[HN Gopher] Hacking a $200 Under Desk Exercise Bike
___________________________________________________________________
Hacking a $200 Under Desk Exercise Bike
Author : wvenable
Score : 154 points
Date : 2021-04-09 05:56 UTC (17 hours ago)
(HTM) web link (codaris.github.io)
(TXT) w3m dump (codaris.github.io)
| snarfy wrote:
| I have one. I don't like to use it. When I exercise my brain is
| way off in alpha wave territory. I found it harmful to actually
| getting work done. I go jogging or ride a bike instead.
| karmakaze wrote:
| I came to say something similar, but without the reasoning. I
| found that when I used a standing desk over a treadmill, the
| mechanics were alright as I type code (rather than mouse
| designs). The problem was in the thinking. The level of
| exercise increased bloodflow but didn't sync with the careful
| deep thought needed for working through complex/detailled
| situations.
| shubik22 wrote:
| Great article. One thing I'm curious about is the process for
| interpreting what the raw bytes in each packet mean. Is this just
| kind a trial and error thing? Are there different serialization
| formats you should look for? Thanks!
| wvenable wrote:
| Trial and error. You start with the assumption that the
| developers are working logically and that they will have chosen
| the simplest solution.
|
| A few of my initial assumptions turned out to be wrong. For
| example, since I did see some word (16bit) values I assumed all
| the values would be words. That's probably what I would have
| done. But that turned out to be incorrect once I started
| looking at the values (it's a mix of bytes and words).
| shubik22 wrote:
| Interesting, thanks for the reply!
| bluGill wrote:
| Mostly it is a matter of making one change to the inputs you
| control at a time and then seeing what changes. Trial and
| error, but there typically isn't a lot of error as you quickly
| see what inputs cause what changes and learn to ignore the
| other fields. Though if the protocol uses encryption you are
| probably screwed.
|
| If I wanted to figure out the fields he doesn't understand I'd
| rig up some sort of stepper motor/servo to the pedals so I can
| precisely control the input, and then start changing things. Go
| from 0 - 120 rpm in .5 rpm increments, with a change every 15
| seconds. Then go from 0 - 60 (or 90) rpm, but over many
| different accelerations.
|
| I used to work for a company that made automotive scan tools
| and we did this all the time with the automakers official scan
| tools. Even though the auto makers gave us a lot of
| documentation, what they did and what the docs say they do is
| different. (We even had a full time employee who worked at GM's
| offices with access to GM's source code and rights to pass on
| the algorithms used: and we still found it valuable to do the
| above to GM scan tools to work out what they really did)
| shubik22 wrote:
| Got it, changing the inputs is a really clever idea. Thanks
| for the explanation!
| PostThisTooFast wrote:
| Interesting that he started his investigation with an Android
| app, since Bluetooth on Android is known to be shit. I mean...
| it's shit everywhere, but especially on Android.
| jacquesm wrote:
| This was my take on a connected exercise bike:
|
| https://jacquesmattheij.com/trainification/
| cosmodisk wrote:
| Is it just me or the world gone a bit over the top trying to
| squeeze in a million things into any given second of our time?
| This Under Desk Exercise Bike is like a wearable chair to me:
|
| https://www.youtube.com/watch?app=desktop&v=Q1uCYK6wnjk
| yabudemada wrote:
| Clever idea and implementation! I think from a health standpoint,
| though, this is a false positive and it is probably better to go
| for an old fashioned _walk_; or to drop to the floor and do some
| yoga.
|
| For instance, sitting down too much is in itself detrimental to
| ones health (whether pedaling or not). E.g. prostate health,
| posture, etc.
|
| In contrast, a stationary bike or road bike, the rider can stand
| up and pedal fast, etc. There's a much broader range of motion
| which make the activity healthy!
| amelius wrote:
| > it is probably better to go for an old fashioned _walk_
|
| For cardiofitness you need to get your heartrate over a certain
| threshold. A walk won't do that.
| dundarious wrote:
| For longevity, AFAIK you don't need that degree of
| cardiofitness, and walking is sufficient. It's possible to
| reduce longevity through running too fast, for example.
| Cultures that have noted longevity are not known for having
| an exercise culture either, rather they are moderately active
| throughout/several times a day.
|
| Unfortunately I can't find my sources right now, so take that
| as just something some guy said on the Internet.
| randcraw wrote:
| Two guys. I've seen a lot of confirmation from medical
| researchers that moderate rate walking (easy to converse
| meanwhile) does provide some aerobic benefit as well as
| improve strength and balance. Faster walking (difficult to
| converse) delivers more aerobic benefit still, to the
| extent that for folks over 55, it's suggested that fast
| walking _is_ sufficient to get aerobic benefits.
|
| And if that's not enough, you can always speedwalk.
| novok wrote:
| Walking up hills is the gentle-to-the-body challenge
| increaser, and makes sense since even tribesmen of 50k
| years ago needed to walk up hills and mountains
| regularly.
| ska wrote:
| >A walk won't do that.
|
| It can if you choose it, for reasonable levels of cardio.
|
| If you are only going to do one thing (not advocating that!)
| you aren't going to be able to beat walking, especially on
| varying terrain.
| impendia wrote:
| I bought an under-desk bike near the beginning of lockdown and
| have run the odometer into the four figures. I highly recommend
| it to anyone.
|
| I definitely agree with you that it is no replacement for
| walking, yoga, or other active forms of exercise. But I have
| found it a great substitute for just _sitting_ while using a
| computer.
| yabudemada wrote:
| What about men's testicular/prostate health though? Bike
| seats are specially designed for cycling ergonomics; desk
| chairs are design for sitting upright in an ergonomic
| _stationary_ position.
|
| I say this because I had some prostate bruising (I recovered
| from that quickly doing yoga), but I attribute it to sitting
| too long; I don't even want to think what a pedaling motion
| in my chair would do down there! Granted, I have never
| pedaled in my chair so I accept that maybe it is fine--I'm
| just not willing to take the risk.
|
| Personally, I'd go more for a walking desk or something where
| the motion is natural, but the desired cardio effect is the
| same.
| impendia wrote:
| I haven't experienced, nor done anything to avoid, any sort
| of pain or injury like this. Maybe I'm just lucky?
| chaibiker wrote:
| Regular movement is key, and even switching between sit and stand
| every 30m is not enough. We are working on something along these
| lines by supporting more frequent useful movement, every 1-2m,
| without impacting typing with a smart robotic chair. Looking for
| early beta users in Silicon Valley and Boston for May-
| https://movably.typeform.com/to/y5NPOA2U
| joethescout wrote:
| Consistent movement without being distracted that saves me from
| back pain? Count me it! Already filled out the form!
| donretag wrote:
| Years (er, decades) ago, while in college, I was tasked with
| hooking up a primitive stationary bike with a virtual reality
| headset. The CRT monitor no longer worked for some reason, but
| the bicycle itself was still sending out signals, similar to the
| original story.
|
| The university was big into VR and graphics, and had developed a
| VR SDK and headgear. Hooking them up was a fun task since I got
| to work with C internals, connecting things at a lower level. It
| actually worked quite well.
|
| Today I work on systems that deal with large queries per second,
| but almost not as fun as getting your hands dirty with low-level
| bytes.
| josefresco wrote:
| Is it practical to do _fine_ mouse work while pedaling? Or is
| pedaling more something you do while checking email etc.? I know
| if someone so much as jiggles my desk I immediately notice.
| smithza wrote:
| Throw the mouse out and just use emacs!
| gumby wrote:
| As a bonus you get more fine hand exercise -- on both hands!
| TeMPOraL wrote:
| Be sure to remap Caps Lock to work as CTRL, or else you may
| overtrain your left pinkie.
| throwkeep wrote:
| Tempting. For those who have never used emacs or vim, how
| long would it take to get up to speed?
| smithza wrote:
| If you are seriously interested (which I highly recommend)
| _just throw yourself into it_. In the case of emacs, effort
| put in is directly correlated to efficiency gained. I was
| proficient in basic text /code editing in a few hours and
| incrementally tried to shoehorn most editing/scripting
| problems to be solved with emacs. There is an emacs
| wiki[0], the tutorial built into emacs[1], and a stack
| exchange network (mostly for questions related to emacs
| lisp which you will want to tinker in pretty soon after
| using the tool) [2].
|
| Just a note, emacs could be a full desktop experience,
| supporting reading/writing email, web browsing, document
| browsing (pdfs, html, etc.), picture viewing, text editing,
| automation guru, etc etc etc. Some caution against some of
| these features but I use it mainly for text editing and
| automation support. It has a very robust keyboard-macro-
| recording tool, for example.
|
| [0] https://www.emacswiki.org/ [1]
| https://www.emacswiki.org/emacs/EmacsTutorial [2]
| https://emacs.stackexchange.com/
|
| Additional reading
|
| [3]
| https://www.gnu.org/software/emacs/refcards/pdf/refcard.pdf
| [4] https://www.gnu.org/software/emacs
| karatinversion wrote:
| I've found the emacs manual to be superior to the emacs
| wiki pretty much always (three months into my emacs
| journey here), fwiw.
| chevill wrote:
| If you tried to continuously pedal probably not. However, I'm
| not familiar with this particular product but every exercise
| bike I've used you can just instantly stop for a second or two
| and then start back up. So if you intermittently needed to
| precisely click on things it would probably be fine. I'm not
| sure what type of work depends on continuous, precise mouse use
| other than maybe graphics or professional gaming. I'm sure
| there's others that I just haven't considered.
| Someone1234 wrote:
| No, but many people spend a great deal of time reading, and it
| is possible to do that while cycling.
| rzzzt wrote:
| Vertical scrolling could be bound to the direction of
| pedaling as well.
| wvenable wrote:
| I was quite surprised to find that I could code and type
| normally while pedaling. I did expect this to be for just
| checking email, etc.
|
| I don't think that you want to do fine mouse work at the same
| time as any physical activity.
| smithza wrote:
| Lastly, I very much did not want all my workout data locked away
| in this app.
|
| This is a great example to demonstrate the simplicity of modern
| "smart" products. I think of the Tim Berners-Lee next generation
| web product that never got off the runway: just of common and
| understandable interfaces for gleaning data from interconnected
| devices. The workout domain is a great candidate for
| standardizing data-types to pull health-related information into
| anyone's standard conforming health database. It should not
| require reverse-engineering like this to do.
| nradov wrote:
| The workout domain has already standardized on the FIT file
| format. Pretty much all fitness trackers and bike computers use
| it for recording activities. It isn't fully open but anyone can
| license the SDK.
|
| https://www.thisisant.com/developer
|
| There is free open source software like GoldenCheetah which can
| read those comes so you don't have to depend on proprietary
| online services.
|
| https://www.goldencheetah.org/
| marshmallow_12 wrote:
| the obvious problem is that exactly no one in the industry has
| ever devoted more that 3 brain cells and 5 seconds working out
| a universal standard to present their data. Stuff competitors!
| And why shouldn't they? They have minus zero interest in making
| life easier for their broader (and probably narrower also)
| consumer base.
| FpUser wrote:
| Actually there is ANT+ with profiles for everything under the
| sun and BLE with some profiles as well.
| TeMPOraL wrote:
| Nothing will change until interoperability and full end-user
| access to data become legally mandated. As it is, everyone
| has every incentive to prevent users from accessing the data,
| because the whole business model of IoT is about holding data
| hostage to extract ransom from the customer.
| Shmebulock wrote:
| If users care about that, they'll go to a vendor that gives
| them access to the data. No need to legally mandate
| anything.
| piva00 wrote:
| Sometimes users are dumb, sometimes users are
| manipulated. Data privacy is a discussion that's been
| slowly growing and now has been picked up by the general
| public in some places.
|
| There are some public policies that need incentives to go
| against the market, because market forces are not
| inherently good.
|
| Sometimes there is a need to legally mandate something,
| or are you also against environmental protection laws? By
| this logic, f people really care about the environment,
| would it solve itself then?
| TeMPOraL wrote:
| No, they won't, because of many reasons - it's a well-
| known market failure mode.
|
| Importantly, to pick just one of the reasons, you can't
| expect users to accurately judge complex technological
| product, especially when facing marketers who will lie to
| them. When you're shopping for food or medicine, you're
| not expected to understand biochemistry or technicalities
| of randomized control trials - you expect the things you
| buy to not poison you. Plenty of vendors would be happy
| to sell you literal poison - and they did, in the past -
| but we've regulated that possibility away. Similarly, for
| technology, some of the abuses need to be regulated away,
| because you can't expect regular people to avoid the
| traps, and the vendors to not be abusive without external
| pressure.
| wvenable wrote:
| There are _no_ vendors that do it; it 's in their best
| interest to keep data locked down. You can't vote with
| your wallet when your candidate isn't running.
| Y_Y wrote:
| Isn't my workout data covered under GDPR? Not that I'd
| bother trying to enforce it against the likes of Huawei.
| TeMPOraL wrote:
| That depends. It probably is, to some extent, but you
| either consented to this or it qualifies as essential to
| deliver the service. I suspect you could get it from the
| vendor by sending them a strongly worded letter, but a
| DSAR (data subject access request) isn't exactly an API
| call. GDPR cares about how your data is being collected
| and processed, not about interoperability. We need
| separate regulation to force service interoperability and
| a separation between hardware and services, so that they
| can be interchangeable.
| novok wrote:
| I've tried desk treadmills with a standing desk, bike desks which
| are designed for a laptop and under desk pedalers like this. I
| end up ditching them all in the end because the movement is
| distracting enough to not let me get into the zone. Whenever I
| need to focus on something I instinctually stop moving to 'free
| up' brain power to execute whatever I'm doing better, be it a
| computer game, writing or coding.
|
| Also you get more total workout by just going outside on a 30m
| walk, not to mention all the benefits of sunlight. Now I just do
| walks and explicit exercising vs. the fence sitting that is a
| treadmill walking desk.
| terry_y_comb wrote:
| "Free up" brain power: I turn off the radio when I need to
| focus driving on the road (e.g. traffic, rain, snow)
|
| It sounds absurds. But I think some may do the same.
| Darmody wrote:
| It is not absurd. There's a reason why people lower the
| volume to park their car.
| pacman83 wrote:
| My experience was the same. I ended up standing on a balance
| board at my stand-up desk. This strengthened my core and helped
| me to be more alert without actively distracting me.
|
| And yes, this should be a supplement and not a substitute for
| outdoor activity, normal cardio and strength training,
| stretching, etc.
| StavrosK wrote:
| A 30 meter walk doesn't even get me to the door!
| novok wrote:
| 30 minutes ;)
| fataliss wrote:
| Humble brag. In NYC it gets you around the block twice!
| Grazester wrote:
| What tiny block in NYC do you live?
| udhdhxnxn wrote:
| My employer won't let me get an under the desk bike. I was also
| scolded for doing pushups in my cube. Working out from home with
| tape on the webcam is great.
| FearlessNebula wrote:
| Wow, I would fire that employer
| secondcoming wrote:
| Are they noisy?
| RankingMember wrote:
| Damn, that's grounds to terminate that employer in my opinion.
| Jtsummers wrote:
| Seriously? Do they think that if you're not sitting and typing
| you're not working or something? Do they measure how long and
| often you take restroom breaks?
| throwkeep wrote:
| Scolded? What was their reasoning?
| lfowles wrote:
| Great writeup! I did something similar for the (much dumber)
| DeskCycle which has a simple odometer. Conveniently I was just
| able to plug it into Aux In and track pulses.
|
| https://github.com/lfowles/deskcycle
| slantyyz wrote:
| Nice Work!
|
| I have a MagneTrainer, which is made by the same manufacturer
| as the DeskCycle, and uses the same "trip computer" as the
| DeskCycle.
|
| When I bought the Magnetrainer years ago, they had some Windows
| games they could link to using the Aux connection, but the
| connection kit was overpriced, and the games that were
| available looked "meh".
| milkey_mouse wrote:
| Ah, that Segoe UI WPF app takes me back. I made so many little
| utility apps like that when I first got Visual Studio.
| WPF/WinForms is what I made my first GUI apps with, and first
| discovered why one shouldn't do blocking computations on the main
| thread...
| vosper wrote:
| I think cycling is the wrong motion for an under-desk exercise
| machine. I think it should be a very short vertical motion, just
| feet moving up-and-down, something you can do without disrupting
| your chair posture, or making the rest of your body move too
| much.
|
| Potentially you don't even lift your toes up, just raise and
| lower your heels with some kind of resistance.
|
| Maybe you wouldn't get much exercise this way, but I think
| getting a whole lot of exercise whilst trying to work at a
| computer just isn't really doable.
| slightwinder wrote:
| You mean a stepper?
|
| https://www.amazon.com/-/us/dp/B07NRCZHYJ/
| whoisburbansky wrote:
| Scanned the article to try and find this, but did anybody else
| notice the name/an Amazon link to the bike in question?
| Someone1234 wrote:
| I, too, was confused that this was missing, since it seems like
| a lot of the Bluetooth data will be brand specific, and they
| don't mention even the brand (let alone exact model).
| NicoJuicy wrote:
| Didn't see it, but an issue could be created on the github
| page
| wvenable wrote:
| The brand is Exerpeutic and the model is 7149 but it seems that
| model number is country specific (Canada).
| whoisburbansky wrote:
| Ah, thank you!
| fiftyacorn wrote:
| If your doing this sort of project your can get a head start
| integrating into golden cheetahs dashboard. I done it years ago
| with a Google map/turbo trainer as a project
| Grustaf wrote:
| > "my desk is actually the perfect height for peddling"
|
| Why is it so hard even for native speakers to spell the verb
| "pedal"? I mean it's spelled exactly like the noun, which most
| people seem to be able to spell properly.
|
| It's a genuine question, I see this all the time, maybe most of
| the time actually. It's strange because typically people tend to
| over-generalise, not the other way around.
| RankingMember wrote:
| Probably the same part of the brain fouling up that causes the
| loose/lose screwup we've all probably made.
| hoophoop wrote:
| As a non-native speaker I might make other grammatical errors
| but not the ones related to phonetics.
|
| Often I found more difficult to understand English written by
| native speakers than by others because of that.
| gumby wrote:
| "Peddle" is a legitimate homophone for "pedal". Some people
| hear the words while they read/write so make this class of
| mistake. Such errors always confuse me momentarily as I don't
| hear the words, but it doesn't make me think there's something
| wrong with the author.
|
| They can also come from autocorrect guessing, though probably
| not this case.
|
| (FWIW Reading poetry doesn't work for me and I have long
| assumed it is only a pleasure for people who hear the sound
| while reading).
| iso1631 wrote:
| > FWIW Reading poetry doesn't work for me
|
| How about Oxford poetry? Or Maidenhead?
| gumby wrote:
| I just don't hear sound when I read (in any language) so
| tools the poet uses such as meter, assonance etc are lost
| on me. Of course I can carefully read for sound but then
| I'm so busy doing that that I lose the thread of meaning.
|
| I can listen to poetry and musical lyrics, and there
| cadence and phonemic clues help with memory and recognition
| and can even be playful or fun (as intended!). I've never
| grokked how one could read that way though clearly many,
| and perhaps most, people do!
| Grustaf wrote:
| Read aloud! That's how poetry is supposed to be read.
| Hnaomyiph wrote:
| I'd imagine it's from lack of use in daily writing, combined
| with a lack of a ubiquitous context-aware spell checker. I make
| similar mistakes quite often
| Grustaf wrote:
| It's not just the seldom used gerund. People even write
| "peddle" for the present form.
| armagon wrote:
| I wish I could use a (Mac) desktop application to talk to my
| Fitbit. It looks like there was one years ago.
|
| (First and foremost, I'm at my computer all day long. If it has
| trouble syncing, I'm right there and not going anywhere. I hate
| having to find my phone and try to get the data synced just to
| see how well fitbit thinks I slept last night. Also, would be
| nice to access my data from my device without involving the
| cloud.)
| RHSeeger wrote:
| My wife bought me a new fitbit for Christmas (mine is getting
| old, frequently just loses it's charge, etc). It would not
| allow me to initialize it without syncing to my phone, which
| had to be running their app. I wound up returning it because I
| don't _want_ to run their app on my phone.
|
| I even looked into if it might be possible to work around the
| issue. Turns out, the fitbit, which is advertised as having a
| GPS, actually uses your phone's GPS. It has one of it's own,
| but it's apparently absolute garbage; it's inaccurate and it
| drains the battery extremely fast.
|
| I'm still using my barely functionalit fitbit charge 2.
| bluGill wrote:
| Pine64 is working on a smart watch. If you are a developer it
| might be worth hacking on.
|
| Just pointing this out for those in the same boat as you.
| Personally I hate things on my wrist and so I don't know if
| it is any good as I won't be using it anyway.
| judge2020 wrote:
| Unfortunately that's the price you pay to use most devices -
| they need accompanying proprietary software. There doesn't
| seem to be a big enough market for open-standard or open-
| protocol health/fitness tracking.
| RHSeeger wrote:
| But... it doesn't. I can look down at my old, not-phone-
| connected fitbit any time I want and see how many steps
| I've walked so far during the day. Or what my heart rate
| it. Or any number of other things.
|
| It doesn't _need_ the phone to be able to do that part of
| it's job. And I don't want the "challenge your friends to a
| walk-a-thon" junk that does use the app.
| nradov wrote:
| There is a semi-open standard and protocol for fitness
| tracking: the FIT file format and ANT+ for wireless
| networking. However most devices which support those
| standards like Garmin generally require the use of a
| proprietary mobile app for initial setup. Once you finish
| that you can uninstall the app.
| vagrantJin wrote:
| For some reason, I'm suddenly intrigued by the notion of building
| a device to exercise with while sitting.
| Sohcahtoa82 wrote:
| I interpreted the title to mean they exploited the bike and got
| code execution, similar to the guy who got code execution on a
| smart butt plug and presented at DEFCON 27 [0].
|
| [0] (Slightly NSFW) https://youtu.be/RnxcPeemHSc
| jrm4 wrote:
| Unless there's some sort of "resistance" thing; isn't something
| like this "hack in a weekend" easy with any stationary bike + Pi
| + camera or something? Just point it at the feet and record
| cycles?
| moioci wrote:
| picture looks like "Exerpeutic 900E Bluetooth Under Desk All User
| Height"
| wvenable wrote:
| That's close but that model has an elliptical pedal design. It
| wouldn't surprise me though if the Bluetooth connectivity was
| identical.
___________________________________________________________________
(page generated 2021-04-09 23:00 UTC)