I've had a novel idea from years ago. For the most part, there is no security on mega yachts. Moreover, they hire random people to wash them and maintain them. It's nothing to gain access to the all the electronics in the cave under the wheelhouse.
So, the novel idea is this, a bunch of kids from MIT or CalTech or where ever decide to bug yachts. They get unassuming jobs as deckhands and stewards to give themselves time to install devices like this DIY boat monitoring system along with microphones behind all the panelling around the yachts which are owned by CEOs of major companies. More or less, the device caches all the audio recordings and waits for the ship to enter a marina where it connects to wifi and sends the information home. They are looking for stock trading information, mostly. They are in the Caribbean maybe in St. Martin and overhear some nasty things by the Russian mafia. Someone made a mistake and they get caught. That's the beginning. The rest of the novel is a bunch of nerdy kids having to MacGyver their way out of the Caribbean while being chased by the most powerful and dangerous people on Earth.
Ha, at the beginning I read the word novel as new. I was getting a little disturbed by this until I read on to understand this was fiction. Wrong novel :). Embarrassingly, this took too long to realize...
I interpreted it the same way but instead of being disturbed I searched for boat cleaning jobs and wondered how much the CIA and other intelligence agencies invest in bugging mega yachts.
Here is a popular list of available jobs.[0] The site started by listing day work jobs which means a job that is only day to day. The captain usually picks up the day workers in the morning who are crew between jobs and they sand the rails, varnish, clean bilges, wash the yachts, and detail the metal work. The site lists lots of other more permanent jobs too and is a popular resource for people in the industry.
> "144192 5/4/2021 Yacht Looking for 8 day workers to wash and detail yacht on Monday May 10th. 8 hours. FT LAUDERDALE"
That job probably pays $15 - $20 an hour cash under the table and the chef will make them all lunch. Not a bad gig job. 8 day workers? That's a lot, they wouldn't need that many people for 120 foot yacht[1]. The price of that yacht probably starts at something like $18,000,000. It would be a nothing burger to install anything on that boat with nobody noticing.
I've been in a semi high security environment and seen casuals given too much independent access by well meaning staff. Examples ...
1. Guy allowed to come in and check our microwave for 'radiation leakage'. May have been a simple money scam but obviously a way to listen to staff conversations.
2. Casual cleaners employed to sanitise desk phones .. after a scare saying that's where a lot of bacteria collects. I noticed these cleaners being way too slow and too likely to let their gaze linger on computer screens. They didn't last.
We hired a physical pentester and he got in the first day by convincing the night janitorial staff that he was an employee that left his badge on his desk and just needed to go pick it up. He wore a jacket with our logo to make himself look more legit.
He hid out in a conference room and had unfettered access to the office all night, he left behind a network device plugged in to a spare network jack behind a printer.
A while back I got interested in sailing and paid for lessons on a Benetau 57. I was absolutely blown away by the ease with which one of these boats could be stolen.
Granted anyone that has the time and money to actually learn how to sail the things is likely not in a position where boat heists have a great risk/reward.
> The group’s modus operandi involved renting a yacht from a charter company with different passports in each case, paying all costs in cash, and then taking out the automatic identification system of the yacht and putting it in a remote control toy boat to make the renters think that the yacht was adrift in territorial waters. Meanwhile, the stolen yacht had already reached international waters.
Super easy to steal but nothing you can profitably do with it so there's no point.
You can't haul out and tow away a giant boat like that without involving a lot of people (marina travelift, trucking company with wide load permits) so that's out.
You could try sailing it away but with a top speed not much over 10mph, it'll be the lowest speed chase ever.
A boat was stolen from a charter company in SF bay some years ago. I think they got about a day head start, but even so it's not like they got very far.
I wanted to help out with your story here, and I had some OpenAI credits available, sooooo here's a high level chapter summary, straight from our AI Overlords. I'd give it 2/5, too much microphone.
---
Plot: A bunch of kids from MIT or CalTech or where ever decide to bug yachts. They get unassuming jobs as deckhands and stewards to give themselves time to install devices like this DIY boat monitoring system along with microphones behind all the panelling around the yachts which are owned by CEOs of major companies. More or less, the device caches all the audio recordings and waits for the ship to enter a marina where it connects to wifi and sends the information home. They are looking for stock trading information, mostly. They are in the Caribbean maybe in St. Martin and overhear some nasty things by the Russian mafia. Someone made a mistake and they get caught. That's the beginning. The rest of the novel is a bunch of nerdy kids having to MacGyver their way out of the Caribbean while being chased by the most powerful and dangerous people on Earth.
Chapter 1: ____ is on a yachting trip in the Caribbean. He gets a message from his friends on shore telling him they've been caught and are on the run. He has to decide whether to try and help his friends or try and get off the boat and call the authorities.
Chapter 2: ____ decides to help his friends. He needs a weapon, so he builds a crossbow from materials he finds on the boat, and he needs to learn how to use the weapon. He also needs to know how to defend himself in hand-to-hand combat, so he takes some of his friends' martial arts training. To learn how to use the crossbow, he goes to a nearby island where he has to steal or purchase a target.
Chapter 3: ____ steals a target from a competitor. He then goes back to the yacht and practices using the crossbow on the target.
Chapter 4: ____ goes to a nearby island to look for a drink to help him stave off seasickness. While there, he meets a young girl named ____ who is a pickpocket. She also teaches him some thieving skills.
Chapter 5: ____ returns to the yacht. He needs to make a plan for the next day. The yacht is going to be in a marina to drop off the CEO of a company who is on the yacht and ____ needs to decide what he's going to do with the microphone. He also has to spend some time learning to use the microphone in case he decides he wants to stay on board.
Chapter 6: ____ decides he is going to stay on board. He spends the next day learning how to use the microphone and listening to the CEO of the company. The CEO gets a call from the Russian mafia, who are threatening to kill his family unless he gives them the company. The CEO gives them the company. ____ decides to stay on board after overhearing this conversation.
Chapter 7: ____ has to make a plan for the rest of the trip. He needs to decide when he's going to connect the microphone to the wifi so the information gets sent home. He decides to wait until they are docked in a marina. In the meantime, he has to continue learning how to use the microphone and the crossbow.
Epilogue: The whole point of the book is to show how these kids had lives that could have been, but chose to work for the government instead. I don't know. The ending was not at all satisfying.
I'd love to use this for overnight drops from the hi n dry. The one thing I didn't see mentioned is powering the unit with DC-only. I'm a PI newbie and I don't run an AC inverter on board.
Super easy to power a Pi from DC only. Many (most) USB ports will work (the amperage draw can be a bit much for some older lighter-style USB power adapters).
The power draw from our dedicated device (https://floathub.com/store) is much lower than a Pi, but you don't get the advantage of a general purpose computer that can run other stuff at the same time.
There are some great sensor options out there and they are dirt cheap (cents or a couple of dollars). ESP32 and ESP8266 are my chips of choice and they are also very cheap.
Some great projects are easily achievable from Arduino. It seems to be slightly looked down on as a platform, but I’m not skilled enough to know why. It has an IDE and a language that’s easy enough to use. There is also a huge community and a mass of projects out there.
ESPHome is another excellent project which takes the coding down to just yaml config files and then you can makes automations one Home Assistant.
you can get really small dc-dc converters that are suitable for the power draw of a pi. Take input of 12, 24, 36, 48VDC, whatever, convert it to 5VDC and power the header pins of a pi.
Very nice work overall, and I admit I haven't read the entire project, but it seems the entire authority to operate both pumps has been delegated to a microcontroller that becomes a single point of failure for the entire system.
Given the cost of the system and chance for failure I think it would make sense to either add a second system or enable some sort of automatic override (possibly via mechanical float switch wired directly to large pump and set at a higher water level than the other two switches)
So that there will be enough time between a potential large leak occuring and detection of controller failure(via lack of daily email) to prevent it from sinking the boat.
That wasn't my read. My read was that they go off independently based on their own conditions (the large pump has a float switch that presumably isn't set off until after the small pump should have taken care of it) and the monitor just records these things.
Based on what was wrote I don't think that's the case. He included some special conditions like:
>The monitor knows if I take the boat out when I turn on the main boat power and switches the small pump to auto and otherwise stops monitoring. But when the main power is back on, the pump will initially run every half hour and then every hour and then after about a day it will only be running once a day"
Though reading closer there are only two relays, and the author talks about controlling both the small pump and the fan with relays, and there is language around the large pump that while isn't conclusive, may indicate it is indeed on a separate float switch and system and the ESP32 is only involved in the monitoring of it.
> I have a large pump that only goes off if the small pump fails or the boat is trying to sink. If the float switch lifts, the monitor wakes up and sends an email alerting me.
Yeah, I automated some stuff out in our greenhouse, I ended up going with a PLC[1] which is a bit more robust and designed for reliability and industrial environments. They're very much like (expensive!) lego bricks that you can easily throw together + program.
The PLC sends me a mail each morning with how much water it used, the max temperature of the water pump(I repurposed a RV water pump with a PID PWM + SSR driven from the PLC) all running from a 24v solar system. They're very much designed to be in-the-loop on systems that need to be robust with pretty extensive error report/alarms and the like.
I've built a lot of control systems, and I've learned the hard way that switches and relays (including solid state) can fail. And they can fail in both the "off" and "on" positions.
It would probably be beneficial to monitor the status of the control outputs, to see if they actually agree with the inputs.
Also, of course the microcontroller and its code are points of failure like you say.
Just some clarification about my pumps. The large pump is indeed on a float switch and will operate independent of the monitor. The small pump is an auto pump that normally goes off every 2 1/2 minutes and senses when it is done pumping. I have modified the code so that the last thing that happens before sleep is the pump power is turned off so that if the software hangs, the pump will still operate in its normal auto mode. One reason to avoid having the pump always in auto mode is they fail after about 4 years. I am hoping that by only running it once a day that it will last longer. If the small pump does fail, the large one keeps the boat from sinking.
I am not sure if I specifically mentioned it in the article but this is a wood boat and it leaks. The pump will run about 25 seconds a day to remove the day's water. I have the sequence after running the engine because a hard sail can cause the leaking to increase until things swell back up.
There have also been several changes to make the monitor more robust since I wrote the article. One main one is that a lot of the sample code on the web for email monitoring has "while" loops. These need to have counters to exit if the WiFi is down for example.
I am a huge fan of feeding this kind of info into Home Assistant via MQTT. It’s a little convoluted since their data model is not what I expected it to be (each sensor has a device record, not the other way around), but overall I am able to read e.g. air quality measurements from around my house and create automations based on that.
I used to get various telemetry read outs via email in the mornings and while they are nice they still require me to remember to read an email and more importantly to notice that an email is missing. A more positive feedback system is more secure: send me an alarm notification when something is wrong the one day a year that it is, not 364 notifications a year that everything is right.
The issue with an alarm only when something is wrong, is that you don't know that your monitoring system is working until you actually get that notification. You could just check the system every day and avoid the 'heartbeat' email, but that's likely to be forgotten/missed more often than seeing/reading the received email.
You could set up a monitoring system for the monitoring system...
HASS has the ability to send you alerts when a device/sensor is considered to be offline (so you could definite it as it’s offline if it hasn’t sent you an update in 28 hours or some such). You can also set it up to send you regular notifications too. Or you could just have this data in the dashboard and check it once in a while. Nothing really prevents you from doing all this but also utilizing a tool like that to WUPHF.com you soon as there is an issue.
> You could set up a monitoring system for the monitoring system...
I'm considering this for a home automation system: a smaller, simpler device connected to the network, powered via battery (recharged from mains but surge protected) aka UPS, and able to send SMS messages via mobile network.
The idea is it's a heartbeat/monitoring system for the essentials:
- power cut/outage
- network down/outage
- main server down, or has some problem
Then I can get an SMS telling me something's wrong.
I have had a Lilygo T-Call [0] on my basement table all winter with the intention of building almost exactly this! (My idea was to use cellular instead of WiFi).
Thank you very much for the write-up!
Is email the best option? I had a bunch of small servers that I dutifully monitored via email, until email stopped sending for whatever reason. I now use MQTT via a bash script: very reliable.
Email not sending is a good problem - it means someting is broken and you gotta look into it.
Good thing about email is that it can be dismissed. It literally goes into an inbox where you are already looking at other things that need your attention - and then you can delete/archive when you see that everything is fine.
You can also do more complicated things on the receiving side of the email, with something like imapfilter (or just a thunderbird incoming mail rule on a desktop PC at your house), to auto sort alerts or notices of nominal condition into certain folders/subfolders.
One question on this, how exactly is this ESP32 email library implemented? Because I think negotiating a TLS1.2 connection, might be beyond the abilities of an ESP32.
You'd need your own 'friendly' email server that is expecting traffic from that specific IoT device, allowing outbound relay through it. One of the challenges of doing outbound SMTP from randomly located IoT devices is that due to weirdness of cellular or other uplinks, it might appear from a wide range of IPs.
Normally if I have some old weird monitoring device on a network that needs to send unauthenticated SMTP outbound for alerting, I can give postfix an ACL for its specific static /32, but that can't be a good solution for something like this...
Here's someone who knows enough about electronics to design using Eagle and write firmware yet feels it's an acceptable risk to have a custom exposed board in their bilge.
From a systems level critically relying on any of the following seems iffy in a marine environment where safety is key: wireless (unreliable; may be accidentally suddenly degraded by changes to outside environment), remote store and forward email notifications (unreliable and slow), single MCUs (due to SPOF), unsealed electronics in the bilge (extremely dangerous and often causes corrosion and loss of rudders), press-fit electronics (bad in marine environments, particularly near engines, due to vibration).
Nothing is in the bilge and nothing is unsealed. It is in a NMEA 4X/ IP67 box.
You are correct that all kind of things like WiFi, email servers, etc are unreliable. There is a ton of fault tolerant code in there now. Retries, exits to loops so they cannot hang. The ultimate backup is that if I don't get an email in the morning, something is wrong. That is why I send an email every day regardless of the conditions on the boat.
This is great. I will be on a mooring for the first time this year and it is very tempting to build something like this! But my boat will be close enough where I could almost look out my window to check on it. :)
Hey, if your boat is that close to you, skip the WiFi and send the daily report over marine VHF.
In fact, if you decouple the delivery method from the report generation, you can have have it running even while under sail and do periodic data collection and logging. If you get a Marine SSB radio, you could even collect the data while crossing an ocean!
How would you send a report over VHF? From what I understand the only digital bands are DSC and AIS and that is broadcast only, anyone can listen in.
SSB is not a set and forget communication. It's great for long distance communications but the operator has to be seriously fairly knowledgeable on how to make HF work. It's a 100W radio that can do some damage if used incorrectly.
Well no drain plug, but there's always the possibility of losing a thruhull, having the dripless seal fail, or something. But it really isn't any different than the slip, and we've been on there every prior season.
I'm not a boat person, so I have no first hand experience other than seeing a picture from a friend whose boat was half under water because the drain plug had corroded away.
He blamed it on galvanic corrosion from the boat being plugged into shore power with depleted anodes.
A quick google search shows that corroded drain plugs do happen from time to time. And the drain plug is just one of the through-hull fittings that can leak.
Came across this quote:
To quote BoatUS Insurance, “for every one boat that sinks underway, four sink at the dock” and “failed thru-hull fittings account for 50% of all sunken boats at the dock.
I never did understand why some sailboats have so many holes in the hull. This one for a drain, this one for an old-fashioned "paddle wheel" speedometer, this one for "inspection", good grief. A single drain hole through the transom makes sense for a planing hull that is regularly trailered or lifted, but not for anything with a massive lead keel. Before setting up a complicated monitoring system, boat owners should buy some plastic plugs for $10 per. That should really be a requirement on insurance contracts...
The author may want to consider using LORA as a backup for 3g/4g for connectivity as the use of jammers by thieves and burglars becomes more common as days pass.
Ttgo Esp32 module with LCD (or was that an OLED?) is my go-to solution for one-offs and quick prototypes. Previously it was stm32, but I found myself fiddling with inconsistent SDK (ST's HAL) and myriad of configuration options for peripherals a lot more than when using SDK. The screen is also useful for debugging info (what's the IP of this device? what is the current state of inputs/outputs?).
So far I've built controller for x-ray tube (turning AC on for required number of cycles), oil boiler consumption monitor, gate/garage door opener (to remotely open the gate for delivery courriers), remote power and monitoring for electrical boiler for sauna and some more.
I'm using the teensy for a bunch of keyboard projects and having a blast.
On the other hand, FPGAs have warped my sense of what is possible though. Allocating s corner of a chip to one role and having other areas do other tasks at the same time with no context switching (...because hardware) gets very addictive.
Brilliant work, my initial thoughts are that it might be significantly less work to patch/seal/address the leaks in the hull than to engineer, build, install, monitor the electronics for this. Is this not the case?
Depending on the vessel, leaks are part of the design. Seals always leak. Salt water is highly corrosive and will always "find a way." I own a smallish boat on the Gulf of Mexico with outboards (lacking the shaft seals that inboard boats have) and water STILL finds a way into the bilge. I have three pumps, one main and two redundant, just in the event one of my scupper seals goes, something/someone strikes my boat hard enough to puncture the hull below the water line, or one of my through-hull fittings (like raw water pump) develops a leak, while the boat is out in the Gulf or sitting at the marina.
Might seem like overkill where regular maintenance should be sufficient but you can never have too many redundancies to keep a boat afloat. Murphy's Law very much applies.
Something always leaks. If anything just the packings around the propeller shafts (though since this is a sailboat it may not have propeller shafts).
And there is maintenance. Even if you seal up all of the leaks, something will always degrade and start leaking. If you are away from the boat for weeks at a time, you may find your leak-free boat on the bottom of the harbor.
So yes, you could conceivably find and seal every single leak, especially if you don't have a rotating shaft that penetrates the hull, but it would not negate the need for monitoring.
https://99percentinvisible.org/episode/abandoned-ships/ just had an episode about ships where the crew is not able to get off for various reasons. One of them that I hadn't known was that if you leave before you get paid, you typically forfeit your pay.
Connection to your comment: there was a huge explosion in Beirut. There were safety issues with a ship loaded with fertilizer. The port offloaded the fertilizer and let the crew leave. One consequence was the terrible explosion. The other was that before that the ship sank. Big ships are described in the podcast as needing constant maintenance to keep them from sinking, which is one of the reasons ports are reluctant to let the crew leave.
It's a bit like saying "it's significantly less work to just fix the bugs than write unit tests".
There are always bugs (leaks) and potential for bugs (leaks), some effort in both directions is usually a better use of time (and in this case, money).
These are not exclusive propositions. You fix/patch/seal any leak you know of and can fix and set up a pump to deal with the rest. And then you monitor both to check that the pump still operates and the leak rate did not increase.
Leaks can be intermittent, and hard to resolve. I had a job driving effectively a water taxi one summer. One customer was working with one of the local boat yards to fix a recurring leak. They eventually ended up rigging up an audible alarm, probably using a float switch or something. I was given a phone number to call if I heard it ringing, or just call the yard on the radio. They eventually figured it out.
So, the novel idea is this, a bunch of kids from MIT or CalTech or where ever decide to bug yachts. They get unassuming jobs as deckhands and stewards to give themselves time to install devices like this DIY boat monitoring system along with microphones behind all the panelling around the yachts which are owned by CEOs of major companies. More or less, the device caches all the audio recordings and waits for the ship to enter a marina where it connects to wifi and sends the information home. They are looking for stock trading information, mostly. They are in the Caribbean maybe in St. Martin and overhear some nasty things by the Russian mafia. Someone made a mistake and they get caught. That's the beginning. The rest of the novel is a bunch of nerdy kids having to MacGyver their way out of the Caribbean while being chased by the most powerful and dangerous people on Earth.