Sully Syed

Hacking the Budweiser Red Light (Part I): Identifying the network traffic that activates the light

The Budweiser Red Light is one of the best pieces of marketing I’ve ever seen. And while I’m enough of a hockey fan to want to pick up one of these anyways, the real prize is in figuring out how to make the thing go off whenever I choose.

Where to get started? While I’ve seen an attempt to use/modify the Electric Imp card inside the light to accept requests, I thought my approach might be simpler: Sniff the network traffic to and from the light, replicate it to sound the alarm.

The instruments used to sniff the traffic were as follows:

  • A MacBook Pro (to set up Internet Sharing upon for the Red Light to connect to)
  • My Android OS smartphone (to install and pair to the Red Light using the app Budweiser developed for that purpose)
  • WireShark (a network protocol analyzer) installed on the MacBook Pro, which also requires XQuartz

Instructions

I kept careful notes in case someone else wanted to replicate this experiment; those instructions are:

  1. Enable Internet Sharing on the MacBook Pro, and make sure you set no password or key. (At home where I have an Windows 8.1 PC, I had attempted to set up a Wi-Fi hotspot but the Red Light appeared to have difficulty getting on that network.) I named my new Wi-Fi access point “BudRedLight”.
  2. I had my Android OS smartphone join the Wi-Fi access point of “BudRedLight”, which it did without issue.
  3. In order to sniff its traffic, we’ll need to get the Red Light on the “BudRedLight” access point as well. This means installing and setting up the official Budweiser Red Lights app, and using the interesting flashing light method of sending the Wi-Fi connection details from the phone to the Red Light.
  4. Once that’s done, I left the app open on the phone, specifically staying on the screen that provided the “TEST YOUR LIGHT” button. The plan was to capture what was received by the Red Light once this was pressed.
  5. Now that the Red Light and my phone were both on the “BudRedLight” access point, it was time to boot up WireShark on the MacBook Pro (I had to start XQuartz first so WireShark would run).
  6. Let’s get WireShark listening to the traffic coming in and out of “BudRedLight”: Select the Capture menu option, and then Options. Unclick the “Use promiscuous mode on all interfaces option” (this will cut down on the amount of noise being captured). Instead, double-click on the Wi-Fi listing, and within it check the “Capture packets in promiscuous mode” option and hit OK. (Need a visual guide? Here’s a screenshot.)
  7. Okay – we’re now capturing traffic! Tap the “TEST YOUR LIGHT“; this will make your phone send a HTTPS request up to some remote server, which in turn appears to send a TCP [PSH, ACK] packet to the Red Light. In the screenshot of WireShark below, I pressed the “TEST YOUR LIGHT” twice, resulting in the two [PSH, ACK] packets listed:bud-red-light-tcp-psh-ack-traffic
  8. So what’s in that packet? Only 234 bytes of it contain actual data, so let’s see what that looks like (via WireShark):bud-red-light-packet-inspection

Next Steps

So we’ve got an example of the data used to set off the Red Light, but we don’t really know what’s contained in that data.

Deep packet inspection isn’t really my thing, so at this point I’ve started asking around for possibilities. Here are the early contenders:

  • Use tcpreplay, Ostinato or some other application to “replay” sending of the packet shown above to the Red Light; maybe we don’t really even need to know what’s in the packet and this will set it off.
  • Find and use some other utility (or person!) that can tell us how to further decipher what’s in the data seen above.

If you’d like to help out, you certainly can! I’ve uploaded a zipfile of a PCAP file containing the packet I’ve displayed above. Feel free to try and dicipher or replay sending of that packet on your own! Please leave a comment if you do so; it’d be great to solve this for everyone.

Sully Syed

When “compass compile” leads to an ‘Invalid UTF-8 character “\xCA”‘ error

We’ve got some pretty large CSS files to work with on a few projects I work on, and use SCSS plus the Compass tool to make management of the styles a bit easier. Recently, though, Compass has been throwing us this error:

    error scss/sportsnet.scss (Line 969 of scss/_inc-controls.scss: Invalid UTF-8 character "\xCA")

The root cause appears to be non-ASCII characters in a SCSS file. That’s easy enough to root out by hand if the file is a manageable size, but if you need an automated filter instead, try the following:

iconv -t ASCII//IGNORE -f UTF8 < _inc-controls.scss > _inc-controls.ascii

This pipes the offending SCSS file through iconv, and spits out the file _inc-controls.ascii which should contain differing lines where non-ASCII lines are found.

Sully Syed

Overwriting a branch in Git with remote results (and bypassing merge conflicts)

If you’ve ever tried to do a git pull to get a branch up to date and have run into conflicts that you just want to bypass and go with the contents of the remote branch, do the following:

# Fetch from the default remote of origin.
git fetch origin
# Check out the branch you want to override the conflicts upon.
git checkout master
# Reset your current branch of master to origin's master.
git reset --hard origin/master

Reference: Stack Overflow: Git pull from remote.. Can I force it to overwrite rather than report conflicts?

Sully Syed

Get a list of files added, removed and modified in Git between two branches

It’s sometimes useful to know exactly what files you’ve made changes to in your feature branch as you’re getting ready to merge back into your trunk code. Git’s diff option allows for this to be done quick easily:

git diff --name-status master..newfeature

The output looks like the following:

M       .gitmodules
A       plugins/backplane.php
A       plugins/multiple-post-thumbnails
M       themes/sportsnet/css/scss/_inc-controls.scss
M       themes/sportsnet/functions.php
M       themes/sportsnet/header.php
M       themes/sportsnet/single-sn-article.php
M       themes/sportsnet/single-sn-blog-entry.php
M       themes/sportsnet/single-sn-signing.php
M       themes/sportsnet/single-sn-trade.php
A       themes/sportsnet/zones/articles-comment-form.php
A       themes/sportsnet/zones/global/user-account-links.php
(END)

Reference: Stack Overflow – Showing which files have changed between git branches

Sully Syed

Where all of my placeholder images come from

Years back, I happened upon fractalsponge.net, a one-man effort in creating extremely high resolution Star Wars renders of the various spacecraft in that fictional universe.

Sully Syed

Downloading more than 5,000 rows from Google Analytics at a time

I’ve been increasing the amount of click tracking I do via Google Analytics, but getting the data back out of that system can be a bit of a time when you’re talking large amounts of data.

Enter Download Analytics, which will ask for input of a URL to the report page you’re viewing, and will automatically prompt to e-mail you (when ready) a link that will allow you to download the entire list of rows in your report. Simple, fast, effective.

Sully Syed

Checking Akamai cache expiry times on your website’s pages

This involves sending some custom headers along with your HTTP GET request, so utilize either the wget command line tool:

wget -S -O /dev/null --header="Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no" http://www.sportsnet.ca/

Or the curl command line tool:

curl -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no" -IXGET http://www.sportsnet.ca/

The X-Cache-Key setting will contain the amount of time the URL is cached for; in this example, the time is 1 minute (“1m”):

X-Cache-Key: /L/370/77322/1m/www.sportsnet.ca/

Running Windows? No problem – grab a compiled version of wget for Windows.

Source: Stack Overflow – What’s the best way to troubleshoot Akamai headers these days?

Sully Syed

Costco: An internal promotion trumps an MBA any day of the week

I noticed this as well, but it took a blog post in The Washington Monthly to crystallize it in my mind.

The Washington Monthly – Political Animal – The secret of Costco’s success revealed! (hint: no MBAs need apply)

… Costco does not hire business school graduates—thanks to another idiosyncrasy meant to preserve its distinct company culture. It cultivates employees who work the floor in its warehouses and sponsors them through graduate school. Seventy percent of its warehouse managers started at the company by pushing carts and ringing cash registers.

Those sentences speak volumes. They tell you that Costco is a company that values its own hard-won experience over trendy B-school subjects like management theory and Econ 101 abstractions. They’ve found a formula that works and they’re not going to mess with it. I’ve long found the typical B-school curriculum to be problematic. On the one hand, you have management “theory,” which frequently is not well-supported by rigorous research, and might be characterized as more theological than anything else — Tom Frank has often been insightful about the ideological function served by this kind of business literature.

Then, on the other hand, you have B-school economics. One of the great sins about economics as a university subject is that, particularly at the introductory and intermediate levels where people are most likely to study it, the econ that gets taught tends to be almost entirely theoretical, not empirical. Few economists understand how businesses work, because few of them have actually bothered to ask businesspeople how they make business decisions. Instead, they make assumptions. But even assumptions that seem highly plausible in theory can turn out to be wildly off-base in fact.

Getting back to Costco: the abstract theorizing that MBA students learn in microeconomics courses often has little relevance to practical business situations. The simplified textbook models teach the lesson that policies like unions and the minimum wage are inefficient and wrong — that message comes through loud and clear. Economics as it’s taught in most American colleges today more or less encourages poor labor practices.

Sully Syed

Costco: Secrets of the cheapest, happiest company in the world

I occasionally read an article about deplorable call centre conditions, or most recently about how difficult work in Amazon’s fulfilment warehouse is. And I always think: Why not take a small hit to the company’s margins and ease things back towards being a workplace your employees don’t dread going to? (Offhand, I’m fortunate to be able to say that in my own field of software development, working conditions are usually somewhere between good to ridiculously luxurious.)

In an era of global competition it’s hard to justify not maximizing shareholder revenue, but with the below there is a spark of hope: Evidence that companies that treat their employees better also perform better.

Costco CEO Craig Jelinek Leads the Cheapest, Happiest Company in the World

Despite the sagging economy and challenges to the industry, Costco pays its hourly workers an average of $20.89 an hour, not including overtime (vs. the minimum wage of $7.25 an hour). By comparison, Walmart said its average wage for full-time employees in the U.S. is $12.67 an hour, according to a letter it sent in April to activist Ralph Nader. Eighty-eight percent of Costco employees have company-sponsored health insurance; Walmart says that “more than half” of its do. Costco workers with coverage pay premiums that amount to less than 10 percent of the overall cost of their plans. It treats its employees well in the belief that a happier work environment will result in a more profitable company. “I just think people need to make a living wage with health benefits,” says Jelinek. “It also puts more money back into the economy and creates a healthier country. It’s really that simple.”

Jelinek earned $650,000 in 2012, plus a $200,000 bonus and stock options worth about $4 million, based on the company’s performance. That’s more than Sinegal, who made $325,000 a year. By contrast, Walmart CEO Mike Duke’s 2012 base salary was $1.3 million; he was also awarded a $4.4 million cash bonus and $13.6 million in stock grants.

Costco has no public-relations staff. Jelinek conducts an interview with a journalist alone, an anomaly at major corporations, and afterward Costco Chief Financial Officer Richard Galanti calls to inquire whether the boss inadvertently said anything negative. Sinegal returns a reporter’s phone call on a Saturday morning, leaving his cell number.

Costco’s constitutional thrift makes its generous pay and health packages all the more remarkable. About 4 percent of its workers, including those who give away samples and sell mobile phones, are part-time and employed by contractors, though Costco says it seeks to ensure they have above-industry-average pay. And while Walmart, Amazon, and others actively avoid unionization, Costco, while not exactly embracing it, is comfortable that the International Brotherhood of Teamsters represents about 15 percent of its U.S. employees. “They are philosophically much better than anyone else I have worked with,” says Rome Aloise, a Teamsters vice president.

Most retailers “see their employees as a cost to be minimized and typically end up underinvesting in them,” says Zeynep Ton, an adjunct associate professor of operations management at the MIT Sloan School of Management. She thinks that ends up creating operational problems that shoppers are all too familiar with: surly employees in stores engulfed in chaos, an environment that makes ordering online look a lot better. One solution to surly cashiers is to get rid of them completely. Walmart said that this year it would add 10,000 self-service checkout systems (though it did not say whether these systems would displace workers). Costco has also experimented with self-service checkouts, but Jelinek says he’s now removing them because employees do the work more efficiently. “They are great for low-volume warehouses, but we don’t want to be in the low-volume warehouse business,” he says.

Many conscientious companies such as Costco are performing well financially. Over the last few years, Nordstrom (JWN), the Container Store, Sephora, REI, and Whole Foods Market (WFM), all of which are known for treating employees well, have outpaced rivals. “This is the lesson Costco teaches,” says Doug Stephens, founder of the consulting firm Retail Prophet and author of the forthcoming The Retail Revival. “You don’t have to be Nordstrom selling $1,200 suits in order to pay people a living wage. That is what Walmart has lost sight of. A lot of people working at Walmart go home and live below the poverty line. You expect that person to come in and develop a rapport with customers who may be spending more than that person is making in a week? You expect them to be civil and happy about that?”

Sully Syed

Fast 404s for missing images in WordPress

If you’re looking to replace WordPress’s long load time for a 404 error page for at least the missing images on your website, consider adding the following to the .htaccess file that sits in the root of your WordPress installation airblown inflatables canada:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} \.(gif|jpg|jpeg|png)$
RewriteRule .* /wp-content/themes/your-theme/images/placeholder.png [L]

In practice, this looks something like:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_URI} \.(gif|jpg|jpeg|png)$ 
RewriteRule .* /wp-content/themes/your-theme/images/placeholder.png [L]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Working with Nginx? No problem, here’s the equivalent commands that go into your site configuration file:

location ~* (jpg|jpeg|gif|png) {
	expires 30d;
	access_log off;

	error_page 404 /wp-content/themes/your-theme/images/placeholder.png;
}