Tim Bennett’s blog – Electron Soup

Update: After further testing, it seems there are a couple of major problems with this setup. The first is that the iPhone doesn’t appear to update if it goes to sleep and isn’t plugged into mains power. The second is that the GPS coordinates I’m getting are wildly inaccurate for my location (varying by a few hundred kilometres) so I figure there’s something wrong with the “findme” application called below. I’ll keep looking for a better way, but for now take this article with a grain of salt.

In this article I’ll explain how to program your jailbroken iPhone to automatically upload its location to a server of your choosing at regular intervals. This will work whenever your iPhone is switched on and has a network connect (3G or Wifi).

As I’m going on holidays tomorrow, I’m going to be in situations where theft of personal belongings is a lot more likely. So after coming up with the idea this afternoon, I spent the last few hours hacking together a tracking solution for my phone. It idles silently in the background, popping up every fifteen minutes to write a latitude/longitude pair to a timestamped database on my server.

This tutorial is going to be a whirlwind because it’s 11pm and there’s so much to explain. And I have a holiday to go to.

You will need:

• One jailbroken iPhone: I used an iPhone 3G, not sure if this is possible with an original iPhone. To jailbreak your phone, use QuickPWN. Disclaimer, warranty, own risk etc etc.
• MobileTerminal, OpenSSH, Netatalk and cURL, installed as packages from within Cydia
• findme, a script written by Erica Sadun and available in a binaries package on her site
  
• access to a server with PHP5 & MySQL (possible with other configuration but outside the scope of this article)
• a moderate level of coding chops – I rate this project “moderately difficult” because of the diverse areas of skill required.

The basic steps involved are:

1. Preparing your iPhone to be messed with
2. Teaching your iPhone to query its location using GPS
3. Constructing a server-side script to record location data
4. Teaching your iPhone to run the location script at regular intervals
5. Outputting the data in a readable format

Let’s get started.

The Setup

After jailbreaking your iPhone you will install MobileTerminal, OpenSSH, Netatalk and cURL through Cydia. Then you’ll need to connect to your phone to drop files onto its disk. The easiest way is to connect over Appletalk, but if you’re handy with a command line (or don’t have a Mac) you can ssh root@10.1.1.1 with default password ‘alpine’ and your iPhone’s actual IP address (get this in settings -> network) from your PC.

Drop the findme script into /bin. Now make it executable using chmod 775 findme. When you invoke findme from the command line, it will return some XML containing your phone’s latitude and longitude, like this:

<?xml version=”1.0″?><SearchResults><Success>true</Success><Latitude>-33.887242</Latitude><Longitude>151.256718</Longitude><Method>Skyhook WiFi Location</Method></SearchResults>

(Eagle-eyed readers will noticed I’ve given myself a fancier address in this example.)

The Storage

So now we’ve got a process on your iPhone that delivers GPS over XML. The next step is to transfer that information to a database. For this part, I’m relying heavily on Erica Sadun’s iPhone Lojack article on TUAW, which goes over the same stuff as this article but using Twitter as the output channel.

What we want to do is post the output of findme to a PHP script which then posts the data. You’ll need to create a shell script and upload it to the same folder as findme. Here’s a template:

#! /bin/sh
curl –basic –url http://www.yourserver.com/lojack/index.php5 \
–data status=”`findme`” \

Save this file as ‘loc’ (no extension) and copy it to the same directory as ‘findme’. Don’t forget to make it executable: chmod 755 loc

Now, on your server at the path specified above, create a PHP file that grabs the posted status message and writes it to a database. This script assumes you have a database with a table called ‘locs’ containing two DECIMAL(9,6) fields and a TIMESTAMP field with the current time as its default entry:

< ?php

$username=”username”;
$password=”password”;
$server=”localhost”;
$database=”mylocations”;

$status = $_POST['status'];
$status = stripslashes($status);

$xml = simplexml_load_string($status);

//echo “Status: ” . $status;
$lat = $xml -> Latitude;
$lon = $xml -> Longitude;
echo $lat . ” ” . $lon;

$conn = mysql_connect( $server, $username, $password ) or die(“Err:conn”); //connect
$rs = mysql_select_db( $database, $conn ) or die(“Err:db”); //select db
$sql = “insert into `locs` (lat, lon) values ($lat, $lon)”; //the query
$rs = mysql_query( $sql,$conn );

? >

Now you should be able to invoke loc from the command line (shell, whatever) and it will send the XML to your server script, which will parse out the GPS coordinates and save them to a database. If it’s not working, try removing the comment slashes from //echo “Status: ” . $status; to see what results cURL is getting.

Timing is Everything

Great, so that script sorts out a single location upload. To be useful as a lojack, we want this upload to occur at a regular interval. For that, we’ll use the iPhone’s own LaunchDaemon service. Modify the instructions found in step 4 of the TUAW article to suit your setup. Here’s the script I’m using, com.apple.lojack.plist:

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>Label</key>
<string>com.lojack.upload</string>
<key>ProgramArguments</key>
<array>
<string>/bin/loc</string>
</array>
<key>StartInterval</key>
<integer>900</integer>
</dict>
</plist>

The 900 in the script above specifies this script will run every 900 seconds (15 minutes). You’ll need to restart your iPhone before the LaunchDaemon will work.

Output your results

It’s no good storing all this away on a server somewhere. You need to make it user-friendly. This script will query the database and print the output according to your choice: vanilla, or in tables with links to Google Maps:

< ?php

$username=”username”;
$password=”password”;
$server=”localhost”;
$database=”mylocations”;
$layout = $_POST['layout'];
$conn = mysql_connect( $server, $username, $password ) or die(“Err:conn”); //connect
$rs = mysql_select_db( $database, $conn ) or die(“Err:db”); //select db
$query1 = mysql_query(“SELECT * FROM locs”);

echo ‘<form action=”where.php5″ method=”post”>’;
echo ‘<input type=”radio” name=”layout” value=”plain”>Plain<br>’;
echo ‘<input type=”radio” name=”layout” value=”table”>table<br>’;
echo ‘<input type=”submit”></form>’;

if ($layout == “plain”) {
while ($table1 = mysql_fetch_array($query1))
{
echo $table1[0] . “,” . $table1[1] . “,” . $table1[2] . “,” . $table1[3] . “<br>”;
}
}

if ($layout == “table”) {
echo “<table border=1><tr><td>Timestamp</td><td>Latitude</td><td>Longitude</td><td>id</td><td>Link</td></tr>”;
while ($table1 = mysql_fetch_array($query1))
{
echo “<tr><td>$table1[0]</td><td>$table1[1]</td><td>$table1[2]</td><td>$table1[3]</td><td><a href=\”http://maps.google.com/maps?q=$table1[1],$table1[2]\”>Map</a></td></tr>”;
}
echo “</table>”;
}

? >

While I’d love to show you the results, I’m not quite ready to share the intimate details of my physical location with all of you. Hopefully this article can act as a guide for those with a little knowledge in all of these areas – let me know in the comments if there’s anything that’s unclear. In the future I’d like to build a way to render the data collected as a heat map, or a series of paths – but for now, I’ve got a beach to go and lie on.

Recently the NSW Food Authority started publishing data on fines levied against food establishments. (See Register of penalty notices.) Seeing an opening for a useful mashup, I figured out how to scrape their website data, geolocate the addresses, and plot them onto a map:

Center of map

markers

I’ll be maintaining the page properly at http://electronsoup.net/?page_id=148. Tools used were:

• BatchGeocode to convert addresses to latitude and longitude
• Yahoo Pipes to convert the data into KML format
• Inline Google Maps plugin for Wordpress by Avi Alkalay
• My own PHP skills to scrape the page data

Airport backscatter scanner sample images

Update: I sent a question along the lines of this post to the Federal Office of Transport Security, and received this response:

“As part of the preparation for the trial the concern that screeners may attempt to make copies of the body scanner images was raised. As a protection against this possibility the screeners viewing body scanner images will be monitored by security camera and recorded to ensure that they are not making copies of the images or doing anything inappropriate. The security camera is positioned so that it cannot see the images on screen. Also the screens used to view the body scanner images will be fitted with privacy filters so that only a screening officer seated directly in front can view the screen. This security camera footage will not be available to the passengers being screened however.”

The Federal Office of Transport Security will shortly begin trials of new aviation screening technologies, designed to detect weapons, explosives and other prohibited items from being taken aboard aircraft.

These semi-intrusive searches, which will show passengers’ genitals, have raised eyebrows in the media – and forced the Feds to spend a lot of time talking about your privacy. Here are some security ‘features’:

Faces are automatically blurred.

The security officer analysing your image is located away from the security lane and cannot see you.

Images are not saved and cannot be transferred to anybody else.

I don’t think this is good enough. (“Don’t worry about the man looking through your bedroom window. He doesn’t have a camera.”) I think passengers undergoing screening should have the reassurance that the remotely-stationed screening officer is behaving appropriately – not mocking them, not saving photos with a mobile phone, and so on.

While the screening is taking place, I should have the opportunity to observe the observer. In a neat reversal of standard intrusive surveillance guidelines, “if they’ve got nothing to hide, they’ve got nothing to worry about.” But what are the chances they’ll include reverse surveillance in their panopticon?

Came across this smash this afternoon – bad day for the driver of the other car (a 4WD), if he was at fault:

Porsche 986 Boxster smash

Planning a trip to Byron Bay? Be careful who you use to make your booking.

Byron Bay Accom calls itself “Byron’s Largest and Official Accommodation Service”. How this is possible is beyond me – its website or its staff seems unable to properly maintain the list of available accommodation, and will take reservations (though not money, thank God) for properties that are already booked out. What’s more, the website will tell you the property is still available.

I’m steamed up because I booked six nights in an apartment on Cape Byron, only to be told that it’s ‘not available’ the day after receiving a booking confirmation. What’s more, the site assures visitors that “Rates and availability are 100% up to date and your booking will be instantly confirmed.” Bullshit. I didn’t get a ‘booking confirmation’, I got a ‘casual confirmation of interest in an apartment that may or may not be available’.

Why is their website inaccurate? I can hazard a guess. A large number of properties on their website are smaller apartment/bed-and-breakfast accommodation, run by private operators. Although Byron Bay Accom can take reservations on behalf of these operators, BBA apparently can’t keep track of bookings that the operators make themselves. Being able to manage their own guest lists is good business for the operators, but bad for BBA and customers, because there’s no guarantee that inventory is actually available. It’s a bad look for Byron Bay that its official accommodation service is such a dismal middleman.

If you’re planning a trip to Byron Bay, here’s what you can do:

• Research online, book over the phone. Dealing with a human being offers better reliability, as they’re in a position to check whether a property is available.
• Better still, see if you can find the operator’s details and contact them personally. For instance, google the property name and address to see if the operator has a website.
• Remember nothing is final until you’ve paid. BBA has proven that, unless money changes hands, you’re out of luck if your ‘booking’ turns out to be wishful thinking.
• Book your accommodation through Stayz.com.au, who gave accurate information first time and had me in contact with the owner in hours.

Oh, and don’t pay any attention to locals who cry about tourism while enjoying all of its benefits.

October 1 marks the introduction of First Home Saver Accounts, a Rudd Government initiative to help first home buyers save for their purchase. FHSAs are an enhanced account, with restrictions, that will help young people lock away the money they need for a home deposit, while earning a healthy return on it. In brief:

• For every $1 deposited, the government will contribute 17c (up to $850 per year on $5000 deposited).
• Banks pay interest on the accounts – some up to 7% per annum.
• Interest earned is taxed at 15%, and deducted directly by the bank (less hassle).
• Money can’t be withdrawn until $1,000 has been contributed in each of four separate financial years (eg no earlier than July 2012).
• Anybody between 18 and 60, who has never lived in house that they owned, can apply.

I created a spreadsheet projecting various investments in one of these accounts, over the four year minimum: First Home Saver Accounts projection

On the sheet “$5k pa decreasing int rate”, one can see that saving an investment of $5,000 per annum could potentially mature by 25-30%, paying out around $25,000 on a $20,000 investment. That’s a few thousand dollars more than what you’d get on a similar term deposit over the same period. (Of course, a term deposit gives you more flexibility – you could spend it on something other than a house.)

On the sheet “Decrease rate, increase deposit”, one can see the effect of gradually raising yearly deposits from $10k to $16k (for instance, when a young person is receiving annual pay rises). This is some serious saving. But the payoff is an extra $10,000 towards a house, or double that for a couple with an account each.

The following graph demonstrates the growth in three of the hypothetical accounts in my models:

First Home Saver account balances (4 years)

Of course, as CHOICE has revealed, not all accounts are equal. Some pay less than the cash rate for deposits, while others vary the interest rate based on monthly deposit amounts. But the correct account could be great value for people who are willing to stash their money away for a longer term. Thanks to the government contribution – seventeen percent on the first five grand! – these accounts will probably perform much better than equivalent term deposits over the same period. The trade-off is flexibility.

(If you are thinking about getting one of these accounts, get some qualified, independent financial advice. As Billy Connolly says in the ING ads, “It’s your money.”)

(Comments closed for this entry due to its bizarre tendency to attract spam that Akismet’s not blocking.)