TechByter Worldwide

If you enjoy today's article, please share it!

Program Date: 4 Aug 2013

The Car that Knew Too Much

Remember the old murder mysteries that depended on the bad guy's cutting the car's brake line just enough that it would fail as the victim was driving down a steep mountain road? The car would sail off over the cliff and burst into flames. As a method of murder, that never seemed a reliable choice. Now writers can have the villain reprogram the car's computer to simply drive off the cliff.

Researchers presented information on Friday at a conference in Las Vegas showing how it's possible to hack a vehicle's computing system. This has wider implications because computers are involved throughout cars and trucks, and because they also are largely responsible for running airplanes, trucks, ships, and subway systems.

The researchers, Charlie Miller (a security engineer at Twitter) and Chris Valasek (Director of Security Intelligence at IOActive), showed how they were able to take over computers in a Toyota Prius and a Ford Escape using a notebook computer that connected wirelessly to the car's electronics. What did they control? The cars' acceleration and brakes, the horn, the seatbelts, and the headlights.

So now the villain can turn off the headlights in the victim's car as it's making its way down that curvy mountain road and cause the car to accelerate.

Miller and Valasek are good guys, by the way. They presented their findings on August 2nd at Defcon in Las Vegas.

Defcon and the Black Hat Convention are separate events, but both are in Las Vegas. Defcon (not to be confused with the military's DEFCON*) is a large convention of hackers that occurs every year in Las Vegas. The first event occurred in June 1993.

The Black Hat Convention attracts a more corporate crowd and consists of 2 primary parts, Black Hat Briefings and Black Hat Trainings. The conference is hosted by the National Security Agency, a group that's been in the news a lot lately. The briefings section attracts employees of government agencies and corporations who want to hear the keynote addresses.

The training section largely involves classes on security techniques that would help experts better analyze and test attacks.

*A defense readiness condition (DEFCON) is an alert state used by the United States Armed Forces.

But to get back to cars, auto makers began using electronic control units (ECU) in the late 1970s to control carburetors. The goal was to produce vehicles that could offer better fuel mileage. Today, though, ECUs are located throughout vehicles and they communicate with each other.

The presentation by Miller and Valasek illustrated how controls are used in the Toyota Prius and a Ford Escape. It covered the tools and software needed to analyze what's called a controller area network (CAN) bus. Then they demonstrated software to show how data can be read from and written to the bus.

Those parts might be something you would consider to be dry and uninteresting but Miller and Valasek then showed how certain proprietary messages can be replayed by a device that is hooked up to an on-board diagnostic system connection (OBD-II) to perform critical car functions, such as braking and steering.

The researchers say that they wanted to see, once someone was inside your car network, to what extent they can control the automobile. And the results are disturbing. Taking control of the steering requires a car that makes steering functions available to the on-board computers. Toyota and Ford both have self-parking features.

For its part, Toyota has says that its systems are robust and secure; and the company is unimpressed with the facts presented by Miller and Valasek. Ford, on the other hand, says that it takes the research very seriously. Toyota might want to bear in mind that we once thought airliners would never be piloted intentionally and at high speed into tall buildings, too.

Any processor on the network is vulnerable because the internal systems don't bother to validate the sender of information that they receive.

The problems don't have immediate and severe implications because cars use different operating systems, so a malicious hacker would need to know the codes that apply to the specific vehicle that they want to attack.

Making this information public might seem like a disservice, but the researchers say that they hope car companies will understand the need for on-board computer security.

Searching for Just One Great Music Player

"There must be something better than Itunes!" I have uttered that expression, sometimes accompanied by a variety of epithets, over the years because no matter how good Apple's hardware music players are, the software isn't exactly something to be proud of as a programmer, and particularly not on Windows computers.

What else is out there?

Click for a larger view.I've tried several of the competitors. One of the earliest was Winamp and I bought the "professional" version so I qualify for updates whenever the program is updated, even 15 years or so after my initial $20 purchase. The primary problem with Winamp is that it looks and feels like something from the mid 1990s.

Winamp version 0.20 was released in April 1997 and by June the developers, Justin Frankel and Dmitry Boldyrev, were ready with version 1.006. The current version is 5.6

Click for a larger view.I used MediaMonkey for a while, but it seemed to have a relatively robust collection of bugs.

The current 4.0 release supports most music formats and is available in both a freeware version and a paid version, both of which accept skins, third-party plug-ins, and user-generated extension scripts.

Click for a larger view.Itunes has been on my computer most of the time, in part because at one time it was the only application that could reliably store music on Ipod devices. I removed Itunes when one version wrecked an Ipod every time I plugged it in. (By "wrecked", I mean that it destroyed all music on the Ipod in such a way that the only solution involved a factory reset.)

Earlier this year, I installed the latest version of Itunes, but I haven't quite worked up the courage to plug in either Ipod because I don't want to take the time necessary to reset the Ipod and reload all the music if Apple hasn't yet fixed the problem. And I don't particularly care for the latest iteration of the Itunes interface. "Elegant" is not a term that springs to mind. "Muddled" or "confusing" might be more on target.

So I continued looking for alternatives.

Click for a larger view.Clementine is a relatively new cross-platform (Linux, Windows, and Mac OS X), free, open-source application with a history. The developers note that the player is based on Amarok, a much older player that is also a cross-platform, free, open-source music player. Amarok is part of the KDE project for Linux, but it has been released separately for other platforms. The most recent version was released in 2008.

Clementine is technically a fork of Amarok that's based on version 1.4 of that player. Later versions were viewed as bloated and hard to use. Clementine is designed primarily to do one job: Allow you to listen to music that's stored on your computer and to Internet radio stations (Spotify, Grooveshark, Last.fm, SomaFM, Magnatune, Jamendo, Sky.fm, and Icecast are among the supported services).

Click for a larger view.Beyond the basics, Clementine makes it easy to enjoy your music. It fetches lyrics, artists biographies, and photos from various Internet services that you select. If the cover art is missing, Clementine will search both Last.fm and Amazon to find it.

Clementine can trans-code music to MP3, Ogg Vorbis, Ogg Speex, FLAC, or AAC formats; and it works with MusicBrainz to search for descriptive tags. You can also edit the tags that have been applied to MP3 and OGG files.

If you want to play an audio CD, Clementine will play it without first having to RIP the contents of the CD to your music library. Although this is an increasingly common capability for music players, not all can just play an audio CD.

One of Clementine's most impressive features is the speed with which it scans a music library. Because of the number of selections I have, this process can take 30 minutes to an hour with Itunes. Clementine managed the same process on an older notebook computer in about 10 minutes.

Not surprisingly, Apple support is problematic. The Ipod classic protocol is supported natively, but support for the Ipod Touch requires Itunes to be installed as well. This doesn't mean that you have to use Itunes, but Clementine needs access to some of the Itunes files to perform the synchronization. Once again, Apple seems to be looking out for their customers' needs. (And, yes, it is essential to say that last sentence with a smirk.)

My primary portable music devices are Ipods, but I also have music on an Android tablet and a Windows tablet in addition to a Windows desktop and a Windows notebook. The ability to upload music to these devices is important and it's something that Apple actively tries to block. Unfortunately, Apple seems to be winning the battle with Clementine and I've not been able to upload tracks to an Ipod Touch.

There's no doubt that Itunes has the prettiest interface, but Clementine's fast database management and the automatic connections to Last.fm, Wikipedia and other services make it a standout from my point of view.

If you don't like Itunes, 4 CatsClementine might be just what you're looking for.

Clementine is the music player that makes sense for the way that I listen to music. One of the others might be better for you, or check out some of the many other options on Wikipedia.
For more information about Clementine, visit the Clementine website.

Short Circuits

The Gang that Can't Trademark Straight

Remember Metro? That's what Microsoft wanted to call the Windows 8 interface and what most of us still call it even though a German company, Metro AG, filed suit against Microsoft for using its name and Microsoft stopped using the term. Now the same thing has happened to SkyDrive, Microsoft's cloud-based storage service.

This time it was a British company, broadcaster BSkyB, that said the name infringes on one of their trademarks. BSkyB filed suit in Britain, Microsoft lost, and in a negotiated settlement has agreed to stop calling their service SkyDrive and not to appeal the ruling.

Microsoft says that the agreement will allow for an orderly transition to a new name. Perhaps they'll decide to rename SkyDrive as CocaCola or Chevrolet. Nobody could possibly be using either of those names.

Or perhaps Microsoft might want to consider hiring someone to do trademark research first.

Former Apple Employees Sue the Company

Former Apple employees in New York and Los Angeles have filed a class-action lawsuit against the company saying that they were underpaid by about $1500 each year. The suit was filed in the Northern California Federal District Court.

The suit contends that employees are required to spend approximately half an hour per day at the end of each shift waiting for their possessions to be searched. They are not paid for the time spent waiting for the searches that Apple conducts to reduce thefts from stores.

According to published reports, Apple's sales associates make only about $25,000 per year even though Apple's stores are the most profitable retail spaces in the United States on a per-square-foot basis.

Apple has not commented on the suit.

Google and Starbucks

The combination seems so obvious, one has to wonder why it took this long. Starbucks has approximately 7000 locations in the US, all with Wi-Fi provided by AT&T. Starbucks is booting the phone company and bringing in Google to provide the service.

Google announced the change with typical "understatement": "When your local Starbucks WiFi network goes Google, you'll be able to surf the web at speeds up to 10x faster than before. If you're in a Google Fiber city, we're hoping to get you a connection that's up to 100x faster."

Beware the weasel words "up to". A connection that's the same speed as the old connection is still "up to" 10 times faster because "up to" establishes the top end of a range and leaves the bottom unstated. That said, it's likely that Google will provide substantially faster service than AT&T did.

Installations will begin this month and Google should be in all 7000 stores by the end of 2014.

Google is pushing hard to provide free service everywhere. For example, the company paid more than half a million dollars to provide free Wi-Fi access at more than 2 dozen locations in San Francisco. The agreement covers a 2-year period.