Today, I attended a business meeting in Geneva, and on the way back, noticed the info panel at the airport was on a bit of a vacation. Click the picture for a higher-res version.

Sometimes, I feel like a human GPS navigator. And there are probably many more of us out there. Ever get a call from your wife, asking you to direct her to some remote place she is trying to drive to? My solution was to get a TomTom 500 navigator for her birthday. It comes with the maps for Spain in full detail, and a basic map of Europe, with main roads and cities. It can also be used as a Bluetooth handsfree for your mobile phone, so it’s quite a convenient device.

We set about trying it during a trip to visit my mother – since I knew the way, it would be a good sanity check on the navigator’s ability to lower our phone bills. When I told it where we wanted to go, and it told us to turn west instead of east, I started imagining what would happen. After a few minutes of following the navigator’s instructions without even looking out the window, this is where we ended up:

Yes. It wanted us to go up a dirt path that only horses (and fit ones at that) can manage. Take a close look at the full-resolution picture, and judge by yourself.

After turning around, and following the route we always take, we had to turn off the sound for almost half the trip, as it kept insisting that we should “turn around as soon as possible” so we could take the easy-going dirt track.

GPS navigator manufacturers only make the devices, but not the data that’s in them. There are a few companies, such as Navtech and TeleAltlas, who take care of that, and license the use of the data. In this case, it seems that overzealous cartographers had simply taken anything that looked like a road in survey maps, and turned them into navigable paths. The result is my unfortunate experience. The collateral is that my wife doesn’t trust the device, unless it’s for navigating within city limits – thus limiting it’s usefulness, and not limiting my phone bill so much.

I’m going to start a section called Hacked-up displays, or HUDs for short. I welcome your contributions to this, please send your entries to mike@tech.am

HUDs are public displays, screens and panels which are caught showing something they shouldn’t be, by fault or by hack. There is a classic roadside HUD here, as a good example. I’m posting this phonecam pic of an infoscreen at the Barcelona Metro, which usually shows videos, news and other stuff to bored passengers waiting on the platforms – and with which DirectPlay was not happy.

The rules:

1. Any image of a HUD is allowed, unless it contains foul language and/or explicit images.
2. Pics taken must be submitted with a short explanation of context, or if a hack was involved, a more detailed story of events.
3. Please advise if you want credit or want to remain anonymous. Confidentiality of submissions is guaranteed (thanks Apple!)

Do you work a lot while on the road? If you use Vodafone’s GPRS/3G data service, it could be costing a lot more than you think.
You surely heard about Vodafone blocking Skype on their mobile network in the UK, with T-Mobile following suit, all in the name of ‘fair use’ and distribution of network resources. Supposedly, using Skype instead of downloading MP3s can make their network grind to a halt…let’s just move on.

I was involved in a project about a year ago, the goal of which was to write an IP stack for an embedded device. The approach was to write the stack in an easy-to-debug higher level language on a PC, then port it to the device. So, I went ahead and started writing the PPP code, aided by a GSM modem and a Vodafone SIM card with GPRS enabled.

To my surprise, as soon as the PPP session was established, a public IP address was given by the network, and packets started arriving. Curious about what this data was, but already suspicious of what it could be, I wrote a quick-and-dirty TCP decoder, and rightly so, the misterious packets were nothing more than the usual flurry of port scans any device attached to the internet is receiving all day long. NetBIOS ports, common trojans, SSH, you name it, it was all coming in.

It was obvious that the security implications of these port scans were just as if the internet connection was coming from a DSL line – but there was a twist. GPRS fees are paid for downloaded data, but what is the definition of downloaded data? Is it just the data portion of a TCP or UDP packet? Is it the whole packet? Thus, were you actually paying for these port scans, and even for getting hacked?

“Vodafone customer support, how may I help you?”

Turns out they couldn’t help me much. Not even the technical department understood what I meant by port scans, or ‘rogue’ data coming from the internet and being charged for it. I escalated and called the UK support line, and finally got someone to admit that they don’t perform any form of filtering, “for technical reasons, as it is something very difficult to accomplish”. Besides, they were sure some customer might want their NetBIOS ports open for the whole internet to see.

Fast-forward to 2006…and they are blocking Skype. If someone can come up with a decent explanation, other than they only block data harmful to their revenue, I’d be glad to hear it. They don’t care if some kiddie hacks into your computer, and turns it into a file dump, as long as you pay for the traffic. Alas, if you touch their voice revenue with a VoIP application, they will go to any length to “protect” you.

RFID, which stands for Radio Frequency Identification, is ubiquitous in our lives. We find RFID tags in our library books, grocery, consumer goods, printer cartridges, and are even implanted into people’s bodies.

The basic principle behind RFID is that a simple, passive device responds to a burst of RF with a unique number, which can be used to identify the object to which the device is attached. There are many types of tags, some of them can even be written to. When I have the time, I will write an in-depth article on this subject.

RenderMan, Thorn and Audit have written a book on this topic, titled RFID Security. You can get this book at Amazon.com. RenderMan is very active in the Church of WiFi, Thorn has participated in other books, such as Wardriving: Drive, Detect, Defend. Audit is a very active moderator of the Netstumbler forums, hosts personalwireless.org, and also participates in many WiFi-related projects.

Believe me, I tried. Frustration was high, but so were spirits. The challenge: to purchase videos from Apple’s US iTunes store, while not being a United States citizen, nor living in the country.

For some obscure reason which they don’t make public, but one can guess emanates from the RIAA, Apple does not allow you to purchase music or other content in their iTunes stores, unless you are from the country that the store belongs to. So, a UK citizen cannot buy music in the US iTunes store, and so on. Fine. Whatever DRM was for…

It is very frustrating to see that in your music store, Bowling for soup only has some 70 songs available, whereas the US music store has 150 songs.

Being based in Barcelona, Spain, I was stuck in the spanish iTunes store. The Office videos (both seasons), were however stuck in the US iTunes store. I would have been quite happy to pay the $2 they asked for each show. I firmly believe in paying fair prices for good, reliable content, and so I set about trying to break down the barriers set against being a satisfied costumer.
(more…)

This is where my blog starts – intending to discuss technology-related issues from a different perspective than usually given.

If you search around, you will find hundreds of blogs dedicated to technology, from Mac fans to hackers finding how to modify roomba robots. However, there are a good many of these blogs that don’t present the other side of the technology, the reason why things behave the way they do.

I intend to dwell deeper into these aspects, and focus on issues that are usually looked over, and also explain how to do stuff I found difficult or poorly documented.