[HN Gopher] WiFi without internet on a Southwest flight ___________________________________________________________________ WiFi without internet on a Southwest flight Author : jamesbvaughan Score : 1512 points Date : 2023-09-28 15:42 UTC (1 days ago) (HTM) web link (jamesbvaughan.com) (TXT) w3m dump (jamesbvaughan.com) | birdyrooster wrote: | WiFi with internet if you use a DNS VPN, they are handy and cost | you nothing to use | pogue wrote: | What browser or extension has Copy as cURL and all those other | functions? | idbehold wrote: | Firefox | system2 wrote: | Inspect element (F12) > Network tab > when you refresh the | screen check the header section to see the raw data. You can | right click and copy curl or xor. | jamesbvaughan wrote: | All chromium-based browsers have it in the network tab of the | dev tools | [deleted] | isodev wrote: | Safari has it out of the box in the web inspector. | alana314 wrote: | chrome | api wrote: | Fun fact: ZeroTier works in most cases on in-flight wifi without | logging in. I guess they usually allow UDP. | TurkishPoptart wrote: | Is this for connecting to a home device without paying for | wifi? | [deleted] | javier_e06 wrote: | Fun fact: I used to work for a company that provided equipment | and services for satcom. The price tier and license for airborne | communication was higher and we had software calculating the | speed and if the speed went over 300 m/hr or alike it will check | your license features and expiration date. If you forgot to pay | your bill, no wifi for ya! We did not use altitude for obvious | reasons. | macinjosh wrote: | Pretty sure all these hacks and tips for getting free Wi-Fi | aren't actually very legal. Sure the chances of getting caught | are small, but you are also stealing connectivity someone else | paid for by spoofing their mac address. Something, something, | mucking about with an airliner even if its just the wifi could | probably be twisted into some sort of federal aviation offense | too. | SirMaster wrote: | I want to see someone build a proxy that uses the free iMessage | or WhatsApp allowed connection to send arbitrary data. | | Like have a WhatsApp relay set up at home that you are sending | messages to and from, from the plane. | | Like at a most basic level, send a message of a URL to your home | WhatsApp which loads the web page there, and sends the HTML back | as a WhatApp message reply so you can render it etc. | | Wonder what someone could all do and make work. | | _edit_ Guess someone made a TCP relay using WhatApp already, | neat. | benced wrote: | I believe this is the approach that Flighty | (https://flightyapp.com/) uses to send flight updates while on | non-paid Wifi. | acwan93 wrote: | Flighty leverages the Apple Push Notification Service (APN), | which the iMessage infrastructure also uses. It's why you can | receive notifications in flight but can't act on them. | jiveturkey wrote: | I've not read the EULA but why not just have an actual IP | router? | | Pay the signup charge, and also stand up a wifi network. Call | it "Foo discounted" if the plane's SSID is "Foo". Put up a | captive portal that lets the user claim various "discounts", | like veteran, senior, child, etc. No matter what they choose, | charge them $2 via a payment page. Once you've been made whole | on the service cost, future visitors get a notice that "all | discounts have been claimed, please use Foo". | | Now you have free internet and all those using your | router/portal have $2 internet. The upstream bandwidth is | certainly atrocious so you will easily be able to multiplex all | the data onto your connection. | | Bundle it into a RPi kind of device (has to look finished, like | a music player or smth, to get past security) so that you can | continue to operate the device even when tray tables have to go | up, when you go to the bathroom, etc. | | I find it extremely doubtful that the airplane has WIPS or WIDS | that will deassociate connections to your rogue wifi. And after | all, are you not allowed to have a LAN party? | youens wrote: | I happened to have had a flight a day or two after the first | beta of Apple's Private Relay a year or two ago. I was able to | use free WiFi the entire flight. Presumably because whatever | they whitelisted for iMessage and/or push notifications covered | that as well. They had blocked it before my return flight days | later. -\\_(tsu)_/- | madeofpalk wrote: | Huh. Maybe this explains why my "messaging only" wifi on | Virgin Atlantic a few weeks ago gave me full, slow, internet | access? | jackconsidine wrote: | I see you found that TCP relay- I've been dying to try it but | I've heard of people successfully using it | | https://github.com/aleixrodriala/wa-tunnel | ip26 wrote: | Instead of _"wow, cool"_ my first reaction is _"free messaging | is a great perk, if this is abused they will shut it down"_. I | guess my hacker days are behind me. | cromka wrote: | Airlines already introduce free WiFi to everyone for free. | JetBlue does it, Delta also does it for continental flights. | Eventually all will, as there is more competition in the tech | and prices drop. | darknavi wrote: | https://github.com/aleixrodriala/wa-tunnel | vzqx wrote: | I've noticed that airline wifi doesn't block DNS traffic. You | can likely accomplish the same thing with a DNS tunnel like | Iodine (https://github.com/yarrick/iodine). | lazycouchpotato wrote: | Many years ago, I noticed I could browse the Google Play | Store on a flight WiFi without paying for it. No images would | load and no apps would download, but I could browse through | app listings and read reviews. | | Would this be related to DNS? | owl57 wrote: | Probably not. I bet something in Android didn't work | properly until they whitelisted some Google domains -- for | example, maybe it didn't detect the Internet connection | when the user paid for it, or maybe something on the | entertainment tablets broke (I don't know if they usually | run Android or something else). | bpye wrote: | This seems likely. ~6 years ago on a Delta flight I | noticed that I could use Google and view cached pages | without paying for WiFi. I managed to catch up on the | news on my flight... | bombcar wrote: | Sometimes they just redirect ALL DNS traffic to their little | portal until you sign in/up. | furyg3 wrote: | Way back in the day a lot of authenticated wifi firewalls did | enable DNS requests to pass through, or at least to resolve | using their DNS server, without being authenticated. | | Someone smart created a TCP-over-DNS tunneling tool that I had | a lot of great experience with, at least for more simple news | websites of the day. | | https://analogbit.com/software/tcp-over-dns/ | cromka wrote: | A more current alternative: https://github.com/yarrick/iodine | ale42 wrote: | Tried this on a flight 4 years ago -- I got to SSH into a | machine and read my mails, it felt like I was connecting | from a space ship... so funny but not actually usable to | browse the web or do any actual work ;-) | gregfjohnson wrote: | This is why I love hacker news. I was sitting in the waiting area | at Long Beach Airport about to board a Southwest flight when I | read this article. Did the hack, it worked spectacularly. I | didn't have jq installed, but whipped up a python script with | 'import json', watched the data stream the whole flight. Thanks a | million for posting this! | munro wrote: | I've always wanted to bring a lil router like a GL.iNet, pay for | internet, then share it free for everyone on the plane hehe | nunez wrote: | This is how we get aircraft wifi with Meraki Air Marshall-like | DDoS [0] for hotspots. Don't ruin it for us! | | [0] https://documentation.meraki.com/MR/Monitoring_and_Reportin | g.... This basically detects any access points in a wireless | network repeating a signal and automatically boots them. only | works on 2.4GHz networks if I understand correctly. | ilyt wrote: | ... wouldn't that be a type of jamming and therefore illegal | ? | nunez wrote: | Doesn't stop hotel chains from doing it | mike_d wrote: | I used to do this on long flights, but most in flight providers | have stopped trying to identify and shape specific protocols | and now limit bandwidth purely by client. If you get a few | people on all at once it thinks you are streaming video and | throttles you. | josu wrote: | Why not just use the hotspot on your phone? | MostlyStable wrote: | I believe that you can't both simultaneously provide wifi | hotspot and use wifi internet (at least, I couldn't on a | phone several years ago last time I tried it). I think you | can only do that if the network the phone is using is | accessed via the cellular modem. | Eavolution wrote: | I absolutely can, that's how I connect my ps4 to my uni | accommodation internet as it's mschapv2 or smth the ps4 | can't connect to. I know it's definitely using the wifi and | not my mobile data as my data usage for the day is | unchanged after I've downloaded a game. | | Cheap Chinese android phone from 2020 (or maybe 2021 can't | remember). | Zigurd wrote: | Depends on the phone OS and wifi chipset Some Pixel phones | can do it last I checked, which was about a year ago. It's | a fragile dependency. For example, a Samsung with the same | wifi chip didn't work. | pests wrote: | That used to be the case but it has changed now. Probably | depends on the phone broadband chipset used. | | These days you can passthru your WiFi or even a wired | connection (via USB to a connected PC or a Ethernet-to-USB | adapter) via a Hotspot. | ikjasdlk2234 wrote: | You can on Android, and have for some time IIRC. This is | how I get free wifi on my computer by passing it through my | T-Mobile phone. | mbesto wrote: | Correct. My GL-E750 Mudi has a repeater function: | | https://docs.gl- | inet.com/router/en/3/setup/gl-e750/internet/... | | My iPhone does not. | yread wrote: | We messed around on a recent KLM flight and what's interesting is | that you get a DNS prefix of klm.com in DHCP (or some ms | extension of it). The gateway has a name of www that allows you | to access www.klm.com even though no name servers are accessible | so DNS shouldn't work. | the_mitsuhiko wrote: | I added flight status on airlines I fly into my shell prompt from | the wifi status. It's surprisingly fun. | https://x.com/mitsuhiko/status/866601971565944832?s=46&t=xvV... | atourgates wrote: | I'm an Alaska (relatively) frequent flyer. That airline offers a | free "messaging" plan, that lets you send and receive messages on | apps like iMessage, Facebook Messenger and Whatsapp. Though, it | somehow prevents images/attachments from coming through on those | platforms. | | I've always wondered how this is implemented technically, and if | it might be possible to setup some kind of protocol/wrapper to | send data that looks like it's being sent over those protocols, | but offers access to other parts of the internet. | kayson wrote: | I can't seem to find it, but there was a blog post on HN a | while back about how someone set up a proxy to browse Wikipedia | by sending and receiving WhatsApp messages. I'm sure you could | extend that to be a web proxy. | technothrasher wrote: | Many years ago, when hotels first started having and charging | for WiFi connections, I wrote a simple little tunnel using the | DNS port back to my server. Since the hotels didn't block that | port or even bother to check what traffic was going over it, it | worked like a charm. | | I tried it on a trip to Tokyo and immediately got completely | blocked. It took me a few minutes to figure out they'd | blacklisted my MAC address. I changed the MAC of that interface | and then behaved. | someotherperson wrote: | Reminds me of using VPNs in hotels in China some years ago. | Traffic would work for a few minutes and then the Great | Firewall kicks in, fingerprints the traffic as VPN and the IP | address and the MAC gets blocked. I'd rotate the endpoint and | the MAC address and get a few more minutes, rinse and repeat. | | I think I had to use Shadowsocks or something at the end to | completely bypass it. | superkuh wrote: | Shadowsocks(-libev) is great. I use it in the USA with | Comcast to prevent their MITM attacks on HTTP connections. | tuetuopay wrote: | some options: | | - attachments are likely stored in a different part of the | infra than raw messages (like on some s3 bucket somewhere), so | it's pretty easy to allow the WA/iMessage/Signal/Messenger API | while blocking their CDN through dns blocking, ip range | blocking, sni inspection, etc. | | - they cut the tcp connection once more than e.g. 1MB has been | transferred. it would result in slightly degraded user | experience (the message tcp stream needs to be periodically | reopened), and may not be foolproof is apps are smart and | resume the download where it failed instead of from the start | | I lean for the first option as it's both the simplest and most | foolproof option. | [deleted] | sixstringtheory wrote: | Could always send base64 data strings! | danielfoster wrote: | I've also wondered why Grindr but not Tinder works on the | "messaging only" plan. Someone at Alaska must have had fun with | that one. | | Flightaware.com also works, presumably because Alaska uses | Flightaware for its tracking map. | noahtallen wrote: | > Flightaware.com also works | | Unfortunately, I couldn't get it to load on my Alaskan flight | a few days ago on the free messaging plan. Maybe they've | changed it | 0_____0 wrote: | Grindr is a logistics app, Tinder is entertainment :p | phantom784 wrote: | I'd suspect it kills TCP connections once a threshold of data | has been transferred, and the threshold is enough to let text | through but not enough for attachments. | grishka wrote: | Good luck doing that against Telegram. It would simply | reconnect and resume the download where it left off. | miki123211 wrote: | Do they allow Telegram? | | If so, that would be the easiest, Telegram has a really good | bot API. | Karrot_Kream wrote: | Many do but some don't. I wrote an HTTP Proxy for Telegram | and it works fine for those situations but is very slow. I | prefer using an NNCP proxy I wrote because the protocol | doesn't have online liveness requirements. | justapassenger wrote: | I don't think they have any sophisticated solution for sniffing | traffic. It's most likely simple firewall + deals with | Apple/Meta. Many airlines offer basic Wi-Fi for messages | nowadays, so it's very likely that big tech developed solution | for it (especially, as they have initiative to do that, so | their apps can work). | organsnyder wrote: | United wifi is similar. I've found that notifications work for | most things, including my Home Assistant instance--they must | all use the same Apple push service. | atourgates wrote: | I noticed the same on Alaska flying last weekend. | | As soon as I activated the "Free Messaging" service, I got a | bunch of notifications from my Apple Home and Google Nest | devices. | snazz wrote: | Yes, APNs (Apple Push Notification service) has to be | allowed for notifications to come through from messaging | apps and the network operator can't tell whether it's an | allowed messaging app or any other kind of notification. | mcast wrote: | The scale of Apple's notification service must be pretty | large. Granted, most notifications don't have strong SLA | guarantees but I don't remember it having any downtime | either. | Klonoar wrote: | They don't really make guarantees about the reliability | of push notifications (IIRC), so it's unlikely you'd see | anything about downtime unless it was sustained for some | time. | SirMaster wrote: | On iOS all notifications have to use Apple's Push service. | | And the WiFi essentially has to allow the Apple push | notification system entirely in order for iMessage to work | fully the way people expect. | | So it's really a side effect. But yeah for example with the | free iMessage connection on Southwest, I can see all the | notifications come in on Discord, but of course I cannot | connect within the discord app to actually load all those | messages. I can only read them as they come in as push | notifications. | Xeamek wrote: | >On iOS all notifications have to use Apple's Push service. | | Have to? Isn't there an option to send 'offline' | notification? I mean, coming from the app itself, rather | then external callback? With that, app could ommit the | official way of using Apple Push service, no? | SirMaster wrote: | Well, apps can only "run in the background" for up to 10 | minutes. | | So sure, an app can generate a notification popup itself, | but it's pretty limited as it won't be able to generate a | notification after being backgrounded for more than 10 | minutes. | | And the 10 minutes is also only if the app is designed to | extend the duration as long as possible. Normally it | would get cut off after 1 minute. | | So because of this it seems that in the vast, vast | majority of cases apps choose to send their notifications | from the Apple Push notification service. | WirelessGigabit wrote: | Yea but those mean the app has to be running. The main | advantage of Apple's Push is that the app can be put to | sleep and only wake up when you tap a notification. | dheera wrote: | IP-over-Facebook. So that's what the world has come to ... | alexfoo wrote: | https://news.ycombinator.com/item?id=33568994 | toast0 wrote: | I used to work at WhatsApp (until the end of 2019) on many | things, including special pricing (aka zero rating); we did not | work with airlines, and would not have participated in a | project where messages and attachments where treated | differently. | | That said, technically there's two pretty easy ways to do it | for WhatsApp traffic, and then there's the way I suspect | they're doing it... | | a) chat runs on different ips than attachments; always has, | most likely always will (other than some transitional HAProxy | at the old hosting when nearly everything had been moved to the | new hosting). | | b) WA chat is not HTTPS (or even TLS) and attachments are. Chat | also cycles between different ports, so you could just block | port 443 and be good. | | c) I actually suspect, based on poking around a little that | it's mostly just killing connections that use a lot of data. | Maybe in combination with some other things. Being on a plane | doesn't really put me in a debug the network kind of mood, so I | never got to the bottom of it, but I'd regularly be able to | make short connections to my home network while on the | messaging plan, at least when this stuff was new. OTOH, I think | I recall being able to connect through the WA VPN while on a | plane on the messaging plan, but that was when we had a | publicly available, but not publicly linked list of IP | addresses on our website; I have no doubt that DPI vendors had | that list. | dgellow wrote: | > WA chat is not HTTPS (or even TLS) | | If you don't mind, could you expend on this? Are there | specific reasons to not be using TLS? | toast0 wrote: | I should probably refer you to the encryption whitepaper | [1], but the basics are that Chat uses the Noise Protocol | rather than TLS. All things being equal, the security | properties are about equivalent, however all things aren't | equal. The Noise handshake is smaller than the TLS | handshake, and Noise doesn't have extraneous features | WhatsApp doesn't use. Additionally, at the time of Noise | adoption, TLS lacked a means for 0-RTT data (now available | with TLS 1.3 Early Data), which meant using TLS would have | added at least one round trip; possibly two, depending on | which TLS library used. [2] You _can_ use TLS without | x.509, but it 's not very common; avoiding x.509 was a | definite plus. | | I wasn't much involved in anything on the chat channel, and | I didn't do any implementation work on Noise, but I did | some later prototype work with it, and if I recall | correctly, it had much simpler framing than TLS as well; | although maybe that was mostly TLS options getting me down | --- the SNI header has 9 bytes of overhead, 5 of which are | lengths, Noise didn't have anything like that as I recall. | Do you really two bytes of versioning on every application | data packet, like TLS has? I'm not sure you really need a | type indicator byte either, context says you're sending a | handshake packet initially, and then application data after | that, but I'm pretty rusty on this now, so maybe there's a | justification. | | For users paying for internet by the byte, every byte | counts. For users on networks with large delays, every | round trip counts. For attachments, it's less critical (if | your data access costs were high, you could configure | attachments not to load) and that infrastructure was always | built around http(s), so while there would have been an | efficiency improvement to move that off https, it would be | hard to justify the engineering time; especially post the | move to FB infrastructure with its CDN that was easily | configured for our attachments. OTOH, chat never ran on | TLS, so adopting Noise vs adopting TLS was a choice we | could consider, and we picked the best solution for us. | Unfortunately, it's pretty easy to identify Noise vs TLS | --- OTOH, the service IPs are already identifiable, so a | little more blending on the protocol level wouldn't help | much. | | [1] https://www.whatsapp.com/security/WhatsApp-Security- | Whitepap... | | [2] Also using system TLS libraries is fraught with peril. | It's fine, but not super great, for http, but using it for | a custom binary protocol is going to be terrible. You'll | need to debug all of the edge cases that the system https | library doesn't hit, and will then have to craft | workarounds that just work, even if you can't reliably | identify the underlying versions because Android OEMs do | weird stuff. | dgellow wrote: | Thanks for the answer, I didn't expect that much details! | jedberg wrote: | We didn't use TLS at Netflix either, and instead used our | own encryption protocol that ran on top of HTTP. We could | do this because we controlled the clients too. | | The why was because of trust store issues. Every device has | its own built in trust store, and especially on devices | like TVs and DVD players, they couldn't be updated. After | looking at all the devices we supported, there was no | common certificate signer amongst all of them. | | This meant that we would either have to get multiple SSL | certs signed by different parties (some of which weren't | all that secure) and present the right one depending on | your device type, or we could just roll our own over HTTP. | So we chose the latter. | eadmund wrote: | This discussion is another great example of why HTTP | without TLS can be just fine, even desirable. | toast0 wrote: | Yeah, at WA we didn't have too much of a problem with | trust store issues; although we did do extensive testing | when we switched CAs. We did have to deal with the end of | SHA1 certs though, I think we were able to get all of our | clients to use sha2, but some of the platform browsers | couldn't; and then we had to fiddle with our TLS server | to send sha2 certs to some clients and sha1 certs to | others. | | Of course, there's not really very useful client | identification in the TLS Hello, so you have to kind of | guess who needs what. If we had to use different CAs for | different clients, it would have gotten a lot harder, | because it's not like we could rely on clients filling | out SNI either. So then you need to get more ips for each | service. I do recall needing to do that a little, but we | only needed a single 'legacy' group that was useful for | everything that couldn't manage the modern certs. | Sohcahtoa82 wrote: | > Every device has its own built in trust store, and | especially on devices like TVs and DVD players, they | couldn't be updated. | | Was creating your own certificate authority and pinning | it in the app not an option? | toast0 wrote: | Bringing your own trust store to system https libraries | is not often supported. Especially when you get into | kinds of embedded environments Netflix supports. You also | might not have the capability to bring your own TLS | library either. If it's a limited environment, you might | only get reasonable performance if you use the system | ciphers, and they may not be exposed as primitives, and | x.509 parsing takes up a lot of code space in the likely | event that you've got limitations there too. | jedberg wrote: | In most environments you have to use the built in | libraries for network connectivity, so you have to use | their trust stores. Also space is very limited for the | client, so you can't just put everything into it. | waiwai933 wrote: | Our solution for the same problem was to just have | different subdomains for each cert signer (and make sure | we ship the right base URL for each manufacturer's app), | so we didn't need to do any clever device-sniffing at the | SSL termination point. I think rolling our own encryption | sounds much scarier, but equally we weren't running at | Netflix scale. | [deleted] | blapp wrote: | It's based on the Noise Protocol Framework in the outermost | layer, which encrypts a compressed XMPP stream. The end-to- | end encryption is done within various XMPP message payloads | using the Signal Protocol, which encrypts message data | serialized using Protocol Buffers, with different formats | depending on the message type (text, image, video, sticker, | etc). | [deleted] | dannyfritz07 wrote: | Google Voice always works for me too FYI. | gouggoug wrote: | I've been wondering the same. | | I wonder if they just do some rudimentary packet inspection and | drop packets above a certain size. My thinking being that short | text messages result in very small packets, while large images | will result in many large packets. Dropping large packets is | most likely OK. I'd need to test this hypothesis by sending a | very large text message (resulting in many large packets) | teeray wrote: | Time to implement IP over FB Messenger | falcor84 wrote: | Absolutely. And I'll just put this here for anyone who's | looking for inspiration: | | https://www.rfc-editor.org/rfc/rfc2549 | c7DJTLrn wrote: | You could try iodine, which is an IP-over-DNS tunnel. This | should work unless the gateway has very restrictive rules on | where DNS traffic can go. | | https://github.com/yarrick/iodine | jedberg wrote: | Most captive portals have gotten wise to this trick and block | large DNS requests. | roygbiv2 wrote: | Yeah I recently found this out. It never really did work | that well, I did manage to telnet into an SMTP server and | manually send an email but for anything else it struggled. | | I wonder if TCP over ICMP would work better. | TRiG_Ireland wrote: | I've come across wifi zones which allow normal web browsing, | WhatsApp messaging (including pictures), but not WhatsApp | calls. I saw it first in Hollyhead Port while waiting for a | ferry. WhatsApp threw up an error message saying that calls | were disallowed by the wifi network. | aabhay wrote: | So so surprised that nobody has found out the hack for free | wifi on alaska flights. (At risk of losing awesome free wifi) | | 1. Open browser with iOS user agent and ios sized h/w. 2. Click | on t-mobile free wifi link 3. Enter _any_ t mobile number you | may know. | dag11 wrote: | Hi fellow Alaska frequent flier. | | So about that! There's this iOS app called Flightly that does a | brilliant little hack where the app updates itself in (almost) | real time on the "free messaging" plan. The way it works | (according to a friend) is that their servers send your phone a | push notification every couple of minutes from take-off until | landing, containing some serialized info such as | lat,long,alt,eta,etc. And then the app immediately swallows the | notification and deserializes its content without you ever | seeing it. The notification works because in order for Alaska | to give you notifications at all for your messaging apps, it | needs to give you access to _all_ push notifications as they | all get sent over an encrypted connected through Apple's server | and it can't pick and choose which apps' notifications it lets | through. | | I've often wondered if it'd be possible to pipe any sort of | internet over notifications but I'm not sure if e.g. inline | responses are viable, and also that'd probably be heavy enough | usage of push notifications I'm sure it's violate someone's | TOS. | madeofpalk wrote: | It works not because Alaska wants to give you notifications | for your messages, but because iMessage literally is | transported over APNS. | el_benhameen wrote: | I've always wondered why I get slack and email notifications | when I'm on a Southwest flight with free messaging without | paying for wifi. You've finally solved my mystery! | xeromal wrote: | This reminds me of a web browser years ago that would use MMS | to transfer web pages to the user without using internet | service. This was in the early days. I think it was a Java | app for the Motorola razor IIRC | lupire wrote: | Does that work on Android? I've never seen a non-authorized | notification in a Chat or Mail app on a flight. | keanebean86 wrote: | I had an idea to use Facebook messanger as a proxy. | Specifically to use the cheap messaging plan on a cruise ship | for real internet access. My home computer would be a gateway | that monitors fb and fetches/returns websites. I never even | tried because it just sounds like a violation of multiple | ToSes. Not to mention message size limitations, throttling, | my fb messages being pages of encoded text, etc. | | I feel like it would need to work like Opera mini to maybe be | usable. Even then interactions would be uncomfortably slow. | | https://en.m.wikipedia.org/wiki/Opera_Mini | ddalex wrote: | Check out https://github.com/aleixrodriala/wa-tunnel tunnel | over whatsapp | interestica wrote: | > There's this iOS app called Flightly | | I guess it's Flighty (https://apps.apple.com/us/app/flighty- | live-flight-tracker/id...) | | I love that people are into this. In the days before iPhones, | I had "Microsoft Streets and Trips" + a USB GPS unit + | Laptop. It was fun having it on a flight and seeing movement | data in realtime. It was less fun answering questions from | people who thought looking at the GPS data was somehow | nefarious. | zikduruqe wrote: | I used to do that also. | | Way before cellphones, I'd bring my 2m radio on the plane | and make contacts on simplex. That was fun to throw your | callsign out and say "aeronautical mobile". | kawfey wrote: | I still sneak in an HT to listen to VHF/UHF ham radio and | airband. One flight, we were experiencing moderate | turbulence and didn't get our drinks/snacks. The captain | announced "we're asking for clearance to help us get to a | smoother altitude..." meanwhile did nothing of the sort | on the actual radio. Lol. | cromka wrote: | They use text for communication, too. | geostupid wrote: | Ha! I've used a high-end GPS to see my location and other | fun facts in flight. I learned to keep it in my pocket as | despite my attempts to explain it was only a receiver, I | was told by the flight attendant to "PUT IT AWAY." Not | being one to push back as to be removed for that flight, I | did just that. | | Streets and Trips was fun on a laptop for long car drives | as you could live reroute in the car much like any old app | can do these days but seemed somehow magical back then. | joezydeco wrote: | FAs can be really strange about that kind of stuff, not | just out of ignorance. | | My kid liked to suction cup his GoPro to the window to | take a time lapse movie of the flight and one FA told him | he had to take it off the window because he was, and I | quote: "modifying the structure of the aircraft and | that's not FAA-approved". | wolverine876 wrote: | I would guess that the flight attendant is doing their | job. They do not have the authority or expertise to risk | the airplane based on their own analysis, or based on | some random passenger's explanation. The clearly correct | solution is to remove the device and then there is no | risk to the plane. I expect they are strictly required to | respond that way and have no leeway. | buildsjets wrote: | There has been a lot of debate in the aviation | maintenance community regarding the legality of attaching | gopros etc. to aircraft with suction cups. Someone | eventually wrote to the FAA chief counsel and asked. | | "Another consideration, in the case of this type of | equipment, is the applicability of the term "alteration". | FAA Order 8110.3 7E, defines an alteration as "a | modification of an aircraft from one sound state to | another sound state". The use of suction cups, or other | temporary methods of attachment (not including permanent | mechanical attachments to the aircraft), would not be | considered a modification to the aircraft." | | https://mypilotpro.com/wp-content/uploads/2020/05/FAA- | Camera... | | But still, the aircraft is the the airline's property, | not yours. If they tell you not do something to it, you | don't get a choice in the matter. | interestica wrote: | > installation of external mounts | | That memo is about attaching it externally. Attaching it | to an internal window is probably a non-issue. | | I once had a security agent ask me to prove a GoPro was a | camera because they didn't understand how there could be | no screen or viewfinder. It was most frustrating because | this was an area where they would have encountered it | many times (lots of scuba divers). | edrxty wrote: | Had this happen to me with some duct tape and a | malfunctioning strobing light next to me on a red-eye. | I'm an aircraft builder but she didn't want to hear my | explanation about how TSOs and the FARs work. I just | waited until they stopped paying attention. | bunabhucan wrote: | Probably just didn't want kid spit on the window. | dgellow wrote: | Really hoping someone implements this, it's the funniest | project idea I've seen in a while :) | adrr wrote: | Push notifications have background notifications that are | used to update apps while they aren't loaded. We used them | update our catalog/home screen on shopping app, its makes the | app feel much more responsive when they open the app and | content instantly appears instead of waiting for some API | calls. | | https://developer.apple.com/documentation/usernotifications/. | .. | hackernewds wrote: | so why would I use this Flightly app? seems it delivers | messages all the same? | amalcon wrote: | This reminds me of the old tools that tunnel more or less | whatever over DNS. I.e. behind the scenes, the tool would | look up "base64encodedpacket.domainyoucontrol.example.com", | and it would respond with encoded data going the other way. | This is because captive portal WiFi often permitted DNS to | pass through unimpeded, for various reasons. | | I always appreciated the hack, even though I could never | bring myself to use it due to the obvious cache pollution | problem on the various DNS servers. | fragmede wrote: | Also Internet over ICMP, for when captive portals used to | let those through. | godelski wrote: | On my recent United flight, where they had the same policy I | was sending image messages to friends through Signal. But it | was rather slow, so my best guess is rate limiting. | hot_gril wrote: | I always assumed they have a whitelist of | iMessage/Whatsapp/whatever IP addresses. It doesn't seem to | work for all messaging apps in general. | gsich wrote: | SNI or IP lists. | aantix wrote: | Hussein Nasser covered this. His videos are great. | | How Airline WIFI allows Texting but not Media in | WhatsApp/iMessage | | https://www.youtube.com/watch?v=AYSxxO2yZp8 | matsemann wrote: | How does that fly (pun intended) with regards to net | neutrality? | | Where I live, some mobile operators gave you "unlimited | streaming" in their data plan, but only for certain popular | services (spotify, youtube, netflix basically). Since this | would make it harder for others to disrupt the big ones, it was | quickly forbidden. | mdasen wrote: | In the US (I believe) Net Neutrality basically died. Even | before that, it was allowed to zero-rate categories of apps | (like messaging). That might be coming back now that the FCC | has 5 commissioners again and can reinstate Net Neutrality. | | However, even with reasonably strict neutrality, this is | still possible. Many mobile carriers zero-rated streaming | services here, but unlike your operators they'd do it for any | streaming service. It was pretty easy for any streaming | provider to sign up. They'd basically give the operator the | IP ranges they'd be streaming from and the operator would | just zero-rate data to those IP ranges (and they'd usually | apply bandwidth throttling to around 1.5Mbps so that you'd | only get 480-720p video). The key is simply not | discriminating between providers within a category. | dehrmann wrote: | This is the situation where net neutrality falls over | because there's very often more demand, even at 1.5Mbps for | a stream, than an airplane's link can provide. | haswell wrote: | Airlines, coffee shops and similar entities providing | Internet as an ancillary service were not subject to | these rules when they were in effect. | | The rules primarily target ISPs selling directly to | customers. | dehrmann wrote: | It also fails for mobile data and large crowds. Try | checking your email at a concert. | RulerOf wrote: | I always enable my 5G when I get into big crowds and it | usually fixes that problem, assuming service is | available. | | I usually keep it off otherwise though because average | bandwidth tends to be better on LTE in my experience. | Dylan16807 wrote: | On an airplane in particular, you can set the limit lower | for everything, and that doesn't violate neutrality. | MostlyStable wrote: | So many people seem to think that Net Neutrality | disallowed _any_ kind of network management, when it | simply disallowed service provider level preference. You | can, under net neutrality, throttle _all_ video content, | if you want to, you just can't only throttle YouTube and | not Netflix (for example. | haswell wrote: | When the rules were still active, net neutrality did not | apply to coffee shops, airlines, etc. | | > _52. Finally, we decline to apply our rules directly to | coffee shops, bookstores, airlines, and other entities when | they acquire Internet service from a broadband provider to | enable their patrons to access the Internet from their | establishments (we refer to these entities as "premise | operators"). These services are typically offered by the | premise operator as an ancillary benefit to patrons ... | Although broadband providers that offer such services are | subject to open Internet rules, we note that addressing | traffic unwanted by a premise operator is a legitimate | network management purpose._ [0] | | It seems like a reasonable distinction: if you're letting | someone else use your Internet connection, it's your | prerogative to block things that you don't want on your | network. | | - [0] | https://docs.fcc.gov/public/attachments/FCC-10-201A1.pdf | (page 31) | HWR_14 wrote: | Other people have suggested it's done by limiting the size of | the data transmitted to make the connection only useful to | text messages, possibly resetting the connection regularly. | If so, it would in fact comply with both the principles of | net neutrality and any laws I know of. You could create | matsemann's text service as long as it also used small | amounts of data it guessed could only be used for text. | hot_gril wrote: | Is net neutrality even law anymore? T-Mobile has had Binge on | for a long time, which zero-rates certain video streaming | services. And part of that was even under the old net | neutrality laws. | burkaman wrote: | Net neutrality is the law in California, but T-Mobile says | Binge On is ok because any video streaming service can | participate for free. It sounds reasonable to me and | apparently the California regulators are fine with it. | hot_gril wrote: | I'm fine with it, but that also clearly violates net | neutrality, so it doesn't seem to be the law here. | burkaman wrote: | Here's the California law: https://en.wikipedia.org/wiki/ | California_Internet_Consumer_P.... T-Mobile Binge On is | zero-rating. T-Mobile's claim is that they aren't getting | paid for it, and that any video provider can participate, | so they aren't only zero-rating "some content in a | category". It sounds like that second part isn't true, so | they are probably violating the law but nobody is being | harmed so nobody has sued. | | I agree that allowing any form of zero-rating is not full | net neutrality because it isn't treating all packets the | same, but I don't think it's fair to say that therefore | there is no net neutrality in California. It's a very | strong and effective law and gets like 95% of the way to | full "dumb pipe" net neutrality. | bombcar wrote: | Some states implemented their own versions of net | neutrality. | hot_gril wrote: | Gotta disable in-flight messaging while flying over | certain states ;) | technothrasher wrote: | No, but the now Democratic majority at the FCC is currently | actively trying to bring it back. | toast0 wrote: | Binge On doesn't fall under strict net neutrality, but they | are at least publicly open to all lawful and licensed | content audio/video providers, and the technical | requirements are not very high. I don't know what the | actual onboarding process is like, but they've got a lot of | providers signed up... | hot_gril wrote: | https://www.t-mobile.com/tv-streaming/binge-on/apps- | list.htm... doesn't list all that many providers if we're | talking about all video streaming services worldwide. I | notice a large one under the gaming category missing, | Twitch. | toast0 wrote: | I think they've got to be licensed for US customers, or | T-Mobile USA isn't going to include them. Twitch does | seem to be a notable missing provider; Amazon video is on | the program though, so maybe there's some technical or | product thing on Twitch's side. | hot_gril wrote: | Even US-only. Broadcast networks category is especially | slim. They've anticipated this kind of scrutiny and claim | no money is exchanged, but idk. Someone should try adding | a random obscure service. | RandallBrown wrote: | Probably 10-15 years ago when wifi on airlines was still pretty | brand new I remember a fun hack for free Internet that involved | Google Translate. | | Because the wifi landing pages used Google Analytics, they | allowed traffic through from many of the Google domains. You | could then go to Google translate and translate the website | from English to English and use it as sort of a proxy server to | get free Internet. | smegger001 wrote: | You could probably have used googels cache to read arbitrary | pages as well. | noman-land wrote: | This hack often works today to get around paywalls. | spike021 wrote: | I'll probably show my age, but around 15 years ago I was in | high school and they blocked most websites as well. This | "hack" using Google Translate was how some of us got around | the blocklist for many things. It was nice because it didn't | involve having to install anything special or try to change | configurations that were probably monitored by library/school | admin. | demondemidi wrote: | This is just the raw data from the in-flight GUI. Is that it? | What am I missing? | teacpde wrote: | Nothing, I believe this gets the upvotes simply because it is | fun. | demondemidi wrote: | Good point: I upvoted it! :) | warkdarrior wrote: | > I didn't know what I'd do with the data at this point, but I | started collecting it right away so that I'd have as much as | possible to play with later. | | And people complain that everything everywhere collects data on | everyone. | mulmen wrote: | The complaint is collecting data on _others_. Specifically the | complaint is on others collecting data on _me_. | cph123 wrote: | I did something similar on an easyJet flight, I wrote a little | Python script to save the altitude and speed data from the free | WiFi. They have a cool 3D WebGL rendering of the plane in the air | like Flight Simulator, but the satellite imagery was really low | res. | ejcx wrote: | I have a similar program I run that does this stuff for United | flights: https://github.com/ejcx/uwc/blob/master/uwc.go | | The code is horrendous but it has worked for years and I guess | when I wrote it originally I didn't want to use a go struct for | some reason? | flemhans wrote: | I remember the days when I poked around like that too, and go to | 128.65.70.1 and find the Hughes admin interface for the satellite | link itself. | pperi11 wrote: | I remember when buying wifi on a plane was sooooo forbidden by my | parents. Now i literally buy wifi on every flight lol | alexellisuk wrote: | What did you use to create your graphics? | jamesbvaughan wrote: | I used chart.js [0], but I don't necessarily endorse it - it's | just what I knew how to use quickly. I usually try to keep my | posts free from javascript, and could have used a different | tool that gives me SVG data or images. | | You can see the code that's generating these charts here: | https://github.com/jamesbvaughan/jamesbvaughan.com/blob/main... | | [0] https://www.chartjs.org/ | alexellisuk wrote: | Thanks | tempestn wrote: | Anyone else halfway through reading, already thinking this would | be a great way to end up on a TSA watchlist? | punnerud wrote: | Nice trick with the watch to download periodic: watch -n 30 "curl | https://getconnected.southwestwifi.com/current.json | jq -c >> | flight-logs" | | I often use crontab, but this looks easier for testing. Thanks. | jamesbvaughan wrote: | Yeah, if this were something that I wanted to leave running for | more than the duration of a flight, I'd reach for cron, but a | bash one-liner was perfect for this use-case! | benbristow wrote: | I've done something similar on trains in the UK before, | specifically LNER (was Virgin Trains East Coast at the time but | don't think the Wi-Fi solution has changed) trains. The icomera | captive portal has an endpoint which returns the GPS coordinates | of the train along with the speed. And some other endpoints for | next stops etc. | | Once made a little React app that showed the train on a Leaflet | map. Was a good waste of a few hours. | billy99k wrote: | I just took two delta flights in the US. The first had free Wifi | through Tmobile. It marginally worked. It was just fast enough to | view low-intensity websites and I was able to connect to my linux | servers back home. | allarm wrote: | Read this post while traveling on an ICE train. I decided to see | if there was something similar in DB WiFi - and it turns out you | can get two json files with current trip data. Here's a graph of | the train speed for the last hour of my trip: | km/h ice train speed 160 | +---------------------------------------------------------------- | ------------+ | + + + | + + ** + | |* | ** | 140 |*+ | ** +-| |* | ** | |* | ** | 120 |*+ | ** +-| | * | * * | | * | * * | 100 |-* | * * +-| | * | * * * | 80 |-* | ** ** * ** +-| | * | ** *** * * | | * | ** * ** | 60 |-+* * | ** * ** +-| | * **** * | ** * ** | | * * * * | * * * | 40 |-+ ****** * **** | ** * * +-| | ***** * **** | * ** | | * * * | * ** | 20 |-+ * * * | * ** +-| | * * * | * ** | | + * * * + | + + *+ * + | 0 +----- | ----------------------------------------------------------------- | ------+ 0 50 100 150 | 200 250 300 350 | count | userbinator wrote: | I was expecting an article about a LAN party aboard a flight. | ingen0s wrote: | fun! | notmysql_ wrote: | Thats funny, I discovered the same thing a few months ago and | built a CLI flight tracker[1] that uses the API. I've tried it | across a couple of airlines and it worked almost perfectly across | all of them, because they were all using the same in flight ISP. | | [1]: https://github.com/NalinPlad/OuterFlightTracker | jamesbvaughan wrote: | That's cool! I had wanted to make something similar, but I | didn't have enough experience with making TUIs to build it | without using the internet for reference during the flight. I'm | glad to that it's been done though! | notmysql_ wrote: | Yeah, I was on a long flight home from a hackathon with some | fellow programmers so it was fun to work on it together | gs17 wrote: | Glad someone looked into the flight tracker, I was always curious | how real the data in it is. | | Although it doesn't answer my curiosity about how they manage to | mess it up occasionally. I've had flight data from different | flights pop up a few times on Southwest, which is never | reassuring to see. | grepfru_it wrote: | If it's the panasonic inflight system, it receives flight data | from the FMS. If the system does not receive flight data from | the FMS then it will not be up to date. Your browser could also | be retrieving old cached content. | | Basically there is nothing about this system to assure you, | it's entirely a secondary data-delayed system that is not | critical to flight operations and as such can be INOP at | anytime and no one will care. | flutas wrote: | I honestly miss having to debug the racks at pana. But there | were so many "what" level bugs with the systems. | | I remember DRM breaking multiple times for the IFE because | they assigned the same IP to multiple devices. | grepfru_it wrote: | Worked on redboot, so i was probably the person you were | cursing out | [deleted] | mulmen wrote: | Based on the current top comment those IPs may not have | been _assigned_. | | https://news.ycombinator.com/item?id=37693293 | gs17 wrote: | > Your browser could also be retrieving old cached content. | | No, these are flights I couldn't physically have been on. | Sometimes it _is_ old content, but it 's for the flight the | plane took previously and doesn't update. | | Here's an example of it happening to someone else: | https://community.southwest.com/t5/Inflight- | Experience/Fligh... | grepfru_it wrote: | Also the FMS may not be programmed until right before the | plane takes off. The flight plan is filed with ATC but not | programmed into the plane yet and that is sometimes done | during taxiing, esp if the pilot is an air cowboy/behind | schedule. | luc_ wrote: | this is such a wholesome nerd post. i love it. | justinclift wrote: | In this fragment here: // This looks like | info about the system's satellite internet connection. | "sat_commlink_portal": { // The connection is okay! | "status": "conn_ok", // I'm not sure what this time | is. // It hasn't changed at all. "time": | "Sun Sep 24 22:02:19 2023" | | The "time" field could be the timestamp of when the status field | last changed. That's the most obvious thought anyway. :) | pjot wrote: | I have an American Airlines flight in a few hours. Looking | forward to see what kind of data I can find now | cirrus3 wrote: | Fun story =) | | Anyone else freaked out by that "time" format though? Seems like | a strange choice, would have expected something more standard | like ISO 8601 with timezone offset. "time": "Sun Sep 24 22:02:19 | 2023" | jamesbvaughan wrote: | I felt similar! | | My best guess is that whoever designed this system preferred to | transform the time into a localized (based on the flight's | location, I guess?) representation on the server so that they | could drop it directly into the web UI without much client-side | logic. | hughes wrote: | It looks like the default formatting used by `ctime`. Could be | a clue about the underlying backend. | | https://cplusplus.com/reference/ctime/ctime/ | kristopolous wrote: | On redeye international flights with exorbitant WiFi fees I'll | admit to scanning for MAC addresses, get the top talkers, then | come back later when ones been idle for like 15 minutes, | presuming the person is asleep and change my mac to take the | address and get online. | | I just did it for fun, ok fine. | kkyr wrote: | How do you determine who the top talkers are? | sneak wrote: | The wi-fi on planes is not encrypted. | cromka wrote: | Even if it was, you'd still see the top talkers | cromka wrote: | By setting the WiFi card into monitor mode, and using by e.g. | Kismet for data collection. | kristopolous wrote: | I did it with tshark but yes this is a pretty easy problem | to solve. | | I think I even made a script in lua to do it automatically | commandlinefan wrote: | When my son was younger - maybe 9 or 10 or so, we were on a plane | and he was using his phone and I looked over his shoulder and | realized he was on the internet... but I hadn't paid for an | internet plan. I said, "son, how are you using the internet?" He | said, "oh, a kid at school showed me - if you go here" (he opened | up the wifi settings where the DHCP assigned IP address is) "and | start changing the numbers, eventually the internet will work." | Apparently, at the time, on American Airlines, when somebody | bought and paid for an internet plan, it gave them an IP address | and authorized it to use the internet... if somebody else guessed | your IP address (which was pretty easy, it was a 192.168 address) | and spoofed it, they could take over your internet connection | with no further authorization. | | I had to tell him not to do that, but I was kind of proud of him | for having the temerity to go for it. | iancmceachern wrote: | Legend, your kid is a legend | noduerme wrote: | Wait, they like, opened up a private local IP _on every plane_ | for some guy who paid for a certain dedicated one?! | elif wrote: | Plot twist, he used your credit card and you are proud of his | social engineering skills. | cromka wrote: | There's a way to workaround virtually any kind of gated | Internet access: DNS tunneling | (https://github.com/yarrick/iodine) | | It's slow, but it works and is a handy "last resort" tool. | nerdbert wrote: | Painfully slow. I would not call it usable for any modern | workflow. | kabes wrote: | I used dns tunnels a lot in the past. I wonder if techniques | like this still work these days | 1vuio0pswjnm7 wrote: | The LAN here seems relatively small and fixed, i.e., the number | of passengers on a flight is known and does not change during | flight. The airline could easily assign a unique IP address to | each seat (ticket) without using DHCP. | | This is generally in contrast to other instances of public | Wifi. | groby_b wrote: | Good luck finding out which seat that _wireless_ connection | is coming from, though :) | hunter2_ wrote: | The user would scan their boarding pass to get connected. | grishka wrote: | What if someone has multiple devices they want to connect? | Most people would travel with at least two devices. | ValentineC wrote: | For Panasonic's in-flight wifi specifically, a login would | only work for one device at a time. | | Great time to have an Android device with hotspot handy. :) | hunter2_ wrote: | The fact that newer phones (Pixel at least) can use WiFi | (client mode) as the WAN/uplink side of its hotspot stack | (NAT, AP, etc.) is pretty neat. Not long ago, only the | cell modem could serve in that capacity, as far as I'm | aware. Frankly I'm surprised a single WLAN radio can pull | that off. I pay the $8 on my phone and share it to my | laptop and whatever devices my travel companion(s) might | have. | | Most laptops can't do this, right? | grishka wrote: | > Frankly I'm surprised a single WLAN radio can pull that | off. | | Maybe at the cost of latency because it has to switch | channels back and forth? | | > Most laptops can't do this, right? | | Any laptop can do this if you plug a USB WiFi dongle into | it :P | cromka wrote: | It doesn't have to switch channels, it will create | another station using same channel. | avidiax wrote: | > Maybe at the cost of latency because it has to switch | channels back and forth? | | Not necessarily. It can be a client on 2.4Ghz and an | access point on 5Ghz. Even without that, if it has MIMO, | then one of the antennas can be receiving 2.4Ghz while | the other is sending (at least in theory, if the | crosstalk between the antennas is low and the selectivity | of the receiver is sufficient). | Sophira wrote: | Windows has been able to do exactly this since Windows 7! | It's called Wireless Hosted Network[0], and if you've | ever seen the "Microsoft Virtual WiFi Miniport Adapter" | (Windows 7) or "Microsoft Wi-Fi Direct Virtual Adapter" | (Windows 10/11) in your list of network adapters (it may | be hidden), it's there specifically to enable making a | hotspot while being connected to a wireless network. | | [0] https://learn.microsoft.com/en- | us/windows/win32/nativewifi/a... | quickthrower2 wrote: | And probably 2 more simple steps to the credit card number of | that paying customer. | babypuncher wrote: | A slightly more ethical solution, for those wondering, is SSH | tunneling. A lot of gated wifi networks allow SSH traffic | through without payment. | | I used to spend a lot of time at JFK back when they still | charged for WiFi. I watched a lot of Netflix for free by just | logging into my router and opening a tunnel to my VPN server. | Wowfunhappy wrote: | Do you know why they let SSH through? | jrockway wrote: | The rule is probably something like "if !paid: deny tcp 80, | deny tcp 443". (Hopefully they got UDP for HTTP/3.) I | suppose this has the desired effect of captive portals | (break GMail until you pay), without having to field | support requests from geeks ("I paid but SSH doesn't work, | refund me"). I think their plan is that whatever obscure | app you're using negotiates over HTTPS, but then actually | transfers the data over some other port. I bet things like | Zoom work that way. By not touching the obscure data paths, | you avoid support requests. | | Either that, or they just felt like throwing a fellow nerd | a bone. If you ask the PM, "should I block SSH" they'll say | yes, but if you just put it in there, who knows ;) | extraduder_ire wrote: | Whoever set that up probably wanted it for their own use, | both for easily managing the system when they need to | work on it, and for themselves when they're travelling | anywhere. | | If I'm ever in charge of rigging up a captive portal | system like this, I'm certainly going to do something | similar if I can get away with it. Maybe even put a hint | on how to bypass in the portal's page source. "ssh works | on port 46969, don't tell anyone." > rot13 > base64 -> | "cache-burst-ID: ZmZ1IGpiZXhmIGJhIGNiZWcgNDY5NjksIHFiYSdn | IGdyeXkgbmFsYmFyLgo=" | | May be too obscure though. | jrockway wrote: | Honestly, I think captive portals are probably on the way | out, given how good 4G/5G is these days. I am not sure | what business traveler wants 10kbps hotel wifi for | $30/day when their phone gets 600Mbps down and 30Mbps up. | colordrops wrote: | Basically IP war-dialing. | skripp wrote: | > I had to tell him not to do that, but I was kind of proud of | him for having the temerity to go for it. | | You told him off for such a small thing? You were impressed but | didn't give encouragement? You are a horrible parent. | logeist wrote: | What does your son do now, if you don't mind me asking? That's | the kind of stuff I was poking around with then add a year or | two. | commandlinefan wrote: | Ha, he's a CS major at UT. | pak9rabid wrote: | lol, I used to do this all the time at non-free wifi hotspot | locations, only I'd start off with a ping sweep of the entire | subnet (nmap -sP) in order to get my ARP cache filled with a | bunch of potential usable IP/mac addresses on the network. From | there, I'd iterate through each one and set the IP & mac | address until I found one that would let me through the | firewall. | | Granted, being a NOC engineer at Wayport (now AT&T WiFi) | certainly helped me understand how it all works. | zikohh wrote: | Recommended any blog posts? | aeternum wrote: | Yes the key to doing this more seamlessly is to spoof both | the IP and the MAC so your machines are not constantly | fighting with the other person over the ARP table entry. | colanderman wrote: | Aren't you then fighting the switch's port learning? Or | RSTing each other's TCP connections? | withinboredom wrote: | Its wifi. You both just pick up the same frame when it is | broadcast, then it sees two stations (a level below IP) | with the same MAC. Most routers just don't care about | that. (it's technically a valid edge case that two | stations have the same mac address. It should be | vanishingly rare in the wild ... but this is a practical | example of why it isn't). | [deleted] | herpderperator wrote: | So if two wifi clients have the same MAC and IP, | everything works fine for both of them? | yebyen wrote: | "everything works fine" might be overstating a bit, but | what happens to packets you weren't expecting when you | don't have a connection open for them to go into? They | probably get ignored by the network stack. | | Worst case scenario, the router/service endpoint sees | your connection responses and the other party's strange | NACK responses, but I honestly don't know enough about | how it works to say "everything works fine" | | I'd guess that connectionless protocols will work fine | and connected protocols will also work fine. The truth is | probably YMMV by protocol, but there is truly no way for | the wifi router to detect this is happening or isolate | the redundant stations - it's an unencrypted broadcast. | The only way this goes sideways is if a connection | protocol is engineered to make it go sideways when you | try to do that. | | I'm pretty sure that any such protocol which succumbs to | any unencrypted (or incorrectly keyed) traffic that isn't | from the designated counterparty is insecure to begin | with. It should be resilient against DoS, so most | protocols aren't going to have that vulnerability. Again, | I'm guessing, but I'd hope. | hatware wrote: | [dead] | richardwhiuk wrote: | If there's multiple hotspots behind the same controller, | you may well get switch port fighting. | withinboredom wrote: | If STP[1] is enabled, but that is unlikely since you'd | have dropped connections when roaming for the reasons you | just gave. Most likely, STP is not enabled on these | networks. | | [1]: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol | Sesse__ wrote: | STP detects loops between switches, not MAC addresses | moving between them (or between APs). | cereal_cable wrote: | A switched port learns the Mac address for packets sent | into it. If port 1 sends a packet with Mac a, the switch | associates that address (a) to port 1. When another node | sends a packet onto another port with the same mac, say | on port 2, the switch will move the learned address a to | port 2 and remove it from port 1. | | When a switch has learned a mac address all traffic | destined to that traffic would be immediately switched to | that port. If the switch has no record for that specific | mac address it floods all ports except the ingress port. | This is expensive and means other devices receive traffic | that isn't intended for them so they waste time dropping | it. | | So in networks that have no protections against those | attacks then this could very well be a problem if there | are multiple access points and the two nodes are on | different access points. | withinboredom wrote: | Except that this is a normal thing on wireless networks. | A station may roam many times within a few minutes, and | due to reflections, may even be in more than one place at | a time. | Fatnino wrote: | "vanishingly rare" | | I once bought a cheap Bluetooth dongle from China. Its | MAC address was 11:11:11:11:11:11 Obviously there are now | a lot of bluetooth dongles in the wild with the same MAC | address. | colanderman wrote: | Yes so that is the hub case (2nd half of my comment) -- | clients will RST each others' connections then. Unless | you are MAC cloning but not IP cloning. | withinboredom wrote: | A computer doesn't send a RST when it gets an unknown | packet... | londons_explore wrote: | Usually doesn't matter... The other person will get | frustrated and disconnect and reconnect a few times, and | finally give up and read a book... | daveevad wrote: | > The other person will get frustrated and disconnect and | reconnect a few times, and finally give up and read a | book... | | That makes me really reconsider my past struggles with | this form of Internet access. | Arrath wrote: | Yeah... | cutemonster wrote: | Time to consider instead: walk through the plane, look | angrily at the other passengers, one at a time, asking: | "Do you use 192.168.x.y?". That can solve the problem | daveevad wrote: | Presumably there is a way to find out which other | wireless client is impersonating another in a confined | environment like an airplane. | | A multicast packet might vary based on physical distance | to the imposter? | brookst wrote: | Or convince the flight attendants to including "MAC | address spoofing" in the spiel about destroying or | tampering with lavatory smoke detectors. | duckqlz wrote: | If any lawyers or FAA employees are reading this I'm | genuinely interested in what, if any, legal implications | there would be for running nmap mid flight on an airline. | Surely once you have spoofed the MAC address and IP of | another passenger to gain unauthorized access to the planes | LAN you have committed a crime but what about passively | scanning? | masukomi wrote: | are you asking if its a crime to read information they've | publicly broadcast? | | Because if that's a crime we're screwed because then it's | illegal to read, or listen. | marktangotango wrote: | We should not be surprised how much ignorance there is | around this. Networking even for technical people can be | a "black art". | | https://www.theverge.com/2021/12/31/22861188/missouri- | govern... | LtWorf wrote: | Normally ping is disabled on those networks? | walth wrote: | Yup. And we normally have client L2 Isolation. | shredprez wrote: | I typically just praise with upvotes, but I'm feeling | grateful today: anecdotes like this one and gp are why I love | hn | sprokolopolis wrote: | I used to do this on airplanes and in hotels. I had more | success in hotels, because there was less chance the other | person was using it at the time and less chance of getting | kicked off. | | There was another little hack that I used as a little kid. | Remember when airlines would sell or rent special headphones to | watch inflight movies? The port was just two holes beside each | other and the plug was two tubes. Before a flight, I would stop | by one of the fast food places in the terminal and grab a | handful of straws (preferably ones with a bendy joint). When I | was on the plane I would connect the straws by fitting them | into each other to create a long straw. Put one end into the | port on and the other into your ear and you got free movies | with audio! | barrkel wrote: | How long ago was this? | | 20 years ago, all I saw were dual mono bayonet jacks you'd | need an adapter for to plug in normal headphones, but straws | would get you nowhere. | | I was curious so I searched: | https://simpleflying.com/inflight-entertainment- | headphones-e... - pneumatic headphones from the 1960s were | used on Delta as late as 2003, but electronic headsets | debuted on 767 in 1982. | | Apparently the dual mono jacks are to discourage people | taking the headphones, rather than restricting access to | audio. | vertnerd wrote: | Interesting that I have only flown once since 9/11. Almost | all of my flying took place in the three decades prior, so | the pneumatic headsets are the only ones I remember. | plg wrote: | As a kid in the 80s we used to fly YVR-HNL every winter ... | always pneumatic earphones. | lathiat wrote: | Fairly sure I still saw pneumatic ones sometime in the | 2000s in Australia. | nottheengineer wrote: | Then why isn't at least one of those jacks a TRS so you can | use normal headphones? | mikaraento wrote: | On newer planes both of them often are | IIsi50MHz wrote: | My last four flights used only stereo 3.5mm plugs. | sprokolopolis wrote: | It was when I was a kid in the 80s and 90s. Yeah they were | on old planes that were just still in use. | rhuru wrote: | Your son is in good company. | Obscurity4340 wrote: | Kids discover the darndest hacks | josh_carterPDX wrote: | There used to be an app that would scan the ip and mac | addresses on the network that were already connected to the | internet. You could then change your settings to one of the mac | addresses and when they were done you'd get the connection to | yourself. | | I used to travel a lot for work and just refused to pay for | WiFi. This was good in airports and coffeeshops when you still | had to pay to connect. | | Now it's hardly needed, but I could see how it would be helpful | where there's still a cost to connect. | cromka wrote: | It's not an app, per se, but a concept of setting your WiFi | card into monitor mode and listening to the radio traffic. | Kismet is one of the suites that does that. | josh_carterPDX wrote: | True. I just can't recall the name of the platform I used, | but it was something similar to an ip address scanner which | gave me a list of all devices already connected to the | network along with their mac addresses. | lukas099 wrote: | Expect cops on your doorstep for CFAA violations by the morrow. | lukas099 wrote: | It was a joke. | Eumenes wrote: | 9-10 seems young to have a phone, smart kid though | eru wrote: | The older generation had Game Boys at that age, too. | Eumenes wrote: | Game boys didn't have app stores, web browsers. | wferrell wrote: | This is an amazing story. Thanks for posting. | afterburner wrote: | > for having the temerity to go for it | | Well, if he doesn't know there's anything wrong with it, it's | not really temerity. | hunter2_ wrote: | I think kids sense wrongness even when the act is deemed | victimless, repercussionless, etc. -- it's pretty clear that | a thing was achieved that someone tried to prevent, and | undermining someone's effort is typically wrong. Tough to | think like a kid, though! | kxrm wrote: | A few years ago I was on a Southwest flight and had OpenVPN | running because I forgot to turn it off. I was able to access | the Internet through my tunnel without paying for access. I | guess at the time they were only port blocking common ports | (80, 443, 53 etc) if you didn't pay. They have since closed | that hole. | chankstein38 wrote: | For this same reason you used to be able to send messages via | platforms like whatsapp without internet as well! I don't | remember the airline I just remember I hadn't paid for | internet but I could message and do a few other things but I | couldn't browse the internet. | bayindirh wrote: | If it's Turksih Airlines, they also provide unlimited | messaging on board, free of charge. | nerdbert wrote: | KLM and United for sure have free in-flight messaging (at | least as of a few days ago, the last time I used them). | | It's interesting what does and doesn't go through. e.g. | Facebook notifications update, but not the content. I guess | that's because they use the same channel as FB Messenger. | thedanbob wrote: | That was probably deliberate. I flew United recently and | they advertised free wifi for certain messaging apps, or | you could pay to access more apps or the general internet. | MostlyStable wrote: | I also flew united recently and, in addition to the free | messaging access, they also provided free access to the | inflight entertainment, in case you wanted to watch it on | your device instead of on the screen. | | I would have loved to take advantage of this since my | wireless earbuds were significantly better than the wired | pair I had. Unfortunately, a little pop-up warned me that | this was not available on Android 13 devices. I was more | than a little annoyed, but also curious as to why this | might have been the case. | xattt wrote: | There was a report in the early to mid-2000s where | someone got iChat AV to work, partly because it was | fairly obscure and likely the network engineers didn't | consider blocking it. | kshacker wrote: | Here's my hack for United's free messaging. Works on iOS, | and makes the flight more useful than before, but not as | good as paid internet. | | Messaging and Notifications basically follow the same | protocol. Even though I usually have notifications | disabled, I go and activate it for anything I care about | - News, Weather, Slack, Whatsapp (yes I have that | silenced). Every single message pops up as a | notification. Could be bank alert, Ring alert, homekit | alert, whatever ... it just shows. So you can keep tab on | things you care about, and if you are really needed, well | you can pay and get on the full Wifi. And anyways you can | iMessage to communicate if needed. | alwayslikethis wrote: | I flew United recently, and I was able to use the free | messaging service for basically everything without any | intervention from my part. It's just a tad slow. Not sure | if it was intended or not. | Kikawala wrote: | It also worked on Alaska Airlines and American Airlines. | smfjaw wrote: | Love stuff like this, it's how kids get into computers. I used | to make minecraft servers for my friends and I to play on when | I was 12, which lead to a software engineering career. Sounds | like you've got something similar on your hands | hot_gril wrote: | Minecraft servers and scanning IP addresses also mix in | mischievous ways, especially servers with no whitelist... | KMnO4 wrote: | I used to do the same thing at hotels. Still often works. | nmap -sn 192.168.0.1-255 | | To find everyone on the network, then start spoofing each of | their MACs until you find one that works | savrajsingh wrote: | I should probably know the answer, but what happens when two | devices have the same MAC address? | commandlinefan wrote: | No way to tell for sure, but I can only assume that he had | actually hijacked somebody else's connection and the other | person's device stopped working for them. I sure wasn't | going to stand up and ask the plane if anybody had had | their internet plan hacked... | ahoka wrote: | That's not how it works, but probably made someones | browsing experience worse. | _joel wrote: | Buy a plan then clone the mac of that device, white hat | it. Might have killed a bit of time (unless you needed | sleep) :) | eru wrote: | That's fun, but why not just buy a plan for one device, | and then start a wifi hotspot on that device to share the | connection? | AdamJacobMuller wrote: | "it depends, nothing good" | | Network devices forward (switch, more technically) packets | to and end device based on an internal MAC table (send | packets for DE:AD:BE:EF to interface ge-0/0/0.0) and most | devices populate their MAC table simply by looking at input | packets and sending the "next" packet for that MAC address | out the "last" received interface. | | If two devices in a network have the same MAC address, they | will effectively "fight" for control of the packet flow. | You can win that fight by sending a lot of packets. | | In practice, the other person is going to get annoyed and | give up. | | There are lots of technology which avoid this issue now, | but the two primary ones are 802.1x (used in | corporate/government environments) and DHCP snooping which | can be much more broadly deployed. 802.1x is very | complicated and I won't go into it, but, DHCP snooping | works by limiting L2 forwarding (MAC table population) to | only what the DHCP server says the end device should have | and it does this just by inspecting the DHCP replies (no | custom protocol) with some vendor specific extensions on | the DHCP server side for complex scenarios (you can even do | things like put ports in a specific VLAN based on the DHCP | reply). | | This works fine on a physical layer and most hotels are | probably using something similar now (less for malicious | abusive reasons, though that's a thing) but also just to | work around poorly behaving devices and to reduce customer | complaints. If you care (and have a modest amount of money) | MAC and IP spoofing are dead on the physical layer. | | For the wifi layer, very similar stuff exists in high-end | gear (Rukus/Cisco) and is starting to trickle down to | prosumer level gear like unifi. If you care (and have | serious cash for Rukus) MAC and IP spoofing are also dead | on the wifi layer. | EvanAnderson wrote: | > "it depends, nothing good" | | Fun anecdote from the early 2000's re: duplicate MACs: | | Embedded IP time clock kept intermittently barfing out | frames with the source MAC addresses of other devices on | the network. The switch would update its MAC table and | direct packets to this device. The Customer's AS/400 | would kill all remote terminal sessions when the clock | ended up w/ the AS/400's MAC. (They were doing a layer | 2-based connection to the AS/400-- APPN, I believe it was | called... Ugh, it was temperamental and didn't like any | layer 2 "hiccups".) | | MAC addresses flapping between ports is one of those | "breaking the laws of physics" kind of problems that | teaches you to question your assumptions. Gear with a | crazy brain can do anything it wants to and it doesn't | care about your assumptions. | AdamJacobMuller wrote: | > it was temperamental and didn't like any layer 2 | "hiccups" | | The clock was probably doing the "correct" thing when it | got a TCP packet for a connection which it didn't | recognize and sent back an RST, which caused the client | to abort. | | > kind of problems that teaches you to question your | assumptions | | Yep. I learned a lot from dealing with large layer-2 | networks (commonly running on hardware not suited for the | task). Mostly I learned to never run large L2 networks. | spmurrayzzz wrote: | It more or less turns into an ARP cache race, only one | device is gonna win. You can do some tricks with gratuitous | ARPs as well for "dumber" networks, but more sophisticated | setups usually have some broadcast ARP filters that are | tied to an auth layer (radius, 802.1x. etc) and will drop | broadcast frames from un-authed hosts. | sznio wrote: | Since Wi-Fi is a broadcast medium, shouldn't it not matter? | With a switch it would break things because MAC tables, but | a Wi-Fi AP is a hub. Each device will receive packets for | both devices, sure, but will that break things? | | I know Windows gets upset when that happens but the network | seems to still work. | Cpoll wrote: | I should probably know this too, but I'll speculate wildly | instead. | | MAC is Layer 2, IP address is Layer 3. One way or another, | the packet destined for the person you're spoofing will end | up at your computer and work its way through the layers. | From there, if it's a TCP/IP packet, I think it'll get | filtered out at Layer 4 (transport) because your computer | wasn't one of the parties that initiated the TCP connection | (the sequence numbers won't line up, etc). | | Packets being broadcast to multiple machines is common | enough in various network setups, it's up to the individual | machine to decide whether to process or drop the packet. | angry_octet wrote: | That greatly depends on whether the medium is broadcast | (like a radio) or broadcast-like (a shared copper wire) and | if it has CSMA/CD logic. Many of the replies are losing | that detail and thinking of how it would effect a | 1000base-T network, which maps MAC addresses to specific | ports. | | For a broadcast network, the answer could be 'nothing' in | the sense that both receivers would get the same traffic. | The IP stack would then throw away packets destined for the | other computer unless they were UDP broadcast or multicast, | and even then it would only notice if someone was running | Wireshark. | | Advanced wifi devices/meshes will use beam forming and mesh | allocation and might degrade if there were MAC duplicates, | but I think they will generally operate in a non-exclusive | basis due to end point movement and fading, so both | computers will get a good data rate. | | In summary: it's fine. | colanderman wrote: | Can't this often result in the two machines RSTing each | others' TCP connections, depending on firewall settings? | queuebert wrote: | Only one way to find out. | _joel wrote: | ARP entered the chat | rolph wrote: | this seems to be a decent answer written up ready to go. | | https://serverfault.com/questions/462178/duplicate-mac- | addre... | | what happens depends on your LAN setup, but generally its a | fail. | time4tea wrote: | ISTR SunOS4 panic if it saw duplicate IP address on the | network. | | sync boot | lupire wrote: | Does that work if both of you are trying to send/receive | packets at the same time? | system2 wrote: | WiFi signal is received by both. Packages are ignored if | they are not requested by either one of the systems. You | can also receive anyone else's packages while you are using | your internet but ignoring the ones you don't need. (If | interested try aircrack-ng.) | ahoka wrote: | Only if it's unencrypted, of course. Rarely the case | nowadays. | ruune wrote: | If it's important but you got time, you could always save | the packets and crack them when quantum computing comes | out for consumers. You have to wait a couple of decades | probably, but maybe it's worth it | pests wrote: | NSA is already taking care of that in Utah. | angry_octet wrote: | Your computer will still receive the packets from the | radio layer, it just won't have the right key to decode | the other recipient's traffic. | ahoka wrote: | Of course if you don't sit in a Faraday cage you can | receive any electromagnetic waves around you. But you | can't actually receive other users IP packages. | fragmede wrote: | Yeah, the client OS will reject the "bad" packets destined | for the other device as unknown. | louison11 wrote: | This is what I did about 7-8 years ago on flights when I was | still a reckless teenager. Would just wait for people to buy | the plan, then spoof their Mac address. There was also a | specific airline, although I can't remember which one, which | let me in for free without MAC spoofing - by using a Google | Cloud VPN I had previously set up. The paywall was | essentially blocking all IP ranges except for Google servers | for Google Analytics. | ApolloFortyNine wrote: | Similar is probably possible on cruise ships, I noticed on | Carnival you could still get notifications from discord (I | assume because most android notifications go through cloud | messaging and it's required for their own app to work | without internet). | Scoundreller wrote: | Took an airline that required an app to pay to connect... | but also opened up a window of a few minutes of open access | to let you download said app from the iStore. | | I always wondered if there was a way to further exploit | that. | withinboredom wrote: | IIRC (assuming it was the same airline), it didn't close | existing connections once the time ran out, so you'd just | ssh to a server and proxy through that. When/if the | connection dropped, you'd just change your mac address | and start over. | SileNce5k wrote: | This is what I used to do at home when my dad would turn off | my internet access (by whitelisting MAC-addresses. Before | that he blacklisted MAC-addresses, but I just used the built | in way to change it with each connection on windows until he | found out.). My mom rarely used her PC so I would just change | my address to hers. It worked until she had to use it and at | that point none of us could access the internet. | pantalaimon wrote: | I've never been at a hotel that charged for WiFi - is that a | US thing? | lukas099 wrote: | It's not unheard of but it's probably been a decade since | I've been to one personally. Some have free WiFi just for | guests (probably good since the bandwidth is so saturated | already). | brewdad wrote: | The last couple of hotels I stayed in had free "basic" | wifi for guests. Elite status could get higher speeds for | free or anyone else could pay something like | $10/day/device to get higher speeds. | | I just switched to my cell phone data if the wifi was too | slow. | louison11 wrote: | Yes. You often also have to pay for parking in many places. | The price you see online is rarely what you pay for. But | that's part of the culture, it's the same for restaurants, | online purchases etc. | lukas099 wrote: | The sticker price is almost never what you pay, since tax | is almost never included. Not sure how or when that norm | diverged from the Euro one. | xp84 wrote: | I suspect the "how" is that we just never got the | regulation that would prevent it because the 'small- | government and low taxes' are aligned perfectly with the | large business interests which tend to fund all | campaigns. The "low taxes" types want to maximize the | sting of all forms of tax and this is a great way to do | that. And the businesses appreciate the psychological | benefits of being able to show the minimum possible | number. Even if a "display only the final price" rule | applied to all a consumer's options, we probably just buy | things more when they're labeled as "$99.99" instead of | "$109.99." | | For extra fun, consider how phone bills attempt to "pass | through" their own tax obligations, which have little to | do with your own incremental usage, in the form of | 'recovery fees' tacked onto bills. I suspect we'll | eventually see those creep into all kinds of | transactions, especially among other | monopolistic/oligopoly businesses where you have little | if any choice. | sokoloff wrote: | > we probably just buy things more when they're labeled | as "$99.99" instead of "$109.99." | | That's basic price elasticity of demand and entirely | unsurprising. When something costs 10% more, people buy | less of it in general. | | We also buy more things priced at $99.99 than at $100.00, | which is more of the psychological trick than it is | rational price elasticity. | ericjmorey wrote: | The 2 largest retailers on earth have discovered that the | x.99 prices make you less money than pricing at x.99 plus | some arbitrary number between .99 and .01. | extraduder_ire wrote: | I think the EU law on that is the "Price indication | directive", and AFAIK, it's been around since 1998. (may | have replaced an earlier directive, my google-fu is | lacking) | | I think the norm is to show whatever price you want, with | some countries banning that for fairly obvious reasons. | refurb wrote: | I'm imaging it's because states and even cities can have | differing sales tax rates. | | Hard to advertise to a wide audience when the final price | after tax is one of 12 different prices depending on | where they live. | extraduder_ire wrote: | That's a weak justification to apply to prices listed | right where the product is sold. Like, if one uses a | sticker gun to put a price tag on a product itself. | | I don't know of any US businesses other than waffle house | that always include all taxes in the listed price, | however. | refurb wrote: | There are laws against adding in taxes on listed prices | in places like NJ, likely others as well. | | Regardless, I'm not sure why people consider it such a | big deal. It's consistent across the board and it's | relatively basic math to estimate what the total would | be. | | I've lived in places that do it both ways and it's a non- | issue. | havnagiggle wrote: | Dialup speeds is free, but if you want to taste those | megabytes, you better fork over those megabucks. | mmahemoff wrote: | Thankfully competition from AirBNB made them re-think the | idea. That's my theory why it mostly went away anyway. | | There's still some stragglers though, offering "basic" | access free but charging for higher data limits, faster | bandwidth, more devices. You can often get the higher plan | just by signing up for the hotel's loyalty program. | ApolloFortyNine wrote: | It's a business hotel thing, oddly all the cheap chains | will have free breakfast and wifi, but often something like | the Hilton will be pay for both, likely because the | clientele they're targeting is business employees who will | just expense the whole thing. | nelgaard wrote: | It used to be common everywhere. | | From my point of view, free WiFi became normal when it | became less important because of affordable mobile | internet. | | From the point of view of the hotels it was about | recovering their missing income after customers got mobile | phones and stopped paying half a dollar per minute for | using the hotel phones. There was a period when both mobile | roaming and hotel WiFi was expensive, so I often went out | from my hotel room and bough a local SIM-card to get | internet access. | | What annoys me most, is that only when I finally could get | a laptop that would work a full transatlantic flight on one | charge, then suddenly airplanes all got power outlets. | Spooky23 wrote: | Conference hotels often soak the companies with booths for | internet access. One place I did for my company demanded | $1500 for 3 days of internet access for up to 5 devices. | | In-room, you get free internet access, but in the | windowless ballroom with spotty cell-service, there's | nothing available for free. | rootbear wrote: | I've also seen the opposite, where in-room Wi-Fi was | charged, but in the hotel's function spaces, it was free. | The economics of this are confusing, at best. I have also | had the situation where the in-room wi-fi was so slow | that using my phone as a hot spot was faster! | reichstein wrote: | If they give you free internet in your room, you won't | pay for their pay-TV. Especially the kind you won't be | watching in public areas. | | "Follow the money" | Spooky23 wrote: | Sometimes that because the operator got hosed in a | contract with a network provider. I used to see that a | lot in full service hotels. | OkayPhysicist wrote: | It used to be more common about 10 years ago, but | especially so among hotels catering to business travel. | Your Motel 6 would probably have free wifi, the Hilton | wanted an extra $20 a night. | lxgr wrote: | That's an amazing anecdote! | | The state of "open Wi-Fi" security is actually really sad. I'm | not aware of an easy way for the airline to actually do better | than this! | | I suppose they could use Opportunistic Wireless Encryption [1] | and bind session authentication to that (i.e. authenticate a | given OWE session, not a given MAC address) if the device | supports it, as at least modern Apple devices do? But I have no | idea how stable an OWE session is; it would be very | inconvenient to have to login again every time my device | switches between access points. | | In any case, I'm sad that this isn't a solved problem yet, and | paid Wi-Fi (as well as securing free Wi-Fi) still requires | custom and clunky solutions like unreliable captive portals | that need to pass through selective traffic (e.g. for 3DS, for | payments, sometimes emails for password reset codes etc and | more). | | A standardized endpoint and API would also be nice, i.e. | something to tell the client whether it's connected, restricted | (i.e. able to only access a limited set of hosts such as the | in-flight map as described in the article), or needs to | pay/authenticate (and if so, at which URL). This could then | yield an authentication token, to be provided for seamless | reconnections for the same session. | | There's "Hotspot 2.0" and WPA-EAP (i.e. WPA Enterprise), but | these don't really have a good story for "pay via web portal" | style usages and are more geared towards wireless carrier | operated hotspot networks and corporate scenarios, | respectively. | | [1] | https://en.wikipedia.org/wiki/Opportunistic_Wireless_Encrypt... | dangus wrote: | Isn't this data meant to be exposed? You can get all this | flight status on the Southwest intranet when you're connected | to WiFi as part of the flight status page. | | This hack just goes a step further to plot the data over | time. | lxgr wrote: | The concern isn't access to the flight status data (or even | your data, which is most likely encrypted these days), but | theft of service you paid for, by another passenger on the | flight (you would probably at least get kicked | out/experience issues with your own connectivity, and might | worst-case be blamed if something bad happens using the | connection you bought). | dangus wrote: | I'm confused, none of what you're describing is part of | the article. | nenaoki wrote: | It's responding to the scenario described in GGP. | dangus wrote: | Ah, does that hack still work though? I would be | surprised if it did, since the story was from years ago. | nerdbert wrote: | I used to play with IP-over-DNS, which more or less | worked on an awful lot of these plane wifi systems. | Haven't tried it in the past couple years though; it's | always slow the point of barely being usable. You can | probably get your mail via IMAP if you're patient and | nobody's sending you large attachments, that's about it. | vezuchyy wrote: | You can always use an open network to generate passwords for | the proper internet connected WPA-EAP network (along with | some in-flight multimedia like some carriers do). Extra step | for sure but it solves the problem. | | PS: I'm a couch expert so I have no idea if there's a problem | with this idea. | Wowfunhappy wrote: | The first problem that comes to my mind--clients will | remember both wifi networks and may continue to choose the | open network when e.g. waking from sleep. | | The user can go in and forget the open network of course, | but most won't know to do that. | stereo wrote: | It would theoretically be possible to bounce clients | which you know are already authorised on the paid | network. | gorlilla wrote: | QR code to connect to the _open_ but _hidden_ SSID. | Instructs user to join WPA-EAP with supplied credentials | once they've paid. Remains available to connect via QR in | case customer somehow misplaced creds but avoids auto- | reconnect during scan. | [deleted] | IggleSniggle wrote: | Use Bluetooth instead of WiFi for the password generation | channel | lxgr wrote: | You could just prevent access to the wider internet on | the open version! | Wowfunhappy wrote: | Yes but the client will still connect and the user will | wonder why their internet isn't working. | mavhc wrote: | Turns out OWE doesn't work on non ARM Mac computers | Nextgrid wrote: | In cases where the Wi-Fi is provided as a value-add or is | bought via another channel than the Wi-Fi network itself, I | think you can just generate one-time WPA Enterprise | credentials, with a QR code to facilitate data entry? | | In case of in-flight Wi-Fi, the credentials/QR code can be | printed on the boarding pass, or available in the app (the | app caches it in advance while it's still on the ground, so | when in the air you can use those credentials to connect). | | This doesn't cover 100% of use-cases but it would at least | cover a big one (a significant amount of public Wi-Fi is | "value add" to another service - whether restaurants, hotels, | flights, etc where there's an existing channel to provide | one-off wi-Fi credentials over), it's a shame nobody deploys | this. | labcomputer wrote: | I think you could even take this one step further: Have a | captive portal on an unencrypted channel (using TLS | obviously) to do the vending, so that the credentials don't | need to be purchased before the flight. | lxgr wrote: | Oh, these are neat ideas, I hadn't thought of that! | | One concern might be expiring access credentials (not | sure if most OSes will re-prompt for a new password or | just give up), but you could just make the EAP | credentials per-user instead and redirect users to the | captive portal again once needed. | | This leaves clients not supporting WPA-EAP, but these | could just continue using the regular unencrypted/MAC- | authenticated service. | MBCook wrote: | You might be able to just do the sign up on the in-flight | entertainment system and have the user scan the resulting | WR code. | | Only works with IFE equipped planes, of course. | eru wrote: | Well, the customer also needs to futz around with | scanning a WR code, and get it from the device she | scanned it on to the device she wants to use the wifi on | (if they ain't the same.) | | Though you could route around these problems, but giving | them both a scannable code, and underneath some | credentials as plain text they could type. | cxcorp wrote: | What if the captive portal just had a link (or on an IFE | screen, a QR code) that connected your phone to a different, | WPA2/WPA3 protected, hidden WiFi SSID that was generated | exclusively for you? Phones nowadays support joining a | passphrase protected WiFi AP via a QR code, so I'd imagine | that's doable. The hard part would be finding routers that | support >300 different hidden SSIDs, but honestly I would | hope that that is technically feasible nowadays. | | That way you'd at least have the protection of the WPA GTK. | tharkun__ wrote: | This. And even if the >300 is not available, how many | people _actually_ buy Wi-Fi on the plane? _That_ is the | number of clients that need to be supported. And if that 's | still a problem (or you don't want to guess), the SSID can | be hidden and static and the only thing non-static is the | password that works for just the duration of the flight you | are on. | pbhjpbhj wrote: | So you just take a photo of anyone's QR code? I'm not sure | the hidden SSID achieves anything, that is presumably | plaintext in the wi-fi transmission? | eru wrote: | That QR code would only be displayed for a short time, | and mostly only people sitting directly behind you could | snap the picture. | | It's not airtight, but better than the system it would be | replacing. | cxcorp wrote: | The hidden SSID stops the users' WiFi list being full of | random, password protected SSIDs when they just want to | connect to the open portal WiFi. | zekica wrote: | You can have an AP accepting multiple different WPA2-PSK | and/or WPA3-SAE passphrases, and since on WPA2 PMK depends | on the password, and on WPA3 PMK is different for each | client, you can put them in different VLANs or have per PMK | MAC mapping if they share the same VLAN. | tpolzer wrote: | The AP still has to send regular beacons for each hidden | SSID, taking up air time. | intellix wrote: | When I don't have internet and nothing else to do, I'll spend the | entire flight trying to get free internet | 1B05H1N wrote: | Did you have permission to do that ? Sounds pretty risky to be | probing the network of a flight imo. | Etheryte wrote: | Are you aware what the website you're currently on is called? | WendyTheWillow wrote: | Hackers talk about ethics and legality all the time! | margalabargala wrote: | Does one generally require permission to read a sign that | someone else posts in a public place? | system2 wrote: | The signal is already reaching your computer. You are not | modifying it. It is the same as listening to radio. | jamesbvaughan wrote: | No permission - just curiosity :) | | I'm not too concerned about the risk associated with fetching a | JSON file that their flight status page is already fetching on | a loop. That said, I'm curious what risks you have in mind. | mulmen wrote: | > That said, I'm curious what risks you have in mind. | | Overzealous prosecutors. | fouc wrote: | There's no "probing the network" involved here. | | The in-flight webpage was continuously fetching a specific end- | point from the in-flight web server. | | This end-point is basically public data. | | All he did was duplicate what the webpage was already doing, | and then do some basic analysis on the data the end-point was | returning. | mulmen wrote: | Tell it to the judge. | mcast wrote: | Cybersecurity and internet crime laws are notoriously | outdated (created in the 80s). I could see a bad lawyer | arguing that cURLing an API repeatedly is "hacking". | extraduder_ire wrote: | Or getting tackled by an air marshal when someone sees | white text on a black background and yells "hacking!". | soupfordummies wrote: | Fun read! Reminds me of the type of articles I would find in | 2600. The hacker spirit at work :) | dekhn wrote: | Wait, doesn't everybody set up a prometheus/grafana dashboard for | each flight to show the telemetry? | system2 wrote: | I usually connect to the cockpit directly with rj45 to keep it | stable. Sometimes even talk to the pilot with the encrypted | coms. | H8crilA wrote: | Talking to the pilots costs about $200 and is really easy, | though very illegal - just find out which ATC freq are they | currently on and transmit, from a handheld radio or a HackRF. | You could also transmit on Guard. | | If you prefer to text rather than speak you can send them | ACARS, with roughly the same hardware. Though if you use a | handheld radio you'll also need a laptop to generate the | baseband signal, as I don't think there are any commercially | available ACARS transmitters. | | (Please never do this, you'll go to jail for a long time). | dekhn wrote: | I just listen (with an SDR, I never got a HackRF because I | don't transmit). Where I live I can see planes on approach | to SFO and can cross-reference flight codes on the radio | with planes that I can see flying by and on flightradar. | benced wrote: | Another thing to notice: they use the highly nonstandard time | zone abbreviation "PDT". This works because they're a US-only | airline but if an international airline did this, they'd be in | for a world of hurt. | everly wrote: | Is it really "highly nonstandard"? I thought it referred to | Pacific Time during daylight savings. The rest of the time | being PST (Pacific Standard Time). | wil421 wrote: | > Specifically, time in this zone is referred to as Pacific | Standard Time (PST) when standard time is being observed (early | November to mid-March), and Pacific Daylight Time (PDT) when | daylight saving time (mid-March to early November) is being | observed. | | https://en.m.wikipedia.org/wiki/Pacific_Time_Zone#:~:text=Sp... | . | | What do you think is the correct format? | kube-system wrote: | Southwest has international routes now to popular vacation | destinations south of the US. | jdminhbg wrote: | > This works because they're a US-only airline | | They're not US-only (note that the response included a value | for whether it was a non-US-including flight), but they are | North/Central America/Caribbean-only. | recursive wrote: | How much more standard can it get? | | https://en.wikipedia.org/wiki/Pacific_Time_Zone# | https://www.timeanddate.com/time/zones/ | xxpor wrote: | PDT is extremely standard? | | http://www.timezoneconverter.com/cgi-bin/zoneinfo.tzc?s=defa... | | Granted, I think everything should always be a UTC offset, but | I'm also weird. | benced wrote: | To anyone claiming they're standard: | | > Time zones are often represented by alphabetic abbreviations | such as "EST", "WST", and "CST", but these are not part of the | international time and date standard ISO 8601 and their use as | sole designator for a time zone is discouraged. | | > Such designations predate both ISO 8601 and the internet era; | in an earlier era, they were sufficiently unambiguous for many | practical uses within a national context (for example, in | railway timetables and business correspondence), but their | ambiguity explains their deprecation in the internet era, when | communications more often cannot rely on implicit geographic | context to supply part of the meaning. | | https://en.wikipedia.org/wiki/List_of_time_zone_abbreviation... | | Turns out PST and PDT are safe (no one else seems to use them) | but something like CST is not: it could mean Central Standard | Time (America/Chicago during standard time) or several other | choices like China Standard Time (Asia/Shanghai). | | Ambiguity is bad. | mmaunder wrote: | Bring a Stratus, Sentry or open source equivalent with and you | can get that data for most other aircraft within line of site in | real-time, along with weather, radar, pilot reports and more. | aplusbi wrote: | The `ac` in `actime24` probably means `arrival city`. | xhkkffbf wrote: | On one of the earlier flights with wifi, I found that my Google | docs were saving correctly even though I didn't pay for the wifi | upcharge. The router wasn't blocking those ports. It seems like | this has changed recently. Too bad. | suction wrote: | [dead] | dtjohnnymonkey wrote: | This is fun. I used to build these REST APIs for airlines (not | Southwest though). Fun to see them get some attention! | paul7986 wrote: | If you travel lite with clothes in a book bag(wash clothes if | extended stay)... I don't see why anyone would fly United, | Southwest, American Airlines, etc VS.the budget Airlines like | Spirit. | | Maybe if you have points with those airlines... Otherwise, save | hundreds of dollars using budget airlines which the planes are | newer in my experience, and never had a bad experience versus my | recent bad experiences with Delta and the others in which I paid | a lot more for. Almost all airlines I've had to pay for Internet | access, including Spirit so for me, I don't understand why I | would fly all the more expensive airlines versus using Spirit. | | There's a lot of negative marketing out there about Spirit... | After my 10 positive flights experiences in the last six months | with them I don't believe the hype. | paul7986 wrote: | Sure for me I fly out of a major hub (Baltimore Washington | International) and Spirit flies pretty much to every US city | from there. | | One thing bad about spirit is their extremely horrible refund | policy .. their seats are a bit smaller but not by much. | | Thus far in my ten recent experiences flying Spirit with | clothes & travel necessities in my book bag has saved me lots | of money and my flight experiences have been the same to even | better compared to Dekta, United, Alaska or Southwest. Thus the | first place I now go to book a flight is spirit due to my | experiences and flying out of a major hub. | | I hope JetBlue doesn't get the chance to buy them out ... | Spirit allows a lot of ppl who couldnt afford to fly enjoy a | benefit all should be able too and for me i like saving money! | dboreham wrote: | > I don't see why anyone would fly United, Southwest, American | Airlines, etc VS.the budget Airlines like Spirit. | | I'm on a spoke (not a hub) and just don't have the service | available to use budget airlines even if I wanted to. We have | JetBlue -- they fly to Boston and that's it. We have Allegiant | and they fly to Phoenix (not really Phoenix -- Mesa), and we | have Avelo they they fly to LA (not really LA: Burbank). All | these airlines fly one flight per day, and often not every day | of the week. When I'm traveling somewhere that works for the | budget airlines, I'm still leery because if their plane breaks | down or there is "weather in Cincinnati", I'm screwed. They | don't have a second plane available. | | otoh we have United, Delta, American, Alaska, Southwest with | flights to several hubs each, multiple flights per day, through | international ticketing, first class sometimes open... Plus I | don't pay for luggage on the major carriers due to credit card | membership/status. | itslennysfault wrote: | You must have buns of steel. I flew Spirit exactly once (well, | twice, it was round-trip), and it was such a miserable | experience I swore to never do it again. Their seats are made | of concrete as far as I can tell. | | For domestic flights I pretty much always sit in the window and | never get up during the flight. On spirit I had to get up and | walk around after about 3 hours 'cause my ass was sore. Never | again. | paul7986 wrote: | Did you have a negative view of Spirit before flying with | them? | | Not sure about my backside.. don't do squats lol ... 5'10 170 | itslennysfault wrote: | Not terribly negative, but yeah I always assumed it was | cheap for a reason. I think I'd probably do a 1-2 hour | flight on spirit if it was a good deal. Past that I'll | spend a little money for a more comfortable flight... Guess | I could also just bring a cushion on board with me lol | cityofdelusion wrote: | Just to clarify, Southwest is classified as a budget airline, | especially compared to the "big 3". Spirit and airlines like | them are in their own class called ULCC (ultra low cost | carrier) to differentiate them from the existing budget | airlines. | technothrasher wrote: | Sometimes the budget airlines don't fly to where I'm going, or | do so by long multi connecting routes. I'm currently sitting on | an AA flight because it was the cheapest option with a | reasonable travel time. Honestly, it kind of sucks for all the | usual reasons, but I've at least got free wifi on my phone | through some deal with T-Mobile. | sswaner wrote: | On many United flights you can connect to onboard wifi without | buying the plan and have internet access on port 22 and | apparently unrestricted UDP. This allows me to connect to an EC2 | instance running mosh. Coding in vim is a great way to pass the | time on a flight. | system2 wrote: | Can't you create an SSH tunnel to a machine and RDP with it? | Then you'd have fully functioning internet. | TrackerFF wrote: | Yes, that's standard data which is broadcasted to the passengers | via the plane app/website. Usually the apps will have some "show | position" feature where you can see position, speed, altitude, | ETA, etc. | philprx wrote: | actime24 is possibly for Arrival City time, not aircraft time. | | Fun research! | ern wrote: | Airlines have a moving map on their captive wifi portals. Didn't | know it was rendered client side though. Something to try when I | next fly. | latchkey wrote: | I was just thinking that you could take a picture from the window | and then tie the GPS coordinates to the image with the output | from that JSON. Kind of handy. | jonah wrote: | If you have location permissions enabled in your camera app, | the image's exif data will have the coordinates in it. | | (US Civilian GPS units are prohibited from working above 60,000 | ft above sea level and 1,000 knots due to ITAR munitions export | restrictions.) | extraduder_ire wrote: | I think the "and" in that sentence used to be implemented as | an "or" in the days before everyone's phones had GPS in them. | So you'd need to power cycle the device before it'd work | again. Now most devices need to hit both limits at the same | time before refusing to work. | jonah wrote: | Even now, it seems it may be up to interpretation. In | searching for those numbers, I saw a post in a amateur high | altitude balloon forum asking which modules were "or". | (Presumably since it's a little more likely your balloon | will exceed the altitude restriction and not the speed | one.) | pklausler wrote: | Stupid question: how do civilian GPS units know that they're | above 60,000' or faster than 1000 knots without, um, working? | lom wrote: | I've managed to get a GPS lock while flying, it just takes | a few minutes to find one. Was it misreporting my position? | because it usually matched up with what I saw outside of | the window | extraduder_ire wrote: | Probably because you were in a large aluminium tube at | the time, and had no internet to get the AGPS data, so it | had to receive the orbital elements from the satellites. | (IIRC, this can take as many as 24 minutes worst case) | | If you're using GNSS tracking on a flight, consider | checking out the OSMand~ app for android. There's a map | layout for flying, though I don't know if the navigation | features work. | comprev wrote: | Maybe they read 60,000 even when at 62,000? | 0x457 wrote: | Well, they work internally, just don't expose information | to the outside. | latchkey wrote: | I have pictures from my camera (with location permissions | enabled) that don't have any GPS data in it, or at least the | data is extremely wrong. | jonah wrote: | I can't help diagnose that for you. There are other ways to | get your current location, etc from your phone though. | | I have GPS Test[1] on my Android - it's pretty neat to | launch it while on a flight - seeing the speed in realtime | is pretty fun. | | [1] https://play.google.com/store/apps/details?id=com.chart | cross... | dramm wrote: | "According to this data, the plane's altitude was only | fluctuating by about 20-30 feet. This is more stable than I | expected!" | | Autopilots are very good and they are servoing to the pressure | altitude. | | Many pressure altitude encoders used in modern aircraft (for | example to drive altitudes that transponders report to SSR radar | or via ADS-B) have 25 ft encoding resolution. That 25ft | resolution is likely what is being seen here. Other encoders have | 10 ft resolution but 25 ft is very common. | phkahler wrote: | >> Autopilots are very good and they are servoing to the | pressure altitude. | | It would have been cool to use a phone to record a GPS track | with altitude and compare them. Pressure != GPS. Also wonder if | there would be distinct jumps in the difference if they reset | the pressure based altimeter to a different AWOS. | | Not sure how it works in big planes, but in little ones you | need to set your altimeter based on the local weather. The | weather stations measure barometric pressure at their elevation | and "correct it to sea level" you get this corrected reading | over the radio and set it in your altimeter so your pressure- | based altitude reading is corrected for local weather | variations. Just going out flying for an hour the altimeter | setting when returning to the same place might be off by a few | millibar. | gfo wrote: | You use standard pressure (29.92 inHg) above transition | altitude, which, in the United States, is 18,000 feet. Pilots | wouldn't be changing the altimeter after climbing past this | point, and would start using local values once descending | through it again. | | Of course, your initial point is still correct: there could | be slight variations if using those local settings and | getting different values, but you'd only see that below | transition altitude. | dramm wrote: | The QHN/Kollsman window setting only affects what is | displayed to the wetware. When you strip away all that the | autopilot is just servoing to a pressure altitude. But sure | if you are flying below the transition altitude and are | flying between areas with different QNH settings when you | adjust the setting the autopilot will climb or descend as | needed because you told it to servo to a different pressure | altitude. | | There are many EFB (e.g. Foreflight), or log book, or other | flight recorders you can use on an iPhone. And some can | record the pressure transducer in the iPhone to record an | approximate "pressure altitude". e.g. Naviter SeeYou | Navigator intended for gliders can do that (but it's not | unusual for modern gliders to have an array of sophisticated | air data sensors and specialized variometers and flight | computers that would feed the app this data over Bluetooth). | Popular EFB software Foreflight will not use the iPhone | pressure transducer, if you want pressure data there you need | to drive that through an external interface like a Sentry | ADS-B receiver that has a pressure sensor built into it -- or | much better if the aircraft is equipped with ADS-B Out can | receive the "own-ship" ADS-B Out broadcast pressure altitude | from it's high accuracy encoder). Any in-cabin pressure | traducer will be sensitive to the difference between | calibrated static pressure and cockpit pressure, things like | opening or closing vents, or varying the airspeed significant | (and ram air pressure or suction on the cockpit exit vents) | can cause observable changes. And when using an iPhone or | similar, especially without a great GPS satellite overhead | view (e.g. in high wing aircraft) you are likely not to get | high-quality GPS altitude data. think best case ~ +/- hundred | feet, worse case with little overhead GPS sat view, much | worse... but those consumer GPS app is likely to happily | display multiple decimal points of precision :-) | tim333 wrote: | At high altitude you do this stuff "When you set your | altimeter to 29.92, you're flying at standard pressure | altitude." | | The idea is all the planes use the same setting so the one at | FL35 doesn't hit the one at FL36. But those are not exactly | 35000 and 36000 feet above sea level. | inoffensivename wrote: | nitpicking: that would be FL350 and FL360 | cragfar wrote: | No idea how true it is, but I overheard someone on a flight say | that whenever you feel a real sudden jolt on a plan it's really | only moving like 2-3ft. | jfim wrote: | A plane going up and down 20-30 feet seems like it would be | very unpleasant. Considering that there's longitude and | latitude, isn't it more likely that the altitude is coming from | GPS, which is notoriously inaccurate with regards to elevation? | altgoogler wrote: | When you take off, you're going up at a rate of 500 fpm to | 2000 fpm. Even if you go from +1000 fpm to -1000 fpm over the | course of several seconds, you aren't going to feel much. | | At cruise altitude, you're moving along at 500 mph, which is | 777 feet per second. So going from +30 feet to -30 feet in a | minute is just an adjustment of only about 5 degrees. You'd | barely feel it, even walking down the isle. An acceleration | of 33 ft/sec per sec is 1 g. | | You experience greater changes in vertical motion on any | flight you go on. | | *edit: units | sokoloff wrote: | > So going from +30 feet to -30 feet in a minute is just an | adjustment of only about 5 degrees. You'd barely feel it, | even walking down the isle. | | You would pretty obviously feel a change in pitch of 5deg | walking down the aisle. | | You mixed feet per second and feet per minute. 60 feet of | change across 777 feet of run is about 4.5deg (inverse | sin(60/777)), such as you'd experience if the change was in | 1 second instead of in 1 minute. | | Calculating 60' change in 777*60 feet, inverse sin | (60/(777*60)) is 0.07deg, which is why you don't feel that | change in inclination of the aisle. | chatmasta wrote: | Maybe the plane is staying level but the ground is variable | terrain. | momirlan wrote: | it's the Earth vibrating ... | rockostrich wrote: | Elevation is relative to sea level, not the ground. | funnyflywheel wrote: | This only holds true if you're flying at or above the | transition altitude. The transition altitude depends on | where you're flying: for example, in the USA and Canada | it's 18_000 feet MSL. | danbtl wrote: | It's still sea-level. The transition altitude just | changes the altimeter setting from one that matches the | current air pressure to a standard pressure setting. | funnyflywheel wrote: | I did some more reading, and it turns out I confused QNH | with QFE. | twothamendment wrote: | Yes, the elevation is based on sea level. I don't fly | much and recently landed in Denver and was watching the | altitude on the screen in front of me. As we were | descending we landed well before I was thinking we would, | about a mile in elevation above sea level.. it was "duh" | obvious when it happened, but I was tired and clearly not | thinking about it! | chatmasta wrote: | The plane is measuring _altitude_ , which is relative to | a reference point, unlike elevation which is relative to | sea level. And if the altitude is determined by pressure | sensor, musn't it be relative to the ground directly | below the plane, anyway? | | (Although personally, I agree with the sibling comment | that the variability is likely an artifact of the sensor | resolution.) | victortroz wrote: | It's relative to sea level. After transition altitude | (18k feet in most places) the pressure setting to the | altimeter is changed to standard (iirc 1013 hPa) so all | aircrafts are in the same reference regardless of | terrain. | epse wrote: | Most places in the US, but accurate | adastra22 wrote: | Planes dont measure height relative to the ground. How | would that even work? Their sensor is air pressure, which | is treated as a function of elevation. | jjwiseman wrote: | They do sometimes! Via radar altimeters, when relatively | close to the ground. And sometimes to keep autopilots | from freaking out, we have to build radar reflectors to | make the ground look level to radar even when it's really | not. https://lustublog.com/2017/02/17/artificiel-mais- | pas-superfi... | jjwiseman wrote: | When you climb to the top of Mt. Everest, the air | pressure is about 1/3 of what it is at sea level even | though you're standing on the ground. | chatmasta wrote: | Yeah, you make a very good point. Fortunately the blast | radius of my scientific hubris is limited to whatever | code I manage to deploy to the internet, and I'm not | involved in designing or building aircraft. | | btw: Aren't you the guy who tracks planes flying in | circles? I follow you on Twitter. Such a cool project! | quickthrower2 wrote: | And using the ground proximity to guide a landing instead | of altitude has lead to some crashes I have read. | danbtl wrote: | Planes report pressure altitude via their transponders. 20-30 | feet up and down is very normal for an autopilot. | | GPS altitude is used for vertical guidance for certain types | of GPS approaches (i.e. "LPV" approaches[1]) and requires the | airplane's avionics to be equipped with a WAAS[2] receiver | that provides accurate altitude information. | | [1] https://en.wikipedia.org/wiki/Localizer_performance_with_ | ver... | | [2] | https://en.wikipedia.org/wiki/Wide_Area_Augmentation_System | dhritzkiv wrote: | 20-30 feet change over what timeframe? The resolution of the | chart data in the article is about 30 seconds. While I think | the fluctuation is due to the accuracy of instrumentation, | 20-30 feet change over the course of a minute seems like | nothing. | xvedejas wrote: | That's significantly slower than a typical elevator, in | fact. Slow elevators run at about 200 feet per minute. | pbj1968 wrote: | My elevator takes almost a minute to go from the first | floor to the second floor. I guess I have a slow one. | prmoustache wrote: | Nobody without disabilities would use such an elevator. | jjwiseman wrote: | I don't know what sensors are feeding the API from the post, | but most passenger jets do broadcast information about the | accuracy of their sensed position, including vertical | position/altitude. If you click on an aircraft on the map at | https://globe.adsbexchange.com/, and scroll the left sidebar | all the way to the bottom you'll see a section labeled | "Accuracy". ADS-B Exchange doesn't show Rc/v, the vertical | position accuracy, but it does show other values. See | https://mode-s.org/decode/content/ads-b/7-uncertainty.html for | more information. | dramm wrote: | Pressure encoders, as I said. That's what feeds all aviation | altitude data... i.e. anytime you see the word 'altitude' and | its not qualified with 'GPS altitude' which is effectively | not normally used. ADS-B Out concurrently transmits GPS | height about the ellipsoid data as well as pressure altitude | data. No use is normally made of the GPS height data. We are | discussing pressure altitude data here, that's what aviation | works off of. The accuracy and reliability metrics in the | ADS-B broadcast you are referencing refers to the GPS data | not the pressure transducer/encoder data. In cases of encoder | failure being detected a flag is broadcast and the pressure | aka baro altitude data field is set to all 0. ADS-B cannot | give information about the pressure altitude accuracy or | reliability like it does for GPS metrics. It relies on the | encoders being better than their +/- 125' accuracy | requirement and that's tested for periodically. ADS-B can in | principle broadcast 100' or 25' resolution encoders, that | info is in the messages. The ones here will be 25'. (I've got | a long background with ADS-B related technology, currently | helping the FAA out on some niche stuff). | | edit: trying to improve clarity/correctness but there is too | much to cover here. | jjwiseman wrote: | Cool, thanks for the info. (BTW I wasn't disagreeing with | anything you wrote, I just wanted to mention, since the | topic of resolution/accuracy came up, that lots of aircraft | broadcast information about the accuracy of some of the | sensor data they're reporting, which you can do some pretty | cool stuff with. E.g. that's how https://gpsjam.org/ | works.) | dramm wrote: | Oh sorry I did not think you were disagreeing I was just | trying to be clear and more trying to clear up the GPS | accuracy/reliability metrics like SIL, NIC, NACp and NACv | being broadcast by ADS-B being completely separate to | anything to do with pressure derived altitude, I was | going down a rat hole and had to edit that several times. | And it can be painfully confusing e.g. the failure flag | for pressure altitude aka baro altitude in ADS-B speak | failure is called NICbaro but has no relationship to the | GPS NIC (Navigation Integrity Category) value. And | depending on the system some of the GPS | accuracy/reliability metrics are just hard coded, and the | ones that really matter like NACp are derived from the | GPS and SBAS reception. | | John Wiseman does _great_ stuff with ADS-B Out data. | | Also for pilots/aircraft owners/A&Ps: The FAA PAPR | (Public ADS-B Performance Report) | https://adsbperformance.faa.gov/PAPRRequest.aspx provide | a summary of their aircraft's ADS-B performance, | including all the broadcast GPS quality metrics and any | reported failure flags etc. The PAPR system will email | out the PDF report. The owner/pilot/A&P can reply to that | email and request a Google Earth/kmz and Spreadsheet/CSV | data for that flight showing all the received ADS-B | transmissions including all those accuracy/reliability | metrics. Interesting stuff and very useful for diagnosing | problems with ADS-B Out installations. So sensitive | you'll might see say NACp degrade as an aircraft banks | steeply because the GPS antenna now has a view of fewer | GPS satellites. Installations in most (non- | experimental/non-light sports) aircraft effectively | require use of PAPR to formally validate a new | installation is working correctly. It's a good thing for | owners to also just periodically check their aircraft's | ADS-B performance using PAPR. I suggest just before and | after each annual inspection for GA/light aircraft. | simonjgreen wrote: | Also worth noting that the datum used to translate from | pressure to altitude switches at the transition threshold, | usually 18,000ft, from actual local ground pressure | (supplied by ATC in all initial contacts) to 29.92 Hg. | ssaannmmaann wrote: | I went down a rabbit hole by clicking on | globe.adsbexchange.com :) | yread wrote: | I guess they got a lot more precise with implementation of | Reduced Vertical Separation Minimum (RVSM) - planes had to be | separated by 2000 ft and this was reduced in early 2000s to | 1000ft | ceejayoz wrote: | It was probably fairly precise already. To get their license, | a private pilot must demonstrate via a checkride the ability | to stay within 100 feet of an assigned altitude, even in a | steep turn. | wkipling wrote: | Not quite how it works. | | These are the instruments we are referring to not the | ability of pilots. In fact in RVSM airspace the autopilot | must be used. | | Instruments must be very accurate given the reduced | separation in RVSM airspace. Often on modern aircraft | multiple altimeters are compared and voted to provide a | single output provided to the displays and autopilot. | ceejayoz wrote: | That's missing the point. | | If a human can manage to keep it within 100 feet of a | desired altitude, an autopilot most certainly can; it | didn't require new technology in the 2000s. Autopilots in | the 1960s/1970s weren't seesawing all over the skies. | sokoloff wrote: | RVSM is overwhelmingly about instrumentation accuracy and | precision, not pilot capability. [0] | | The pressure difference between 5K MSL and 10K MSL at | standard conditions is 14.6 kPa. | | The pressure difference between 30K MSL and 35K MSL at | ISA is 6.3 kPa. | | For a given amount of aircraft-to-aircraft variability in | their precision altitude sensing equipment, the resulting | difference in actual altitude is more than double in RVSM | airspace than in the lower altitude range above. | | _That 's the reason for RVSM_: there is less change in | pressure with change in altitude, coupled with a very | busy altitude range (such that controllers would have an | operational need to pass traffic overhead with only | vertical separation rather than being able to use | vectoring to achieve lateral separation between | aircraft). | | It's not a linear relationship, but if I take an airplane | with a 0.75 kPa absolute error in one direction and pass | traffic with a 0.75 kPa absolute error in the other | direction 1000' indicated above them, at low altitude, | that 1.5 kPa total error is a little over 500 feet while | IFR-IFR separation is 1000 feet minimum outside of RVSM. | (These aircraft would likely be right on the border of | passing a non-RVSM static system check.) | | If I take those same two aircraft into the mid flight | levels and pass one over the other at 30K and 31K feet, | the total error is around 1200 feet, which is why non- | RVSM aircraft cannot be separated by 1000 feet in RVSM | airspace, because you don't know that they'll miss each | other. | | Improve the accuracy and precision of the static system | and improve the examination criteria, making the airplane | RVSM-capable, and now you can pass that traffic over each | other at 1000' of indicated separation and be sure | they'll miss. | | [0] - There is a pilot training requirement, which is | focused on knowing the rules for RVSM and does not | involve a checkride. | ceejayoz wrote: | Still missing the point. | | You're talking about getting different aircraft to agree | between each other. | | The post upthread expressed surprise at an aircraft | maintaining a steady altitude to within tens of feet. | That's been a thing for many decades. | sokoloff wrote: | I think you're at least partially missing the point. | | For autopilots servo'd to pressure altitude, holding | altitude to within 0.02 kPa _is more difficult_ than | holding altitude to within 0.05 kPa or to within 0.30 kPa | (which is roughly the private pilot checkride standard | as-tested). | | Modern autopilots are actually better at holding altitude | to a very tight tolerance than ancient, analog | autopilots. Both can hold standards well within the PPL | ACS. | Dylan16807 wrote: | > holding altitude to within 0.02 kPa is more difficult | than holding altitude to within 0.05 kPa or to within | 0.30 kPa | | "more" difficult is obviously true, but the difficulty of | holding an altitude is only a small part of the overall | difficulty of RSVM. | | In other words, RSVM is much more about accuracy than | precision, and the claim was that planes were "probably | fairly precise already". The reason they needed upgrades | was to improve the accuracy, not so much to improve the | precision. | BWStearns wrote: | For small planes a 20-30 foot range isn't abnormal for hand | flying if you're paying attention. I'm sure in cruise an | airliner is using an autopilot though. | | I once had ATC ask if everything was cool on flight following | after a hundred foot drop and I was surprised they were paying | that much attention. I had forgotten to put my life jacket on | before a water transit and while I was putting it on handed it | off to my wife who hadn't taken lessons yet (she later got her | license!). It was interesting to see that their tracking was | precise enough for them to chime in. | svag wrote: | When I am on a flight and the flight does not provide the | flight information, I am using the OsmAnd, https://osmand.net/, | to monitor the flight altitude, speed and direction. | GuB-42 wrote: | I have read somewhere that so much precision could actually be | dangerous in some circumstances. | | This is because this way, if a pilot goes 3000 ft for instance, | it will be exactly 3000 ft, if another pilot also wants to go | 3000 ft on a collision trajectory, it will be a guaranteed | collision. When altitudes are not that accurate, there is a | higher chance it being just a near miss. The solution, I think, | was to simply avoid round numbers. So now, it is 2950 ft, 3050 | ft,... | | I may have the details wrong, but I am quite sure about that | problem being seriously considered. | _moof wrote: | Yes, it's called the navigation paradox, and it mostly came | about with the advent of GPS. It's the reason we now have | what's called "strategic lateral offset procedure," or SLOP, | whereby aircraft on heavily trafficked oceanic routes fly | zero, one, or two miles off the centerline, randomly chosen. | darkerside wrote: | This is really interesting. But it seems like it could make | collisions more likely, and the better solution would be | separate corridors for east vs west traffic. Are there | really 5 bidirectional lanes? | _moof wrote: | It's a bit more complicated than that. The routes I'm | talking about are the North Atlantic Tracks, which are | used for most traffic between North America and Europe. | There are multiple tracks and SLOP is used within each | track. All of the tracks run in the same direction at the | same time, switching directions twice a day. They go | eastbound at night, westbound during the day. SLOP is a | mitigation to prevent aircraft in sequence on the same | track from colliding. There are, of course, many other | systems and procedures in place to prevent such | collisions, but it's belt-and-suspenders up there. | spixy wrote: | how is it any better when 2 opposite planes choose same | 2950ft? | Dylan16807 wrote: | It's not. But now that's half as likely. Several choices | are even better. | wesapien wrote: | What software did you use to do the visuals? I want to try this | out. | jamesbvaughan wrote: | I used chart.js [0], but I don't necessarily endorse it - it's | just what I knew how to use quickly. I usually try to keep my | posts free from javascript, and could have used a different | tool that gives me SVG data or images. | | You can see the code that's generating these charts here: | https://github.com/jamesbvaughan/jamesbvaughan.com/blob/main... | | [0] https://www.chartjs.org/ | fer wrote: | I belive this is OPs flight if anyone wants to compare plane data | with ADS-B one. | | https://www.flightaware.com/live/flight/SWA2340/history/2023... | schoen wrote: | Conceivably, the ADS-B data source might be the same as the | data source for this API, at least in that they might be | calculated from the same instruments and flight systems. | fer wrote: | Potentially, but altitude and speed data on ADS-B are | constrained to just 11 bits (+ 1 bit dedicated to the | resolution: 25 vs 100-feet increments). | | So while I believe the data source is the same, one can see | quantization artifacts when comparing both signals. | jamesbvaughan wrote: | That is the flight. This is a cool idea - I wish I had thought | of it! | ardit33 wrote: | It is just 8 bucks for the full service... just buy the internet | bro. It is actually pretty good. | s3p wrote: | You're not understanding the point of the comment. The Flighty | team did some amazing engineering work for anyone who _doesn | 't_ pay. | catiopatio wrote: | > amazing engineering | | Background updates are a built-in, supported, documented | feature, widely employed by applications on the platform, and | accessible to anyone that reads the two pages of | documentation required to use them: | | "Pushing background updates to your App -- Deliver | notifications that wake your app and update it in the | background." | | https://developer.apple.com/documentation/usernotifications/. | .. | | _edited for politeness_ | teaearlgraycold wrote: | Why is that toxic? | catiopatio wrote: | A cognitive filter that misrepresents reality is toxic. | [deleted] | teaearlgraycold wrote: | That's how all thought works. | tomrod wrote: | I build AI/ML systems. I think delivering digital content | through alternative pipes is _amazing work_. It has | applicability far beyond simple aerospace wifi paywalls. | catiopatio wrote: | > _I build AI /ML systems._ | | What's the relevance? | | Push notifications aren't some odd "alternative pipe" and | conveying data via push notifications is a known and | supported use-case. | turquoisevar wrote: | I don't know what you have against Flighty but you through | considerable lengths in the thread below to spend time on | letting everyone know how unimpressed you are about their | efforts. | | Your lack of amazement is duly noted, I suggest you don't | waste any more time on it. | | That said, I, like others, _are_ indeed impressed for a | couple of reasons. | | For starters because of the simple fact that they've found | a novel way to use background notifications to provide | users without unrestricted internet access with flight | updates. | | Contrary to what you imply, and subsequently fail to | substantiate, there aren't many, if any, other apps that | use background notifications in such a novel way, certainly | not in a way to circumvent restrictions and limitations on | data connections. | | Moreover, I have never seen background notifications being | used to push concrete data to apps. This is because there | are severe payload size constraints on notifications, | including background notifications. | | Typically when background notifications have been used, it | simply contains an instruction to download data from a | remote server, something that wouldn't work on a limited | connection. | | Instead, Flighty uses the minimal payload size to push the | actual concrete data used by the app. | | Additionally there are some limitations in how often a | background notification gets delivered to the tune of a few | times per hour, worse yet, delivery of these notification | is inconsistent because it's beyond the app's control of | they get delivered at all. | | To account for this, Flighty will use the background | notifications to update the data where it can and make | estimations in times it cannot not until the next time it | can receive an update. | | I'd go as far as call that amazing engineering. | | You might not and I don't know your qualms with Flighty, | but you're doing a poor job of convincing people to see it | your way. | catiopatio wrote: | You're right, I see that as embarrassingly trivial. This | whole thread is inane -- if using a simple API is | "amazing engineering", what do you call the actual | amazing engineering you're holding in your hand right | now? | | I have nothing against Flighty -- this has nothing to do | with Flighty. Background notifications are trivial and | _all_ apps can and should be using them to solve this | type of problem. It's detrimental to have folks | mistakenly operating under the belief that this is | complex, unusual, or difficult. | | Sure, the payload size is limited, but it's not | impossibly small, and custom keys with arbitrary payload | are explicitly and obviously documented as supported. | | Overly-effusive praise doesn't do anyone any favors. | mynameisvlad wrote: | They're using push notifications in a novel way to provide | the app the necessary information to update itself without | needing to be connected to the full internet. That's quite | a bit beyond "They're using push notifications" and no | other app does that AFAIK. Almost all will use the push | notification _as a notification_ and trigger an update on | app open which would fail. | catiopatio wrote: | Tons of apps do that. It's a built-in, supported use- | case! | | It's also the trivial, obvious approach to anyone who | asks the question "how can I push data to the application | when it's not running." | mynameisvlad wrote: | Give me one example, then. Of an app which _uses a | notification as an actual app data source_ and not just | as a notification which opens the app. And which also | updates the primary app view to reflect this new | information. | | No other app has updated its app state based on the | content of notifications. Slack/Discord/Teams et al (the | ones that aren't allowed on free messaging plans) will | show you previously cached messages and then an infinite | spinner when you open it. Fastmail/Gmail/Outlook et al | will show you existing emails but not load the new ones. | | _Could_ other apps do this? Surely. _Do_ they? No. | catiopatio wrote: | _Slack /Discord/Teams_? Those are desktop web | applications hosted via Electron. Failing to leverage | basic platform functionality is practically their telos. | | It's a trivial, documented, supported, long-standing API | for a common use-case. It is widely used, as documented, | for its intended purpose. | | I cannot share information about specific applications. | mynameisvlad wrote: | Uh, all those apps have mobile counterparts. | | > I cannot share information about specific applications. | | So you don't have an example of an app using such a basic | and widespread feature? Ok. | catiopatio wrote: | A mobile webapp is still a webapp, and "I cannot share" | does not mean "I do not have". | | You're the one with an extraordinary claim here -- that | applications aren't using such a basic, documented, | widespread feature. | | It's patently silly and I have no idea why you're so | self-assured in your ignorance. | constantly wrote: | No one is asking for a survey of apps that do this. | You're making the claim that it's far from rare, so you | have enough knowledge to make this claim. Share with us | the smallest piece of your knowledge by naming one single | other app that does this. It's the least you can do since | you're making the claim. Please, I'm very curious! | s3p wrote: | I'm curious as well. | catiopatio wrote: | Why? | | Do you genuinely believe it's uncommon for applications | to leverage this useful, trivial, long-standing platform | API for its intended and explicitly documented purpose? | | I can't imagine why you'd believe that, but another | commenter already provided the requested single example | up-thread. | nickf wrote: | I really think you've missed the point. Opening any of | those apps after receiving the notification _requires_ a | network connection to then update. It's not done via the | push notification itself. I have never seen that happen | in my experience. Flighty does, hence why it's deemed | clever. | catiopatio wrote: | I have not missed the point. | | Background notifications can and do carry arbitrary | application data, and are used to update the application | state in the background. | | This is their intended purpose, it's what they're | documented to do, it's how Apple intends them to be used, | and it's common application behavior. | | This is literally a plainly documented feature of the | platform. It's not clever or unique or unusual -- it's a | simple feature that Apple specifically documents. | | I cannot even begin to fathom why people are confused | about this, and it's truly mind-boggling that this has | required a thread at all. | | Slack/Discord/Teams are non-native applications that do | not leverage the platform's support for updating | application state via notifications. That does not mean | the use of background notifications is unusual or rare. | It is not. | TehShrike wrote: | Podcast players like Overcast use push notifications to | learn about new episodes of podcasts that should be | downloaded in the background. Presumably text-based RSS | readers do the same. | Gormo wrote: | Where are the push notifications originating from? Does | Overcast have a cloud service that polls the RSS feeds | and then sends the notification? I use AntennaPod on | Android, and it definitely doesn't do anything like that | -- the feed list is stored locally, and the feeds are | polled locally. | interestica wrote: | What other apps do this? | el_benhameen wrote: | Sure. But you're on a site called "Hacker News". I'm not sure | that there's a more perfect topic of discussion for a site with | that name. | renewiltord wrote: | [flagged] | el_benhameen wrote: | I think the spirit of the comment was "here's an | interesting technical question" versus "how can I get eight | bucks of free shit". | lapetitejort wrote: | "Wait, why did my Amazon account get banned?" | capableweb wrote: | Or: Hey, why did my AWS production server for my startup | suddenly go down and I cannot access my account anymore? | [deleted] | jstarfish wrote: | Hahaha. Reminds me of a savings "hack" my brother once | shared at the dinner table with a straight face: | | Just take any adhesive label off of the "clearance" meat at | the supermarket, and apply it to the cut you wanted to buy. | Instant savings! | [deleted] | arcanemachiner wrote: | We've come full circle. | | https://www.youtube.com/watch?v=HmZm8vNHBSU | acka wrote: | "Oh no, not again..." quoted from (not stolen, not | infringing any copyright because of fair use) from The | Hitchhiker's Guide to the Galaxy by Douglas Adams. | | This nonsense has to stop. Copying a movie, or using the | internet on someone else's plan is not piracy is not | theft. | | Quoting from memory from my old Webster's dictionary | which I have owned since I was a student a long time ago: | | Theft: The act of taking property and removing it so that | the rightful owner is no longer in possession of it. | | Piracy: the practice of attacking and robbing ships at | sea. | | Equating copyright infringement or violation of terms of | service with theft or piracy is completely unwarranted | messing with definitions of terms that have served their | purpose for centuries. | | Worse yet, the abuse of these terms in recent times | misdirects people's attention away from the underlying | flaws: artificial scarcity and the inability to enforce | restrictions on use; you can not steal data (unless you | steal the physical medium the data is stored on) nor can | you pirate a service. | | Making unauthorized copies or violating the terms of use | of a service may be deemed objectionable but these | actions are most certainly neither theft nor piracy. | pmarreck wrote: | This is probably the least-intelligent comment on this | entire page. I would literally buy downvotes to bury this | obnoxious stupidity into oblivion. | | There's a _significant_ contextual, moral and ethical | difference between "exploring a lock" and "opening it and | stealing whatever it's holding from you". | | Also, you're another one who apparently needs to read the | domain name of this site aloud to yourself again. | renewiltord wrote: | > _I would literally buy downvotes to bury this obnoxious | stupidity into oblivion._ | | How much will you pay me to delete it? I can send you an | Ethereum address. | pmarreck wrote: | If you really think the folks here do this to save a few bucks, | you both 1) don't realize what the average pay of people here | is, and 2) are completely tone- and context-deaf. | | Look at the domain name of the site you're posting on and _read | it out loud._ FFS dude. LOL | dang wrote: | We detached this subthread from | https://news.ycombinator.com/item?id=37691621. | dheera wrote: | Tomorrow it'll be 8 bucks to drink water, 8 bucks to use the | bathroom, ... | | Yeah, you can argue internet isn't a necessity. Neither is the | bathroom, you can use a poo bag and a diaper. But we're a | civilized society. So we provide bathrooms to anyone that needs | them. And internet access. | zeroonetwothree wrote: | This seems like a poor slippery slope argument. It's not as | if charging for internet is new, it's been what? 20 years? | And yet they still don't charge for water | dheera wrote: | Checked bags, carry-on bags, and meals used to be free, and | they are all now not free. | | There are budget airlines outside the US that are charging | for water (which I think is unethical IMO, since people | avoiding drinking water could lead to an increase in | medical emergencies). | jrms wrote: | Still | Martinussen wrote: | Is that an American thing? Absolutely paying for the water | here. | Gormo wrote: | And public restrooms seem to be paywalled everywhere in | continental Europe too -- not sure about the airlines, | since I usually fly US carriers, but every restaurant or | shopping mall I visited in Italy, Germany, and the | Netherlands required a euro or so to enter the toilet. | I've never seen a pay toilet anywhere in the US. | dheera wrote: | On the other hand, my experience has been that a lot of | toilets in US are "customers only" for males but free for | females | ShadowBanThis01 wrote: | On planes? Seriously? Where? | mvdwoord wrote: | Recently on a 3 hour flight with ROM air I had to pay for | water... not even a single glass for free. | | Was quite shocked. | dheera wrote: | Not only that but at the Beijing airport there were no | water refill stations and the bottle of water I bought at | the airport POST-security was confiscated upon boarding. | Fortunately I was boarding an airline with free water, | though. | gruturo wrote: | Lufthansa, or Luftwaffe as I call them due to the... | military kindness they often display. | | No food and no water. Most recent data point: April 2023, | Standard Economy (not Basic Economy). International, 4.5 | hours flight (Germany to Tenerife) (and back). The flight | had a LH code, although operated by Eurowings which | according to Wikipedia is a wholly owned subsidiary of LH | (https://en.wikipedia.org/wiki/Eurowings). | hocuspocus wrote: | The speed unit looks more like knots than mph. | jamesbvaughan wrote: | Good catch! I'm not very familiar with knots - what | specifically makes the speeds here look like knots to you? | | edit: Updated the article. Thanks! | KolmogorovComp wrote: | Airline planes never use mph but only knots. | mjpa86 wrote: | Was on a UK flight last week, was told speed in mph. Pilots | etc might use knots but if the data is for passengers, mph | is more likely | capableweb wrote: | Well, most airlines. I think both China and Russia already | switched to SI units (so km/h), and supposedly ICAO | recommends using km/h but there is exception for using | knots and there is also no end date to stop using knots, so | everyone just continues to use knots. | seabass-labrax wrote: | It's not that they 'already switched', but rather that | early Russian aircraft had used the metric system for | instruments and China acquired much of their early | aircraft from the USSR. | | In the West, it was well into the 50s before knots became | conventional. Many (but not all) British and American | aircraft used miles per hour, and most of non-communist | mainland Europe used the metric system. I am not aware of | whether there was some agreement to choose knots, but by | the 60s almost all western aircraft had instruments in | knots and nautical miles. | [deleted] | jamesbvaughan wrote: | That makes sense. | | One reason I think it could be MPH despite that is because | some of the other data seems like it's been processed so | that it doesn't need to be transformed any further on the | client side before using it in the UI, and the UI displays | the speed in MPH. | | If I were still on the flight, I could just compare the | numbers in these payloads to the MPH number in the UI and | confirm. | mulmen wrote: | Based on the lat/long of your destination and the | coordinates of the plane I believe the distance and speed | actually are in miles and mph: | https://news.ycombinator.com/item?id=37694487 | hocuspocus wrote: | Your ground speed plot hovering around 500 mph would be ~800 | km/h which is oddly slow for an airliner, unless you were | facing strong headwinds the entire way. | | The nautical mile is historically the common unit for marine | and air navigation. | scatters wrote: | Clarification: a knot is one nautical mile per hour. | JoeAltmaier wrote: | Isn't it 1.15mph? | | https://www.metric-conversions.org/speed/knots-to-miles- | per-... | jdsnape wrote: | Yes for statute miles, but it is also one nautical mile | per hour | toyg wrote: | nautical mile is 1.15 land mile. | chx wrote: | 487 miles per hour would only be 0.63 Mach which is very | slow. | | 487 knots would be 0.73 Mach which is much closer to the rule | of thumb 0.78 Mach cruise speed expected. | | https://krepelka.com/fsweb/learningcenter/aircraft/flightnot. | .. (and yes, it's a simulator but it's still good for real | world) | mulmen wrote: | Mach is a product of altitude and we only have ground speed | so we'd need weather information and heading to compare. | hocuspocus wrote: | Sorry it seems I was completely wrong, it's MPH, your ground | speed was on the slow end: | | https://www.flightradar24.com/data/flights/wn2340#322ad9f6 | kvmet wrote: | Knots are typically used for aviation. Also different planes | have their own optimal speeds for efficiency that the | airlines aim for so if you know the airframe you can derive | what they are most likely targeting. You can also compare the | value to the filed flight plan and see if it is similar. | dclowd9901 wrote: | Knots are used for aviation, but this data looks like it's | being consumed by the in-flight UI, and most _people_ are | not familiar with knots in terms of speed. Indeed, using | the UI shows MPH vs. knots. My money is this speed being | mph. | dclowd9901 wrote: | I don't think so. When you use the portal, it displays speed in | MPH -- I highly doubt there's some knots->mph converter in the | frontend code. | mulmen wrote: | I have been on (international?) flights where the in-flight | display gave me a choice. It may still be done on the backend | but doing that kind of conversion in the UI is at least | arguable. | jandrese wrote: | I'm not so sure. The same data packet claims that the flight | has 2h 25m of flight time left to cover 1167 miles. That works | out to 483 mph, which is pretty close to the stated 487 and | might be explained by some padding added to the time to account | for taxiing. | | Unless that 1167 figure is in a different unit it doesn't even | come close to working out at 487 knots ground speed. | mulmen wrote: | Coming at this another way: | | The blog says the destination was Oakland. The Oakland | International Airport is at 37deg43'17''N 122deg13'15''W. The | data packet also contains the current lat and long of the | flight as 40.201 and -100.755 respectively. Plugging that in | to a distance calculator [2] gives 1163 miles, 1010.6 | nautical miles, or 1871.6km. So the distance value of 1167 | appears to be miles. | | At 487mph covering 1163 miles would take 2.3963039014 hours | or ~2h23m. If the speed is knots then it would be | 2.08233112598 hours or ~2h5m at 560.4296mph. So mph makes the | most sense given an estimated time of arrival of 2h25m. | | So I think you are right, the distance appears to be miles | and the speed MPH. This makes sense for an in-flight | infotainment system on a US domestic flight. | | The difference between 1167 and 1163 can probably be | explained by the fact that the plane is 6.5 miles in the air | traveling at 8 miles per minute and we don't know update | interval or if the distance is in the air or on the ground. | | [1]: https://geohack.toolforge.org/geohack.php?pagename=Oakla | nd_I... | | [2]: https://www.omnicalculator.com/other/latitude-longitude- | dist... | extraduder_ire wrote: | You have to descend and wait for landing clearance when you | approach the airport, adding track miles. | | The two units are confusingly close to each other though. | mulmen wrote: | The plane is probably following a flight path and not an | actual straight line as well. | [deleted] | hocuspocus wrote: | My bad, you're right | https://www.flightradar24.com/data/flights/wn2340#322ad9f6 | apendleton wrote: | ... I mean, it could be in nautical miles, no? | [deleted] | H8crilA wrote: | You can also get an SDR (a $50 RTL-SDR will do) and listen to | your own plane's ADS-B signal. For visualization you can use | tar1090. Private Flightradar24. | | With the same SDR you can also listen to the ATC comms, as well | as see ACARS messages. It's a bit tedious to listen to ATC and | your own pilots, but you'll know exactly why your plane is | delayed. | gslepak wrote: | Why don't all the images load in Firefox? | jackconsidine wrote: | Love the spirit of this article. The author could have Git- | scraped [0] this info! | | https://simonwillison.net/2020/Oct/9/git-scraping/ | jamesbvaughan wrote: | This is cool - thanks for sharing | TheHappyOddish wrote: | For those not in (I presume) the US, "Southwest" appears to be | the name of an airline. I was disappointed to find out this | wasn't a puzzle to solve when only travelling in a specific | direction, but still an interesting read. | RagnarD wrote: | I have to wonder if some eager LEO would try to find some | illegality in this, especially given all of the federal laws | around aircraft. Obviously it's innocuous, but I'd think twice | about writing about this kind of tinkering for that reason. | Thaxll wrote: | Reminds me how old and unsecure those system used to be, years | ago they would perform DNS queries but block most traffic, | meaning that you could get free internet by using DNS tunneling. | | Same for the movies on board, if they have some apps and not just | movies in front seat, you can use vlc, ffmpeg to download / watch | the movie without ads / interruption. | | When I was doing some digging they used a lot of Panasonic | solution and open source stuff such as squid cache, apache http. | | https://na.panasonic.com/ca/industries/avionics | amacalac wrote: | Reminds me of the time I dumped CANbus data off a Yamaha R1 bike, | made sense of the data, and displayed it on a bunch of charts. | | Interesting data like Accelerator Handle position, you can figure | out how much a rider is really cranking it, and how aggressive | they are riding. | jasonjayr wrote: | ... Which is precisely the data those data loggers you plug in | from insurance companies track to adjust/refine your rates | ..... | mikepurvis wrote: | Honestly, it seems pretty fair to me. If I'm a careful, | occasional driver, and the insurance company otherwise has no | way of knowing that, then they have to bill me like I'm | commuting every day in stop and go traffic, distracted by | podcasts and who knows what else. | | There will probably always be a "premium" market for no- | questions-asked insurance, but if the company can give me a | break on my rate based on my driving behaviours correlating | to a lower incident likelihood, I'll happily take that break. | Even better if such measures correspond to drivers across the | board adjusting their habits now that it hits them directly | in the wallet. | jasonjayr wrote: | At it's face, yea, it sounds fair, and the more data you | feed to the actuarial tables, the more accurately they can | identify the specific cost of insuring that driver. | | My concern is that it's a tragedy of the commons type | situation: this normalizes data surveillance. We have no | idea exactly what data the device is transmitting, and what | the insurance company will do with that data. Regulations | protecting this data are weak-to-non existent. | | With everyone's budget being stressed, people are quick to | trade a few dollars to sacrifice privacy, and then this | technology is being mandated everywhere. | mikepurvis wrote: | Fair, though given that manufacturers are already doing | this stuff anyway, it feels like a problem to be solved | with broader privacy legislation than by making good | drivers pay for the cost of bad drivers. | | On the other hand, I suppose I'm a bad person to make | this argument since I actually dislike personal | automobiles for a whole host of reasons, so I'd just as | soon get back my privacy by walking, cycling, and using | mass transit. | akira2501 wrote: | The majority of fatalities involve drugs or alcohol, they | often involve youth and speed, and occur at night. Many | insurance claims involve single vehicle accidents and | weather or other wear related damage. The most common two | vehicle claim is rear ending into a stationary vehicle, | where it's not particularly difficult to determine fault. | | Further, none of this matters all that much if you have a | straight liability only policy, since that's based on | liability of damages and not replacement property values. | | These devices make very little sense to me and I'd be | curious to know if anyone has any data that the presence of | these devices is having any impact whatsoever. | LesZedCB wrote: | I did one of those once and tried for three months to drive | really carefully. | | in Boston. | | it basically broke me and my driving sanity for 6+ months and | made me a really worse driver for a while, maybe | permanently?? and my rate basically didn't change at all. | mvkel wrote: | Love this kind of stuff. | MayeulC wrote: | Ah, interesting. I guess this could be used by UnifiedNLP: | https://f-droid.org/en/packages/de.sorunome.unifiednlp.train... | | Also, KDE Itinerary: | https://invent.kde.org/pim/itinerary/-/blob/master/src/app/S... | | I'm off pinging the relevant projects :) | bowsamic wrote: | What a waste of time | mavili wrote: | Almost a duplicate, but actually not: | https://news.ycombinator.com/item?id=37692832 | ggm wrote: | does anyone think the marginal cost of internet in flight may | drop to free? It's already commonly rolled up in J class seats. | sciencerobot wrote: | Just make sure to never send a PATCH request | jamesbvaughan wrote: | Considering how delayed that flight was, I'd have loved to be | able to PATCH the `dist_remain` field. | hackmiester wrote: | Here is how to get the equivalent data on a Delta flight. | $ curl https://wifi.delta.com/api/flight-data | jq % | Total % Received % Xferd Average Speed Time Time | Time Current Dload | Upload Total Spent Left Speed 100 448 100 | 448 0 0 5600 0 --:--:-- --:--:-- --:--:-- 5743 | { "timestamp": "2023-07-11T14:54:41Z", "eta": | "17:48", "flightDuration": 278, | "flightNumber": "DAL786", "latitude": | 39.723472595214844, "longitude": -97.1514205932617, | "noseId": "3879", "paState": false, | "vehicleId": "N879DN", "destination": "KPDX", | "origin": "KATL", "flightId": | "N879DN_SF_20230711121358", "airspeed": null, | "airTemperature": 24, "altitude": 33922, | "distanceToGo": 179, "doorState": "Closed", | "groundspeed": 442, "heading": -73, | "timeToGo": 174, "wheelWeightState": "Off" } | | And a fun snippet for you. $ curl -s | https://wifi.delta.com/api/flight-data | jq -r | '"https://maps.google.com/?q=", .latitude, ",", .longitude' | tr | -d '\n'; echo | https://maps.google.com/?q=40.5615234375,-101.2824478149414 | denvaar wrote: | What makes it so that you can only resolve the host | wifi.delta.com during a flight? | gsk22 wrote: | I assume the DNS server on the in-flight router is programmed | to resolve that hostname to some local device. | | Similar to how I can log into my ASUS router from my home | wifi by visiting asusrouter.com. | c7DJTLrn wrote: | It would be nice if you could send a POST request to open the | door if you want some fresh air. | hackmiester wrote: | I tried to change the flight level by PATCHing altitude, but | it seemed to require authentication. Oh well. | CamperBob2 wrote: | This sounds like a good way to meet some upset people with | expensive sunglasses shortly after you land. | [deleted] | jmharvey wrote: | It's not like that at all. The sunglasses aren't that | expensive. | hackernewds wrote: | after you land also open to interpretation | ComputerGuru wrote: | Maybe you can take risks like that, but I certainly can't. | I don't think anyone with my name or skin color would be | given the benefit of the doubt for even a moment. | foxhill wrote: | let me guess, you experience "random selection" events | more than the expected amount? | | apologies for joking. it must suck. | thomashop wrote: | Your comment made my day. Eye opening | queuebert wrote: | You probably can. I suspect airliner software is appallingly | insecure. | epse wrote: | Relies very strongly on simple airgapping. Can't do | anything to it if there's no wires in the direction you | want. Can't remotely hack if there's nothing antenna | connected that can talk to flight control. It has the | luxury of not needing to do the "limited RCE" that is a | modern web request | inopinatus wrote: | In the article above, in-flight wifi has an API reporting | position, altitude, and velocity. That is a feed from | avionics, which renders the claim of airgapped systems | essentially null. | hattmall wrote: | The plane has a transponder that reports this information | to the ground, ATC, other aircraft etc. The infotainment | server has a receiver that gets this data. Or in some | cases they instead pull it from a ground based service | via the internet. The transponder is not able to receive | signals, so it is air gapped. | inopinatus wrote: | A quick review of published information reveals this | claim as false. A typical airliner FMS feeds information | to IFE via gateway devices. The integration is intended | to be one-way. Airgapped they are not. | | Such analytical delusions are the first step on the road | to failing to adequately mitigate threats. As practiced | by "it can't happen here" school of fucking up. | | Fortunately, it seems far more likely that aircraft | system designers do not rely on any such assumption, and | practice defence in depth. There was a good talk at | DEFCON 22 by Phil Polstra on the matter. | aftbit wrote: | Documentation please? | inopinatus wrote: | The talk above is available online. | [deleted] | nucleardog wrote: | They could, for the sake of a ridiculous but clear | example, have a display hooked up to the avionics and a | camera hooked up to a separate computer which reads the | values. | | There are various ways of connecting systems while | physically guaranteeing one way data flow--a fiber optic | link with the transmitter removed from one end and the | receiver removed from the other is basically a less silly | "camera pointed at a display" and used in the real world. | | You could argue the exact semantics of "air gapped", but | for the discussion here that's accomplishing the same | thing. The fact that the passenger network has some | visibility into the avionics network is not, in and of | itself, any indication of an issue. | upwardbound wrote: | +1. Instead of saying "airgap" a term I've seen for what | you're describing is "data diode". | [deleted] | [deleted] | hk1337 wrote: | Someone will probably figure out how to send a request to | disable auto-pilot or turn off the fasten seat belt sign. | naikrovek wrote: | the airline industry is nowhere nearly as stupid as the | software industry with things like this. | | the communication between plane and wifi/entertainment | system, if there is any, is _almost certainly_ one-way. | likely, the wifi system providing this info is receiving | data from the flight systems and repeating it or | transforming it a bit and providing that. | | it would not surprise me at all if the flight attendants | have to program everything about the flight into the system | prior to departure each flight, and there is no | communication from the aircraft at all. | jpalomaki wrote: | "The computer network in the Dreamliner's passenger | compartment, designed to give passengers in-flight | internet access, is connected to the plane's control, | navigation and communication systems, an FAA report | reveals." [1] | | (I guess there's some kind of firewall, but we know that | those are not always perfect) | | [1] https://www.wired.com/2008/01/dreamliner-security/ | AdamN wrote: | Not a problem as long as you reboot your Dreamliner every | once in a while: https://www.theregister.com/2020/04/02/b | oeing_787_power_cycl... | eep_social wrote: | IIRC the in-flight infotainment systems are entirely | separate from the avionics control systems at the data | layer. I recall being told that in some cases even the | flight status is actually pulled from a 3p api service | rather than hooked into the onboard avionics. | | There could be some fuckery via shared power or other | non-data systems but that's probably beyond someone | sitting in a seat with standard laptop hardware. | hackmiester wrote: | If the latter was true, then "wheelWeightState" (and | others) would not work. But, they do work. | aftbit wrote: | The weight-on-wheels switch reports its in-the-air status | over ADSB. It errs in the direction of assuming in-the- | air, which was implicated in a near miss on the ground in | 2020 between two Air Canada flights[1][2] | | 1: https://www.tsb.gc.ca/eng/rapports- | reports/aviation/2020/A20... | | 2: https://www.youtube.com/watch?v=nj7nG6gJqsU | MBCook wrote: | Not necessarily. All this could be reported up to airline | HQ through the satellite link and then the IFE/customer | WiFi could be downloading it again to serve locally. | | That would prevent any need for direct connection between | the systems. | | Is that how it works? I doubt it. But it could be done. | chaps wrote: | Might be one way, but that doesn't mean you can't DDoS it | (by accident or otherwise). | pwillia7 wrote: | DELTE | fnord77 wrote: | Please stand by, a DHS agent will be with you shortly | skykooler wrote: | It'd be interested to make a little HTML page that can query | the api for each airline that exposes something like this and | give you an in-flight display on your laptop. | remram wrote: | You can use jq's string interpolation feature to simplify this: | $ curl -s https://wifi.delta.com/api/flight-data | jq -r | '"https://maps.google.com/?q=\(.latitude),\(.longitude)"' | hackmiester wrote: | Thanks! I was trying to figure this out but I didn't have | great Internet access (for some reason...) so I just hacked | it instead. | shortrounddev2 wrote: | In powershell Invoke-WebRequest | https://wifi.delta.com/api/flight-data | ConvertFrom-Json | | %{ | "https://maps.google.com/?q=$($_.latitude),$($_.longitude)" | [deleted] | bunabhucan wrote: | > "airspeed": null | | [nervously looks out window] | MBCook wrote: | That's just a sampling error. -NaN is when you get scared. | PNWChris wrote: | I have nothing insightful to add, I just want to say thanks for | posting this! | | I'm on a flight right now and just went to this URL. Sure | enough, it works! | | I know this information is available via the wifi portal's UI, | but a JSON blob just hits different. | | ``` | | {"timestamp":"2023-09-28T21:57:39Z","eta":"23:45","flightDurati | on":164,"flightNumber":"DAL992","latitude":47.4557876586914,"lo | ngitude":-111.73490905761719,"noseId":"3883","paState":false,"v | ehicleId":"N883DN","destination":"KMSP","origin":"KSEA","flight | Id":"N883DN_SF_20230928195737","airspeed":null,"airTemperature" | :null,"altitude":35273,"distanceToGo":13,"doorState":"Closed"," | groundspeed":499,"heading":95,"timeToGo":107,"wheelWeightState" | :"Off"} | | ``` | | Apologies for the JSON formatting, I'm on mobile. | eddieroger wrote: | Interesting how they chose to make more general `vehicleId` | instead of `planeId` or `tailNumber` or something. I wonder if | Delta's fleet includes other things that have matching APIs to | this one. I also wonder how much of their internal system | structure one could learn from the `flightId` if they knew | about other systems. It doesn't look like much beyond a | composite key of otherwise knowable data, but still | interesting. | blcknight wrote: | I doubt Delta made this. It's an official the shelf product | that can do ships, trains, planes, etc. | eddieroger wrote: | Valid point. It makes a lot of sense in that light instead. | mulmen wrote: | But they also have airplane/flight specific identifiers | like "flightNumber", "flightId", "noseId(?)" and | "airSpeed". Maybe vehicleId is part of a base class or | primary key somewhere and that abstraction is leaking. | MBCook wrote: | Those could apply to an air taxi service or something | using helicopters as well. | hackmiester wrote: | Hey, a train has airspeed. :) | mulmen wrote: | Heh, true. I deliberately left out altitude because this | is HN but you caught me anyway. | | Presumably a train's groundSpeed and airSpeed are the | same. If they diverge you have bigger problems than a | JSON schema. | | Is there a variant of this for ships? surfaceSpeed vs | seaFloorSpeed? | wasmitnetzen wrote: | A train can easily run in a head- or tailwind in the same | order of magnitude as its groundspeed. | skykooler wrote: | I've been tempted to mount a small anemometer to my car - | by subtracting the groundspeed from the measured | airspeed, one can get the wind speed and direction and | figure out whether there is a headwind or tailwind and if | so how strong. Theoretically this could be used to drive | more efficiently, though the extra drag from the | anemometer would probably cancel out any gains. | mulmen wrote: | Wow I got HN'ed twice in one thread. This is not my day. | temp365984365 wrote: | Well, ships have apparent wind vs real wind and apparent | course vs real course (currents and drift are a thing). | danjc wrote: | "Official the shelf" - that your new iOS 17 update helping | you out? ;) | inopinatus wrote: | Not all aircraft are planes. | CommieBobDole wrote: | As always, there's a relevant XKCD: | | https://xkcd.com/2170/ | not2b wrote: | But SouthWest will give you a much prettier display of that same | data (track your flight, see the current altitude and ETA, and a | lot more, like the plane's position on the map) without paying | for their WiFi. My guess is that they are using the same data | that article writer wrote a program to process. Essentially there | is one site you can visit for free and that's where it is. | samwhiteUK wrote: | Thank you. That answers the question I had which was, "why does | trying to get the portal page return a load of data about the | plane?" | jamesbvaughan wrote: | Yep, that's exactly right! They have a nice status page that | you can visit free of charge that visualizes this data. | | I chose to scrape it for a couple reasons: | | 1. I wanted see all of the data for the entire flight - that | status page only visualizes the current values. | | 2. It was fun! | fragmede wrote: | Plus there's no Internet. What're you going to do, read a | book? | coffeebeqn wrote: | I was on some US flight recently - maybe Alaskan airlines - and | they basically had a LAN box with movies and shows accessible | on wifi without internet access ___________________________________________________________________ (page generated 2023-09-29 23:01 UTC)