Thursday, September 20, 2007

Perfect mix of art and science

September 19, 2007
Singer/Songwriter Jonathon Coulton came through Dallas last night as part of his nationwide tour. He's built his audience as an independent, largely through the internet, and thus tends to play to geeks like me, with geek-friendly songs such as "Code Monkey", "The Future Soon", and "Mandelbrot Set". Just about all his songs have a wry, intelligent sense of humor, but as we experienced at the live show, there is a sort of hidden thread of emotion to the songs that resonates even deeper. After you get past the unusual lyrics, universal themes of love and loneliness are revealed.

Opening Set
Thinking that a) a geek might actually start a show on time, and b) it was a weeknight after all, we arrived promptly at 8:00 so as not to miss a single morsel. Paul and Storm, the openers, took the stage around 9:15, to a packed house at Club Dada. I was previously unfamiliar with this act, but apparently they have had some success on the Bob and Tom show, which doesn't play in Dallas except perhaps over the internet. Though I'm sure they have been at this much longer than Coulton, they were the perfect warm-up for him, as they got us all in the laughing mood starting with their opening meta-song, "Opening Band." They played several other humorous songs, and didn't fail to celebrate the holiday with audience participation.

Main Act
After a brief recess, Johnathon Coulton took the stage solo. Early on, he played "IKEA" (yes, a song about a furniture store). He went on to play "I crush everything," about a giant sea creature and his search for love with his all-too-powerful tentacles. He soon satisfied the ├╝ber-geeks with "The Future Now," a song about how he is going to be enhanced in the future, and woo the girl to whom he sings with all his imperfections removed. He followed up with "SkullCrusher Mountain," a song about an evil genius showing his new girlfriend around the lair.
Somewhere in there was "I Feel Fantastic," a song about the perfection of pharmaceuticals in the future, with some really funny lines, and "Tom Cruise Crazy" and "Code Monkey". He also played "You Ruined Everything," about having a new baby, "Creepy Doll," and "Mr. Fancy Pants," for which he had purchased a key-tar beat box to play live. He closed with "Mandelbrot Set" about fractals, and "Re: Your Brains" about your local office-mate turned zombie, though again the metaphorical undertones were apparent, and resonant to cube-dwellers everywhere.

Though it was a weekday, and though it had all started way later than I expected, and though it was nearing midnight and I was tired, it ended all too soon. Encores were "First of May" (nsfw), and "Sweet Caroline". Jonathon stayed around afterward to sign albums and such, though I prefer to buy online the songs I like.

Wednesday, September 12, 2007

Security Exploit for your Car

Car security
I have talked a bit about cars and technology here before, particularly security. I think this is an issue which deserves some attention, but nonetheless I will post about it here rather than forward an e-mail to everyone I know telling them to forward it in turn. That has its own security risks, which I will explain in a later post. This article explains how I discovered a security hole for the automatic remote for some cars, and how to avoid it. This is on a slightly older car, but this exploit can be gleaned from a simple reading of the car owner's manual without any special technical knowledge or equipment, just a sneaky mind like mine, and one's own keyless entry. Your mileage may vary, as they say. You should read your own owner's manual with a mind toward something similar. More on that later.

Security attempts
Over time, car manufacturers have taken on the issue of keyless entry security. Early transmitters simply sent a digital sequence to the receiver in the car, matched to that receiver. The problem with this was that criminals could simply sit in a parking lot and record the sequences on their own receiver, and play them back to open the doors. This particular exploit required special equipment, and so was a specialized type of threat, but a real one nonetheless. To correct for this, manufacturers began coding the transmitters to the receivers but with special encryption algorithms built into both, with two-way communication, so that a different code was sent each time.

The exploit
In the particular case of my car, a Chrysler Sebring, this fix for a relatively rare problem created a much more common and exploitable problem. The transmitter is matched to the car at the factory, but it has some kind of internal limitation on how many new unique codes can be generated without communication. According to the owner's manual, if the keyless entry is keyed "more than 250 times" when not within range of the car, this pairing is lost. I suspect they really mean more than 255 times, but that's a nit. Anyway, since there is a way the customer can lose the pairing, there has to be a way to resync. The way to resync, on my car, is simply this: Lock the doors (using the door-lock switch on the door, of course, because your remote doesn't work), then press the buttons on the remote in a particular way (which I will skip here to maintain a little security through obscurity). The remote resyncs and then can be used to unlock the door again.

If you haven't figured out the exploit by now, it is simply that if the owner of the car has locked his doors with the door-lock switch, any schmoe with the same remote can then press the appropriate sequence on his remote and get into the car. The key will still not fit, so they can't steal your car, but at least they can steal all your CD's and sunglasses. Up until I realized this, I locked my door this way all the time, because it's easier to flip the lever on the door than to fiddle around with the remote. Luckily, I discovered this exploit not by being victimized but because I had a remote that didn't work even after replacing the batteries, and it said on the remote "consult the owner's manual." I tried it on my dad's car, which is the same but a newer year, and sure enough it works.

Keeping out interlopers
The solution is simple, of course. Just lock your doors with the keyless remote always. This will also ensure that you don't lock your keys in the car, which is good.

Other cars
Your car may differ in the way that it resets the keyless entry. For example, some require that the key is in the ignition to initiate the sequence. In this case you are safe from this exploit, but there may be other ones depending on your car. Read your owner's manual, and if you find another exploit for your car, post it below.