TomTom’s hidden all-terrain mode
Sometimes, I feel like a human GPS navigator. And there are probably many more of us out there. Ever get a call from your wife, asking you to direct her to some remote place she is trying to drive to? My solution was to get a TomTom 500 navigator for her birthday. It comes with the maps for Spain in full detail, and a basic map of Europe, with main roads and cities. It can also be used as a Bluetooth handsfree for your mobile phone, so it’s quite a convenient device.
We set about trying it during a trip to visit my mother – since I knew the way, it would be a good sanity check on the navigator’s ability to lower our phone bills. When I told it where we wanted to go, and it told us to turn west instead of east, I started imagining what would happen. After a few minutes of following the navigator’s instructions without even looking out the window, this is where we ended up:
Yes. It wanted us to go up a dirt path that only horses (and fit ones at that) can manage. Take a close look at the full-resolution picture, and judge by yourself.
After turning around, and following the route we always take, we had to turn off the sound for almost half the trip, as it kept insisting that we should “turn around as soon as possible” so we could take the easy-going dirt track.
GPS navigator manufacturers only make the devices, but not the data that’s in them. There are a few companies, such as Navtech and TeleAltlas, who take care of that, and license the use of the data. In this case, it seems that overzealous cartographers had simply taken anything that looked like a road in survey maps, and turned them into navigable paths. The result is my unfortunate experience. The collateral is that my wife doesn’t trust the device, unless it’s for navigating within city limits – thus limiting it’s usefulness, and not limiting my phone bill so much.
Hacked-up displays – Barcelona Metro
I’m going to start a section called Hacked-up displays, or HUDs for short.
HUDs are public displays, screens and panels which are caught showing something they shouldn’t be, by fault or by hack. There is a classic roadside HUD here, as a good example. I’m posting this phonecam pic of an infoscreen at the Barcelona Metro, which usually shows videos, news and other stuff to bored passengers waiting on the platforms – and with which DirectPlay was not happy.
The rules:
1. Any image of a HUD is allowed, unless it contains foul language and/or explicit images.
2. Pics taken must be submitted with a short explanation of context, or if a hack was involved, a more detailed story of events.
3. Please advise if you want credit or want to remain anonymous. Confidentiality of submissions is guaranteed (thanks Apple!)
Vodafone, security, and revenue
Do you work a lot while on the road? If you use Vodafone’s GPRS/3G data service, it could be costing a lot more than you think.
You surely heard about Vodafone blocking Skype on their mobile network in the UK, with T-Mobile following suit, all in the name of ‘fair use’ and distribution of network resources. Supposedly, using Skype instead of downloading MP3s can make their network grind to a halt…let’s just move on.
I was involved in a project about a year ago, the goal of which was to write an IP stack for an embedded device. The approach was to write the stack in an easy-to-debug higher level language on a PC, then port it to the device. So, I went ahead and started writing the PPP code, aided by a GSM modem and a Vodafone SIM card with GPRS enabled.
To my surprise, as soon as the PPP session was established, a public IP address was given by the network, and packets started arriving. Curious about what this data was, but already suspicious of what it could be, I wrote a quick-and-dirty TCP decoder, and rightly so, the misterious packets were nothing more than the usual flurry of port scans any device attached to the internet is receiving all day long. NetBIOS ports, common trojans, SSH, you name it, it was all coming in.
It was obvious that the security implications of these port scans were just as if the internet connection was coming from a DSL line – but there was a twist. GPRS fees are paid for downloaded data, but what is the definition of downloaded data? Is it just the data portion of a TCP or UDP packet? Is it the whole packet? Thus, were you actually paying for these port scans, and even for getting hacked?
“Vodafone customer support, how may I help you?”
Turns out they couldn’t help me much. Not even the technical department understood what I meant by port scans, or ‘rogue’ data coming from the internet and being charged for it. I escalated and called the UK support line, and finally got someone to admit that they don’t perform any form of filtering, “for technical reasons, as it is something very difficult to accomplish”. Besides, they were sure some customer might want their NetBIOS ports open for the whole internet to see.
Fast-forward to 2006…and they are blocking Skype. If someone can come up with a decent explanation, other than they only block data harmful to their revenue, I’d be glad to hear it. They don’t care if some kiddie hacks into your computer, and turns it into a file dump, as long as you pay for the traffic. Alas, if you touch their voice revenue with a VoIP application, they will go to any length to “protect” you.
RFID Security
RFID, which stands for Radio Frequency Identification, is ubiquitous in our lives. We find RFID tags in our library books, grocery, consumer goods, printer cartridges, and are even implanted into people’s bodies.
The basic principle behind RFID is that a simple, passive device responds to a burst of RF with a unique number, which can be used to identify the object to which the device is attached. There are many types of tags, some of them can even be written to. When I have the time, I will write an in-depth article on this subject.
RenderMan, Thorn and Audit have written a book on this topic, titled RFID Security. You can get this book at Amazon.com. RenderMan is very active in the Church of WiFi, Thorn has participated in other books, such as Wardriving: Drive, Detect, Defend. Audit is a very active moderator of the Netstumbler forums, hosts personalwireless.org, and also participates in many WiFi-related projects.
iTunes – the war is over
Believe me, I tried. Frustration was high, but so were spirits. The challenge: to purchase videos from Apple’s US iTunes store, while not being a United States citizen, nor living in the country.
For some obscure reason which they don’t make public, but one can guess emanates from the RIAA, Apple does not allow you to purchase music or other content in their iTunes stores, unless you are from the country that the store belongs to. So, a UK citizen cannot buy music in the US iTunes store, and so on. Fine. Whatever DRM was for…
It is very frustrating to see that in your music store, Bowling for soup only has some 70 songs available, whereas the US music store has 150 songs.
Being based in Barcelona, Spain, I was stuck in the spanish iTunes store. The Office videos (both seasons), were however stuck in the US iTunes store. I would have been quite happy to pay the $2 they asked for each show. I firmly believe in paying fair prices for good, reliable content, and so I set about trying to break down the barriers set against being a satisfied costumer.
Round 1: Direct attempt
My first attempt was to create a US-based account, using a good friend’s address, and my own credit card. This is an address where I have actually lived for some time, so I consider it in my heart as ‘home’ – it’s not just an address of someone I met on the net.
The attempt failed completely, as the iTunes signup process checks the address of the credit card, matching it against the address you say you live at. I was quite amazed that the system also checked the zip code, state and address – it wasn’t going to take any rubbish you threw at it.
Round 2: The back door
iTunes gives you two basic payment methods: credit cards and PayPal. So, I thought about creating a PayPal account with the US address, add my credit card and verify it, then try to get iTunes to accept it. Maybe the process would somehow dilute the geocoding wrath of Apple’s DRM.
The first part seemed to work – I created the PayPal account, and it allowed me to verify my credit card. I will probably deal with PayPal’s verification methods in a sepparate post.
Next step was to create the iTunes account, choosing PayPal as your payment system. The iTunes client then opens your web browser, and points it to PayPal, where you are asked to confirm you want to accept charges coming from the music store.
The iTunes account was finally created, and it allowed me to browse content in the US music store. Searching for The Office videos, I saw both seasons were available, and clicked the purchase button for the pilot episode of season 1. Success! iTunes downloaded the episode, which I added to my iPod’s library, and watched it great satisfaction.
A while later that evening, an email from iTunes arrives – they have a problem charging my purchase of a single $2 video to my PayPal account. So, I log into the PayPal account to see what’s wrong, and I’m greeted with a flurry of disputes to be resolved. The most devastating one is that I have to “confirm my identity” by adding a US-based bank account, something you can only have if you physically open it at a US branch, thus needing to confirm your identity and address, and so on.
After this, I received another couple of emails from both PayPal and iTunes, one saying iTunes had cancelled their invoicing agreement, the other saying they had frozen my account, in all, total defeat.
Round 3: The alternatives
After the disconcerting experience with iTunes, I looked around at alternatives, and was pointed by a friend to allofmp3.com. This is a service very similar to iTunes, but with a twist. First, they are based in Russia, where a loophole exists on the trade of music in electronic rather than physical format. Secondly, they don’t use any form of DRM, and let you encode the tracks you buy in a number of formats and bitrates. And thirdly, the average album will cost you less than $2, as they charge by volume rather than quantity.
They don’t have videos, but checking sites such as TorrentSpy shows you that if iTunes won’t serve them, someone else will…