I am the CTO of Zeo - we make a single channel dry EEG product for sleep phasing (www.myzeo.com). This is a fascinating project and the discussion around it has been really fascinating for me - we are thinking about many of the same issues.
We had Zeo 'hacked' last fall - and decided to embrace the trend. We hired the hacker - a Cornell student - on as an intern and had him help us write libraries to open up the platform. The Zeo Raw Data Library is in beta now - check out more details here:
So we took the open approach and can't wait to see what cool (and strange!) things people use the platform for. This was an easier decision for us since we sell to consumers (for sleep - not EEG per se) and don't have a big research business to cannibalize (like Emotiv) - I certainly understand and respect their point of view on the matter.
If anyone wants early access to the API sign up and let us know you want early access when you do. We have a forthcoming grant program as well - we will be giving out a bunch of free product to whomever suggests the coolest uses - email me ben@myzeo.com for more info.
That's incredible. I know Emotiv invested considerable time and money into "securing" the feed coming off the headset -- and it's broken in less than 24h by an individual (our own daeken!). That send a pretty powerful message about proprietary hardware...
"But... but we used 128-bit AES! It's rated for U.S.A. Classified Secret information!" Yeah, but you put the S-box (AES key initialization) in the code you sent to the end-user. Also, ECB http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation... So... yeah.
I hate to say this, but ECB is actually the right way to go here. There's no way to send information to the headset, so CBC with a rolling IV wouldn't work well -- if one HID report dropped, you'd have no way of regaining the stream again. Of course, they could've XORed the second half of the output report with the first (CBC across the output report itself), but that really gets you nothing. This is, amazingly, one of the few places where ECB actually makes sense.
That said, when will people learn to encrypt/pack/invert/anything their S-boxes?
Edit: Scratch what I said defending ECB mode. I totally forgot about CTR mode until a friend just mentioned it. Would've been the perfect solution here.
You know, so many in the tech community always called Stallman a lunatic and crazy for his outlandish views. Yet, he's been spot on nearly every time a company does stunts like this.
Tivo spent how much money and time to prevent us from owning our computer-hence the GPL3. We see Linksys stole code until they finally released a pack months later, package signed too. And this company spent gobs in crypto chips and obfuscation and time to secure what took 24 hrs to properly fix (and yes, I do mean fix).
Even nasty tripwire and DRM laden PS3 has been rooted, as have 'unbeatable' blu-ray. C'mon people: when are companies going to realize that this kind of behavior eventually hurts them? For you engineer types: why do you do (and redo) this?
This is great! I've been interested in EEG, neurohacking for a while, at least in concept. Now that it's available for entry level hackers, what's the best way to get started? Does anyone know of good resources for EEG related signal processing, or algorithms applicable to brain waves, etc.? Thanks!
This looks perfect for research or OS programs. But you can forget commercial applications without the consent of emotiv.
Also, perhaps someone can clarify this for me. This doesn't guarantee you will end up with something better or similar to emotiv.
After determining which bytes correspond to which signals, do you have to write the algorithm for pattern recognition? do you have to reverse engineer the whole SDK or is it just a matter of calling the existing/proprietary algorithms using the signals?
Anyway, I think this will force them to accelerate their development for the Linux platform and perhaps be more open about it.
I'm not sure if they're not open about their development because they're stuck (I haven't seen any major improvements in their videos from 2008 to now... same stuff) or if they're scared from competition because they don't have the resources.
If they can recognize what a bunch of _very_ ambitious developers can do for free, why keep this thing locked?
Once the sensor data is completely decoded (currently digging through that with the advice of several people in the EEG field), the reversing is really over. From there, you can write your own processing libraries or simply utilize something existing, such as OpenViBE. Part of Emokit will be an acquisition module to feed data into OpenViBE, so that'd be the path of least resistance for most cases.
I didn't know about OpenViBE. In your opinion, how is it compared to emotiv SDK? (I'm referring to the API, quality and things you can do with it -- with minimal coding)
I don't generally talk legality online -- for good reason -- but I will say this: I believe that this library is kosher and I'll stand behind it if Emotiv disagrees.
In the forums before release Emotiv changed their pricing (reduced) for raw sensor access, but they still wanted to get paid for it, which most of the users strongly disagreed with them on, as the idea of limiting the hardware's usability like that leaves a sour taste to poor programmers who want to experiment and help develop, and therefore drive, the technology.
I would suspect that, while Emotiv would prefer people to purchase the license to access these features legitimately, ultimately it serves their ends to help popularize their product and get interesting things developed for it so I would expect that it isn't entirely frowned upon.
A couple years ago I connected the NIA Neural Impulse Actuator to Max/MSP as a software synth control mechanism, but I was heavily limited by the proprietary software converting sensor data into keystrokes. This project is really great because it would let hackers get around limitations like that!
http://developers.myzeo.com/
So we took the open approach and can't wait to see what cool (and strange!) things people use the platform for. This was an easier decision for us since we sell to consumers (for sleep - not EEG per se) and don't have a big research business to cannibalize (like Emotiv) - I certainly understand and respect their point of view on the matter. If anyone wants early access to the API sign up and let us know you want early access when you do. We have a forthcoming grant program as well - we will be giving out a bunch of free product to whomever suggests the coolest uses - email me ben@myzeo.com for more info.