Excursion to Ridout Creek
Sailing Under the Chesapeake Bay Bridge
Beautiful Houses on the Banks of Ridout Creek
Went for our second overnight excursion to a place called Ridout Creek near Whitehall Bay, about 15 miles south of us. The sail was uneventful, and I mean really uneventful, meaning there was no wind to sail despite the forecast for 10 knot winds. We motored all the way. It was kind of cool going underneath the bay bridge after having driven over it so many times.
Our destination was Ridout Creek. It’s not a creek in the Colorado sense, but more like the outlet of a creek. We anchored near very nice houses, almost all with their own private docks and boats. Lots of money surrounds the water here, as with many places. It’s really cool to anchor a few feet outside these beautiful back yards! We had a very pleasant evening.
The next day the wind had picked up quite a bit. It was coming from the north so we had a long day tacking into the wind most of the way back toward our marina. We would have stayed out another night but there was a lot of uncertainty of whether hurricane Hermine would cross over our neck of the woods. Or ocean as it were. We’d rather be back at dock if that happened.
Good wind and another good day of learning the boat systems as well as how “close” we could sail into the wind. Our instruments showed we could get within 30 degrees and keep moving at a reasonable pace, which is pretty good. What that means is this: You can’t sail directly into the wind, but you can sail at an angle to the wind coming at you, and the angle is 30 degrees (or greater). You don’t make a lot of forward progress but you can make some progress. We practiced that all day while watching giant cargo ships and barges move up and down the shipping channel to Baltimore. Nice day.
Posted in Sailing by Mark with 1 comment.
Cyber Weapons
So called cyber weapons are named as such because they are used to fight “enemies.” These weapons can spy on people or cause major damage by either causing direct damage such as overloading a power plant or opening the floodgates of a dam, or denial of service, such as causing an airliner’s controls to shut down or a central bank to make huge bogus transactions.
All of these weapons are software based, and though some are highly sophisticated, they are not magical or so esoteric to the point it takes an army of PhDs and industrial level manufacturing to develop them like the Manhattan project.
What it does take is competence and persistence, two thing highly available to any government, company, group or community on earth.
By competence I mean you need people with a relatively high level of computer systems understanding. These skills are not in abundance but there is plenty talent around. When I say persistence, I mean those willing to do the tedious work of reverse engineering and looking for vulnerabilities, and vigorously testing and refining software. Any company making a software product needs exactly these same skills and they aren’t all geniuses.
The hard part is already done. Vulnerabilities have been unintentionally built into software since day one, and astonishingly, because of lack of concern for security, vulnerabilities continue to be built in to this day.
Nation-state cyber warfare and spying agencies have a couple of things going for them that no one else does. They can legally gain access to systems through the courts and semi-legally through the cooperation of private companies. This is the great power of the NSA, FBI, DHS, and other three letter organizations in the government of the US. Foreign governments do this as well, it’s not just the US.
And lastly, private companies do this too, and you agreed to be spied on when you decided to use their software. Smartphones and tablet computers were designed to collect information from you. Google, Facebook and Apple have more information about you than any government. Should we worry about that?
Posted in Cyber Security by Mark with comments disabled.
Lessons Learned
Yep, It’s Broken!
Many lessons to learn on the Good Karma.
On this day we went out to sail a bit and found the furling line for the mainsail broken. So, what does that mean? On most boats of this class, the main sail folds down into a bed-like structure on the boom. You raise it up from there, and lower down and cover it up when not in use. On the Good Karma, we have a boom furling system, meaning the mainsail rolls out of and back into the boom. The difference is that we need a furling line, one that pulls the rollers to roll the sail on the boom furler spool.
Another feature we have is a power winch. Winches are used to give you mechanical assistance for hauling lines and most of them are manual, meaning you crank them by hand. The mainsail on our boat has a powered winch which can produce a lot of torque and break things if you aren’t careful. Thus the broken furling line I’m holding above.
The line was made of Spectra, extremely strong material (they make bullet-proof vests out of this stuff). It broke when I was furling the mainsail and to be honest, there was little warning. We think the line was frayed, it did show signs of wear, being fuzzy in places. We found that it was about 4 years old, plenty of time to weaken in this harsh environment.
This was easy to replace. Also, it wouldn’t have been a problem even if we were out in the ocean as we would have just dropped the sail to the mast anyway.
But… Good to get some of these lessons done while we’re a place with expertise and convenience to fix “mistakes.”
Posted in Sailing by Mark with comments disabled.
Excursion to Gibson Island
Sails Up!
Our first overnight excursion was to Gibson Island, almost directly across the Chesapeake from Rock Hall. We had some good wind to get over there, so good in fact that we used reefed sails, meaning they weren’t completely unfurled. That makes them smaller for sailing in high wind. We probably could have fully unfurled them but we were being cautious with our new boat. Still, we got the Good Karma up to 6 knots, which is 6.6 mph. Doesn’t sound fast but for a 23,000 pound sailboat, we were hauling!
Gibson Island is completely private with mondo expensive houses lining the shoreline. You can’t go ashore but you can anchor anywhere you want on the water. That’s one of the cool things about sailing, you can hang out in the “backyards” of the ritziest neighborhoods, and that is true just about everywhere we’ve been around the world.
This was our first experience with our anchor system as well. The anchor is much larger and heavier than what we’ve used in the past so we’re getting used to that as well. Soon I’m sure we’ll be experts.
We anchored near what is known as the “horse farm,” see pic below. This is a large horse ranch in an urban area. How many of those do you ever see?
The “Horse Farm”
Posted in Sailing by Mark with 1 comment.
“Digital Arms Dealers” in Spotlight
According to the Citizen Lab Website this message reads: “New secrets about torture of Emiratis in state prisons”). The sender’s phone numbers are spoofed.
Last week Apple did an unplanned update of iPads and iPhones to 9.3.5 to fix three security vulnerabilities. While this is hardly news in itself, the way these software flaws were revealed raises a lot of questions.
The security vulnerabilities, due to flaws in the IOS software, were discovered by Citizen Lab at the request of the United Arab Emirates (UAE) human rights activist Ahmed Mansoor. What happened is that Mansoor received an intriguing text message with a link (above photo). Mansoor did not recognize the number and though it contained a tempting message, he did not follow the link but instead requested that Citizen Lab analyze it.
What Citizen Lab found was alarming. They clicked on the link to see what would happen on their phones in the lab. What they found was the link took advantage of the three so called zero day vulnerabilities in IOS to infect it with “advanced” malware used to turn the phone into a spying device. The malware took over the camera and microphone. It could retrieve email, contacts, location, messages and really anything on the phone and send it to a remote server. When this malware is loaded, the phone is “owned” by the writers of the malware. Lesson: NEVER click on a link in an email or text message, whether you think you know the sender or not!
There is really only one attribution for this hack, the UAE government. They were the only ones to be even remotely threatened by Mansoor. So what of it? Don’t repressive governments around the world spy on their citizens all the time?
Well, the malware was apparently a tool sold by a private company called the NSO Group. This is an Israeli founded company but apparently owned by an American company, Francisco Partners.
I have personally had many dealings with the Israeli cybersecurity community since 2006 and can assure you that they have the talent and incentive to form such a company, and there are several other private companies doing this as well. They appear to be selling their hacking tools to foreign governments, who then use the malware to spy. What this means is that a small country does not need a large spying agency such as the NSA, it just needs money.
Obtaining and using unauthorized access of computing systems is a crime in the United States and elsewhere. As a private American citizen, you cannot legally hack into anyone’s computer anywhere in the world. But, apparently as an American you can own and profit from a company that does just that.
Posted in Cyber Security by Mark with comments disabled.
Boat fire!
Smoke and Flame From a Large Boat Fire
Every other morning I go for a run through the sleepy little town of Rock Hall and end up at the marina shower. Today, after my run I was walking back from the shower to our boat and saw a column of thick black smoke rising from the marina next door. I was just passing one of the marina workers and asked him if he saw the boat on fire. He said “holy sh*t!,” and called it in. He had never seen such a thing before. We watched as the flames shot 30 feet into the air. Many explosions, probably from propane tanks, and pops like gunfire!
About 10 minutes later the firemen showed up and stretched a fire hose all the way from shore along the docks to the boat and had it extinguished in about two minutes. I’m sure the boat was a total loss and may have even burned the neighboring boats.
Shelly got back from her walk just then and said she had seen the smoke from a distance. She had to avoid getting hit by the responding fire tankers (there are very few sidewalks on the streets here).
Shelly heard later that it was a brand new boat (power, not sail) and it was unknown if there were any injuries. Turns out there were no injuries. Strangely enough, I was the first one to see the fire and luckily had a guy with a phone nearby to report it. I was surprised to see how quickly the boat went up in huge flames, something to think about.
Posted in Sailing by Mark with 1 comment.
The National Security Agency’s Cyberweapon Leak
What Is Going On with the NSA?
The recent news stories about the cyber weapon leak by a group known as The Shadow Brokers is quite disturbing if true. The story is that this group “hacked” the National Security Agency, appropriated some advanced cyber weapons, and are now auctioning them to the highest bidder online.
The overriding questions are:
Is this real?
How did they do it?
Who are (or is) The Shadow Brokers?
Due to all the secrecy surrounding such agencies, we will probably never know for certain what has happened here, if anything. However, there is a large enough, highly skilled and credible cyber security community today that does not work for the government and their collective opinion should be highly regarded.
The consensus opinion is that yes, these are real weapons, though vintage 2013 or earlier and not the latest. They mention weapon names referred to in the leaked NSA ANT catalog. There is a lot of evidence that this catalog is real and was not leaked by Snowden, but some other NSA insider. I have an earlier post about how security measures I implemented in a product prevented the NSA from gaining access and thus “defeated” the IRATEMONK product in the ANT catalog.
The authenticity of the weapons was supported by evidence from The Guardian, who has access to all of Edward Snowden’s leaked NSA data. The Guardian has not publicly released all the Snowden files and it was confirmed that some information not released to the public was mentioned in the Shadow Broker’s data. There were other more subtle clues as well that pointed to these as being real NSA hacking tools.
How was the NSA hacked? No one knows for sure but most think the actual NSA wasn’t hacked, per se, but the tools were found, or taken from, a proxy server. This could have happened if the NSA was doing training “in the wild” and got sloppy and left their tools on a server instead of cleaning them up. Someone then found them. This is Snowden’s theory.
So who are (or is) The Shadow Brokers? A good theory is that the NSA has yet another insider taking information a la Snowden. It probably had nothing to do with Snowden, by the way, since the tools are dated about 6 months post-Snowden revelations. Another good theory is that a nation-state is taunting the US. Could be Russia. Could be China. Really, it could be Pakistan for all anyone knows about that. It’s very difficult to attribute such attacks in cyber space.
It really doesn’t matter who the hackers are if the NSA is getting this sloppy. How many spy agency leaks have you heard about from Russia? From Israel? From China or North Korea? Probably none. They all have spy agencies on par with the NSA, as do many countries.
Consider the danger of cyber weapons. They are probably as dangerous as physical weapons like missiles and nuclear bombs, especially to advanced, internet driven societies such as the USA, Europe and Japan. Yet cyber weapons are very much unlike physical weapons in that you cannot contain or control them. The NSA relies on secrecy and whether their employees follow good security practices and are loyal, and you see where that got them.
And us.
Posted in Cyber Security, Hacking! by Mark with 1 comment.
Outfitting the Boat: A Dinghy
Dinghy Transport, Redneck Style
There are several items, and we are discovering them every day, that we need before we get going on a long trip. One thing is a dinghy. These are small boats that allow you to get around from your large boat, to get to shore when you are anchored in the bay, for example. They are small, usually motorized boats that you carry with you on board. “Small” is a relative term, however. A practical dinghy that is most useful in a diversity of locations is about 10 feet long, holds at least 4 people, has a hard bottom and a 10 horsepower outboard motor.
Anyway, we found one on craigslist for about half the price of a new one, which is a fantastic deal. It’s an inflatable dinghy (see link above). It was located in Annapolis, so we would have to transport it about an hour and a half to the marina where we are located. We were considering renting a truck, but that was very inconvenient so instead we decided we could probable fit it into our Honda Element. It was… A challenge.
First problem: it had to be deflated to fit in the car. Ok, solved. We let the air out. Second problem, it weighs about 150 pounds – EVEN WITH NO AIR! 😉
Fortunately, three of us were able to stuff it into my car. Unfortunately, I could not see out of the rearview mirrors in the center or left of the car. We did some further manipulation and I was able to not only see out of the left side rearview mirror, but Shelly could crunch into the space below the shotgun seat! The problem was, it was sticking out about two feet from the rear hatch closure.
We manuvered to a marine store and bought some line to hold the dinghy inside the car and the rear hatch door closed. We then drove an hour and a half to the marina, looking like the the Beverly Hillbillies.
We struggled, in the hot and humid afternoon, to get the damn thing out of the back and pumped back up. We then levered it over the dock pilings and dropped it about ten feet into the water in front of curious onlookers. We got in and awkwardly rowed it back toward our slip. It was surprisingly difficult to keep in a straight line while rowing.
We still need to acquire an outboard motor but we now have a dinghy…
Radio setup
You Might Be Happy Not to Have to Deal With This Every Day
Pactor Modem (above, with lights) and Marine SSB Radio Below
One of the first systems I tackled on the Good Karma was the ssb radio. Nothing is easy and this proves the rule. The importance of this radio is that it is a long distance communication system, like over a thousand miles. This is necessary for ocean travel where your only communication link may be this radio. Here is my experience, skip this if you have no interest in radios:
This is a long-winded essay about how to patch together a circa 2002 model ICOM M710-RT marine band SSB radio, a Pactor modem, and a modern Macintosh MacBook Air to work as an email system. This is about hacking old technology and new, incompatible systems to make them work together, like something they’d do on Star Trek.
My recently acquired sailboat has a Marine Icom M710-RT SSB radio and a Pactor II Pro modem (with pactor III firmware upgrade). You can set this radio up to send and receive email over HF frequencies while out at sea far from land. The data rate is slow so only small data sizes are practical, like text email.
A system called “Sailmail” uses the marine bands to send and receive mail. Unfortunately, sailmail is a subscription service that costs a bit over $200 per year to use. Sailmail depends on a system called “winlink” to work. Winlink is a radio email service set up by amateur radio enthusiasts (hams).
Because amateur radio cannot charge for services, winlink is free IF you have one of the advanced amateur licenses AND an amateur radio. I have the license. All I needed was the radio set up on our boat.
Getting the radio set up was an issue. I have a Yaesu FT-993, a great amateur radio, but I would need to install it and supporting systems to get it to work. And on top of that I’d still need to keep my ICOM for marine band operation as the Yaesu would not operate on those frequencies. (Note: I probably will install my amateur radio in the future as it is a far more versatile radio on ham frequencies).
But I also knew that a trick radio manufacturers use to keep their costs down is to build one radio that they can enable for whatever market they want to sell into. So essentially the same generic radio can be built and then set to work on ham freqs or marine freqs or police freqs, for example. These radios can be enabled to work on all frequencies they are built for, the trick is to know the secret modification and do it yourself.
In the old days this was accomplished by cutting traces on a board or some simple hardware modification. Since the late 1990s, almost all radios can be changed by reprogramming the firmware.
So I knew both of these radios could be programmed to work on both amateur and marine freqs. And it seemed pretty straightforward to choose to reprogram the system I already had in place. Another technical reason to try to reprogram my ICOM – it is legal to use the marine radio to transmit on amateur freqs but NOT legal to use the amateur to transmit on marine band freqs. Why? Because the FCC wants only approved radios transmitting on controlled bands like marine, police, fire, etc. The amateur band allows a lot more leeway, you can pretty much use any radio as long as you don’t exceed the limits of the band, like keep the power under the legal limit. So the marine radio can transmit on ham bands, you must have an amateur license of course.
So I set out to get my marine band radio modified and working on ham bands.
The ICOM M710-RT is a great, though somewhat dated radio. I also have a Pactor II pro modem, an expensive system that would be quite expensive new, I believe greater than $1000 for an out-of-the box modern one. The modem can be controlled by a computer via a serial cable.
The system connection is as follows: Computer ——-Pactor Modem———Icom Radio
The connection between the modem and the radio is already in place and there is no need to mess with it. The computer-to-modem connection is an old 9-pin serial port, not built into Macs. Fortunately, there is also a Keyspan USB-to-serial adapter in place so at least I can use a USB port that IS on my Mac.
I consulted several web forums about getting this stuff to work together and what has been successful or not, and after experimenting a lot I finally got things working after about two weeks. I am an expert in software, devices and radios and this still took me about two weeks, it was NOT easy. Here’s why:
Winlink is a Windows program, there is no Mac version and I’m not sure if Winlink has been updated at all since 2008 or so. I have a Mac. You can run Windows programs on a Mac using various tools, some are better than others. A program called “Crossover” was recommended by many and so I bought that. Not too expensive if you don’t need tech support. Considering that we live in a world of shareware, it’s actually quite expensive however.
Then I needed to get the Keyspan USB driver for Mac. Pretty easy, it’s online. Unfortunately it took a while to realize there was no native driver available, my Mac did not warn me when I plugged the Keyspan in.
Getting Crossover to work was not difficult. I set it up to run a Windows 7 environment. Crossover does not come with a lot of OS support and you have to “install” utilities such as an unzip utility. This is required so that you can unzip the Winlink software and install it in your emulated Windows environment. There is also some funkiness setting up the serial COM port emulation to USB on a Mac, but not really difficult and there are good write-ups out there on the web about how to do this.
Winlink is not extremely user friendly but it’s not hard to figure out and there are youtube tutorials out there.
The big test was to determine if Winlink can talk to the Pactor modem. After a few tweaks, got it working and the first message to pop up was “You need Firmware version XXX to run Winlink on this modem.” I needed to update the Pactor modem firmware. That’s pretty easy to do, the company SCS has all the firmware and tools necessary to update the modem.
So, modem firmware updated. Next I tried to send some radio email via a Winlink station. No can do, my Icom would not allow those frequencies. Winlink won’t let you use the Marine frequencies either, you need Sailmail to do that.
Now it gets fun, trying to update my Icom firmware.
First I email Icom and ask for the tools. They said they can reprogram the radio but I have to get it to an Icom service center. That is absolutely ridiculous, I’d have to extract my radio and ship it to another state and wait for them to get around to it, and probably have to pay a few hundred dollars for the privilege.
I did some more digging around and found out that the Icom can only be programmed via a special DOS tool using a special cable. DOS. Didn’t that go away in the 80s? Wow. But not unheard of, it’s a legacy product supported by a legacy tool, not uncommon in the firmware industry.
What was more disturbing were claims that you needed to have a computer running DOS natively, not on top of Windows, and the machine had to have one of the old-style serial ports. Turns out that isn’t true if you get a good DOS emulator. That was better news. The recommended emulator was “Dosbox,” it’s free though they ask for a donation.
There is a Mac version of Dosbox that works well. Next, get the Icom software tool and a cable. Search around through the various forums and google, and you find references to an app called EX1726.EXE. The tool has been pirated and is out there if you look. The cable is an OPC-478.
Next get a USB-to-Serial programming cable for the Icom. Ebay has several so I ordered one, shipped to the marina in a couple of days. Plug it in to my computer and Icom radio (and another USB driver from the web). Set up a Dosbox serial port and run EX1726.EXE in my emulator.
Seemed to be working, but in reality I had no real feedback that it was working at all. This was a simple firmware read-modify-write program. I’ve written these apps and even had a patent on a certain aspect of reprogramming a device way back when. Anyway I knew what was “going on behind the curtain” so I tried the function that reads the memory and got a “clone error.” It wasn’t working.
I dug around a bit more and found a Yahoo group dedicated to the M710. I joined and bingo. All kinds of tech information on this radio and pirated software. Turns out the cable I got was for the M710 but doesn’t work on the M710-RT. The cable type for the RT version is OPC-552 Also, the app needed was called EX2144.EXE made specifically for the RT version. Ok. Well, I’m confident I could have modified the cable I had to work but I didn’t have the parts available. Found another cable supplier on Ebay and ordered another cable.
Cable came in, fired up the radio and YES, I could program the radio. I enabled all the ham HF bands and went back to Winlink. This morning I was able to send and receive email over my SSB radio on ham frequencies. Success, but not recommended for the faint of heart.
Posted in Electronics and Radios, Hacking!, Sailing by Mark with 2 comments.
An Amazing Ship!
Below Deck on the Good Karma
Kitchen on the Good Karma
A sailboat is an incredible thing, there are so many different systems packed into a small space that it boggles the mind. Consider how many: For propulsion you have sails and rigging as well as an engine. There is an anchoring system. Electronics include cabin lighting, navigation lighting, navigation instruments, radios, fans, a radar and even a microwave oven. There are pumps to keep the water out of the ship, pumps to pressurize the fresh water, as well as several others. There is an air conditioner, water heater, oven, and refrigerator. There is a generator to produce power when you don’t want to run the engine. There are heads (bathrooms) with the fresh water and sewage handling plumbing. Not to mention the living space. All of these systems and more exist in a space a bit larger than the size of an RV.
They all work quite well. We have to learn how all of these systems work, plus how to handle a boat that is larger and much heavier than we have had experience with in the past. That is why we gave ourselves a month of training trips out of the marina.
We are getting better at docking the boat. As long as you approach really slowly, just about anything else is forgivable!
Posted in Sailing by Mark with comments disabled.