12 April 2015

I hate SPAM, and GoDaddy is Useless!

After the debacle with my CenturyLink DSL last summer, I had to make a quick decision on alternatives to hosting my own domain, email and web. I ended up being off the network for two weeks when CenturyLink couldn't figure out how to restore my DSL server when they did an upgrade that I had already cancelled. Many years ago, I used a domain-hosting service called DomainDiscover that registered my domains and DNS, redirected web requests inside of a frame, and relayed email from a virtual domain to my ISP account. After I started running Apple's OS X Server, though, I realized that I could provide most of those services myself, on my own home server. My ISP, NeTrack, who was later acquired by Indra's Net, provided a static IP address, so hosting my own domain was fairly straight-forward. Once I started running my own services locally, I decided that it wasn't necessary to be paying DomainDiscover for the other services that I wasn't using any longer. All I really needed was a domain registrar. Checking on pricing, it seemed that GoDaddy was about the least expensive, and while nobody had a great customer service record, GoDaddy was large and established, so I transferred my domain registrations to them. So, when my DSL was down for an extended period of time, I did some quick checking, and discovered that GoDaddy had recently started using CPanel virtual Linux hosting, and had hosting plans on sale for half-price, so it was only about $5/month, as I recall. Since my domains were already at GoDaddy, it was easy to setup the hosting account, and I was able to get email service back up in a matter of minutes. Over the next couple of weeks, I was able to create MySQL databases and restore backups from my home server, and migrate all of the content for Drupal, so I had my websites backup in a couple of hours. Since that time, however, the amount of SPAM that I receive has increased significantly. While cPanel includes SpamAssassin, it allows very little configuration, so its practically useless. What is worse that the SPAM is the backscatter. These are bounced messages from a forged sender that look like came from me, but didn't. When the SPAM can't be delivered, it sends the failure notice to the forged sender's address, which is mine in this case. I'm getting over 500 backscatter daily! Let me say at this point that if you have looked up my name or email address on the web, because you're angry that I'm sending you SPAM about something seen on the Oprah show -- I'm not the one sending it, I haven't been hacked or infected with a virus or worm, and it didn't come from my computer! My domain, or rather my domain's email server, is being spoofed by spammers, who are obviously sending huge quantities of SPAM from a variety of different sources, pretending to be my domain.

What does backscatter look like, and how can you tell where it came from?

Let's take a look at the headers from one of the messages. There different ways to do this in different email applications. In Apple's Mail, I choose "Message -> Full Headers" from the View menu. ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org) by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85) (envelope-from ) id 1YhKy8-0002yW-SZ; Sun, 12 Apr 2015 09:42:49 -0700 Subject: from: Brandon Tate From: Brandon Tate Content-Type: multipart/alternative; boundary=Apple-Mail-291EBA29-F9D3-9F3D-1ECC-F30B84161BF8 X-Mailer: iPhone Mail (11D257) Message-Id: <0bfcd819ccfa e68a1153="" f5a993f5="" tombaugh.org=""> Date: Sat, 12 Apr 2015 05:42:44 +0000 To: Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (1.0) --Apple-Mail-291EBA29-F9D3-9F3D-1ECC-F30B84161BF8 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi! How are you? Have you seen this before? Oprah had been using it for over a year! ----------------- First, let's look at the "From:" line From: Brandon Tate If a human were to look at this, its apparent that the name and address don't match. However, many email applications now hide the actual email address, and only show the sender's name, so many people aren't even aware that it has been faked. Now, let's look at the "Received from" line: Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org) by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85) This shows the IP address making the connection to the SMTP server. You can find who this address belongs to by doing a "whois" lookup, from a website, the terminal or command prompt, or the Network Utility on a Mac. I did a whois lookup, and see that address is assigned to Saudi Telecom: Whois has started… % This is the RIPE Database query service. % Information related to '188.52.0.0 - 188.52.255.255' % Abuse contact for '188.52.0.0 - 188.52.255.255' is 'registry@saudi.net.sa' inetnum: 188.52.0.0 - 188.52.255.255 netname: SAUDINET_DSL_POOL descr: DSL HOME Subscribers country: SA role: Saudi Telecom Co. Registry Admin-C contact address: STC complex, murslat, Riyadh address: P.O.Box: 295997 address: Riyadh 11351 address: Saudi Arabia phone: +966-11-4434970 % This query was served by the RIPE Database Query Service version 1.78 (DB-3) I live in Colorado, and my domain is hosted by GoDaddy in Phoenix, so this definitely didn't come from me! Next, on the same line, see the "HELO=" which shows the name that the sender proclaimed to be -- mail.tombaugh.org. If you lookup this host name in DNS, it shows: dig mail.tombaugh.org all ; <<>> DiG 9.8.3-P1 <<>> mail.tombaugh.org all ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- -="" 0="" 128="" 12="" 13:29:05="" 1="" 2015="" 23.229.231.36="" 2="" 3600="" 45335="" 600="" 65="" 75.75.75.75="" a="" additional:="" answer:="" answer="" apr="" authority:="" cname="" flags:="" got="" id:="" in="" mail.tombaugh.org.="" msec="" msg="" noerror="" opcode:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" status:="" sun="" time:="" tombaugh.org.="" when:="">>HEADER<<- .="" 0="" 10800="" 12="" 13:29:05="" 16="" 1800="" 1="" 2015041200="" 2015="" 3976="" 604800="" 75.75.75.75="" 86400="" 900="" 96="" a.root-servers.net.="" a="" additional:="" all.="" answer:="" apr="" authority:="" authority="" code="" flags:="" id:="" in="" msec="" msg="" nstld.verisign-grs.com.="" nxdomain="" opcode:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" soa="" status:="" sun="" time:="" when:=""> The DNS query shows that the IP address for mail.tombaugh.org is 23.229.231.36, not 188.52.86.70. In my opinion, this should cause the email to be blocked immediately! Unfortunately, it was accepted for delivery, but bounced, and sent the failure notice back to my account.

What can be done to prevent SPAM?

Unfortunately, it is obvious that the SMTP server that received the message isn't validating the reverse DNS lookup from the HELO, and they aren't checking the SPF record. Who's email server is that not checking these basic parameters? Lets look back at the received by line: Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org) by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85) Oh my gosh! That's one of the servers in the secureserver.net domain operated by my hosting company, GoDaddy! So GoDaddy's cPanel virtual Linux hosting email servers are not checking that the senders name and address match, nor are they checking their own SPF records in their own DNS for the domains that they host for their customers! The first line of defense against SPAM is in the SMTP server itself. The SMTP server bundled with CPanel is EXIM. Exim has the helo_verify option which will reject mail if the sender doesn't open with HELO or EHLO, or if the address verification fails. This is obviously NOT enabled. If it were the SPAM would get refused before it was sent. The second line of defense is to use a blacklisting service such as SpamHaus to see if the sender has been identified as a spammer. I checked the address 188.52.86.70, and its in the SpamHaus Zen blacklist, and several other services as well. This leads me to believe that GoDaddy isn't using a blacklist to validate senders, either... The next check that should be done would be to verify the authenticy of the sender using a certificate, Yahoo's DomainKeys or DKIM, or Sender Policy Framework. One of GoDaddy's own Support articles suggests creating SPF records in their DNS, which is ironic since their own servers don't seem to check SPF records!. This is what an SPF record looks like: dig mail.tombaugh.org txt ; <<>> DiG 9.8.3-P1 <<>> mail.tombaugh.org txt ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- 0="" 107="" 12="" 13:29:32="" 154="" 18254="" 1="" 2015="" 2="" 3600="" 75.75.75.75="" a="" additional:="" all="" answer:="" answer="" apr="" authority:="" cname="" code="" flags:="" id:="" in="" include:secureserver.net="" mail.tombaugh.org.="" msec="" msg="" mx="" noerror="" opcode:="" ptr="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" status:="" sun="" time:="" tombaugh.org.="" txt="" v="spf1" when:=""> The SPF record is stored as text, and shows the names of the mail servers that are authorized to send for this domain. In this case, its including any mail server run by GoDaddy. According to GoDaddy, after wasting an hour talking with their technical support, I should change my email account password, and create an "SPF" record in my DNS... The problem is, the mail didn't come from my account, so changing my password won't affect anything, and I already have an SPF record! The technical support people at GoDaddy that I talked with today claim that since this email is being handled by cPanel that they can't change the settings to enable helo_verify, set a blacklist, or enable checking SPF records, which I think is bullshit! Even if GoDaddy weren't able to change the configuration for cPanel, they could (and should) relay their inbound email through their own gateway servers which ought to incorporate these kinds of basic filtering mechanisms. I'm frustrated that not only is GoDaddy not helping to prevent or block SPAM, it appears to me that, in essence, they are enabling the spammers! Any combination of the three simple configurations that I outlined above would prevent this spam from being sent to thousands of recipients, and would eliminate hundreds of backscatter messages per day as well. The only option that they were able to recommend is to move to a virtual Linux host, instead of cPanel, so that I could do all of the work to setup these things myself. This is what I was expecting to avoid by hosting my domains with a "professional" hosting organization. So, until I decide to host my own server again, I'm going to be deleting ~500 backscatter and a bunch of other SPAM every day...

30 May 2011

Driving in the Mountains

We're spending the weekend at our trailer in Buena Vista. It was too windy yesterday to ride our bikes that we brought up, so we decided to drive down Highway 50 over Monarch Pass down to Gunnison. This weekend has been my first chance to drive my new VW Jetta SportWagen TDI in the mountains, so I was interested to see how it handled the higher altitude and steeper grades. The 2.0L TDI makes plenty of power to ascend even a 7% grade at 11,000 feet.

What I was even more impressed with, though, was how well the DSG transmission worked on the descent. I'd already noticed that when braking, the DSG will downshift to help slow down using engine braking. What I had not thought about was how nicely that would work when descending a 7% grade. When coming down from the pass, holding the brake for a moment would cause the DSG to downshift one or two gears. It would hold that gear until I touched the throttle again. It worked perfectly to control the speed coming down a steep grade. I know that I can use the Tiptronic mode to do this manually, and that it will even automatically match the engine speed, but I was impressed that in automatic mode it did this so well on its own.

My previous vehicle, a GMC Sierra K-2500 truck with the Duramax Diesel and Allison transmission would do downhill engine braking, but I think only when it was in Tow/Haul mode. It also worked quite well to control the speed, especially when we were pulling the trailer.

I was also quite pleased to see that for the trip to and from Gunnison, including going over Monarch Pass twice, we still averaged 36 MPG!

07 May 2011

VW Jetta SportWagen TDI

Last week I bought my new 2011 Jetta SportWagen TDI, the day before we took a 3,200 mile trip from Denver through Missouri to North Dakota, and back again. The TDI was the perfect car for the road trip, roomy and comfortable, and up to 43MPG on the highway. Based on fill-ups, my best mileage was 39.67MPG, with 486 miles on one fill-up and still a 1/4 tank left. My overall mileage has been about 37MPG, combined city/highway for the first 3,500 miles.

There are quite a few things that I really like about the new Jetta:


  • The fuel economy is fantastic. Even in the first 3,500 miles, I'm getting at least 30 MPG driving to and from work, and over 43 MPG on the highway, if I keep the speed down a little...

  • The TDI makes plenty of power, especially for an engine that gets such great fuel economy. Although its only 140 HP, the diesel makes 236 ft-lbs. of torque, which is really more important. Plenty of power to accelerate onto the highway, or for passing. I'm anxious to get up into the mountains to see how it does at higher altitude.

  • Even though the fuel tank holds only 14.5 gallons, with the great fuel economy that's enough fuel for a range of about 500 miles on the highway, so you don't have to stop to fill up so often.

  • After much internal debate, I finally decided on the DSG automatic rather than the manual transmission. While my previous Jetta has a manual transmission, and I can certainly enjoy driving a stick-shift, I thought that for the long term the automatic might be more comfortable. Since the DSG doesn't use a conventional fluid torque converter, its more efficient than traditional automatics, and in fact is often rated with higher fuel economy than the manual. I also thought that since the diesel has a lower redline and narrower (and lower RPM) power band than a gasoline engine, that with the manual you would need to be shifting constantly to stay in the appropriate gear. I decided that it would be better to let the transmission do that for me! Driving the DSG still feels a little quirky at times, although its generally very smooth and shifts very quickly. At startup it feels a little slow to engage sometimes, which can lead you to open the throttle a bit more. Once the transmission and turbo get engaged, it makes for quite a quick start, often quicker than intended. It can actually be challenging to drive this car slowly! ;-) With a bit more practice and patience, though, I'm getting the hang of making smooth starts. The other thing that is taking some adjustment is that the DSG downshifts for you when braking to help you slow down. It seems like the harder you brake, the quicker it downshifts, so braking smoothly can be challenging if you're not paying enough attention. Again with some more practice I'm sure that I'll have the proper finesse soon!

  • For a compact car, there is plenty of space inside. The Jetta seems almost as spacious as our Passat, and was very comfortable to ride in even for a long trip. The seats are very comfortable, and easily adjustable to keep comfy even on a long drive. The electric heat was handy to have, as it was only 27 degrees in North Dakota on the morning when we left.

  • The car came standard with Bluetooth integration for my cellphone. While this isn't something that I may have ordered if it were an option, I'm really liking the way that it works. Once paired with my phone, it automatically links every time I start the car. If I get a phone call while I'm driving, I can press the phone button on the steering wheel with my thumb, and it mutes the stereo, answers the call, plays it through the speakers, and has a microphone built into the overhead console. It really works quite well.

  • I love the soft leather-wrapped 3-spoke steering wheel, with built-in controls for the stereo, phone, and trip computer. I tend to hold onto the lower portion of the steering wheel when driving on the highway, and many 4-spoke wheels like the one in our Passat don't have enough spacing between the top and bottom spokes to fit my hands into comfortably. The 3-spoke wheel works perfectly.

  • The car I picked out has the panoramic sunroof and 17" wheel package. I love having the sunroof for ventilation, and it makes the car feel much more open and roomier, even in the back seat, since the glass comes back over the rear seats as well.

  • The TDI comes with the Multi-Function Display trip computer, which shows the instantaneous and average fuel consumption, both for the current trip and cumulatively. The trip counters reset after two hours, so it always shows your current activity. It also tracks duration, distance, and average speed for both the current trip and cumulatively. The MFD will also show the phone status, and the current selection on the radio. A new addition, compared with our 2008 Passat, is a simple, large digital speed display. Very nice...

  • The touchscreen AM/FM/Satellite Radio/6-CD Changer is also great. Again, although satellite radio is not something that I would have ordered, we did enjoy it on the trip. It was nice to be able to pick a channel by category, and not have to constantly hunt for local radio stations while traveling. I am having the factory Media Device Interface for the iPod installed by the dealer this week, so in the future I'll be able to control my iPod through the radio as well.



So what's missing? I think that about the only thing that would make this car better, perhaps perfect, would be if it were offered with all-wheel drive. Volkswagen has their 4-Motion all-wheel drive systems, like the Audi Quattro, which is only offered on a few of the high-end trim levels of the Passat and CC. There are European versions of the Jetta/Golf that are offered with both TDI and 4-Motion, but not in the US. Even the Audi A3, which is offered with the TDI, or with Quattro, isn't available with both TDI and Quattro. I would most likely have gone with the more expensive A3 if Quattro would have been offered.

I've heard that with the recent tragedy in Japan, that production of many Japanese auto brands may be severely limited for the near future. While Subaru has a US-based factory in West Lafayette, IN, it has closed a number of its plants in northern Japan, the area that sustained the worst damage from the earthquake/tsunami. I think that if VW were to offer a 4-Motion-equiped version of the Jetta SportWagen in the US that it would likely pick up a fair share of Subaru's market. I would guess that many Subaru buyers make their selection because of the all-wheel drive.

24 October 2010

State High School Marching Band Competition



Yesterday we went to the Colorado Bandmaster's Association State 4A/5A High School Marching Band Finals held at Falcon Stadium at the Air Force Academy near Colorado Springs.

First I have to say how amazing each and every band performed! I'm very impressed by the level of performance shown by all of these kids. I think that are far above where I remember my high school band, and possibly college bands at the time as well.

I was planning to take pictures of Arapahoe's band and color guard during the semi-finals, since it was during the afternoon when there would be plenty of natural light. We got a phone call from one of the color guard parents asking for help moving the large props that are used during the performance, as not all of the volunteers that they had arranged for had been able to make it. We were happy to help out, but it was a lot of work to wheel them down the hill from the parking lot, and into the tunnel leading to the field. It turned out that the tunnel wasn't quite as tall as they expected, and the candy cane tubes were slightly taller than they thought, so they were a few inches too tall! We tipped a couple of the at an angle to get them through, but decided that was taking too much time. We discovered that removing one of the tie-down straps that attaches the tube to the base allowed the top tube to drop down just enough to clear the top of the tunnel. A quick re-adjustment on the other end of the tunnel, and everything worked out just fine.

Unfortunately, that meant that our vantage point for their afternoon performance was from behind the end zone, instead of high up in the stands, and without my camera...

Arapahoe placed fifth in the semi-finals, so they moved on to the finals in the evening. We were told that there should be plenty of volunteers for the evening, so that we could return to the stands to watch. Even though the 4A finals were first, we wanted to watch, since we've seen some of the 4A bands at some of the other competitions.

During the Loveland High School Band performance, the woman sitting directly behind me was constantly "cat-calling" and "hooting and hollering" so loudly that I couldn't hear the band at all! I tried moving over into the empty seat next to me so that i wasn't directly in front of her, but it didn't really help... At the end of their performance, as the women was gathering her things, she hit me in the head with her bag! She muttered "sorry" and I turned around to tell her "that wasn't as bad as all of the screaming..." She then told me that "if I didn't want any noise, that I shouldn't have come." I told her that I came to hear the bands, not the parents... She then had the gall to tell me that I "should have sat somewhere else..." as if I had some choice about sitting in front of her... What a b****... I guess there isn't much "love" in Loveland... ;-) This is as bad as Little League, where the parents behave worse than the kids, and are more competitive. You know, I think that if she had said "sorry" that she "just got excited when her kids were performing" I probably would have gotten so irritated... But when she turned it back to become MY fault, it really made me angry!

Loveland ended up in second place, behind Air Academy High School, who are very impressive with their speed and precision in their formations. Loveland's show incorporates spreading several enormous tarps on the field in the shape of a crescent moon, one of the elements of their show. It takes an inordinate amount of time to lay out all of the pieces, which have to be taped together in places to hold them down. Last night, two of the kids fell on them. A trombone player seemed to have tripped over one of the edges, and one of the color guard girls seemed to have lost her footing on the slippery surface. I hope that both of the kids are OK...

Arapahoe had perhaps their best performance of the season in the finals. Since they are a smaller band than most of the other 5A bands, they don't seem to project as well as the other bands. They have a great show, though, and did very well. The color guard did a great job, with only a couple of little slips. Overall, the judges marked them 0.4 points lower than Douglas County, so they finished in fifth place in the finals as well. They were rated fifth in the state going into the competition, so really they did as well as expected. See all of the scores here.

Being somewhat new to this, I have a few observations about band competitions in general.

One of the things I find interesting is that the bands are lead by student drum majors, not by the band directors... They do an awesome job of directing, and have amusing salute routines when they start and finish, and during the award presentations. However, I guess that I object somewhat to them being spotlighted so much more than the rest of the band members. Most of them are in different uniforms than the band, which seems unnecessary to me... We can tell that they are the drum majors when they climb onto the stand. Also, some of the bands have their drum majors, who are predominately girls, dressed in evening gowns. While elegant, it doesn't seem to fit in with a "marching band."

Another thing that surprises me is that all of the bands have a "percussion pit" that seems more suited to a concert band than a marching band. Lots of bells, marimbas, and xylophones, chimes, timpani, gongs, etc. Some of it seems like gratuitous use of as many percussion pieces as possible, whether warranted or not. Some of the bands also have electric bass and guitars, and synthesizer keyboards, which are hardly classic marching band instruments. I also notice that none of the bands use handheld cymbals in the drum line, only in the percussion pit. The exhibition performance while the judges tabulated the results was by the University of Northern Colorado band, who didn't use any percussion pit, and had four cymbals in the drum line that worked very nicely.

I also think that some of the elaborate scenery pieces, particularly the tarps spread on the field, like Loveland uses, are both unnecessary and dangerous. Having to step on and off of different surfaces while marching backwards seems like too big of a risk to make it worthwhile. Douglas County High School uses tarps, too, but much smaller than Loveland, and only in one corner of the field. I think that they start out on the tarps, but I don't think that they return to them during the performance.

Again, though, I was very impressed with all of the bands, and congratulate everyone who participated, as a performer, parent or staff. Its obvious that everyone puts a tremendous amount of effort, and lots of practice time, and it all showed on Saturday.

23 September 2010

Car Computer vs. Droid

I've been meaning to post something about this for some time, but haven't had a chance...

Last year, I was making some plans to install a computer in my car, to use for navigation, entertainment, etc.

However, in February, I upgraded my cell phone to an Android phone, a Motorola Droid from Verizon.

What I've realized is that everything that I wanted to do with the car computer, Droid does!

I was planning to take my old G4 Mac Mini, and mount it in the trunk. I found a power supply from Carnetix that works with the Mini, and will wake or sleep the computer with the ignition. I found a head unit from Xenarc that is a standard DIN unit that would fit in the dash of my Jetta. The Xenarc has a DVI input to connect for the video on the Mini. It uses a touch screen, which connects to the computer as a USB mouse. It has the amplifier and radio tuner, a volume control, balance and fader, tone controls, etc. so that it works as the head unit even without using the computer.

I have an old Garmin GPS-III, with a serial cable and USB adaptor to use for navigation, using RouteBuddy as the software.

Since the Mac Mini can play DVD's, and has iTunes for music, it would be easy to use for in-dash entertainment. I was thinking that Front Row would make a decent interface to use in the car. I found a plug-in framework called FrontPython that allows adding other applications to Front Row. I was going to build a FrontPython plug-in to add RouteBuddy to Front Row to make it easy to access.

When I got my Droid, I also got the car dock, which is a suction-cup mount that the Droid clips into while driving. The phone works well enough using the speakerphone that I use it for hands-free operation. The Google Maps navigation works great, especially with the voice search. I have used DoubleTwist to sync my iTunes library to the Droid, so I have music available if I wanted. Since the Droid uses a standard 3.5mm headphone jack, I could plug the Droid into auxiliary input on my existing car stereo. I can also stream video from a variety of sources, so I can get plenty of entertainment from the Droid, including email, web, testing, twitter, etc.

Part of my reason for wanting the car computer was to keep me occupied on the frequent occasions that I was sitting in the car waiting for kids. With the Dorid, I have plenty of entertainment, and navigation, in my pocket at all times.

17 July 2010

A Lightweight Approach to Wireless Access Point Geolocation

By Brad Tombaugh 17 July 2010
Brad@Tombaugh.org
www.Tombaugh.org
Brad@FullCircleTechSolutions.com
www.FullCircleTechSolutions.com
BTombaugh@gmail.com
Tombaugh.BlogSpot.com

Draft 1.0

Introduction:



One of the side-effects of "wardriving" to detect the locations of wireless access point (WAP) using a mobile device such as a laptop computer with a GPS is that all of the locations of the WiFi hotspots all appear on a map at the location where they were detected, not where the source of the radio signal originates. This generally means that all of the mapped locations of detected networks are marked in the middle of a street.

Theorum:



The geographic location of a wireless access point (WAP) can be approximated by recording the GPS coordinates and signal strength in three or more locations. The point of origin can then be calculated using trilateration.

To optimize efficiency for use with a mobile device such as a smartphone, use of a simple algorythm to capture four points, corresponding to the minimum and maximum latitude and longitude coordinates where the signal from the WAP can be conveniently measured.

Assumptions:



The maximum signal range of a typical commercially produced, consumer-grade wireless access point is roughly 300 ft or 100m.

Since most commercial wireless equipment is provided with an omni-directional antenna, its assumed that the radio signal radiation pattern can be expected to be roughly circular.

While buildings and terrian can reduce the range of wireless signals, in a typical residential area the interference could be assumed to be roughly equal in all directions. Thus, it can be safely ignored when estimating the location of the access point.

The radiated power of the wireless radio signal decays using the inverse square law, decreasing exponentially with distance. The further from the source of the signal, the lower the power reading.

The radiated power of a typical wireless access point can be expected to be in range of a maximum of -10dBm to a minimum usable signal strength of -95dBm.

Due to a maximum distance of less than 500 feet, simple Cartesian coordinates could be used, rather than great circles or Vincenty's Formula.

The observed wireless access points are assumed to be stationery, remaining in a fixed position. I.e. not another mobile device, but a wireless access point/base station.

Approach:



To estimate the actual geographic location coordinates of a wireless access point in a residential or commercial building, readings are typically taken with a laptop computer or wi-fi equipped smartphone. A built-in or externally connected GPS is used to record the coordinates where a signal reading is taken. In practice, readings are generally taken while driving in a moving vehicle on a public street, or perhaps walking with a smartphone. Typical practice for "wardriving" applications such as KisMac are to record the GPS location at the first point where a reading of a particular wireless access point is acquired. The Basic Service Set Identifier (BSSID) and MAC address are recorded for identification. The deficency of this practice is that all of the recorded wireless access points appear to be on streets when the coordinates are mapped, and do not reflect the true origin of the wireless access point.

Commercial applications like SkyHook Wireless record a large number of readings from many points, and use a server-based application to aggregate the results. This approach is impractical for a single laptop or mobile device.

Rather than collecting a large number of points, only three points are needed to trilaterate the location. The question is how to determine which of many possible points should be recorded. My approach is a simple process to record coordinates and signal strength at the four "corner points" with the minimum and maximum values for latitude and longitude. This can be determined using a simple calculation to see if the observed point is greater than the previously recorded maximum for either latitude or longitude, or if the point is less than the previously recorded minimum values.

Once four points have been collected, the approximate location of the origin can be calculated by determining the intersection of four circles representing the recorded coordinates as the origins of each circle, having a radius relative to signal strength reading.

Since Android smartphones report the signal strength in dBm, ranging in value from -10dBm maximum signal strength, to a minimum detectable signal strength of -100dBm, it is easy to approximate the distance from the source by using the absolute value of the signal strength as the distance in meters. This correlates to an approximate distance of 30ft or 10m where the signal strength is the strongest, to approximately 300ft or 100m where the signal strength is the weakest.

Calculation:



Calculation of the intersection of four circles is based on this article at Mathworks:

yes, four circles n radii is known..... all are different radii also...... can u tell me the algorithm for it...... i must find center for the intersection area also.......... i hav an image to show the intersection area made by four circle but i don know how to post it..... recommend any site to post pic for view......

Ok, if the radii are known, then just do this. We know the equations of each circle.


(x - x1)^2 + (y-y1)^2 = R1^2
(x - x2)^2 + (y-y2)^2 = R2^2
(x - x3)^2 + (y-y3)^2 = R3^2
(x - x4)^2 + (y-y4)^2 = R4^2


Subtract one from the rest. Thus


2*(x2 - x1)*x + 2*(y2 - y1)*y = R2^2 - R1^2 + x1^2 - x2^2
2*(x3 - x1)*x + 2*(y3 - y1)*y = R3^2 - R1^2 + x1^2 - x3^2
2*(x4 - x1)*x + 2*(y4 - y1)*y = R4^2 - R1^2 + x1^2 - x4^2


This is a linear system of 3 equations in the two unknowns (x,y). Solve using backslash (\ operator in Matlab).


A = 2*[(x2 - x1),(y2 - y1);(x3 - x1),(y3 - y1);(x4 - x1),(y4 - y1)];
rhs = [R2^2 - R1^2 + x1^2 - x2^2 + y1^2 - y2^2; ...
R3^2 - R1^2 + x1^2 - x3^2 + y1^2 - y3^2; ...
R4^2 - R1^2 + x1^2 - x4^2 + y1^2 - y4^2];

xy = A\rhs


This will derive an estimate of the center coordinates.

See an illustration.

Alternate Calculation:



Since the calculation of the intersection of four circles is rather complex to perform on a mobile device, we can approximate the position by determining the bounding rectangle where the four minimum and maximum latitude and longitude points where the wireless signal was detected. This may not work in all cases, but can serve as an illustration of the approach. In particular, this approach would not yeild good results for cases where there are not detection points from at least three sides. The origin of the signal would have to be contained within the area defined by the detection points.

We can further refine the bounding rectangle which should contain the origin of the signal source by determining the boundries implied by the relative signal strengths measured at each of the points. For example, if the signal strength measured at the northern-most point was -90dBm, we would assume that the source of the signal must be within approximately 90m south of the coordiantes recorded. By calculating the coordinates with maximum distances from the points of detection, based on the signal strengths measured at each point, we can determine a small area bounded by these points. There should be a high probability that the source of the wireless signal originates from within this bounding rectangle. Taking the geometric centroid of this bounding rectangle should approximate the origin of the wireless signal.

This can be illustrated by the interactive map linked here. The white circle drawn in the center of the map represents the actual location of the wireless access point, or the origin. The blue circle represents the approximate range from the northern-most point of detection, based on the signal strength. The yellow circle represents the eastern-most point of detection, the red circle for the southern-most, and the orange circle representing the western-most point of detection.

From this set of coordinates, we can draw a bounding rectangle shown in purple, which represents the range of coordinates where the wireless signal could be detected. Based on the layout of streets and accessability of the area, the actual origin of the signal could be contained with this bounding rectange if the points of detection were accessible from at least three sides, or possibly all four sides. However, in cases where the wireless signal can only be observed from one side, such as a facing street, the bounding rectangle defined by the points of observation would not encompass the origin, but would be adjacent to it.

Because we cannot be certain that the set of detection points actually enclose the point of origin, and to determine the smallest possible area with the highest probability of containing the point of origin, we calculate a bounding rectangle by determining a set of points which are the furthest possible distance from the minimum and maximum geographic coordinates based on the measured signal strength.

The bounding rectangle shown in green on the map below represents the most likely boundries in which the signal originates, by calculating the distances infered from the measured signal strength at the extreme coordinates where the wireless access point could be detected.

Implementation Approach:



The Android smartphone environment is well suited to this approach, since it combines a wireless network transceiver, with signal strength reported in dBm, with a GPS receiver with good precision, along with enough computing power and data storage to record the detected coordinates. The Android-Wardrive application by Raffaele Ragni is particularly well-suited to this approach because it already records its data in a Sqlite3 database. It also shows a map of the detected wireless access points using the Google Maps API, and can export to an online database or a Google Earth KML file.

The first step to implementing this approach would be to extend the Sqlite3 database schema to include four additional coordinate pairs as well as their signal strength. The existing coordinates could be retained to map the initial point of detection, and could be updated by the geolocation calculation.

Due to the computing overhead involved in performing the calculations, it would not be recommended to attempt to calculate the geolocation in real time. There will be significant amount of additional overhead in collecting the additional data points, especially in an area with multiple wireless access points. Additionally, the method for geolocation requires that a reasonable survey be completed to detect the greatest diversity of locations for best results.

During the initial detection of a new wireless access point, in addition to logging the current geographic coordinates and BSSID, the initial coordinates and signal strength should be written to each of the peripheral coordinate pairs.

With each subsequent reading, the current location point would be compared with the four peripheral coordinate points. If the new reading is further North (current latitude > stored Northern latitude) then the new coordinates (both latitude and longitude of the current location) along with the signal strength should be written as the Northern-most coordiantes. If the new location is further South (current latitude < stored Southern Latitude) than the current location coordinates (both latitude and longitude) and the signal strength should be stored as the new Southern-most point of detection. Similar comparisons should be made for each of the extreme East and West points of detection using the maximum and minimum longitude. It is both possible and likely that during the initial data collection, each new point detected could replace two of the previously recorded coordinate pairs.

The geolocation calculation could either be added as an addition option under the menu, or could be combined with the Export to KML option.

23 January 2010

Getting ready to watch Madisen Beaty (@madisenofficial) in "The Pregnancy Pact" on Lifetime