Tuesday, June 23, 2020

Friston and The Knowledge

It's 2020 for goodness' sake.  Those of you who read The Book of Dave remember Dave acquiring The Knowledge.
Friston first became a heroic figure in academia for devising many of the most important tools that have made human brains legible to science. In 1990 he invented statistical parametric mapping, a computational technique that helps—as one neuroscientist put it—“squash and squish” brain images into a consistent shape so that researchers can do apples-to-apples comparisons of activity within different crania. Out of statistical parametric mapping came a corollary called voxel-­based morphometry, an imaging technique that was used in one famous study to show that the rear side of the hippocampus of London taxi drivers grew as they learned “the knowledge.”
from a Wired article on Friston and the free energy principle.

 --Steve

Friday, January 2, 2015

The Capital-O of Stacking Blocks

It's 2015 for goodness sake.  Here's a new-to-me approach to an eerily familiar problem: how far over the edge of a table can a stack of identical frictionless blocks hang, as a function of the number of blocks?  The historic hegemony of harmonic hang-over makes way for a New Order-of.  https://math.dartmouth.edu/~pw/papers/maxover.pdf

Friday, October 4, 2013

Cybraphon: A 21st Century Player Piano

From language evolution pioneer Simon Kirby comes Cybraphon: The Autonomous and Emotional Robot Band. (More video on youtube). The New Haven he refers to is alas probably not ours

Tuesday, September 24, 2013

How I hacked the Brookstone Rover 2.0

In the spirit of our 26 October meeting on hacking, I wanted to share this hacking story with everyone.

I like writing APIs for inexpensive robot toys like the AR.Drone and the Neato XV-11.  In a recent undergraduate robotics class, a couple of students and I got found an open-source project for driving the Brookstone Rover from an Android device.  We bought a Rover 2.0, but we had no luck in getting this code to work with it.

Following the advice in Violent Python, I figured I'd try some wireless snooping to see what was in the messages being passed from the handheld device to the Rover.  I bought the recommended Hawking Technology Hi -Gain Wireless-150N USB Network Adapter, plugged it into my Ubuntu machine (actually, an iMac running Ubuntu under VMWare), and installed and ran scapy.  This showed some traffic, but it was difficult to work with.  Some googling revealed that Wireshark was the tool of choice for this sort of thing, so I installed it and set up a filter to look at messages to/from IP address 192.168.1.100 (the Rover's fixed network address.)   Looking at the items tagged "continuation or non-http traffic", I saw lots of traffic between this address and 192.168.1.X, where X was the ad-hoc address assigned to the handheld device by the rover -- 2, 3, 4, etc.) Most of these messages started with the string MO_O, as I expected from the code in RoverOpen.

Running the app a few times revealed a pattern where the handheld device would send the Rover a message starting with MO_O 0 ..., the Rover would reply with MO_O 1, the handheld would send back, MO_O 2 ..., and the Rover would reply with MO_O 3 ....  The 0 (first) message was always the same, but the 3 message ended in different bytes every time.  This looked like some kind of handshaking to me.  I knew that the Rover AC-13 (the predecessor of the 2.0) used an open password system (username = AC-13, password = AC-13), but this seemed like some kind of encryption.  Perhaps I needed a different strategy.

Looking at a teardown page for the Rover 2.0, I saw that it had a UART that might allow me to talk open a console to the Rover.  I bought a USB / UART adapter cable, soldered the wire ends to a three-pin female R/C connector, connected the Rover to my iMac, and turned on the Rover.  Sure enough, this revealed a new /dev/tty.* file.  I ran /usr/bin/screen on this file at the standard 115200 baud rate, and was able to see the Linux boot sequence for the Rover in my terminal window.  I was able to run a few Linux commands like ls and cd, but a quick glance around the file system failed to reveal any useful source code that would allow me to reverse-engineer the encryption  /handshaking.  There was also an annoying output of a single digit to the console once every second, which interfered with my typing into the console.  Based on the fact that this number eventually dropped to 1 before the batteries ran out, it must have been a single-digit representation of the battery level that you can retrieve from the Rover wirelessly -- perhaps a debugging printout left in the firmware.

I figured that a look at some more up-to-date source code running on the handheld device might reveal what was going on.  So I downloaded the free Rover 2.0 app from Google Play onto my Android device.  Then I  downloaded the free ES File Exporer app, which allowed me to save the .apk file for the Rover 2.0 app.  Plugging my Android device into a Windows 7 machine revealed a volume in which I could find the .apk file (it might have worked on OS X or Ubuntu, but I found it most reliable on Windows.)

So now I had the .apk file.  I turned it into a .jar file using dex2jar and started looking for a good Java decompiler.  After trying several, I found that the free online trial version from SecureTeam gave me the most legible Java source code (fewest labels, goto's, etc.)  Sure enough, the sensibly-named WifiCar.java was using Blowfish encryption to respond to the "challenge" from the Rover.  Curiously, the BlowFish class was using a P-array of all zeros instead of the digits of Pi, which I guess is still good enough to foil random key hacking.

By looking back-and-forth between the decompiled Java source and the Wireshark messages, I was able to write a little Java class to do some basic things on the Rover -- spin the treads, raise/lower the camera, and turn the lights on and off.  To understand the media (video, audio) messages coming back from the Rover (which begin with MO_V), it helped to look also at the documentation for the Foscam web camera that provides the core functionality of the Rover.

As expected, the video was coming in the form of JPEG bytes, which I could save to disk and then open using any image-viewing program.  At this point I translated my little Java classes  into Python and decided to try my luck with the audio messages.  These proved a little trickier.  Audio turned out to be encoded using ADPCM, at a rate of 8192 Hz (a standard rate used as the default in e.g. Matlab), sent in chunks of 160 samples, with some ADPCM parameters tagged on at the end.  Saving the audio samples to a file and playing them back in Matlab revealed audible signals with a strong low-frequency noise component.

With the full functionality of the Rover 2.0 at my disposal in Python, I wrote a little program that uses PyGame to drive it around via a PS3 controller and OpenCV to display the images.  You can download the whole set of files from here.  Of course, the real excitement of a Python API is the potential for autonomous behavior via machine vision, speech recognition, etc.  So although this hack proved to be a lot more work than we'd originally thought, I'm hoping that it will open the Rover 2.0 as an inexpensive platform for exploring robotics.

Wednesday, April 18, 2012

Complexity in Cognitive Science: The Debate Rages On

Having just renewed my membership in the Cognitive Science Society, I received this year's back issues of their journals, and was delighted to see that the Topics issue in January contained a lively discussion on the value of complexity theory (chaos, fractals, 1/f noise, etc.). The anti-complexity (or rather, anti-buzzword) side was championed by Chris Eliasmith, who (as a licensed electrical engineer with a Ph.D. in philosophy) has been doing some extraordinary work on the hardest problems in the field.

Thursday, March 22, 2012

Pirahã Recursion rererereredux


The Academic Controversy That Just Won't Die returns to the front page of the New York Times.

Update: It also appeared as a cover story in the Chronicle Review a few weeks ago.

Friday, September 16, 2011

Leadbelly vs. Robots

I guess the John Henry meme was inevitable. Otherwise, having a robot run the Ironman Triathlon is a pure publicity stunt. And if there are ever dance contests for robots, this version would probably work better, too.