meaning from that intended.

      To explain why, we initially tried using quotation marks '"' for highlighting the parts of text that were quoted, but discovered that because many articles already contain quoted text we ended up with a quotation mark soup which rapidly became unreadable. Yes we tried various combinations of ' and " but there was no easy solution. We adopted the blockquote very early on in SN's evolution and we have stuck with it ever since. But we try to prefix the quoted part with something like "From Hack A Day:" to make it clear that we are quoting. So the person in which it is written stays.

      To highlight the problems with editing there are phrases in US-en and UK-en which mean the exact opposite of each other - for example, in US-en, we sometimes see 'I could care less' whereas in UK-en it is always 'I couldn't care less' - both purporting to express the same level of disinterest. The former, to many english speakers outside of the US, means that 'I do care to some degree now - and therefore I could care less than I currently do if I chose to', whereas the UK-en version means that 'I do not care at all at present, and thus it would be impossible for me to care any less that I currently do'. So the editorial guidelines are quite specific - as this is not a US-centric but an English speaking site - quotations from the article are written exactly as printed because, in a legal challenge, we could be accused of changing the meaning by what appeared initially to be a simple editing task.

      The editors expect to be criticised - and the community do not disappoint and do a marvellous job of keeping us on our toes - but I hope this explanation helps you understand why we write TFAs the way that we do. There are extensive guidelines to follow, and, where possible, every summary is checked by 2 editors in an attempt to make sure that the guidelines are adhered to.

      • (Score: 0) by Anonymous Coward on Thursday August 07 2014, @02:37PM

        by Anonymous Coward on Thursday August 07 2014, @02:37PM (#78423)

        Maybe a different style for the blockquote would help make it more obvious. Maybe a grey background, or a border-left, or something like that. (See pipedot.org for ideas.)

      • (Score: 2) by Alfred on Thursday August 07 2014, @02:54PM

        by Alfred (4006) on Thursday August 07 2014, @02:54PM (#78433) Journal

        >>'I could care less'
        >>'I couldn't care less'

        Do you mean "I could care less" and "I couldn't care less" or is that some tasty soup?
        ;-)

        People shouldn't complain so much, the summary was fine.

        • (Score: 2) by tangomargarine on Thursday August 07 2014, @03:09PM

          by tangomargarine (667) on Thursday August 07 2014, @03:09PM (#78448)

          What?

          --
          "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
          • (Score: 2) by TK on Thursday August 07 2014, @03:25PM

            by TK (2760) on Thursday August 07 2014, @03:25PM (#78460)

            Alfred has turned his pedantism up to 11, and is attempting to call attention to the difference between single and double quotation marks, and that janrinok used double quotes with his first example of quotation, and single quotes for all subsequent examples.

            --
            The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum
            • (Score: 2) by janrinok on Thursday August 07 2014, @03:37PM

              by janrinok (52) Subscriber Badge on Thursday August 07 2014, @03:37PM (#78465) Journal

              Good spot! I hadn't noticed despite proof reading numerous times!

            • (Score: 2) by tangomargarine on Thursday August 07 2014, @04:34PM

              by tangomargarine (667) on Thursday August 07 2014, @04:34PM (#78491)

              Oh, haha! I didn't even notice that either. Still not sure what the soup reference is about, though.

              --
              "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
              • (Score: 2) by Alfred on Thursday August 07 2014, @04:45PM

                by Alfred (4006) on Thursday August 07 2014, @04:45PM (#78497) Journal

                All good fun here.

                To explain why, we initially tried using quotation marks '"' for highlighting the parts of text that were quoted, but discovered that because many articles already contain quoted text we ended up with a quotation mark soup which rapidly became unreadable.

                Just remember readability does not preclude tastiness :-)

                • (Score: 0) by Anonymous Coward on Thursday August 07 2014, @06:27PM

                  by Anonymous Coward on Thursday August 07 2014, @06:27PM (#78548)

                  LOL (caps filter be damned)

      • (Score: 2) by BradTheGeek on Thursday August 07 2014, @02:59PM

        by BradTheGeek (450) on Thursday August 07 2014, @02:59PM (#78439)

        This is not a damned if situation. As stated in another reply, a different color background or style could be used for the quote to set it apart. In addition it is common and accepted practice to insert clarifying words into a quote using brackets.
        We do not edit the quoted text - which is indicated by the blockquote indentation - because we could be accused of a. putting words into someone else's mouth by claiming that they said something that they didn't, and b. we could, by editing, inadvertently change the meaning from that intended.

        I mistakenly used parentheses, which is apparently a common mistake, but as an example from your reply:

        "We [Soylent News] do not edit the quoted text - which is indicated by the blockquote indentation - because we [Soylent eds] could be accused of a. putting words into someone else's mouth by claiming that they said something that they didn't, and b. we could, by editing, inadvertently change the meaning from that intended."

        This does not change the meaning and is obvious that it is an addition by common English writing convention. Even a disclaimer line could be put in, 'Bracketed text added by editors for clarification.'

        • (Score: 2) by janrinok on Thursday August 07 2014, @03:32PM

          by janrinok (52) Subscriber Badge on Thursday August 07 2014, @03:32PM (#78463) Journal

          Thanks for your input - we might look at changing the background colour to indicate more clearly that it is a quote but, to be honest, I've always felt that 'From Hack a Day:' and the subsequent indentation made it reasonably clear. Software changes do not happen quickly - mainly because there are many more more important bug-fixes and enhancements already in the pipeline. I'll raise it as a discussion point on our IRC channel (#editorial) - where you would be more than welcome to join us at anytime.

  • (Score: 4, Interesting) by Anonymous Coward on Thursday August 07 2014, @10:25AM

    by Anonymous Coward on Thursday August 07 2014, @10:25AM (#78366)

    And the worst part, the letter they got (assuming what they published was the full text of what they received) was just a threatening letter from a lawyer. It was, and is, not in any way a DMCA take-down notice.

    Yet they are running scared and cowering in the corner because a big scary lawyer sent them a slightly threatening letter. And this is the real problem.

    • (Score: 2, Insightful) by Anonymous Coward on Thursday August 07 2014, @01:45PM

      by Anonymous Coward on Thursday August 07 2014, @01:45PM (#78399)

      because a big scary lawyer sent them a slightly threatening letter
      Because now they have to respond in kind with a lawyer. Unless they can find someone to do it for free (maybe). Hackaday is as far as I know run on a fairly shoestring budget. So many times it is easier/cheaper to just take down whatever someone is pissed off about than to fight it.

      My sister used that tactic on a subdivision she lived in. Being a lawyer she could click off things on big scary letterhead (basically respond in kind to what they did). But when dealing with an HOA you get some very irrational people. She did not come up with the idea herself. Her boss showed her how to do it. They backed off when she started saying things like 'courtroom' 'legal fees' 'unenforceable agreement' etc... She was going to shutdown the whole HOA go away if they pushed her and she had a pretty good case for it. Suddenly there was a 'meeting' and an 'exception for the fence that was 1 inch too close to the road that they had previously approved'. The lawyer and the jerk running the HOA wanted to keep that money rolling in (think 200 bucks a month across 500 houses).

      You may be able to get these people to back down. But you need to do it in their 'lingua franca'. Many times you can not just ignore it (as that can go badly for you later in court if it comes to that). But it many times is just a matter of responding in kind with a letter yourself.

  • (Score: 3, Interesting) by Alfred on Thursday August 07 2014, @02:47PM

    by Alfred (4006) on Thursday August 07 2014, @02:47PM (#78427) Journal

    I was very disappointed in this. The moral implications less than the similar Rigol double-your-bandwidth hack which everyone loved. Nearly every comment on HaD has been raising cries of theft and stealing. What changed?

    The root issue is probably because HaD was sold last year. It is now in the control of some electronics company I had not heard of before. The transition was smooth with no noticeable change in content or editorial influence. Since then there has been an accelerating change* but that is acceptable to a large extent. I suspect this company has some relation with Tektronix. At the least a service agreement. Whatever it is they have some interest in not pissing off Tektronix. They feel they must tread so lightly with them that they responded to a not-really-a-DCMA-takedown-notice over content that Tektronix didn't bother to contact the original content author over.

    I have lost respect for HaD over this obvious course change. The Hacker/Maker influence is being displaced by the corporate overlords. Almost all those who would want to do this probably can't afford one of their scopes anyway. I hope the Streisand effect from this echoes for years.

    *For example: I like the previous HaD policy of not posting Kickstarter stories. Now they happen, for and against. Most recently they tried to shoot down a copper foam heat sink thing but did not do it completely or thoroughly. Would it work? No it was horrible but HaD's due diligence and technical details were lacking too much to consider it as busted as they said they busted it. They were spot on about how it is a shady business arrangement. It seemed they had a ax they needed to grind about the thing but I was most annoyed that they claimed a level of busting that they did not meet. And unlike Myth Busters, when not busting it to my standards, there was no explosive happy ending.

    • (Score: 3, Interesting) by tibman on Thursday August 07 2014, @04:18PM

      by tibman (134) Subscriber Badge on Thursday August 07 2014, @04:18PM (#78485)

      Long time HaD lurker here. I agree that they have changed. They do have a project site now though, hackaday.io. They have almost finished their first HaD original product, the mooltipass (http://hackaday.io/project/86-Mooltipass). The retro computer build was a lot of fun. The retro stuff in general is pretty awesome. But they are obviously more corporate : /

      I have been really enjoying the Kickstarter busting. They need a HaD approved "stamp" to put on projects that are theoretically doable. Then kickstarters can submit their prototype to HaD for examination. That would really help some guy/gals get their project off the ground. A trusted 3rd-party has verified that it does exist and can be kickstarted.

      --
      SN won't survive on lurkers alone. Write comments.
  • (Score: 2) by fishybell on Thursday August 07 2014, @03:09PM

    by fishybell (3156) on Thursday August 07 2014, @03:09PM (#78449)

    The internet is definitely a goldfish [archive.org].