[HN Gopher] WiFi without internet on a Southwest flight
___________________________________________________________________
WiFi without internet on a Southwest flight
Author : jamesbvaughan
Score : 1512 points
Date : 2023-09-28 15:42 UTC (1 days ago)
(HTM) web link (jamesbvaughan.com)
(TXT) w3m dump (jamesbvaughan.com)
| birdyrooster wrote:
| WiFi with internet if you use a DNS VPN, they are handy and cost
| you nothing to use
| pogue wrote:
| What browser or extension has Copy as cURL and all those other
| functions?
| idbehold wrote:
| Firefox
| system2 wrote:
| Inspect element (F12) > Network tab > when you refresh the
| screen check the header section to see the raw data. You can
| right click and copy curl or xor.
| jamesbvaughan wrote:
| All chromium-based browsers have it in the network tab of the
| dev tools
| [deleted]
| isodev wrote:
| Safari has it out of the box in the web inspector.
| alana314 wrote:
| chrome
| api wrote:
| Fun fact: ZeroTier works in most cases on in-flight wifi without
| logging in. I guess they usually allow UDP.
| TurkishPoptart wrote:
| Is this for connecting to a home device without paying for
| wifi?
| [deleted]
| javier_e06 wrote:
| Fun fact: I used to work for a company that provided equipment
| and services for satcom. The price tier and license for airborne
| communication was higher and we had software calculating the
| speed and if the speed went over 300 m/hr or alike it will check
| your license features and expiration date. If you forgot to pay
| your bill, no wifi for ya! We did not use altitude for obvious
| reasons.
| macinjosh wrote:
| Pretty sure all these hacks and tips for getting free Wi-Fi
| aren't actually very legal. Sure the chances of getting caught
| are small, but you are also stealing connectivity someone else
| paid for by spoofing their mac address. Something, something,
| mucking about with an airliner even if its just the wifi could
| probably be twisted into some sort of federal aviation offense
| too.
| SirMaster wrote:
| I want to see someone build a proxy that uses the free iMessage
| or WhatsApp allowed connection to send arbitrary data.
|
| Like have a WhatsApp relay set up at home that you are sending
| messages to and from, from the plane.
|
| Like at a most basic level, send a message of a URL to your home
| WhatsApp which loads the web page there, and sends the HTML back
| as a WhatApp message reply so you can render it etc.
|
| Wonder what someone could all do and make work.
|
| _edit_ Guess someone made a TCP relay using WhatApp already,
| neat.
| benced wrote:
| I believe this is the approach that Flighty
| (https://flightyapp.com/) uses to send flight updates while on
| non-paid Wifi.
| acwan93 wrote:
| Flighty leverages the Apple Push Notification Service (APN),
| which the iMessage infrastructure also uses. It's why you can
| receive notifications in flight but can't act on them.
| jiveturkey wrote:
| I've not read the EULA but why not just have an actual IP
| router?
|
| Pay the signup charge, and also stand up a wifi network. Call
| it "Foo discounted" if the plane's SSID is "Foo". Put up a
| captive portal that lets the user claim various "discounts",
| like veteran, senior, child, etc. No matter what they choose,
| charge them $2 via a payment page. Once you've been made whole
| on the service cost, future visitors get a notice that "all
| discounts have been claimed, please use Foo".
|
| Now you have free internet and all those using your
| router/portal have $2 internet. The upstream bandwidth is
| certainly atrocious so you will easily be able to multiplex all
| the data onto your connection.
|
| Bundle it into a RPi kind of device (has to look finished, like
| a music player or smth, to get past security) so that you can
| continue to operate the device even when tray tables have to go
| up, when you go to the bathroom, etc.
|
| I find it extremely doubtful that the airplane has WIPS or WIDS
| that will deassociate connections to your rogue wifi. And after
| all, are you not allowed to have a LAN party?
| youens wrote:
| I happened to have had a flight a day or two after the first
| beta of Apple's Private Relay a year or two ago. I was able to
| use free WiFi the entire flight. Presumably because whatever
| they whitelisted for iMessage and/or push notifications covered
| that as well. They had blocked it before my return flight days
| later. -\\_(tsu)_/-
| madeofpalk wrote:
| Huh. Maybe this explains why my "messaging only" wifi on
| Virgin Atlantic a few weeks ago gave me full, slow, internet
| access?
| jackconsidine wrote:
| I see you found that TCP relay- I've been dying to try it but
| I've heard of people successfully using it
|
| https://github.com/aleixrodriala/wa-tunnel
| ip26 wrote:
| Instead of _"wow, cool"_ my first reaction is _"free messaging
| is a great perk, if this is abused they will shut it down"_. I
| guess my hacker days are behind me.
| cromka wrote:
| Airlines already introduce free WiFi to everyone for free.
| JetBlue does it, Delta also does it for continental flights.
| Eventually all will, as there is more competition in the tech
| and prices drop.
| darknavi wrote:
| https://github.com/aleixrodriala/wa-tunnel
| vzqx wrote:
| I've noticed that airline wifi doesn't block DNS traffic. You
| can likely accomplish the same thing with a DNS tunnel like
| Iodine (https://github.com/yarrick/iodine).
| lazycouchpotato wrote:
| Many years ago, I noticed I could browse the Google Play
| Store on a flight WiFi without paying for it. No images would
| load and no apps would download, but I could browse through
| app listings and read reviews.
|
| Would this be related to DNS?
| owl57 wrote:
| Probably not. I bet something in Android didn't work
| properly until they whitelisted some Google domains -- for
| example, maybe it didn't detect the Internet connection
| when the user paid for it, or maybe something on the
| entertainment tablets broke (I don't know if they usually
| run Android or something else).
| bpye wrote:
| This seems likely. ~6 years ago on a Delta flight I
| noticed that I could use Google and view cached pages
| without paying for WiFi. I managed to catch up on the
| news on my flight...
| bombcar wrote:
| Sometimes they just redirect ALL DNS traffic to their little
| portal until you sign in/up.
| furyg3 wrote:
| Way back in the day a lot of authenticated wifi firewalls did
| enable DNS requests to pass through, or at least to resolve
| using their DNS server, without being authenticated.
|
| Someone smart created a TCP-over-DNS tunneling tool that I had
| a lot of great experience with, at least for more simple news
| websites of the day.
|
| https://analogbit.com/software/tcp-over-dns/
| cromka wrote:
| A more current alternative: https://github.com/yarrick/iodine
| ale42 wrote:
| Tried this on a flight 4 years ago -- I got to SSH into a
| machine and read my mails, it felt like I was connecting
| from a space ship... so funny but not actually usable to
| browse the web or do any actual work ;-)
| gregfjohnson wrote:
| This is why I love hacker news. I was sitting in the waiting area
| at Long Beach Airport about to board a Southwest flight when I
| read this article. Did the hack, it worked spectacularly. I
| didn't have jq installed, but whipped up a python script with
| 'import json', watched the data stream the whole flight. Thanks a
| million for posting this!
| munro wrote:
| I've always wanted to bring a lil router like a GL.iNet, pay for
| internet, then share it free for everyone on the plane hehe
| nunez wrote:
| This is how we get aircraft wifi with Meraki Air Marshall-like
| DDoS [0] for hotspots. Don't ruin it for us!
|
| [0] https://documentation.meraki.com/MR/Monitoring_and_Reportin
| g.... This basically detects any access points in a wireless
| network repeating a signal and automatically boots them. only
| works on 2.4GHz networks if I understand correctly.
| ilyt wrote:
| ... wouldn't that be a type of jamming and therefore illegal
| ?
| nunez wrote:
| Doesn't stop hotel chains from doing it
| mike_d wrote:
| I used to do this on long flights, but most in flight providers
| have stopped trying to identify and shape specific protocols
| and now limit bandwidth purely by client. If you get a few
| people on all at once it thinks you are streaming video and
| throttles you.
| josu wrote:
| Why not just use the hotspot on your phone?
| MostlyStable wrote:
| I believe that you can't both simultaneously provide wifi
| hotspot and use wifi internet (at least, I couldn't on a
| phone several years ago last time I tried it). I think you
| can only do that if the network the phone is using is
| accessed via the cellular modem.
| Eavolution wrote:
| I absolutely can, that's how I connect my ps4 to my uni
| accommodation internet as it's mschapv2 or smth the ps4
| can't connect to. I know it's definitely using the wifi and
| not my mobile data as my data usage for the day is
| unchanged after I've downloaded a game.
|
| Cheap Chinese android phone from 2020 (or maybe 2021 can't
| remember).
| Zigurd wrote:
| Depends on the phone OS and wifi chipset Some Pixel phones
| can do it last I checked, which was about a year ago. It's
| a fragile dependency. For example, a Samsung with the same
| wifi chip didn't work.
| pests wrote:
| That used to be the case but it has changed now. Probably
| depends on the phone broadband chipset used.
|
| These days you can passthru your WiFi or even a wired
| connection (via USB to a connected PC or a Ethernet-to-USB
| adapter) via a Hotspot.
| ikjasdlk2234 wrote:
| You can on Android, and have for some time IIRC. This is
| how I get free wifi on my computer by passing it through my
| T-Mobile phone.
| mbesto wrote:
| Correct. My GL-E750 Mudi has a repeater function:
|
| https://docs.gl-
| inet.com/router/en/3/setup/gl-e750/internet/...
|
| My iPhone does not.
| yread wrote:
| We messed around on a recent KLM flight and what's interesting is
| that you get a DNS prefix of klm.com in DHCP (or some ms
| extension of it). The gateway has a name of www that allows you
| to access www.klm.com even though no name servers are accessible
| so DNS shouldn't work.
| the_mitsuhiko wrote:
| I added flight status on airlines I fly into my shell prompt from
| the wifi status. It's surprisingly fun.
| https://x.com/mitsuhiko/status/866601971565944832?s=46&t=xvV...
| atourgates wrote:
| I'm an Alaska (relatively) frequent flyer. That airline offers a
| free "messaging" plan, that lets you send and receive messages on
| apps like iMessage, Facebook Messenger and Whatsapp. Though, it
| somehow prevents images/attachments from coming through on those
| platforms.
|
| I've always wondered how this is implemented technically, and if
| it might be possible to setup some kind of protocol/wrapper to
| send data that looks like it's being sent over those protocols,
| but offers access to other parts of the internet.
| kayson wrote:
| I can't seem to find it, but there was a blog post on HN a
| while back about how someone set up a proxy to browse Wikipedia
| by sending and receiving WhatsApp messages. I'm sure you could
| extend that to be a web proxy.
| technothrasher wrote:
| Many years ago, when hotels first started having and charging
| for WiFi connections, I wrote a simple little tunnel using the
| DNS port back to my server. Since the hotels didn't block that
| port or even bother to check what traffic was going over it, it
| worked like a charm.
|
| I tried it on a trip to Tokyo and immediately got completely
| blocked. It took me a few minutes to figure out they'd
| blacklisted my MAC address. I changed the MAC of that interface
| and then behaved.
| someotherperson wrote:
| Reminds me of using VPNs in hotels in China some years ago.
| Traffic would work for a few minutes and then the Great
| Firewall kicks in, fingerprints the traffic as VPN and the IP
| address and the MAC gets blocked. I'd rotate the endpoint and
| the MAC address and get a few more minutes, rinse and repeat.
|
| I think I had to use Shadowsocks or something at the end to
| completely bypass it.
| superkuh wrote:
| Shadowsocks(-libev) is great. I use it in the USA with
| Comcast to prevent their MITM attacks on HTTP connections.
| tuetuopay wrote:
| some options:
|
| - attachments are likely stored in a different part of the
| infra than raw messages (like on some s3 bucket somewhere), so
| it's pretty easy to allow the WA/iMessage/Signal/Messenger API
| while blocking their CDN through dns blocking, ip range
| blocking, sni inspection, etc.
|
| - they cut the tcp connection once more than e.g. 1MB has been
| transferred. it would result in slightly degraded user
| experience (the message tcp stream needs to be periodically
| reopened), and may not be foolproof is apps are smart and
| resume the download where it failed instead of from the start
|
| I lean for the first option as it's both the simplest and most
| foolproof option.
| [deleted]
| sixstringtheory wrote:
| Could always send base64 data strings!
| danielfoster wrote:
| I've also wondered why Grindr but not Tinder works on the
| "messaging only" plan. Someone at Alaska must have had fun with
| that one.
|
| Flightaware.com also works, presumably because Alaska uses
| Flightaware for its tracking map.
| noahtallen wrote:
| > Flightaware.com also works
|
| Unfortunately, I couldn't get it to load on my Alaskan flight
| a few days ago on the free messaging plan. Maybe they've
| changed it
| 0_____0 wrote:
| Grindr is a logistics app, Tinder is entertainment :p
| phantom784 wrote:
| I'd suspect it kills TCP connections once a threshold of data
| has been transferred, and the threshold is enough to let text
| through but not enough for attachments.
| grishka wrote:
| Good luck doing that against Telegram. It would simply
| reconnect and resume the download where it left off.
| miki123211 wrote:
| Do they allow Telegram?
|
| If so, that would be the easiest, Telegram has a really good
| bot API.
| Karrot_Kream wrote:
| Many do but some don't. I wrote an HTTP Proxy for Telegram
| and it works fine for those situations but is very slow. I
| prefer using an NNCP proxy I wrote because the protocol
| doesn't have online liveness requirements.
| justapassenger wrote:
| I don't think they have any sophisticated solution for sniffing
| traffic. It's most likely simple firewall + deals with
| Apple/Meta. Many airlines offer basic Wi-Fi for messages
| nowadays, so it's very likely that big tech developed solution
| for it (especially, as they have initiative to do that, so
| their apps can work).
| organsnyder wrote:
| United wifi is similar. I've found that notifications work for
| most things, including my Home Assistant instance--they must
| all use the same Apple push service.
| atourgates wrote:
| I noticed the same on Alaska flying last weekend.
|
| As soon as I activated the "Free Messaging" service, I got a
| bunch of notifications from my Apple Home and Google Nest
| devices.
| snazz wrote:
| Yes, APNs (Apple Push Notification service) has to be
| allowed for notifications to come through from messaging
| apps and the network operator can't tell whether it's an
| allowed messaging app or any other kind of notification.
| mcast wrote:
| The scale of Apple's notification service must be pretty
| large. Granted, most notifications don't have strong SLA
| guarantees but I don't remember it having any downtime
| either.
| Klonoar wrote:
| They don't really make guarantees about the reliability
| of push notifications (IIRC), so it's unlikely you'd see
| anything about downtime unless it was sustained for some
| time.
| SirMaster wrote:
| On iOS all notifications have to use Apple's Push service.
|
| And the WiFi essentially has to allow the Apple push
| notification system entirely in order for iMessage to work
| fully the way people expect.
|
| So it's really a side effect. But yeah for example with the
| free iMessage connection on Southwest, I can see all the
| notifications come in on Discord, but of course I cannot
| connect within the discord app to actually load all those
| messages. I can only read them as they come in as push
| notifications.
| Xeamek wrote:
| >On iOS all notifications have to use Apple's Push service.
|
| Have to? Isn't there an option to send 'offline'
| notification? I mean, coming from the app itself, rather
| then external callback? With that, app could ommit the
| official way of using Apple Push service, no?
| SirMaster wrote:
| Well, apps can only "run in the background" for up to 10
| minutes.
|
| So sure, an app can generate a notification popup itself,
| but it's pretty limited as it won't be able to generate a
| notification after being backgrounded for more than 10
| minutes.
|
| And the 10 minutes is also only if the app is designed to
| extend the duration as long as possible. Normally it
| would get cut off after 1 minute.
|
| So because of this it seems that in the vast, vast
| majority of cases apps choose to send their notifications
| from the Apple Push notification service.
| WirelessGigabit wrote:
| Yea but those mean the app has to be running. The main
| advantage of Apple's Push is that the app can be put to
| sleep and only wake up when you tap a notification.
| dheera wrote:
| IP-over-Facebook. So that's what the world has come to ...
| alexfoo wrote:
| https://news.ycombinator.com/item?id=33568994
| toast0 wrote:
| I used to work at WhatsApp (until the end of 2019) on many
| things, including special pricing (aka zero rating); we did not
| work with airlines, and would not have participated in a
| project where messages and attachments where treated
| differently.
|
| That said, technically there's two pretty easy ways to do it
| for WhatsApp traffic, and then there's the way I suspect
| they're doing it...
|
| a) chat runs on different ips than attachments; always has,
| most likely always will (other than some transitional HAProxy
| at the old hosting when nearly everything had been moved to the
| new hosting).
|
| b) WA chat is not HTTPS (or even TLS) and attachments are. Chat
| also cycles between different ports, so you could just block
| port 443 and be good.
|
| c) I actually suspect, based on poking around a little that
| it's mostly just killing connections that use a lot of data.
| Maybe in combination with some other things. Being on a plane
| doesn't really put me in a debug the network kind of mood, so I
| never got to the bottom of it, but I'd regularly be able to
| make short connections to my home network while on the
| messaging plan, at least when this stuff was new. OTOH, I think
| I recall being able to connect through the WA VPN while on a
| plane on the messaging plan, but that was when we had a
| publicly available, but not publicly linked list of IP
| addresses on our website; I have no doubt that DPI vendors had
| that list.
| dgellow wrote:
| > WA chat is not HTTPS (or even TLS)
|
| If you don't mind, could you expend on this? Are there
| specific reasons to not be using TLS?
| toast0 wrote:
| I should probably refer you to the encryption whitepaper
| [1], but the basics are that Chat uses the Noise Protocol
| rather than TLS. All things being equal, the security
| properties are about equivalent, however all things aren't
| equal. The Noise handshake is smaller than the TLS
| handshake, and Noise doesn't have extraneous features
| WhatsApp doesn't use. Additionally, at the time of Noise
| adoption, TLS lacked a means for 0-RTT data (now available
| with TLS 1.3 Early Data), which meant using TLS would have
| added at least one round trip; possibly two, depending on
| which TLS library used. [2] You _can_ use TLS without
| x.509, but it 's not very common; avoiding x.509 was a
| definite plus.
|
| I wasn't much involved in anything on the chat channel, and
| I didn't do any implementation work on Noise, but I did
| some later prototype work with it, and if I recall
| correctly, it had much simpler framing than TLS as well;
| although maybe that was mostly TLS options getting me down
| --- the SNI header has 9 bytes of overhead, 5 of which are
| lengths, Noise didn't have anything like that as I recall.
| Do you really two bytes of versioning on every application
| data packet, like TLS has? I'm not sure you really need a
| type indicator byte either, context says you're sending a
| handshake packet initially, and then application data after
| that, but I'm pretty rusty on this now, so maybe there's a
| justification.
|
| For users paying for internet by the byte, every byte
| counts. For users on networks with large delays, every
| round trip counts. For attachments, it's less critical (if
| your data access costs were high, you could configure
| attachments not to load) and that infrastructure was always
| built around http(s), so while there would have been an
| efficiency improvement to move that off https, it would be
| hard to justify the engineering time; especially post the
| move to FB infrastructure with its CDN that was easily
| configured for our attachments. OTOH, chat never ran on
| TLS, so adopting Noise vs adopting TLS was a choice we
| could consider, and we picked the best solution for us.
| Unfortunately, it's pretty easy to identify Noise vs TLS
| --- OTOH, the service IPs are already identifiable, so a
| little more blending on the protocol level wouldn't help
| much.
|
| [1] https://www.whatsapp.com/security/WhatsApp-Security-
| Whitepap...
|
| [2] Also using system TLS libraries is fraught with peril.
| It's fine, but not super great, for http, but using it for
| a custom binary protocol is going to be terrible. You'll
| need to debug all of the edge cases that the system https
| library doesn't hit, and will then have to craft
| workarounds that just work, even if you can't reliably
| identify the underlying versions because Android OEMs do
| weird stuff.
| dgellow wrote:
| Thanks for the answer, I didn't expect that much details!
| jedberg wrote:
| We didn't use TLS at Netflix either, and instead used our
| own encryption protocol that ran on top of HTTP. We could
| do this because we controlled the clients too.
|
| The why was because of trust store issues. Every device has
| its own built in trust store, and especially on devices
| like TVs and DVD players, they couldn't be updated. After
| looking at all the devices we supported, there was no
| common certificate signer amongst all of them.
|
| This meant that we would either have to get multiple SSL
| certs signed by different parties (some of which weren't
| all that secure) and present the right one depending on
| your device type, or we could just roll our own over HTTP.
| So we chose the latter.
| eadmund wrote:
| This discussion is another great example of why HTTP
| without TLS can be just fine, even desirable.
| toast0 wrote:
| Yeah, at WA we didn't have too much of a problem with
| trust store issues; although we did do extensive testing
| when we switched CAs. We did have to deal with the end of
| SHA1 certs though, I think we were able to get all of our
| clients to use sha2, but some of the platform browsers
| couldn't; and then we had to fiddle with our TLS server
| to send sha2 certs to some clients and sha1 certs to
| others.
|
| Of course, there's not really very useful client
| identification in the TLS Hello, so you have to kind of
| guess who needs what. If we had to use different CAs for
| different clients, it would have gotten a lot harder,
| because it's not like we could rely on clients filling
| out SNI either. So then you need to get more ips for each
| service. I do recall needing to do that a little, but we
| only needed a single 'legacy' group that was useful for
| everything that couldn't manage the modern certs.
| Sohcahtoa82 wrote:
| > Every device has its own built in trust store, and
| especially on devices like TVs and DVD players, they
| couldn't be updated.
|
| Was creating your own certificate authority and pinning
| it in the app not an option?
| toast0 wrote:
| Bringing your own trust store to system https libraries
| is not often supported. Especially when you get into
| kinds of embedded environments Netflix supports. You also
| might not have the capability to bring your own TLS
| library either. If it's a limited environment, you might
| only get reasonable performance if you use the system
| ciphers, and they may not be exposed as primitives, and
| x.509 parsing takes up a lot of code space in the likely
| event that you've got limitations there too.
| jedberg wrote:
| In most environments you have to use the built in
| libraries for network connectivity, so you have to use
| their trust stores. Also space is very limited for the
| client, so you can't just put everything into it.
| waiwai933 wrote:
| Our solution for the same problem was to just have
| different subdomains for each cert signer (and make sure
| we ship the right base URL for each manufacturer's app),
| so we didn't need to do any clever device-sniffing at the
| SSL termination point. I think rolling our own encryption
| sounds much scarier, but equally we weren't running at
| Netflix scale.
| [deleted]
| blapp wrote:
| It's based on the Noise Protocol Framework in the outermost
| layer, which encrypts a compressed XMPP stream. The end-to-
| end encryption is done within various XMPP message payloads
| using the Signal Protocol, which encrypts message data
| serialized using Protocol Buffers, with different formats
| depending on the message type (text, image, video, sticker,
| etc).
| [deleted]
| dannyfritz07 wrote:
| Google Voice always works for me too FYI.
| gouggoug wrote:
| I've been wondering the same.
|
| I wonder if they just do some rudimentary packet inspection and
| drop packets above a certain size. My thinking being that short
| text messages result in very small packets, while large images
| will result in many large packets. Dropping large packets is
| most likely OK. I'd need to test this hypothesis by sending a
| very large text message (resulting in many large packets)
| teeray wrote:
| Time to implement IP over FB Messenger
| falcor84 wrote:
| Absolutely. And I'll just put this here for anyone who's
| looking for inspiration:
|
| https://www.rfc-editor.org/rfc/rfc2549
| c7DJTLrn wrote:
| You could try iodine, which is an IP-over-DNS tunnel. This
| should work unless the gateway has very restrictive rules on
| where DNS traffic can go.
|
| https://github.com/yarrick/iodine
| jedberg wrote:
| Most captive portals have gotten wise to this trick and block
| large DNS requests.
| roygbiv2 wrote:
| Yeah I recently found this out. It never really did work
| that well, I did manage to telnet into an SMTP server and
| manually send an email but for anything else it struggled.
|
| I wonder if TCP over ICMP would work better.
| TRiG_Ireland wrote:
| I've come across wifi zones which allow normal web browsing,
| WhatsApp messaging (including pictures), but not WhatsApp
| calls. I saw it first in Hollyhead Port while waiting for a
| ferry. WhatsApp threw up an error message saying that calls
| were disallowed by the wifi network.
| aabhay wrote:
| So so surprised that nobody has found out the hack for free
| wifi on alaska flights. (At risk of losing awesome free wifi)
|
| 1. Open browser with iOS user agent and ios sized h/w. 2. Click
| on t-mobile free wifi link 3. Enter _any_ t mobile number you
| may know.
| dag11 wrote:
| Hi fellow Alaska frequent flier.
|
| So about that! There's this iOS app called Flightly that does a
| brilliant little hack where the app updates itself in (almost)
| real time on the "free messaging" plan. The way it works
| (according to a friend) is that their servers send your phone a
| push notification every couple of minutes from take-off until
| landing, containing some serialized info such as
| lat,long,alt,eta,etc. And then the app immediately swallows the
| notification and deserializes its content without you ever
| seeing it. The notification works because in order for Alaska
| to give you notifications at all for your messaging apps, it
| needs to give you access to _all_ push notifications as they
| all get sent over an encrypted connected through Apple's server
| and it can't pick and choose which apps' notifications it lets
| through.
|
| I've often wondered if it'd be possible to pipe any sort of
| internet over notifications but I'm not sure if e.g. inline
| responses are viable, and also that'd probably be heavy enough
| usage of push notifications I'm sure it's violate someone's
| TOS.
| madeofpalk wrote:
| It works not because Alaska wants to give you notifications
| for your messages, but because iMessage literally is
| transported over APNS.
| el_benhameen wrote:
| I've always wondered why I get slack and email notifications
| when I'm on a Southwest flight with free messaging without
| paying for wifi. You've finally solved my mystery!
| xeromal wrote:
| This reminds me of a web browser years ago that would use MMS
| to transfer web pages to the user without using internet
| service. This was in the early days. I think it was a Java
| app for the Motorola razor IIRC
| lupire wrote:
| Does that work on Android? I've never seen a non-authorized
| notification in a Chat or Mail app on a flight.
| keanebean86 wrote:
| I had an idea to use Facebook messanger as a proxy.
| Specifically to use the cheap messaging plan on a cruise ship
| for real internet access. My home computer would be a gateway
| that monitors fb and fetches/returns websites. I never even
| tried because it just sounds like a violation of multiple
| ToSes. Not to mention message size limitations, throttling,
| my fb messages being pages of encoded text, etc.
|
| I feel like it would need to work like Opera mini to maybe be
| usable. Even then interactions would be uncomfortably slow.
|
| https://en.m.wikipedia.org/wiki/Opera_Mini
| ddalex wrote:
| Check out https://github.com/aleixrodriala/wa-tunnel tunnel
| over whatsapp
| interestica wrote:
| > There's this iOS app called Flightly
|
| I guess it's Flighty (https://apps.apple.com/us/app/flighty-
| live-flight-tracker/id...)
|
| I love that people are into this. In the days before iPhones,
| I had "Microsoft Streets and Trips" + a USB GPS unit +
| Laptop. It was fun having it on a flight and seeing movement
| data in realtime. It was less fun answering questions from
| people who thought looking at the GPS data was somehow
| nefarious.
| zikduruqe wrote:
| I used to do that also.
|
| Way before cellphones, I'd bring my 2m radio on the plane
| and make contacts on simplex. That was fun to throw your
| callsign out and say "aeronautical mobile".
| kawfey wrote:
| I still sneak in an HT to listen to VHF/UHF ham radio and
| airband. One flight, we were experiencing moderate
| turbulence and didn't get our drinks/snacks. The captain
| announced "we're asking for clearance to help us get to a
| smoother altitude..." meanwhile did nothing of the sort
| on the actual radio. Lol.
| cromka wrote:
| They use text for communication, too.
| geostupid wrote:
| Ha! I've used a high-end GPS to see my location and other
| fun facts in flight. I learned to keep it in my pocket as
| despite my attempts to explain it was only a receiver, I
| was told by the flight attendant to "PUT IT AWAY." Not
| being one to push back as to be removed for that flight, I
| did just that.
|
| Streets and Trips was fun on a laptop for long car drives
| as you could live reroute in the car much like any old app
| can do these days but seemed somehow magical back then.
| joezydeco wrote:
| FAs can be really strange about that kind of stuff, not
| just out of ignorance.
|
| My kid liked to suction cup his GoPro to the window to
| take a time lapse movie of the flight and one FA told him
| he had to take it off the window because he was, and I
| quote: "modifying the structure of the aircraft and
| that's not FAA-approved".
| wolverine876 wrote:
| I would guess that the flight attendant is doing their
| job. They do not have the authority or expertise to risk
| the airplane based on their own analysis, or based on
| some random passenger's explanation. The clearly correct
| solution is to remove the device and then there is no
| risk to the plane. I expect they are strictly required to
| respond that way and have no leeway.
| buildsjets wrote:
| There has been a lot of debate in the aviation
| maintenance community regarding the legality of attaching
| gopros etc. to aircraft with suction cups. Someone
| eventually wrote to the FAA chief counsel and asked.
|
| "Another consideration, in the case of this type of
| equipment, is the applicability of the term "alteration".
| FAA Order 8110.3 7E, defines an alteration as "a
| modification of an aircraft from one sound state to
| another sound state". The use of suction cups, or other
| temporary methods of attachment (not including permanent
| mechanical attachments to the aircraft), would not be
| considered a modification to the aircraft."
|
| https://mypilotpro.com/wp-content/uploads/2020/05/FAA-
| Camera...
|
| But still, the aircraft is the the airline's property,
| not yours. If they tell you not do something to it, you
| don't get a choice in the matter.
| interestica wrote:
| > installation of external mounts
|
| That memo is about attaching it externally. Attaching it
| to an internal window is probably a non-issue.
|
| I once had a security agent ask me to prove a GoPro was a
| camera because they didn't understand how there could be
| no screen or viewfinder. It was most frustrating because
| this was an area where they would have encountered it
| many times (lots of scuba divers).
| edrxty wrote:
| Had this happen to me with some duct tape and a
| malfunctioning strobing light next to me on a red-eye.
| I'm an aircraft builder but she didn't want to hear my
| explanation about how TSOs and the FARs work. I just
| waited until they stopped paying attention.
| bunabhucan wrote:
| Probably just didn't want kid spit on the window.
| dgellow wrote:
| Really hoping someone implements this, it's the funniest
| project idea I've seen in a while :)
| adrr wrote:
| Push notifications have background notifications that are
| used to update apps while they aren't loaded. We used them
| update our catalog/home screen on shopping app, its makes the
| app feel much more responsive when they open the app and
| content instantly appears instead of waiting for some API
| calls.
|
| https://developer.apple.com/documentation/usernotifications/.
| ..
| hackernewds wrote:
| so why would I use this Flightly app? seems it delivers
| messages all the same?
| amalcon wrote:
| This reminds me of the old tools that tunnel more or less
| whatever over DNS. I.e. behind the scenes, the tool would
| look up "base64encodedpacket.domainyoucontrol.example.com",
| and it would respond with encoded data going the other way.
| This is because captive portal WiFi often permitted DNS to
| pass through unimpeded, for various reasons.
|
| I always appreciated the hack, even though I could never
| bring myself to use it due to the obvious cache pollution
| problem on the various DNS servers.
| fragmede wrote:
| Also Internet over ICMP, for when captive portals used to
| let those through.
| godelski wrote:
| On my recent United flight, where they had the same policy I
| was sending image messages to friends through Signal. But it
| was rather slow, so my best guess is rate limiting.
| hot_gril wrote:
| I always assumed they have a whitelist of
| iMessage/Whatsapp/whatever IP addresses. It doesn't seem to
| work for all messaging apps in general.
| gsich wrote:
| SNI or IP lists.
| aantix wrote:
| Hussein Nasser covered this. His videos are great.
|
| How Airline WIFI allows Texting but not Media in
| WhatsApp/iMessage
|
| https://www.youtube.com/watch?v=AYSxxO2yZp8
| matsemann wrote:
| How does that fly (pun intended) with regards to net
| neutrality?
|
| Where I live, some mobile operators gave you "unlimited
| streaming" in their data plan, but only for certain popular
| services (spotify, youtube, netflix basically). Since this
| would make it harder for others to disrupt the big ones, it was
| quickly forbidden.
| mdasen wrote:
| In the US (I believe) Net Neutrality basically died. Even
| before that, it was allowed to zero-rate categories of apps
| (like messaging). That might be coming back now that the FCC
| has 5 commissioners again and can reinstate Net Neutrality.
|
| However, even with reasonably strict neutrality, this is
| still possible. Many mobile carriers zero-rated streaming
| services here, but unlike your operators they'd do it for any
| streaming service. It was pretty easy for any streaming
| provider to sign up. They'd basically give the operator the
| IP ranges they'd be streaming from and the operator would
| just zero-rate data to those IP ranges (and they'd usually
| apply bandwidth throttling to around 1.5Mbps so that you'd
| only get 480-720p video). The key is simply not
| discriminating between providers within a category.
| dehrmann wrote:
| This is the situation where net neutrality falls over
| because there's very often more demand, even at 1.5Mbps for
| a stream, than an airplane's link can provide.
| haswell wrote:
| Airlines, coffee shops and similar entities providing
| Internet as an ancillary service were not subject to
| these rules when they were in effect.
|
| The rules primarily target ISPs selling directly to
| customers.
| dehrmann wrote:
| It also fails for mobile data and large crowds. Try
| checking your email at a concert.
| RulerOf wrote:
| I always enable my 5G when I get into big crowds and it
| usually fixes that problem, assuming service is
| available.
|
| I usually keep it off otherwise though because average
| bandwidth tends to be better on LTE in my experience.
| Dylan16807 wrote:
| On an airplane in particular, you can set the limit lower
| for everything, and that doesn't violate neutrality.
| MostlyStable wrote:
| So many people seem to think that Net Neutrality
| disallowed _any_ kind of network management, when it
| simply disallowed service provider level preference. You
| can, under net neutrality, throttle _all_ video content,
| if you want to, you just can't only throttle YouTube and
| not Netflix (for example.
| haswell wrote:
| When the rules were still active, net neutrality did not
| apply to coffee shops, airlines, etc.
|
| > _52. Finally, we decline to apply our rules directly to
| coffee shops, bookstores, airlines, and other entities when
| they acquire Internet service from a broadband provider to
| enable their patrons to access the Internet from their
| establishments (we refer to these entities as "premise
| operators"). These services are typically offered by the
| premise operator as an ancillary benefit to patrons ...
| Although broadband providers that offer such services are
| subject to open Internet rules, we note that addressing
| traffic unwanted by a premise operator is a legitimate
| network management purpose._ [0]
|
| It seems like a reasonable distinction: if you're letting
| someone else use your Internet connection, it's your
| prerogative to block things that you don't want on your
| network.
|
| - [0]
| https://docs.fcc.gov/public/attachments/FCC-10-201A1.pdf
| (page 31)
| HWR_14 wrote:
| Other people have suggested it's done by limiting the size of
| the data transmitted to make the connection only useful to
| text messages, possibly resetting the connection regularly.
| If so, it would in fact comply with both the principles of
| net neutrality and any laws I know of. You could create
| matsemann's text service as long as it also used small
| amounts of data it guessed could only be used for text.
| hot_gril wrote:
| Is net neutrality even law anymore? T-Mobile has had Binge on
| for a long time, which zero-rates certain video streaming
| services. And part of that was even under the old net
| neutrality laws.
| burkaman wrote:
| Net neutrality is the law in California, but T-Mobile says
| Binge On is ok because any video streaming service can
| participate for free. It sounds reasonable to me and
| apparently the California regulators are fine with it.
| hot_gril wrote:
| I'm fine with it, but that also clearly violates net
| neutrality, so it doesn't seem to be the law here.
| burkaman wrote:
| Here's the California law: https://en.wikipedia.org/wiki/
| California_Internet_Consumer_P.... T-Mobile Binge On is
| zero-rating. T-Mobile's claim is that they aren't getting
| paid for it, and that any video provider can participate,
| so they aren't only zero-rating "some content in a
| category". It sounds like that second part isn't true, so
| they are probably violating the law but nobody is being
| harmed so nobody has sued.
|
| I agree that allowing any form of zero-rating is not full
| net neutrality because it isn't treating all packets the
| same, but I don't think it's fair to say that therefore
| there is no net neutrality in California. It's a very
| strong and effective law and gets like 95% of the way to
| full "dumb pipe" net neutrality.
| bombcar wrote:
| Some states implemented their own versions of net
| neutrality.
| hot_gril wrote:
| Gotta disable in-flight messaging while flying over
| certain states ;)
| technothrasher wrote:
| No, but the now Democratic majority at the FCC is currently
| actively trying to bring it back.
| toast0 wrote:
| Binge On doesn't fall under strict net neutrality, but they
| are at least publicly open to all lawful and licensed
| content audio/video providers, and the technical
| requirements are not very high. I don't know what the
| actual onboarding process is like, but they've got a lot of
| providers signed up...
| hot_gril wrote:
| https://www.t-mobile.com/tv-streaming/binge-on/apps-
| list.htm... doesn't list all that many providers if we're
| talking about all video streaming services worldwide. I
| notice a large one under the gaming category missing,
| Twitch.
| toast0 wrote:
| I think they've got to be licensed for US customers, or
| T-Mobile USA isn't going to include them. Twitch does
| seem to be a notable missing provider; Amazon video is on
| the program though, so maybe there's some technical or
| product thing on Twitch's side.
| hot_gril wrote:
| Even US-only. Broadcast networks category is especially
| slim. They've anticipated this kind of scrutiny and claim
| no money is exchanged, but idk. Someone should try adding
| a random obscure service.
| RandallBrown wrote:
| Probably 10-15 years ago when wifi on airlines was still pretty
| brand new I remember a fun hack for free Internet that involved
| Google Translate.
|
| Because the wifi landing pages used Google Analytics, they
| allowed traffic through from many of the Google domains. You
| could then go to Google translate and translate the website
| from English to English and use it as sort of a proxy server to
| get free Internet.
| smegger001 wrote:
| You could probably have used googels cache to read arbitrary
| pages as well.
| noman-land wrote:
| This hack often works today to get around paywalls.
| spike021 wrote:
| I'll probably show my age, but around 15 years ago I was in
| high school and they blocked most websites as well. This
| "hack" using Google Translate was how some of us got around
| the blocklist for many things. It was nice because it didn't
| involve having to install anything special or try to change
| configurations that were probably monitored by library/school
| admin.
| demondemidi wrote:
| This is just the raw data from the in-flight GUI. Is that it?
| What am I missing?
| teacpde wrote:
| Nothing, I believe this gets the upvotes simply because it is
| fun.
| demondemidi wrote:
| Good point: I upvoted it! :)
| warkdarrior wrote:
| > I didn't know what I'd do with the data at this point, but I
| started collecting it right away so that I'd have as much as
| possible to play with later.
|
| And people complain that everything everywhere collects data on
| everyone.
| mulmen wrote:
| The complaint is collecting data on _others_. Specifically the
| complaint is on others collecting data on _me_.
| cph123 wrote:
| I did something similar on an easyJet flight, I wrote a little
| Python script to save the altitude and speed data from the free
| WiFi. They have a cool 3D WebGL rendering of the plane in the air
| like Flight Simulator, but the satellite imagery was really low
| res.
| ejcx wrote:
| I have a similar program I run that does this stuff for United
| flights: https://github.com/ejcx/uwc/blob/master/uwc.go
|
| The code is horrendous but it has worked for years and I guess
| when I wrote it originally I didn't want to use a go struct for
| some reason?
| flemhans wrote:
| I remember the days when I poked around like that too, and go to
| 128.65.70.1 and find the Hughes admin interface for the satellite
| link itself.
| pperi11 wrote:
| I remember when buying wifi on a plane was sooooo forbidden by my
| parents. Now i literally buy wifi on every flight lol
| alexellisuk wrote:
| What did you use to create your graphics?
| jamesbvaughan wrote:
| I used chart.js [0], but I don't necessarily endorse it - it's
| just what I knew how to use quickly. I usually try to keep my
| posts free from javascript, and could have used a different
| tool that gives me SVG data or images.
|
| You can see the code that's generating these charts here:
| https://github.com/jamesbvaughan/jamesbvaughan.com/blob/main...
|
| [0] https://www.chartjs.org/
| alexellisuk wrote:
| Thanks
| tempestn wrote:
| Anyone else halfway through reading, already thinking this would
| be a great way to end up on a TSA watchlist?
| punnerud wrote:
| Nice trick with the watch to download periodic: watch -n 30 "curl
| https://getconnected.southwestwifi.com/current.json | jq -c >>
| flight-logs"
|
| I often use crontab, but this looks easier for testing. Thanks.
| jamesbvaughan wrote:
| Yeah, if this were something that I wanted to leave running for
| more than the duration of a flight, I'd reach for cron, but a
| bash one-liner was perfect for this use-case!
| benbristow wrote:
| I've done something similar on trains in the UK before,
| specifically LNER (was Virgin Trains East Coast at the time but
| don't think the Wi-Fi solution has changed) trains. The icomera
| captive portal has an endpoint which returns the GPS coordinates
| of the train along with the speed. And some other endpoints for
| next stops etc.
|
| Once made a little React app that showed the train on a Leaflet
| map. Was a good waste of a few hours.
| billy99k wrote:
| I just took two delta flights in the US. The first had free Wifi
| through Tmobile. It marginally worked. It was just fast enough to
| view low-intensity websites and I was able to connect to my linux
| servers back home.
| allarm wrote:
| Read this post while traveling on an ICE train. I decided to see
| if there was something similar in DB WiFi - and it turns out you
| can get two json files with current trip data. Here's a graph of
| the train speed for the last hour of my trip:
| km/h ice train speed 160
| +----------------------------------------------------------------
| ------------+ | + + +
| + + ** + | |*
| ** | 140 |*+
| ** +-| |*
| ** | |*
| ** | 120 |*+
| ** +-| | *
| * * | | *
| * * | 100 |-*
| * * +-| | *
| * * * | 80 |-*
| ** ** * ** +-| | *
| ** *** * * | | *
| ** * ** | 60 |-+* *
| ** * ** +-| | * **** *
| ** * ** | | * * * *
| * * * | 40 |-+ ****** * ****
| ** * * +-| | ***** * ****
| * ** | | * * *
| * ** | 20 |-+ * * *
| * ** +-| | * * *
| * ** | | + * * * +
| + + *+ * + | 0 +-----
| -----------------------------------------------------------------
| ------+ 0 50 100 150
| 200 250 300 350
| count
| userbinator wrote:
| I was expecting an article about a LAN party aboard a flight.
| ingen0s wrote:
| fun!
| notmysql_ wrote:
| Thats funny, I discovered the same thing a few months ago and
| built a CLI flight tracker[1] that uses the API. I've tried it
| across a couple of airlines and it worked almost perfectly across
| all of them, because they were all using the same in flight ISP.
|
| [1]: https://github.com/NalinPlad/OuterFlightTracker
| jamesbvaughan wrote:
| That's cool! I had wanted to make something similar, but I
| didn't have enough experience with making TUIs to build it
| without using the internet for reference during the flight. I'm
| glad to that it's been done though!
| notmysql_ wrote:
| Yeah, I was on a long flight home from a hackathon with some
| fellow programmers so it was fun to work on it together
| gs17 wrote:
| Glad someone looked into the flight tracker, I was always curious
| how real the data in it is.
|
| Although it doesn't answer my curiosity about how they manage to
| mess it up occasionally. I've had flight data from different
| flights pop up a few times on Southwest, which is never
| reassuring to see.
| grepfru_it wrote:
| If it's the panasonic inflight system, it receives flight data
| from the FMS. If the system does not receive flight data from
| the FMS then it will not be up to date. Your browser could also
| be retrieving old cached content.
|
| Basically there is nothing about this system to assure you,
| it's entirely a secondary data-delayed system that is not
| critical to flight operations and as such can be INOP at
| anytime and no one will care.
| flutas wrote:
| I honestly miss having to debug the racks at pana. But there
| were so many "what" level bugs with the systems.
|
| I remember DRM breaking multiple times for the IFE because
| they assigned the same IP to multiple devices.
| grepfru_it wrote:
| Worked on redboot, so i was probably the person you were
| cursing out
| [deleted]
| mulmen wrote:
| Based on the current top comment those IPs may not have
| been _assigned_.
|
| https://news.ycombinator.com/item?id=37693293
| gs17 wrote:
| > Your browser could also be retrieving old cached content.
|
| No, these are flights I couldn't physically have been on.
| Sometimes it _is_ old content, but it 's for the flight the
| plane took previously and doesn't update.
|
| Here's an example of it happening to someone else:
| https://community.southwest.com/t5/Inflight-
| Experience/Fligh...
| grepfru_it wrote:
| Also the FMS may not be programmed until right before the
| plane takes off. The flight plan is filed with ATC but not
| programmed into the plane yet and that is sometimes done
| during taxiing, esp if the pilot is an air cowboy/behind
| schedule.
| luc_ wrote:
| this is such a wholesome nerd post. i love it.
| justinclift wrote:
| In this fragment here: // This looks like
| info about the system's satellite internet connection.
| "sat_commlink_portal": { // The connection is okay!
| "status": "conn_ok", // I'm not sure what this time
| is. // It hasn't changed at all. "time":
| "Sun Sep 24 22:02:19 2023"
|
| The "time" field could be the timestamp of when the status field
| last changed. That's the most obvious thought anyway. :)
| pjot wrote:
| I have an American Airlines flight in a few hours. Looking
| forward to see what kind of data I can find now
| cirrus3 wrote:
| Fun story =)
|
| Anyone else freaked out by that "time" format though? Seems like
| a strange choice, would have expected something more standard
| like ISO 8601 with timezone offset. "time": "Sun Sep 24 22:02:19
| 2023"
| jamesbvaughan wrote:
| I felt similar!
|
| My best guess is that whoever designed this system preferred to
| transform the time into a localized (based on the flight's
| location, I guess?) representation on the server so that they
| could drop it directly into the web UI without much client-side
| logic.
| hughes wrote:
| It looks like the default formatting used by `ctime`. Could be
| a clue about the underlying backend.
|
| https://cplusplus.com/reference/ctime/ctime/
| kristopolous wrote:
| On redeye international flights with exorbitant WiFi fees I'll
| admit to scanning for MAC addresses, get the top talkers, then
| come back later when ones been idle for like 15 minutes,
| presuming the person is asleep and change my mac to take the
| address and get online.
|
| I just did it for fun, ok fine.
| kkyr wrote:
| How do you determine who the top talkers are?
| sneak wrote:
| The wi-fi on planes is not encrypted.
| cromka wrote:
| Even if it was, you'd still see the top talkers
| cromka wrote:
| By setting the WiFi card into monitor mode, and using by e.g.
| Kismet for data collection.
| kristopolous wrote:
| I did it with tshark but yes this is a pretty easy problem
| to solve.
|
| I think I even made a script in lua to do it automatically
| commandlinefan wrote:
| When my son was younger - maybe 9 or 10 or so, we were on a plane
| and he was using his phone and I looked over his shoulder and
| realized he was on the internet... but I hadn't paid for an
| internet plan. I said, "son, how are you using the internet?" He
| said, "oh, a kid at school showed me - if you go here" (he opened
| up the wifi settings where the DHCP assigned IP address is) "and
| start changing the numbers, eventually the internet will work."
| Apparently, at the time, on American Airlines, when somebody
| bought and paid for an internet plan, it gave them an IP address
| and authorized it to use the internet... if somebody else guessed
| your IP address (which was pretty easy, it was a 192.168 address)
| and spoofed it, they could take over your internet connection
| with no further authorization.
|
| I had to tell him not to do that, but I was kind of proud of him
| for having the temerity to go for it.
| iancmceachern wrote:
| Legend, your kid is a legend
| noduerme wrote:
| Wait, they like, opened up a private local IP _on every plane_
| for some guy who paid for a certain dedicated one?!
| elif wrote:
| Plot twist, he used your credit card and you are proud of his
| social engineering skills.
| cromka wrote:
| There's a way to workaround virtually any kind of gated
| Internet access: DNS tunneling
| (https://github.com/yarrick/iodine)
|
| It's slow, but it works and is a handy "last resort" tool.
| nerdbert wrote:
| Painfully slow. I would not call it usable for any modern
| workflow.
| kabes wrote:
| I used dns tunnels a lot in the past. I wonder if techniques
| like this still work these days
| 1vuio0pswjnm7 wrote:
| The LAN here seems relatively small and fixed, i.e., the number
| of passengers on a flight is known and does not change during
| flight. The airline could easily assign a unique IP address to
| each seat (ticket) without using DHCP.
|
| This is generally in contrast to other instances of public
| Wifi.
| groby_b wrote:
| Good luck finding out which seat that _wireless_ connection
| is coming from, though :)
| hunter2_ wrote:
| The user would scan their boarding pass to get connected.
| grishka wrote:
| What if someone has multiple devices they want to connect?
| Most people would travel with at least two devices.
| ValentineC wrote:
| For Panasonic's in-flight wifi specifically, a login would
| only work for one device at a time.
|
| Great time to have an Android device with hotspot handy. :)
| hunter2_ wrote:
| The fact that newer phones (Pixel at least) can use WiFi
| (client mode) as the WAN/uplink side of its hotspot stack
| (NAT, AP, etc.) is pretty neat. Not long ago, only the
| cell modem could serve in that capacity, as far as I'm
| aware. Frankly I'm surprised a single WLAN radio can pull
| that off. I pay the $8 on my phone and share it to my
| laptop and whatever devices my travel companion(s) might
| have.
|
| Most laptops can't do this, right?
| grishka wrote:
| > Frankly I'm surprised a single WLAN radio can pull that
| off.
|
| Maybe at the cost of latency because it has to switch
| channels back and forth?
|
| > Most laptops can't do this, right?
|
| Any laptop can do this if you plug a USB WiFi dongle into
| it :P
| cromka wrote:
| It doesn't have to switch channels, it will create
| another station using same channel.
| avidiax wrote:
| > Maybe at the cost of latency because it has to switch
| channels back and forth?
|
| Not necessarily. It can be a client on 2.4Ghz and an
| access point on 5Ghz. Even without that, if it has MIMO,
| then one of the antennas can be receiving 2.4Ghz while
| the other is sending (at least in theory, if the
| crosstalk between the antennas is low and the selectivity
| of the receiver is sufficient).
| Sophira wrote:
| Windows has been able to do exactly this since Windows 7!
| It's called Wireless Hosted Network[0], and if you've
| ever seen the "Microsoft Virtual WiFi Miniport Adapter"
| (Windows 7) or "Microsoft Wi-Fi Direct Virtual Adapter"
| (Windows 10/11) in your list of network adapters (it may
| be hidden), it's there specifically to enable making a
| hotspot while being connected to a wireless network.
|
| [0] https://learn.microsoft.com/en-
| us/windows/win32/nativewifi/a...
| quickthrower2 wrote:
| And probably 2 more simple steps to the credit card number of
| that paying customer.
| babypuncher wrote:
| A slightly more ethical solution, for those wondering, is SSH
| tunneling. A lot of gated wifi networks allow SSH traffic
| through without payment.
|
| I used to spend a lot of time at JFK back when they still
| charged for WiFi. I watched a lot of Netflix for free by just
| logging into my router and opening a tunnel to my VPN server.
| Wowfunhappy wrote:
| Do you know why they let SSH through?
| jrockway wrote:
| The rule is probably something like "if !paid: deny tcp 80,
| deny tcp 443". (Hopefully they got UDP for HTTP/3.) I
| suppose this has the desired effect of captive portals
| (break GMail until you pay), without having to field
| support requests from geeks ("I paid but SSH doesn't work,
| refund me"). I think their plan is that whatever obscure
| app you're using negotiates over HTTPS, but then actually
| transfers the data over some other port. I bet things like
| Zoom work that way. By not touching the obscure data paths,
| you avoid support requests.
|
| Either that, or they just felt like throwing a fellow nerd
| a bone. If you ask the PM, "should I block SSH" they'll say
| yes, but if you just put it in there, who knows ;)
| extraduder_ire wrote:
| Whoever set that up probably wanted it for their own use,
| both for easily managing the system when they need to
| work on it, and for themselves when they're travelling
| anywhere.
|
| If I'm ever in charge of rigging up a captive portal
| system like this, I'm certainly going to do something
| similar if I can get away with it. Maybe even put a hint
| on how to bypass in the portal's page source. "ssh works
| on port 46969, don't tell anyone." > rot13 > base64 ->
| "cache-burst-ID: ZmZ1IGpiZXhmIGJhIGNiZWcgNDY5NjksIHFiYSdn
| IGdyeXkgbmFsYmFyLgo="
|
| May be too obscure though.
| jrockway wrote:
| Honestly, I think captive portals are probably on the way
| out, given how good 4G/5G is these days. I am not sure
| what business traveler wants 10kbps hotel wifi for
| $30/day when their phone gets 600Mbps down and 30Mbps up.
| colordrops wrote:
| Basically IP war-dialing.
| skripp wrote:
| > I had to tell him not to do that, but I was kind of proud of
| him for having the temerity to go for it.
|
| You told him off for such a small thing? You were impressed but
| didn't give encouragement? You are a horrible parent.
| logeist wrote:
| What does your son do now, if you don't mind me asking? That's
| the kind of stuff I was poking around with then add a year or
| two.
| commandlinefan wrote:
| Ha, he's a CS major at UT.
| pak9rabid wrote:
| lol, I used to do this all the time at non-free wifi hotspot
| locations, only I'd start off with a ping sweep of the entire
| subnet (nmap -sP) in order to get my ARP cache filled with a
| bunch of potential usable IP/mac addresses on the network. From
| there, I'd iterate through each one and set the IP & mac
| address until I found one that would let me through the
| firewall.
|
| Granted, being a NOC engineer at Wayport (now AT&T WiFi)
| certainly helped me understand how it all works.
| zikohh wrote:
| Recommended any blog posts?
| aeternum wrote:
| Yes the key to doing this more seamlessly is to spoof both
| the IP and the MAC so your machines are not constantly
| fighting with the other person over the ARP table entry.
| colanderman wrote:
| Aren't you then fighting the switch's port learning? Or
| RSTing each other's TCP connections?
| withinboredom wrote:
| Its wifi. You both just pick up the same frame when it is
| broadcast, then it sees two stations (a level below IP)
| with the same MAC. Most routers just don't care about
| that. (it's technically a valid edge case that two
| stations have the same mac address. It should be
| vanishingly rare in the wild ... but this is a practical
| example of why it isn't).
| [deleted]
| herpderperator wrote:
| So if two wifi clients have the same MAC and IP,
| everything works fine for both of them?
| yebyen wrote:
| "everything works fine" might be overstating a bit, but
| what happens to packets you weren't expecting when you
| don't have a connection open for them to go into? They
| probably get ignored by the network stack.
|
| Worst case scenario, the router/service endpoint sees
| your connection responses and the other party's strange
| NACK responses, but I honestly don't know enough about
| how it works to say "everything works fine"
|
| I'd guess that connectionless protocols will work fine
| and connected protocols will also work fine. The truth is
| probably YMMV by protocol, but there is truly no way for
| the wifi router to detect this is happening or isolate
| the redundant stations - it's an unencrypted broadcast.
| The only way this goes sideways is if a connection
| protocol is engineered to make it go sideways when you
| try to do that.
|
| I'm pretty sure that any such protocol which succumbs to
| any unencrypted (or incorrectly keyed) traffic that isn't
| from the designated counterparty is insecure to begin
| with. It should be resilient against DoS, so most
| protocols aren't going to have that vulnerability. Again,
| I'm guessing, but I'd hope.
| hatware wrote:
| [dead]
| richardwhiuk wrote:
| If there's multiple hotspots behind the same controller,
| you may well get switch port fighting.
| withinboredom wrote:
| If STP[1] is enabled, but that is unlikely since you'd
| have dropped connections when roaming for the reasons you
| just gave. Most likely, STP is not enabled on these
| networks.
|
| [1]: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol
| Sesse__ wrote:
| STP detects loops between switches, not MAC addresses
| moving between them (or between APs).
| cereal_cable wrote:
| A switched port learns the Mac address for packets sent
| into it. If port 1 sends a packet with Mac a, the switch
| associates that address (a) to port 1. When another node
| sends a packet onto another port with the same mac, say
| on port 2, the switch will move the learned address a to
| port 2 and remove it from port 1.
|
| When a switch has learned a mac address all traffic
| destined to that traffic would be immediately switched to
| that port. If the switch has no record for that specific
| mac address it floods all ports except the ingress port.
| This is expensive and means other devices receive traffic
| that isn't intended for them so they waste time dropping
| it.
|
| So in networks that have no protections against those
| attacks then this could very well be a problem if there
| are multiple access points and the two nodes are on
| different access points.
| withinboredom wrote:
| Except that this is a normal thing on wireless networks.
| A station may roam many times within a few minutes, and
| due to reflections, may even be in more than one place at
| a time.
| Fatnino wrote:
| "vanishingly rare"
|
| I once bought a cheap Bluetooth dongle from China. Its
| MAC address was 11:11:11:11:11:11 Obviously there are now
| a lot of bluetooth dongles in the wild with the same MAC
| address.
| colanderman wrote:
| Yes so that is the hub case (2nd half of my comment) --
| clients will RST each others' connections then. Unless
| you are MAC cloning but not IP cloning.
| withinboredom wrote:
| A computer doesn't send a RST when it gets an unknown
| packet...
| londons_explore wrote:
| Usually doesn't matter... The other person will get
| frustrated and disconnect and reconnect a few times, and
| finally give up and read a book...
| daveevad wrote:
| > The other person will get frustrated and disconnect and
| reconnect a few times, and finally give up and read a
| book...
|
| That makes me really reconsider my past struggles with
| this form of Internet access.
| Arrath wrote:
| Yeah...
| cutemonster wrote:
| Time to consider instead: walk through the plane, look
| angrily at the other passengers, one at a time, asking:
| "Do you use 192.168.x.y?". That can solve the problem
| daveevad wrote:
| Presumably there is a way to find out which other
| wireless client is impersonating another in a confined
| environment like an airplane.
|
| A multicast packet might vary based on physical distance
| to the imposter?
| brookst wrote:
| Or convince the flight attendants to including "MAC
| address spoofing" in the spiel about destroying or
| tampering with lavatory smoke detectors.
| duckqlz wrote:
| If any lawyers or FAA employees are reading this I'm
| genuinely interested in what, if any, legal implications
| there would be for running nmap mid flight on an airline.
| Surely once you have spoofed the MAC address and IP of
| another passenger to gain unauthorized access to the planes
| LAN you have committed a crime but what about passively
| scanning?
| masukomi wrote:
| are you asking if its a crime to read information they've
| publicly broadcast?
|
| Because if that's a crime we're screwed because then it's
| illegal to read, or listen.
| marktangotango wrote:
| We should not be surprised how much ignorance there is
| around this. Networking even for technical people can be
| a "black art".
|
| https://www.theverge.com/2021/12/31/22861188/missouri-
| govern...
| LtWorf wrote:
| Normally ping is disabled on those networks?
| walth wrote:
| Yup. And we normally have client L2 Isolation.
| shredprez wrote:
| I typically just praise with upvotes, but I'm feeling
| grateful today: anecdotes like this one and gp are why I love
| hn
| sprokolopolis wrote:
| I used to do this on airplanes and in hotels. I had more
| success in hotels, because there was less chance the other
| person was using it at the time and less chance of getting
| kicked off.
|
| There was another little hack that I used as a little kid.
| Remember when airlines would sell or rent special headphones to
| watch inflight movies? The port was just two holes beside each
| other and the plug was two tubes. Before a flight, I would stop
| by one of the fast food places in the terminal and grab a
| handful of straws (preferably ones with a bendy joint). When I
| was on the plane I would connect the straws by fitting them
| into each other to create a long straw. Put one end into the
| port on and the other into your ear and you got free movies
| with audio!
| barrkel wrote:
| How long ago was this?
|
| 20 years ago, all I saw were dual mono bayonet jacks you'd
| need an adapter for to plug in normal headphones, but straws
| would get you nowhere.
|
| I was curious so I searched:
| https://simpleflying.com/inflight-entertainment-
| headphones-e... - pneumatic headphones from the 1960s were
| used on Delta as late as 2003, but electronic headsets
| debuted on 767 in 1982.
|
| Apparently the dual mono jacks are to discourage people
| taking the headphones, rather than restricting access to
| audio.
| vertnerd wrote:
| Interesting that I have only flown once since 9/11. Almost
| all of my flying took place in the three decades prior, so
| the pneumatic headsets are the only ones I remember.
| plg wrote:
| As a kid in the 80s we used to fly YVR-HNL every winter ...
| always pneumatic earphones.
| lathiat wrote:
| Fairly sure I still saw pneumatic ones sometime in the
| 2000s in Australia.
| nottheengineer wrote:
| Then why isn't at least one of those jacks a TRS so you can
| use normal headphones?
| mikaraento wrote:
| On newer planes both of them often are
| IIsi50MHz wrote:
| My last four flights used only stereo 3.5mm plugs.
| sprokolopolis wrote:
| It was when I was a kid in the 80s and 90s. Yeah they were
| on old planes that were just still in use.
| rhuru wrote:
| Your son is in good company.
| Obscurity4340 wrote:
| Kids discover the darndest hacks
| josh_carterPDX wrote:
| There used to be an app that would scan the ip and mac
| addresses on the network that were already connected to the
| internet. You could then change your settings to one of the mac
| addresses and when they were done you'd get the connection to
| yourself.
|
| I used to travel a lot for work and just refused to pay for
| WiFi. This was good in airports and coffeeshops when you still
| had to pay to connect.
|
| Now it's hardly needed, but I could see how it would be helpful
| where there's still a cost to connect.
| cromka wrote:
| It's not an app, per se, but a concept of setting your WiFi
| card into monitor mode and listening to the radio traffic.
| Kismet is one of the suites that does that.
| josh_carterPDX wrote:
| True. I just can't recall the name of the platform I used,
| but it was something similar to an ip address scanner which
| gave me a list of all devices already connected to the
| network along with their mac addresses.
| lukas099 wrote:
| Expect cops on your doorstep for CFAA violations by the morrow.
| lukas099 wrote:
| It was a joke.
| Eumenes wrote:
| 9-10 seems young to have a phone, smart kid though
| eru wrote:
| The older generation had Game Boys at that age, too.
| Eumenes wrote:
| Game boys didn't have app stores, web browsers.
| wferrell wrote:
| This is an amazing story. Thanks for posting.
| afterburner wrote:
| > for having the temerity to go for it
|
| Well, if he doesn't know there's anything wrong with it, it's
| not really temerity.
| hunter2_ wrote:
| I think kids sense wrongness even when the act is deemed
| victimless, repercussionless, etc. -- it's pretty clear that
| a thing was achieved that someone tried to prevent, and
| undermining someone's effort is typically wrong. Tough to
| think like a kid, though!
| kxrm wrote:
| A few years ago I was on a Southwest flight and had OpenVPN
| running because I forgot to turn it off. I was able to access
| the Internet through my tunnel without paying for access. I
| guess at the time they were only port blocking common ports
| (80, 443, 53 etc) if you didn't pay. They have since closed
| that hole.
| chankstein38 wrote:
| For this same reason you used to be able to send messages via
| platforms like whatsapp without internet as well! I don't
| remember the airline I just remember I hadn't paid for
| internet but I could message and do a few other things but I
| couldn't browse the internet.
| bayindirh wrote:
| If it's Turksih Airlines, they also provide unlimited
| messaging on board, free of charge.
| nerdbert wrote:
| KLM and United for sure have free in-flight messaging (at
| least as of a few days ago, the last time I used them).
|
| It's interesting what does and doesn't go through. e.g.
| Facebook notifications update, but not the content. I guess
| that's because they use the same channel as FB Messenger.
| thedanbob wrote:
| That was probably deliberate. I flew United recently and
| they advertised free wifi for certain messaging apps, or
| you could pay to access more apps or the general internet.
| MostlyStable wrote:
| I also flew united recently and, in addition to the free
| messaging access, they also provided free access to the
| inflight entertainment, in case you wanted to watch it on
| your device instead of on the screen.
|
| I would have loved to take advantage of this since my
| wireless earbuds were significantly better than the wired
| pair I had. Unfortunately, a little pop-up warned me that
| this was not available on Android 13 devices. I was more
| than a little annoyed, but also curious as to why this
| might have been the case.
| xattt wrote:
| There was a report in the early to mid-2000s where
| someone got iChat AV to work, partly because it was
| fairly obscure and likely the network engineers didn't
| consider blocking it.
| kshacker wrote:
| Here's my hack for United's free messaging. Works on iOS,
| and makes the flight more useful than before, but not as
| good as paid internet.
|
| Messaging and Notifications basically follow the same
| protocol. Even though I usually have notifications
| disabled, I go and activate it for anything I care about
| - News, Weather, Slack, Whatsapp (yes I have that
| silenced). Every single message pops up as a
| notification. Could be bank alert, Ring alert, homekit
| alert, whatever ... it just shows. So you can keep tab on
| things you care about, and if you are really needed, well
| you can pay and get on the full Wifi. And anyways you can
| iMessage to communicate if needed.
| alwayslikethis wrote:
| I flew United recently, and I was able to use the free
| messaging service for basically everything without any
| intervention from my part. It's just a tad slow. Not sure
| if it was intended or not.
| Kikawala wrote:
| It also worked on Alaska Airlines and American Airlines.
| smfjaw wrote:
| Love stuff like this, it's how kids get into computers. I used
| to make minecraft servers for my friends and I to play on when
| I was 12, which lead to a software engineering career. Sounds
| like you've got something similar on your hands
| hot_gril wrote:
| Minecraft servers and scanning IP addresses also mix in
| mischievous ways, especially servers with no whitelist...
| KMnO4 wrote:
| I used to do the same thing at hotels. Still often works.
| nmap -sn 192.168.0.1-255
|
| To find everyone on the network, then start spoofing each of
| their MACs until you find one that works
| savrajsingh wrote:
| I should probably know the answer, but what happens when two
| devices have the same MAC address?
| commandlinefan wrote:
| No way to tell for sure, but I can only assume that he had
| actually hijacked somebody else's connection and the other
| person's device stopped working for them. I sure wasn't
| going to stand up and ask the plane if anybody had had
| their internet plan hacked...
| ahoka wrote:
| That's not how it works, but probably made someones
| browsing experience worse.
| _joel wrote:
| Buy a plan then clone the mac of that device, white hat
| it. Might have killed a bit of time (unless you needed
| sleep) :)
| eru wrote:
| That's fun, but why not just buy a plan for one device,
| and then start a wifi hotspot on that device to share the
| connection?
| AdamJacobMuller wrote:
| "it depends, nothing good"
|
| Network devices forward (switch, more technically) packets
| to and end device based on an internal MAC table (send
| packets for DE:AD:BE:EF to interface ge-0/0/0.0) and most
| devices populate their MAC table simply by looking at input
| packets and sending the "next" packet for that MAC address
| out the "last" received interface.
|
| If two devices in a network have the same MAC address, they
| will effectively "fight" for control of the packet flow.
| You can win that fight by sending a lot of packets.
|
| In practice, the other person is going to get annoyed and
| give up.
|
| There are lots of technology which avoid this issue now,
| but the two primary ones are 802.1x (used in
| corporate/government environments) and DHCP snooping which
| can be much more broadly deployed. 802.1x is very
| complicated and I won't go into it, but, DHCP snooping
| works by limiting L2 forwarding (MAC table population) to
| only what the DHCP server says the end device should have
| and it does this just by inspecting the DHCP replies (no
| custom protocol) with some vendor specific extensions on
| the DHCP server side for complex scenarios (you can even do
| things like put ports in a specific VLAN based on the DHCP
| reply).
|
| This works fine on a physical layer and most hotels are
| probably using something similar now (less for malicious
| abusive reasons, though that's a thing) but also just to
| work around poorly behaving devices and to reduce customer
| complaints. If you care (and have a modest amount of money)
| MAC and IP spoofing are dead on the physical layer.
|
| For the wifi layer, very similar stuff exists in high-end
| gear (Rukus/Cisco) and is starting to trickle down to
| prosumer level gear like unifi. If you care (and have
| serious cash for Rukus) MAC and IP spoofing are also dead
| on the wifi layer.
| EvanAnderson wrote:
| > "it depends, nothing good"
|
| Fun anecdote from the early 2000's re: duplicate MACs:
|
| Embedded IP time clock kept intermittently barfing out
| frames with the source MAC addresses of other devices on
| the network. The switch would update its MAC table and
| direct packets to this device. The Customer's AS/400
| would kill all remote terminal sessions when the clock
| ended up w/ the AS/400's MAC. (They were doing a layer
| 2-based connection to the AS/400-- APPN, I believe it was
| called... Ugh, it was temperamental and didn't like any
| layer 2 "hiccups".)
|
| MAC addresses flapping between ports is one of those
| "breaking the laws of physics" kind of problems that
| teaches you to question your assumptions. Gear with a
| crazy brain can do anything it wants to and it doesn't
| care about your assumptions.
| AdamJacobMuller wrote:
| > it was temperamental and didn't like any layer 2
| "hiccups"
|
| The clock was probably doing the "correct" thing when it
| got a TCP packet for a connection which it didn't
| recognize and sent back an RST, which caused the client
| to abort.
|
| > kind of problems that teaches you to question your
| assumptions
|
| Yep. I learned a lot from dealing with large layer-2
| networks (commonly running on hardware not suited for the
| task). Mostly I learned to never run large L2 networks.
| spmurrayzzz wrote:
| It more or less turns into an ARP cache race, only one
| device is gonna win. You can do some tricks with gratuitous
| ARPs as well for "dumber" networks, but more sophisticated
| setups usually have some broadcast ARP filters that are
| tied to an auth layer (radius, 802.1x. etc) and will drop
| broadcast frames from un-authed hosts.
| sznio wrote:
| Since Wi-Fi is a broadcast medium, shouldn't it not matter?
| With a switch it would break things because MAC tables, but
| a Wi-Fi AP is a hub. Each device will receive packets for
| both devices, sure, but will that break things?
|
| I know Windows gets upset when that happens but the network
| seems to still work.
| Cpoll wrote:
| I should probably know this too, but I'll speculate wildly
| instead.
|
| MAC is Layer 2, IP address is Layer 3. One way or another,
| the packet destined for the person you're spoofing will end
| up at your computer and work its way through the layers.
| From there, if it's a TCP/IP packet, I think it'll get
| filtered out at Layer 4 (transport) because your computer
| wasn't one of the parties that initiated the TCP connection
| (the sequence numbers won't line up, etc).
|
| Packets being broadcast to multiple machines is common
| enough in various network setups, it's up to the individual
| machine to decide whether to process or drop the packet.
| angry_octet wrote:
| That greatly depends on whether the medium is broadcast
| (like a radio) or broadcast-like (a shared copper wire) and
| if it has CSMA/CD logic. Many of the replies are losing
| that detail and thinking of how it would effect a
| 1000base-T network, which maps MAC addresses to specific
| ports.
|
| For a broadcast network, the answer could be 'nothing' in
| the sense that both receivers would get the same traffic.
| The IP stack would then throw away packets destined for the
| other computer unless they were UDP broadcast or multicast,
| and even then it would only notice if someone was running
| Wireshark.
|
| Advanced wifi devices/meshes will use beam forming and mesh
| allocation and might degrade if there were MAC duplicates,
| but I think they will generally operate in a non-exclusive
| basis due to end point movement and fading, so both
| computers will get a good data rate.
|
| In summary: it's fine.
| colanderman wrote:
| Can't this often result in the two machines RSTing each
| others' TCP connections, depending on firewall settings?
| queuebert wrote:
| Only one way to find out.
| _joel wrote:
| ARP entered the chat
| rolph wrote:
| this seems to be a decent answer written up ready to go.
|
| https://serverfault.com/questions/462178/duplicate-mac-
| addre...
|
| what happens depends on your LAN setup, but generally its a
| fail.
| time4tea wrote:
| ISTR SunOS4 panic if it saw duplicate IP address on the
| network.
|
| sync boot
| lupire wrote:
| Does that work if both of you are trying to send/receive
| packets at the same time?
| system2 wrote:
| WiFi signal is received by both. Packages are ignored if
| they are not requested by either one of the systems. You
| can also receive anyone else's packages while you are using
| your internet but ignoring the ones you don't need. (If
| interested try aircrack-ng.)
| ahoka wrote:
| Only if it's unencrypted, of course. Rarely the case
| nowadays.
| ruune wrote:
| If it's important but you got time, you could always save
| the packets and crack them when quantum computing comes
| out for consumers. You have to wait a couple of decades
| probably, but maybe it's worth it
| pests wrote:
| NSA is already taking care of that in Utah.
| angry_octet wrote:
| Your computer will still receive the packets from the
| radio layer, it just won't have the right key to decode
| the other recipient's traffic.
| ahoka wrote:
| Of course if you don't sit in a Faraday cage you can
| receive any electromagnetic waves around you. But you
| can't actually receive other users IP packages.
| fragmede wrote:
| Yeah, the client OS will reject the "bad" packets destined
| for the other device as unknown.
| louison11 wrote:
| This is what I did about 7-8 years ago on flights when I was
| still a reckless teenager. Would just wait for people to buy
| the plan, then spoof their Mac address. There was also a
| specific airline, although I can't remember which one, which
| let me in for free without MAC spoofing - by using a Google
| Cloud VPN I had previously set up. The paywall was
| essentially blocking all IP ranges except for Google servers
| for Google Analytics.
| ApolloFortyNine wrote:
| Similar is probably possible on cruise ships, I noticed on
| Carnival you could still get notifications from discord (I
| assume because most android notifications go through cloud
| messaging and it's required for their own app to work
| without internet).
| Scoundreller wrote:
| Took an airline that required an app to pay to connect...
| but also opened up a window of a few minutes of open access
| to let you download said app from the iStore.
|
| I always wondered if there was a way to further exploit
| that.
| withinboredom wrote:
| IIRC (assuming it was the same airline), it didn't close
| existing connections once the time ran out, so you'd just
| ssh to a server and proxy through that. When/if the
| connection dropped, you'd just change your mac address
| and start over.
| SileNce5k wrote:
| This is what I used to do at home when my dad would turn off
| my internet access (by whitelisting MAC-addresses. Before
| that he blacklisted MAC-addresses, but I just used the built
| in way to change it with each connection on windows until he
| found out.). My mom rarely used her PC so I would just change
| my address to hers. It worked until she had to use it and at
| that point none of us could access the internet.
| pantalaimon wrote:
| I've never been at a hotel that charged for WiFi - is that a
| US thing?
| lukas099 wrote:
| It's not unheard of but it's probably been a decade since
| I've been to one personally. Some have free WiFi just for
| guests (probably good since the bandwidth is so saturated
| already).
| brewdad wrote:
| The last couple of hotels I stayed in had free "basic"
| wifi for guests. Elite status could get higher speeds for
| free or anyone else could pay something like
| $10/day/device to get higher speeds.
|
| I just switched to my cell phone data if the wifi was too
| slow.
| louison11 wrote:
| Yes. You often also have to pay for parking in many places.
| The price you see online is rarely what you pay for. But
| that's part of the culture, it's the same for restaurants,
| online purchases etc.
| lukas099 wrote:
| The sticker price is almost never what you pay, since tax
| is almost never included. Not sure how or when that norm
| diverged from the Euro one.
| xp84 wrote:
| I suspect the "how" is that we just never got the
| regulation that would prevent it because the 'small-
| government and low taxes' are aligned perfectly with the
| large business interests which tend to fund all
| campaigns. The "low taxes" types want to maximize the
| sting of all forms of tax and this is a great way to do
| that. And the businesses appreciate the psychological
| benefits of being able to show the minimum possible
| number. Even if a "display only the final price" rule
| applied to all a consumer's options, we probably just buy
| things more when they're labeled as "$99.99" instead of
| "$109.99."
|
| For extra fun, consider how phone bills attempt to "pass
| through" their own tax obligations, which have little to
| do with your own incremental usage, in the form of
| 'recovery fees' tacked onto bills. I suspect we'll
| eventually see those creep into all kinds of
| transactions, especially among other
| monopolistic/oligopoly businesses where you have little
| if any choice.
| sokoloff wrote:
| > we probably just buy things more when they're labeled
| as "$99.99" instead of "$109.99."
|
| That's basic price elasticity of demand and entirely
| unsurprising. When something costs 10% more, people buy
| less of it in general.
|
| We also buy more things priced at $99.99 than at $100.00,
| which is more of the psychological trick than it is
| rational price elasticity.
| ericjmorey wrote:
| The 2 largest retailers on earth have discovered that the
| x.99 prices make you less money than pricing at x.99 plus
| some arbitrary number between .99 and .01.
| extraduder_ire wrote:
| I think the EU law on that is the "Price indication
| directive", and AFAIK, it's been around since 1998. (may
| have replaced an earlier directive, my google-fu is
| lacking)
|
| I think the norm is to show whatever price you want, with
| some countries banning that for fairly obvious reasons.
| refurb wrote:
| I'm imaging it's because states and even cities can have
| differing sales tax rates.
|
| Hard to advertise to a wide audience when the final price
| after tax is one of 12 different prices depending on
| where they live.
| extraduder_ire wrote:
| That's a weak justification to apply to prices listed
| right where the product is sold. Like, if one uses a
| sticker gun to put a price tag on a product itself.
|
| I don't know of any US businesses other than waffle house
| that always include all taxes in the listed price,
| however.
| refurb wrote:
| There are laws against adding in taxes on listed prices
| in places like NJ, likely others as well.
|
| Regardless, I'm not sure why people consider it such a
| big deal. It's consistent across the board and it's
| relatively basic math to estimate what the total would
| be.
|
| I've lived in places that do it both ways and it's a non-
| issue.
| havnagiggle wrote:
| Dialup speeds is free, but if you want to taste those
| megabytes, you better fork over those megabucks.
| mmahemoff wrote:
| Thankfully competition from AirBNB made them re-think the
| idea. That's my theory why it mostly went away anyway.
|
| There's still some stragglers though, offering "basic"
| access free but charging for higher data limits, faster
| bandwidth, more devices. You can often get the higher plan
| just by signing up for the hotel's loyalty program.
| ApolloFortyNine wrote:
| It's a business hotel thing, oddly all the cheap chains
| will have free breakfast and wifi, but often something like
| the Hilton will be pay for both, likely because the
| clientele they're targeting is business employees who will
| just expense the whole thing.
| nelgaard wrote:
| It used to be common everywhere.
|
| From my point of view, free WiFi became normal when it
| became less important because of affordable mobile
| internet.
|
| From the point of view of the hotels it was about
| recovering their missing income after customers got mobile
| phones and stopped paying half a dollar per minute for
| using the hotel phones. There was a period when both mobile
| roaming and hotel WiFi was expensive, so I often went out
| from my hotel room and bough a local SIM-card to get
| internet access.
|
| What annoys me most, is that only when I finally could get
| a laptop that would work a full transatlantic flight on one
| charge, then suddenly airplanes all got power outlets.
| Spooky23 wrote:
| Conference hotels often soak the companies with booths for
| internet access. One place I did for my company demanded
| $1500 for 3 days of internet access for up to 5 devices.
|
| In-room, you get free internet access, but in the
| windowless ballroom with spotty cell-service, there's
| nothing available for free.
| rootbear wrote:
| I've also seen the opposite, where in-room Wi-Fi was
| charged, but in the hotel's function spaces, it was free.
| The economics of this are confusing, at best. I have also
| had the situation where the in-room wi-fi was so slow
| that using my phone as a hot spot was faster!
| reichstein wrote:
| If they give you free internet in your room, you won't
| pay for their pay-TV. Especially the kind you won't be
| watching in public areas.
|
| "Follow the money"
| Spooky23 wrote:
| Sometimes that because the operator got hosed in a
| contract with a network provider. I used to see that a
| lot in full service hotels.
| OkayPhysicist wrote:
| It used to be more common about 10 years ago, but
| especially so among hotels catering to business travel.
| Your Motel 6 would probably have free wifi, the Hilton
| wanted an extra $20 a night.
| lxgr wrote:
| That's an amazing anecdote!
|
| The state of "open Wi-Fi" security is actually really sad. I'm
| not aware of an easy way for the airline to actually do better
| than this!
|
| I suppose they could use Opportunistic Wireless Encryption [1]
| and bind session authentication to that (i.e. authenticate a
| given OWE session, not a given MAC address) if the device
| supports it, as at least modern Apple devices do? But I have no
| idea how stable an OWE session is; it would be very
| inconvenient to have to login again every time my device
| switches between access points.
|
| In any case, I'm sad that this isn't a solved problem yet, and
| paid Wi-Fi (as well as securing free Wi-Fi) still requires
| custom and clunky solutions like unreliable captive portals
| that need to pass through selective traffic (e.g. for 3DS, for
| payments, sometimes emails for password reset codes etc and
| more).
|
| A standardized endpoint and API would also be nice, i.e.
| something to tell the client whether it's connected, restricted
| (i.e. able to only access a limited set of hosts such as the
| in-flight map as described in the article), or needs to
| pay/authenticate (and if so, at which URL). This could then
| yield an authentication token, to be provided for seamless
| reconnections for the same session.
|
| There's "Hotspot 2.0" and WPA-EAP (i.e. WPA Enterprise), but
| these don't really have a good story for "pay via web portal"
| style usages and are more geared towards wireless carrier
| operated hotspot networks and corporate scenarios,
| respectively.
|
| [1]
| https://en.wikipedia.org/wiki/Opportunistic_Wireless_Encrypt...
| dangus wrote:
| Isn't this data meant to be exposed? You can get all this
| flight status on the Southwest intranet when you're connected
| to WiFi as part of the flight status page.
|
| This hack just goes a step further to plot the data over
| time.
| lxgr wrote:
| The concern isn't access to the flight status data (or even
| your data, which is most likely encrypted these days), but
| theft of service you paid for, by another passenger on the
| flight (you would probably at least get kicked
| out/experience issues with your own connectivity, and might
| worst-case be blamed if something bad happens using the
| connection you bought).
| dangus wrote:
| I'm confused, none of what you're describing is part of
| the article.
| nenaoki wrote:
| It's responding to the scenario described in GGP.
| dangus wrote:
| Ah, does that hack still work though? I would be
| surprised if it did, since the story was from years ago.
| nerdbert wrote:
| I used to play with IP-over-DNS, which more or less
| worked on an awful lot of these plane wifi systems.
| Haven't tried it in the past couple years though; it's
| always slow the point of barely being usable. You can
| probably get your mail via IMAP if you're patient and
| nobody's sending you large attachments, that's about it.
| vezuchyy wrote:
| You can always use an open network to generate passwords for
| the proper internet connected WPA-EAP network (along with
| some in-flight multimedia like some carriers do). Extra step
| for sure but it solves the problem.
|
| PS: I'm a couch expert so I have no idea if there's a problem
| with this idea.
| Wowfunhappy wrote:
| The first problem that comes to my mind--clients will
| remember both wifi networks and may continue to choose the
| open network when e.g. waking from sleep.
|
| The user can go in and forget the open network of course,
| but most won't know to do that.
| stereo wrote:
| It would theoretically be possible to bounce clients
| which you know are already authorised on the paid
| network.
| gorlilla wrote:
| QR code to connect to the _open_ but _hidden_ SSID.
| Instructs user to join WPA-EAP with supplied credentials
| once they've paid. Remains available to connect via QR in
| case customer somehow misplaced creds but avoids auto-
| reconnect during scan.
| [deleted]
| IggleSniggle wrote:
| Use Bluetooth instead of WiFi for the password generation
| channel
| lxgr wrote:
| You could just prevent access to the wider internet on
| the open version!
| Wowfunhappy wrote:
| Yes but the client will still connect and the user will
| wonder why their internet isn't working.
| mavhc wrote:
| Turns out OWE doesn't work on non ARM Mac computers
| Nextgrid wrote:
| In cases where the Wi-Fi is provided as a value-add or is
| bought via another channel than the Wi-Fi network itself, I
| think you can just generate one-time WPA Enterprise
| credentials, with a QR code to facilitate data entry?
|
| In case of in-flight Wi-Fi, the credentials/QR code can be
| printed on the boarding pass, or available in the app (the
| app caches it in advance while it's still on the ground, so
| when in the air you can use those credentials to connect).
|
| This doesn't cover 100% of use-cases but it would at least
| cover a big one (a significant amount of public Wi-Fi is
| "value add" to another service - whether restaurants, hotels,
| flights, etc where there's an existing channel to provide
| one-off wi-Fi credentials over), it's a shame nobody deploys
| this.
| labcomputer wrote:
| I think you could even take this one step further: Have a
| captive portal on an unencrypted channel (using TLS
| obviously) to do the vending, so that the credentials don't
| need to be purchased before the flight.
| lxgr wrote:
| Oh, these are neat ideas, I hadn't thought of that!
|
| One concern might be expiring access credentials (not
| sure if most OSes will re-prompt for a new password or
| just give up), but you could just make the EAP
| credentials per-user instead and redirect users to the
| captive portal again once needed.
|
| This leaves clients not supporting WPA-EAP, but these
| could just continue using the regular unencrypted/MAC-
| authenticated service.
| MBCook wrote:
| You might be able to just do the sign up on the in-flight
| entertainment system and have the user scan the resulting
| WR code.
|
| Only works with IFE equipped planes, of course.
| eru wrote:
| Well, the customer also needs to futz around with
| scanning a WR code, and get it from the device she
| scanned it on to the device she wants to use the wifi on
| (if they ain't the same.)
|
| Though you could route around these problems, but giving
| them both a scannable code, and underneath some
| credentials as plain text they could type.
| cxcorp wrote:
| What if the captive portal just had a link (or on an IFE
| screen, a QR code) that connected your phone to a different,
| WPA2/WPA3 protected, hidden WiFi SSID that was generated
| exclusively for you? Phones nowadays support joining a
| passphrase protected WiFi AP via a QR code, so I'd imagine
| that's doable. The hard part would be finding routers that
| support >300 different hidden SSIDs, but honestly I would
| hope that that is technically feasible nowadays.
|
| That way you'd at least have the protection of the WPA GTK.
| tharkun__ wrote:
| This. And even if the >300 is not available, how many
| people _actually_ buy Wi-Fi on the plane? _That_ is the
| number of clients that need to be supported. And if that 's
| still a problem (or you don't want to guess), the SSID can
| be hidden and static and the only thing non-static is the
| password that works for just the duration of the flight you
| are on.
| pbhjpbhj wrote:
| So you just take a photo of anyone's QR code? I'm not sure
| the hidden SSID achieves anything, that is presumably
| plaintext in the wi-fi transmission?
| eru wrote:
| That QR code would only be displayed for a short time,
| and mostly only people sitting directly behind you could
| snap the picture.
|
| It's not airtight, but better than the system it would be
| replacing.
| cxcorp wrote:
| The hidden SSID stops the users' WiFi list being full of
| random, password protected SSIDs when they just want to
| connect to the open portal WiFi.
| zekica wrote:
| You can have an AP accepting multiple different WPA2-PSK
| and/or WPA3-SAE passphrases, and since on WPA2 PMK depends
| on the password, and on WPA3 PMK is different for each
| client, you can put them in different VLANs or have per PMK
| MAC mapping if they share the same VLAN.
| tpolzer wrote:
| The AP still has to send regular beacons for each hidden
| SSID, taking up air time.
| intellix wrote:
| When I don't have internet and nothing else to do, I'll spend the
| entire flight trying to get free internet
| 1B05H1N wrote:
| Did you have permission to do that ? Sounds pretty risky to be
| probing the network of a flight imo.
| Etheryte wrote:
| Are you aware what the website you're currently on is called?
| WendyTheWillow wrote:
| Hackers talk about ethics and legality all the time!
| margalabargala wrote:
| Does one generally require permission to read a sign that
| someone else posts in a public place?
| system2 wrote:
| The signal is already reaching your computer. You are not
| modifying it. It is the same as listening to radio.
| jamesbvaughan wrote:
| No permission - just curiosity :)
|
| I'm not too concerned about the risk associated with fetching a
| JSON file that their flight status page is already fetching on
| a loop. That said, I'm curious what risks you have in mind.
| mulmen wrote:
| > That said, I'm curious what risks you have in mind.
|
| Overzealous prosecutors.
| fouc wrote:
| There's no "probing the network" involved here.
|
| The in-flight webpage was continuously fetching a specific end-
| point from the in-flight web server.
|
| This end-point is basically public data.
|
| All he did was duplicate what the webpage was already doing,
| and then do some basic analysis on the data the end-point was
| returning.
| mulmen wrote:
| Tell it to the judge.
| mcast wrote:
| Cybersecurity and internet crime laws are notoriously
| outdated (created in the 80s). I could see a bad lawyer
| arguing that cURLing an API repeatedly is "hacking".
| extraduder_ire wrote:
| Or getting tackled by an air marshal when someone sees
| white text on a black background and yells "hacking!".
| soupfordummies wrote:
| Fun read! Reminds me of the type of articles I would find in
| 2600. The hacker spirit at work :)
| dekhn wrote:
| Wait, doesn't everybody set up a prometheus/grafana dashboard for
| each flight to show the telemetry?
| system2 wrote:
| I usually connect to the cockpit directly with rj45 to keep it
| stable. Sometimes even talk to the pilot with the encrypted
| coms.
| H8crilA wrote:
| Talking to the pilots costs about $200 and is really easy,
| though very illegal - just find out which ATC freq are they
| currently on and transmit, from a handheld radio or a HackRF.
| You could also transmit on Guard.
|
| If you prefer to text rather than speak you can send them
| ACARS, with roughly the same hardware. Though if you use a
| handheld radio you'll also need a laptop to generate the
| baseband signal, as I don't think there are any commercially
| available ACARS transmitters.
|
| (Please never do this, you'll go to jail for a long time).
| dekhn wrote:
| I just listen (with an SDR, I never got a HackRF because I
| don't transmit). Where I live I can see planes on approach
| to SFO and can cross-reference flight codes on the radio
| with planes that I can see flying by and on flightradar.
| benced wrote:
| Another thing to notice: they use the highly nonstandard time
| zone abbreviation "PDT". This works because they're a US-only
| airline but if an international airline did this, they'd be in
| for a world of hurt.
| everly wrote:
| Is it really "highly nonstandard"? I thought it referred to
| Pacific Time during daylight savings. The rest of the time
| being PST (Pacific Standard Time).
| wil421 wrote:
| > Specifically, time in this zone is referred to as Pacific
| Standard Time (PST) when standard time is being observed (early
| November to mid-March), and Pacific Daylight Time (PDT) when
| daylight saving time (mid-March to early November) is being
| observed.
|
| https://en.m.wikipedia.org/wiki/Pacific_Time_Zone#:~:text=Sp...
| .
|
| What do you think is the correct format?
| kube-system wrote:
| Southwest has international routes now to popular vacation
| destinations south of the US.
| jdminhbg wrote:
| > This works because they're a US-only airline
|
| They're not US-only (note that the response included a value
| for whether it was a non-US-including flight), but they are
| North/Central America/Caribbean-only.
| recursive wrote:
| How much more standard can it get?
|
| https://en.wikipedia.org/wiki/Pacific_Time_Zone#
| https://www.timeanddate.com/time/zones/
| xxpor wrote:
| PDT is extremely standard?
|
| http://www.timezoneconverter.com/cgi-bin/zoneinfo.tzc?s=defa...
|
| Granted, I think everything should always be a UTC offset, but
| I'm also weird.
| benced wrote:
| To anyone claiming they're standard:
|
| > Time zones are often represented by alphabetic abbreviations
| such as "EST", "WST", and "CST", but these are not part of the
| international time and date standard ISO 8601 and their use as
| sole designator for a time zone is discouraged.
|
| > Such designations predate both ISO 8601 and the internet era;
| in an earlier era, they were sufficiently unambiguous for many
| practical uses within a national context (for example, in
| railway timetables and business correspondence), but their
| ambiguity explains their deprecation in the internet era, when
| communications more often cannot rely on implicit geographic
| context to supply part of the meaning.
|
| https://en.wikipedia.org/wiki/List_of_time_zone_abbreviation...
|
| Turns out PST and PDT are safe (no one else seems to use them)
| but something like CST is not: it could mean Central Standard
| Time (America/Chicago during standard time) or several other
| choices like China Standard Time (Asia/Shanghai).
|
| Ambiguity is bad.
| mmaunder wrote:
| Bring a Stratus, Sentry or open source equivalent with and you
| can get that data for most other aircraft within line of site in
| real-time, along with weather, radar, pilot reports and more.
| aplusbi wrote:
| The `ac` in `actime24` probably means `arrival city`.
| xhkkffbf wrote:
| On one of the earlier flights with wifi, I found that my Google
| docs were saving correctly even though I didn't pay for the wifi
| upcharge. The router wasn't blocking those ports. It seems like
| this has changed recently. Too bad.
| suction wrote:
| [dead]
| dtjohnnymonkey wrote:
| This is fun. I used to build these REST APIs for airlines (not
| Southwest though). Fun to see them get some attention!
| paul7986 wrote:
| If you travel lite with clothes in a book bag(wash clothes if
| extended stay)... I don't see why anyone would fly United,
| Southwest, American Airlines, etc VS.the budget Airlines like
| Spirit.
|
| Maybe if you have points with those airlines... Otherwise, save
| hundreds of dollars using budget airlines which the planes are
| newer in my experience, and never had a bad experience versus my
| recent bad experiences with Delta and the others in which I paid
| a lot more for. Almost all airlines I've had to pay for Internet
| access, including Spirit so for me, I don't understand why I
| would fly all the more expensive airlines versus using Spirit.
|
| There's a lot of negative marketing out there about Spirit...
| After my 10 positive flights experiences in the last six months
| with them I don't believe the hype.
| paul7986 wrote:
| Sure for me I fly out of a major hub (Baltimore Washington
| International) and Spirit flies pretty much to every US city
| from there.
|
| One thing bad about spirit is their extremely horrible refund
| policy .. their seats are a bit smaller but not by much.
|
| Thus far in my ten recent experiences flying Spirit with
| clothes & travel necessities in my book bag has saved me lots
| of money and my flight experiences have been the same to even
| better compared to Dekta, United, Alaska or Southwest. Thus the
| first place I now go to book a flight is spirit due to my
| experiences and flying out of a major hub.
|
| I hope JetBlue doesn't get the chance to buy them out ...
| Spirit allows a lot of ppl who couldnt afford to fly enjoy a
| benefit all should be able too and for me i like saving money!
| dboreham wrote:
| > I don't see why anyone would fly United, Southwest, American
| Airlines, etc VS.the budget Airlines like Spirit.
|
| I'm on a spoke (not a hub) and just don't have the service
| available to use budget airlines even if I wanted to. We have
| JetBlue -- they fly to Boston and that's it. We have Allegiant
| and they fly to Phoenix (not really Phoenix -- Mesa), and we
| have Avelo they they fly to LA (not really LA: Burbank). All
| these airlines fly one flight per day, and often not every day
| of the week. When I'm traveling somewhere that works for the
| budget airlines, I'm still leery because if their plane breaks
| down or there is "weather in Cincinnati", I'm screwed. They
| don't have a second plane available.
|
| otoh we have United, Delta, American, Alaska, Southwest with
| flights to several hubs each, multiple flights per day, through
| international ticketing, first class sometimes open... Plus I
| don't pay for luggage on the major carriers due to credit card
| membership/status.
| itslennysfault wrote:
| You must have buns of steel. I flew Spirit exactly once (well,
| twice, it was round-trip), and it was such a miserable
| experience I swore to never do it again. Their seats are made
| of concrete as far as I can tell.
|
| For domestic flights I pretty much always sit in the window and
| never get up during the flight. On spirit I had to get up and
| walk around after about 3 hours 'cause my ass was sore. Never
| again.
| paul7986 wrote:
| Did you have a negative view of Spirit before flying with
| them?
|
| Not sure about my backside.. don't do squats lol ... 5'10 170
| itslennysfault wrote:
| Not terribly negative, but yeah I always assumed it was
| cheap for a reason. I think I'd probably do a 1-2 hour
| flight on spirit if it was a good deal. Past that I'll
| spend a little money for a more comfortable flight... Guess
| I could also just bring a cushion on board with me lol
| cityofdelusion wrote:
| Just to clarify, Southwest is classified as a budget airline,
| especially compared to the "big 3". Spirit and airlines like
| them are in their own class called ULCC (ultra low cost
| carrier) to differentiate them from the existing budget
| airlines.
| technothrasher wrote:
| Sometimes the budget airlines don't fly to where I'm going, or
| do so by long multi connecting routes. I'm currently sitting on
| an AA flight because it was the cheapest option with a
| reasonable travel time. Honestly, it kind of sucks for all the
| usual reasons, but I've at least got free wifi on my phone
| through some deal with T-Mobile.
| sswaner wrote:
| On many United flights you can connect to onboard wifi without
| buying the plan and have internet access on port 22 and
| apparently unrestricted UDP. This allows me to connect to an EC2
| instance running mosh. Coding in vim is a great way to pass the
| time on a flight.
| system2 wrote:
| Can't you create an SSH tunnel to a machine and RDP with it?
| Then you'd have fully functioning internet.
| TrackerFF wrote:
| Yes, that's standard data which is broadcasted to the passengers
| via the plane app/website. Usually the apps will have some "show
| position" feature where you can see position, speed, altitude,
| ETA, etc.
| philprx wrote:
| actime24 is possibly for Arrival City time, not aircraft time.
|
| Fun research!
| ern wrote:
| Airlines have a moving map on their captive wifi portals. Didn't
| know it was rendered client side though. Something to try when I
| next fly.
| latchkey wrote:
| I was just thinking that you could take a picture from the window
| and then tie the GPS coordinates to the image with the output
| from that JSON. Kind of handy.
| jonah wrote:
| If you have location permissions enabled in your camera app,
| the image's exif data will have the coordinates in it.
|
| (US Civilian GPS units are prohibited from working above 60,000
| ft above sea level and 1,000 knots due to ITAR munitions export
| restrictions.)
| extraduder_ire wrote:
| I think the "and" in that sentence used to be implemented as
| an "or" in the days before everyone's phones had GPS in them.
| So you'd need to power cycle the device before it'd work
| again. Now most devices need to hit both limits at the same
| time before refusing to work.
| jonah wrote:
| Even now, it seems it may be up to interpretation. In
| searching for those numbers, I saw a post in a amateur high
| altitude balloon forum asking which modules were "or".
| (Presumably since it's a little more likely your balloon
| will exceed the altitude restriction and not the speed
| one.)
| pklausler wrote:
| Stupid question: how do civilian GPS units know that they're
| above 60,000' or faster than 1000 knots without, um, working?
| lom wrote:
| I've managed to get a GPS lock while flying, it just takes
| a few minutes to find one. Was it misreporting my position?
| because it usually matched up with what I saw outside of
| the window
| extraduder_ire wrote:
| Probably because you were in a large aluminium tube at
| the time, and had no internet to get the AGPS data, so it
| had to receive the orbital elements from the satellites.
| (IIRC, this can take as many as 24 minutes worst case)
|
| If you're using GNSS tracking on a flight, consider
| checking out the OSMand~ app for android. There's a map
| layout for flying, though I don't know if the navigation
| features work.
| comprev wrote:
| Maybe they read 60,000 even when at 62,000?
| 0x457 wrote:
| Well, they work internally, just don't expose information
| to the outside.
| latchkey wrote:
| I have pictures from my camera (with location permissions
| enabled) that don't have any GPS data in it, or at least the
| data is extremely wrong.
| jonah wrote:
| I can't help diagnose that for you. There are other ways to
| get your current location, etc from your phone though.
|
| I have GPS Test[1] on my Android - it's pretty neat to
| launch it while on a flight - seeing the speed in realtime
| is pretty fun.
|
| [1] https://play.google.com/store/apps/details?id=com.chart
| cross...
| dramm wrote:
| "According to this data, the plane's altitude was only
| fluctuating by about 20-30 feet. This is more stable than I
| expected!"
|
| Autopilots are very good and they are servoing to the pressure
| altitude.
|
| Many pressure altitude encoders used in modern aircraft (for
| example to drive altitudes that transponders report to SSR radar
| or via ADS-B) have 25 ft encoding resolution. That 25ft
| resolution is likely what is being seen here. Other encoders have
| 10 ft resolution but 25 ft is very common.
| phkahler wrote:
| >> Autopilots are very good and they are servoing to the
| pressure altitude.
|
| It would have been cool to use a phone to record a GPS track
| with altitude and compare them. Pressure != GPS. Also wonder if
| there would be distinct jumps in the difference if they reset
| the pressure based altimeter to a different AWOS.
|
| Not sure how it works in big planes, but in little ones you
| need to set your altimeter based on the local weather. The
| weather stations measure barometric pressure at their elevation
| and "correct it to sea level" you get this corrected reading
| over the radio and set it in your altimeter so your pressure-
| based altitude reading is corrected for local weather
| variations. Just going out flying for an hour the altimeter
| setting when returning to the same place might be off by a few
| millibar.
| gfo wrote:
| You use standard pressure (29.92 inHg) above transition
| altitude, which, in the United States, is 18,000 feet. Pilots
| wouldn't be changing the altimeter after climbing past this
| point, and would start using local values once descending
| through it again.
|
| Of course, your initial point is still correct: there could
| be slight variations if using those local settings and
| getting different values, but you'd only see that below
| transition altitude.
| dramm wrote:
| The QHN/Kollsman window setting only affects what is
| displayed to the wetware. When you strip away all that the
| autopilot is just servoing to a pressure altitude. But sure
| if you are flying below the transition altitude and are
| flying between areas with different QNH settings when you
| adjust the setting the autopilot will climb or descend as
| needed because you told it to servo to a different pressure
| altitude.
|
| There are many EFB (e.g. Foreflight), or log book, or other
| flight recorders you can use on an iPhone. And some can
| record the pressure transducer in the iPhone to record an
| approximate "pressure altitude". e.g. Naviter SeeYou
| Navigator intended for gliders can do that (but it's not
| unusual for modern gliders to have an array of sophisticated
| air data sensors and specialized variometers and flight
| computers that would feed the app this data over Bluetooth).
| Popular EFB software Foreflight will not use the iPhone
| pressure transducer, if you want pressure data there you need
| to drive that through an external interface like a Sentry
| ADS-B receiver that has a pressure sensor built into it -- or
| much better if the aircraft is equipped with ADS-B Out can
| receive the "own-ship" ADS-B Out broadcast pressure altitude
| from it's high accuracy encoder). Any in-cabin pressure
| traducer will be sensitive to the difference between
| calibrated static pressure and cockpit pressure, things like
| opening or closing vents, or varying the airspeed significant
| (and ram air pressure or suction on the cockpit exit vents)
| can cause observable changes. And when using an iPhone or
| similar, especially without a great GPS satellite overhead
| view (e.g. in high wing aircraft) you are likely not to get
| high-quality GPS altitude data. think best case ~ +/- hundred
| feet, worse case with little overhead GPS sat view, much
| worse... but those consumer GPS app is likely to happily
| display multiple decimal points of precision :-)
| tim333 wrote:
| At high altitude you do this stuff "When you set your
| altimeter to 29.92, you're flying at standard pressure
| altitude."
|
| The idea is all the planes use the same setting so the one at
| FL35 doesn't hit the one at FL36. But those are not exactly
| 35000 and 36000 feet above sea level.
| inoffensivename wrote:
| nitpicking: that would be FL350 and FL360
| cragfar wrote:
| No idea how true it is, but I overheard someone on a flight say
| that whenever you feel a real sudden jolt on a plan it's really
| only moving like 2-3ft.
| jfim wrote:
| A plane going up and down 20-30 feet seems like it would be
| very unpleasant. Considering that there's longitude and
| latitude, isn't it more likely that the altitude is coming from
| GPS, which is notoriously inaccurate with regards to elevation?
| altgoogler wrote:
| When you take off, you're going up at a rate of 500 fpm to
| 2000 fpm. Even if you go from +1000 fpm to -1000 fpm over the
| course of several seconds, you aren't going to feel much.
|
| At cruise altitude, you're moving along at 500 mph, which is
| 777 feet per second. So going from +30 feet to -30 feet in a
| minute is just an adjustment of only about 5 degrees. You'd
| barely feel it, even walking down the isle. An acceleration
| of 33 ft/sec per sec is 1 g.
|
| You experience greater changes in vertical motion on any
| flight you go on.
|
| *edit: units
| sokoloff wrote:
| > So going from +30 feet to -30 feet in a minute is just an
| adjustment of only about 5 degrees. You'd barely feel it,
| even walking down the isle.
|
| You would pretty obviously feel a change in pitch of 5deg
| walking down the aisle.
|
| You mixed feet per second and feet per minute. 60 feet of
| change across 777 feet of run is about 4.5deg (inverse
| sin(60/777)), such as you'd experience if the change was in
| 1 second instead of in 1 minute.
|
| Calculating 60' change in 777*60 feet, inverse sin
| (60/(777*60)) is 0.07deg, which is why you don't feel that
| change in inclination of the aisle.
| chatmasta wrote:
| Maybe the plane is staying level but the ground is variable
| terrain.
| momirlan wrote:
| it's the Earth vibrating ...
| rockostrich wrote:
| Elevation is relative to sea level, not the ground.
| funnyflywheel wrote:
| This only holds true if you're flying at or above the
| transition altitude. The transition altitude depends on
| where you're flying: for example, in the USA and Canada
| it's 18_000 feet MSL.
| danbtl wrote:
| It's still sea-level. The transition altitude just
| changes the altimeter setting from one that matches the
| current air pressure to a standard pressure setting.
| funnyflywheel wrote:
| I did some more reading, and it turns out I confused QNH
| with QFE.
| twothamendment wrote:
| Yes, the elevation is based on sea level. I don't fly
| much and recently landed in Denver and was watching the
| altitude on the screen in front of me. As we were
| descending we landed well before I was thinking we would,
| about a mile in elevation above sea level.. it was "duh"
| obvious when it happened, but I was tired and clearly not
| thinking about it!
| chatmasta wrote:
| The plane is measuring _altitude_ , which is relative to
| a reference point, unlike elevation which is relative to
| sea level. And if the altitude is determined by pressure
| sensor, musn't it be relative to the ground directly
| below the plane, anyway?
|
| (Although personally, I agree with the sibling comment
| that the variability is likely an artifact of the sensor
| resolution.)
| victortroz wrote:
| It's relative to sea level. After transition altitude
| (18k feet in most places) the pressure setting to the
| altimeter is changed to standard (iirc 1013 hPa) so all
| aircrafts are in the same reference regardless of
| terrain.
| epse wrote:
| Most places in the US, but accurate
| adastra22 wrote:
| Planes dont measure height relative to the ground. How
| would that even work? Their sensor is air pressure, which
| is treated as a function of elevation.
| jjwiseman wrote:
| They do sometimes! Via radar altimeters, when relatively
| close to the ground. And sometimes to keep autopilots
| from freaking out, we have to build radar reflectors to
| make the ground look level to radar even when it's really
| not. https://lustublog.com/2017/02/17/artificiel-mais-
| pas-superfi...
| jjwiseman wrote:
| When you climb to the top of Mt. Everest, the air
| pressure is about 1/3 of what it is at sea level even
| though you're standing on the ground.
| chatmasta wrote:
| Yeah, you make a very good point. Fortunately the blast
| radius of my scientific hubris is limited to whatever
| code I manage to deploy to the internet, and I'm not
| involved in designing or building aircraft.
|
| btw: Aren't you the guy who tracks planes flying in
| circles? I follow you on Twitter. Such a cool project!
| quickthrower2 wrote:
| And using the ground proximity to guide a landing instead
| of altitude has lead to some crashes I have read.
| danbtl wrote:
| Planes report pressure altitude via their transponders. 20-30
| feet up and down is very normal for an autopilot.
|
| GPS altitude is used for vertical guidance for certain types
| of GPS approaches (i.e. "LPV" approaches[1]) and requires the
| airplane's avionics to be equipped with a WAAS[2] receiver
| that provides accurate altitude information.
|
| [1] https://en.wikipedia.org/wiki/Localizer_performance_with_
| ver...
|
| [2]
| https://en.wikipedia.org/wiki/Wide_Area_Augmentation_System
| dhritzkiv wrote:
| 20-30 feet change over what timeframe? The resolution of the
| chart data in the article is about 30 seconds. While I think
| the fluctuation is due to the accuracy of instrumentation,
| 20-30 feet change over the course of a minute seems like
| nothing.
| xvedejas wrote:
| That's significantly slower than a typical elevator, in
| fact. Slow elevators run at about 200 feet per minute.
| pbj1968 wrote:
| My elevator takes almost a minute to go from the first
| floor to the second floor. I guess I have a slow one.
| prmoustache wrote:
| Nobody without disabilities would use such an elevator.
| jjwiseman wrote:
| I don't know what sensors are feeding the API from the post,
| but most passenger jets do broadcast information about the
| accuracy of their sensed position, including vertical
| position/altitude. If you click on an aircraft on the map at
| https://globe.adsbexchange.com/, and scroll the left sidebar
| all the way to the bottom you'll see a section labeled
| "Accuracy". ADS-B Exchange doesn't show Rc/v, the vertical
| position accuracy, but it does show other values. See
| https://mode-s.org/decode/content/ads-b/7-uncertainty.html for
| more information.
| dramm wrote:
| Pressure encoders, as I said. That's what feeds all aviation
| altitude data... i.e. anytime you see the word 'altitude' and
| its not qualified with 'GPS altitude' which is effectively
| not normally used. ADS-B Out concurrently transmits GPS
| height about the ellipsoid data as well as pressure altitude
| data. No use is normally made of the GPS height data. We are
| discussing pressure altitude data here, that's what aviation
| works off of. The accuracy and reliability metrics in the
| ADS-B broadcast you are referencing refers to the GPS data
| not the pressure transducer/encoder data. In cases of encoder
| failure being detected a flag is broadcast and the pressure
| aka baro altitude data field is set to all 0. ADS-B cannot
| give information about the pressure altitude accuracy or
| reliability like it does for GPS metrics. It relies on the
| encoders being better than their +/- 125' accuracy
| requirement and that's tested for periodically. ADS-B can in
| principle broadcast 100' or 25' resolution encoders, that
| info is in the messages. The ones here will be 25'. (I've got
| a long background with ADS-B related technology, currently
| helping the FAA out on some niche stuff).
|
| edit: trying to improve clarity/correctness but there is too
| much to cover here.
| jjwiseman wrote:
| Cool, thanks for the info. (BTW I wasn't disagreeing with
| anything you wrote, I just wanted to mention, since the
| topic of resolution/accuracy came up, that lots of aircraft
| broadcast information about the accuracy of some of the
| sensor data they're reporting, which you can do some pretty
| cool stuff with. E.g. that's how https://gpsjam.org/
| works.)
| dramm wrote:
| Oh sorry I did not think you were disagreeing I was just
| trying to be clear and more trying to clear up the GPS
| accuracy/reliability metrics like SIL, NIC, NACp and NACv
| being broadcast by ADS-B being completely separate to
| anything to do with pressure derived altitude, I was
| going down a rat hole and had to edit that several times.
| And it can be painfully confusing e.g. the failure flag
| for pressure altitude aka baro altitude in ADS-B speak
| failure is called NICbaro but has no relationship to the
| GPS NIC (Navigation Integrity Category) value. And
| depending on the system some of the GPS
| accuracy/reliability metrics are just hard coded, and the
| ones that really matter like NACp are derived from the
| GPS and SBAS reception.
|
| John Wiseman does _great_ stuff with ADS-B Out data.
|
| Also for pilots/aircraft owners/A&Ps: The FAA PAPR
| (Public ADS-B Performance Report)
| https://adsbperformance.faa.gov/PAPRRequest.aspx provide
| a summary of their aircraft's ADS-B performance,
| including all the broadcast GPS quality metrics and any
| reported failure flags etc. The PAPR system will email
| out the PDF report. The owner/pilot/A&P can reply to that
| email and request a Google Earth/kmz and Spreadsheet/CSV
| data for that flight showing all the received ADS-B
| transmissions including all those accuracy/reliability
| metrics. Interesting stuff and very useful for diagnosing
| problems with ADS-B Out installations. So sensitive
| you'll might see say NACp degrade as an aircraft banks
| steeply because the GPS antenna now has a view of fewer
| GPS satellites. Installations in most (non-
| experimental/non-light sports) aircraft effectively
| require use of PAPR to formally validate a new
| installation is working correctly. It's a good thing for
| owners to also just periodically check their aircraft's
| ADS-B performance using PAPR. I suggest just before and
| after each annual inspection for GA/light aircraft.
| simonjgreen wrote:
| Also worth noting that the datum used to translate from
| pressure to altitude switches at the transition threshold,
| usually 18,000ft, from actual local ground pressure
| (supplied by ATC in all initial contacts) to 29.92 Hg.
| ssaannmmaann wrote:
| I went down a rabbit hole by clicking on
| globe.adsbexchange.com :)
| yread wrote:
| I guess they got a lot more precise with implementation of
| Reduced Vertical Separation Minimum (RVSM) - planes had to be
| separated by 2000 ft and this was reduced in early 2000s to
| 1000ft
| ceejayoz wrote:
| It was probably fairly precise already. To get their license,
| a private pilot must demonstrate via a checkride the ability
| to stay within 100 feet of an assigned altitude, even in a
| steep turn.
| wkipling wrote:
| Not quite how it works.
|
| These are the instruments we are referring to not the
| ability of pilots. In fact in RVSM airspace the autopilot
| must be used.
|
| Instruments must be very accurate given the reduced
| separation in RVSM airspace. Often on modern aircraft
| multiple altimeters are compared and voted to provide a
| single output provided to the displays and autopilot.
| ceejayoz wrote:
| That's missing the point.
|
| If a human can manage to keep it within 100 feet of a
| desired altitude, an autopilot most certainly can; it
| didn't require new technology in the 2000s. Autopilots in
| the 1960s/1970s weren't seesawing all over the skies.
| sokoloff wrote:
| RVSM is overwhelmingly about instrumentation accuracy and
| precision, not pilot capability. [0]
|
| The pressure difference between 5K MSL and 10K MSL at
| standard conditions is 14.6 kPa.
|
| The pressure difference between 30K MSL and 35K MSL at
| ISA is 6.3 kPa.
|
| For a given amount of aircraft-to-aircraft variability in
| their precision altitude sensing equipment, the resulting
| difference in actual altitude is more than double in RVSM
| airspace than in the lower altitude range above.
|
| _That 's the reason for RVSM_: there is less change in
| pressure with change in altitude, coupled with a very
| busy altitude range (such that controllers would have an
| operational need to pass traffic overhead with only
| vertical separation rather than being able to use
| vectoring to achieve lateral separation between
| aircraft).
|
| It's not a linear relationship, but if I take an airplane
| with a 0.75 kPa absolute error in one direction and pass
| traffic with a 0.75 kPa absolute error in the other
| direction 1000' indicated above them, at low altitude,
| that 1.5 kPa total error is a little over 500 feet while
| IFR-IFR separation is 1000 feet minimum outside of RVSM.
| (These aircraft would likely be right on the border of
| passing a non-RVSM static system check.)
|
| If I take those same two aircraft into the mid flight
| levels and pass one over the other at 30K and 31K feet,
| the total error is around 1200 feet, which is why non-
| RVSM aircraft cannot be separated by 1000 feet in RVSM
| airspace, because you don't know that they'll miss each
| other.
|
| Improve the accuracy and precision of the static system
| and improve the examination criteria, making the airplane
| RVSM-capable, and now you can pass that traffic over each
| other at 1000' of indicated separation and be sure
| they'll miss.
|
| [0] - There is a pilot training requirement, which is
| focused on knowing the rules for RVSM and does not
| involve a checkride.
| ceejayoz wrote:
| Still missing the point.
|
| You're talking about getting different aircraft to agree
| between each other.
|
| The post upthread expressed surprise at an aircraft
| maintaining a steady altitude to within tens of feet.
| That's been a thing for many decades.
| sokoloff wrote:
| I think you're at least partially missing the point.
|
| For autopilots servo'd to pressure altitude, holding
| altitude to within 0.02 kPa _is more difficult_ than
| holding altitude to within 0.05 kPa or to within 0.30 kPa
| (which is roughly the private pilot checkride standard
| as-tested).
|
| Modern autopilots are actually better at holding altitude
| to a very tight tolerance than ancient, analog
| autopilots. Both can hold standards well within the PPL
| ACS.
| Dylan16807 wrote:
| > holding altitude to within 0.02 kPa is more difficult
| than holding altitude to within 0.05 kPa or to within
| 0.30 kPa
|
| "more" difficult is obviously true, but the difficulty of
| holding an altitude is only a small part of the overall
| difficulty of RSVM.
|
| In other words, RSVM is much more about accuracy than
| precision, and the claim was that planes were "probably
| fairly precise already". The reason they needed upgrades
| was to improve the accuracy, not so much to improve the
| precision.
| BWStearns wrote:
| For small planes a 20-30 foot range isn't abnormal for hand
| flying if you're paying attention. I'm sure in cruise an
| airliner is using an autopilot though.
|
| I once had ATC ask if everything was cool on flight following
| after a hundred foot drop and I was surprised they were paying
| that much attention. I had forgotten to put my life jacket on
| before a water transit and while I was putting it on handed it
| off to my wife who hadn't taken lessons yet (she later got her
| license!). It was interesting to see that their tracking was
| precise enough for them to chime in.
| svag wrote:
| When I am on a flight and the flight does not provide the
| flight information, I am using the OsmAnd, https://osmand.net/,
| to monitor the flight altitude, speed and direction.
| GuB-42 wrote:
| I have read somewhere that so much precision could actually be
| dangerous in some circumstances.
|
| This is because this way, if a pilot goes 3000 ft for instance,
| it will be exactly 3000 ft, if another pilot also wants to go
| 3000 ft on a collision trajectory, it will be a guaranteed
| collision. When altitudes are not that accurate, there is a
| higher chance it being just a near miss. The solution, I think,
| was to simply avoid round numbers. So now, it is 2950 ft, 3050
| ft,...
|
| I may have the details wrong, but I am quite sure about that
| problem being seriously considered.
| _moof wrote:
| Yes, it's called the navigation paradox, and it mostly came
| about with the advent of GPS. It's the reason we now have
| what's called "strategic lateral offset procedure," or SLOP,
| whereby aircraft on heavily trafficked oceanic routes fly
| zero, one, or two miles off the centerline, randomly chosen.
| darkerside wrote:
| This is really interesting. But it seems like it could make
| collisions more likely, and the better solution would be
| separate corridors for east vs west traffic. Are there
| really 5 bidirectional lanes?
| _moof wrote:
| It's a bit more complicated than that. The routes I'm
| talking about are the North Atlantic Tracks, which are
| used for most traffic between North America and Europe.
| There are multiple tracks and SLOP is used within each
| track. All of the tracks run in the same direction at the
| same time, switching directions twice a day. They go
| eastbound at night, westbound during the day. SLOP is a
| mitigation to prevent aircraft in sequence on the same
| track from colliding. There are, of course, many other
| systems and procedures in place to prevent such
| collisions, but it's belt-and-suspenders up there.
| spixy wrote:
| how is it any better when 2 opposite planes choose same
| 2950ft?
| Dylan16807 wrote:
| It's not. But now that's half as likely. Several choices
| are even better.
| wesapien wrote:
| What software did you use to do the visuals? I want to try this
| out.
| jamesbvaughan wrote:
| I used chart.js [0], but I don't necessarily endorse it - it's
| just what I knew how to use quickly. I usually try to keep my
| posts free from javascript, and could have used a different
| tool that gives me SVG data or images.
|
| You can see the code that's generating these charts here:
| https://github.com/jamesbvaughan/jamesbvaughan.com/blob/main...
|
| [0] https://www.chartjs.org/
| fer wrote:
| I belive this is OPs flight if anyone wants to compare plane data
| with ADS-B one.
|
| https://www.flightaware.com/live/flight/SWA2340/history/2023...
| schoen wrote:
| Conceivably, the ADS-B data source might be the same as the
| data source for this API, at least in that they might be
| calculated from the same instruments and flight systems.
| fer wrote:
| Potentially, but altitude and speed data on ADS-B are
| constrained to just 11 bits (+ 1 bit dedicated to the
| resolution: 25 vs 100-feet increments).
|
| So while I believe the data source is the same, one can see
| quantization artifacts when comparing both signals.
| jamesbvaughan wrote:
| That is the flight. This is a cool idea - I wish I had thought
| of it!
| ardit33 wrote:
| It is just 8 bucks for the full service... just buy the internet
| bro. It is actually pretty good.
| s3p wrote:
| You're not understanding the point of the comment. The Flighty
| team did some amazing engineering work for anyone who _doesn
| 't_ pay.
| catiopatio wrote:
| > amazing engineering
|
| Background updates are a built-in, supported, documented
| feature, widely employed by applications on the platform, and
| accessible to anyone that reads the two pages of
| documentation required to use them:
|
| "Pushing background updates to your App -- Deliver
| notifications that wake your app and update it in the
| background."
|
| https://developer.apple.com/documentation/usernotifications/.
| ..
|
| _edited for politeness_
| teaearlgraycold wrote:
| Why is that toxic?
| catiopatio wrote:
| A cognitive filter that misrepresents reality is toxic.
| [deleted]
| teaearlgraycold wrote:
| That's how all thought works.
| tomrod wrote:
| I build AI/ML systems. I think delivering digital content
| through alternative pipes is _amazing work_. It has
| applicability far beyond simple aerospace wifi paywalls.
| catiopatio wrote:
| > _I build AI /ML systems._
|
| What's the relevance?
|
| Push notifications aren't some odd "alternative pipe" and
| conveying data via push notifications is a known and
| supported use-case.
| turquoisevar wrote:
| I don't know what you have against Flighty but you through
| considerable lengths in the thread below to spend time on
| letting everyone know how unimpressed you are about their
| efforts.
|
| Your lack of amazement is duly noted, I suggest you don't
| waste any more time on it.
|
| That said, I, like others, _are_ indeed impressed for a
| couple of reasons.
|
| For starters because of the simple fact that they've found
| a novel way to use background notifications to provide
| users without unrestricted internet access with flight
| updates.
|
| Contrary to what you imply, and subsequently fail to
| substantiate, there aren't many, if any, other apps that
| use background notifications in such a novel way, certainly
| not in a way to circumvent restrictions and limitations on
| data connections.
|
| Moreover, I have never seen background notifications being
| used to push concrete data to apps. This is because there
| are severe payload size constraints on notifications,
| including background notifications.
|
| Typically when background notifications have been used, it
| simply contains an instruction to download data from a
| remote server, something that wouldn't work on a limited
| connection.
|
| Instead, Flighty uses the minimal payload size to push the
| actual concrete data used by the app.
|
| Additionally there are some limitations in how often a
| background notification gets delivered to the tune of a few
| times per hour, worse yet, delivery of these notification
| is inconsistent because it's beyond the app's control of
| they get delivered at all.
|
| To account for this, Flighty will use the background
| notifications to update the data where it can and make
| estimations in times it cannot not until the next time it
| can receive an update.
|
| I'd go as far as call that amazing engineering.
|
| You might not and I don't know your qualms with Flighty,
| but you're doing a poor job of convincing people to see it
| your way.
| catiopatio wrote:
| You're right, I see that as embarrassingly trivial. This
| whole thread is inane -- if using a simple API is
| "amazing engineering", what do you call the actual
| amazing engineering you're holding in your hand right
| now?
|
| I have nothing against Flighty -- this has nothing to do
| with Flighty. Background notifications are trivial and
| _all_ apps can and should be using them to solve this
| type of problem. It's detrimental to have folks
| mistakenly operating under the belief that this is
| complex, unusual, or difficult.
|
| Sure, the payload size is limited, but it's not
| impossibly small, and custom keys with arbitrary payload
| are explicitly and obviously documented as supported.
|
| Overly-effusive praise doesn't do anyone any favors.
| mynameisvlad wrote:
| They're using push notifications in a novel way to provide
| the app the necessary information to update itself without
| needing to be connected to the full internet. That's quite
| a bit beyond "They're using push notifications" and no
| other app does that AFAIK. Almost all will use the push
| notification _as a notification_ and trigger an update on
| app open which would fail.
| catiopatio wrote:
| Tons of apps do that. It's a built-in, supported use-
| case!
|
| It's also the trivial, obvious approach to anyone who
| asks the question "how can I push data to the application
| when it's not running."
| mynameisvlad wrote:
| Give me one example, then. Of an app which _uses a
| notification as an actual app data source_ and not just
| as a notification which opens the app. And which also
| updates the primary app view to reflect this new
| information.
|
| No other app has updated its app state based on the
| content of notifications. Slack/Discord/Teams et al (the
| ones that aren't allowed on free messaging plans) will
| show you previously cached messages and then an infinite
| spinner when you open it. Fastmail/Gmail/Outlook et al
| will show you existing emails but not load the new ones.
|
| _Could_ other apps do this? Surely. _Do_ they? No.
| catiopatio wrote:
| _Slack /Discord/Teams_? Those are desktop web
| applications hosted via Electron. Failing to leverage
| basic platform functionality is practically their telos.
|
| It's a trivial, documented, supported, long-standing API
| for a common use-case. It is widely used, as documented,
| for its intended purpose.
|
| I cannot share information about specific applications.
| mynameisvlad wrote:
| Uh, all those apps have mobile counterparts.
|
| > I cannot share information about specific applications.
|
| So you don't have an example of an app using such a basic
| and widespread feature? Ok.
| catiopatio wrote:
| A mobile webapp is still a webapp, and "I cannot share"
| does not mean "I do not have".
|
| You're the one with an extraordinary claim here -- that
| applications aren't using such a basic, documented,
| widespread feature.
|
| It's patently silly and I have no idea why you're so
| self-assured in your ignorance.
| constantly wrote:
| No one is asking for a survey of apps that do this.
| You're making the claim that it's far from rare, so you
| have enough knowledge to make this claim. Share with us
| the smallest piece of your knowledge by naming one single
| other app that does this. It's the least you can do since
| you're making the claim. Please, I'm very curious!
| s3p wrote:
| I'm curious as well.
| catiopatio wrote:
| Why?
|
| Do you genuinely believe it's uncommon for applications
| to leverage this useful, trivial, long-standing platform
| API for its intended and explicitly documented purpose?
|
| I can't imagine why you'd believe that, but another
| commenter already provided the requested single example
| up-thread.
| nickf wrote:
| I really think you've missed the point. Opening any of
| those apps after receiving the notification _requires_ a
| network connection to then update. It's not done via the
| push notification itself. I have never seen that happen
| in my experience. Flighty does, hence why it's deemed
| clever.
| catiopatio wrote:
| I have not missed the point.
|
| Background notifications can and do carry arbitrary
| application data, and are used to update the application
| state in the background.
|
| This is their intended purpose, it's what they're
| documented to do, it's how Apple intends them to be used,
| and it's common application behavior.
|
| This is literally a plainly documented feature of the
| platform. It's not clever or unique or unusual -- it's a
| simple feature that Apple specifically documents.
|
| I cannot even begin to fathom why people are confused
| about this, and it's truly mind-boggling that this has
| required a thread at all.
|
| Slack/Discord/Teams are non-native applications that do
| not leverage the platform's support for updating
| application state via notifications. That does not mean
| the use of background notifications is unusual or rare.
| It is not.
| TehShrike wrote:
| Podcast players like Overcast use push notifications to
| learn about new episodes of podcasts that should be
| downloaded in the background. Presumably text-based RSS
| readers do the same.
| Gormo wrote:
| Where are the push notifications originating from? Does
| Overcast have a cloud service that polls the RSS feeds
| and then sends the notification? I use AntennaPod on
| Android, and it definitely doesn't do anything like that
| -- the feed list is stored locally, and the feeds are
| polled locally.
| interestica wrote:
| What other apps do this?
| el_benhameen wrote:
| Sure. But you're on a site called "Hacker News". I'm not sure
| that there's a more perfect topic of discussion for a site with
| that name.
| renewiltord wrote:
| [flagged]
| el_benhameen wrote:
| I think the spirit of the comment was "here's an
| interesting technical question" versus "how can I get eight
| bucks of free shit".
| lapetitejort wrote:
| "Wait, why did my Amazon account get banned?"
| capableweb wrote:
| Or: Hey, why did my AWS production server for my startup
| suddenly go down and I cannot access my account anymore?
| [deleted]
| jstarfish wrote:
| Hahaha. Reminds me of a savings "hack" my brother once
| shared at the dinner table with a straight face:
|
| Just take any adhesive label off of the "clearance" meat at
| the supermarket, and apply it to the cut you wanted to buy.
| Instant savings!
| [deleted]
| arcanemachiner wrote:
| We've come full circle.
|
| https://www.youtube.com/watch?v=HmZm8vNHBSU
| acka wrote:
| "Oh no, not again..." quoted from (not stolen, not
| infringing any copyright because of fair use) from The
| Hitchhiker's Guide to the Galaxy by Douglas Adams.
|
| This nonsense has to stop. Copying a movie, or using the
| internet on someone else's plan is not piracy is not
| theft.
|
| Quoting from memory from my old Webster's dictionary
| which I have owned since I was a student a long time ago:
|
| Theft: The act of taking property and removing it so that
| the rightful owner is no longer in possession of it.
|
| Piracy: the practice of attacking and robbing ships at
| sea.
|
| Equating copyright infringement or violation of terms of
| service with theft or piracy is completely unwarranted
| messing with definitions of terms that have served their
| purpose for centuries.
|
| Worse yet, the abuse of these terms in recent times
| misdirects people's attention away from the underlying
| flaws: artificial scarcity and the inability to enforce
| restrictions on use; you can not steal data (unless you
| steal the physical medium the data is stored on) nor can
| you pirate a service.
|
| Making unauthorized copies or violating the terms of use
| of a service may be deemed objectionable but these
| actions are most certainly neither theft nor piracy.
| pmarreck wrote:
| This is probably the least-intelligent comment on this
| entire page. I would literally buy downvotes to bury this
| obnoxious stupidity into oblivion.
|
| There's a _significant_ contextual, moral and ethical
| difference between "exploring a lock" and "opening it and
| stealing whatever it's holding from you".
|
| Also, you're another one who apparently needs to read the
| domain name of this site aloud to yourself again.
| renewiltord wrote:
| > _I would literally buy downvotes to bury this obnoxious
| stupidity into oblivion._
|
| How much will you pay me to delete it? I can send you an
| Ethereum address.
| pmarreck wrote:
| If you really think the folks here do this to save a few bucks,
| you both 1) don't realize what the average pay of people here
| is, and 2) are completely tone- and context-deaf.
|
| Look at the domain name of the site you're posting on and _read
| it out loud._ FFS dude. LOL
| dang wrote:
| We detached this subthread from
| https://news.ycombinator.com/item?id=37691621.
| dheera wrote:
| Tomorrow it'll be 8 bucks to drink water, 8 bucks to use the
| bathroom, ...
|
| Yeah, you can argue internet isn't a necessity. Neither is the
| bathroom, you can use a poo bag and a diaper. But we're a
| civilized society. So we provide bathrooms to anyone that needs
| them. And internet access.
| zeroonetwothree wrote:
| This seems like a poor slippery slope argument. It's not as
| if charging for internet is new, it's been what? 20 years?
| And yet they still don't charge for water
| dheera wrote:
| Checked bags, carry-on bags, and meals used to be free, and
| they are all now not free.
|
| There are budget airlines outside the US that are charging
| for water (which I think is unethical IMO, since people
| avoiding drinking water could lead to an increase in
| medical emergencies).
| jrms wrote:
| Still
| Martinussen wrote:
| Is that an American thing? Absolutely paying for the water
| here.
| Gormo wrote:
| And public restrooms seem to be paywalled everywhere in
| continental Europe too -- not sure about the airlines,
| since I usually fly US carriers, but every restaurant or
| shopping mall I visited in Italy, Germany, and the
| Netherlands required a euro or so to enter the toilet.
| I've never seen a pay toilet anywhere in the US.
| dheera wrote:
| On the other hand, my experience has been that a lot of
| toilets in US are "customers only" for males but free for
| females
| ShadowBanThis01 wrote:
| On planes? Seriously? Where?
| mvdwoord wrote:
| Recently on a 3 hour flight with ROM air I had to pay for
| water... not even a single glass for free.
|
| Was quite shocked.
| dheera wrote:
| Not only that but at the Beijing airport there were no
| water refill stations and the bottle of water I bought at
| the airport POST-security was confiscated upon boarding.
| Fortunately I was boarding an airline with free water,
| though.
| gruturo wrote:
| Lufthansa, or Luftwaffe as I call them due to the...
| military kindness they often display.
|
| No food and no water. Most recent data point: April 2023,
| Standard Economy (not Basic Economy). International, 4.5
| hours flight (Germany to Tenerife) (and back). The flight
| had a LH code, although operated by Eurowings which
| according to Wikipedia is a wholly owned subsidiary of LH
| (https://en.wikipedia.org/wiki/Eurowings).
| hocuspocus wrote:
| The speed unit looks more like knots than mph.
| jamesbvaughan wrote:
| Good catch! I'm not very familiar with knots - what
| specifically makes the speeds here look like knots to you?
|
| edit: Updated the article. Thanks!
| KolmogorovComp wrote:
| Airline planes never use mph but only knots.
| mjpa86 wrote:
| Was on a UK flight last week, was told speed in mph. Pilots
| etc might use knots but if the data is for passengers, mph
| is more likely
| capableweb wrote:
| Well, most airlines. I think both China and Russia already
| switched to SI units (so km/h), and supposedly ICAO
| recommends using km/h but there is exception for using
| knots and there is also no end date to stop using knots, so
| everyone just continues to use knots.
| seabass-labrax wrote:
| It's not that they 'already switched', but rather that
| early Russian aircraft had used the metric system for
| instruments and China acquired much of their early
| aircraft from the USSR.
|
| In the West, it was well into the 50s before knots became
| conventional. Many (but not all) British and American
| aircraft used miles per hour, and most of non-communist
| mainland Europe used the metric system. I am not aware of
| whether there was some agreement to choose knots, but by
| the 60s almost all western aircraft had instruments in
| knots and nautical miles.
| [deleted]
| jamesbvaughan wrote:
| That makes sense.
|
| One reason I think it could be MPH despite that is because
| some of the other data seems like it's been processed so
| that it doesn't need to be transformed any further on the
| client side before using it in the UI, and the UI displays
| the speed in MPH.
|
| If I were still on the flight, I could just compare the
| numbers in these payloads to the MPH number in the UI and
| confirm.
| mulmen wrote:
| Based on the lat/long of your destination and the
| coordinates of the plane I believe the distance and speed
| actually are in miles and mph:
| https://news.ycombinator.com/item?id=37694487
| hocuspocus wrote:
| Your ground speed plot hovering around 500 mph would be ~800
| km/h which is oddly slow for an airliner, unless you were
| facing strong headwinds the entire way.
|
| The nautical mile is historically the common unit for marine
| and air navigation.
| scatters wrote:
| Clarification: a knot is one nautical mile per hour.
| JoeAltmaier wrote:
| Isn't it 1.15mph?
|
| https://www.metric-conversions.org/speed/knots-to-miles-
| per-...
| jdsnape wrote:
| Yes for statute miles, but it is also one nautical mile
| per hour
| toyg wrote:
| nautical mile is 1.15 land mile.
| chx wrote:
| 487 miles per hour would only be 0.63 Mach which is very
| slow.
|
| 487 knots would be 0.73 Mach which is much closer to the rule
| of thumb 0.78 Mach cruise speed expected.
|
| https://krepelka.com/fsweb/learningcenter/aircraft/flightnot.
| .. (and yes, it's a simulator but it's still good for real
| world)
| mulmen wrote:
| Mach is a product of altitude and we only have ground speed
| so we'd need weather information and heading to compare.
| hocuspocus wrote:
| Sorry it seems I was completely wrong, it's MPH, your ground
| speed was on the slow end:
|
| https://www.flightradar24.com/data/flights/wn2340#322ad9f6
| kvmet wrote:
| Knots are typically used for aviation. Also different planes
| have their own optimal speeds for efficiency that the
| airlines aim for so if you know the airframe you can derive
| what they are most likely targeting. You can also compare the
| value to the filed flight plan and see if it is similar.
| dclowd9901 wrote:
| Knots are used for aviation, but this data looks like it's
| being consumed by the in-flight UI, and most _people_ are
| not familiar with knots in terms of speed. Indeed, using
| the UI shows MPH vs. knots. My money is this speed being
| mph.
| dclowd9901 wrote:
| I don't think so. When you use the portal, it displays speed in
| MPH -- I highly doubt there's some knots->mph converter in the
| frontend code.
| mulmen wrote:
| I have been on (international?) flights where the in-flight
| display gave me a choice. It may still be done on the backend
| but doing that kind of conversion in the UI is at least
| arguable.
| jandrese wrote:
| I'm not so sure. The same data packet claims that the flight
| has 2h 25m of flight time left to cover 1167 miles. That works
| out to 483 mph, which is pretty close to the stated 487 and
| might be explained by some padding added to the time to account
| for taxiing.
|
| Unless that 1167 figure is in a different unit it doesn't even
| come close to working out at 487 knots ground speed.
| mulmen wrote:
| Coming at this another way:
|
| The blog says the destination was Oakland. The Oakland
| International Airport is at 37deg43'17''N 122deg13'15''W. The
| data packet also contains the current lat and long of the
| flight as 40.201 and -100.755 respectively. Plugging that in
| to a distance calculator [2] gives 1163 miles, 1010.6
| nautical miles, or 1871.6km. So the distance value of 1167
| appears to be miles.
|
| At 487mph covering 1163 miles would take 2.3963039014 hours
| or ~2h23m. If the speed is knots then it would be
| 2.08233112598 hours or ~2h5m at 560.4296mph. So mph makes the
| most sense given an estimated time of arrival of 2h25m.
|
| So I think you are right, the distance appears to be miles
| and the speed MPH. This makes sense for an in-flight
| infotainment system on a US domestic flight.
|
| The difference between 1167 and 1163 can probably be
| explained by the fact that the plane is 6.5 miles in the air
| traveling at 8 miles per minute and we don't know update
| interval or if the distance is in the air or on the ground.
|
| [1]: https://geohack.toolforge.org/geohack.php?pagename=Oakla
| nd_I...
|
| [2]: https://www.omnicalculator.com/other/latitude-longitude-
| dist...
| extraduder_ire wrote:
| You have to descend and wait for landing clearance when you
| approach the airport, adding track miles.
|
| The two units are confusingly close to each other though.
| mulmen wrote:
| The plane is probably following a flight path and not an
| actual straight line as well.
| [deleted]
| hocuspocus wrote:
| My bad, you're right
| https://www.flightradar24.com/data/flights/wn2340#322ad9f6
| apendleton wrote:
| ... I mean, it could be in nautical miles, no?
| [deleted]
| H8crilA wrote:
| You can also get an SDR (a $50 RTL-SDR will do) and listen to
| your own plane's ADS-B signal. For visualization you can use
| tar1090. Private Flightradar24.
|
| With the same SDR you can also listen to the ATC comms, as well
| as see ACARS messages. It's a bit tedious to listen to ATC and
| your own pilots, but you'll know exactly why your plane is
| delayed.
| gslepak wrote:
| Why don't all the images load in Firefox?
| jackconsidine wrote:
| Love the spirit of this article. The author could have Git-
| scraped [0] this info!
|
| https://simonwillison.net/2020/Oct/9/git-scraping/
| jamesbvaughan wrote:
| This is cool - thanks for sharing
| TheHappyOddish wrote:
| For those not in (I presume) the US, "Southwest" appears to be
| the name of an airline. I was disappointed to find out this
| wasn't a puzzle to solve when only travelling in a specific
| direction, but still an interesting read.
| RagnarD wrote:
| I have to wonder if some eager LEO would try to find some
| illegality in this, especially given all of the federal laws
| around aircraft. Obviously it's innocuous, but I'd think twice
| about writing about this kind of tinkering for that reason.
| Thaxll wrote:
| Reminds me how old and unsecure those system used to be, years
| ago they would perform DNS queries but block most traffic,
| meaning that you could get free internet by using DNS tunneling.
|
| Same for the movies on board, if they have some apps and not just
| movies in front seat, you can use vlc, ffmpeg to download / watch
| the movie without ads / interruption.
|
| When I was doing some digging they used a lot of Panasonic
| solution and open source stuff such as squid cache, apache http.
|
| https://na.panasonic.com/ca/industries/avionics
| amacalac wrote:
| Reminds me of the time I dumped CANbus data off a Yamaha R1 bike,
| made sense of the data, and displayed it on a bunch of charts.
|
| Interesting data like Accelerator Handle position, you can figure
| out how much a rider is really cranking it, and how aggressive
| they are riding.
| jasonjayr wrote:
| ... Which is precisely the data those data loggers you plug in
| from insurance companies track to adjust/refine your rates
| .....
| mikepurvis wrote:
| Honestly, it seems pretty fair to me. If I'm a careful,
| occasional driver, and the insurance company otherwise has no
| way of knowing that, then they have to bill me like I'm
| commuting every day in stop and go traffic, distracted by
| podcasts and who knows what else.
|
| There will probably always be a "premium" market for no-
| questions-asked insurance, but if the company can give me a
| break on my rate based on my driving behaviours correlating
| to a lower incident likelihood, I'll happily take that break.
| Even better if such measures correspond to drivers across the
| board adjusting their habits now that it hits them directly
| in the wallet.
| jasonjayr wrote:
| At it's face, yea, it sounds fair, and the more data you
| feed to the actuarial tables, the more accurately they can
| identify the specific cost of insuring that driver.
|
| My concern is that it's a tragedy of the commons type
| situation: this normalizes data surveillance. We have no
| idea exactly what data the device is transmitting, and what
| the insurance company will do with that data. Regulations
| protecting this data are weak-to-non existent.
|
| With everyone's budget being stressed, people are quick to
| trade a few dollars to sacrifice privacy, and then this
| technology is being mandated everywhere.
| mikepurvis wrote:
| Fair, though given that manufacturers are already doing
| this stuff anyway, it feels like a problem to be solved
| with broader privacy legislation than by making good
| drivers pay for the cost of bad drivers.
|
| On the other hand, I suppose I'm a bad person to make
| this argument since I actually dislike personal
| automobiles for a whole host of reasons, so I'd just as
| soon get back my privacy by walking, cycling, and using
| mass transit.
| akira2501 wrote:
| The majority of fatalities involve drugs or alcohol, they
| often involve youth and speed, and occur at night. Many
| insurance claims involve single vehicle accidents and
| weather or other wear related damage. The most common two
| vehicle claim is rear ending into a stationary vehicle,
| where it's not particularly difficult to determine fault.
|
| Further, none of this matters all that much if you have a
| straight liability only policy, since that's based on
| liability of damages and not replacement property values.
|
| These devices make very little sense to me and I'd be
| curious to know if anyone has any data that the presence of
| these devices is having any impact whatsoever.
| LesZedCB wrote:
| I did one of those once and tried for three months to drive
| really carefully.
|
| in Boston.
|
| it basically broke me and my driving sanity for 6+ months and
| made me a really worse driver for a while, maybe
| permanently?? and my rate basically didn't change at all.
| mvkel wrote:
| Love this kind of stuff.
| MayeulC wrote:
| Ah, interesting. I guess this could be used by UnifiedNLP:
| https://f-droid.org/en/packages/de.sorunome.unifiednlp.train...
|
| Also, KDE Itinerary:
| https://invent.kde.org/pim/itinerary/-/blob/master/src/app/S...
|
| I'm off pinging the relevant projects :)
| bowsamic wrote:
| What a waste of time
| mavili wrote:
| Almost a duplicate, but actually not:
| https://news.ycombinator.com/item?id=37692832
| ggm wrote:
| does anyone think the marginal cost of internet in flight may
| drop to free? It's already commonly rolled up in J class seats.
| sciencerobot wrote:
| Just make sure to never send a PATCH request
| jamesbvaughan wrote:
| Considering how delayed that flight was, I'd have loved to be
| able to PATCH the `dist_remain` field.
| hackmiester wrote:
| Here is how to get the equivalent data on a Delta flight.
| $ curl https://wifi.delta.com/api/flight-data | jq %
| Total % Received % Xferd Average Speed Time Time
| Time Current Dload
| Upload Total Spent Left Speed 100 448 100
| 448 0 0 5600 0 --:--:-- --:--:-- --:--:-- 5743
| { "timestamp": "2023-07-11T14:54:41Z", "eta":
| "17:48", "flightDuration": 278,
| "flightNumber": "DAL786", "latitude":
| 39.723472595214844, "longitude": -97.1514205932617,
| "noseId": "3879", "paState": false,
| "vehicleId": "N879DN", "destination": "KPDX",
| "origin": "KATL", "flightId":
| "N879DN_SF_20230711121358", "airspeed": null,
| "airTemperature": 24, "altitude": 33922,
| "distanceToGo": 179, "doorState": "Closed",
| "groundspeed": 442, "heading": -73,
| "timeToGo": 174, "wheelWeightState": "Off" }
|
| And a fun snippet for you. $ curl -s
| https://wifi.delta.com/api/flight-data | jq -r
| '"https://maps.google.com/?q=", .latitude, ",", .longitude' | tr
| -d '\n'; echo
| https://maps.google.com/?q=40.5615234375,-101.2824478149414
| denvaar wrote:
| What makes it so that you can only resolve the host
| wifi.delta.com during a flight?
| gsk22 wrote:
| I assume the DNS server on the in-flight router is programmed
| to resolve that hostname to some local device.
|
| Similar to how I can log into my ASUS router from my home
| wifi by visiting asusrouter.com.
| c7DJTLrn wrote:
| It would be nice if you could send a POST request to open the
| door if you want some fresh air.
| hackmiester wrote:
| I tried to change the flight level by PATCHing altitude, but
| it seemed to require authentication. Oh well.
| CamperBob2 wrote:
| This sounds like a good way to meet some upset people with
| expensive sunglasses shortly after you land.
| [deleted]
| jmharvey wrote:
| It's not like that at all. The sunglasses aren't that
| expensive.
| hackernewds wrote:
| after you land also open to interpretation
| ComputerGuru wrote:
| Maybe you can take risks like that, but I certainly can't.
| I don't think anyone with my name or skin color would be
| given the benefit of the doubt for even a moment.
| foxhill wrote:
| let me guess, you experience "random selection" events
| more than the expected amount?
|
| apologies for joking. it must suck.
| thomashop wrote:
| Your comment made my day. Eye opening
| queuebert wrote:
| You probably can. I suspect airliner software is appallingly
| insecure.
| epse wrote:
| Relies very strongly on simple airgapping. Can't do
| anything to it if there's no wires in the direction you
| want. Can't remotely hack if there's nothing antenna
| connected that can talk to flight control. It has the
| luxury of not needing to do the "limited RCE" that is a
| modern web request
| inopinatus wrote:
| In the article above, in-flight wifi has an API reporting
| position, altitude, and velocity. That is a feed from
| avionics, which renders the claim of airgapped systems
| essentially null.
| hattmall wrote:
| The plane has a transponder that reports this information
| to the ground, ATC, other aircraft etc. The infotainment
| server has a receiver that gets this data. Or in some
| cases they instead pull it from a ground based service
| via the internet. The transponder is not able to receive
| signals, so it is air gapped.
| inopinatus wrote:
| A quick review of published information reveals this
| claim as false. A typical airliner FMS feeds information
| to IFE via gateway devices. The integration is intended
| to be one-way. Airgapped they are not.
|
| Such analytical delusions are the first step on the road
| to failing to adequately mitigate threats. As practiced
| by "it can't happen here" school of fucking up.
|
| Fortunately, it seems far more likely that aircraft
| system designers do not rely on any such assumption, and
| practice defence in depth. There was a good talk at
| DEFCON 22 by Phil Polstra on the matter.
| aftbit wrote:
| Documentation please?
| inopinatus wrote:
| The talk above is available online.
| [deleted]
| nucleardog wrote:
| They could, for the sake of a ridiculous but clear
| example, have a display hooked up to the avionics and a
| camera hooked up to a separate computer which reads the
| values.
|
| There are various ways of connecting systems while
| physically guaranteeing one way data flow--a fiber optic
| link with the transmitter removed from one end and the
| receiver removed from the other is basically a less silly
| "camera pointed at a display" and used in the real world.
|
| You could argue the exact semantics of "air gapped", but
| for the discussion here that's accomplishing the same
| thing. The fact that the passenger network has some
| visibility into the avionics network is not, in and of
| itself, any indication of an issue.
| upwardbound wrote:
| +1. Instead of saying "airgap" a term I've seen for what
| you're describing is "data diode".
| [deleted]
| [deleted]
| hk1337 wrote:
| Someone will probably figure out how to send a request to
| disable auto-pilot or turn off the fasten seat belt sign.
| naikrovek wrote:
| the airline industry is nowhere nearly as stupid as the
| software industry with things like this.
|
| the communication between plane and wifi/entertainment
| system, if there is any, is _almost certainly_ one-way.
| likely, the wifi system providing this info is receiving
| data from the flight systems and repeating it or
| transforming it a bit and providing that.
|
| it would not surprise me at all if the flight attendants
| have to program everything about the flight into the system
| prior to departure each flight, and there is no
| communication from the aircraft at all.
| jpalomaki wrote:
| "The computer network in the Dreamliner's passenger
| compartment, designed to give passengers in-flight
| internet access, is connected to the plane's control,
| navigation and communication systems, an FAA report
| reveals." [1]
|
| (I guess there's some kind of firewall, but we know that
| those are not always perfect)
|
| [1] https://www.wired.com/2008/01/dreamliner-security/
| AdamN wrote:
| Not a problem as long as you reboot your Dreamliner every
| once in a while: https://www.theregister.com/2020/04/02/b
| oeing_787_power_cycl...
| eep_social wrote:
| IIRC the in-flight infotainment systems are entirely
| separate from the avionics control systems at the data
| layer. I recall being told that in some cases even the
| flight status is actually pulled from a 3p api service
| rather than hooked into the onboard avionics.
|
| There could be some fuckery via shared power or other
| non-data systems but that's probably beyond someone
| sitting in a seat with standard laptop hardware.
| hackmiester wrote:
| If the latter was true, then "wheelWeightState" (and
| others) would not work. But, they do work.
| aftbit wrote:
| The weight-on-wheels switch reports its in-the-air status
| over ADSB. It errs in the direction of assuming in-the-
| air, which was implicated in a near miss on the ground in
| 2020 between two Air Canada flights[1][2]
|
| 1: https://www.tsb.gc.ca/eng/rapports-
| reports/aviation/2020/A20...
|
| 2: https://www.youtube.com/watch?v=nj7nG6gJqsU
| MBCook wrote:
| Not necessarily. All this could be reported up to airline
| HQ through the satellite link and then the IFE/customer
| WiFi could be downloading it again to serve locally.
|
| That would prevent any need for direct connection between
| the systems.
|
| Is that how it works? I doubt it. But it could be done.
| chaps wrote:
| Might be one way, but that doesn't mean you can't DDoS it
| (by accident or otherwise).
| pwillia7 wrote:
| DELTE
| fnord77 wrote:
| Please stand by, a DHS agent will be with you shortly
| skykooler wrote:
| It'd be interested to make a little HTML page that can query
| the api for each airline that exposes something like this and
| give you an in-flight display on your laptop.
| remram wrote:
| You can use jq's string interpolation feature to simplify this:
| $ curl -s https://wifi.delta.com/api/flight-data | jq -r
| '"https://maps.google.com/?q=\(.latitude),\(.longitude)"'
| hackmiester wrote:
| Thanks! I was trying to figure this out but I didn't have
| great Internet access (for some reason...) so I just hacked
| it instead.
| shortrounddev2 wrote:
| In powershell Invoke-WebRequest
| https://wifi.delta.com/api/flight-data | ConvertFrom-Json |
| %{
| "https://maps.google.com/?q=$($_.latitude),$($_.longitude)"
| [deleted]
| bunabhucan wrote:
| > "airspeed": null
|
| [nervously looks out window]
| MBCook wrote:
| That's just a sampling error. -NaN is when you get scared.
| PNWChris wrote:
| I have nothing insightful to add, I just want to say thanks for
| posting this!
|
| I'm on a flight right now and just went to this URL. Sure
| enough, it works!
|
| I know this information is available via the wifi portal's UI,
| but a JSON blob just hits different.
|
| ```
|
| {"timestamp":"2023-09-28T21:57:39Z","eta":"23:45","flightDurati
| on":164,"flightNumber":"DAL992","latitude":47.4557876586914,"lo
| ngitude":-111.73490905761719,"noseId":"3883","paState":false,"v
| ehicleId":"N883DN","destination":"KMSP","origin":"KSEA","flight
| Id":"N883DN_SF_20230928195737","airspeed":null,"airTemperature"
| :null,"altitude":35273,"distanceToGo":13,"doorState":"Closed","
| groundspeed":499,"heading":95,"timeToGo":107,"wheelWeightState"
| :"Off"}
|
| ```
|
| Apologies for the JSON formatting, I'm on mobile.
| eddieroger wrote:
| Interesting how they chose to make more general `vehicleId`
| instead of `planeId` or `tailNumber` or something. I wonder if
| Delta's fleet includes other things that have matching APIs to
| this one. I also wonder how much of their internal system
| structure one could learn from the `flightId` if they knew
| about other systems. It doesn't look like much beyond a
| composite key of otherwise knowable data, but still
| interesting.
| blcknight wrote:
| I doubt Delta made this. It's an official the shelf product
| that can do ships, trains, planes, etc.
| eddieroger wrote:
| Valid point. It makes a lot of sense in that light instead.
| mulmen wrote:
| But they also have airplane/flight specific identifiers
| like "flightNumber", "flightId", "noseId(?)" and
| "airSpeed". Maybe vehicleId is part of a base class or
| primary key somewhere and that abstraction is leaking.
| MBCook wrote:
| Those could apply to an air taxi service or something
| using helicopters as well.
| hackmiester wrote:
| Hey, a train has airspeed. :)
| mulmen wrote:
| Heh, true. I deliberately left out altitude because this
| is HN but you caught me anyway.
|
| Presumably a train's groundSpeed and airSpeed are the
| same. If they diverge you have bigger problems than a
| JSON schema.
|
| Is there a variant of this for ships? surfaceSpeed vs
| seaFloorSpeed?
| wasmitnetzen wrote:
| A train can easily run in a head- or tailwind in the same
| order of magnitude as its groundspeed.
| skykooler wrote:
| I've been tempted to mount a small anemometer to my car -
| by subtracting the groundspeed from the measured
| airspeed, one can get the wind speed and direction and
| figure out whether there is a headwind or tailwind and if
| so how strong. Theoretically this could be used to drive
| more efficiently, though the extra drag from the
| anemometer would probably cancel out any gains.
| mulmen wrote:
| Wow I got HN'ed twice in one thread. This is not my day.
| temp365984365 wrote:
| Well, ships have apparent wind vs real wind and apparent
| course vs real course (currents and drift are a thing).
| danjc wrote:
| "Official the shelf" - that your new iOS 17 update helping
| you out? ;)
| inopinatus wrote:
| Not all aircraft are planes.
| CommieBobDole wrote:
| As always, there's a relevant XKCD:
|
| https://xkcd.com/2170/
| not2b wrote:
| But SouthWest will give you a much prettier display of that same
| data (track your flight, see the current altitude and ETA, and a
| lot more, like the plane's position on the map) without paying
| for their WiFi. My guess is that they are using the same data
| that article writer wrote a program to process. Essentially there
| is one site you can visit for free and that's where it is.
| samwhiteUK wrote:
| Thank you. That answers the question I had which was, "why does
| trying to get the portal page return a load of data about the
| plane?"
| jamesbvaughan wrote:
| Yep, that's exactly right! They have a nice status page that
| you can visit free of charge that visualizes this data.
|
| I chose to scrape it for a couple reasons:
|
| 1. I wanted see all of the data for the entire flight - that
| status page only visualizes the current values.
|
| 2. It was fun!
| fragmede wrote:
| Plus there's no Internet. What're you going to do, read a
| book?
| coffeebeqn wrote:
| I was on some US flight recently - maybe Alaskan airlines - and
| they basically had a LAN box with movies and shows accessible
| on wifi without internet access
___________________________________________________________________
(page generated 2023-09-29 23:01 UTC)