Archive for January, 2012

Konsidered a waste of time

OK, so I eventually finished listening to the 793 songs in the 2011 SXSW torrent and rating them all. This was a while ago, but it was only yesterday that I reorganised some stuff in the collection and remembered that the couple of gigabytes of mediocrity was sitting there. It was clearly time to implement the TYR Band-Pass filter, my objective methodology for filtering musical slushpiles.

So I frobbed around Amarok until I found the “Automated Playlist Generator” hiding under a rock, and then fiddled with it until I understood the UI-only-a-hacker-could-imagine. Seriously, it would have been easier to just provide a command prompt on the underlying database. (Does a “Match All” Constraint Group match both any rules of its own and also the output of a “Match Any”? Search me, guv, because you can search your hard disk and not find any documentation.)

And it gave me 32 tracks, all with a rating of zero. Now that is a valid output from the filter. Or it would be if there were no tracks rated above the upper limit, 3.5. And I gave out quite a few 5s. So I check in the pile. All the ratings are gone. This isn’t quite as bad as the phase KAddressBook and Akonadi went through a couple of years ago when they regularly, randomly, truncated my contacts file from 269KB to 10.8KB – always exactly the same – and inserted helpful invalid characters. (Fortunately they also left a renamed copy of the original file, so you could just restore from backup.) But it’s pretty shit. Any software that randomly destroys user data has failed and failed horribly. It’s the antithesis of polite software.

But it did produce 32 tracks, so there must be a wrong copy of the data somewhere, which suggests that there might also be a right one.

Meanwhile, I’ve been reading the traffic on kdepim-l about KMail 2 with horror and an increasing sense that KDE is going spongy. Even without anything related to Akonadi actually working, long after the last lot of performance bugs were closed, it still has a nasty habit of keeping the hard disk active for half an hour at a time, doing what? KM2 users report rampant loss of data and of meta-data. And I don’t have a working desktop search utility despite years of promises about Akonadi and Nepomuk and Strigi and “semantic desktop”.

Think about it like this – a new era KDE application that needs to read data from your contacts file, a vCard sitting somewhere in your .kde4 directory, is meant to go to an “akonadi_vcal_resource” that’s mediated by the common Akonadi API and no less than two RDF triplestore databases (Redland and Virtuoso). What happened to the filesystem?

So, I’m going to initiate a new, innocent laptop into the twisted cult this week. And I think I’m quitting the KDE world. I’m not the only one – from 25 killer Linux apps to When you first launch KMail,

it will terminate with a ‘Failed to fetch the resource collection’ error. KMail doesn’t have a default incoming mail directory configured, which causes this error. The workaround involves using Akonadi to specify a maildir location for KMail. To do this, launch the Akonadi Configuration tool and point the Local Folders to /.kde4/share/apps/kmail2/.

Well, I’ve never had that error but my install crashes every time it launches, and only ever works on the second time of asking. Of course, I could spend all my time maintaining this particular e-mail client. Don’t all write at once.

Advertisement

Is there a drone bubble? It’s not clear whether this is more like the .com bubble, when a lot of useful stuff was built but a couple of years too early, or more like the housing bubble, when a lot of stuff was built in the wrong places to the wrong standards at the wrong prices and will probably never be worth much. It’s the nature of a bubble, of course, that it’s precisely at the top of the bubble that the commitment to it is greatest.

One of the things the RQ-170 incident tells us about is some of the operational limitations of the drones. Typically, they are piloted in the cruise from locations that may be a long way off, using satellite communication links, but when they land, they do so under local control via line-of-sight radio link from their base. This allows us to set some bounds on how much of a problem link latency really is, which will take us circling back to John Robb’s South Korean gamers.

Gamers are famous for being obsessed with ping-times – the measurement of round-trip latency on the Internet – because it’s really, really annoying to see the other guy on your screen, go to zap’em, and get zapped yourself because it took longer for your zap to cross the Internet than theirs. Typically you can expect 40 or so milliseconds nationally, 60-80 inter-continentally…or several hundred if a satellite or an old-school cellular operator with a hierarchical network architecture is involved. A sat hop is always clearly identifiable in traceroute output because latency goes to several hundred ms, and there’s a great RIPE NCC paper on using the variations in latency over a year to identify the satellite’s geosynchronous (rather than geostationary) orbit as the slant-range changes.

On the other hand, roundtrip latency across an airfield circuit a couple of miles wide will be negligible. So we can conclude that tolerable latency for manoeuvring, as opposed to cruising, is very little. Now, check out this post on David Cenciotti’s blog from January 2010. Some of the Israeli air force’s F-15s have received a new communications radio suite specifically for controlling UAVs.

You might now be able to guess why even drone pilots are going through basic flight training. Also, this post of Cenciotti’s describes the causes of six recent hull losses, all of which are classic airmanship accidents – the sort of thing pilot training is designed to teach you to avoid.

That said, why did all those drones get built? The original, 1980s UAV concepts were usually about the fact that there was no pilot and therefore the craft could be treated as expendable, usually in order to gain intelligence on the (presumably) Soviet enemy’s air defences by acting as a ferret aircraft, forcing them to switch on the radars so the drone could identify them. But that’s not what they’ve been doing all these years.

The main reason for using them has been that they are lightweight and have long endurance. This is obviously important from an intelligence gathering perspective, whether you’re thinking of over-watching road convoys or of assassinating suspected terrorists (and there are strong arguments against that, as Joshua Foust points out). In fact, long endurance and good sensors are so important that there are even so-called manned drones – diesel-engined, piloted light aircraft stuffed with sensors, with the special feature that they fly with intelligence specialists aboard and provide a much faster turn-around of information for the army.

Their limitations – restricted manoeuvre, limited speed and payload, and high dependence on communications infrastructure – haven’t really been important because they have been operating in places and against enemies who don’t have an air force or ground-based air defences and don’t have an electronic warfare capability either. Where the enemy have had man-portable SAMs available, as sometimes in Iraq, they have chosen to save them for transport aircraft and the chance of killing Americans, which makes sense if anti-aircraft weapons are scarce (and surely, the fact of their scarcity has to be one of the major unreported news stories of the decade).

But then, the war in Iraq is meant to be over even if the drones are still landing in Kurdistan, and the US may be on its way to a “pre-1990” military posture in the Gulf. This week’s strategic fashion is “Air-Sea Battle” and the Pacific, and nobody expects anything but the most hostile possible environment in the air and in the electromagnetic spectrum. And the RQ-170 incident is surely a straw in the wind. Also, the Bush wars were fought in an environment of huge airfields in the desert, and the ASB planners expect that the capacity of US bases in Japan and Guam and the decks of aircraft carriers will be their key logistical constraint. (The Russians aren’t betting everything on them either.)

I think, therefore, it’s fair to suggest that a lot of big drones are going to end up in the AMARC stockpile. After the Americans’ last major counter-insurgency, of course, that’s what happened. The low-tech ones are likely to keep proliferating, though, whether as part of the Royal Engineers’ route clearance system or annoying the hell out of Japanese whalers or even playing with lego.

The fact that a majority of this year’s graduates from USAF basic pilot training are assigned to drone squadrons has got quite a bit of play in the blogosphere. Here, via Jamie Kenny, John Robb (who may still be burying money for fear of Obama or may not) argues that the reason they still do an initial flight training course is so that the pilot-heavy USAF hierarchy can maintain its hold on the institution. He instead wants to recruit South Korean gamers, in his usual faintly trendy dad way. Jamie adds the snark and suggests setting up a call centre in Salford.

On the other hand, before Christmas, the Iranians caught an RQ-170 intelligence/reconnaissance drone. Although the RQ-170 is reportedly meant to be at least partly stealthy, numerous reports suggest that the CIA was using it among other things to get live video of suspected nuclear sites. This seems to be a very common use case for drones, which usually have a long endurance in the air and can be risked remaining over the target for hours on end, if the surveillance doesn’t have to be covert.

Obviously, live video means that a radio transmitter has to be active 100% of the time. It’s also been reported that one of the RQ-170’s main sensors is a synthetic-aperture radar. Just as obviously, using radar involves transmitting lots of radio energy.

It is possible to make a radio transmitter less obvious, for example by saving up information and sending it in infrequent bursts, and by making the transmissions as directional as possible, which also requires less power and reduces the zone in which it is possible to detect the transmission. However, the nature of the message governs its form. Live video can’t be burst-transmitted because it wouldn’t be live. Similarly, real-time control signalling for the drone itself has to be instant, although engineering telemetry and the like could be saved and sent later, or only sent on request. And the need to keep a directional antenna pointing precisely at the satellite sets limits on the drone’s manoeuvring. None of this really works for a mapping radar, though, which by definition needs to sweep a radio beam across its field of view.

Even if it was difficult to acquire it on radar, then, it would have been very possible to detect and track the RQ-170 passively, by listening to its radio emissions. And it would have been much easier to get a radar detection with the advantage of knowing where to look.

There has been a lot of speculation about how they then attacked it. The most likely scenario suggests that they jammed the command link, forcing the drone to follow a pre-programmed routine for what to do if the link is lost. It might, for example, be required to circle a given location and wait for instructions, or even to set a course for somewhere near home, hold, and wait for the ground station to acquire them in line-of-sight mode.

Either way, it would use GPS to find its way, and it seems likely that the Iranians broadcast a fake GPS signal for it. Clive “Scary Commenter” Robinson explains how to go about spoofing GPS in some detail in Bruce Schneier’s comments, and points out that the hardware involved is cheap and available.

Although the military version would require you to break the encryption in order to prepare your own GPS signal, it’s possible that the Iranians either jammed it and forced the drone to fall back on the civilian GPS signal, and spoofed that, or else picked up the real signal at the location they wanted to spoof and re-broadcast it somewhere else, an attack known as “meaconing” during the second world war when the RAF Y-Service did it to German radio navigation. We would now call it a replay attack with a fairly small time window. (In fact, it’s still called meaconing.) Because GPS is based on timing, there would be a limit to how far off course they could put it this way without either producing impossible data or messages that failed the crypto validation, but this is a question of degree.

It’s been suggested that Russian hackers have a valid exploit of the RSA cipher, although the credibility of this suggestion is unknown.

The last link is from Charlie Stross, who basically outlined a conceptual GPS-spoofing attack in my old Enetation comments back in 2006, as a way of subverting Alistair Darling’s national road-pricing scheme.

Anyway, whether they cracked the RSA key or forced a roll-back to the cleartext GPS signal or replayed the real GPS signal from somewhere else, I think we can all agree it was a pretty neat trick. But what is the upshot? In the next post, I’m going to have a go at that…