0
kelk1

Neptune programming API

Recommended Posts

Quote

I've spent the last 12 years being hired by technology companies to 'go there', it's habit. I personally feel that if a company is going to move into the technology space then they should understand what they're doing, even if the majority of their target audience doesn't.



I would have to disagree.

Our dropzone is located about an hour from the silicon valley. The majority of my customers are engineers, computer techs, etc. Some of whom are currently working on solutions to improve techniological advances in our sport.

If you are joining the skydiving community, remember. It's a community. If you come in and you don't like what is being served, then bring something to the party that you will enjoy. We'ld all love to see what you've got.

~~~~~~~~~~~~~~~~~
Peace and Blue Skies!
Bonnie ==>Gravity Gear!

Share this post


Link to post
Share on other sites
Right, so you're agreeing with me :) I'd also say that working near Silicon Valley is going to give you a slightly distorted perception of the average skydiver (not that Im any more able to give a clear an accurate picture but there's not many geeks at my last DZ and we're a minority at my current one).

I'm also well aware it's a community, improving products is why I'm passionate about it. To me a vendor saying 'hands off' goes against the concept of open community involvement. If they can't afford software like they stated then open it up to the guys in CA and the rest of the geeks.

Computer tech in skydiving is in it's infancy in real terms, it could learn from watching the development of home technology in other sectors, like watching the growth of the home computers in the 80s where the core technology community provided the motivation and innovation that led to mass adoption.

Do the USPA release the demographic info they have? it would be interesting to see how many geeks are skydivers.

When I have a few spare minutes I'll throw together that log book app.

TV's got them images, TV's got them all, nothing's shocking.

Share this post


Link to post
Share on other sites
Quote

The majority of my customers are engineers, computer techs, etc. Some of whom are currently working on solutions to improve techniological advances in our sport.


For a buck or two?

As far as the Neptune goes, I am sure a bunch of them would be willing to give a few minutes of their time to the community. After buying all the hardware, I am completely broke. I wouldn't mind spending some time (for free) on a soft that makes the equipment more accessible. I would not be surprised that sales for this device increase, and would consider this a fair deal.

If I read correctly the pre-install splash screen (i have not installed it), the author of the current download software has now a very limited time to develop it further. Why not open the protocol then? Let's see what others can do with it. That would not infringe 'intellectual property' and Alti-2 does not have to take side. They could wait and watch. Nobody should be jumping with something they do not endorse. I certainly would not, but that would bring in my eyes a much higher value to the neptune.

I could maybe fake jumps, would it be a big deal?

Share this post


Link to post
Share on other sites
Quote

I'm sorry. I thought this was Gear and Rigging; not Speakers Corner.



AlexCrowley's post was a well-informed discusssion of reverse-engineering. If it doesn't belong in Gear & Rigging, then neither do discussions on Cypres firing algorithms or threads about container & reserve compatability.

Reverse Engineering:
Quote

The process of learning how a product is made by taking it apart and examining it.




If reverse engineering was a Bad Thing®, there'd be very few harness/container manufacturers in business today.


Quote

And a bit frightened to ever meet you at a drop zone.



I'm also sorry that you are paranoid.

:P


Quote

WTF? Over.



Do you lock your car when you leave it in the DZ car park? What about if you visited Perris or Rantoul? Alex is simply talking about the software equivalent: taking sensible precautions.

edit: I use Perris and Rantoul 'coz of their size and the fact that you don't know everyone there.

Share this post


Link to post
Share on other sites
Quote


So, there's really a few ways that alti-2 could respond:
1. Admit that there's a fundamental flaw in the current firmware that leaves every Neptune unit in the wild vulnerable to exploitation - no matter how small that risk is.



This conversation went from mildly silly to plain ridiculous. Why would someone go to the effort of writing a corrupt firmware and then 'secretly' going up to every neptune not on someone's wrist or helmet when it's so much easier to screw with the rig itself?

Solving this risk has got to be the worst use of Alti-2's time that I can imagine. They got more important things to do. I hope they are working on their version of L&B's Alti-Track - the merge of a Galaxy and a Neptune perhaps?

So Alti-2 has third party Paralog available for $50 while L&B sell Jump Track + cabling for $70 (and up past $100). It also allows a trial in crippleware form. (I couldn't make it work myself) Add in Alti-2's 30 day return policy and very convenient demo program and you the customer has ample time to try it out. Doesn't work for you - well, L&B has nice products for you. Or be like tons of people happy with a plain analog (or nothing) and no logging.

There's absolutely no ROI for them to make an open spec product.

Share this post


Link to post
Share on other sites
On the paralog site there's a free program somewhere, that just lets you download the jump data to your pda. It's both for palm and pocket win2003. Using that data as input you can write your own logbook software without getting your hands on the api.

ciel bleu,
Saskia

Share this post


Link to post
Share on other sites
Quote

There's absolutely no ROI for them to make an open spec product.



...until someone writes an open-source program for controlling the Neptune. Then, all of a sudden, Neptune purchasers can download & analyse their logs for free. More than a few purchasers would be swayed by the $70 saving over the L&B solution.

Given the relatively small investment required in documenting a fairly simple wire protocol, the ROI could be quite significant.

Share this post


Link to post
Share on other sites
Quote

I'm also sorry that you are paranoid



It's not about paranoia. You should not be so quick to be so insulting.

All of the important innovations in software have come through procedures exactly like this.

I think you'd be quite amazed at what some people can do with a device like the Neptune.

Alti-II would be wise to publish an API. At least that way they get to be involved.


_Am
__

You put the fun in "funnel" - craichead.

Share this post


Link to post
Share on other sites
Ya know - instead of you all bitching about everything (believe it or not that is not what dz.com is intended for) why don't you contact Roger personally via phone or email. I've always found him to be upfront and approachable. Even if you don't get the answer you want maybe you can get at least an answer you understand.

No wonder I barely post here anymore - it's nothing more than a bitch fest 99% of the time >:(

Ian
Performance Designs Factory Team

Share this post


Link to post
Share on other sites
Quote

Ya know - instead of you all bitching about everything (believe it or not that is not what dz.com is intended for) why don't you contact Roger personally via phone or email. I've always found him to be upfront and approachable. Even if you don't get the answer you want maybe you can get at least an answer you understand.

No wonder I barely post here anymore - it's nothing more than a bitch fest 99% of the time >:(

Ian



Thanks for stopping by...and bitching about bitching. :ph34r:;):P
Why yes, my license number is a palindrome. Thank you for noticing.

Share this post


Link to post
Share on other sites
Hi Ian, I emailed Alti 2 about this same subject and got the standard response. I don't think talking to him in person on the phone would help any. Reverse engineering is really the only option. It is done all the time(example: XBox- has been hacked to run all sorts of interesting stuff). It would probably increase the sales for Neptunes.

I think the safety issue of reprograming the Neptune to be a total non issue. If anyone is dumb enough to only rely on an audible then they get what they ask for. I personally have had the battery die on an audible and realize in the air when it didn't go off. Its not a big deal if you are altitude aware.

Share this post


Link to post
Share on other sites
Quote


This conversation went from mildly silly to plain ridiculous. Why would someone go to the effort of writing a corrupt firmware and then 'secretly' going up to every neptune not on someone's wrist or helmet when it's so much easier to screw with the rig itself?



I'm sorry you found it plain ridiculous, which is why I get paid to think about security and I'm assuming that you dont. "why would anyone do that?" Maybe it's easy for you to screw up the rig itself - which would seem to be far more likely to be caught in a thorough inspection than tampering with a device that most people take for granted. It's easier for me to write stuff that breaks things - although I was simply using that as a single example, I think messing with the alarms would be fun too. For more fun examples of plain ridiculousness you might want to check out www.securityfocus.com.

Since you bring up security: Why is a 200+ posts about cypres misfires during a swoop acceptable - something that will only effect a very very small minority of skydivers, vs discussing the lack of security on another device which we entrust our lives with?

Discussing ROI and cost of client software is missing my original point.

TV's got them images, TV's got them all, nothing's shocking.

Share this post


Link to post
Share on other sites
Quote

I think you'd be quite amazed at what some people can do with a device like the Neptune.



Yes.

I'm not saying Alti-II suffer from this sort of shortsightedness, but there have been hardware platforms whose sales have been hugely increased by having homebrew communities doing things the parent company went to increasing lengths to disallow or prevent. This is a shame, it's patronising, and it almost never works anyway.

On the "why would you want to reverse engineer something that a fellow skydiver is making a living from?" question... the answer can only be "because it's interesting".

Not spending the money isn't the point, and I'm pretty sure it's not the point for the original poster. It would take him many valuable programmer-hours to work it out, certainly many times more than it would to just buy the software in the first place.

A lot of programmers, me included, get annoyed by being forced to use one particular program to do something. We write alternatives to scratch that itch, not to cheat some brother coder out of his rightful fee. This attitude is what lead to the development of Mozilla, Linux, Apache and literally tens of thousands of other applications.

GravityGirl, you seem to give good advice on this forum, be nice to strangers and generally be one of the good guys. I'm assuming your strong reaction to this idea is just due to misunderstanding what drives the hacker instinct...
--
"I'll tell you how all skydivers are judged, . They are judged by the laws of physics." - kkeenan

"You jump out, pull the string and either live or die. What's there to be good at?

Share this post


Link to post
Share on other sites
Thanks for putting that in more patient and clear terms than I could.

Its like building your own car from scratch. It'll cost more, it may not be as tidy or efficient as buying one from the lot, but it'll look like you want it to and do what you want it to. And getting to that point is most of the fun.

Hacking isnt what we do, its who we are. It's the same reason I wipe the firmware on my wireless router and install some hotrodded custom software, or buy a toy car for my daughter and decide that it could work better if I just tweak this over here...... or take a cuecat barcode reader and modify a script to grab the barcode on my DVDs and catalog them via the IMDB. It's just what seems like fun, that we are able to get people to pay us during daylight hours to have fun is simply luck - I'd be doing what I do anyway.

TV's got them images, TV's got them all, nothing's shocking.

Share this post


Link to post
Share on other sites
Quote

If anyone is dumb enough to only rely on an audible then they get what they ask for. I personally have had the battery die on an audible and realize in the air when it didn't go off.


Lots of people use it as a altimeter also, relying on just an altimeter is'nt the best either since they stick sometimes or batteries die. Nothing can replace your eyes....

Personally instead of trying to find a way to reverse engineer it I'd be talking to the creator of Paralog and see if he is willing to take new developers onboard to further refine the product. Terms of additional developers can be things like talking it to Open source. The entire skydiving community benifits that way and no time is wasted trying to reinvent the wheel.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post


Link to post
Share on other sites
You guys going to have fun with Titan - it will come with an API and it is designed for people to interface with and create new applications!

http://www.alti-2.com/Titan/titan.htm

Regarding the Neptune, I have a better understanding of motives now - thanks for explaining.

I think I was confused by an earlier post that indicated that someone would feel safer if they could look at the code in the Neptune. I assumed that they wanted to look at the code that manages how a Neptune functions but later posts clarified that all they really wanted was to be able to play with the jump data collected by the Neptune.
"Where troubles melt like lemon drops, away above the chimney tops, that's where you'll find me" Dorothy

Share this post


Link to post
Share on other sites
[Titan]

Oooh.

Is anyone else thinking "freefall VR dogfighting" when someone markets a skydiving HUD?

(Also, Yay Alti-2 for making such a thing, and more importantly for publishing the APIs - guess I'll buy a Neptune when it's time to go looking for an audible... ;))

[edit: speling]
--
"I'll tell you how all skydivers are judged, . They are judged by the laws of physics." - kkeenan

"You jump out, pull the string and either live or die. What's there to be good at?

Share this post


Link to post
Share on other sites
Hmm, not very well informed on the workings of the Neptune and some misplaced allegations w.r.t Alti-2 IMO.
Quote

I really feel I have to say something here, because I looked into this myself, and Im bored and want to rant a little.

"Since the communication protocol is proprietary, we needed software that would allow users to download their jump data without altering the functions of the device. The cost of developing such a package from a clean sheet of paper is significant and the resulting cost of software developed in-house would be high. We reviewed existing packages on the market and found Paralog to be a mature product with a price much lower than what we would have to charge for Alti-2 specific software. It soon became an obvious alternative to developing our own package."

I'm going to talk in generalities and then vent my geekish spleen.

1. If I buy a car and I'm a mechanic I expect to be able to tinker with the engine of that car to make it perform better.


Yeah right, ask any car manufacturer for the protocol to mess with the engine management system... What response would you expect?
Quote

2. If I buy a rig and I'm a rigger I expect to be able to modify it to my own specs.


I suppose you'd have to follow the manufacturers specs if you don't want to lose your rigger's licence? Who are you going to sell it to? Without valid TSO?
Quote


As a geek I buy hardware and I'm told by the vendor that I'm not allowed to play with it? BULLSHIT! And please, there's no safety arguement there. I can remove the brakes from my car and my rig if I want to without the manufacturer or their retailers telling me how evil I am for doing so (I think the word used would be, justifiably, "stupid")


Not on a road or DZ near me, I hope. What if you cause a lethal accident with your modified car or premature opening on your improved rig? Well, this was covered by Kelk and GravityGirl anyways.
Quote


One you remove the 'oh but it's dangerous', you're left with pure business reasons,


And business reasons aren't valid reasons? If I was the author of Paralog, spending significant time developing this software jointly with Alti-2, to mutual benefit, I'd be really pissed off if Alti-2 released the comms protocol open to everyone.
Quote

which judging from the statement means 'we don't have much of a clue how to design software/firmware securely'.


This is a serious allegation to make where you suggest Alti-2 makes an unsafe product.
Quote


For client softare I dont like Paralog. Sorry, I just dont. Maybe because it's Java (BTW java decompilers are very good), maybe because I think the UI sucks, maybe because I'm a command line geek who doesnt want to have to launch a gui.

Well, just write a script that exports the data from Paralog to awk or whatever you fancy. BTW you don't regard it questionable to decompile and reuses someone elses intellectual property?
Quote

Asking for an API is the polite way to do things, once you get the short sighted refusal you go away and reverse engineer the thing if you care to and you're motivated enough.

Now, here's the far more disturbing situation, : alti-2 have said "Hey, this system is WIDE OPEN to ABUSE!".


That is not what I read: it says that if you were using your own protocol, you could inadvertently change some settings which could have safety implications.
Quote


Seems pretty trivial to me to reverse the protocol then write a small script that say, sets ground level 500' below the ground. Walking around the DZ with a laptop (edit: laptop? silly me, I have my IR PDA, much easier to do without notice) isnt exactly unusual, sit there and zap a couple of Neptunes while people aren't paying attention? easy. Why? because if I can do it you can be damn sure that I'm not the only one, and at least I know why I'm doing it.


Trivial? Probably. Just go ahead... I think you imagination has run a little wild here. The Neptune isn't wide open. You can't just go around zapping it. You'd need some physical intervention to update the settings and updating the firmware needs some more work. Tamperproof enough for me.
Quote


..snip...

So, there's really a few ways that alti-2 could respond:
1. Admit that there's a fundamental flaw in the current firmware that leaves every Neptune unit in the wild vulnerable to exploitation - no matter how small that risk is.


I fail to see this fundamental flaw. See above.
Quote


2. program the system to use secure signatures on each firmware upgrade so the unit can validate the authenticity of the software before flashing it to ROM - making tampering a non-trivial task.


This would actually be a good idea. There is always the possibility that someone would take the trouble to place a doctored firmware on the Alti-2 server.
Quote


Security through obscurity never works and nearly always leads to Very Bad Things. By securing the Neptune Alti-2 could open up the comms API and interesting software could be developed for it.
... snip...

Reverse engineer to your heart's content, but I fail to understand why you expect Alti-2 to make the comms API public.

Share this post


Link to post
Share on other sites
Quote

I'm sorry you found it plain ridiculous, which is why I get paid to think about security and I'm assuming that you dont.



Indeed. I do actual work, and put up with the IT security trolls as little as possible. Too many of them live in the ivory towers and have no appreciation for productivity. It's worst in a large organization where one audit group can make the sensible demand of dumping telnet for ssh, only to have another group insist on dropping ssh because it's too hard to monitor network traffic.

I know why people would want the API to do their own data dumping. But this security concern - it's like worrying about shark attacks while diving in freshwater. It's happened before, but I'd worry about a lot of other dangers first.

Anyone know the ratio of paralog/jump track sales compared to the number of neptunes/protracks out there?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

0