… brains …

Archive for the ‘Tech’ Category

Apple’s iMessage encryption trips up feds’ surveillance | Politics and Law – CNET News

Thursday, April 4th, 2013

The DEA has figured out that getting a wiretap order for an iPhone, executed at the phone company, doesn’t get them iMessage content. It’s pretty obvious the various TLAs engaged in law enforcement will use this as a concrete example to push the “Going Dark” initiative to get CALEA reinterpreted (or legislated) to cover various internet based communication services. And designing a service to use end-to-end protection will be right out.

iMessage is a special case here, since it inserts itself into the normal text message user interface. It’s the phone’s preferred way to send messages, and from the user’s (and law enforcement’s) perspective, it’s a native feature of the phone rather than an app.

I’m worried this will bring up yet another concern–even if they get what they want with CALEA, they are going to discover that they have execute multiple, maybe even many, wire tap orders to track a single subject. How long until we require each ISP to be able to MiTM attach every TLS connection? Or another clipper chip initiative?

Apple’s iMessage encryption trips up feds’ surveillance | Politics and Law – CNET News

(Via MacRumors.)

Drones toss and catch inverted pendulum – Boing Boing

Thursday, February 21st, 2013

The research drones are at it again. This video is really impressive, if not as showy as some of the previous ones. I can imagine the CIA drones go from blowing up suspects with hellfire missiles to just apprehending them Spiderman style.

Drones toss and catch inverted pendulum – Boing Boing:

Political Fallout

Saturday, March 12th, 2011

It’s started. We knew it would.

Japan current nuclear plant problem is real. I don’t want to take anything away from that.

But the anti-nuclear rhetoric is already starting. This big scary nuke plants must be a danger to us all. And I freely admit, there are dangers involved. The only rational response I can think of, is a quote from Wikipedia:

Comparing the historical safety record of civilian nuclear energy with other forms of electrical generation, Ball, Roberts, and Simpson, the IAEA, and the Paul Scherrer Institute found in separate studies that during the period from 1970 to 1992, there were just 39 on-the-job deaths of nuclear power plant workers worldwide, while during the same time period, there were 6,400 on-the-job deaths of coal power plant workers, 1,200 on-the-job deaths of natural gas power plant workers and members of the general public caused by natural gas power plants, and 4,000 deaths of members of the general public caused by hydroelectric power plants.In particular, coal power plants are estimated to kill 24,000 Americans per year, due to lung disease as well as causing 40,000 heart attacks per year in the United States. According to Scientific American, the average coal power plant emits more than 100 times as much radiation per year than a comparatively sized nuclear power plant in the form of toxic coal waste known as fly ash.

Now, don’t think for a minute that I believe nuclear plants are a good idea. No centralized, high-capital approach to energy is a good idea. But since we seem to be limited to centralized, high-capital approaches, nuclear power is about the best option we’ve got.

Here’s to hoping Japan can solve this problem with the least possible damage to life and property. And to hoping we can learn the lessons needed to make this sort of thing safer in the future. But any discussion about the risks of nuclear power must consider the relative risks of just about every other energy source we currently have.


Tuesday, January 12th, 2010

This is one of the more perplexing things that has happened to me while booking a hotel room. And developers wonder why people just click through bizarre-looking security warnings…



iRobot Looj First Mission

Monday, September 7th, 2009

I just completed my first use of the iRobot Looj™125. The bottom line is, it was better than I expected.

When iRobot first announced the Looj, my reaction was along the line of “what were they thinking?” I couldn’t imagine that there was enough market in home gutter cleaning robots to warrant the R&D cost. But then we had new landscaping installed, and found a section being damaged by water overflowing the corner of one of our gutters. Candace said she’d fix that section of the flower bed, but not until I cleaned the gutters.

The Looj had reached its second generation by then, and they’re not that expensive, so I ordered one. Due to too many hands on my time, I only managed to deploy it this weekend.

Guess what? It works pretty well. It was not perfect, but it sure beat having to move the ladder every few feet. It plowed through the real debris with gusto. It was great for tree matter, etc. It was not quite as good with the several years build up of fine silt–it got most of that but left quite a bit behind.

This model is rated for 150 linear feet of gutter. I didn’t measure my gutters, but it handled the whole house on one charge. Now, it’s not a big house, and most of the gutters on the south side were mysteriously clean.

The unit had plenty of power. It would occasionally hang on something and flip itself over–but this model can run just fine upside-down. The only significant downside was that a lot of the spacer rods in my gutters were angled down too far, and blocked the Looj from its duties. I don’t blame the Looj for this; it was typically shoddy work on the builder’s part. On the other hand, if the Looj was made a little thinner, it would have fit under most of them.

Some other minor issues:

I don’t think the handle-remote was the best idea. It becomes difficult to remove and reinstall once the unit gets dust and grime on the handle rails. This is complicated by the need to hold onto the ladder while messing with it. The battery cover on the remote comes off too easily–I had to climb down the ladder to find my batteries more than once.

It sprays dirt all over the place–but I don’t see much way around that short of a built in shop-vac. You will need eye protection and a hat with a brim.

The NiCad battery needs too much babying–I thought we were past the days of having to pull the battery off the charger to avoid overcharging, and having to guess when the battery was fully charged instead of having an indicator.

But overall, it was a clear win over doing it by hand. I’m still not sure about the market for home gutter-cleaning robots, as I imagine I would use it once a year at the most. But I expect a single visit from a professional gutter cleaner would cost me more than the entire unit.

Get ‘Em While They’re Hot

Tuesday, April 14th, 2009

Tesla Motors is now taking deposits for their über-cool Model S sedan, which is planned for production in 2011 — they’ll be sold off in first-come-first-served order. The claims are 0-60 mph in a smooth 5.6 seconds, with seating for 5 adults. And 300 miles on a charge. Base models start at $50,000 — which seems quite the bargain, when you consider that it’s likely to compete with luxury sedans for amenities.

For a mere $5,000 ($4,950 of which can be refunded, at least as long as Tesla remains solvent), you can get your place in line.

IETF Power Strips

Wednesday, March 25th, 2009


Google Adwords: Too Clever?

Wednesday, March 18th, 2009


Gig-E, Screen Sharing, and Screen Sharing (Don’t try this at home)

Saturday, December 20th, 2008

Recursive Screen Sharingrecursive

(After a minute or so, the switch turned off the port connected to the laptop…)

Addendum: Today (22Dec), Byron, Phil, and I attempted VNC-doom: 3 laptops, 1 gigabit-ethernet switch, and an attempt at a full 3-way mesh of screen sharing.

We found bugs. Lots of annoying little bugs. The most entertaining/frustrating version was inducing one-way visibility in the clients. So we didn’t get the full-mesh going today, but we got some really pretty pictures from having two loops running at once. Maybe after a round or two of bug fixing (if reports have any effect), we’ll give it another shot.

But I think next time, we’ll need 5 laptops in a mesh. Not only do you get a nice layout on the client screens (one peer in each corner), you end up with a pentagram for a diagram as a bonus :).

rsync –link-dest and os/x

Monday, December 1st, 2008

This is not your friend

Use all your speakers under OS X 10.4

Monday, March 24th, 2008

Something that had been bothering me for a while is that I have a full 5.1 setup hooked up to my MacBook Pro (via a USB SoundBlaster Live sound card), but generally end up using only two of the speakers. While native 5.1 content (DVDs, HD trailers) does play out all six speakers, any stereo source (like music in iTunes) uses only the two front speakers. Most annoyingly, the subwoofer just sits there doing nothing.

I finally figured out how to make stereo sound sources take advantage of the entire setup, with the help of various tools. Luckily, these are all free.

The most important tool is Soundflower. Soundflower adds two input/output sound devices (one stereo, and one 16-channel). These are actually very simple pass-throughs — any sound routed to the inputs appears at the outputs (For example, you can set default output to the stereo Soundflower device; and another to takes its input from the Soundflower device — viola! Instant full-system sound recorder!). It’s pretty simple, but very powerful. (Caveat: installation requires a reboot, since it’s creating new sound devices)

Another very useful tool (although not strictly necessary for what we’re doing here) is Soundsource. Soundsource sits in your menu bar, and allows you to select which output device is currently active. You’ll be changing this around quite a bit as you get this whole setup working, so I’d suggest you install it.

Finally, if you haven’t installed the OS X development tools, do so now. They’re on the disks that shipped with your machine.

Got all that installed? Good. Now the fun begins.

On the “SoundSource” menu, select “Open Audio MIDI Setup”. (If you haven’t installed SoundSource, you can find this in “Applications”, under “Utilities”). On the “Audio” menu, select “Open Aggregate Device Editor”. Add an aggregate device, and name it something useful (I called mine “Soundflower Stereo + SB Live”). Select the new aggregate device, and check “Soundflower (2ch)” and whatever your 5.1 soundcard output is (look for a “6″ in the out column). You’ll want to make sure the soundflower appears first in the list. You probably want to select the soundcard as the clock source. You can now close the Audio MIDI Setup application.

The newly created aggregate device should show up in your AudioSelector menu; and it will probably be selected. We haven’t routed the sound anywhere yet, so any sounds your machine wants to make now won’t come out anywhere.

Now, open up the “AU Lab” program — you’ll find it under /Developer/Applications/Audio. You should be in the “Create New Document” window. Make sure the “Audio Device” is set to the aggregate device you created — there should be 8 channels indicated. If you don’t see 8 channels, try changing from the aggregate device to a real device and back again. Now, click “Add Output” three times — you should have four outputs total. Select output 3 and change it to mono. Drag it to channel 5 (this is your center channel). Select output 4, set it to mono, and drag it to channel 6 (this is your subwoofer). Now, grab output 2 and drag it to channels 7 and 8 (this is your rear channel); and, finally, drag output 1 to channels 3 and 4 (front channel).

Don’t worry — we’re almost there.

Now, under “Inputs,” there should be one input. Sometimes it creates it automatically for you; sometimes you need to add it. Click on “OK”, and you should get a window with a bunch of sliders on it. The lower-left slider should have four little boxes along its left side, labeled “1″ through “4″, indicating which outputs this input is routed to. Click on “2″, “3″, and “4″ to light them all up. As long as your output is still set to the aggregate device, you should now have music coming all all 6 speakers. Save this document before you close the AU Lab program.

One thing to note: the AU Lab program needs to be actively running to route sound from the Soundflower inputs to the outputs on your 5.1 soundcard. If you close AU Lab, your sound is once again routing to nowhere — but this is easily remedied by selecting a real device in the SoundSource menu.

You can play around with various effects on the channels to differentiate them. For example, I put a low-pass filter on my subwoofer; added a “Matrix” effect to the center channel to “enhance” the stereo; and put a 0.016 second delay on the rear channel.

One last troubleshooting trick that might help if you can’t get the audio flowing: soundflower and your soundcard need to be set to the same sample frequency or things just won’t work. I also had trouble converting 24-bit samples to 32-bit samples, but 16-bit to 32-bit seemed to work just fine. You can tweak these settings in the “Audio MIDI Setup” application.

As an aside — you don’t want this configuration active when watching actual 5.1 sources, as it will not only route the front channels to all six speakers; it will also send the center channel to the left front speaker; the subwoofer channel to the right front speaker; the rear left channel to the center speaker; and the rear right channel to the subwoofer speaker.

iPhone: Who needs security?

Monday, August 27th, 2007

There are an increasing number of jailbroken applications that can be loaded onto the iPhone — so many, in fact, that someone has thrown together a nifty package manager for installing and managing all of them.

One of the more interesting things to do, of course, is run an SSH client so you can perform remote administration of other machines. Apparently, the installation of SSH from the package manager is a full-fledged OpenSSL install — including the server side of things.

And yes, it does start up the SSH service.

Combine this with the well-known passwords for both “root” and “mobile” accounts and what do you get?

orthrus:~/ adam$ ssh root@
The authenticity of host ' (' can't be established.
RSA key fingerprint is 7f:c4:18:1d:08:63:6c:04:0c:14:30:b2:09:f4:ee:17.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
root@'s password: 
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Mon Aug 27 17:34:23 2007 from
# ls
Library  Media
# uname -a
Darwin Q40 9.0.0d1 Darwin Kernel Version 9.0.0d1: Fri Jun 22 00:38:56 PDT 2007;
root:xnu-933.0.1.178.obj~1/RELEASE_ARM_S5L8900XRB iPhone1,1 Darwin
# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/disk0s1            307200    193116    111012  64% /
devfs                       18        18         0 100% /dev
/dev/disk0s2           7622368   6624600    997768  87% /private/var

Hmm… methinks the potential for havoc may be high here.

Commodity Battle: AOL vs. Skype

Wednesday, May 17th, 2006

Its not uncommon for technology companies to choose a complement to their core technology and try to make it a commodity. This can be a very successful approach: Microsoft’s OS market share has doubtless been aided by cheap, commodity-class PCs.

Sometimes when you’re developing two complementary bits of technology, it makes sense to commoditize one of them to aid the other — this is the traditional “give away the razor, sell the razor blades” model. Printer manufacturers have embraced this model with such gusto that some have even started using crytpographic handshakes between the printer and toner cartridges in an attempt to prevent the manufacture of third-party toner cartridges. (For what it’s worth, Lexmark’s use of the DMCA to make compatibility not just difficult but actually illegal seems to have been rejected by the courts).

For a long time, several companies — such as Skype and Yahoo — have offered voice clients free for download; this commodity complemented their profit-earning PSTN interwork services (e.g. SkypeOut). AOL has been slow to enter this market, in part due to an agreement they made with the FTC as part of their merger with Time Warner (they agreed to open up their AIM network to interoperability before deploying VoIP). Earlier this month, AOL announced a VoIP service to accompany their AIM software. The big splash from this announcement, however, is that AOL is offering free phone numbers and free inbound calls. Outbound calls still cost money.

In apparent response, Skype has announced that, through December of this year, all outbound calls using their Skype client are free.

As long as they’re willing to sign up for two services and run two clients, potential customers can now have a completely free inbound and outbound phone service. It will be interesting to see what happens when you have one company giving away the razors, and another giving away the razorblades.

T-Mobile bans VoIP and IM from new UK 3G Data Service

Tuesday, May 9th, 2006

(Apologies for violating my policy of not repeating stuff on slashdot. Also for basing a US-centric rant on a UK story.)

It seems that T-Mobile has released a new 3G data service in the UK. Sounds pretty neat, except their terms of service explicitly ban the use of VoIP or IM applications. The referenced article speculates that they plan to offer their own VoIP service.

If they are banning such applications because they think their network can’t deal with it, that is bad enough. But if they are banning them because they don’t want competition with their own service, then that is a real problem.

Believe it or not, I tend towards a laissez faire business philosophy, and really do believe the market will solve this sort of thing, if it is allowed to do so. I’m perfectly happy to let T-Mobile, or anyone else, have whatever network policies they like, under the condition that I am allowed to select a network provider that has policies that I like. The problem is, there are real barriers to entry for access network services, most of which are created by some regulatory regime in the first place. Whether it is regulation of spectrum, regulation of who can run a wire to my house, or regulation of who can provide service in my community, it’s still regulation.

Let’s not protect network providers from competition with one hand while freeing them to restrict access with the other.

Open Source SigComp Project Launched

Tuesday, May 2nd, 2006

SigComp, an IETF-developed technology for compression of signalling messages, is considered important for certain wireless SIP applications (notably push-to-talk, although its application to other applications is getting some attention as well).

The Open SigComp project web site launched last week. The purpose of this project is to produce and maintain an open source SigComp stack. Not only will this assist in research and prototyping work around the SigComp protocol, but it should also help in the continued development of the SigComp protocol within the IETF.

Found in the prackage

Monday, March 27th, 2006

A Very Damp IETF Meeting

Sunday, March 19th, 2006

I just returned home after a failed attempt to reach the IETF hotel. IETF 65 is planned to take place in the Hilton Anatole in Dallas. Problem is, much of the area between I-35E and the east levee of the Trinity River is flooded this evening. The Anatole is smack dab in the middle of it.

I spent several hours probing for routes to the hotel. In a Miata. Dean got in in his monster truck. I tried to follow his route, but the police closed it right before I got through.

I did witness some strange things, though. Lots of people were arriving via taxi, and were getting out on the freeway. There was a line of people fording the access road, carrying bags on their heads and everything. That will teach me to carry my camera in the trunk where I can’t reach it.

The odd thing is, I have lived in the Dallas area since 1987. It’s common to have heavy rains in the spring, and I’ve seen flooding before. But I’ve never seen _this_ much flooding even after weeks of spring rain. And typically not much at all in that area of town.

That’s it for tonight. I will try again in the morning. Fortunately, my neighborhood has very good flood control.

Vonage: Customer Service Reponds

Saturday, April 2nd, 2005

You may recall my Vonage rant a while back. I sent them mail to clarify the situation at that time, but didn’t hear back. (In the interim, I’ve settled on Delta Three’s iconnecthere service).

Almost two months after I sent my query to Vonage Customer Service asking about the activation, shipping, and termination charges, I finally got two responses. Taken together, they fall into the “heart is in the right place, but head is up their ass” category. Compare:

Dear Adam,

Thank you for contacting customer care. Please forgive the delay in 

As regards your email, no in the case of a retail activation you would 
not pay an activation fee. Although a termination fee is applied to 
all canceled lines, if you call us and explain the situation most 
agents will waive the fee and refund the charge. 

Thank you,

Nik Drumm
customer care agent
second shift

Then, 11 hours later:

Dear Sir/Madam

Thank you for contacting Customer Service. I am sorry for any delay in

In response to your email. If you purchase the adapter from a retail 
location, there would be no activation fee, disconnect fee, or shipping 

Thank you for choosing Vonage and I do hope that I have answered your
questions. Do not hesitate to contact us if you need further assistance.

Customer Service Representative

So… there is a termination fee? There isn’t one? What? Do these guys even know what they’re doing? I appreciate the snappy seven-week turn-around time on customer care, but the responses don’t give me much confidence.

Texas v. Vonage

Wednesday, March 23rd, 2005

Following an incident in Houston in which a Vonage subscriber was unable to reach 911 in an emergency, the Texas Attorney General has filed suit against Vonage. The suit seeks suitable notice to subscribers about the (rather crippling) deficiencies in Vonage’s 911 service.

There are a few problems with the way that Vonage currently handles 911, and I’ve been warning people about them for a couple of years. The first is that, by default, dialing 911 simply plays a recording saying “you don’t have 911.” You have to activate 911 service before you can use it, and apparently Vonage doesn’t make this clear enough to new subscribers. Further, it takes several days after such a request before 911 service becomes active.

The second problem is that 911 calls (with very rare exception) are routed to an administrative number for the emergency center, not the 911 operators themselves. So, the person answering the phone isn’t able to actually dispatch emergency services; in fact, by and large, they’re simply a secretary without any emegency training at all. A correlary to this is the fact that, in many locations, calls to Vonage’s 911 service outside of business hours will simply go unanswered.

The third and final problem is that (once again, with rare exception), Vonage has no technical means to transfer location information to the emergency centers. Even a very technical friend of mine using Vonage as a primary line replacement was unclear on this fact. She thought that the fact that she gave her address to Vonage in the process of 911 service activation meant that the 911 center would have this information available, and Vonage did nothing to inform her otherwise. So, even people working in the VoIP industry lack the knowledge to figure out this information; what hope does the average consumer have?

Don’t get me wrong. As long as you can wait until business hours to have your unexepected emergency, have figured out that you need to register for 911 with Vonage, aren’t in the multi-day activation period, limit yourself to emergencies that leave you physically and mentally capable of giving your location, and don’t mind untrained personnel fielding your emergency calls, then using Vonage as a primary line replacement is just fine. And that may be good enough for some people. But I agree that it needs to be a choice people make for themselves with adequate information.

QoS Considered Harmful

Friday, March 18th, 2005

Cringlely has an interesting take on QoS. What happens when the ISP tags the traffic for its own services to have a higher class of service than that of all those third party services? I’ve heard lots of arguments that best effort is good enough for VoIP if you have sufficient bandwidth. But that will fall apart pretty quickly if it has to compete with lots of higher priority traffic.

This could be the big ISP’s best shot ever at breaking that annoying end-to-end internet. Now, Cringely did not present any evidence the ISP’s were actually doing this–but I keep hearing more and more carrier-associated people claiming that VoIP is not deployable without QoS. This, in spite of all the services that work “well enough” without it.

(And yes, I just violated my on policy of not posting things already on slashdot again.)