Archive for the ‘GPS’ Category

TMQ Watch: August 13, 2013.

Friday, August 16th, 2013

We were trying to come up with a clever introduction to the return of Tuesday Morning Quarterback (and, thus, the TMQ Watch) but we couldn’t. On the other hand, we were also suffering from a bad case of 70s nostalgia (brought about by many things, but exacerbated by the death of Bert Lance). So we thought we’d throw some vintage music your way before cracking open this week’s TMQ after the jump. Oddly enough, it turns out to be fitting for reasons we’ll see later on…

(more…)

Night thoughts.

Saturday, March 23rd, 2013

Some folks may have noticed that I haven’t been doing as much bread blogging recently. That’s because I haven’t been baking as much bread; I’ve been a little tied up with some family things. Nothing serious, nothing health related, and things are winding down. But it has distracted me a little from the bread machine. I’m going to try to do another one of Laurence Simon’s recipes this week, but I’m not sure which one.

In other news, I’m trying to get back on my bike. I have a Trek 7500 that I bought several years ago, and which sat idle pretty much the entire time I was going to St. Ed’s. I took it in last week and had it cleaned, lubed, and tuned; now I just have a series of petty annoyances I’m working my way through. (I couldn’t find my water bottles, so I bought replacements. You can’t have too many water bottles, anyway. Then I couldn’t find my bike shoes: I can ride the Trek in my normal sort of half-boot half-sneaker shoes, but it isn’t as efficient. REI had some Shimano SH-MT33L shoes on the clearance rack at an incredibly low price, so I grabbed a pair of those.)

(Side note: I bought my bike at Freewheeling Bicycles. Why? Lawrence bought his there. I’m happy I followed his lead. The total bill to get my bike out of hock last week was about $104. That price included $8 for a rear tube, and another $45 for a rear bike rack. I want to start making grocery store trips on the bike, rather than the car, so I bought the rack and plan to sling some panniers over it at some point. Since I bought the bike there, Freewheeling gave me a 25% discount on labor, so the whole thing ended up being much more reasonable than I expected. Consider this an endorsement of Freewheeling.)

(Side note 2: F–k Sun and Ski Sports, the horse they rode in on, and any horse that looks anything like the horse they rode in on.)

As a geek, one of the things I’ve always wanted to when I was riding was to log and track my rides. I have a cheap-ass bike computer with basic functionality: current and average speed, distance on current ride, odometer, and clock. But I’ve always wanted to be able to overlay my ride log onto a map and see where I’ve ridden, as well as getting elevation data. My feeling is that being able to do that gives me a tangible sense of progress, which gives me more motivation to ride. But those capabilities require GPS.

I’m still looking for work so I can’t (and don’t want to) spend $330 on a Garmin Edge 510 or $479 on a Garmin Edge 810. (“Social network sharing”?) If Garmin, or one of my readers sent me one, I’d certainly use it, but I don’t want anyone to do that (even as a birthday present). That kind of money will buy you a decent to nice Smith & Wesson, depending on what part of the country you’re in and what you’re looking at.

Here’s the thing: I’m smart. S-M-R-T. Smart. And not only am I smart, but! I have a smartphone! That has a GPS built in! And that runs apps! And, yes, there are cycling apps available! The big ones on Android seem to be MapMyRide and Strava, but I’ve also seen people say that MyTracks works quite well for cycling applications. And I already have MyTracks installed. And I already take my cellphone with me when I ride anyway, in case of emergency. Now all I have to do is get it properly rigged and I should have almost everything I need. (The last remaining piece is some cycling shorts with pockets. I’ve blown out the waistband on the one pair I have; whenever I put them on, they slide off my ass. This is not good for cycling purposes, or for staying off the sex offender registry purposes.)

(I got into a discussion with a friend of mine about Android/iPhone cycling apps. My friend’s position is that the dedicated cycling computers like the Garmin Edge line are preferable to using your phone for this purpose. His feeling is that running the GPS on the phone and logging data eats battery power, and your phone may run out of juice before you finish the ride. My feeling is: I’m not a high-speed low-drag road biker. I’m usually not out for more than an hour or two. If I start out with a fully charged battery, I feel like I should be able to run MyTracks for at least two hours without worry. We’ll test this theory once I get everything rigged for silent running. If I was doing the kind of thing he talks about doing, such as riding the Great Divide Mountain Bike Route 12 hours a day for ten weeks, I’d reconsider my position.)

Thinking about this some more, I wonder what the market for higher-end bike and running computers like the Garmins is today. Let’s see: I can pay $330 for the Edge 500. Or I can pay $196 for a HTC EVO V 4G Android phone pre-paid (no contract) from Virgin Mobile, get one of those cycling apps, and have two cameras and cell phone service. Or I could buy a cheap-ass used phone with no carrier off of eBay, run the same apps, do everything using WiFi, and not have to worry about breaking my good phone. All cell phones sold in the US are required to connect you with 911 even if you don’t have a service contract, so you’re covered in the event of a real emergency. And if you have a good cell phone you want to take riding with you, mounting brackets are a dime a dozen. Plus, I understand some newer Android phones support ANT+, so you can get cadence sensors and heart-rate monitors that will work directly with Strava or MapMyRide on your phone. No dedicated computer needed, so, again, what’s the market for that $479 Garmin Edge 810? (You can probably even do “social network sharing” from the phone, if that’s your cup of Gatorade.) Yes, you have to purchase the cadence sensor and heart rate monitor separately, but you also have to purchase those separately with the Edge 810: that $479 price does not include either sensor. If you have an iPhone, ANT+ isn’t directly supported, but Garmin will happily sell you an ANT+ adapter for a mere $50, or $40.73 from Amazon..

If any of my readers have experience with cycling apps like the ones I’ve mentioned (or others: I’m still running an Android phone, but iPhone users are welcome too) please feel free to leave a comment, or drop me an email if you’d prefer. Contact information is in the place where it says “Contact”.

Crime of the century!

Friday, March 8th, 2013

Somebody, or a group of somebodies, stole eight – that’s right, eight – school buses from a Chicago area bus yard last night.

The people who stole the buses drove them to a scrapyard, where they were shredded.

“There was a pile of shredded school buses about two-stories high,” one police official said. Some pieces were large enough that police could see the “Sunrise bus logo,” the official said.
Engines and transmissions from the buses had already been cut in half, and the seats tossed in a “big pile of scrap.”

(The linked article includes some photos of the pile of scrap.)

Apparently, the buses were stolen sometime between 7 PM last night (when the yard was closed) and 5 AM this morning (when the theft was discovered). So are scrap yards typically open after 7 PM on a weeknight? And wouldn’t you figure that someone would ask questions when eight school buses were driven in for scrap? Or was there more going on?

When officers arrived, several people who apparently worked in the scrap yard ran into a building, police said. Officers initially apprehended one person and later took two others into custody. The owner was arrested in the afternoon.

(This could also double as important safety tip #18 17:

The buses were all equipped with GPS tracking devices, and police were able to track “their entire movement” to the scrap yard on the West Side, police said.

Don’t steal stuff with GPS tracking devices, or stuff that you might think has GPS tracking devices. Among the things that you might think have GPS tracking devices, if you’re a criminal mastermind:

  • Airplanes.
  • Expensive cars.
  • Government vehicles, including police cars.
  • School buses that carry children.

That’s just a partial list. I’m sure others can think of more examples, but those should suffice for the crackheads in my audience.)

DEFCON 20 notes: Day 1.

Saturday, July 28th, 2012

If you asked people to explain DEFCON, what would they say? Some might say: for those who understand, no explanation is necessary, for those who don’t, no explanation is possible.

Others might say that DEFCON is a mystery, wrapped in a riddle, inside…

...an Enigma machine

(Not only did the National Cryptologic Museum bring that, they also were handing out (while supplies lasted) two really cool booklets: “The Cryptographic Mathematics of Enigma” and “Solving the Enigma: History of the Cryptanalytic Bombe”. The inside covers of both books claim they are available for free by sending a request: email me for the address, or try crypto_museum [at] nsa.gov.)

(I also got a kick out of the “NSA careers” cards they were handing out, mostly because it was the first buisness card I’ve ever seen with an embedded microfiber screen cleaner.)

Today’s schedule:

“Making Sense of Static – New Tools for Hacking GPS”: Pretty much what I expected from the description, but still a very good panel. The presenters have been doing a lot of work with systems that use GPS tracking, and they’ve run up against the limits of affordable off-the-shelf GPS hardware. There are all kinds of things you can’t do with retail GPS:

  • Experimenting with spoofing and jamming attacks is hard because you don’t have low-level hardware access to see what’s going on.
  • Implementing methods for dealing with poor signal environments, such as “urban canyons”, is also difficult.
  • You also don’t have access to the newer systems, such as GLONASS, Galileo, or Compass.
  • And it is hard to experiment with advanced positioning techniques.

Much of the presentation was devoted to a detailed account of exactly how GPS calculates positions on Earth, and what some of the limitations of those calculations are. If I were to attempt to summarize this, I’d be doing from memory and likely get much of it wrong, so instead I’ll point to the Wikipedia entry which covers the same material (including the use of Gold codes to distinguish each GPS satellite).

All of this led up to two products:

  • libswiftnav, which is a lightweight, fast, and portable set of tools for building a GPS receiver. The nice thing about libswiftnav, according to the authors, is that it will run on microcontrollers and other relatively wimpy hardware.
  • Piksi, a hardware implementation that uses libswiftnav and overcomes a lot of the limitations outlined previously: it can do highly accurate positioning, very fast updating, and supports other positioning systems.

The presenters have stated that their presentation should be available at the Swift-Nav site as soon as they have a chance to upload it.

I missed the “Not So Super Notes, How Well Does US Dollar Note Security Prevent Counterfeiting?” session simply because the clock got away from me. If I can find the presentation online, I will link to it.

I wasn’t able to get into the “How to Hack VMware vCenter Server in 60 Seconds” session for reasons of it being held in a room way too small for everyone who wanted to get in. This seems to be a version of the presentation from another conference. I’ve only given it a quick skim, but it looks very interesting indeed.

Bypassing Endpoint Security for $20 or Less” wasn’t quite what I had expected, but it paid off. The basic idea behind this panel was that there’s an increasing emphasis on keeping people from walking out of the office with sensitive data on USB mass storage devices; some companies use software that allows only known and approved devices to connect over USB.

So how do you know if a device is known and approved? Much of the presentation dealt with specifics of how USB, and especially USB mass storage, works. The short answer is that everything depends on “endpoints” (which are sort of “virtual wires” for USB connections) and “descriptors” (which provide information about the device). USB devices identify themselves through a combination VID/PID as part of the protocol, so if you can spoof the VID/PID, you can pretend to be an already authorized device.

Which is what the presenter’s hardware does, for less than $20. I haven’t found the presentation online, but the presenter swears the hardware schematics etc. will be available on github under “usb-impersonator” as soon as he gets around to updating the repository (which he promises will be real soon now).

Edited to add 7/28: Two points in this presentation that I wanted to mention but forgot to last night.

  1. Windows doesn’t see anything but the first LUN on USB mass storage devices. So if you want to hide something on a flash drive from a Windows user, partitioning the drive is a good way of doing that.
  2. If you run modprobe usbmon (this may require running as root) and then fire up Wireshark, wonder of wonders, you get a whole bunch of USB bus devices available as Wireshark interfaces. This is something I want to play with more when I have time: I’ll probably post some Wireshark capture files showing what happens when a device is inserted.

Edited to add: Added link to Phil Polestra’s blog entry, which contains links to the slides and the code, 8/1/2012.

The last presentation I went to was “Safes and Containers – Insecurity Design Excellence”. This is one that’s already gotten a fair amount of attention: a friend of mine emailed me a link to this Forbes article by one of the presenters that neatly recaps the whole thing (including their videos).

Basically, many popular gun safes, especially ones made by the Stack-On corporation, are insecure and can be opened with paper clips, drinking straws, pieces of brass purchased at a hardware store,..or by just simply lifting up the safe and dropping it a few inches.

Why is this? The presenters argue that the people who make these safes don’t come from a culture that says to itself “Okay, I’ve built this safe. Now how can I bypass the mechanism and get in?” Quoting: “Engineers know how to make things work, but not how to break them.” Many of these safes are imported from China and are made as cheaply as possible, which complicates things even more.

There’s also an attitude of “my product meets the standards, so up yours”. The California Department of Justice has standards for gun safes, and these products all meet those standards. However, the CDOJ standards do not involve any kind of realistic tests of the product, such as turning it over to a five-year-old and telling him there’s candy inside.

My one issue with this presentation is that the authors seem to view gun safes as the most important part of protecting your kids from guns; thus they believe safes need to be stronger. I can agree with this, but as I see it, safes should be a last resort, not the primary means of protection. I grew up in a house with guns, and I was never tempted to mess with any of them because my parents raised me properly (and because I knew I’d be beaten bloody if I did mess with them). Age-appropriate training (such as the NRA’s “Eddie the Eagle” program) combined with appropriate physical security (what was that gun safe doing where a three-year old had physical access to it, anyway?), combined with safes that actually do what they’re supposed to do, constitutes a layered defense, and one that works better than just relying on cheaply made Chinese junk.

And so to bed. I’m tired, and stuff hasn’t been working right all night. Project e just shut itself down in the middle of this post, the Kindle’s battery was deeply discharged and I had to wait for it, and dinner was not that great. (More about that later on.)

Random sports (and other) notes.

Monday, October 17th, 2011

I wasn’t planning to say anything about the Texas Rangers: last year was significant, this year, well, what can you say other than that they’ve gotten good?

However, I can’t help but take the opportunity to gloat a little here, since it appears that a Rangers/Cardinals World Series has John Gruber extremely upset. Poor guy.

Loser update tomorrow: Miami plays tonight.

“We’re the only ones professional enough to have 21 MP-5 submachine guns stolen from our training facility.”

Somewhat buried lead: the MP-5s were converted to fire blanks only.

The parts required to change the MP-5 back to live firing were for sale on a gun supply website. It was unclear, however, what documentation or background checks would be required to purchase them.

I am not an MP-5 armorer, but I would guess: probably none. I doubt any of those parts are serial numbered like AR lower receivers. And I’m curious where the LAT reporter got his information.

Miscellaneous stuff.

Thursday, February 17th, 2011

I’ve had a couple of people ask me if I’ll be covering various topics. Short answer: probably not, if you haven’t seen it here. Longer answers:

Important safety tip. (#3 in a series)

Monday, January 31st, 2011

This has been said many times, in many places, but I think it bears repeating for reasons that I’ll illustrate shortly:

GPS systems are a guide and a tool. They are not absolutely perfect. They are human designed systems that can fail.

Also, no matter how insistent that voice is, and no matter how often it says “Recalculating”, your GPS system is not the boss of you. You are the person in control of the vehicle; you have the option to ignore it, mute it, or even throw it out the window. (I even know one person who took a perverse enjoyment in tormenting their car’s GPS system by driving in circles.)

Several things bring this to mind. Some folks who were attending Saturday’s SDC found that their GPS systems were showing a location for Korean Grill that was quite a bit off from the actual location. (By the way, Korean Grill is a pretty darn spiffy place; I recommend giving it a shot.) On Sunday, we had a similar experience trying to find the Gruene Door; somehow, we ended up in a residential area several hundred feet behind the Gruene Door, and more or less stumbled on the restaurant through pure luck. (Also: the Gruene Door was fantastic. I’d like to go back sometime soon.)

And then there’s this story from the Sacramento Bee:

“It’s what I’m beginning to call death by GPS,” said Death Valley wilderness coordinator Charlie Callagan. “People are renting vehicles with GPS and they have no idea how it works and they are willing to trust the GPS to lead them into the middle of nowhere.”

And then they get stuck in the middle of nowhere in 120 degree heat where there’s no cell phone service and wind up drinking their own urine to survive. Or just simply vanish until someone stumbles across their remains in the desert.

It does seem like there may be a little more to this than just GPS failures. (Why aren’t closed roads better marked? Perhaps with a big sign: “ROAD CLOSED. IF YOU GO PAST THIS POINT YOU WILL DIE.“) But the main problem still seems to be blind trust in a technology that can fail.

(Unfortunately, I can’t find a YouTube clip of the Hill Street Blues episode where Joyce Davenport lectures one of her clients on desert survival techniques. Too bad, because she’s actually got some pretty sound advice to offer.)

Talkin’ GPS Blues (part 1).

Sunday, January 9th, 2011

A long time ago, my great and good friend Glen pointed me in the direction of a Steven Jay Gould essay about his encounter with Richard Feynman. Gould’s point in that essay was that he thought Feynman wasted a lot of time trying to understand evolution from the ground up, time that Feynman could have spent making valuable contributions to the theory instead. My response is that I think I understand where Feynman was coming from; the only way he felt like he could contribute something was to start from first principles and work his way forward until he understood each step. I’m not anywhere near as smart as Feynman or Gould, but I feel much the same way as Feynman did. Hence, the long and rambling nature of this entry.

I have six GPS systems. That’s probably more than any one sane person needs, but we can leave that discussion for another time.

(more…)