WAYD + Layar = true

January 4, 2011

Geotag whatever you find interesting and share POI with your friends through augmented reality.

Download Layar and WAYD to your iPhone. Lets assume the setup works out for you. I would suggest that you access “My area” on wayd.se and set your alias.
Now start sending posts to WAYD. The posts will be published on wayd.se. Please change position so that the posts get different lat and lng.

When you have added some posts open Layar and find the WAYD layar. When loaded you will probably see your own posts. By default all posts relative to your current position are shown.

But if you only want to see your own click on the “i” icon down on your left to access the current layer settings. In the settings page you can add your phone number (not alias). Click “Done” and you should now see only your own posts.

Now showing only selected posts.

So now you can prepare your own augmented reality tour for your family and friends.

If you don’t have a Swedish or Norwegian mobile you need to preregister on http://wayd.se.

Twitter SMS security hole

September 23, 2010

Background

In my Twitter stream yesterday I noticed that one of the people I follow had written a tweet with only one word, it was “Gnarf”. I have seen the word before but did not really know what it meant so I thought it was time to look it up. After looking up the word I posted a link to the description. After some minutes I noticed the following tweet sent from my account:

I did not send that tweet, was my account hacked?

Hacked, yes and no

What drew my attention was that it was sent via “txt”. For some reason I have enabled the possibility to tweet by sending in SMS to Twitter via a local phone number (this function might not be enabled in your country). So my conclusion was that the tweet wasn’t a result of a rogue application. So someone/something could pretend to be my mobile phone when sending SMS. I have been working quite a lot with SMS services so my first thought was that someone simply changed the sender address in some type of SMS software solution. Sending SMS from a web interface is pretty simple. You need a account at some SMS provider  and then with the help of a couple of lines of code you are up and running. Setting the from phone number is something most of this services have enabled and the from phone number is what Twitter uses when verifying SMS/tweets sent from mobile devices.

Could it be that simple?

Yes, it was. So by knowing someones mobile phone number I can now send SMS into Twitter and post as that user.
Besides knowing the users number you need to know if the user actually enabled SMS tweeting. So it is a bit of trial and error before you can start tweeting as someone else.

Can I protect myself?

Yes, disable the SMS all in all or enable the PIN option. With the PIN option you need to prefix all SMS with your PIN code.

What can Twitter do?

They could disable the open SMS tweet function (only allowing PIN SMS). Keeping it open will keep the hole open. The reason for this is that Twitter can’t see if the SMS is from a physical device or from a software generated solution. I would suggest that you think twice before enabling SMS tweets without the PIN function.

Thanks to @claes who Gnarf:ed me and made me look into this. He obviously knew about this long before me. I am not sure if he does it the same way as me. I’ll need to ask him about that .

BTW: This is what I found about Gnarf – http://L2W.no/fhef. For some fun you should read beyond the first definitions.

SimpleLayar – Admin interface for hosted layer

July 23, 2010

If you are new to creating Layar layers it can be a steep learning curve to get started.
- Setting up a Layar layer can be somewhat cumbersome if you don’t know a programing language.
- When setup you most often need a programmer to update the points of interest (POI).

The above is far from true for everybody. You might have a in-house programmer who makes a perfect integration to existing content management system. But most people I have spoken with in regard to Layar development often just have a Excel sheet with addresses they want to transfer over to augmented reality.

To make the administration of a layer much more easy we have created a simple interface where our customers can update their own POI.
Take a look at the following short demo:

In the screenshot below you can see how it looks in map view inside Layar.

So with our hosted solution you have the power to administrate your own POI in a easy way.

Bot my world

July 20, 2010

Image via Wikipedia

During the last year Teknograd have created several Twitter bots to test different concepts. In this post I will try to make a overview of what’s out there.

1. SMS

In Sweden and Norway Twitter don’t send out SMS on mentions. We monitor selected users and send SMS to them when they are mentioned.

2. Automatic reply

We monitor different brand names and when mentioned our bot react and reply with one of several predefined sentences. Our thought was that this would be a first line of interaction between brands and people on Twitter. See 7 and you understand the power this could give brands.

3. Store my tweet

We all know that tweets tend to disappear over time. With this bot we monitor words, users or any other type of Twitter searches and store them at our own data center. Example of things we monitor: #gladkund, #surkund and #viarettpar.

4. TweetKarma

Give karma to people on Twitter. TweetKarma.Nu monitors #tweetkarma and #movershakermonday and add karma points to people and present who has the most karma on TweetKarma.Nu.

5. Get current weather

We monitor the tags #varmt, #kallt and #kaldt (hot and cold in Swedish and Norwegian) in connection with city name mentioned after the tag. For example “#varmt i Stockholm” or “#kallt Oslo”. We do a look up of the city and see if we can find the current weather and reply with a tweet.

6. Want to know who is king of Norway?

Send a tweet with the hashtag #undrar followed by a question and our bot will do its best to find the correct answer for you. Try for example: #undrar Who is the king of Norway?

7. Geotagged questions

Twitter don’t want to give us information on how many users have enabled geotagging. Seems to be under 10% but we are unsure. Anyway you get loads of power with geotagged tweets so enable it! In Sweden you can search for #Systembolaget or #sprit and our bot will find the closest place selling beer, wine and hard liquor. Can be very useful in a country where selling liquor is state controlled. We also monitor #surdeg which will give you the closest sour doe bakery. We see a huge market for geo based bots. Think if you could get the nearest petrol station, vegetarian restaurant or hospital by simply asking for it in a tweet!
The geotagged bot data can be linked to WordPress. Our bot will query WordPress for geolocation which means you only need to store geoinformation in one place.

8. Discussion – 140 char limit bot

In a couple of tweets you have engaged loads of people into a discussion you started. You try to include them all just to find that for each person you add the number of characters you can use for keeping the discussion alive gets fewer and fewer. If you see this happen you can send a tweet with the hashtag #diskutera (to discuss in Swedish) and our bot will reply with a unique hashtag which you can share with the people in the current discussion and thereby add the number of available characters.
Original idea for this bot came from @bjornfiner.

We do have other bots and monitor other words but I believe the above pretty much sums up the main areas we have looked into and are able to publish at this point.

If you have any thoughts or ideas on Twitter bots please get in touch!

Howto – At the office

July 6, 2010

If you don’t know what this is all about please read this post – http://teknograd.wordpress.com/2010/06/17/at-the-office/

1. Setting up your Facebook Page

Take a look at this video for a quick start:

You will find the “At the office” application at this URL: http://L2W.no/bf75.

2. Adding users/employees
See this short video on howto add a user. The application URL is the same as above.

3. Setup mobile client

The solution is only tested on iPhone. But at http://www.quickmark.cn/ you can download and try “At the office” on other platforms. Please let us know how they workout.

Setting up on iPhone:

• Download QuickMark.
• Start QuickMark and open “Settings”.
• Scroll down to “1D Barcode Settings” and change “Barcode Type” to “CODE 39″.
• Open “Redirect Settings” and add the following URL: http://geoklubb.se/at_the_office/tweet.php?u=fdqps&q= . The last character is “=” which is intentional.
• Change “fdqps” for your Twitter name. You need to make sure you completed step 2 above.

4. Time to print those check-in and check-out EAN codes.

You can create EAN codes on a vast amount of different sites. We’ll show you one site which has worked well for us.

• Remember the video in step 1 you where asked to find the Gowalla spot id. You need that again.
• Goto http://www.terryburton.co.uk/barcodewriter/generator/ and change “Symbology” to “Code 39″.
• In the “Contents” add your Gowalla spot id plus “-1″ at the end. Example “75999-1″ and click “Make Barcode”.
• Print the created barcode and you have a check-in station.
• Change “-1″ for “-0″ and you have a check-out station. Example “75999-0″.

You now have a full check-in and check-out office solution. Try to print check-in/check-out codes in different sizes to see which fits your needs the best. Play around and add more users when you feel ready to show your customers who is at the office.

Note: The tags you print are unique to your spot. But the client can read tags at other spots. So if you have more then one office the solution will work across physical sites and even sites you have not created.

Security: We know the user by his or her Twitter name, nothing else. This means that you can exchange the name on your phone and check-in/check-out as someone else (who have registered in the system). This solution is to make your company transparent and should not be used for monitoring people for the obvious reason that it is so easy to fake.

At the office?

June 17, 2010

Communication has always been vital, but in the last couple years the landscape have changed radically.

Being transparent is becoming more and more important for businesses. Within the last couple of years transparency have become the most important trend in how to communicate with your customers. Digital transparency helps to add communication without adding pressure on the organization.

In line with above thought we have created a solution which enables companies to let their customers see who is currently at the office.

The employees currently at the office is shown on a Facebook page. Check-in / check-out status is managed by a EAN code reader available on most mobile phones. The office spot is linked to Gowalla.

If you would like to try it out, please let us know.

Geo Query WordPress plugin

March 24, 2010

We (@perkovich and @fdqps) wanted to create a Twitter bot which pulled data from a WordPress blog. The twist was that the result should be based on the geolocation of the caller.

The blog (suredegskartan.se) on which we built this proof of concept on already had the Geo Mashup plugin installed. This provided us with a geotagged backend we needed.

Looking into the database structure and with some help from Dylan Kuhn we could build a web service which based on a lat/lng query could find and return geotagged blog posts within a radius of 20 km (can be altered) in a JSON string.

This means that you can use this plugin for any type of solution where you would need goetagged blogposts within a specific radius. In our case we have a Twitter bot monitoring different hashtags and when triggered sends a GET request containing the tweets lat/lng to our Geo Query plugin. As you probably have noticed a user need to enable geotagging for their Twitter account and also use a client which support this function.

Soon WordPress will have native support for geotagging. If this will include a open web service I don’t know. Any feedback on this is much appreciated!

In April I will attend http://chirp.twitter.com/ and will most probably base my 24 hour hack on building a better and more stable version of this solution. So before this event I will not publish any code. But if you like to test the code please let me know and I will send what I have.

Image by Rétrofuturs (Hulk4598) / Stéphane Massa-Bidal via Flickr

The geolocation hack lets you travel the world in Gowalla

February 21, 2010

Image by @keeg via Flickr

On Friday I saw some posts on Twitter about people traveling all over the place. I must confess that I did not see the hoax until I read a post that put me on the right track.

I started to dig into the issue and all I found was people bragging about the fact that they found the hole but where unwilling to share their knowledge. Why?
[Update] Sorry to the people I might have offended, it was not my intention. I now better understand their reasons.

Well anyhow I did my homework and found a way to fake my geolocation. I am not sure this is the same hack that others have found, but probably.

So here goes a step by step on how to travel the world in Gowalla.

1. Create a  text file with the following text:
{“location”: {
“latitude“: 39.7391536,
“longitude“: -104.9847034,
“accuracy”: 10.0}}

2. Save the file to your desktop.

3. Open Firefox (I have only tried this in 3.5.8) and enter the url: about:config. Please read the warning you get prior to continuing with these steps.

4. Search for “geo.wifi.uri” and when found change the value (https://www.google.com/loc/json) so it points to the file you created in step 1.

5. Close and reopen the browser. Just shift-reload (thanks @dabitch).

6. Go to m.gowalla.com and login.

7. If you “Check in” you will see spots in Denver, US.

Change the latitude and the longitude and restart your browser to check in somewhere else.

Have you solved this in any other way, please share!

[Update] Why did I publish this small step by step guide?
This problem is not connected to Gowalla, Foursquare or any of the other services that base their product on geolocation. Currently I am working on a project where Gowalla is a small part of the total package. By publishing this guide I hope to show a weakness you must take into consideration when working with these types of solutions. I love geolocation, Gowalla and Foursquare but believe it is better to bring things out into the open as soon as a issue is found. If we publish with good intentions, which I hope people feel I do, the risk of missus is smaller then if you try to hide it.

Twitter bot update two month later

January 11, 2010

Image via Wikipedia

@bracitat now have 309 real followers after 4459 tweets.

As before (see previous blog) we block spam followers and then follow all persons who are from our target region (Sweden/Norway). As of today we follow 211 people. This means we are up from around 10% to 14,4% in relation to number of tweets and followers. But what is interesting is that the number of people we follow, or what we call valid followers, is now 4,7%.

It also seems that we are getting a larger amount of RT’s.

Our bot test will continue.

Cross-domain policy and sockets

November 10, 2009

Image by Micah68 via Flickr

We needed to build a socket FTP client in FLEX. When done we ran into the problem on how to setup a cross-domain policy file which we never tried before. This post is based on Flash Player version 10 and above. Older versions work in other ways so please compile for ver. 10.

I will not go through all the things we did wrong and all the steps needed to set this up. But I will underline the things that set us on the right track, things that are of major importance to get this working.

HTTP based policy file out of the question
You might be tempted to use HTTP-based policy-file retrieval which will work for any port above 1024! So for FTP this is out of the question!

Socket based policy file retrieval
Setting up a socket server just to serve the policy XML file seems strange but is needed. You can setup the socket server in PHP, Python, Java or any other language that supports sockets.

Port
You need to open up a port on which the socket server can monitor the requests. Adobe recommends port 843. It is important that the socket server port is set below 1024. FTP usually resides at port 21 and if the policy socket is above 1024 it cant give you access to ports below 1024. So stay below 1024!

Read this
To get a working socket server read the following post at adobe.com.

Hope that this few steps will help you get this working faster then we did.