19 February 2011

Kiwi Flight Part 1: Hexa XL Mikrokopter Beginner Steps

Today was the first flight of my Hexa XL.  I drove to Kosice (in Slovakia) two weekends ago, spending around 12 hours on the road (there and back again).  From his small (but extremely well-organised and well-stocked) apartment, Ing. Miroslav Vasilko completed the construction of the kit of the Hexa XL, based on the sophisticated design of the Mikrokopter team in Germany.

First glimpse in Miroslav's office

Doesn't everyone have a 3D milling machine in their office?
The smart electronics of the MK

Test flight with experienced pilot

We rented a gymnasium for the test flight, and Miroslav showed me the basic controls for its maiden flight, which verified everything was nicely operating and well-balanced.  I wasn't quite ready to take the controls for a full cycle of take-off and landing, but I learned the basics of how to increase thrust and rotate the machine left or right.

I returned to Vienna, and started my training by installing a RC Helicopter flight simulator on an old Windows XP laptop.  I immediately learned that the simulator was a great investment.  I must have crashed the virtual choppers at least a hundred times, learning the basics of the dual joystick controls.
My JR DSX11 RC controller

The simulator controller looks a little different from the RC controller.  Its controls also function a little differently too, so I was a little nervous when I finally found the opportunity to take my Hexa out for some actual flight time. 

Having never flown any sort of Radio-Control model aircraft before, I was a little nervous about how I would manage the XL.  Although it has a reputation as a very stable platform, and despite my dozens of hours on the simulator, I was not looking forward to a possible crash.

Today's weather was overcast, with sporadic rain showers -- again, not ideal for a maiden flight, especially with a slightly gusty wind.  After shopping for the week's groceries, it was after 2 p.m. before I headed outside, determined to give it a decent go.  It was 3 degrees Celcius, so I didn't want to stay outdoors for too long.

Near my house is an empty field, which during summer is worked for silage crops by one of the local farmers.  I set up my video camera on a tripod, and set down the XL onto the ground.  I ran a few pre-flight checks, then started the engines.  The first few minutes were spent edging closer and closer to lift-off, but each time I noticed the platform was uneven, tipping one way or another, so I eased off on the power.

After adjusting the balance of the empty camera holder mounted underneath, I decided to use the roll and pitch controls to compensate for the apparent instability during takeoff, as well as ensuring that the nose was pointed into the prevailing wind.   Somehow, I found the right combination, and had the thrill of my first flight!

As you will see in the linked video, I still have some issues about the height controls.  Even though I make tiny adjustments to the throttle, I find that the challenge of maintaining a constant height is not easy, and once or twice I bounced the craft off the ground, before recovering again.  I'm trying to fly nose-out, as this is how I trained in the simulator.  The Hexa has been set up with brightly colored LEDs to show the nose, but I didn't always keep the correct orientation.

After a few bounces, I realized I could call them "test landings", and when I was ready, guided the bird in for its "official" touch down.  Who says kiwis can't fly?

29 September 2010

2010: Weaponized Cyberwar has arrived

The recent series of reports on the Stuxnet worm shows that Information Security specialists are facing a whole new order of threats, none of which were unexpected. Hidden inside its 600 kb payload are all sorts of tricks and traps, which have amazed and impressed every researcher who's looked into it.

First, this is not a normal worm. It uses something known as "zero-day" vulnerabilities -- undisclosed or as yet undiscovered vulnerabilities, usually found in Windows or its associated software (Adobe Flash and Acrobat have been particularly egregious in this regard.)

Unlike most other malware, however, Stuxnet deploys (according to Symantec) a total of four new zero-day defects in Windows -- a major achievement for any virus. But it doesn't stop there -- in addition, it includes two stolen certificates used to sign drivers, taken from a couple of Taiwanese manufacturers.

Recent research suggests that Stuxnet also hides itself among specialized files (known as Siemens SIMATIC Step 7), and even after being cleaned using regular techniques, it can re-infect PCs which use such software.

Why Step 7? Because this malware is highly targeted -- it focuses its effort on reaching Windows PCs with attached PLCs -- Programmable Logic Controllers, which are heavily used in industrial control processes, power plants -- and not surprisingly, nuclear laboratories.

Which has led many commentators to suspect that the target of Stuxnet is one, very specific, and highly sensitive location -- the Bushehr nuclear power plant in Iran. This view is supported by the analysis of Symantec's Patrick Fitzgerald, whose team found that 58.8 per cent of infections were in Iran, 18.2 per cent in Indonesia, 8.3 per cent in India, 2.6 per cent in Azerbaijan and 1.6 per cent in the US.

Furthermore, the payload for this worm is heavily customized to focus on one very specific configuration of PLC logic -- to the extent that the PLC will be ignored if it doesn't match exactly. What this implies is that a particular target was in mind. It's only speculation, but it could be linked to nuclear centrifuges, or critical cooling systems associated with the production of nuclear fuel.

Why, and more importantly, who has the capability and the motivation to do something like this? The sophistication of Stuxnet strongly suggests we are dealing with a small, highly skilled team, using intelligence about a specific target. Furthermore, this team has the resources to buy or discover independently four new zero-day vulnerabilities (which are valuable items in underground hacking markets), as well as stealing two signing certificates.

The only logical conclusion is a government-based cyberwar team. The likely candidates are the USA (CIA or NSA) and Israel (Mossad or IDF Unit 8200) -- both of whom are likely to wish to disrupt Iranian nuclear developments. We'll probably never know for sure, but there does seem to be a strong correlation of the worm's spread with delays in Bushehr's operations.

Why is this significant? Well, it exposes several well-known risks, and some new ones. First, Siemens' reluctance to change default passwords for its software, fearing collateral damage due to stupid administrators. Secondly, one of the primary vectors for infection was the AUTORUN "feature" of Windows, meaning that every USB key inserted into a computer is a potential plague vector (and which also provides a way to infect computers not attached to the Internet.)

The biggest risk here in my view is that we have been given a glimpse of the future of Cyberwar -- a threat which I have in the past considered negligible, but now think is starting to build. It's as if we are snorkeling just below the surface on a peaceful blue ocean, and have just seen a great monster in the depths below us, rising out of the darkness. This monster is military-grade cyberwar, and the consequences will be more investment in such weapons, and potential collateral damage as the titans of the deep struggle together.

28 February 2010

Wi-fi Hacking

Check out this SlideShare Presentation, about the problems and risks associated with Wi-Fi.

24 January 2010

ADB driver for Android development

I've been getting into Android development recently, and while the development environment includes an emulator, it's not quite as efficient as using the real thing. Until now, I've been building a run configuration which creates an external APK, then I've transferred that to my HTC Dream and used Linda Manager to install it.

What I'm testing now is the USB ADB interface. I saw this being used in a Google developer video, and it looks rather cool, although it was tricky to install.

These are the steps I used:

1) Inside the Eclipse environment, go to the Window/Android SDK menu option. Select Available Packages, and download the USB Driver Package, revision 3.

2) Go into Control panel, select your Android phone driver (or detect it new if not already done), and select the file android_winusb.inf (which on my system lives in the path C:\Documents and Settings\Administrator\Desktop\android-sdk_r04-windows\android-sdk-windows\usb_driver). Install that, and reboot Windows. (I'm also going to test this with OSX when I change to a Macbook Pro next month for development.)

3) Ensure you have set android:debuggable="true" in the Manifest.xml of your application.

4) In the Settings/Applications/Development menu of your Android phone, set USB debugging to true.

5) Now in Eclipse, when choosing your Run Configuration, your Device Chooser should now have a new entry, assuming your phone is plugged in via a USB cable.

The result of this is that ADB can now directly update and run new applications on the fly on your own phone!

16 January 2010

Spanish, Gender and Computers

Something a little lighthearted for this bleak Saturday morning...

A Teacher was explaining to her class that in Spanish, unlike English, nouns are designated as either masculine or feminine. 'House' for instance, is feminine: 'la casa.' 'Pencil,' however, is masculine: 'el lapiz.'

A student asked, 'What gender is 'computer'?'

Instead of giving the answer, the teacher split the class into two groups, male and female, and asked them to decide for themselves whether 'computer' should be a masculine or a feminine noun. Each group was asked to give four reasons for its recommendation.

The men's group decided that 'computer' should definitely be of the feminine gender ('la computadora'), because:
1. No one but their creator understands their internal logic;
2. The native language they use to communicate with other computers is incomprehensible to everyone else;
3. Even the smallest mistakes are stored in long term memory for possible later retrieval;
4. As soon as you make a commitment to one, you find yourself spending half your paycheck on accessories for it.

The women's group, however, concluded that computers should be Masculine ('el computador'), because:
1. In order to do anything with them, you have to turn them on;
2. They have a lot of data but still can't think for themselves;
3. They are supposed to help you solve problems, but half the time they ARE the problem;
4. As soon as you commit to one, you realize that if you had waited a little longer, you could have gotten a better model.

The women won...

06 January 2010

Thoughts on airport security

After traveling to the USA this week, and seeing the security measures first hand, I am concerned that they remain largely ineffective, and mostly constitute window-dressing. It's as if someone said: "We have to do something." And then they did something, or anything which might help.

In my view, a sophisticated and determined attacker can easily bypass the current measures, even with the new backscatter scanners. This article in the UK's Independent newspaper suggest some serious issues with the technology, and question whether it is really fit for purpose.

A basic knowledge of the technology suggests that such systems are interested only in detecting explosive material with relatively high density. Since thin cloth (such as clothing) is transparent, then the obvious response by attackers will be to create thin layers of some suitable material, impregnate it with PETN, then stitch it into clothing. The bomber then simply needs to remove the item of clothing (for example, a turban or sari), and wrap it into a very tight bundle to increase density.

Remember, we don't need much more than 80 grams to disrupt structural integrity, according to some tests.

What about the detonator? Well, it should be recalled that many laptop batteries have been recalled by the manufacturer for their tendency to spontaneously ignite. I would think that an ingenious terrorist might find a way to rig a laptop battery to function as some form of detonator -- even while powering a laptop sufficiently to show that it works if TSA screeners become suspicious. Of course, laptops themselves have lots of places where high-density materials might be stored internally.

There isn't really an easy answer here. I suspect the TSA has many good people working on this, and are doing the best they can. However, I tend to agree with the cynical view that only two things have significantly improved airplane security in the past ten years: locks on cabin doors, and a recognition by passengers that they may well need to take matters into their own hands if a situation arises -- as one brave Dutchman did on Christmas day in the skies near Detroit.

03 January 2010


I began my journey to St. Louis at 5 a.m. this morning. All went smoothly, despite long queues at Vienna's Schwechat Airport. The sunrise over a sea of cloud was beautiful. I'm now waiting for my next flight.

I am taking photos, and will be blogging regularly on this trip. I will be in St. Louis for two months, where I will be teaching a couple of courses at Webster University -- Telecommunications and Mathematics for Computer Science. I'm also working on some software ideas, which I'd love to see implemented on the Android environment.

Here's a poem by the Welsh poet Dylan Thomas, which has long been a favourite of mine:

Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.

Though wise men at their end know dark is right,
Because their words had forked no lightning they
Do not go gentle into that good night.

Good men, the last wave by, crying how bright
Their frail deeds might have danced in a green bay,
Rage, rage against the dying of the light.

Wild men who caught and sang the sun in flight,
And learn, too late, they grieved it on its way,
Do not go gentle into that good night.

Grave men, near death, who see with blinding sight
Blind eyes could blaze like meteors and be gay,
Rage, rage against the dying of the light.

And you, my father, there on the sad height,
Curse, bless me now with your fierce tears, I pray.
Do not go gentle into that good night.
Rage, rage against the dying of the light.

17 December 2009

Seriously? No encryption on predator video feeds?

Sometimes a news story appears which leaves me flabbergasted. This report from the Wall Street Journal describes how "the enemy" in Iraq and Afghanistan have been able to use a simple piece of off-the-shelf software (costing $26) to capture video feeds being broadcast by Predator and presumably other UAVs working in the theater.

This reported incident, if true, seriously beggars belief. It has been more than 20 years since commercial satellite TV has deployed effective encryption for both analog and digital video signals to protect commercial interests. And yet the military planners singularly failed to specify simple encryption for sensitive information -- the live video feed of the drone.* Most likely this was done to speed up time-to-market, or to reduce costs--but most security experts would consider this a false economy.

The article clearly indicates that this problem was known since the Bosnian conflict in the 1990's -- but military leaders felt that "local adversaries wouldn't know how to exploit it". This is a perfect storm of stupidity, with two basic blunders: a) assuming that the enemy isn't as smart as we are, and b) relying on security through obscurity. One wonders if this decision means that there are similar weaknesses in the command-and-control channel of the drone's avionics or weapons platforms?

*Subsequent reportage suggested this was not a live feed directly from the Predator, but rather a rebroadcast of said feed via a satellite from the local groundstation uplink. It's still a COMSEC issue however.

16 December 2009

Rant of the day: DHL is seriously flawed

I recently had to send an important document from Austria to New Zealand.

I went to the local Austrian Post, and selected the EMS (Express Mail Service), which cost me 59 Euros to send a letter weighing 70 gm. I knew that this was outsourced to DHL, so assumed it should reach the destination reasonably quickly -- and I could follow it with the tracking number.

So, imagine my surprise when I learned that an item I had submitted in Vienna on Friday 11th of December had only reached London Heathrow by Wednesday 16th of December.

Thats FIVE DAYS to go from Vienna to London. And it still hasn't left on the plane for New Zealand!

I am seriously unhappy with the service from DHL, and plan to avoid using them in future. I've asked them for an explanation, but I doubt one will be forthcoming.

To see for yourself, check the URL:


The AWB number is 9653805361. Is this some kind of record for tardiness?

DHL, please fix your broken system!

/rant ends

Update: the package arrived on 21 December -- a total of TEN DAYS after I sent it on 11 December. I think this is the last time I use DHL, or the Austrian EMS which resells their service.