School of Hard NOx

September 23rd, 2015

Oh dear, VAG seem to have cocked up, huh?

The fact that the EPA in the US caught them gaming the system with emission testing is interesting, and given that they face a huge fine, and the CEO Martin Winterkorn, having recently ousted Ferdinand Piech from his role, has now resigned.

I’m more interested in the tech. Simplified, it all hinges on EGR. It’s a common trick to disable EGR in a tuned diesel- in many ways it’s a huge pain in the arse, reducing efficiency, and therefore power and economy, and being prone to clogging up intakes, so with an EGR delete, your diesel will do better MPG, perform better, and not get so claggy. Also, as a diesel runs with excess air, if you don’t run EGR, you produce less particulates (soot), which is good.

The disadvantage comes with NOx production. No EGR means more NOx, which is one form of pollution generated by internal combustion engines, with health and environmental impact. This, and other pollutants, are regulated by EU Directives in Europe, and the EPA in the states, and cars that do not meet the standards cannot be sold new.

So, there’s a balancing act: try to keep particulates down, power and MPG up, but don’t create too much NOx.

Some diesels do this with AdBlue, but VAG have claimed to be able to meet the latest standards without the extra complication, cost, and space of the kit needed to inject it, managing with just a DPF. Nice trick.

Trick would seem to be the operative word, and you have to admire it. We’ve seen how networked cars are now, and that meant a clever algorithm was able to detect when the car was on a rolling-road being emmission-tested, and crank up the EGR, lovering the NOx output. On the road, EGR is reduced, so up goes the power and MPG. WIN!

How the conversation at Wolfsburg may have gone. From CommitStrip, click for original.

How the conversation at Wolfsburg may have gone. From CommitStrip, click for original.

Trouble is, that’s specifically not allowed by the EPA (PDF, 2.35MB), leaving VAG with a big headache stateside.

This does set me thinking if the diesel car boom could be ending: in particular, the UK’s CO-based taxation favours diesels, but as the amount of emissions gear required to meet the regulatory standards increases, the performance of the engines comes down and the complexity increases, and so therefore does cost. In one way, VAG’s (rather elegant) trick was actually good for the consumer, reducing costs and increasing performance, while seeming to meet all required standards. In another, it’s a cynical attempt to evade emissions law, risk public health, and increase profit. For sure, the fix is going to be painful for both VAG and its customers in the US: it remains to be seen if they have a problem in Europe too.

Let’s Rock

September 10th, 2015

Or not.

I’m back trying to find something listenable in the car. It’s not been long enough for a repeat of HHGTTG, and I’d settled on Planet Rock: music I liked, and less obnoxious DJs than mormal.
Bauer Media have gone and spoiled it all, by giving the FM frequency to Absolute Radio, with its focus on 90s, slightly rockish pop (so that means fucking Oasis and U2 when they got shit, for a start, FFS). What a shitfest.

I could spend a hundred or so quid on a DAB radio, another hundred and fifty on the bits to fit it (new fascia panel, fixings, antenna, CANBus harness, ISO cable), and take lots of trim out and have DAB, to enjoy Planet Rock in a 80Kbit/sec mono stream, of course, but why in the name of $deity would I do that? My car also lacks bluetooth, aux-in, or a CD autochanger, and the other choices are as grim as ever, so remembering 2 CDs a day it is, or the sound of tyres/wind/diesel engine.

The Jeep Hack – the full horror

August 25th, 2015

Full details have now been released of just how the Jeep hack I mentioned here was carried out, and there’s a video (long, but worth it if you’re interested):

A article on Hackaday, and a white paper (PDF, 4.3MB) explaining how it’s done.

There’s two things to draw from this- that the researchers are very clever, and that the people that designed Uconnect are either naive, stupid, or foolhardy. That sort of thing is fine if you’re experimenting with code, less so if you’re developing code that can be exploited in a fast-moving 2-tonne chunk of metal. Since the video is long, I’ll pick on a few key points.

1) The “random” passphrase for the inbuilt wifi hotspot is fairly predictable.
2) Port 6667 (DBUS) was left exposed to the internet on the 3G connection, and the system calls availble there were exploitable.
3) Services were running as a superuser, so they didn’t have to work out privilege escalation.
4) Firmware updates have no signing to check validity.
5) The radio had a connection to the “drive” CANbus.

added together, that’s pretty scary.

Time to review InternetofShit.

In the PC world (and in that, I’m including Mac and Linux), the devices you have may have a life of 10 years, and in that time, these days, they will be regularly patched, so silly vulnerabilities get fixed. Also, generally speaking, things controlling dangerous machinery aren’t always connected to the Internet (though that is becoming less true as time goes on). A car will have a longer life, and probably be rarely patched, especially by the time it has it’s second or third owner, who is unlikely to take it to a franchised dealer. How about a fridge? Mine is 20 years old now, and had it been possible to buy an Internet-connected fridge then, do you think the manufacturer would be supplying firmware?

Just because you can connect something to the Internet, it doesn’t mean you should.

The root of the problem

August 23rd, 2015

The other day, I did something a bit unwise, and power-cycled my Volumio music player, and it failed to return to life. Eventually I got it hooked up to a TV to see what was wrong, and predictably:

Give root password for maintenance (or press Control-D to continue)

Unix and Unix-like systems don’t like having their power shut off without a clean shutdown, and the Raspberry Pi seems particularly prone to corrupting the root filesystem given a bit of provocation.

Now, generally, using fsck is like using chkdsk on Windows. It might fix things, or it might break them more. Not a big issue with what is quite a small image on an SD card, so breaking out dd soon should fix that: the music is on an external drive, and there’s very little config to do.

Except it didn’t. I wrote the image, and tried again. Many times, with new SD cards, even with a USB-microSD adaptor in case the laptop I was using had a duff SD slot, and also tried my other Raspberry Pi. each time, it failed. After much fscking about (literally) I realised the one thing I hadn’t changed. A Raspberry Pi runs off a micro-USB phone charger, and instead of the usual, decent quality one I used where the Pi is installed, I used a cheap nasty one that was handy. Evidently it wasn’t stable enough.

With it booting correctly and back in place, back to the music, and I’ve just discovered another great thing. As Volumio is based on MPD, you can either use the (very nice) web interface built-in, or connect a client like Cantata:

Cantata's interface- plays the music, gives info.

Cantata’s interface- plays the music, gives info.

or one of the multitude of others,and control from a phone, tablet, or PC.

I can’t help but wonder how many commercial jukeboxes are using this stuff in the backend…

#100pubsin2015: Walsall phase 1

August 16th, 2015

As we’re sadly behind schedule on 100pubs, we’ve had a concerted effort of late, and now we’re getting close to the halfway point, with an epic effort yesterday in Walsall. You can see the individual pubs here. Yesterday’s exercise had a few guests joining us, a tactical avoidance of the Walsall nazi fuckwit march, and a mere sociable gallon of beer, something I’ve not managed for some time. There’s still enough pubs in town for at least one more trip though…

Horny Cock

August 12th, 2015

Now I’ve got your attention, you’ll be disappointed.

The current roadworks on the A4124 have pushed a good bit more traffic over the amusingly-named Black Cock Bridge. Anyone that knows the bridge knows that it’s fearsomely steep- slightly less so than the pre-1994 Clayhanger Bridge, but still steep and narrow, and blind at the summit (this side is slightly less steep than the other):

This means that, except at night, it’s an appropriate place to use a car horn.

My recovery from surgery dictates that I should try to walk a reasonable distance each day, and a walk to the bridge and down the towpath is both not too inconvenient and fairly pleasant, but with the extra traffic it has revealed to me just how many people are both incapable of using the horn correctly, and indeed of realising why others might do so, and it is, as one might say, boiling my piss too a disproportionate degree.

For the record, as there’s not room for two cars to pass, the idea is to approach at a speed you could stop in, sound your own horn once, maybe twice, and listen for the same from the other side, so that only one of you passes the narrow bit, and causes the minimum of noise nuisance. This might mean, for example, muting the stereo.

The idea isn’t to approach fast, sounding the horn repeatedly, with a mobile phone held to your ear, just for one (twattish) example.

A few years ago, residents near the bridge wanted the bridge closed when a long-lost consultation took place, citing danger and noise. I had little sympathy, given that the bridge has been there longer than them, but really, with the number of idiots I’ve heard of late, I can hardly blame them.

CAN do?

July 28th, 2015

I’ve written before about CANbus, and electronics in cars. My own car, despite being only a mid-size, mid-range hatch a few years old, has a good few electronic modules, and CANbus to connect them. Cars have 3 flavours of CAN- one for the drivetrain and chassis- so this episode would use that, as would this one, and one for the interior stuff (for both instrumentation, and stuff like the radio shifting it’s volume up and down with speed, or automatic closing of windows when locking), and then one more for connecting diagnostic gear like VCDS or Torque.

These individual networks are gatewayed together as they run at different speeds, and there’s no real control over what can talk over these networks, which isn’t really a problem, you’d think: the car is a closed system, so unless you connect diagnostic equipment or get very interested and attach a Raspberry Pi to the CANbus (great article there), it hardly matters. There have been scare stories in the press of clever people hacking cars before, but these have involved a direct, cable connection to the diagnostic port, so no big deal, and the networks *have* to be gatewayed for the instruments to display your speed, and for the diagnostic kit to work.


It is now becoming commonplace to include connected entertainment systems into cars. These will have an internet connection, either via a tethered mobile phone, or with a SIM card fitted. There’s various names for this, according to manufacturer.

There’s Audi Connect, GM OnStar, Ford Sync, for example, and then there is Fiat Chrysler UConnect.

The scary bit here is that potentially, you’re now exposing the CAN to the Internet. Depending on how well secured things are (or aren’t), you might possibly allow anyone on the Internet to, say, disable the brakes or transmission, as detailed here by The Register. As we get more and more fancy devices (like, say, auto-parking) then the exposure of safety-critical things like steering and braking, which used to be simple, mechanical, systems to attack becomes greater.

It’s certainly the case that some cars (VAG ones, for sure, in my experience) only allow full access to some critical modules with a login- but these logins are quite well publicised, which means you’d better be pretty sure about your car’s fancy entertainment system being secure, and staying secure when it is 15 years old and the manufacturer no longer supports it. Maybe the further research of these guys, with intrusion detection for CAN has merit?

Sticking it to The Man

July 2nd, 2015

I’m now, around 2 months after surgery, finally starting to feel a bit recovered- but still having to take things very, very carefully. At point of coming out of hospital, I could just about hobble a few yards on 2 sticks, or rather elbow crutches. I’ve built that up, very gradually, to the dizzy heights of half a mile with one, wandering around the house with none, and managing a trip around the supermarket with the trolley to lean on, and I can drive short distances. Soon, I’ll hopefully be better (but fatter, see below) than beforehand.

Being temporarily disabled opened my eyes to a few things.

1) People, overall, are very kind and helpful, from pub and restaurant customers to bus drivers and passengers, and taxi drivers- but people *stare*. It’s good-natured- they want to be sure you’re OK- but still uncomfortable.

2) Having to use taxis a lot gets expensive quickly. Getting to my GP surgery if someone couldn’t drive me in a car was a ridiculous journey: it is all of 2 or 3 miles, and can be done on one bus *if* you can walk about half a mile to a bus stop, which I couldn’t at that point- so taxi it was. Anyone on a low income would struggle, and even for a simpler trip to Walsall, that walk to the bus stop (only a few hundred yards) can seem a long way, and getting to a walk-in NHS centre to get staples removed would have been next to impossible except by car or taxi.

3) Room to move becomes important, and people parking on pavements, self-closing doors, and narrow doorways in buildings become really difficult.

4) Sitting on one’s increasingly capacious arse (a result of boredom eating, and going from cycling 4-5 evenings a week and walking to local shops to doing almost *nothing*) sounds like fun, but rapidly isn’t. The garden is overgrown, the cars are unwashed, and I have the time to do them, but can’t do so. Friends have helped, but I cannot rely on that all the time, and don’t want to either. By the time I *can* do it, I’ll have to go back to work :-(

5) I spent a few weeks being almost totally dependent on others- I could get to the toilet, I could get showered, and dressed (even if it took 15 minutes and a dazzling amount of expletives to put a sock on…), and it wasn’t a good experience, despite my better half being very supportive. I could get to the kitchen, but could only carry stuff I could get in a pocket. What would I do if I lived alone?

6) While Internet shopping handily solves some difficulties, being unable to lift/carry items within the house makes getting the shopping from the front door hard. I’m not suggesting they should come and put it away for me; merely that on the face of it, it seems like a fix, but I still needed assistance.

7) One’s drinking social life becomes impaired. Pubblog has had few updates, and #100pubs is looking very, very sick.

Basically, it’s stunning how many everyday things get harder, more expensive, or both, and at the risk of repeating myself, people would do well to remember this.

PS: when you start watching On The Buses repeats, and being genuinely aggrieved if you miss it, you’ve probably been at home too long ;-).

Turning the wheels

July 2nd, 2015

As I’ve been recovering from surgery, I’ve not been using my car, so to preserve the battery (now around 9 years old), I connected (well actually, my other half connected) my excellent CTEK battery charger, at first using the croc clips, then, when I was able to, using the comfort connector- a socket that is connected to the car permanently.

Doing this upset things: when I went to try and start the car, I got a load of warning lights, and plugging in the diagnostics revealed a fault code for the steering angle sensor:

00778 - Steering Angle Sensor (G85)

Clearly dicking about with the battery terminals had lost the basic setting.

The sensor simply tells the ECU how far the steering wheel has been turned, and is needed, and calibrated, so that the Stability Control knows which way the wheels are pointing, and also so the Steering Assist ECU can adjust the steering weighting according to speed and how much steering lock is applied. As such, you have to tell the Stability Control (part of the ABS controller) where straight ahead is, with this procedure, and then allow the car to calibrate where the two ends of travel of the steering rack are by following this procedure, which is why it’s remained undone until now, now I’m able to drive short distances and manage the steering with little power assistance.

In the event, it took several attempts at the second procedure, which is why today found me sitting in an quiet industrial estate, with the car running and a laptop on the passenger seat, and even then, it took a short drive and several lock-to-lock moves to clear. The steering was both very heavy and devoid of feel until all of a sudden, the fault lamp cleared, the steering got lighter, all started working correctly, and a scan produced this:

A happy steering assistance ECU

A happy steering assistance ECU

All a bit complicated, really, but that’s the price we pay for all the fancy active safety gear, and another sign of how car systems interact: the steering angle sensor will report an error in the steering assist ECU, but the basic settings are set in the ABS/Stability controller, and both controllers get upset if this setting is lost.

Digital Motor: Marketing bollocks?

May 28th, 2015

I’m bored evidently.

The Dyson adverts on TV got me thinking: they go on about a Dyson Digital Motor. It sounded like bollocks; marketing fluff, so I asked them, and to their credit they answered:

Our digital motors different from regular motors in that they do not contain carbon bristles that create motion within the motor. Regular motors function by way of these carbon bristles allowing certain parts of the motor to rotate, but the use of this equipment can be noisy, heavy and produce fumes. Dyson opt for a digital motor that employs electronics and magnetic equipment to create power and motion within their machines with digital equipment inside the motor than controls the levels of power being produced by the machine. This more advanced design allows for a more powerful motor that is not only lighter, but more efficient in the long term and quieter when functioning.

So, it’s a brushless motor, with some control electronics. Maybe not marketing fluff after all. A quick google reveals this article in electronics weekly– so there really is some clever engineering- the digital bit is a microproccessor switching the supply quickly in order to make the brushless motor work on DC at very high speed. I take it back- not marketing fluff, and full marks to Dyson for answering tedious little queries.

A bit more googling reveals this press release (.doc, 35k) from 2003 with some details of an earlier version. Love the diagnostics…

This blog is protected by Spam Karma 2: 39003 Spams eaten and counting...