
Keurig competitors crack company's DRM code - thisisblurry
https://www.consumeraffairs.com/news/keurig-competitors-crack-companys-drm-code-082814.html
======
jonknee
The fact that a coffee maker has DRM at all is depressing.

~~~
oinksoft
Hah, just wait until you experience the INTERNET OF THINGS.

~~~
Zikes
There will come a day when the proverbial walled garden becomes a literal
walled garden, and we'll all get to say "we told you so!"

It won't be particularly satisfying, but in that dystopian near-future, it
will be one of life's few remaining pleasures.

~~~
potatolicious
> _" It won't be particularly satisfying, but in that dystopian near-future,
> it will be one of life's few remaining pleasures."_

[expression of cynicism detected]

[content override triggered]

[querying for user's linguistic analysis based on previous communication]

[synthesizing praise for walled garden using user's linguistic profile]

[deliver praise to recipient instead of ungood sentiment]

Seriously though, we're already filtering Facebook posts based on "relevance".
We're a really, really thin line away from silencing posts based on the
sentiments expressed within.

~~~
Zikes
Filtering based on sentiment? Oh, they're way ahead of you there:
[http://money.cnn.com/2014/06/30/technology/social/facebook-e...](http://money.cnn.com/2014/06/30/technology/social/facebook-
experiment/index.html)

------
takemikazuchi
Perhaps Keurig should print their logo onto the cups with said special ink,
and the machine should identify the logo with an image matching algorithm. If
I understand trademark law correctly, competitors wouldn't be able to
reproduce the Keurig logo without the strong possibility of facing
repercussions for trademark infringement. I mean in reality it wouldn't work
well at all and just make consumers pissed, but I wonder what the legal
situation would be if they could pull it off.

~~~
nacs
Even if they print an entire logo in the ink, someone could sell some kind of
reusable sticker with that special-ink-logo and just stick it onto the non-
Keurig cups during use. When finished with 1 cup, remove sticker and stick it
on to a different cup.

I don't see why they even bother trying to lock down their machines TBH as it
can't be done well without significantly increasing the cost of the machine or
cups (or inconveniencing existing customers).

I have a Keurig (non-DRM) and buy mostly Keurig branded cups anyway but if I
had to buy one of these "2.0" machines with DRM, I'd just not buy a Keurig
machine.

~~~
anon4
Or put the sticker over the sensor. Or hotwire the sensor (caution: voids your
warranty).

------
apendleton
A cursory Google search shows that not only are companies making Keurig-
compatible cups, but also Keurig-compatible coffee machines, so people who
want them could get those instead. Funny that the end consequence of this may
be that a whole ecosystem around this format ends up continuing to dominate
despite the fact that all of the players are selling knock-offs and the
originator of the idea has moved on... it's IBM PC-compatible all over again.

~~~
hatfieej
I wrote the software for the Mother Parkers RealCup brewer and am quite
familiar with at least their knockoff. The real purpose of the brewer was
really as a way to push their brand of K-cups (it's the razor blade thing).
Everything is about pushing those cups because the margins on those cups are
amazing. Keurig is desperate to try to maintain their licensing deals. The
(patented) Vue cups aren't doing great, so this was their next attempt.
Keurig's attempts aren't really focused on serving the customer, but rather on
trying to extract continued revenues from them. BTW...$3.7B market in K-Cups.
Crazy huh?

~~~
nhstanley
Rent seeking. This is one of the things that in my businesses I try to avoid
because it is basically should be a last ditch, hail-mary pass. Which is what
this DRM probably is for Keurig.

Ideally, you should always focus on being better than your competitors, which
is difficult--but not impossible--in commodity products. Good examples are
Dropbox or Starbucks. Cloud storage space or coffee are obviously not new or
hard to deliver products, but it's how you deliver them that makes all the
difference. I think this is a loosing battle for Keurig, and they should focus
on providing some additional value (or perceived value, which can be just as
good) to their customers. Maybe that's genuinely better tasting coffee, or
maybe it's a slight (but acceptable) premium over generics (people like and
trust brands).

~~~
hatfieej
Exactly. Customer satisfaction is the last thing on Keurig's mind right now. I
think we all know how this will play out if they don't wise up.

------
dubcanada
They should require you to create an account online which you must login too
and enter a code found on the K-cup in order to get your coffee.

That will show those pesky people wanting to use your rather expensive machine
with slightly less expensive however still a ripe off single serving coffee
pods.

~~~
Zikes
They'll be willing to go through all that trouble for the convenience of only
having to push a button to get their coffee!

~~~
dmix
Worked so well for Sim City!

~~~
Zikes
Some potential parallels there.

Blatant lies: "Our coffee machines just can't support other companies'
k-cups."

Empty promises: "Buy our new coffee machine and it'll enable us to make a lot
of new and exciting flavors!" First new flavors out of the gate are durian and
Mountain Dew.

I'm looking forward to the inevitable half-hearted apology, which will of
course have still more empty promises. Not long after that they'll announce
the v3 model, which will have an incompatible DRM to v2, forcing their
customers to either upgrade or use off-brand companies' k-cups.

~~~
CaptainZapp

      First new flavors out of the gate are durian and Mountain Dew.
    

Can't be much worse than hazelnut, or vanilla.

~~~
Natsu
Have you ever had a durian? We actually bought one once, at Christmas.

It was... memorable.

~~~
CaptainZapp
Actually yes, I did and think it's a wonderful fruit.

The trick, however, is not to buy one and take it home (or to your hotel
room), but to buy a ripe durian at a street vendor and let him open it. Eat
straight away and keep a lot of napkins available.

While the taste is really amazing (in my opinion) there's no doubt that the
stink is amazing too. And nearly impossible to air out of a closed room.

Most hotels in Singapore flat out forbid durian in your room.

------
ErikRogneby
When your proprietary coffee delivery system costs $50/pound and people still
buy it, is DRM a surprise?

~~~
michaelt
Are there any non-proprietary pod based coffee machines?

------
nthitz
Article states it's not true "digital" rights management. Seems more like an
analog rights management (shine an infrared light on ink and register
reflection). So presumably no one can be technically liable under the DMCA.
However, if Keurig were to switch to a more "digital" form of rights
management (perhaps actual RFID), could these third party coffee pod creators
be found guilty of circumventing content protection technologies (DMCA
violation)?

~~~
rcthompson
Since there's no copyrightable artistic work involved here, I don't think the
DMCA applies.

~~~
gambiting
Like someone above said, the pattern could be in a shape of their logo, so
anyone replicating it would be effectively putting another company logo on
their product,which is definitely not legal.

~~~
turingfail
There are ways to lose your trademarks if you use them or simply allow them to
be used in the wrong contexts. I think their competitors would argue that this
is one of those ways.

------
pwarner
I was going to ask why they didn't just patent the thing. This is the physical
world after all. Turns out they did, but the most important one expired in
2012. [http://blogs.wsj.com/corporate-
intelligence/2012/11/28/the-k...](http://blogs.wsj.com/corporate-
intelligence/2012/11/28/the-k-cup-patent-is-dead-long-live-the-k-cup/)

------
hendzen
Next time Keurig should hire a cryptographer. GPG signed QR-codes or something
similar (vulnerable to replay attack, but harder to circumvent).

~~~
Zikes
I don't understand how literally printing the password on the cup would be
more effective, unless the coffee maker is internet-connected and each code is
revoked after usage.

It harkens back to having to call Microsoft because you've replaced your
motherboard except now it's Keurig and even less pleasant because you can't
have your coffee while you're on hold.

~~~
greenburger
They could do a Louis Vuitton and make their trademark an integral part of the
password design. Or pick a nice QR code and trademark that.

~~~
beedogs
morcheeba: looks like your account's been shadowbanned for some reason.

~~~
Zikes
Possibly for good reason:
[https://news.ycombinator.com/item?id=8170246](https://news.ycombinator.com/item?id=8170246)

Best leave it to the mods.

------
JadeNB
The author's confidence in common sense is touching:

> It's still too early to tell, but the fact that Keurig's “DRM” can be
> cracked with such ease doesn't seem to bode well for the company.

> So that's one reason Keurig might be in trouble: because it bet everything
> on imposing a technological barrier which turned out to be ridiculously easy
> to get around.

Err, so easily crackable DRM will not survive legal challenges? (I seem to
remember a story, which my Google-fu is insufficient to recover, of someone
embarrassing Jack Palance during an interview by showing him the complete
DeCSS source ….)

------
jrs235
Couldn't someone just cut the top off or take the foil off a legit k cup and
place it on top of a non legit one then run the machine? This would cost the
non legit companies less... Not having to retool production. Just tell the
consumer what to do or include a special cover.

------
sasoon
I do not understand why is anyone buying machines with pods. Expensive
machine, expensive coffee, and creating garbage for each cup.

Is it so hard to put teaspoon of coffee in cup and pour hot water?

~~~
Shivetya
Its simple, its clean, and convenient. There are many makers of k-cups to
choose from so finding an acceptable cup of coffee made this way isn't too
hard. I went through a few variety packs, read reviews on Amazon and the like,
to narrow my choices. I then used Amazon's subscribe and save feature, visits
to slick deals, and even my costco membership, to buy k-cups are good prices.

During summer my coffee drinking goes down and the ability to just make one
cup is great. Cooler months and its time for the Bonavita, sometimes its good
when friends want some but even then I have dropped back to the k-cup.

------
shmerl
Good, but doesn't make Keurig a good coffee worth drinking ;)

------
forceblast
I have no idea why anyone would put up with drm and pay such a ridiculous
price for such terrible "coffee."

------
dkarapetyan
Is it really that hard to get a coffee presser and some ground coffee?

~~~
dwaltrip
Why does it bother you that others wish to make some task more convenient? And
BTW, there are bio-degradable (compostable) cups that one can buy, if that was
part of your concern. The office manager at my company says they are actually
cheaper, too.

~~~
dkarapetyan
It doesn't bother me that people want to make certain things convenient what
bothers me is the commoditization of every last thing in our consumer driven
culture. Is your life really going to be so much better if you can make your
coffee in 1 minute instead of 2 minutes? I really don't see any other
convenience with ready-made coffee other than the time component. If that
convenience comes at the cost of locked down devices for making coffee then it
is really short-sighted of people to buy into that "convenience".

~~~
pak
In a workplace environment with a shared kitchen it absolutely is worth it to
an average manager to avoid the spills and mess of grounds and keep everything
in the pods. This is where I saw most Keurigs first, and then it seemed to
"hijack" its way into the household because people got addicted to the
convenience that they enjoyed at the office.

~~~
Iftheshoefits
Where I work there is a machine that dispenses coffee (Americano: basically an
espresso plus piping hot water to fill the cup up). Such machines are more
expensive than the typical office Keurig, but for an office of any size not
prohibitively so. For office coffee it's actually quite good, and far and away
better than any swill out of a Keurig I've ever had the misfortune of
drinking.

------
jbigelow76
Jailbreaking your iPhone is so 2010, now the cool kids are jailbreaking their
Keurigs.

------
nandhp
Their SSL is bad. It gets an F from SSL Labs due to an exploitable version of
OpenSSL --
[https://www.ssllabs.com/ssltest/analyze.html?d=consumeraffai...](https://www.ssllabs.com/ssltest/analyze.html?d=consumeraffairs.com)
\-- and Firefox refuses to connect to it at all due to weak ciphers:

An error occurred during a connection to www.consumeraffairs.com. SSL peer
selected a cipher suite disallowed for the selected protocol version. (Error
code: ssl_error_cipher_disallowed_for_version)

~~~
deathanatos
> and Firefox refuses to connect to it at all due to weak ciphers:

It's not a weak cipher. I get the same error, but the cipher the server
selects is TLS_ECDHE_RSA_WITH_128_SHA (0xc011). If I've got my SSL best-
practices straight, that's not a bad choice.

The server, however, also selected SSL 3.0. My understanding is that you can't
use that cipher with SSL 3.0 because it didn't exist. Firefox thus aborts the
connection; note the error: "…cipher_disallowed_for_version" (of SSL).

I've seen this before on a server I had, and it had the same behavior. I'm
nearly certain this is a bug on the server side, perhaps in OpenSSL. The
server I had made some pretty nonsensical decisions in the server hello, such
as the above with Firefox, and with Chrome, selecting TLS 1.0 _even though
that was disabled_. I asked about it on SO[1], but never got a reply. (For me,
it's no longer an issue; we enabled TLS on that server for hopefully obvious
reasons.) Firefox and Chrome's client hellos are pretty similar, but not the
same, and I never figured out the difference that caused the server to choose
SSL or TLS over the other.

[1]: [http://stackoverflow.com/questions/25146651/why-is-nginx-
sel...](http://stackoverflow.com/questions/25146651/why-is-nginx-selecting-
the-ssl-versions-ciphers-it-is-selecting)

