Monday, July 26, 2010

Why location privacy matters

I attended The Next HOPE, the 8th installment of the Hackers on Planet Earth conference, last weekend. I've attended "hacker" conferences over the past decade and I've rarely seen  location or geo content with the exception of the war driving contests in the early '00s. I was excited that HOPE had a number of geo related sessions ranging from location privacy to hacking your GPS.


Ben Jackson from Mayhemic Labs presented Locational Privacy and Wholesale Surveillance via Photo Services. Jackson sampled 2.5 million photo links posted to Twitter, Twitpic, YFrog and Sexypeek and retrieved latitude and longitude from the EXIF metadata from 65,000 photos. His message was that users are leaking location information, often with knowing it. To publicize his findings, Jackson established ICanStalkYou.com to let users know that they could be easily located. 


In a similar vein, Paul Vet presented Geotagging: Opting-in to Total Surveillance (video available). His tag line, "One geotag is anecdote, many geotags are data," summarizes his position that information about a person's location (home, work, entertainment) and habits (timing) can be derived from mining their twitter stream. Like Jackson, extracting tweets with key words such as bed, home, TV and extracting the location data could be used to build a profile of a person's home, place of work, and their habits. Even tweets from friends, such as "Playing XBox with @username" adds additional information. Vet used a clustering algorithm to further refine individual coordinates in probable locations.


I also followed the GeoLoco conference via Twitter. Panelists in the Future of Geo-Location Panel responded to predictions collected by Dr. Phil Hendrix, the moderator. Here are two predictions that impact location privacy:


2. Location-awareness will be integral to any mobile app.
The panelists mainly agreed with this statement, with the observation that not all mobile apps will need LBS.
“For me, this is obvious,” Eisnor said. “With increase in precision, we’re moving towards an ecosystem of location-aware devices.”
“We’re going to have way too many devices in 2014; we will need to know where they are,” said GigaOM’s Liz Gannes.
4. Virtually all user-generated content will be geo-tagged.
In Ron’s words, “That’s already happening today,” but some of the panelists had reservations about a totally geo-tagged world.
“We’re going to find situations where location-sharing can be very weird,” Scoble said, noting that a recent deal between Rackspace and NASA could have been discovered before it was announced if observers had been tracking both organization’s locations.
“We’re getting to the point where journalists could know what the intelligence community does,” Liebhold said. 
The attitude of conference attendees (via Twitter) towards location privacy seemed to take a back seat to the business of monetizing location, despite the possibility that location privacy issues could make or break a company.


Another week, another hacker conference. This time Thomas Ryan will be presenting Getting in Bed with Robin Sage; which describes his exercise of creating a fake twenty-something year old woman who worked for Naval Network Warfare Command. Robin Sage was able to collect 300 connections on LinkedIn, 110 Facebook friends, and 141 Twitter followers. Robin Sage was able to view photos with location information from Afghanistan and Iraq in Facebook and Twitter. Sage even received job offers and dinner invitations. More information about Robin Sage is available from darkreading.com.


While the US ponders the release of (six month to years old) information from WikiLeaks. It is worth noting that we might want be looking at social media when it comes to releases of information that endanger operational security in the present day.

Saturday, July 24, 2010

Fixing a bricked Dell Mini 9

The Dell Mini 9 has been sitting on the corner of my desk for several months now, unloved and more importantly uncharged. I'm going on vacation soon and I wanted to bring it along for casual coding instead of  my work notebook. I fired it up with a very dead battery and the Dell Mini failed to recognize the battery - ugly orange LED blinking at me. 


What to do? Forums suggested resetting the bios by unplugging and unplugging the CMOS battery. That didn't work, despite the fifteen minutes I spent unscrewing the 25 or so screws that hold the Dell Mini together.


More searching led to flashing the BIOS to make it recognize the battery. Dell only provides a Windows executable for BIOS upgrades (too bad for you cheap bastard, you bought a Mini with Linux), but the enterprising users at Dell Mini Forums packaged a image with DOS and the BIOS flasher that runs on a USB stick. The package and instructions can be found on the Dell Mini Forums.


The BIOS flasher checks to see if the both the battery and power supply are plugged; if neither one is plugged in, then it exits. Since the battery was unrecognized, the BIOS flasher exited. This is where it the fun begins.  You can make the BIOS flasher ignore the power supply and battery checks by running the BIOS flasher with a /forceit option.


The first time I ran the BIOS flasher, it worked correctly. However, the battery was still unrecognized. I'm a great believer in the maxim, "If it jams, force it. If it breaks, well it wasn't working anyways." So yes, I ran the BIOS flasher a second time, and this time the screen went blank and the Dell Mini would not reboot, despite my frantic poking at the on button.


Fortunately, there are many people much smarter than me who are willing to share their smarts. Instructions for recovering a bricked Dell Mini 9 are available at fosk.it


Sometimes no amount of voodoo and vulcan nerve pinches can recover a thrashed computer, so it seems the only solution is to buy a new battery.

Wednesday, July 7, 2010

2010 Nominations for Sol Katz Award for Geospatial Free and Open Source Software

It's that time of year again, nominations for the Sol Katz Award for GFOSS are open. I am honored to serve on the selection committee and I dug up my notes introducing Sol Katz's legacy at the 2005 MapServer MUM3/EOGEO User Conference (intro by Sol's daughter Shanna):
Sol Katz was born in Sweden and emigrated to the United States at the age of one. He was a US Air Force veteran and earned Masters degrees in Geology and Computer Science. Sol was employed but the Bureau of Land Management in Denver. Sol passed away in 1999 from Non-Hodgkin's Lymphoma and he is survived by his wife Heidi and daughters Shanna and Risa.
Sol was an early pioneer of geospatial open source software. His contributions to FOSS include:
  • a key developer of MOSS (Map Overlay and Statistical System) on Data Generals and later, releasing and maintaining PC MOSS
  • release binaries and source for DEM and SDTS translators
  • reverse engineering the ESRI e00 exchange format and publishing the format
  • maintaining a website with links to web mapping and metadata that provided an invaluable resource to implementors
  • being an active participant on multiple list-servs guiding and mentoring GIS newbies such as me
Sol's contributions help build the nascent open source geospatial community which was a precursor to the many geospatial open source projects and communities of today. The Sol Katz Award for Geospatial Free and Open Source Software commemorates Sol's pioneering efforts.

Nominations for the Sol Katz Award should be sent to SolKatzAward at osgeo.org with a brief supporting statement for the nomination. Nominations will be accepted until 23:59 UTC on August 20th. The OSGeo announcement with more details can be found here.