Archive for the ‘Planes’ Category

« Older Entries
Newer Entries »

Random notes: May 29, 2013.

Wednesday, May 29th, 2013

The NYT is absolutely indignant that the ceremonial throwing out of the first pitch at baseball games has evolved from a…

…honor was extended only a few times a season to a rarefied group that included presidents, mayors and military veterans. These days, it is regarded as a marketing opportunity, a sweetener in sponsorship deals between baseball teams and groups that want a piece of the spotlight.

In other news, water is wet and fire is hot. More:

The rite, now carried out nightly, is handed to actors and reality television stars, sponsors’ representatives and contest winners, and people dressed as animals as well as actual animals.

A capuchin monkey carried the ball out for a San Diego Padres game in September. Twice in the last two seasons, the Los Angeles Dodgers have welcomed to the mound Hello Kitty, or, rather, a person dressed as Hello Kitty.

Sometimes, there are ceremonial second, third, fourth and fifth pitches. The day after making his major league debut this month, John Gast, a promising pitcher for the St. Louis Cardinals, crouched up and down to catch five pitches. The honorees that day were Edward Jones, a financial planning company; the National Geospatial-Intelligence Agency; the Washington University School of Medicine; a local radio station; and the Cystic Fibrosis Foundation.

Question left unanswered by the paper of record: do the ceremonial second, third, fourth, and fifth pitches cost less for the sponsors than the first pitch?

Also in the NYT: Antoni Krauze, a Polish film director, is working on a feature film called “Smolensk” about the 2010 plane crash that killed the Polish president and 95 other people. But “some leading Polish actors have refused to participate”, and the NYT sees this, and other events, as reflecting deep divisions in Poland over the crash.

The range of conspiracy theories is dizzying. So-called truthers accuse the Kremlin of pumping artificial fog over the runway, planting explosives on the plane and doctoring and then sewing victims’ bodies back together in fake autopsies. Some even contend that the Kremlin murdered Kaczynski because he had traveled to Georgia in 2008 to support that country in its war with Russia.

Posted in Art, Clippings, Movies, Planes, Sports | Comments Closed

Just one more thing…

Wednesday, May 15th, 2013

As long as we’re talking about Lawrence’s review of General Idi Amin Dada, I have a question that’s bugging me, and I know I have some aviation buffs in my audience.

What are these planes? I apologize for the pictures: they are actually screen snapshots from the DVD, and I tried to get ones that showed the best possible angles. Click to embiggen.

vlcsnap-2013-05-15-17h01m58s204

vlcsnap-2013-05-15-17h03m36s240

vlcsnap-2013-05-15-17h07m18s150

Lawrence suggested they might be MiGs, and I know the Ugandan Air Force had MiG-15s and MiG-17s. But both the 15 and 17 have a really blunt open nose, while these planes have a more rounded one. I don’t think these are Fouga Magisters either, because they lack the V-tail. I believe these are some sort of two seat jet trainer, and they may be French. But I can’t tell, and it really bugs me that I can’t figure it out. Maybe if I’m lucky Tam will see this. For some reason, I’ve also got in my head that the good and great Brian Dunbar knows his planes. And, of course, there’s RoadRich…

Okay. I lied. One more “one more thing”, just because this amuses me, and I’m pretty sure it amused Lawrence as well.

The Suicide Revolutionary Jazz Band

(Okay, one last thing. It irritates the fire out of me that Apple disabled screen captures from DVD Player in the Grab utility. And they don’t just throw up a “You can’t do this” popup: Grab lets you do the capture, but the resulting file is just a checkerboard grey and white pattern. Fortunately, VLC will a) playback DVDs, and b) even has a built-in “Snapshot” menu option. Hurray open source.)

Posted in Apple, Lazyweb, Movies, Planes | 3 Comments »

Can’t afford it.

Monday, May 6th, 2013

Have no practical use for it.

Camera is not included.

Want one anyway.

(I wonder if you could build a business around this device.)

Posted in Photography, Planes | Comments Closed

The further on the edge, the hotter the intensity.

Wednesday, February 13th, 2013

egress1

egress2

(This isn’t an actual F-16 cockpit, but a “cockpit egress trainer”.)

(We would also have accepted “You ever been in a cockpit before?”)

(Subject line hattip for the younger set.)

Posted in History, Photography, Planes | Comments Closed

Another bookmark.

Sunday, January 13th, 2013

Even though it has one strike against it (being written by A.G. “a vegetarian at Arthur Bryant’s” Sulzberger), and even though FARK linked it, I still wanted to tag this article:

Two Men, One Sky: A Flight to the Finish.

Or, the true story of two guys who took off from Zapata, Texas one morning last July in an attempt to set the world record for flying the longest distance…in a hang glider. One of them flew 472 miles in 11 hours (the previous longest flight was 438 miles). And the other one? I’m not going to spoil it for you.

Posted in 2013, Clippings, Planes, Reading list | Comments Closed

Random notes: January 2, 2013.

Wednesday, January 2nd, 2013

“It is my belief that any commander that orders pilots out for combat in a F2A-3 should consider the pilot as lost before leaving the ground,” wrote Capt. P. R. White of the Marines.

Would you like to make great coffee and espresso? Well, you could get the NYT to pay for you to take classes from people with names like “Ant”. And you could pay anywhere from $100 to $600 for a burr grinder.

Or instead you could read this rant by Stingray, which pretty much tells you everything important about making good coffee. (Language warning on that link, just FYI.)

I do think there’s something to be said for the NYT piece:

The essence of good espresso, of good coffee in general, revolves around three numbers: the amount of quality dry coffee used, the amount of time water flows through it and the amount of coffee that comes out the other end. When the ratio is right, the process extracts the best flavor. If it is wrong, the good flavor never surfaces or is watered down. A mistake in seconds or grams, I am coming to learn, is the difference between something wonderful and awful.

It seems like the important thing is to use good coffee, use enough of it, and don’t let it sit and burn. Unless you’re a supertaster (which I am not), I doubt you can tell the difference between a $250 burr grinder and a $10 blade grinder, or an AeroPress versus a Chemex.

It isn’t rocket surgery, folks. It’s just coffee.

Posted in Clippings, Food, History, Planes | Comments Closed

Reno.

Tuesday, August 28th, 2012

The 2012 Reno Air Races are, in theory, just over two weeks away.

I qualify this with “in theory” because when I went to their site to check on the date, I got a big pop-up offering me the opportunity to donate money. You see, the insurance premium has gone up to $1.7 million this year, and has to be paid by September 1st. I’m not sure what’s going to happen if they don’t come up with the money by September 1st (though I’d be surprised if someone didn’t step up and make up any shortfall).

(Noted: “The Reno Air Racing Association is a not-for-profit, 501(c)(4) organization, which means that contributions to RARA are NOT tax deductible, though they are appreciated and much needed.”)

But I digress. What prompted this was a short article in the NYT claiming that the NTSB has figured out why “Galloping Ghost” crashed last year.

Rather than linking to the NYT article (which amounted to one paragraph), I thought I’d link directly to the NTSB report. Except the final report apparently isn’t out yet: what the NTSB has on their site is a press release, dated yesterday, and linking to a synopsis of the report.

In case you were wondering:

The National Transportation Safety Board determines that the probable cause of this accident was the reduced stiffness of the elevator trim tab system that allowed aerodynamic flutter to occur at racing speeds. The reduced stiffness was a result of deteriorated locknut inserts that allowed the trim tab attachment screws to become loose and to initiate fatigue cracking in one screw sometime before the accident flight. Aerodynamic flutter of the trim tabs resulted in a failure of the left trim tab link assembly, elevator movement, high flight loads, and a loss of control. Contributing to the accident were the undocumented and untested major modifications to the airplane and the pilot’s operation of the airplane in the unique air racing environment without adequate flight testing.

Posted in Clippings, Planes | Comments Closed

DEFCON 20 updates (round 2).

Thursday, August 2nd, 2012
  • Here’s a link to the slides from Terrence Gareau’s “HF Skiddies Suck, Don’t Be One. Learn Some Basic Python” presentation. I’m not complaining, but be advised that this is a large download (620 MB ZIP file) with video and code examples. Also be advised that, based on a very brief preliminary skim of the file, there may be some NSFW material in the presentation.  (Also not a complaint, but an observation.) I’d like to thank Mr. Gareau for making this available: his presentation is the only one in the “DEFCON 101” track that I’ve found so far.
  • Added a link to Renderman‘s presentation on ADS-B hacking, “Hacker + Airplanes = No Good Can Come Of This” to the day 2 notes.
  • Josh Brashars (who is a heck of a nice guy) and I have exchanged emails, and he’s graciously allowed me to temporarily host the version of his “Exploit Archaeology: Raiders of the Lost Payphones” presentation from the DEFCON 20 DVD. Of course, iDisk no longer exists (NOT that I’m BITTER or anything) and WCD’s hosting provider/WordPress implementation has a 10 MB file size limit, so I’m using Dropbox to host this file. Let me know if it doesn’t work.

Posted in DEFCON 20, Geek, Planes, Python, Radio | Comments Closed

DEFCON 20 notes: day 2.

Sunday, July 29th, 2012

Note: I’ve updated the day 1 notes with a couple of things I forgot to include last night.

Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2“:MS-CHAPv2 is a wildly popular authentication protocol. For example, DEFCON’s “secure” network uses MS-CHAPv2. People have been attacking CHAP for a while now, but most of the attacks are dictionary attacks, where you use asleap and throw a word list at it, hoping the user picked a weak password.

So is MS-CHAPv2 security password dependent? That’s a reasonable assumption, but not true.

If you look at the details of the MS-CHAPv2 handshake (Moxie had a good visualization, which I can’t find online or I’d link to it here) there’s only one unknown: the MD4 hash of the user’s password. Everything else is sent in the clear, or can be derived from known information.

MS-CHAP does a series of three DES encryptions on the user password. But it isn’t 3DES: it is just three DES encryptions with three keys. One of those keys is padded so it is really only two bytes, which makes it easy to crack. The other two encryptions use the same plaintext; the end result is that the complexity of cracking MS-CHAP DES reduces to about the same as normal 56-bit DES, 2 to 56th power.

Enter the folks at Pico Computing, about whom I have written before. Pico built a machine with 48 FPGA chips, each with 40 cores running at 450 MHz, to attack DES. This machine can search the whole keyspace in about 23 hours. And Pico has come up with some clever optimizations for the FPGAs: preconfiguring memory, reducing the bus down to “key found/key not found” (since searching the keyspace is linear, if you know when the bus went to “key found”, you can figure out what the key is), and possibly just using JTAG instead of a bus.

“So what,” you say. “I don’t have a single FPGA, let alone 48 of them.”

Enter chapcrack. Do a packet capture, point chapcrack at it, and chapcrack will pull out the MS-CHAP handshake, in a handy form which you can submit to…

CloudCracker.com, which now supports MS-CHAPv2 attacks. Estimated turn-around time is one day. Woo hoo woo hoo hoo.

(Edited to add: Added a link to a blog post by Moxie Marlinspike summarizing his and David Hulton’s (of Pico Computing) presentation 8/1/2012.)

“Exploit Archaeology: Raiders of the Lost Payphones”:More of a fun panel than a practical one, covering all the stuff the presenter went through to find documentation and tools for an old Elcotel payphone he was given. Among other things:

  • The upper housing lock (which covers the internal phone mechanism, including the reset to defaults button) is a relatively easy to pick 3-pin lock (with “anti-impressioning divots”).
  • The lower housing (where the money is stored) is a much harder to pick 4-pin lock. But the presenter got lucky…
  • You also need a special tool, called a T-wrench, to do certain things. The presenter was able to improvise one…

So once you’ve got a payphone, what can you do with it? You can hook it to an ATA and connect to an Asterisk system, and have some fun that way. (The presenter pointed out that by law, 911 calls are required to be free. So he had some fun connecting the payphone to his Asterisk system, and configuring it so dialing 911 on the payphone got an outside line through Asterisk.)

Anyway, it turns out that there are three ways to program/reprogram these phones: there was specialized software available (Elcotel has been out of business for years, but the presenter managed to get a copy of the software, crack it, and get it running), local telemetry (where you open up the upper housing, reset the phone, and let it guide you through voice prompts for reprogramming), or remote telemetry (the phone has a modem). VOIP, by the way, is not well suited to modems.

Some notes:

  • these phones have a default ID of 9999
  • a default password of 99999999
  • a secondary password of 88888888
  • The phone ID is generally set to the last four digits of the phone number.
  • And the passwords are frequently left at the default.

There’s some other fun stuff you can do with an old payphone. For example, the presenter managed to rig up his phone, a Pwn Plug, and some custom scripting into a system that allows you to run NNmap port scans over the phone. But I’ll leave details of that for his presentation when he puts it up.

Into the Droid: Gaining Access to Android User Data“: Excellent presentation covering some of the ways you can get user data out of an Android device, even if it is locked or encrypted. For example:

  • you can use the abootimg tool to create a custom boot image, intercept the phone’s bootloader, and force it to use your image.
  • Special USB debug cables work on some devices.
  • The salt for the lockscreen and system passwords can be pulled out of specific locations on the device and cracked with something like oclhashcat-lite. (See the presentation for specific details on where the salt and key are located.)
  • Applications with no permissions can still create a root shell and send information back to an end user (by hiding data in URL parameters, for example).
  • There’s a specific distribution, Santoku Linux, designed for mobile device forensics (both IOS and Android). This is a work in progress, per the presenter…

(While I’m at it, let me say that I’m really impressed with viaForensics, especially their presentation page. Not only did they have the DEFCON presentation up, but it looks like there’s a lot of other good stuff there as well. I’m particularly interested in “iPhone Forensics with free and/or open source tools” and the “Android Forensics Training Presentation“.)

“Off Grid Communications with Android – Meshing the Mobile World”: Solid presentation discussing the Android networking stack, hacking the stack and flipping chipsets into ad-hoc mode, and network routing algorithms. End result: the SPAN project on github, which provides open-source tools for Android mesh networks. (There’s also a paper in that repository that covers the same ground as the presentation, including sexy diagrams of the Android network stack.)

“The Safety Dance – Wardriving the Public Safety Band”:Basically: public safety providers are moving into the 4.9 GHz band. And it is possible to monitor their traffic using equipment bought for cheap off eBay, or equipment that, with the right drivers, can be tuned down to 4.9 GHz. One of the presenters has a blog entry here that covers some of what was in the presentation, and the github repository of their patched drivers, etc. can be found here.

I missed Kaminsky’s “Black Ops” presentation for reasons of the Penn and Teller theater being full, and I can’t find it online (yet). So I wandered over to Renderman’s “Hacker + Airplanes = No Good Can Come Of This” and got there a little late; late enough, as it turned out, that I missed Renderman observing that he was constantly being scheduled on panels opposite Kaminsky, and darn it, he’d really like to see a Kaminsky panel.

But I digress.

So have you ever wondered how things like PlaneFinder work? As part of the government’s efforts to bring air traffic control into the 20th Century, they’ve implemented something called ADS-B. Planes equipped with ADS-B transmitters send out data (such as their aircraft ID, altitude, GPS coordinates, bearing, and speed), which is picked up by ground stations and fed into the systems that feed PlaneFinder and other such sites. There’s two types: ADS-B Out, which is sent automatically as a broadcast, and ADS-B In, which allows planes to listen to each others ADS-B Out broadcasts, so that (in theory) they’re aware of each other without needing air traffic control.

(According to the presentation that followed Renderman, ADS-B is at about 70% penetration for commercial aircraft, and much lower for general aviation. The government’s goal is to have the majority of traffic on the system by 2020.)

When does this get interesting? Right about now. First of all, anyone can build a ground station and receive ADS-B broadcasts. Renderman has. (I understand there’s been quite a bit of work on using cheap-ass USB digital TV tuners as ADS-B receivers.) That gets you access to the flight data going over your head.

But wait, there’s more! ADS-B has no authentication and no encryption built in. That means anyone with the proper equipment (a radio that transmits at 1090 MHz) can spoof ADS-B broadcasts.

Remember the part above about how planes could use ADS-B to keep track of each others positions,  bypassing ATC? Have you booked your Amtrak ticket yet?

As ADS-B usage grows, attacks are likely to become more disruptive. What happens if someone starts jamming ADS-B signals? Or inserting fake flight data? Or has the same fake plane in two places at once? The official response, according to Renderman, boils down to “trust us”. “Us” being the same folks who brought you Operation Fast and Furious. Pull the other one, guys; it has bells on.

Edited to add: Link to Renderman’s slides for this presentation added 8/1/2012.

“Busting the BARR: Tracking ‘Untrackable’ Private Aircraft for Fun & Profit”: A semi-related panel to Renderman’s. So how does PlaneFinder get the data that comes from ADS-B broadcasts? The FAA has a feed (called ASDI: Aircraft Situation Display to Industry); they’ll send you the data in XML format, and you can parse it and display it and hug it and squeeze it and call it George, if you want.

However, the FAA also has something called the “Block Aircraft Registration Request”. If you’re someone who doesn’t want their flight information made public, you can put your aircraft on the BARR list. This doesn’t strip your data out of the ASDI feed; that’s still there, but sites that use ASDI (like FlightAware) can’t display information for flights on the BARR. (If you want to subscribe to the ASDI feed, write an XML parser, and be notified every time Jay Z’s plane takes off and lands, more power to you. You just can’t share that information with others.)

So how did the presenters work around that? Their project basically comes down to:

  1. Monitoring LiveATC.net and downloading ATC communications.
  2. Using speech recognition to pull out flight information (such as tail numbers of planes).
  3. Profit. Or in this case, OpenBARR.net, which is still in testing.

That was enough excitement for one day. I seriously thought about entering the DEFCON Beard Competition, but I couldn’t tell if there was a cash prize and I don’t want the IOC revoking my status as an amateur.

Posted in Android, DEFCON 20, Geek, Planes, Radio | 5 Comments »

-2 Day DEFCON 20 notes.

Monday, July 23rd, 2012

The schedule for DEFCON 20 is up.

Lawrence reminded me on Saturday that I also had not solicited panel requests, so this is your pre-DEFCON 20 post.

I’m flying out Wednesday morning and getting to Las Vegas around 1 PM. I’m hoping to visit the Mob Museum (just because it is new since my last visit, and I haven’t seen it) and to make a return trip to the two bookstores I visited last year. Lotus of Siam is also required.

There is some stuff going on at DEFCON on Thursday:

Here’s what I’m interested in on Friday:

Saturday, we have a possible tie for this year’s “Hippie, PLEASE” panel:

I shan’t be attending either. The Saturday panels I am interested in:

Sunday! Sunday! Sunday! Live at DEFCON 20! Nitro-burning FUNNY CARS!

So that’s that. If anyone has any specific panel requests after looking over the posted schedule, let me know (by email on in the comments), and I’ll try to hit those events. Also, if anyone has any recommendations for new, cool, or interesting places to eat in Vegas, feel free to leave those in comments.

(Edited to add: It’s a Borepatch-o-lanche! Thank you, brother man!)

Posted in Android, DEFCON 20, Food, Geek, Planes, Python | 4 Comments »

Just like a row of dominos.

Monday, July 2nd, 2012

First, Stockton. Now the California city of Mammoth Lakes has filed for bankruptcy.

Interestingly, this does not appear to be a municipal pension or bond problem. Instead, the city lost a lawsuit against a developer, who was awarded $43 million in damages. The developer agreed to make improvements to the local airport (Mammoth Yosemite Airport) in return for rights to build a $400 million hotel on part of the airport property, along with an option on the land.

However, it seems that the city discovered there were issues with FAA policy with respect to the airport improvements, and decided they’d delay the hotel project, at which point the developer sued and won. The LAT specifically mentions that both parties wanted to extend the airport runway to handle 757s. Looking at this document, I think we’re talking roughly 2,500 meters or about 8,200 feet as the bare minimum runway length needed to handle a 757. (The actual takeoff and landing distance depends on airport elevation, atmospheric conditions, weight, and a host of other factors. as shown in the charts. According to various sources, Mammoth Lakes is at an altitude of about 7,900 feet, though the airport is at 7,135 feet according to AirNav. AirNav also shows the two active runways at 7,134.8 feet and 7,061.4 feet. So we’re talking probably a minimum of 1,200 additional feet of runway, maybe more if you want to have some margin.)

Posted in California Über Alles, Clippings, Law, Planes, Politics | 1 Comment »

Noted for future reference.

Friday, February 17th, 2012

All that airline stuff reminded me of a story I’d read a long time ago in Reader’s Digest.

I ended spending far more time than I needed to trying to track down that story (in part because I had both the title and the author’s name mangled). So just in case I want to refer to it in the future, and for the benefit of my readers (full-service blogging experience here, people; also, I think Frankie Housley should not be forgotten):

Wikipedia entry for Frankie Housley.

Knoxville “Metro Pulse” article on Frankie Housley (by way of the Wayback Machine).

MacKinlay Kantor’s “A Girl Named Frankie”.

Posted in Clippings, Heroism, Obits, Planes | Comments Closed

« Older Entries
Newer Entries »