
Microsoft furious at $2,000 bounty for open source Kinect drivers - bensummers
http://www.techeye.net/software/microsoft-furious-at-2000-bounty-for-open-source-kinect-drivers
======
orangecat
_"Microsoft does not condone the modification of its products," a Microsoft
spokesperson told CNET. "With Kinect, Microsoft built in numerous hardware and
software safeguards designed to reduce the chances of product tampering.
Microsoft will continue to make advances in these types of safeguards and work
closely with law enforcement and product safety groups to keep Kinect tamper-
resistant."_

That's exactly what I would say if I actually did want a bunch of hackers
trying to create drivers for other platforms.

~~~
markkanof
This also seems like a strange thing to emphasize. Instead of pointing to the
advances in motion tracking that Microsoft made to create Kinect they choose
to emphasize the advances in DRM that they have made to prevent people from
doing interesting things with their product.

~~~
jrockway
I think this is because they sell the hardware at a loss, and have to make it
up through legitimate game sales. Statements like the above are to keep the
shareholders happy with a pretty bad business model. ("We give the actual
hardware away, but then rape developers and users with per-game fees. We go
out of business if someone breaks the DRM, but that can't happen because we're
Microsoft and our DRM is unbreakable.")

~~~
Tangurena
While the "sold at a loss" might be true, I've also read some articles that
claimed that some of the processing in the kinect hardware was being offloaded
into the xbox itself. If true, this means that the drivers will need to
replicate some code running on the xbox and Microsoft was rather nasty about
researchers reversing some of what went on inside the running hardware.

~~~
Vivtek
Then perhaps they should avoid trying to play the hardware market instead of
lawyering up to reinforce their bandaids.

------
dinedal
Nintendo didn't say or do anything, and now everyone and their brother can
hook up a Wiimote to a computer and use it without issue. It doesn't seem to
have negatively impacted them at all.

I'm curious as to why MS thinks that this is going to hurt them.

~~~
ahi
The Kinect hardware might be a loss leader for Microsoft licensed software.

~~~
sh1mmer
That's also probably true of Nintendo. I doubt the hardware has anywhere close
to the revenue margins of the games themselves, or licensing games.

I think the real point in the original comment was that "serious" business is
unlikely to build products competing with 360 on other platforms based on an
open source driver for Kinect. E.g. Activision are extremely unlikely to build
video games for PC based that require a Kinect.

While there might be a small cost to Microsoft in selling a few Kinect bundles
to hackers who don't have, and therefore buy games for, XBox 360 in the grand
scheme of things it's hardly a threat to Mircosoft's new business model and
this is just the standard corporate answer to anyone tampering with their
products.

~~~
grav1tas
This is not true with Nintendo. They're anti-loss leader. Their philosophy
calls for them to turn a profit on everything they do. Here's a quick blurb
about it:

<http://arstechnica.com/gaming/news/2006/09/7752.ars>

~~~
sh1mmer
Not to be too pedantic, but I deliberately choose my wording. I didn't say
Nintendo made a loss on the hardware I said it likely has worse profit margins
than selling games on their platform.

Selling hardware may not actually hurt them, but it obviously their goal is to
create a platform on which to upsell games.

------
funkdobiest
I think most should be upset over the fact that MS is implying that law
enforcement will be kicking in the door of whoever wins this bounty.

~~~
tptacek
I agree, up to the point where someone might try to start a business on Kinect
reversing. It was hamhanded for MSFT's spokesperson to invoke law enforcement.

~~~
caf
How would this be any different to a business based on selling unauthorised
printer cartridges/refills? (Serious, not rhetorical, question!)

(All under the assumption that making unauthorised use of the Kinect does not
require copying a work that Microsoft owns the copyright to, of course).

~~~
tptacek
I don't think it is different. What's sleazy about printer cartridges isn't
the lock-in, it's the teaser price on the printer made up for with the
artificially inflated price of the cartridge.

~~~
caf
Sure, but are those printer cartridge businesses in potential legal trouble?

------
oziumjinx
I could see it now:

Porn industry adapts open source Kinect drivers into new, immersible adult
entertainment experience. Act in one of your favorite movies and get
"intimate" with your favorite porn stars.

~~~
Psyonic
Dirty minds think alike, apparently. I proposed this very thing to my friend
yesterday. He just got a Kinect and I was joking with him about the potential
this has for the porn industry.

~~~
oziumjinx
I did initially get downvoted but I think the implications for that adult
entertainment industry with Kinect are huge.

As some may know, the POV (point of view) genre in adult entertainment is a
huge segment. Being able to act in the movies and dictate the positions and
movements of the actor would be a big marketing driver

------
tptacek
They're "furious"? I don't get that. What I get is "If necessary, we're going
to outspend Limor by roughly two orders of magnitude on this problem alone";
based on the caliber of people MSFT has ready access to, I'd put my chips on
Microsoft in this arms race.

~~~
cryptoz
No corporation has ever shut out the hackers. In every machine ever built, if
hackers want to control it they will. Especially if they're allowed to take
the machine home.

What makes you think this case is any different? Microsoft can't keep Office
or Windows under wraps, nor the XBOX, nor anything else.

The hackers will win, as always.

~~~
tptacek
Patently false. For one example: DirecTV shut out the off-the-shelf smartcard
hackers.

You're falling into a narrative trap. It's not actually "hackers vs.
Microsoft". Microsoft pays some of the best in the world. Most examples of
hackers beating companies involve companies that did not invest seriously in
countermeasures. That's not a problem Microsoft has.

~~~
jonmc12
There is a difference between hacking a machine (Kinect) and hacking a service
(DirecTV).

~~~
tptacek
I don't see the difference between hacking the machine that makes DirecTV work
and the machine that makes Kinect work, but since we're a community of nerds,
I'm sure there's at least 1223 distinctions to be drawn here.

~~~
alextgordon
The utility of DirecTV is the service it provides. The box has no utility _per
se_. Because being able to receive DirecTV's service is dependant on having
compatible software, there has to be some way for the box (hacked or not) to
receive updates. If the pirates don't patch, they lose their utility.

The utility of Kinect is a physical piece of equipment. There's no service
(although it may be used _with_ a service), therefore there's no requirement
to receive updates once hacked. Microsoft only gets one chance to deploy their
defences: when the Kinect is in the factory.

~~~
tptacek
You apparently think the Pay TV providers can issue new smart cards on a
semiregular basis. No, they can't. They operate under approximatelly the same
constraint Microsoft does; updates to their core protection scheme are
ludicrously expensive.

(Microsoft could use the exact same scheme by bricking their devices with
fuses when they fail some routine checkup; they could also brick every device
and then issue a recall/reissue. They have better options than that, though).

------
makuro
$2,000 seems low, really. The people who would be intrigued in this situation
are doing it for the challenge and the glory. Two thousand would be an OK
cherry on top, but if you really want to sweeten the deal, I bet with a
Kickstarter you could get ten times that amount.

~~~
rapind
IMO MS could offer $10,000 to any developer who delivers the exact same thing
to them only giving MS complete ownerhip over the code. That would entice
anyone working on it to go for the bigger bucks and give them legal recourse
if the same code appeared as opensource.

Of course that could start a bidding war, and draw more attention, and no
doubt encourage more hackers... so actually never mind, probably a really bad
idea.

~~~
burgerbrain
The type of people who normally do this sort of stuff do it for free. The sort
of people who do this kind of stuff because of the publicity being generated
have the tendancy to not even do it for free, but to refuse any prize money
offered to them. A large portion of bug bounties paid out to people who find
bugs are gifted to the EFF for example.

A 10k bounty to _not_ release this might stop a few people from doing so, but
all it takes is for a single individual to say "fuck it, I have a steady job
and a nice place to live, giving MS the finger is worth more than just a
measily 10k to me", and it's game over. Once that single person releases their
work microsoft has paid out (no doubt numerous times) 10k for absolutely
nothing.

------
rhizome
It's shady for TechEye to quote CNET without linking to the article that
contains Microsoft's response.

------
tlrobinson
I predict the Streisand effect will kick in right about now.

------
heliodor
Adafruit Industries should start a fundraising campaign on kickstarter.com or
a similar site and aim for the kind of run-away success that Diaspora had in
their fundraising efforts. More publicity, more money, more developers ...
angrier Microsoft!

------
trotsky
The bounty is nothing but a PR stunt - they might as well offer $50k, it's
very unlikely anyone will ever claim it. The XBOX 360 and their official(ly
licensed) peripherals are protected by TPM style infineon chips that do
cryptographically secure mutual authentication and protocol encryption (as
needed). These chips are very tamper resistant, requiring a state sponsored
level of sophistication to physically remove private keys that are never
exposed outside of the chip dye. Or an exposure of the original microsoft
signing keys for the xbox project which are undoubtedly closely controlled and
are never required to be exposed to 3rd party developers (except, perhaps,
infineon).

The exposure of such keys or a process to avoid the use of them would be of
significantly more value to software bootleggers, unlicensed peripheral
manufacturers and homebrew folks than any amount of money this open source
group is likely to offer. And they'd be requiring a fully functional driver
for a set of complex hardware with no documentation on top of the
cryptographic attack. Nobody on earth would do all that work to claim that
bounty. Not to mention, defeating the protections would surely fall under the
DMCA circumvention rules, meaning revealing the coders identity would open
them up to significant legal risk.

While it's fun blame microsoft for their behavior, it should be noted that
this kind of peripheral protection is becoming significantly more common.
Among others, I'm under the impression that this style of on chip
cryptographic protections drives the new class of "made for iPhone" officially
licensed bluetooth enabled gadgets and certain other "made for iPhone"
hardware. I'm unsure if they use as tamper proof a solution, but the intent is
the same.

------
kellysutton
It will be curious to see what unlocking the drivers for the Kinect will
actually do. If there's no semblance of an API from the device, it might just
be giving you back raw data. With the Wiimote, that's more manageable since
you're only dealing with 3 axes. With a crazy point cloud, it could be tough
to infer anything from the data. I think I read somewhere that the Kinect
handles a lot of this on its own though...

~~~
Leynos
The bounty is for RGB video with per-pixel depth information.

"To demonstrate the driver you must also write an application with one window
showing video (640 x 480) and one window showing depth."

------
sz
Where can I pledge money for the cause? I'd up the bounty myself if I could.

------
joeld42
How much of what Kinect does is done in hardware, and how much of the vision
solve is done in software? the "drivers" might be a huge undertaking if it
just gives you the raw input from the cameras.

~~~
uxp
If my understanding of the device is marginally accurate, I understand it
offloads almost all of the processing to the 360. So, I would imagine the raw
data coming out of it is like getting raw input from 64 mice at the same time.
If anything is done directly on the device, it is probably "stabilization",
like muting the background and focusing on a central moving object, but actual
tracking and number crunching is done off of it.

Here's a video of a guy looking at his room with IR goggles. This observation
makes me think that there is a Lot of data to be crunched to get an accurate
use of it. <http://www.youtube.com/watch?v=r7nRKU0nFxA>

------
pippy
Taking the device away from games may be the best thing for it. It could have
great applications for medical research and physiotherapy.

On the gaming application side, it's just a glorified Eye Toy. If you've
played it, you know how foolish you feel playing it.

------
teilo
"Modification of its products" "Product tampering"

So if I write a linux device driver for a USB mouse with a proprietary
interface, I am "tampering" with the mouse and "modifying" it?

This is a human interface device. I highly doubt that even the DCMA could kick
in on it, since it is not used for recording, storing, or displaying content
of any kind (but I could be wrong). How, then, does Microsoft have the right
to say what can and cannot be done with a piece of hardware that I rightfully
purchased?

Whether the Kinect is a loss leader is irrelevant. Once I buy the thing, I own
it, and I can do whatever I want to with it.

------
wccrawford
That's one of the few projects that I'd be willing to contribute personal
funds to see done... If done well enough. That's the trick.

------
eli
Correct me if I'm wrong, but Microsoft is correct in suggesting any Americans
who participate in this might actually be breaking federal law, right?

------
lwhi
I don't own an Xbox, but if I can connect Kinect to my linux box, I'll buy
one.

