Wed, 28 Apr 2004

Stupid Wind Storm
That stupid wind storm caused some problems back at home. I called the house around 4pm, and noticed that the answering machine was not picking up.

After a brief stop at hack night, i noticed that I couldn't ping my house either. Ok, so no electrical power right? Thats fine, i'll just go home, and plug my home network into my car. Maybe the APC finally died, with all the stuff I have plugged in, it probably wouldn't last more than 2 hours.

I got home around 7 pm, noting the lack of power, and plugged various items (DSL modem, AP, etc.) into my car. After everything powered up, my DSL light kept flashing -- yea, phone lines are down too.

Running my home network off my car would be pretty cool to talk about the next day, but with no internet, what's the point?

I finally plugged into my CDMA 1xRTT modem..er..telephone (Don't tell Sprint!) and was able to get on the Internet. Then I realized how cold and dark it was getting, so eventually we left the house and went some place that had power.

So, the power was out all evening and all night, and it sucked. If I would have bought that generator for Field Day last year, I wouldn't have had any issues.

[/home] permanent link

Mon, 26 Apr 2004

Artificial Intelligence (AI) Music
I did some AI music about two years ago, using an old Amiga program written back in the day. I put them up on mp3.com but I lost hosting when the company folded.

They are back now on my music website.

Here is a quick list of some of the songs I recovered:

Another Poetic Joe

Another Joyful Star

Meet the Intelligent Wife

Joshez decided to do this weird crap to my "Another Poetic Joe" song, but this remix never made it past conceptual stage. I kinda like what he did between 0:54-1:15, but the rest is just ass. I think he told me he was joking around when he did it.

And my unbonus track: A mediocre track called "Pretty, Pink, and Intelligent". I figured i'd put up to give an example of the subpar output of this music engine.

[/music] permanent link

Tue, 20 Apr 2004

RST
No thanks to Cisco, and some googling, I have found the issue.

This is not a new exploit, but something as of late has pushed Cisco and other vendors to secure critical infrastructure (BGP Routing). Its about time too, since these initial warnings date back several years.

The push to do it now was either caused by some existing code in the wild, or increasing concerns from the goverment.

By using MD5 digests within TCP Header Options, this keeps BGP peers from being vunerable to stuff like spoofed TCP resets. This MD5 system provides connectionless security, not just in the payload, like SSL for example.

This RST exploit in particular involves 3 hosts, 2 of which have an active TCP connection, and 1 rouge host. The rouge host transmits a series of TCP RST packets, scanning a sequence number range and a guessed source port range. Most of these resets are discarded by the receiver's stack. Once the reset packet is what the receiver's stack expects as the next packet, it immediately disconnects the session.

Another interesting thing to note about the sequence number is that it is not an exact value, but a variable sized range, dependant on the window size. We are talking a greater possibility than just 2^32. This makes long term, large window TCP connections the most vunerable. A window size of 32768 reduces the probability to about 1 in 100,000. This is especially dangerous because it does not take a long time to send this amount of information.

Its not too difficult to guess the initial sequence number (ISN) of a TCP connection on IOS, check this out. You could then try to inject routes, but it would be very difficult.

BGP does not particularly like its sockets being repeatively broken, and if done on a wide scale, it could cause instability of the internet.

[/news] permanent link

Fri, 16 Apr 2004

Heh, looks like a lot of providers are BCC'ing entire internet exchange
participants and saying "we don't currently use authentication, we would like to define an MD5 key". But saying nothing more .. how cute.

[/news] permanent link

Cisco BGP Exploit?
Apparently everyone is scrambling to convert their BGP peers to md5 auth, and cisco is pushing out a fix to tier 1 providers "as we speak". Cisco is gagging customers not to speak a word about it, and it affects "more than cisco"

Md5 authentication? BGP config changes? Sounds like random hosts can pretend they are bgp peers and inject random routes or cause some sort of mayhem.

If i actually knew what it was, i'd talk about it, but I am discovering how high our company is on Cisco and our ISP's priority list.

[/news] permanent link

Thu, 15 Apr 2004

Gumstix and I2C
The Gumstix has no I/O. This topic has been ran into the ground a million times. Last tuesday at hacknight, i was let down when I found out that the cool 8 line header on the waysmall daughter board was not a collection of I/O's (GPIO), but actually an I2C bus, NSSP bus, and a battery indicator. But I2C does still give us some functionality, even if its not very fast. There are some pretty cool chips available which would be cool to interface to buttons, servo controllers, etc. without the use of a PIC.

One in particular is the $2 PCF8574 in DIP package (the big one we can use $0.50 radio shack chip sockets with), which gives us 8 I/O lines addressable from I2C, and an interrupt line on state change. If you want 16 bits, check out the PCF8575.

An alernative, the OnSemi JLC1562, will give you 8 bits and a 6 bit DAC, in replacement of the cool interrupt line. The chip also features an analog comparator tied to 5 of the lines, so it could also become a 5 line ADC as well.

A latching relay driver is also available.

Unfortunately, I2C on the gumstix is a pain right now. There is no serial device that i am aware of (ie: /dev/i2c) and I haven't found any neat programs yet that would let me do something like: I2CCmd read [address] [value] or I2CCmd write [address] [value]. Linux does have support for I2C, as most PCs use this to monitor fans, temperature, etc. So perhaps someone could write this some day. I'm heart set at writing some embedded code in perl or python....I really hate C/C++ for this type of thing.

I guess it didn't hurt to look .. apparently 'lm_sensors' supports the 8 and 16 bit versions of the freaking PCF8575! And better yet, its controlable under /proc/sys/dev/sensors/pcf8574-<0>-<1>/ ... this contains more information. I wonder if lm_sensors was compiled with the gumstix kernel?

Cool, but still, where is my i2ccmd read/write program?!?!?

[/pic] permanent link

Thu, 08 Apr 2004

ELF Band
Ever wondered what was on the radio dial between 0Hz and 45Hz right now? Wonder no longer, thanks to this wonderful Online ELF Spectrum Analyzer.

You can see the Earth's frequency at 7.8Hz, as well as peaks on 14, 20, 26, 33, 39, and 45Hz.

Here is a picture of the sensor:

This site also has a cool writeup and spectrum plot of the band:

as well as a cool writeup and spectrum plot of the even weirder Less than 2Hz "Pc 1-2 IPDP band":

[/wifi] permanent link

Mon, 05 Apr 2004

RFID: Privacy?
I don't see RFID as a big privacy issue. The concept is no different than a barcode, except this barcode is easily scanned compared to traditional UPC codes.

Like barcodes, RFID does not contain specific information. It is simply a static number. And unlike UPC, there is no common shared database containing what these numbers mean.

RFID is not a globally visible beacon. It only works within proximity of a scanner. Most scanners only work a couple feet, at best.

RFID sniffing cannot yield useful data without data sharing. A hypothetical road-side or store scanner has no idea the difference between my cat, my parking garage access card, and the Walmart shaver I just purchased.

Currently, my access card saves me time at the parking gate, my shaver package's RFID chip keeps prices low, my poor lost cat can be identified at the animal shelter (instead of put to sleep with the other strays), and my work security access card keeps people who shouldn't be on my secured floor from entering. At a price of privacy? Absolutely not. If I don't want my building to have my cat's RFID number, i'll keep him away from the scanner.

[/thoughts] permanent link

Drunk Engineer's Party Foul Turns Into Engineering Breakthrough
Soaking wood in sake apparently makes wood flexible enough to form a wooden speaker cone, without losing strength.

[/news] permanent link

Gmail is Evil? Right...
I thought this article on The Register was really silly. It is titled "Google mail is evil - privacy advocates".

I guess this kind of thing is expected, especially with Google's vague April 1st press release boosting email storages of 1 gigabyte -- completely free. Very little information has yet to be released on the gmail page about this service....so little that people are even reading the privacy policy in effort to uncover details.

The contents of your Gmail account also are stored and maintained on Google servers in order to provide the service. Indeed, residual copies of email may remain on our systems, even after you have deleted them from your mailbox or after the termination of your account.

No...Really? You mean after my file system indexes are removed, they aren't going to do bit scrambles across the massive, distributed petabyte monster we know as GFS? How dare they! Maybe people should read more about how files are actually deleted in most file systems.

Google's cookie is an index for all your searches until 2038, and sits alongside an Orkut cookie that tells Google - or friendly law enforcement officials or marketeers - exactly who you are. Google's Gmail will complete the picture, indexing private electronic discourse under the main Google search cookie.

If you are going to do something illegal, and leave an orgy of evidence scattered around on webmail services, search engines, and your personal machine, you probably deserve to be caught.

[/thoughts] permanent link

Fri, 02 Apr 2004

Location-Aware Games Part 2 - Mogi
I saw this on slashdot, apparently this is the same exact concept I did usability testing on. I wonder who held the patents first, assuming this particular company even had them.

[/hacknight] permanent link

Thu, 01 Apr 2004

La La La
Its too nice to be at work today....

I feel stupid blogging AIM conversations, but I thought this was too funny to pass up:

pdEo2X5o3bq: yesterday i sang a poem at open mic
pdEo2X5o3bq: called "one million"
pdEo2X5o3bq: this is how it goes
pdEo2X5o3bq: 1 2 3 4..
pdEo2X5o3bq: 5 6 7....
pdEo2X5o3bq: 8 9 10
pdEo2X5o3bq: 11 12 13 14 15 16 17
pdEo2X5o3bq: 18 19 20 21 22 23 24 25 26 27
pdEo2X5o3bq: etc
pdEo2X5o3bq: my friends placed bet on how far I could go
pdEo2X5o3bq: they kicked me off stage at 300

I'm probably going out to the coast this weekend for hikinh/camping. The weather report looks pretty good.

[/home] permanent link