Category Archives: History

Energy, History, Security

Hacking NASCAR: If You Ain’t Cheatin’…

Leave a comment

NASCAR lately has handed out some stiff penalties to competitors for infractions. Yet the Bleacher Report tells us that among the top quotes in NASCAR history there is much evidence that rule-following may be the exception for drivers:

“If you ain’t cheatin’, you ain’t tryin'” is an old NASCAR expression. Junior Johnson had this to say about his creativity when it came to building cars:

“I loved the game. Maybe I’d have four of five new things on a car that might raise a question. But I’d always leave something that was outside of the regulations in a place where the inspectors could easily find it.

“They’d tell me it was illegal, I’d plead guilty, and they’d carry it away thinking they caught me. But they didn’t check some other things that I thought were even more special.”

BR also cites driver Darrell Waltrip in 1976 after his team was caught cheating with nitrous oxide.

If you don’t cheat, you look like an idiot; if you cheat and don’t get caught, you look like a hero; if you cheat and get caught, you look like a dope. Put me where I belong.

Waltrip’s best story might be the time he was caught filling his car frame with BBs to cheat the weight test before a race. Because cars weren’t weighed afterwards he simply pulled a plug and all the weight would disappear on the track without detection. Unfortunately one day the balls jammed. The BBs sat in his car, keeping him at regulation weight, until Waltrip’s car entered the pit. Then, as he approached the other crews, the entire payload came free and pelted them.

That story comes from Popular Mechanics’ article called “The Greatest Cheats in NASCAR History,” which has many other examples:

  • Fuel capacity: Yunick inflated a basketball in the tank during tests, then deflated it before the race
  • Fuel capacity: Yunick quadrupled the 11 ft fuel line diameter to carry 5 extra gallons
  • Aerodynamics: Johnson’s crew chief Knaus altered rear window angle
  • Weight: Flock painted wood to look like metal roll bars

I especially like the fuel line cheat as Yunick argued the line was not technically part of the tank and therefore should not be included in measurement of capacity. Popular Mechanics also quotes a famous cheater who thought “stock” cars meant a challenge to make some stock “better” than others.

“It can be frustrating,” says Chad Knaus, crew chief for four-time champion Jimmie Johnson…. “But it would be more frustrating to give up trying to make our car better.”

I suppose you could excuse failure to follow a rule when a rule is first introduced. There might be confusion and not everyone would be able to interpret the same. That is especially believable when NASCAR found that almost no one passed:

To help cut down on cheating, NASCAR introduces body templates, which race cars must conform to, Prior to the Firecracker 400 at Daytona, 49 of 50 cars entered flunk initial tech inspection.

But that sad tally was decades ago in the 1960s, as reported by Something About Everything Racin’, which also retells a story of Petty’s winning engine. The cylinders apparently had wax in them before a race to pass inspection. During the race it melted so after the race the engine measured much larger than the maximum allowed; it went from just over 350 to 392 cubic inches. At the end of the race, despite all the penalties and warnings, it seems that the winners in NASCAR are cheating all the time.

The names of those caught skirting the rule book read like a “Who’s Who” in NASCAR history: Tim Flock, Smokey Yunick, Junior Johnson, David Pearson, Bobby Allison. Richard Petty, Roger Penske, Jack Roush, Ray Evernham … the list goes on and on, almost as if it’s some kind of badge of honor.

Indeed, the badge of hacking just has been bestowed to teams No. 14, No. 3 and No. 18 according to a NASCAR press release:

The No. 14 team in the Sprint Cup Series was found to be in violation of Sections 12-1 (actions detrimental to stock car racing); 12-4J (any determination by NASCAR officials that the race equipment used in the event does not conform to NASCAR rules detailed in Section 20 of the NASCAR Rule Book); and 20-2.1J (unapproved open vent hose inside of the car).

Imagine if computer security regulations had something like “Sections 12-1 (actions detrimental to stock car racing).” Actions detrimental to the industry? The FTC is probably the closest thing.

That vague catch-all 12-1 rule was really meant to help prevent fist fights and other unsportsmanlike behavior. Ironic, since some say the reason NASCAR became so popular in America was a 1979 televised fight.

Oh, and note the NASCAR typo. That should be rule 20A-2.1J. Is the fine removed if there’s no 20-2.1J?

Anyway, with all that background, I’m going to take a guess and say that the vent hose was intentionally routed inside to reduce air resistance. A fairly boring hack and the finding doesn’t seem to be an isolated instance.

The No. 3 team in the Nationwide Series was found to be in violation of Sections 12-1; 12-4J and 20A-2.1J (unapproved open vent hose inside of the car).

As fun as it is to read the infraction reports and the odd-ball excuses or theories of disobedience from the teams, it really just makes me yearn for something more meaningful in development and innovation — where’s the bump in the power to efficiency ratio we could all use?

It will be years before the IndyCar innovation trickles down into NASCAR, despite all the stories of cheating. I wish the car racing regulatory bodies would just speed up the process and let someone race a diesel again.

Now THAT was an impressive hack that translated directly to stock benefit.

History, Security

Aligning NTFS to SSD Geometry

Leave a comment

Frank Shu, Senior Program Manager for Microsoft, gave a presentation in 2008 called Windows 7 Enhancements for Solid-State Drives. The slides illustrated a set of challenges with SSD for the Microsoft Windows OS

  • Reporting non-rotating media will allow Windows 7 to set Defrag off as default; improving device endurance by reducing writes.

He meant that when the ATA8 rotation rate value of 0001h is reported to the Windows operating system, it could automatically disable de-fragmentation.

Shu’s presentation towards the end explains why it matters.

SSD endurance is equal to the safety of user’s data.

Defrag no longer is your friend; it can actually be your enemy. What does that mean for earlier versions? Windows XP is here to stay, right? Note the most recent end-of-life announcement from Microsoft:

We might therefore expect it to be updated to ensure “the safety of user’s data.” Alas, the challenges presented by Shu at Microsoft in 2008 are today still present in Windows XP.

The SSD offers an easy way to give new life to an old system since the price for a reasonable size has dropped under $100. It makes sense that every XP owner would go there and after a little research (uh, four years?) Microsoft would support them. Where do you want to go today? SSD.

Yet defrag is just the beginning. Microsoft has left other SSD problems for Windows XP unsolved as well. Here is an even better example. The presentation revealed major performance risk:

A fresh install of Windows 7 can do a proper geometry alignment but an upgrade from Windows XP would be mis-aligned and inherit a 50% performance hit. Ouch. Common symptoms are a system freezing momentarily.

This leads to a very uncomfortable user experience. You’ll know availability loss when you hit it. After seeing the first taste of SSD speed it feels like slamming on the brakes after driving on the highway.

For a more technical test, simply use Start -> Run and type msinfo32. You can see the problem by looking at the Partition Starting Offset value. Divide the number by 4096. If that number doesn’t divide evenly by 4096, then obviously the partition is not aligned with the 4096-byte sized sectors of an SSD. Here’s an example that shows a start at 32,256:

Divide by 4096 and you get 7.785. Uh-oh.

This also can happen on virtual systems as the physical layer is abstracted completely away. NTFS of a legacy OS could be mis-aligned with VMFS, which itself is not aligned with SAN LUNs. At least in large enterprise you can hope a service provider will be aware and looking for symptoms of read and write degradation as sector sizes are represented up the stack.

Microsoft however has left many users in the lurch. Fortunately there is an easy and free solution…Linux. Here’s a good example of why this actually matters today and how Linux is doing things right.

Let’s say you want to buy a sub 3 pound laptop with a full keyboard, bright screen and 10 hour battery life for under $200.

You can start with a solid machine for just $50. It’s known as the IBM Thinkpad X40 and it was one of the best form-factors ever built. No, I’m not just being nostalgic. If that were the case we’d be talking about the IBM 701c Butterfly or the Apple Duo 230. The X40 is more than a pretty face, it is a very practical and useful system for today’s needs that literally costs $50.

The X40 is perhaps best known for being the lightest laptop when it was introduced in February of 2004, weighing just 2.7 pounds (lighter than the portless Apple Air!). Although the first 1.8″ HDD was introduced in 1991 it was the Apple iPod in 2001 that brought it to mainstream. The IBM X40 then adopted it. I mention that because today buying a tiny 1.8″ SSD for an IBM laptop might feel odd. Just remember that in 2005 the thin and light tablet form-factor was mega-hyped and even helped bring perpendicular recording to market, but I digress…

SSD storage prices have come down so a 64GB 1.8″ SSD for the X40 should be less than $100. Put that with your $50 X40 and you now have a light fast laptop for $150. The official specs say Windows 7 is not supported but you can make it work if you fiddle with the drivers. Or you also could install Linux and go. Mint Maya is very nice.

But what if you want to restore life into an existing Windows XP installation (or install from factory CDs, or want to use the Windows XP license attached to the hardware)? Then you have to do some SSD geometry alignment for NTFS to address all the challenges (e.g. safety of your data) identified by Microsoft yet left for you to deal with on your own.

Linux to the rescue. You only need a 128MB or larger USB drive to boot the system with GParted Live. Creation of the USB drive with GParted is trivial. Download the Tuxboot executable. Run it and choose GParted Live from the source menu, choose the USB device from the target menu. After a few minutes you will be ready to fix your NTFS partition.

Insert your USB device into a powered down system. Next you’ll have to get the BIOS to let you boot from USB. On an X40 this means pressing power and then F12 to get to a device boot prompt. Select USB, answer the GParted setup questions and then the live environment is loaded.

You now can either fix an existing XP installation or create a new partition from the Gparted live tool. If you want to fix alignment, just select the “resize/move” option. Change the “free space preceding” value to 2. Click apply. This will take about 30 minutes on 64GB. Then select the “resize/move” option again and change the value from 2 to 1. Click apply. Wait another 30 minutes. That’s it!

Take another look with Start -> Run -> msinfo32. You now should be able to divide your number by 4096.

The move to 2 and then back to 1 by GParted re-aligns the NTFS partition to the geometry of the drive, per the Microsoft presentation above.

Don’t forget to also disable defragmentation, remove the swap file (a memory upgrade to the max on the X40 is $20)…basically you want to get rid of all the “caching” habits that were designed to help speed up old spinning disks when memory was low or expensive.

That’s how you can go from a 2008 risk presentation on NTFS to a 2012 snappy-lighter-than-air-system-with-lots-of-cool-output-ports-and-10 hour-battery-life for just $150.

Imagine if that would have been the point of the Microsoft presentation in the first place…if you don’t need/want to run a dual core i5-2520M and 8GB RAM in a magnesium skin (e.g. pay for industry-leading engineering like the sub 3 pound yet incredibly durable Panasonic Toughbooks) then why not breathe new life into a classic design by IBM? Think about it.

Energy, History, Security

Vaping Harmful to Health

20 Comments

At the recent Structure conference, a young woman who had just moved from the east coast to San Francisco boasted of her boyfriends’ addiction to “Vaping”. She showed photos of all the accessories he has been obsessing about, from batteries to different colors and patterns. A young man visiting from New York echoed her story and said he was happy to be spending money on hip new e-cigarettes.

The e-cigarette contains a nicotine cartridge in four strengths – 16mg, 11mg, 6mg and 0mg, compared with the 13mg in the average manufactured cigarette. One cartridge lasts for 300 to 350 puffs, or two days. It also has a battery that enables it to emit a mist of propylene glycol, essentially fake, fast-dissipating smoke, and light up at the end when puffed on.

My first reaction was that there should be a chip in the e-cigarette that captures data to be transmitted and stored. Big data should be collected from vaping immediately. I was thinking about all the health info that could be assembled quickly from these battery powered devices. Lung capacity, ingredients, amount of nicotine per second/minute/hour, draws per charge, particulate matter in external air…and trend-lines for everything.

My next thought was that they should be solar powered. Why aren’t they able to absorb sunlight as power? Standing in the sun with a stick in your mouth? Use the power right there. And for that matter why doesn’t the act of sucking air generate sufficient power? Hello, funnel turbine. Why are you sucking power out of the grid? Oh, that’s right. You want to buy accessories, I mean batteries. Got it.

Neither of them seemed to have a firm idea about the energy use, let alone health risks or harm. They said it’s “just vapor”. But the fact is not much data has been collected.

The man from NY listened to me, took a long drag from his plastic tube of toxic fumes and said “By Jove! My old man you might be right! Could a teeny chip really go inside this contraption to record data? I will go start a company right now on that idea!”

I wondered if they read the news from the FDA:

Dr. Mike Feinstein, a spokesman for the American Lung Association said, “People are inhaling some type of chemical vaporized compound into their lungs without really knowing what’s in it.”

[…]

Authorities don’t necessarily know what’s inside of e-cigarettes, but the FDA tested a small sample just a few years ago and found a number of toxic chemicals including diethylene gylcol – the same ingredient used in antifreeze.

The accessory feature can actually introduce additional risks. Obviously the idea of putting a battery between your lips can be harmful to your health.

Chief Butch Parker of the North Bay Fire District responded to the call. He said a faulty battery inside the electric cigarette likely caused the accident. Parker described the explosion as if Holloway was holding a “bottle rocket in his mouth.”

[…]

Parker said the explosion knocked out all Holloway’s teeth and part of his tongue. The event also set fire to the room.

For some reason all the unsubstantiated buzz and positive marketing around e-cigarettes just reminds me of the tobacco smoke enema.

By 1805, the use of rectally applied tobacco smoke was so established as a way to treat obstinate constrictions of the alimentary canal that doctors began experimenting with other delivery mechanisms. In one experiment, a decoction of half a drachm of tobacco in four ounces of water was used as an enema in a patient suffering from general convulsion where there was no expected recovery. The decoction worked as a powerful agent to penetrate and “roused the sensibility” of the patient to end the convulsions, although the decoction resulted in excited sickness, vomiting, and profuse perspiration.

If only exploding batteries and unknown other “toxic chemicals” could have been used for anal treatment hundreds of years ago; today we would know better and not bother with e-cigarettes. Then again, I guess I shouldn’t joke about them becoming a public enema. Given the nature of the young vaping proponents I met, they might be thrilled by the idea and interested only in new accessories they could buy or sell…

Update five years later (April 2017):

Concerns explode over new health risks of vaping and find toxicity issues are real, especially among children:

Students as young as 12 or 13 are now more likely to vape than to smoke. Many are under the impression that because e-cigs don’t contain tobacco, they pose little risk to health. Wrong.

Over the past few months, research has turned up evidence that vaping can pose many brand new risks. The vapors mess with immunity, some studies show. “Smoker’s cough” and bloody sores have begun showing up in teen vapers. The hotter a vaped liquid gets, the harsher its effects on human cells. And a relatively new vaping behavior called “dripping” ups the heat. This threatens to intensify a teen’s risks from those vapors.

Evidence is mounting that teenagers in particular, susceptible to advertisers and social pressure, are being hit hard by harms in vaping:

It worries [Rob McConnell, internal medicine specialist at the University of Southern California (USC) in Los Angeles] that vapers show some of the same lung symptoms as cigarette smokers. It also worries him that more teens are taking up vaping. E-cigarette use grew an astounding 900 percent among high school students between 2011 and 2015.

[…]

[Adam Goldstein of UNC] says it’s important to note that just because something doesn’t taste like tobacco doesn’t mean it is safe. Studies have shown that some flavor compounds in e-liquids (such as cinnamon extract) appear to become harmful when heated in an e-cigarette.

[…]

Now Catherine Hess of the University of California, Berkeley, and her colleagues have turned up traces of toxic metals in the e-liquids used in five different brands of e-cigarettes.

[…]

“The fact that vaping can deliver benzene levels many times higher than those found in the ambient [air] — where it’s already recognized as a cancer risk — should be of concern to anyone using e-cigarettes,” [Chemist James Pankow] says.

While many people cite the use of vaping as an intentional way to stop smoking, anecdotal evidence suggests the opposite. Vapers smoke more, and subject themselves to additional harms beyond just higher overall intake of nicotine.

Vaping in practice increases the frequency of puffs. While dosage of nicotine actually may increase through more frequent use (can choose masking scents, keep vaping device in pocket and breathe from it repeatedly and frequently, far more easily than with the complications of lighting tobacco leaves with flame) it is the new toxic metals and chemicals that scientists are only just beginning to document as additionally harmful.

Update seven years later (2019):

  • April: Rite-Aid announces it will stop selling e-cigarettes in all stores
  • August: Reuters reports the U.S. Centers for Disease Control and Prevention identified 193 potential cases of severe lung illness tied to vaping in 22 states as of Aug. 22, including one adult in Illinois who died after being hospitalized: “The severity of illness people are experiencing is alarming and we must get the word out that using e-cigarettes and vaping can be dangerous,” Illinois Department of Public Health Director Dr. Ngozi Ezike said.

Update thirteen years later (2025):

One e-cigarette a day as harmful as smoking twenty packs of traditional cigarettes.

History, Security

Sophos Warns: Don’t AutoBlame China

Leave a comment

The BBC has posted a story on malware issues of the Indian Navy.

a virus had collected data from computers not linked to the internet and had sent it to IP addresses in China.

Not on the network, yet sending data on the network? Perhaps they mean not directly connected to the Internet? Need more detail. I’m totally ready to start assuming the worst. Did the malware also install network interface cards and make cables? Did it install a router? ZOMG. NICware!

Update: It turns out to only be a case of shared infected removable storage. Some systems were taken off-line to protect them from infection; and then storage was shared with on-line systems. The storage device collected data after it was plugged in. When it detected network access it also attempted to send data.

Sophos, however, says not to get excited yet. There isn’t much detail.

Although those IP addresses were reportedly traced to China, an analyst from security firm Sophos warned against reading too much into the detail.

“Even if a hack is traced back to a Chinese IP address, it doesn’t necessarily mean that Chinese hackers are behind the hack,” Graham Cluley, senior technology consultant, told the BBC.

“It’s very hard to prove who is behind an attack because hackers can hijack computers on the other side of the world and get them to do their dirty work for them. In fact, they often do this to cover their tracks.

Thanks Sophos for throwing a wet blanket on my sometimes pastime of poking fun anti-virus companies. McAfee has had some really good examples of jumping to wild conclusions, as I wrote a year ago.

Earlier, in February of 2011, I made pointed out in several presentations that the urge of Americans to instinctively blame the Chinese was getting ridiculous.

To be fair, this is not only an American habit. The Finnish company F-Secure desperately wants to fault America every time malware in the Middle East is a topic of conversation, as I pointed out recently. If you want a good laugh, you can watch Mikko Hypponen’s analysis of international political issues.

Alas, I should give a giant thank you to Sophos and Graham Cluley. I would love to see them spar with the other vendors on this issue.

Sophos’ argument, not exposed in the BBC report, is supported by some common sense facts. There are a vast number of out-of-date, un-patched, pirated, un-licensed, poorly managed computers in China. So systems there are no only far more numerous lately but also rife for exploitation by automated attacks, which often install remote-control and bot capabilities.

There also is a big complication of getting details out of the attack paths. Unfortunately after tracing an attack to a random PC (let’s say a point-of-sale in a tiny noodle-shop in Chengdu) the next steps for a (civilian) investigator can be controversial and even difficult.

That is why it used to be common to throw up a “the Chinese did it” (if you are American) or a “the Americans did it” (if you are Finnish).

If you want historic parallels this is a lot like how medicine and forensic science was practiced in America in the early 1900s. Doctors rushed to conclusions, perhaps with intent to prescribe a wonder-product from a giant company. Do you have a cough? Bayer once was happy to sell you a “harmless” cure with diacetylmorphine, also known as Heroin. It was even pushed on mothers to give to restless babies, often killing them. A tragic assessment of cause and solution.

In short, the commercial sector did not really understand causality as much as they led the public to believe. And people did not have details or skill enough to find causality themselves. The author of the Poisoner’s Handbook gives us some perspective on the birth of forensic science as a public practice.

Pulitzer Prize-winning journalist Deborah Blum talks about her new work, The Poisoner’s Handbook, a look at how easy it used to be to kill someone with poison and the researchers who made poisoning much harder to get away with.

[…]

“I was looking for coverage and you could not open up a paper in that period without seeing accidental poison death, spectacular poison suicides and really some very bizarre murders; and you’re right, a real acceptance of which I have to remember that this was in an era where a lot of these chemicals were just being introduced, they were the backbone of the industrial age. People regarded them as this scientific magic for which you had to somehow pay a price. And there was a bizarre acceptance of that. I’m not saying we’ve entirely outgrown that. People still die of carbon monoxide poisoning. We still have industrial chemicals that we haven’t figured out.”

And we have malware that we haven’t figured out, with an IP in China, but at least we know who created the Heroin problem, right?

Blum’s book, by the way, is a brilliant look into the damage to society when trained professional investigators rush to conclusions or fail to be thorough in their analysis.