[HN Gopher] WiFi without internet on a Southwest flight
___________________________________________________________________
WiFi without internet on a Southwest flight
Author : jamesbvaughan
Score : 887 points
Date : 2023-09-28 15:42 UTC (7 hours ago)
(HTM) web link (jamesbvaughan.com)
(TXT) w3m dump (jamesbvaughan.com)
| pogue wrote:
| What browser or extension has Copy as cURL and all those other
| functions?
| idbehold wrote:
| Firefox
| system2 wrote:
| Inspect element (F12) > Network tab > when you refresh the
| screen check the header section to see the raw data. You can
| right click and copy curl or xor.
| jamesbvaughan wrote:
| All chromium-based browsers have it in the network tab of the
| dev tools
| [deleted]
| isodev wrote:
| Safari has it out of the box in the web inspector.
| alana314 wrote:
| chrome
| api wrote:
| Fun fact: ZeroTier works in most cases on in-flight wifi without
| logging in. I guess they usually allow UDP.
| TurkishPoptart wrote:
| Is this for connecting to a home device without paying for
| wifi?
| javier_e06 wrote:
| Fun fact: I used to work for a company that provided equipment
| and services for satcom. The price tier and license for airborne
| communication was higher and we had software calculating the
| speed and if the speed went over 300 m/hr or alike it will check
| your license features and expiration date. If you forgot to pay
| your bill, no wifi for ya! We did not use altitude for obvious
| reasons.
| macinjosh wrote:
| Pretty sure all these hacks and tips for getting free Wi-Fi
| aren't actually very legal. Sure the chances of getting caught
| are small, but you are also stealing connectivity someone else
| paid for by spoofing their mac address. Something, something,
| mucking about with an airliner even if its just the wifi could
| probably be twisted into some sort of federal aviation offense
| too.
| SirMaster wrote:
| I want to see someone build a proxy that uses the free iMessage
| or WhatsApp allowed connection to send arbitrary data.
|
| Like have a WhatsApp relay set up at home that you are sending
| messages to and from, from the plane.
|
| Like at a most basic level, send a message of a URL to your home
| WhatsApp which loads the web page there, and sends the HTML back
| as a WhatApp message reply so you can render it etc.
|
| Wonder what someone could all do and make work.
|
| _edit_ Guess someone made a TCP relay using WhatApp already,
| neat.
| youens wrote:
| I happened to have had a flight a day or two after the first
| beta of Apple's Private Relay a year or two ago. I was able to
| use free WiFi the entire flight. Presumably because whatever
| they whitelisted for iMessage and/or push notifications covered
| that as well. They had blocked it before my return flight days
| later. -\\_(tsu)_/-
| jackconsidine wrote:
| I see you found that TCP relay- I've been dying to try it but
| I've heard of people successfully using it
|
| https://github.com/aleixrodriala/wa-tunnel
| darknavi wrote:
| https://github.com/aleixrodriala/wa-tunnel
| vzqx wrote:
| I've noticed that airline wifi doesn't block DNS traffic. You
| can likely accomplish the same thing with a DNS tunnel like
| Iodine (https://github.com/yarrick/iodine).
| lazycouchpotato wrote:
| Many years ago, I noticed I could browse the Google Play
| Store on a flight WiFi without paying for it. No images would
| load and no apps would download, but I could browse through
| app listings and read reviews.
|
| Would this be related to DNS?
| owl57 wrote:
| Probably not. I bet something in Android didn't work
| properly until they whitelisted some Google domains -- for
| example, maybe it didn't detect the Internet connection
| when the user paid for it, or maybe something on the
| entertainment tablets broke (I don't know if they usually
| run Android or something else).
| bombcar wrote:
| Sometimes they just redirect ALL DNS traffic to their little
| portal until you sign in/up.
| munro wrote:
| I've always wanted to bring a lil router like a GL.iNet, pay for
| internet, then share it free for everyone on the plane hehe
| nunez wrote:
| This is how we get aircraft wifi with Meraki Air Marshall-like
| DDoS [0] for hotspots. Don't ruin it for us!
|
| [0] https://documentation.meraki.com/MR/Monitoring_and_Reportin
| g.... This basically detects any access points in a wireless
| network repeating a signal and automatically boots them. only
| works on 2.4GHz networks if I understand correctly.
| ilyt wrote:
| ... wouldn't that be a type of jamming and therefore illegal
| ?
| mike_d wrote:
| I used to do this on long flights, but most in flight providers
| have stopped trying to identify and shape specific protocols
| and now limit bandwidth purely by client. If you get a few
| people on all at once it thinks you are streaming video and
| throttles you.
| josu wrote:
| Why not just use the hotspot on your phone?
| MostlyStable wrote:
| I believe that you can't both simultaneously provide wifi
| hotspot and use wifi internet (at least, I couldn't on a
| phone several years ago last time I tried it). I think you
| can only do that if the network the phone is using is
| accessed via the cellular modem.
| Eavolution wrote:
| I absolutely can, that's how I connect my ps4 to my uni
| accommodation internet as it's mschapv2 or smth the ps4
| can't connect to. I know it's definitely using the wifi and
| not my mobile data as my data usage for the day is
| unchanged after I've downloaded a game.
|
| Cheap Chinese android phone from 2020 (or maybe 2021 can't
| remember).
| pests wrote:
| That used to be the case but it has changed now. Probably
| depends on the phone broadband chipset used.
|
| These days you can passthru your WiFi or even a wired
| connection (via USB to a connected PC or a Ethernet-to-USB
| adapter) via a Hotspot.
| ikjasdlk2234 wrote:
| You can on Android, and have for some time IIRC. This is
| how I get free wifi on my computer by passing it through my
| T-Mobile phone.
| mbesto wrote:
| Correct. My GL-E750 Mudi has a repeater function:
|
| https://docs.gl-
| inet.com/router/en/3/setup/gl-e750/internet/...
|
| My iPhone does not.
| yread wrote:
| We messed around on a recent KLM flight and what's interesting is
| that you get a DNS prefix of klm.com in DHCP (or some ms
| extension of it). The gateway has a name of www that allows you
| to access www.klm.com even though no name servers are accessible
| so DNS shouldn't work.
| the_mitsuhiko wrote:
| I added flight status on airlines I fly into my shell prompt from
| the wifi status. It's surprisingly fun.
| https://x.com/mitsuhiko/status/866601971565944832?s=46&t=xvV...
| atourgates wrote:
| I'm an Alaska (relatively) frequent flyer. That airline offers a
| free "messaging" plan, that lets you send and receive messages on
| apps like iMessage, Facebook Messenger and Whatsapp. Though, it
| somehow prevents images/attachments from coming through on those
| platforms.
|
| I've always wondered how this is implemented technically, and if
| it might be possible to setup some kind of protocol/wrapper to
| send data that looks like it's being sent over those protocols,
| but offers access to other parts of the internet.
| kayson wrote:
| I can't seem to find it, but there was a blog post on HN a
| while back about how someone set up a proxy to browse Wikipedia
| by sending and receiving WhatsApp messages. I'm sure you could
| extend that to be a web proxy.
| technothrasher wrote:
| Many years ago, when hotels first started having and charging
| for WiFi connections, I wrote a simple little tunnel using the
| DNS port back to my server. Since the hotels didn't block that
| port or even bother to check what traffic was going over it, it
| worked like a charm.
|
| I tried it on a trip to Tokyo and immediately got completely
| blocked. It took me a few minutes to figure out they'd
| blacklisted my MAC address. I changed the MAC of that interface
| and then behaved.
| someotherperson wrote:
| Reminds me of using VPNs in hotels in China some years ago.
| Traffic would work for a few minutes and then the Great
| Firewall kicks in, fingerprints the traffic as VPN and the IP
| address and the MAC gets blocked. I'd rotate the endpoint and
| the MAC address and get a few more minutes, rinse and repeat.
|
| I think I had to use Shadowsocks or something at the end to
| completely bypass it.
| superkuh wrote:
| Shadowsocks(-libev) is great. I use it in the USA with
| Comcast to prevent their MITM attacks on HTTP connections.
| tuetuopay wrote:
| some options:
|
| - attachments are likely stored in a different part of the
| infra than raw messages (like on some s3 bucket somewhere), so
| it's pretty easy to allow the WA/iMessage/Signal/Messenger API
| while blocking their CDN through dns blocking, ip range
| blocking, sni inspection, etc.
|
| - they cut the tcp connection once more than e.g. 1MB has been
| transferred. it would result in slightly degraded user
| experience (the message tcp stream needs to be periodically
| reopened), and may not be foolproof is apps are smart and
| resume the download where it failed instead of from the start
|
| I lean for the first option as it's both the simplest and most
| foolproof option.
| [deleted]
| sixstringtheory wrote:
| Could always send base64 data strings!
| danielfoster wrote:
| I've also wondered why Grindr but not Tinder works on the
| "messaging only" plan. Someone at Alaska must have had fun with
| that one.
|
| Flightaware.com also works, presumably because Alaska uses
| Flightaware for its tracking map.
| noahtallen wrote:
| > Flightaware.com also works
|
| Unfortunately, I couldn't get it to load on my Alaskan flight
| a few days ago on the free messaging plan. Maybe they've
| changed it
| 0_____0 wrote:
| Grindr is a logistics app, Tinder is entertainment :p
| phantom784 wrote:
| I'd suspect it kills TCP connections once a threshold of data
| has been transferred, and the threshold is enough to let text
| through but not enough for attachments.
| grishka wrote:
| Good luck doing that against Telegram. It would simply
| reconnect and resume the download where it left off.
| miki123211 wrote:
| Do they allow Telegram?
|
| If so, that would be the easiest, Telegram has a really good
| bot API.
| Karrot_Kream wrote:
| Many do but some don't. I wrote an HTTP Proxy for Telegram
| and it works fine for those situations but is very slow. I
| prefer using an NNCP proxy I wrote because the protocol
| doesn't have online liveness requirements.
| justapassenger wrote:
| I don't think they have any sophisticated solution for sniffing
| traffic. It's most likely simple firewall + deals with
| Apple/Meta. Many airlines offer basic Wi-Fi for messages
| nowadays, so it's very likely that big tech developed solution
| for it (especially, as they have initiative to do that, so
| their apps can work).
| organsnyder wrote:
| United wifi is similar. I've found that notifications work for
| most things, including my Home Assistant instance--they must
| all use the same Apple push service.
| atourgates wrote:
| I noticed the same on Alaska flying last weekend.
|
| As soon as I activated the "Free Messaging" service, I got a
| bunch of notifications from my Apple Home and Google Nest
| devices.
| snazz wrote:
| Yes, APNs (Apple Push Notification service) has to be
| allowed for notifications to come through from messaging
| apps and the network operator can't tell whether it's an
| allowed messaging app or any other kind of notification.
| mcast wrote:
| The scale of Apple's notification service must be pretty
| large. Granted, most notifications don't have strong SLA
| guarantees but I don't remember it having any downtime
| either.
| Klonoar wrote:
| They don't really make guarantees about the reliability
| of push notifications (IIRC), so it's unlikely you'd see
| anything about downtime unless it was sustained for some
| time.
| SirMaster wrote:
| On iOS all notifications have to use Apple's Push service.
|
| And the WiFi essentially has to allow the Apple push
| notification system entirely in order for iMessage to work
| fully the way people expect.
|
| So it's really a side effect. But yeah for example with the
| free iMessage connection on Southwest, I can see all the
| notifications come in on Discord, but of course I cannot
| connect within the discord app to actually load all those
| messages. I can only read them as they come in as push
| notifications.
| Xeamek wrote:
| >On iOS all notifications have to use Apple's Push service.
|
| Have to? Isn't there an option to send 'offline'
| notification? I mean, coming from the app itself, rather
| then external callback? With that, app could ommit the
| official way of using Apple Push service, no?
| SirMaster wrote:
| Well, apps can only "run in the background" for up to 10
| minutes.
|
| So sure, an app can generate a notification popup itself,
| but it's pretty limited as it won't be able to generate a
| notification after being backgrounded for more than 10
| minutes.
|
| And the 10 minutes is also only if the app is designed to
| extend the duration as long as possible. Normally it
| would get cut off after 1 minute.
|
| So because of this it seems that in the vast, vast
| majority of cases apps choose to send their notifications
| from the Apple Push notification service.
| WirelessGigabit wrote:
| Yea but those mean the app has to be running. The main
| advantage of Apple's Push is that the app can be put to
| sleep and only wake up when you tap a notification.
| dheera wrote:
| IP-over-Facebook. So that's what the world has come to ...
| alexfoo wrote:
| https://news.ycombinator.com/item?id=33568994
| toast0 wrote:
| I used to work at WhatsApp (until the end of 2019) on many
| things, including special pricing (aka zero rating); we did not
| work with airlines, and would not have participated in a
| project where messages and attachments where treated
| differently.
|
| That said, technically there's two pretty easy ways to do it
| for WhatsApp traffic, and then there's the way I suspect
| they're doing it...
|
| a) chat runs on different ips than attachments; always has,
| most likely always will (other than some transitional HAProxy
| at the old hosting when nearly everything had been moved to the
| new hosting).
|
| b) WA chat is not HTTPS (or even TLS) and attachments are. Chat
| also cycles between different ports, so you could just block
| port 443 and be good.
|
| c) I actually suspect, based on poking around a little that
| it's mostly just killing connections that use a lot of data.
| Maybe in combination with some other things. Being on a plane
| doesn't really put me in a debug the network kind of mood, so I
| never got to the bottom of it, but I'd regularly be able to
| make short connections to my home network while on the
| messaging plan, at least when this stuff was new. OTOH, I think
| I recall being able to connect through the WA VPN while on a
| plane on the messaging plan, but that was when we had a
| publicly available, but not publicly linked list of IP
| addresses on our website; I have no doubt that DPI vendors had
| that list.
| dgellow wrote:
| > WA chat is not HTTPS (or even TLS)
|
| If you don't mind, could you expend on this? Are there
| specific reasons to not be using TLS?
| toast0 wrote:
| I should probably refer you to the encryption whitepaper
| [1], but the basics are that Chat uses the Noise Protocol
| rather than TLS. All things being equal, the security
| properties are about equivalent, however all things aren't
| equal. The Noise handshake is smaller than the TLS
| handshake, and Noise doesn't have extraneous features
| WhatsApp doesn't use. Additionally, at the time of Noise
| adoption, TLS lacked a means for 0-RTT data (now available
| with TLS 1.3 Early Data), which meant using TLS would have
| added at least one round trip; possibly two, depending on
| which TLS library used. [2] You _can_ use TLS without
| x.509, but it 's not very common; avoiding x.509 was a
| definite plus.
|
| I wasn't much involved in anything on the chat channel, and
| I didn't do any implementation work on Noise, but I did
| some later prototype work with it, and if I recall
| correctly, it had much simpler framing than TLS as well;
| although maybe that was mostly TLS options getting me down
| --- the SNI header has 9 bytes of overhead, 5 of which are
| lengths, Noise didn't have anything like that as I recall.
| Do you really two bytes of versioning on every application
| data packet, like TLS has? I'm not sure you really need a
| type indicator byte either, context says you're sending a
| handshake packet initially, and then application data after
| that, but I'm pretty rusty on this now, so maybe there's a
| justification.
|
| For users paying for internet by the byte, every byte
| counts. For users on networks with large delays, every
| round trip counts. For attachments, it's less critical (if
| your data access costs were high, you could configure
| attachments not to load) and that infrastructure was always
| built around http(s), so while there would have been an
| efficiency improvement to move that off https, it would be
| hard to justify the engineering time; especially post the
| move to FB infrastructure with its CDN that was easily
| configured for our attachments. OTOH, chat never ran on
| TLS, so adopting Noise vs adopting TLS was a choice we
| could consider, and we picked the best solution for us.
| Unfortunately, it's pretty easy to identify Noise vs TLS
| --- OTOH, the service IPs are already identifiable, so a
| little more blending on the protocol level wouldn't help
| much.
|
| [1] https://www.whatsapp.com/security/WhatsApp-Security-
| Whitepap...
|
| [2] Also using system TLS libraries is fraught with peril.
| It's fine, but not super great, for http, but using it for
| a custom binary protocol is going to be terrible. You'll
| need to debug all of the edge cases that the system https
| library doesn't hit, and will then have to craft
| workarounds that just work, even if you can't reliably
| identify the underlying versions because Android OEMs do
| weird stuff.
| dgellow wrote:
| Thanks for the answer, I didn't expect that much details!
| jedberg wrote:
| We didn't use TLS at Netflix either, and instead used our
| own encryption protocol that ran on top of HTTP. We could
| do this because we controlled the clients too.
|
| The why was because of trust store issues. Every device has
| its own built in trust store, and especially on devices
| like TVs and DVD players, they couldn't be updated. After
| looking at all the devices we supported, there was no
| common certificate signer amongst all of them.
|
| This meant that we would either have to get multiple SSL
| certs signed by different parties (some of which weren't
| all that secure) and present the right one depending on
| your device type, or we could just roll our own over HTTP.
| So we chose the latter.
| toast0 wrote:
| Yeah, at WA we didn't have too much of a problem with
| trust store issues; although we did do extensive testing
| when we switched CAs. We did have to deal with the end of
| SHA1 certs though, I think we were able to get all of our
| clients to use sha2, but some of the platform browsers
| couldn't; and then we had to fiddle with our TLS server
| to send sha2 certs to some clients and sha1 certs to
| others.
|
| Of course, there's not really very useful client
| identification in the TLS Hello, so you have to kind of
| guess who needs what. If we had to use different CAs for
| different clients, it would have gotten a lot harder,
| because it's not like we could rely on clients filling
| out SNI either. So then you need to get more ips for each
| service. I do recall needing to do that a little, but we
| only needed a single 'legacy' group that was useful for
| everything that couldn't manage the modern certs.
| Sohcahtoa82 wrote:
| > Every device has its own built in trust store, and
| especially on devices like TVs and DVD players, they
| couldn't be updated.
|
| Was creating your own certificate authority and pinning
| it in the app not an option?
| toast0 wrote:
| Bringing your own trust store to system https libraries
| is not often supported. Especially when you get into
| kinds of embedded environments Netflix supports. You also
| might not have the capability to bring your own TLS
| library either. If it's a limited environment, you might
| only get reasonable performance if you use the system
| ciphers, and they may not be exposed as primitives, and
| x.509 parsing takes up a lot of code space in the likely
| event that you've got limitations there too.
| jedberg wrote:
| In most environments you have to use the built in
| libraries for network connectivity, so you have to use
| their trust stores. Also space is very limited for the
| client, so you can't just put everything into it.
| [deleted]
| blapp wrote:
| It's based on the Noise Protocol Framework in the outermost
| layer, which encrypts a compressed XMPP stream. The end-to-
| end encryption is done within various XMPP message payloads
| using the Signal Protocol, which encrypts message data
| serialized using Protocol Buffers, with different formats
| depending on the message type (text, image, video, sticker,
| etc).
| [deleted]
| dannyfritz07 wrote:
| Google Voice always works for me too FYI.
| gouggoug wrote:
| I've been wondering the same.
|
| I wonder if they just do some rudimentary packet inspection and
| drop packets above a certain size. My thinking being that short
| text messages result in very small packets, while large images
| will result in many large packets. Dropping large packets is
| most likely OK. I'd need to test this hypothesis by sending a
| very large text message (resulting in many large packets)
| teeray wrote:
| Time to implement IP over FB Messenger
| falcor84 wrote:
| Absolutely. And I'll just put this here for anyone who's
| looking for inspiration:
|
| https://www.rfc-editor.org/rfc/rfc2549
| c7DJTLrn wrote:
| You could try iodine, which is an IP-over-DNS tunnel. This
| should work unless the gateway has very restrictive rules on
| where DNS traffic can go.
|
| https://github.com/yarrick/iodine
| jedberg wrote:
| Most captive portals have gotten wise to this trick and block
| large DNS requests.
| TRiG_Ireland wrote:
| I've come across wifi zones which allow normal web browsing,
| WhatsApp messaging (including pictures), but not WhatsApp
| calls. I saw it first in Hollyhead Port while waiting for a
| ferry. WhatsApp threw up an error message saying that calls
| were disallowed by the wifi network.
| aabhay wrote:
| So so surprised that nobody has found out the hack for free
| wifi on alaska flights. (At risk of losing awesome free wifi)
|
| 1. Open browser with iOS user agent and ios sized h/w. 2. Click
| on t-mobile free wifi link 3. Enter _any_ t mobile number you
| may know.
| dag11 wrote:
| Hi fellow Alaska frequent flier.
|
| So about that! There's this iOS app called Flightly that does a
| brilliant little hack where the app updates itself in (almost)
| real time on the "free messaging" plan. The way it works
| (according to a friend) is that their servers send your phone a
| push notification every couple of minutes from take-off until
| landing, containing some serialized info such as
| lat,long,alt,eta,etc. And then the app immediately swallows the
| notification and deserializes its content without you ever
| seeing it. The notification works because in order for Alaska
| to give you notifications at all for your messaging apps, it
| needs to give you access to _all_ push notifications as they
| all get sent over an encrypted connected through Apple's server
| and it can't pick and choose which apps' notifications it lets
| through.
|
| I've often wondered if it'd be possible to pipe any sort of
| internet over notifications but I'm not sure if e.g. inline
| responses are viable, and also that'd probably be heavy enough
| usage of push notifications I'm sure it's violate someone's
| TOS.
| el_benhameen wrote:
| I've always wondered why I get slack and email notifications
| when I'm on a Southwest flight with free messaging without
| paying for wifi. You've finally solved my mystery!
| xeromal wrote:
| This reminds me of a web browser years ago that would use MMS
| to transfer web pages to the user without using internet
| service. This was in the early days. I think it was a Java
| app for the Motorola razor IIRC
| lupire wrote:
| Does that work on Android? I've never seen a non-authorized
| notification in a Chat or Mail app on a flight.
| keanebean86 wrote:
| I had an idea to use Facebook messanger as a proxy.
| Specifically to use the cheap messaging plan on a cruise ship
| for real internet access. My home computer would be a gateway
| that monitors fb and fetches/returns websites. I never even
| tried because it just sounds like a violation of multiple
| ToSes. Not to mention message size limitations, throttling,
| my fb messages being pages of encoded text, etc.
|
| I feel like it would need to work like Opera mini to maybe be
| usable. Even then interactions would be uncomfortably slow.
|
| https://en.m.wikipedia.org/wiki/Opera_Mini
| ddalex wrote:
| Check out https://github.com/aleixrodriala/wa-tunnel tunnel
| over whatsapp
| interestica wrote:
| > There's this iOS app called Flightly
|
| I guess it's Flighty (https://apps.apple.com/us/app/flighty-
| live-flight-tracker/id...)
|
| I love that people are into this. In the days before iPhones,
| I had "Microsoft Streets and Trips" + a USB GPS unit +
| Laptop. It was fun having it on a flight and seeing movement
| data in realtime. It was less fun answering questions from
| people who thought looking at the GPS data was somehow
| nefarious.
| zikduruqe wrote:
| I used to do that also.
|
| Way before cellphones, I'd bring my 2m radio on the plane
| and make contacts on simplex. That was fun to throw your
| callsign out and say "aeronautical mobile".
| geostupid wrote:
| Ha! I've used a high-end GPS to see my location and other
| fun facts in flight. I learned to keep it in my pocket as
| despite my attempts to explain it was only a receiver, I
| was told by the flight attendant to "PUT IT AWAY." Not
| being one to push back as to be removed for that flight, I
| did just that.
|
| Streets and Trips was fun on a laptop for long car drives
| as you could live reroute in the car much like any old app
| can do these days but seemed somehow magical back then.
| joezydeco wrote:
| FAs can be really strange about that kind of stuff, not
| just out of ignorance.
|
| My kid liked to suction cup his GoPro to the window to
| take a time lapse movie of the flight and one FA told him
| he had to take it off the window because he was, and I
| quote: "modifying the structure of the aircraft and
| that's not FAA-approved".
| wolverine876 wrote:
| I would guess that the flight attendant is doing their
| job. They do not have the authority or expertise to risk
| the airplane based on their own analysis, or based on
| some random passenger's explanation. The clearly correct
| solution is to remove the device and then there is no
| risk to the plane. I expect they are strictly required to
| respond that way and have no leeway.
| buildsjets wrote:
| There has been a lot of debate in the aviation
| maintenance community regarding the legality of attaching
| gopros etc. to aircraft with suction cups. Someone
| eventually wrote to the FAA chief counsel and asked.
|
| "Another consideration, in the case of this type of
| equipment, is the applicability of the term "alteration".
| FAA Order 8110.3 7E, defines an alteration as "a
| modification of an aircraft from one sound state to
| another sound state". The use of suction cups, or other
| temporary methods of attachment (not including permanent
| mechanical attachments to the aircraft), would not be
| considered a modification to the aircraft."
|
| https://mypilotpro.com/wp-content/uploads/2020/05/FAA-
| Camera...
|
| But still, the aircraft is the the airline's property,
| not yours. If they tell you not do something to it, you
| don't get a choice in the matter.
| interestica wrote:
| > installation of external mounts
|
| That memo is about attaching it externally. Attaching it
| to an internal window is probably a non-issue.
|
| I once had a security agent ask me to prove a GoPro was a
| camera because they didn't understand how there could be
| no screen or viewfinder. It was most frustrating because
| this was an area where they would have encountered it
| many times (lots of scuba divers).
| edrxty wrote:
| Had this happen to me with some duct tape and a
| malfunctioning strobing light next to me on a red-eye.
| I'm an aircraft builder but she didn't want to hear my
| explanation about how TSOs and the FARs work. I just
| waited until they stopped paying attention.
| bunabhucan wrote:
| Probably just didn't want kid spit on the window.
| dgellow wrote:
| Really hoping someone implements this, it's the funniest
| project idea I've seen in a while :)
| adrr wrote:
| Push notifications have background notifications that are
| used to update apps while they aren't loaded. We used them
| update our catalog/home screen on shopping app, its makes the
| app feel much more responsive when they open the app and
| content instantly appears instead of waiting for some API
| calls.
|
| https://developer.apple.com/documentation/usernotifications/.
| ..
| hackernewds wrote:
| so why would I use this Flightly app? seems it delivers
| messages all the same?
| ardit33 wrote:
| It is just 8 bucks for the full service... just buy the
| internet bro. It is actually pretty good.
| s3p wrote:
| You're not understanding the point of the comment. The
| Flighty team did some amazing engineering work for anyone
| who _doesn 't_ pay.
| catiopatio wrote:
| > amazing engineering
|
| Background updates are a built-in, supported, documented
| feature, widely employed by applications on the platform,
| and accessible to anyone that reads the two pages of
| documentation required to use them:
|
| "Pushing background updates to your App -- Deliver
| notifications that wake your app and update it in the
| background."
|
| https://developer.apple.com/documentation/usernotificatio
| ns/...
|
| _edited for politeness_
| teaearlgraycold wrote:
| Why is that toxic?
| catiopatio wrote:
| A cognitive filter that misrepresents reality is toxic.
| [deleted]
| tomrod wrote:
| I build AI/ML systems. I think delivering digital content
| through alternative pipes is _amazing work_. It has
| applicability far beyond simple aerospace wifi paywalls.
| catiopatio wrote:
| > _I build AI /ML systems._
|
| What's the relevance?
|
| Push notifications aren't some odd "alternative pipe" and
| conveying data via push notifications is a known and
| supported use-case.
| mynameisvlad wrote:
| They're using push notifications in a novel way to
| provide the app the necessary information to update
| itself without needing to be connected to the full
| internet. That's quite a bit beyond "They're using push
| notifications" and no other app does that AFAIK. Almost
| all will use the push notification _as a notification_
| and trigger an update on app open which would fail.
| catiopatio wrote:
| Tons of apps do that. It's a built-in, supported use-
| case!
|
| It's also the trivial, obvious approach to anyone who
| asks the question "how can I push data to the application
| when it's not running."
| mynameisvlad wrote:
| Give me one example, then. Of an app which _uses a
| notification as an actual app data source_ and not just
| as a notification which opens the app. And which also
| updates the primary app view to reflect this new
| information.
|
| No other app has updated its app state based on the
| content of notifications. Slack/Discord/Teams et al (the
| ones that aren't allowed on free messaging plans) will
| show you previously cached messages and then an infinite
| spinner when you open it. Fastmail/Gmail/Outlook et al
| will show you existing emails but not load the new ones.
|
| _Could_ other apps do this? Surely. _Do_ they? No.
| catiopatio wrote:
| _Slack /Discord/Teams_? Those are desktop web
| applications hosted via Electron. Failing to leverage
| basic platform functionality is practically their telos.
|
| It's a trivial, documented, supported, long-standing API
| for a common use-case. It is widely used, as documented,
| for its intended purpose.
|
| I cannot share information about specific applications.
| mynameisvlad wrote:
| Uh, all those apps have mobile counterparts.
|
| > I cannot share information about specific applications.
|
| So you don't have an example of an app using such a basic
| and widespread feature? Ok.
| catiopatio wrote:
| A mobile webapp is still a webapp, and "I cannot share"
| does not mean "I do not have".
|
| You're the one with an extraordinary claim here -- that
| applications aren't using such a basic, documented,
| widespread feature.
|
| It's patently silly and I have no idea why you're so
| self-assured in your ignorance.
| constantly wrote:
| No one is asking for a survey of apps that do this.
| You're making the claim that it's far from rare, so you
| have enough knowledge to make this claim. Share with us
| the smallest piece of your knowledge by naming one single
| other app that does this. It's the least you can do since
| you're making the claim. Please, I'm very curious!
| s3p wrote:
| I'm curious as well.
| catiopatio wrote:
| Why?
|
| Do you genuinely believe it's uncommon for applications
| to leverage this useful, trivial, long-standing platform
| API for its intended and explicitly documented purpose?
|
| I can't imagine why you'd believe that, but another
| commenter already provided the requested single example
| up-thread.
| nickf wrote:
| I really think you've missed the point. Opening any of
| those apps after receiving the notification _requires_ a
| network connection to then update. It's not done via the
| push notification itself. I have never seen that happen
| in my experience. Flighty does, hence why it's deemed
| clever.
| catiopatio wrote:
| I have not missed the point.
|
| Background notifications can and do carry arbitrary
| application data, and are used to update the application
| state in the background.
|
| This is their intended purpose, it's what they're
| documented to do, it's how Apple intends them to be used,
| and it's common application behavior.
|
| This is literally a plainly documented feature of the
| platform. It's not clever or unique or unusual -- it's a
| simple feature that Apple specifically documents.
|
| I cannot even begin to fathom why people are confused
| about this, and it's truly mind-boggling that this has
| required a thread at all.
|
| Slack/Discord/Teams are non-native applications that do
| not leverage the platform's support for updating
| application state via notifications. That does not mean
| the use of background notifications is unusual or rare.
| It is not.
| TehShrike wrote:
| Podcast players like Overcast use push notifications to
| learn about new episodes of podcasts that should be
| downloaded in the background. Presumably text-based RSS
| readers do the same.
| interestica wrote:
| What other apps do this?
| el_benhameen wrote:
| Sure. But you're on a site called "Hacker News". I'm not
| sure that there's a more perfect topic of discussion for a
| site with that name.
| renewiltord wrote:
| Fair enough. Here's another hack: if you're visiting a
| Whole Foods in a different part of the country, you can
| pocket small items and walk through the self-checkout if
| you're dressed decently. Pay for some bigger items that
| are cheaper and just put the expensive chocolate in your
| jacket. You won't get caught.
| el_benhameen wrote:
| I think the spirit of the comment was "here's an
| interesting technical question" versus "how can I get
| eight bucks of free shit".
| lapetitejort wrote:
| "Wait, why did my Amazon account get banned?"
| capableweb wrote:
| Or: Hey, why did my AWS production server for my startup
| suddenly go down and I cannot access my account anymore?
| [deleted]
| jstarfish wrote:
| Hahaha. Reminds me of a savings "hack" my brother once
| shared at the dinner table with a straight face:
|
| Just take any adhesive label off of the "clearance" meat
| at the supermarket, and apply it to the cut you wanted to
| buy. Instant savings!
| [deleted]
| arcanemachiner wrote:
| We've come full circle.
|
| https://www.youtube.com/watch?v=HmZm8vNHBSU
| acka wrote:
| "Oh no, not again..." quoted from (not stolen, not
| infringing any copyright because of fair use) from The
| Hitchhiker's Guide to the Galaxy by Douglas Adams.
|
| This nonsense has to stop. Copying a movie, or using the
| internet on someone else's plan is not piracy is not
| theft.
|
| Quoting from memory from my old Webster's dictionary
| which I have owned since I was a student a long time ago:
|
| Theft: The act of taking property and removing it so that
| the rightful owner is no longer in possession of it.
|
| Piracy: the practice of attacking and robbing ships at
| sea.
|
| Equating copyright infringement or violation of terms of
| service with theft or piracy is completely unwarranted
| messing with definitions of terms that have served their
| purpose for centuries.
|
| Worse yet, the abuse of these terms in recent times
| misdirects people's attention away from the underlying
| flaws: artificial scarcity and the inability to enforce
| restrictions on use; you can not steal data (unless you
| steal the physical medium the data is stored on) nor can
| you pirate a service.
|
| Making unauthorized copies or violating the terms of use
| of a service may be deemed objectionable but these
| actions are most certainly neither theft nor piracy.
| pmarreck wrote:
| This is probably the least-intelligent comment on this
| entire page. I would literally buy downvotes to bury this
| obnoxious stupidity into oblivion.
|
| There's a _significant_ contextual, moral and ethical
| difference between "exploring a lock" and "opening it
| and stealing whatever it's holding from you".
|
| Also, you're another one who apparently needs to read the
| domain name of this site aloud to yourself again.
| pmarreck wrote:
| If you really think the folks here do this to save a few
| bucks, you both 1) don't realize what the average pay of
| people here is, and 2) are completely tone- and context-
| deaf.
|
| Look at the domain name of the site you're posting on and
| _read it out loud._ FFS dude. LOL
| dheera wrote:
| Tomorrow it'll be 8 bucks to drink water, 8 bucks to use
| the bathroom, ...
|
| Yeah, you can argue internet isn't a necessity. Neither is
| the bathroom, you can use a poo bag and a diaper. But we're
| a civilized society. So we provide bathrooms to anyone that
| needs them. And internet access.
| zeroonetwothree wrote:
| This seems like a poor slippery slope argument. It's not
| as if charging for internet is new, it's been what? 20
| years? And yet they still don't charge for water
| dheera wrote:
| Checked bags, carry-on bags, and meals used to be free,
| and they are all now not free.
|
| There are budget airlines outside the US that are
| charging for water (which I think is unethical IMO, since
| people avoiding drinking water could lead to an increase
| in medical emergencies).
| jrms wrote:
| Still
| Martinussen wrote:
| Is that an American thing? Absolutely paying for the
| water here.
| ShadowBanThis01 wrote:
| On planes? Seriously? Where?
| mvdwoord wrote:
| Recently on a 3 hour flight with ROM air I had to pay for
| water... not even a single glass for free.
|
| Was quite shocked.
| dheera wrote:
| Not only that but at the Beijing airport there were no
| water refill stations and the bottle of water I bought at
| the airport POST-security was confiscated upon boarding.
| Fortunately I was boarding an airline with free water,
| though.
| gruturo wrote:
| Lufthansa, or Luftwaffe as I call them due to the...
| military kindness they often display.
|
| No food and no water. Most recent data point: April 2023,
| Standard Economy (not Basic Economy). International, 4.5
| hours flight (Germany to Tenerife) (and back). The flight
| had a LH code, although operated by Eurowings which
| according to Wikipedia is a wholly owned subsidiary of LH
| (https://en.wikipedia.org/wiki/Eurowings).
| amalcon wrote:
| This reminds me of the old tools that tunnel more or less
| whatever over DNS. I.e. behind the scenes, the tool would
| look up "base64encodedpacket.domainyoucontrol.example.com",
| and it would respond with encoded data going the other way.
| This is because captive portal WiFi often permitted DNS to
| pass through unimpeded, for various reasons.
|
| I always appreciated the hack, even though I could never
| bring myself to use it due to the obvious cache pollution
| problem on the various DNS servers.
| fragmede wrote:
| Also Internet over ICMP, for when captive portals used to
| let those through.
| godelski wrote:
| On my recent United flight, where they had the same policy I
| was sending image messages to friends through Signal. But it
| was rather slow, so my best guess is rate limiting.
| hot_gril wrote:
| I always assumed they have a whitelist of
| iMessage/Whatsapp/whatever IP addresses. It doesn't seem to
| work for all messaging apps in general.
| gsich wrote:
| SNI or IP lists.
| aantix wrote:
| Hussein Nasser covered this. His videos are great.
|
| How Airline WIFI allows Texting but not Media in
| WhatsApp/iMessage
|
| https://www.youtube.com/watch?v=AYSxxO2yZp8
| matsemann wrote:
| How does that fly (pun intended) with regards to net
| neutrality?
|
| Where I live, some mobile operators gave you "unlimited
| streaming" in their data plan, but only for certain popular
| services (spotify, youtube, netflix basically). Since this
| would make it harder for others to disrupt the big ones, it was
| quickly forbidden.
| mdasen wrote:
| In the US (I believe) Net Neutrality basically died. Even
| before that, it was allowed to zero-rate categories of apps
| (like messaging). That might be coming back now that the FCC
| has 5 commissioners again and can reinstate Net Neutrality.
|
| However, even with reasonably strict neutrality, this is
| still possible. Many mobile carriers zero-rated streaming
| services here, but unlike your operators they'd do it for any
| streaming service. It was pretty easy for any streaming
| provider to sign up. They'd basically give the operator the
| IP ranges they'd be streaming from and the operator would
| just zero-rate data to those IP ranges (and they'd usually
| apply bandwidth throttling to around 1.5Mbps so that you'd
| only get 480-720p video). The key is simply not
| discriminating between providers within a category.
| dehrmann wrote:
| This is the situation where net neutrality falls over
| because there's very often more demand, even at 1.5Mbps for
| a stream, than an airplane's link can provide.
| haswell wrote:
| Airlines, coffee shops and similar entities providing
| Internet as an ancillary service were not subject to
| these rules when they were in effect.
|
| The rules primarily target ISPs selling directly to
| customers.
| dehrmann wrote:
| It also fails for mobile data and large crowds. Try
| checking your email at a concert.
| RulerOf wrote:
| I always enable my 5G when I get into big crowds and it
| usually fixes that problem, assuming service is
| available.
|
| I usually keep it off otherwise though because average
| bandwidth tends to be better on LTE in my experience.
| Dylan16807 wrote:
| On an airplane in particular, you can set the limit lower
| for everything, and that doesn't violate neutrality.
| MostlyStable wrote:
| So many people seem to think that Net Neutrality
| disallowed _any_ kind of network management, when it
| simply disallowed service provider level preference. You
| can, under net neutrality, throttle _all_ video content,
| if you want to, you just can't only throttle YouTube and
| not Netflix (for example.
| haswell wrote:
| When the rules were still active, net neutrality did not
| apply to coffee shops, airlines, etc.
|
| > _52. Finally, we decline to apply our rules directly to
| coffee shops, bookstores, airlines, and other entities when
| they acquire Internet service from a broadband provider to
| enable their patrons to access the Internet from their
| establishments (we refer to these entities as "premise
| operators"). These services are typically offered by the
| premise operator as an ancillary benefit to patrons ...
| Although broadband providers that offer such services are
| subject to open Internet rules, we note that addressing
| traffic unwanted by a premise operator is a legitimate
| network management purpose._ [0]
|
| It seems like a reasonable distinction: if you're letting
| someone else use your Internet connection, it's your
| prerogative to block things that you don't want on your
| network.
|
| - [0]
| https://docs.fcc.gov/public/attachments/FCC-10-201A1.pdf
| (page 31)
| HWR_14 wrote:
| Other people have suggested it's done by limiting the size of
| the data transmitted to make the connection only useful to
| text messages, possibly resetting the connection regularly.
| If so, it would in fact comply with both the principles of
| net neutrality and any laws I know of. You could create
| matsemann's text service as long as it also used small
| amounts of data it guessed could only be used for text.
| hot_gril wrote:
| Is net neutrality even law anymore? T-Mobile has had Binge on
| for a long time, which zero-rates certain video streaming
| services. And part of that was even under the old net
| neutrality laws.
| burkaman wrote:
| Net neutrality is the law in California, but T-Mobile says
| Binge On is ok because any video streaming service can
| participate for free. It sounds reasonable to me and
| apparently the California regulators are fine with it.
| hot_gril wrote:
| I'm fine with it, but that also clearly violates net
| neutrality, so it doesn't seem to be the law here.
| burkaman wrote:
| Here's the California law: https://en.wikipedia.org/wiki/
| California_Internet_Consumer_P.... T-Mobile Binge On is
| zero-rating. T-Mobile's claim is that they aren't getting
| paid for it, and that any video provider can participate,
| so they aren't only zero-rating "some content in a
| category". It sounds like that second part isn't true, so
| they are probably violating the law but nobody is being
| harmed so nobody has sued.
|
| I agree that allowing any form of zero-rating is not full
| net neutrality because it isn't treating all packets the
| same, but I don't think it's fair to say that therefore
| there is no net neutrality in California. It's a very
| strong and effective law and gets like 95% of the way to
| full "dumb pipe" net neutrality.
| bombcar wrote:
| Some states implemented their own versions of net
| neutrality.
| hot_gril wrote:
| Gotta disable in-flight messaging while flying over
| certain states ;)
| technothrasher wrote:
| No, but the now Democratic majority at the FCC is currently
| actively trying to bring it back.
| toast0 wrote:
| Binge On doesn't fall under strict net neutrality, but they
| are at least publicly open to all lawful and licensed
| content audio/video providers, and the technical
| requirements are not very high. I don't know what the
| actual onboarding process is like, but they've got a lot of
| providers signed up...
| hot_gril wrote:
| https://www.t-mobile.com/tv-streaming/binge-on/apps-
| list.htm... doesn't list all that many providers if we're
| talking about all video streaming services worldwide. I
| notice a large one under the gaming category missing,
| Twitch.
| toast0 wrote:
| I think they've got to be licensed for US customers, or
| T-Mobile USA isn't going to include them. Twitch does
| seem to be a notable missing provider; Amazon video is on
| the program though, so maybe there's some technical or
| product thing on Twitch's side.
| hot_gril wrote:
| Even US-only. Broadcast networks category is especially
| slim. They've anticipated this kind of scrutiny and claim
| no money is exchanged, but idk. Someone should try adding
| a random obscure service.
| RandallBrown wrote:
| Probably 10-15 years ago when wifi on airlines was still pretty
| brand new I remember a fun hack for free Internet that involved
| Google Translate.
|
| Because the wifi landing pages used Google Analytics, they
| allowed traffic through from many of the Google domains. You
| could then go to Google translate and translate the website
| from English to English and use it as sort of a proxy server to
| get free Internet.
| smegger001 wrote:
| You could probably have used googels cache to read arbitrary
| pages as well.
| noman-land wrote:
| This hack often works today to get around paywalls.
| spike021 wrote:
| I'll probably show my age, but around 15 years ago I was in
| high school and they blocked most websites as well. This
| "hack" using Google Translate was how some of us got around
| the blocklist for many things. It was nice because it didn't
| involve having to install anything special or try to change
| configurations that were probably monitored by library/school
| admin.
| demondemidi wrote:
| This is just the raw data from the in-flight GUI. Is that it?
| What am I missing?
| teacpde wrote:
| Nothing, I believe this gets the upvotes simply because it is
| fun.
| warkdarrior wrote:
| > I didn't know what I'd do with the data at this point, but I
| started collecting it right away so that I'd have as much as
| possible to play with later.
|
| And people complain that everything everywhere collects data on
| everyone.
| mulmen wrote:
| The complaint is collecting data on _others_. Specifically the
| complaint is on others collecting data on _me_.
| cph123 wrote:
| I did something similar on an easyJet flight, I wrote a little
| Python script to save the altitude and speed data from the free
| WiFi. They have a cool 3D WebGL rendering of the plane in the air
| like Flight Simulator, but the satellite imagery was really low
| res.
| ejcx wrote:
| I have a similar program I run that does this stuff for United
| flights: https://github.com/ejcx/uwc/blob/master/uwc.go
|
| The code is horrendous but it has worked for years and I guess
| when I wrote it originally I didn't want to use a go struct for
| some reason?
| alexellisuk wrote:
| What did you use to create your graphics?
| jamesbvaughan wrote:
| I used chart.js [0], but I don't necessarily endorse it - it's
| just what I knew how to use quickly. I usually try to keep my
| posts free from javascript, and could have used a different
| tool that gives me SVG data or images.
|
| You can see the code that's generating these charts here:
| https://github.com/jamesbvaughan/jamesbvaughan.com/blob/main...
|
| [0] https://www.chartjs.org/
| punnerud wrote:
| Nice trick with the watch to download periodic: watch -n 30 "curl
| https://getconnected.southwestwifi.com/current.json | jq -c >>
| flight-logs"
|
| I often use crontab, but this looks easier for testing. Thanks.
| jamesbvaughan wrote:
| Yeah, if this were something that I wanted to leave running for
| more than the duration of a flight, I'd reach for cron, but a
| bash one-liner was perfect for this use-case!
| benbristow wrote:
| I've done something similar on trains in the UK before,
| specifically LNER (was Virgin Trains East Coast at the time but
| don't think the Wi-Fi solution has changed) trains. The icomera
| captive portal has an endpoint which returns the GPS coordinates
| of the train along with the speed. And some other endpoints for
| next stops etc.
|
| Once made a little React app that showed the train on a Leaflet
| map. Was a good waste of a few hours.
| billy99k wrote:
| I just took two delta flights in the US. The first had free Wifi
| through Tmobile. It marginally worked. It was just fast enough to
| view low-intensity websites and I was able to connect to my linux
| servers back home.
| userbinator wrote:
| I was expecting an article about a LAN party aboard a flight.
| notmysql_ wrote:
| Thats funny, I discovered the same thing a few months ago and
| built a CLI flight tracker[1] that uses the API. I've tried it
| across a couple of airlines and it worked almost perfectly across
| all of them, because they were all using the same in flight ISP.
|
| [1]: https://github.com/NalinPlad/OuterFlightTracker
| jamesbvaughan wrote:
| That's cool! I had wanted to make something similar, but I
| didn't have enough experience with making TUIs to build it
| without using the internet for reference during the flight. I'm
| glad to that it's been done though!
| notmysql_ wrote:
| Yeah, I was on a long flight home from a hackathon with some
| fellow programmers so it was fun to work on it together
| gs17 wrote:
| Glad someone looked into the flight tracker, I was always curious
| how real the data in it is.
|
| Although it doesn't answer my curiosity about how they manage to
| mess it up occasionally. I've had flight data from different
| flights pop up a few times on Southwest, which is never
| reassuring to see.
| grepfru_it wrote:
| If it's the panasonic inflight system, it receives flight data
| from the FMS. If the system does not receive flight data from
| the FMS then it will not be up to date. Your browser could also
| be retrieving old cached content.
|
| Basically there is nothing about this system to assure you,
| it's entirely a secondary data-delayed system that is not
| critical to flight operations and as such can be INOP at
| anytime and no one will care.
| flutas wrote:
| I honestly miss having to debug the racks at pana. But there
| were so many "what" level bugs with the systems.
|
| I remember DRM breaking multiple times for the IFE because
| they assigned the same IP to multiple devices.
| [deleted]
| mulmen wrote:
| Based on the current top comment those IPs may not have
| been _assigned_.
|
| https://news.ycombinator.com/item?id=37693293
| gs17 wrote:
| > Your browser could also be retrieving old cached content.
|
| No, these are flights I couldn't physically have been on.
| Sometimes it _is_ old content, but it 's for the flight the
| plane took previously and doesn't update.
|
| Here's an example of it happening to someone else:
| https://community.southwest.com/t5/Inflight-
| Experience/Fligh...
| luc_ wrote:
| this is such a wholesome nerd post. i love it.
| pjot wrote:
| I have an American Airlines flight in a few hours. Looking
| forward to see what kind of data I can find now
| cirrus3 wrote:
| Fun story =)
|
| Anyone else freaked out by that "time" format though? Seems like
| a strange choice, would have expected something more standard
| like ISO 8601 with timezone offset. "time": "Sun Sep 24 22:02:19
| 2023"
| jamesbvaughan wrote:
| I felt similar!
|
| My best guess is that whoever designed this system preferred to
| transform the time into a localized (based on the flight's
| location, I guess?) representation on the server so that they
| could drop it directly into the web UI without much client-side
| logic.
| hughes wrote:
| It looks like the default formatting used by `ctime`. Could be
| a clue about the underlying backend.
|
| https://cplusplus.com/reference/ctime/ctime/
| kristopolous wrote:
| On redeye international flights with exorbitant WiFi fees I'll
| admit to scanning for MAC addresses, get the top talkers, then
| come back later when ones been idle for like 15 minutes,
| presuming the person is asleep and change my mac to take the
| address and get online.
|
| I just did it for fun, ok fine.
| commandlinefan wrote:
| When my son was younger - maybe 9 or 10 or so, we were on a plane
| and he was using his phone and I looked over his shoulder and
| realized he was on the internet... but I hadn't paid for an
| internet plan. I said, "son, how are you using the internet?" He
| said, "oh, a kid at school showed me - if you go here" (he opened
| up the wifi settings where the DHCP assigned IP address is) "and
| start changing the numbers, eventually the internet will work."
| Apparently, at the time, on American Airlines, when somebody
| bought and paid for an internet plan, it gave them an IP address
| and authorized it to use the internet... if somebody else guessed
| your IP address (which was pretty easy, it was a 192.168 address)
| and spoofed it, they could take over your internet connection
| with no further authorization.
|
| I had to tell him not to do that, but I was kind of proud of him
| for having the temerity to go for it.
| iancmceachern wrote:
| Legend, your kid is a legend
| 1vuio0pswjnm7 wrote:
| The LAN here seems relatively small and fixed, i.e., the number
| of passengers on a flight is known and does not change during
| flight. The airline could easily assign a unique IP address to
| each seat (ticket) without using DHCP.
|
| This is in contrast to other instances of public Wifi.
| groby_b wrote:
| Good luck finding out which seat that _wireless_ connection
| is coming from, though :)
| quickthrower2 wrote:
| And probably 2 more simple steps to the credit card number of
| that paying customer.
| babypuncher wrote:
| A slightly more ethical solution, for those wondering, is SSH
| tunneling. A lot of gated wifi networks allow SSH traffic
| through without payment.
|
| I used to spend a lot of time at JFK back when they still
| charged for WiFi. I watched a lot of Netflix for free by just
| tunneling to my home network and connecting to my VPN server.
| logeist wrote:
| What does your son do now, if you don't mind me asking? That's
| the kind of stuff I was poking around with then add a year or
| two.
| commandlinefan wrote:
| Ha, he's a CS major at UT.
| pak9rabid wrote:
| lol, I used to do this all the time at non-free wifi hotspot
| locations, only I'd start off with a ping sweep of the entire
| subnet (nmap -sP) in order to get my ARP cache filled with a
| bunch of potential usable IP/mac addresses on the network. From
| there, I'd iterate through each one and set the IP & mac
| address until I found one that would let me through the
| firewall.
|
| Granted, being a NOC engineer at Wayport (now AT&T WiFi)
| certainly helped me understand how it all works.
| zikohh wrote:
| Recommended any blog posts?
| aeternum wrote:
| Yes the key to doing this more seamlessly is to spoof both
| the IP and the MAC so your machines are not constantly
| fighting with the other person over the ARP table entry.
| colanderman wrote:
| Aren't you then fighting the switch's port learning? Or
| RSTing each other's TCP connections?
| withinboredom wrote:
| Its wifi. You both just pick up the same frame when it is
| broadcast, then it sees two stations (a level below IP)
| with the same MAC. Most routers just don't care about
| that. (it's technically a valid edge case that two
| stations have the same mac address. It should be
| vanishingly rare in the wild ... but this is a practical
| example of why it isn't).
| richardwhiuk wrote:
| If there's multiple hotspots behind the same controller,
| you may well get switch port fighting.
| withinboredom wrote:
| If STP[1] is enabled, but that is unlikely since you'd
| have dropped connections when roaming for the reasons you
| just gave. Most likely, STP is not enabled on these
| networks.
|
| [1]: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol
| londons_explore wrote:
| Usually doesn't matter... The other person will get
| frustrated and disconnect and reconnect a few times, and
| finally give up and read a book...
| shredprez wrote:
| I typically just praise with upvotes, but I'm feeling
| grateful today: anecdotes like this one and gp are why I love
| hn
| sprokolopolis wrote:
| I used to do this on airplanes and in hotels. I had more
| success in hotels, because there was less chance the other
| person was using it at the time and less chance of getting
| kicked off.
|
| There was another little hack that I used as a little kid.
| Remember when airlines would sell or rent special headphones to
| watch inflight movies? The port was just two holes beside each
| other and the plug was two tubes. Before a flight, I would stop
| by one of the fast food places in the terminal and grab a
| handful of straws (preferably ones with a bendy joint). When I
| was on the plane I would connect the straws by fitting them
| into each other to create a long straw. Put one end into the
| port on and the other into your ear and you got free movies
| with audio!
| josh_carterPDX wrote:
| There used to be an app that would scan the ip and mac
| addresses on the network that were already connected to the
| internet. You could then change your settings to one of the mac
| addresses and when they were done you'd get the connection to
| yourself.
|
| I used to travel a lot for work and just refused to pay for
| WiFi. This was good in airports and coffeeshops when you still
| had to pay to connect.
|
| Now it's hardly needed, but I could see how it would be helpful
| where there's still a cost to connect.
| lukas099 wrote:
| Expect cops on your doorstep for CFAA violations by the morrow.
| lukas099 wrote:
| It was a joke.
| Eumenes wrote:
| 9-10 seems young to have a phone, smart kid though
| wferrell wrote:
| This is an amazing story. Thanks for posting.
| afterburner wrote:
| > for having the temerity to go for it
|
| Well, if he doesn't know there's anything wrong with it, it's
| not really temerity.
| kxrm wrote:
| A few years ago I was on a Southwest flight and had OpenVPN
| running because I forgot to turn it off. I was able to access
| the Internet through my tunnel without paying for access. I
| guess at the time they were only port blocking common ports
| (80, 443, 53 etc) if you didn't pay. They have since closed
| that hole.
| chankstein38 wrote:
| For this same reason you used to be able to send messages via
| platforms like whatsapp without internet as well! I don't
| remember the airline I just remember I hadn't paid for
| internet but I could message and do a few other things but I
| couldn't browse the internet.
| thedanbob wrote:
| That was probably deliberate. I flew United recently and
| they advertised free wifi for certain messaging apps, or
| you could pay to access more apps or the general internet.
| MostlyStable wrote:
| I also flew united recently and, in addition to the free
| messaging access, they also provided free access to the
| inflight entertainment, in case you wanted to watch it on
| your device instead of on the screen.
|
| I would have loved to take advantage of this since my
| wireless earbuds were significantly better than the wired
| pair I had. Unfortunately, a little pop-up warned me that
| this was not available on Android 13 devices. I was more
| than a little annoyed, but also curious as to why this
| might have been the case.
| xattt wrote:
| There was a report in the early to mid-2000s where
| someone got iChat AV to work, partly because it was
| fairly obscure and likely the network engineers didn't
| consider blocking it.
| alwayslikethis wrote:
| I flew United recently, and I was able to use the free
| messaging service for basically everything without any
| intervention from my part. It's just a tad slow. Not sure
| if it was intended or not.
| Kikawala wrote:
| It also worked on Alaska Airlines and American Airlines.
| smfjaw wrote:
| Love stuff like this, it's how kids get into computers. I used
| to make minecraft servers for my friends and I to play on when
| I was 12, which lead to a software engineering career. Sounds
| like you've got something similar on your hands
| KMnO4 wrote:
| I used to do the same thing at hotels. Still often works.
| nmap -sn 192.168.0.1-255
|
| To find everyone on the network, then start spoofing each of
| their MACs until you find one that works
| savrajsingh wrote:
| I should probably know the answer, but what happens when two
| devices have the same MAC address?
| commandlinefan wrote:
| No way to tell for sure, but I can only assume that he had
| actually hijacked somebody else's connection and the other
| person's device stopped working for them. I sure wasn't
| going to stand up and ask the plane if anybody had had
| their internet plan hacked...
| ahoka wrote:
| That's not how it works, but probably made someones
| browsing experience worse.
| _joel wrote:
| Buy a plan then clone the mac of that device, white hat
| it. Might have killed a bit of time (unless you needed
| sleep) :)
| AdamJacobMuller wrote:
| "it depends, nothing good"
|
| Network devices forward (switch, more technically) packets
| to and end device based on an internal MAC table (send
| packets for DE:AD:BE:EF to interface ge-0/0/0.0) and most
| devices populate their MAC table simply by looking at input
| packets and sending the "next" packet for that MAC address
| out the "last" received interface.
|
| If two devices in a network have the same MAC address, they
| will effectively "fight" for control of the packet flow.
| You can win that fight by sending a lot of packets.
|
| In practice, the other person is going to get annoyed and
| give up.
|
| There are lots of technology which avoid this issue now,
| but the two primary ones are 802.1x (used in
| corporate/government environments) and DHCP snooping which
| can be much more broadly deployed. 802.1x is very
| complicated and I won't go into it, but, DHCP snooping
| works by limiting L2 forwarding (MAC table population) to
| only what the DHCP server says the end device should have
| and it does this just by inspecting the DHCP replies (no
| custom protocol) with some vendor specific extensions on
| the DHCP server side for complex scenarios (you can even do
| things like put ports in a specific VLAN based on the DHCP
| reply).
|
| This works fine on a physical layer and most hotels are
| probably using something similar now (less for malicious
| abusive reasons, though that's a thing) but also just to
| work around poorly behaving devices and to reduce customer
| complaints. If you care (and have a modest amount of money)
| MAC and IP spoofing are dead on the physical layer.
|
| For the wifi layer, very similar stuff exists in high-end
| gear (Rukus/Cisco) and is starting to trickle down to
| prosumer level gear like unifi. If you care (and have
| serious cash for Rukus) MAC and IP spoofing are also dead
| on the wifi layer.
| EvanAnderson wrote:
| > "it depends, nothing good"
|
| Fun anecdote from the early 2000's re: duplicate MACs:
|
| Embedded IP time clock kept intermittently barfing out
| frames with the source MAC addresses of other devices on
| the network. The switch would update its MAC table and
| direct packets to this device. The Customer's AS/400
| would kill all remote terminal sessions when the clock
| ended up w/ the AS/400's MAC. (They were doing a layer
| 2-based connection to the AS/400-- APPN, I believe it was
| called... Ugh, it was temperamental and didn't like any
| layer 2 "hiccups".)
|
| MAC addresses flapping between ports is one of those
| "breaking the laws of physics" kind of problems that
| teaches you to question your assumptions. Gear with a
| crazy brain can do anything it wants to and it doesn't
| care about your assumptions.
| AdamJacobMuller wrote:
| > it was temperamental and didn't like any layer 2
| "hiccups"
|
| The clock was probably doing the "correct" thing when it
| got a TCP packet for a connection which it didn't
| recognize and sent back an RST, which caused the client
| to abort.
|
| > kind of problems that teaches you to question your
| assumptions
|
| Yep. I learned a lot from dealing with large layer-2
| networks (commonly running on hardware not suited for the
| task). Mostly I learned to never run large L2 networks.
| spmurrayzzz wrote:
| It more or less turns into an ARP cache race, only one
| device is gonna win. You can do some tricks with gratuitous
| ARPs as well for "dumber" networks, but more sophisticated
| setups usually have some broadcast ARP filters that are
| tied to an auth layer (radius, 802.1x. etc) and will drop
| broadcast frames from un-authed hosts.
| sznio wrote:
| Since Wi-Fi is a broadcast medium, shouldn't it not matter?
| With a switch it would break things because MAC tables, but
| a Wi-Fi AP is a hub. Each device will receive packets for
| both devices, sure, but will that break things?
|
| I know Windows gets upset when that happens but the network
| seems to still work.
| Cpoll wrote:
| I should probably know this too, but I'll speculate wildly
| instead.
|
| MAC is Layer 2, IP address is Layer 3. One way or another,
| the packet destined for the person you're spoofing will end
| up at your computer and work its way through the layers.
| From there, if it's a TCP/IP packet, I think it'll get
| filtered out at Layer 4 (transport) because your computer
| wasn't one of the parties that initiated the TCP connection
| (the sequence numbers won't line up, etc).
|
| Packets being broadcast to multiple machines is common
| enough in various network setups, it's up to the individual
| machine to decide whether to process or drop the packet.
| angry_octet wrote:
| That greatly depends on whether the medium is broadcast
| (like a radio) or broadcast-like (a shared copper wire) and
| if it has CSMA/CD logic. Many of the replies are losing
| that detail and thinking of how it would effect a
| 1000base-T network, which maps MAC addresses to specific
| ports.
|
| For a broadcast network, the answer could be 'nothing' in
| the sense that both receivers would get the same traffic.
| The IP stack would then throw away packets destined for the
| other computer unless they were UDP broadcast or multicast,
| and even then it would only notice if someone was running
| Wireshark.
|
| Advanced wifi devices/meshes will use beam forming and mesh
| allocation and might degrade if there were MAC duplicates,
| but I think they will generally operate in a non-exclusive
| basis due to end point movement and fading, so both
| computers will get a good data rate.
|
| In summary: it's fine.
| colanderman wrote:
| Can't this often result in the two machines RSTing each
| others' TCP connections, depending on firewall settings?
| queuebert wrote:
| Only one way to find out.
| _joel wrote:
| ARP entered the chat
| rolph wrote:
| this seems to be a decent answer written up ready to go.
|
| https://serverfault.com/questions/462178/duplicate-mac-
| addre...
|
| what happens depends on your LAN setup, but generally its a
| fail.
| lupire wrote:
| Does that work if both of you are trying to send/receive
| packets at the same time?
| system2 wrote:
| WiFi signal is received by both. Packages are ignored if
| they are not requested by either one of the systems. You
| can also receive anyone else's packages while you are using
| your internet but ignoring the ones you don't need. (If
| interested try aircrack-ng.)
| ahoka wrote:
| Only if it's unencrypted, of course. Rarely the case
| nowadays.
| ruune wrote:
| If it's important but you got time, you could always save
| the packets and crack them when quantum computing comes
| out for consumers. You have to wait a couple of decades
| probably, but maybe it's worth it
| pests wrote:
| NSA is already taking care of that in Utah.
| angry_octet wrote:
| Your computer will still receive the packets from the
| radio layer, it just won't have the right key to decode
| the other recipient's traffic.
| fragmede wrote:
| Yeah, the client OS will reject the "bad" packets destined
| for the other device as unknown.
| louison11 wrote:
| This is what I did about 7-8 years ago on flights when I was
| still a reckless teenager. Would just wait for people to buy
| the plan, then spoof their Mac address. There was also a
| specific airline, although I can't remember which one, which
| let me in for free without MAC spoofing - by using a Google
| Cloud VPN I had previously set up. The paywall was
| essentially blocking all IP ranges except for Google servers
| for Google Analytics.
| ApolloFortyNine wrote:
| Similar is probably possible on cruise ships, I noticed on
| Carnival you could still get notifications from discord (I
| assume because most android notifications go through cloud
| messaging and it's required for their own app to work
| without internet).
| Scoundreller wrote:
| Took an airline that required an app to pay to connect...
| but also opened up a window of a few minutes of open access
| to let you download said app from the iStore.
|
| I always wondered if there was a way to further exploit
| that.
| withinboredom wrote:
| IIRC (assuming it was the same airline), it didn't close
| existing connections once the time ran out, so you'd just
| ssh to a server and proxy through that. When/if the
| connection dropped, you'd just change your mac address
| and start over.
| pantalaimon wrote:
| I've never been at a hotel that charged for WiFi - is that a
| US thing?
| lukas099 wrote:
| It's not unheard of but it's probably been a decade since
| I've been to one personally. Some have free WiFi just for
| guests (probably good since the bandwidth is so saturated
| already).
| brewdad wrote:
| The last couple of hotels I stayed in had free "basic"
| wifi for guests. Elite status could get higher speeds for
| free or anyone else could pay something like
| $10/day/device to get higher speeds.
|
| I just switched to my cell phone data if the wifi was too
| slow.
| louison11 wrote:
| Yes. You often also have to pay for parking in many places.
| The price you see online is rarely what you pay for. But
| that's part of the culture, it's the same for restaurants,
| online purchases etc.
| lukas099 wrote:
| The sticker price is almost never what you pay, since tax
| is almost never included. Not sure how or when that norm
| diverged from the Euro one.
| xp84 wrote:
| I suspect the "how" is that we just never got the
| regulation that would prevent it because the 'small-
| government and low taxes' are aligned perfectly with the
| large business interests which tend to fund all
| campaigns. The "low taxes" types want to maximize the
| sting of all forms of tax and this is a great way to do
| that. And the businesses appreciate the psychological
| benefits of being able to show the minimum possible
| number. Even if a "display only the final price" rule
| applied to all a consumer's options, we probably just buy
| things more when they're labeled as "$99.99" instead of
| "$109.99."
|
| For extra fun, consider how phone bills attempt to "pass
| through" their own tax obligations, which have little to
| do with your own incremental usage, in the form of
| 'recovery fees' tacked onto bills. I suspect we'll
| eventually see those creep into all kinds of
| transactions, especially among other
| monopolistic/oligopoly businesses where you have little
| if any choice.
| sokoloff wrote:
| > we probably just buy things more when they're labeled
| as "$99.99" instead of "$109.99."
|
| That's basic price elasticity of demand and entirely
| unsurprising. When something costs 10% more, people buy
| less of it in general.
|
| We also buy more things priced at $99.99 than at $100.00,
| which is more of the psychological trick than it is
| rational price elasticity.
| ericjmorey wrote:
| The 2 largest retailers on earth have discovered that the
| x.99 prices make you less money than pricing at x.99 plus
| some arbitrary number between .99 and .01.
| havnagiggle wrote:
| Dialup speeds is free, but if you want to taste those
| megabytes, you better fork over those megabucks.
| ApolloFortyNine wrote:
| It's a business hotel thing, oddly all the cheap chains
| will have free breakfast and wifi, but often something like
| the Hilton will be pay for both, likely because the
| clientele they're targeting is business employees who will
| just expense the whole thing.
| Spooky23 wrote:
| Conference hotels often soak the companies with booths for
| internet access. One place I did for my company demanded
| $1500 for 3 days of internet access for up to 5 devices.
|
| In-room, you get free internet access, but in the
| windowless ballroom with spotty cell-service, there's
| nothing available for free.
| rootbear wrote:
| I've also seen the opposite, where in-room Wi-Fi was
| charged, but in the hotel's function spaces, it was free.
| The economics of this are confusing, at best. I have also
| had the situation where the in-room wi-fi was so slow
| that using my phone as a hot spot was faster!
| OkayPhysicist wrote:
| It used to be more common about 10 years ago, but
| especially so among hotels catering to business travel.
| Your Motel 6 would probably have free wifi, the Hilton
| wanted an extra $20 a night.
| lxgr wrote:
| That's an amazing anecdote!
|
| The state of "open Wi-Fi" security is actually really sad. I'm
| not aware of an easy way for the airline to actually do better
| than this!
|
| I suppose they could use Opportunistic Wireless Encryption [1]
| and bind session authentication to that (i.e. authenticate a
| given OWE session, not a given MAC address) if the device
| supports it, as at least modern Apple devices do? But I have no
| idea how stable an OWE session is; it would be very
| inconvenient to have to login again every time my device
| switches between access points.
|
| In any case, I'm sad that this isn't a solved problem yet, and
| paid Wi-Fi (as well as securing free Wi-Fi) still requires
| custom and clunky solutions like unreliable captive portals
| that need to pass through selective traffic (e.g. for 3DS, for
| payments, sometimes emails for password reset codes etc and
| more).
|
| A standardized endpoint and API would also be nice, i.e.
| something to tell the client whether it's connected, restricted
| (i.e. able to only access a limited set of hosts such as the
| in-flight map as described in the article), or needs to
| pay/authenticate (and if so, at which URL). This could then
| yield an authentication token, to be provided for seamless
| reconnections for the same session.
|
| There's "Hotspot 2.0" and WPA-EAP (i.e. WPA Enterprise), but
| these don't really have a good story for "pay via web portal"
| style usages and are more geared towards wireless carrier
| operated hotspot networks and corporate scenarios,
| respectively.
|
| [1]
| https://en.wikipedia.org/wiki/Opportunistic_Wireless_Encrypt...
| dangus wrote:
| Isn't this data meant to be exposed? You can get all this
| flight status on the Southwest intranet when you're connected
| to WiFi as part of the flight status page.
|
| This hack just goes a step further to plot the data over
| time.
| vezuchyy wrote:
| You can always use an open network to generate passwords for
| the proper internet connected WPA-EAP network (along with
| some in-flight multimedia like some carriers do). Extra step
| for sure but it solves the problem.
|
| PS: I'm a couch expert so I have no idea if there's a problem
| with this idea.
| Nextgrid wrote:
| In cases where the Wi-Fi is provided as a value-add or is
| bought via another channel than the Wi-Fi network itself, I
| think you can just generate one-time WPA Enterprise
| credentials, with a QR code to facilitate data entry?
|
| In case of in-flight Wi-Fi, the credentials/QR code can be
| printed on the boarding pass, or available in the app (the
| app caches it in advance while it's still on the ground, so
| when in the air you can use those credentials to connect).
|
| This doesn't cover 100% of use-cases but it would at least
| cover a big one (a significant amount of public Wi-Fi is
| "value add" to another service - whether restaurants, hotels,
| flights, etc where there's an existing channel to provide
| one-off wi-Fi credentials over), it's a shame nobody deploys
| this.
| labcomputer wrote:
| I think you could even take this one step further: Have a
| captive portal on an unencrypted channel (using TLS
| obviously) to do the vending, so that the credentials don't
| need to be purchased before the flight.
| cxcorp wrote:
| What if the captive portal just had a link (or on an IFE
| screen, a QR code) that connected your phone to a different,
| WPA2/WPA3 protected, hidden WiFi SSID that was generated
| exclusively for you? Phones nowadays support joining a
| passphrase protected WiFi AP via a QR code, so I'd imagine
| that's doable. The hard part would be finding routers that
| support >300 different hidden SSIDs, but honestly I would
| hope that that is technically feasible nowadays.
|
| That way you'd at least have the protection of the WPA GTK.
| tharkun__ wrote:
| This. And even if the >300 is not available, how many
| people _actually_ buy Wi-Fi on the plane? _That_ is the
| number of clients that need to be supported. And if that 's
| still a problem (or you don't want to guess), the SSID can
| be hidden and static and the only thing non-static is the
| password that works for just the duration of the flight you
| are on.
| 1B05H1N wrote:
| Did you have permission to do that ? Sounds pretty risky to be
| probing the network of a flight imo.
| Etheryte wrote:
| Are you aware what the website you're currently on is called?
| WendyTheWillow wrote:
| Hackers talk about ethics and legality all the time!
| margalabargala wrote:
| Does one generally require permission to read a sign that
| someone else posts in a public place?
| system2 wrote:
| The signal is already reaching your computer. You are not
| modifying it. It is the same as listening to radio.
| jamesbvaughan wrote:
| No permission - just curiosity :)
|
| I'm not too concerned about the risk associated with fetching a
| JSON file that their flight status page is already fetching on
| a loop. That said, I'm curious what risks you have in mind.
| mulmen wrote:
| > That said, I'm curious what risks you have in mind.
|
| Overzealous prosecutors.
| fouc wrote:
| There's no "probing the network" involved here.
|
| The in-flight webpage was continuously fetching a specific end-
| point from the in-flight web server.
|
| This end-point is basically public data.
|
| All he did was duplicate what the webpage was already doing,
| and then do some basic analysis on the data the end-point was
| returning.
| mulmen wrote:
| Tell it to the judge.
| mcast wrote:
| Cybersecurity and internet crime laws are notoriously
| outdated (created in the 80s). I could see a bad lawyer
| arguing that cURLing an API repeatedly is "hacking".
| soupfordummies wrote:
| Fun read! Reminds me of the type of articles I would find in
| 2600. The hacker spirit at work :)
| dekhn wrote:
| Wait, doesn't everybody set up a prometheus/grafana dashboard for
| each flight to show the telemetry?
| system2 wrote:
| I usually connect to the cockpit directly with rj45 to keep it
| stable. Sometimes even talk to the pilot with the encrypted
| coms.
| benced wrote:
| Another thing to notice: they use the highly nonstandard time
| zone abbreviation "PDT". This works because they're a US-only
| airline but if an international airline did this, they'd be in
| for a world of hurt.
| everly wrote:
| Is it really "highly nonstandard"? I thought it referred to
| Pacific Time during daylight savings. The rest of the time
| being PST (Pacific Standard Time).
| wil421 wrote:
| > Specifically, time in this zone is referred to as Pacific
| Standard Time (PST) when standard time is being observed (early
| November to mid-March), and Pacific Daylight Time (PDT) when
| daylight saving time (mid-March to early November) is being
| observed.
|
| https://en.m.wikipedia.org/wiki/Pacific_Time_Zone#:~:text=Sp...
| .
|
| What do you think is the correct format?
| kube-system wrote:
| Southwest has international routes now to popular vacation
| destinations south of the US.
| jdminhbg wrote:
| > This works because they're a US-only airline
|
| They're not US-only (note that the response included a value
| for whether it was a non-US-including flight), but they are
| North/Central America/Caribbean-only.
| recursive wrote:
| How much more standard can it get?
|
| https://en.wikipedia.org/wiki/Pacific_Time_Zone#
| https://www.timeanddate.com/time/zones/
| xxpor wrote:
| PDT is extremely standard?
|
| http://www.timezoneconverter.com/cgi-bin/zoneinfo.tzc?s=defa...
|
| Granted, I think everything should always be a UTC offset, but
| I'm also weird.
| aplusbi wrote:
| The `ac` in `actime24` probably means `arrival city`.
| xhkkffbf wrote:
| On one of the earlier flights with wifi, I found that my Google
| docs were saving correctly even though I didn't pay for the wifi
| upcharge. The router wasn't blocking those ports. It seems like
| this has changed recently. Too bad.
| paul7986 wrote:
| If you travel lite with clothes in a book bag(wash clothes if
| extended stay)... I don't see why anyone would fly United,
| Southwest, American Airlines, etc VS.the budget Airlines like
| Spirit.
|
| Maybe if you have points with those airlines... Otherwise, save
| hundreds of dollars using budget airlines which the planes are
| newer in my experience, and never had a bad experience versus my
| recent bad experiences with Delta and the others in which I paid
| a lot more for. Almost all airlines I've had to pay for Internet
| access, including Spirit so for me, I don't understand why I
| would fly all the more expensive airlines versus using Spirit.
|
| There's a lot of negative marketing out there about Spirit...
| After my 10 positive flights experiences in the last six months
| with them I don't believe the hype.
| paul7986 wrote:
| Sure for me I fly out of a major hub (Baltimore Washington
| International) and Spirit flies pretty much to every US city
| from there.
|
| One thing bad about spirit is their extremely horrible refund
| policy .. their seats are a bit smaller but not by much.
|
| Thus far in my ten recent experiences flying Spirit with
| clothes & travel necessities in my book bag has saved me lots
| of money and my flight experiences have been the same to even
| better compared to Dekta, United, Alaska or Southwest. Thus the
| first place I now go to book a flight is spirit due to my
| experiences and flying out of a major hub.
|
| I hope JetBlue doesn't get the chance to buy them out ...
| Spirit allows a lot of ppl who couldnt afford to fly enjoy a
| benefit all should be able too and for me i like saving money!
| dboreham wrote:
| > I don't see why anyone would fly United, Southwest, American
| Airlines, etc VS.the budget Airlines like Spirit.
|
| I'm on a spoke (not a hub) and just don't have the service
| available to use budget airlines even if I wanted to. We have
| JetBlue -- they fly to Boston and that's it. We have Allegiant
| and they fly to Phoenix (not really Phoenix -- Mesa), and we
| have Avelo they they fly to LA (not really LA: Burbank). All
| these airlines fly one flight per day, and often not every day
| of the week. When I'm traveling somewhere that works for the
| budget airlines, I'm still leery because if their plane breaks
| down or there is "weather in Cincinnati", I'm screwed. They
| don't have a second plane available.
|
| otoh we have United, Delta, American, Alaska, Southwest with
| flights to several hubs each, multiple flights per day, through
| international ticketing, first class sometimes open... Plus I
| don't pay for luggage on the major carriers due to credit card
| membership/status.
| itslennysfault wrote:
| You must have buns of steel. I flew Spirit exactly once (well,
| twice, it was round-trip), and it was such a miserable
| experience I swore to never do it again. Their seats are made
| of concrete as far as I can tell.
|
| For domestic flights I pretty much always sit in the window and
| never get up during the flight. On spirit I had to get up and
| walk around after about 3 hours 'cause my ass was sore. Never
| again.
| paul7986 wrote:
| Did you have a negative view of Spirit before flying with
| them?
|
| Not sure about my backside.. don't do squats lol ... 5'10 170
| itslennysfault wrote:
| Not terribly negative, but yeah I always assumed it was
| cheap for a reason. I think I'd probably do a 1-2 hour
| flight on spirit if it was a good deal. Past that I'll
| spend a little money for a more comfortable flight... Guess
| I could also just bring a cushion on board with me lol
| cityofdelusion wrote:
| Just to clarify, Southwest is classified as a budget airline,
| especially compared to the "big 3". Spirit and airlines like
| them are in their own class called ULCC (ultra low cost
| carrier) to differentiate them from the existing budget
| airlines.
| technothrasher wrote:
| Sometimes the budget airlines don't fly to where I'm going, or
| do so by long multi connecting routes. I'm currently sitting on
| an AA flight because it was the cheapest option with a
| reasonable travel time. Honestly, it kind of sucks for all the
| usual reasons, but I've at least got free wifi on my phone
| through some deal with T-Mobile.
| sswaner wrote:
| On many United flights you can connect to onboard wifi without
| buying the plan and have internet access on port 22 and
| apparently unrestricted UDP. This allows me to connect to an EC2
| instance running mosh. Coding in vim is a great way to pass the
| time on a flight.
| system2 wrote:
| Can't you create an SSH tunnel to a machine and RDP with it?
| Then you'd have fully functioning internet.
| TrackerFF wrote:
| Yes, that's standard data which is broadcasted to the passengers
| via the plane app/website. Usually the apps will have some "show
| position" feature where you can see position, speed, altitude,
| ETA, etc.
| ern wrote:
| Airlines have a moving map on their captive wifi portals. Didn't
| know it was rendered client side though. Something to try when I
| next fly.
| latchkey wrote:
| I was just thinking that you could take a picture from the window
| and then tie the GPS coordinates to the image with the output
| from that JSON. Kind of handy.
| jonah wrote:
| If you have location permissions enabled in your camera app,
| the image's exif data will have the coordinates in it.
|
| (US Civilian GPS units are prohibited from working above 60,000
| ft above sea level and 1,000 knots due to ITAR munitions export
| restrictions.)
| pklausler wrote:
| Stupid question: how do civilian GPS units know that they're
| above 60,000' or faster than 1000 knots without, um, working?
| comprev wrote:
| Maybe they read 60,000 even when at 62,000?
| 0x457 wrote:
| Well, they work internally, just don't expose information
| to the outside.
| latchkey wrote:
| I have pictures from my camera (with location permissions
| enabled) that don't have any GPS data in it, or at least the
| data is extremely wrong.
| jonah wrote:
| I can't help diagnose that for you. There are other ways to
| get your current location, etc from your phone though.
|
| I have GPS Test[1] on my Android - it's pretty neat to
| launch it while on a flight - seeing the speed in realtime
| is pretty fun.
|
| [1] https://play.google.com/store/apps/details?id=com.chart
| cross...
| dramm wrote:
| "According to this data, the plane's altitude was only
| fluctuating by about 20-30 feet. This is more stable than I
| expected!"
|
| Autopilots are very good and they are servoing to the pressure
| altitude.
|
| Many pressure altitude encoders used in modern aircraft (for
| example to drive altitudes that transponders report to SSR radar
| or via ADS-B) have 25 ft encoding resolution. That 25ft
| resolution is likely what is being seen here. Other encoders have
| 10 ft resolution but 25 ft is very common.
| cragfar wrote:
| No idea how true it is, but I overheard someone on a flight say
| that whenever you feel a real sudden jolt on a plan it's really
| only moving like 2-3ft.
| jfim wrote:
| A plane going up and down 20-30 feet seems like it would be
| very unpleasant. Considering that there's longitude and
| latitude, isn't it more likely that the altitude is coming from
| GPS, which is notoriously inaccurate with regards to elevation?
| altgoogler wrote:
| When you take off, you're going up at a rate of 500 fpm to
| 2000 fpm. Even if you go from +1000 fpm to -1000 fpm over the
| course of several seconds, you aren't going to feel much.
|
| At cruise altitude, you're moving along at 500 mph, which is
| 777 feet per second. So going from +30 feet to -30 feet in a
| minute is just an adjustment of only about 5 degrees. You'd
| barely feel it, even walking down the isle. An acceleration
| of 33 ft/sec per sec is 1 g.
|
| You experience greater changes in vertical motion on any
| flight you go on.
|
| *edit: units
| sokoloff wrote:
| > So going from +30 feet to -30 feet in a minute is just an
| adjustment of only about 5 degrees. You'd barely feel it,
| even walking down the isle.
|
| You would pretty obviously feel a change in pitch of 5deg
| walking down the aisle.
|
| You mixed feet per second and feet per minute. 60 feet of
| change across 777 feet of run is about 4.5deg (inverse
| sin(60/777)), such as you'd experience if the change was in
| 1 second instead of in 1 minute.
|
| Calculating 60' change in 777*60 feet, inverse sin
| (60/(777*60)) is 0.07deg, which is why you don't feel that
| change in inclination of the aisle.
| chatmasta wrote:
| Maybe the plane is staying level but the ground is variable
| terrain.
| momirlan wrote:
| it's the Earth vibrating ...
| rockostrich wrote:
| Elevation is relative to sea level, not the ground.
| funnyflywheel wrote:
| This only holds true if you're flying at or above the
| transition altitude. The transition altitude depends on
| where you're flying: for example, in the USA and Canada
| it's 18_000 feet MSL.
| danbtl wrote:
| It's still sea-level. The transition altitude just
| changes the altimeter setting from one that matches the
| current air pressure to a standard pressure setting.
| twothamendment wrote:
| Yes, the elevation is based on sea level. I don't fly
| much and recently landed in Denver and was watching the
| altitude on the screen in front of me. As we were
| descending we landed well before I was thinking we would,
| about a mile in elevation above sea level.. it was "duh"
| obvious when it happened, but I was tired and clearly not
| thinking about it!
| chatmasta wrote:
| The plane is measuring _altitude_ , which is relative to
| a reference point, unlike elevation which is relative to
| sea level. And if the altitude is determined by pressure
| sensor, musn't it be relative to the ground directly
| below the plane, anyway?
|
| (Although personally, I agree with the sibling comment
| that the variability is likely an artifact of the sensor
| resolution.)
| victortroz wrote:
| It's relative to sea level. After transition altitude
| (18k feet in most places) the pressure setting to the
| altimeter is changed to standard (iirc 1013 hPa) so all
| aircrafts are in the same reference regardless of
| terrain.
| epse wrote:
| Most places in the US, but accurate
| adastra22 wrote:
| Planes dont measure height relative to the ground. How
| would that even work? Their sensor is air pressure, which
| is treated as a function of elevation.
| jjwiseman wrote:
| They do sometimes! Via radar altimeters, when relatively
| close to the ground. And sometimes to keep autopilots
| from freaking out, we have to build radar reflectors to
| make the ground look level to radar even when it's really
| not. https://lustublog.com/2017/02/17/artificiel-mais-
| pas-superfi...
| jjwiseman wrote:
| When you climb to the top of Mt. Everest, the air
| pressure is about 1/3 of what it is at sea level even
| though you're standing on the ground.
| chatmasta wrote:
| Yeah, you make a very good point. Fortunately the blast
| radius of my scientific hubris is limited to whatever
| code I manage to deploy to the internet, and I'm not
| involved in designing or building aircraft.
|
| btw: Aren't you the guy who tracks planes flying in
| circles? I follow you on Twitter. Such a cool project!
| quickthrower2 wrote:
| And using the ground proximity to guide a landing instead
| of altitude has lead to some crashes I have read.
| danbtl wrote:
| Planes report pressure altitude via their transponders. 20-30
| feet up and down is very normal for an autopilot.
|
| GPS altitude is used for vertical guidance for certain types
| of GPS approaches (i.e. "LPV" approaches[1]) and requires the
| airplane's avionics to be equipped with a WAAS[2] receiver
| that provides accurate altitude information.
|
| [1] https://en.wikipedia.org/wiki/Localizer_performance_with_
| ver...
|
| [2]
| https://en.wikipedia.org/wiki/Wide_Area_Augmentation_System
| dhritzkiv wrote:
| 20-30 feet change over what timeframe? The resolution of the
| chart data in the article is about 30 seconds. While I think
| the fluctuation is due to the accuracy of instrumentation,
| 20-30 feet change over the course of a minute seems like
| nothing.
| xvedejas wrote:
| That's significantly slower than a typical elevator, in
| fact. Slow elevators run at about 200 feet per minute.
| jjwiseman wrote:
| I don't know what sensors are feeding the API from the post,
| but most passenger jets do broadcast information about the
| accuracy of their sensed position, including vertical
| position/altitude. If you click on an aircraft on the map at
| https://globe.adsbexchange.com/, and scroll the left sidebar
| all the way to the bottom you'll see a section labeled
| "Accuracy". ADS-B Exchange doesn't show Rc/v, the vertical
| position accuracy, but it does show other values. See
| https://mode-s.org/decode/content/ads-b/7-uncertainty.html for
| more information.
| ssaannmmaann wrote:
| I went down a rabbit hole by clicking on
| globe.adsbexchange.com :)
| yread wrote:
| I guess they got a lot more precise with implementation of
| Reduced Vertical Separation Minimum (RVSM) - planes had to be
| separated by 2000 ft and this was reduced in early 2000s to
| 1000ft
| ceejayoz wrote:
| It was probably fairly precise already. To get their license,
| a private pilot must demonstrate via a checkride the ability
| to stay within 100 feet of an assigned altitude, even in a
| steep turn.
| wkipling wrote:
| Not quite how it works.
|
| These are the instruments we are referring to not the
| ability of pilots. In fact in RVSM airspace the autopilot
| must be used.
|
| Instruments must be very accurate given the reduced
| separation in RVSM airspace. Often on modern aircraft
| multiple altimeters are compared and voted to provide a
| single output provided to the displays and autopilot.
| ceejayoz wrote:
| That's missing the point.
|
| If a human can manage to keep it within 100 feet of a
| desired altitude, an autopilot most certainly can; it
| didn't require new technology in the 2000s. Autopilots in
| the 1960s/1970s weren't seesawing all over the skies.
| sokoloff wrote:
| RVSM is overwhelmingly about instrumentation accuracy and
| precision, not pilot capability. [0]
|
| The pressure difference between 5K MSL and 10K MSL at
| standard conditions is 14.6 kPa.
|
| The pressure difference between 30K MSL and 35K MSL at
| ISA is 6.3 kPa.
|
| For a given amount of aircraft-to-aircraft variability in
| their precision altitude sensing equipment, the resulting
| difference in actual altitude is more than double in RVSM
| airspace than in the lower altitude range above.
|
| _That 's the reason for RVSM_: there is less change in
| pressure with change in altitude, coupled with a very
| busy altitude range (such that controllers would have an
| operational need to pass traffic overhead with only
| vertical separation rather than being able to use
| vectoring to achieve lateral separation between
| aircraft).
|
| It's not a linear relationship, but if I take an airplane
| with a 0.75 kPa absolute error in one direction and pass
| traffic with a 0.75 kPa absolute error in the other
| direction 1000' indicated above them, at low altitude,
| that 1.5 kPa total error is a little over 500 feet while
| IFR-IFR separation is 1000 feet minimum outside of RVSM.
| (These aircraft would likely be right on the border of
| passing a non-RVSM static system check.)
|
| If I take those same two aircraft into the mid flight
| levels and pass one over the other at 30K and 31K feet,
| the total error is around 1200 feet, which is why non-
| RVSM aircraft cannot be separated by 1000 feet in RVSM
| airspace, because you don't know that they'll miss each
| other.
|
| Improve the accuracy and precision of the static system
| and improve the examination criteria, making the airplane
| RVSM-capable, and now you can pass that traffic over each
| other at 1000' of indicated separation and be sure
| they'll miss.
|
| [0] - There is a pilot training requirement, which is
| focused on knowing the rules for RVSM and does not
| involve a checkride.
| ceejayoz wrote:
| Still missing the point.
|
| You're talking about getting different aircraft to agree
| between each other.
|
| The post upthread expressed surprise at an aircraft
| maintaining a steady altitude to within tens of feet.
| That's been a thing for many decades.
| GuB-42 wrote:
| I have read somewhere that so much precision could actually be
| dangerous in some circumstances.
|
| This is because this way, if a pilot goes 3000 ft for instance,
| it will be exactly 3000 ft, if another pilot also wants to go
| 3000 ft on a collision trajectory, it will be a guaranteed
| collision. When altitudes are not that accurate, there is a
| higher chance it being just a near miss. The solution, I think,
| was to simply avoid round numbers. So now, it is 2950 ft, 3050
| ft,...
|
| I may have the details wrong, but I am quite sure about that
| problem being seriously considered.
| wesapien wrote:
| What software did you use to do the visuals? I want to try this
| out.
| jamesbvaughan wrote:
| I used chart.js [0], but I don't necessarily endorse it - it's
| just what I knew how to use quickly. I usually try to keep my
| posts free from javascript, and could have used a different
| tool that gives me SVG data or images.
|
| You can see the code that's generating these charts here:
| https://github.com/jamesbvaughan/jamesbvaughan.com/blob/main...
|
| [0] https://www.chartjs.org/
| fer wrote:
| I belive this is OPs flight if anyone wants to compare plane data
| with ADS-B one.
|
| https://www.flightaware.com/live/flight/SWA2340/history/2023...
| schoen wrote:
| Conceivably, the ADS-B data source might be the same as the
| data source for this API, at least in that they might be
| calculated from the same instruments and flight systems.
| jamesbvaughan wrote:
| That is the flight. This is a cool idea - I wish I had thought
| of it!
| hocuspocus wrote:
| The speed unit looks more like knots than mph.
| jamesbvaughan wrote:
| Good catch! I'm not very familiar with knots - what
| specifically makes the speeds here look like knots to you?
|
| edit: Updated the article. Thanks!
| KolmogorovComp wrote:
| Airline planes never use mph but only knots.
| capableweb wrote:
| Well, most airlines. I think both China and Russia already
| switched to SI units (so km/h), and supposedly ICAO
| recommends using km/h but there is exception for using
| knots and there is also no end date to stop using knots, so
| everyone just continues to use knots.
| seabass-labrax wrote:
| It's not that they 'already switched', but rather that
| early Russian aircraft had used the metric system for
| instruments and China acquired much of their early
| aircraft from the USSR.
|
| In the West, it was well into the 50s before knots became
| conventional. Many (but not all) British and American
| aircraft used miles per hour, and most of non-communist
| mainland Europe used the metric system. I am not aware of
| whether there was some agreement to choose knots, but by
| the 60s almost all western aircraft had instruments in
| knots and nautical miles.
| [deleted]
| jamesbvaughan wrote:
| That makes sense.
|
| One reason I think it could be MPH despite that is because
| some of the other data seems like it's been processed so
| that it doesn't need to be transformed any further on the
| client side before using it in the UI, and the UI displays
| the speed in MPH.
|
| If I were still on the flight, I could just compare the
| numbers in these payloads to the MPH number in the UI and
| confirm.
| mulmen wrote:
| Based on the lat/long of your destination and the
| coordinates of the plane I believe the distance and speed
| actually are in miles and mph:
| https://news.ycombinator.com/item?id=37694487
| hocuspocus wrote:
| Your ground speed plot hovering around 500 mph would be ~800
| km/h which is oddly slow for an airliner, unless you were
| facing strong headwinds the entire way.
|
| The nautical mile is historically the common unit for marine
| and air navigation.
| scatters wrote:
| Clarification: a knot is one nautical mile per hour.
| JoeAltmaier wrote:
| Isn't it 1.15mph?
|
| https://www.metric-conversions.org/speed/knots-to-miles-
| per-...
| jdsnape wrote:
| Yes for statute miles, but it is also one nautical mile
| per hour
| toyg wrote:
| nautical mile is 1.15 land mile.
| chx wrote:
| 487 miles per hour would only be 0.63 Mach which is very
| slow.
|
| 487 knots would be 0.73 Mach which is much closer to the rule
| of thumb 0.78 Mach cruise speed expected.
|
| https://krepelka.com/fsweb/learningcenter/aircraft/flightnot.
| .. (and yes, it's a simulator but it's still good for real
| world)
| mulmen wrote:
| Mach is a product of altitude and we only have ground speed
| so we'd need weather information and heading to compare.
| hocuspocus wrote:
| Sorry it seems I was completely wrong, it's MPH, your ground
| speed was on the slow end:
|
| https://www.flightradar24.com/data/flights/wn2340#322ad9f6
| kvmet wrote:
| Knots are typically used for aviation. Also different planes
| have their own optimal speeds for efficiency that the
| airlines aim for so if you know the airframe you can derive
| what they are most likely targeting. You can also compare the
| value to the filed flight plan and see if it is similar.
| dclowd9901 wrote:
| Knots are used for aviation, but this data looks like it's
| being consumed by the in-flight UI, and most _people_ are
| not familiar with knots in terms of speed. Indeed, using
| the UI shows MPH vs. knots. My money is this speed being
| mph.
| dclowd9901 wrote:
| I don't think so. When you use the portal, it displays speed in
| MPH -- I highly doubt there's some knots->mph converter in the
| frontend code.
| mulmen wrote:
| I have been on (international?) flights where the in-flight
| display gave me a choice. It may still be done on the backend
| but doing that kind of conversion in the UI is at least
| arguable.
| jandrese wrote:
| I'm not so sure. The same data packet claims that the flight
| has 2h 25m of flight time left to cover 1167 miles. That works
| out to 483 mph, which is pretty close to the stated 487 and
| might be explained by some padding added to the time to account
| for taxiing.
|
| Unless that 1167 figure is in a different unit it doesn't even
| come close to working out at 487 knots ground speed.
| mulmen wrote:
| Coming at this another way:
|
| The blog says the destination was Oakland. The Oakland
| International Airport is at 37deg43'17''N 122deg13'15''W. The
| data packet also contains the current lat and long of the
| flight as 40.201 and -100.755 respectively. Plugging that in
| to a distance calculator [2] gives 1163 miles, 1010.6
| nautical miles, or 1871.6km. So the distance value of 1167
| appears to be miles.
|
| At 487mph covering 1163 miles would take 2.3963039014 hours
| or ~2h23m. If the speed is knots then it would be
| 2.08233112598 hours or ~2h5m at 560.4296mph. So mph makes the
| most sense given an estimated time of arrival of 2h25m.
|
| So I think you are right, the distance appears to be miles
| and the speed MPH. This makes sense for an in-flight
| infotainment system on a US domestic flight.
|
| The difference between 1167 and 1163 can probably be
| explained by the fact that the plane is 6.5 miles in the air
| traveling at 8 miles per minute and we don't know update
| interval or if the distance is in the air or on the ground.
|
| [1]: https://geohack.toolforge.org/geohack.php?pagename=Oakla
| nd_I...
|
| [2]: https://www.omnicalculator.com/other/latitude-longitude-
| dist...
| [deleted]
| hocuspocus wrote:
| My bad, you're right
| https://www.flightradar24.com/data/flights/wn2340#322ad9f6
| apendleton wrote:
| ... I mean, it could be in nautical miles, no?
| [deleted]
| jackconsidine wrote:
| Love the spirit of this article. The author could have Git-
| scraped [0] this info!
|
| https://simonwillison.net/2020/Oct/9/git-scraping/
| jamesbvaughan wrote:
| This is cool - thanks for sharing
| TheHappyOddish wrote:
| For those not in (I presume) the US, "Southwest" appears to be
| the name of an airline. I was disappointed to find out this
| wasn't a puzzle to solve when only travelling in a specific
| direction, but still an interesting read.
| Thaxll wrote:
| Reminds me how old and unsecure those system used to be, years
| ago they would perform DNS queries but block most traffic,
| meaning that you could get free internet by using DNS tunneling.
|
| Same for the movies on board, if they have some apps and not just
| movies in front seat, you can use vlc, ffmpeg to download / watch
| the movie without ads / interruption.
|
| When I was doing some digging they used a lot of Panasonic
| solution and open source stuff such as squid cache, apache http.
|
| https://na.panasonic.com/ca/industries/avionics
| amacalac wrote:
| Reminds me of the time I dumped CANbus data off a Yamaha R1 bike,
| made sense of the data, and displayed it on a bunch of charts.
|
| Interesting data like Accelerator Handle position, you can figure
| out how much a rider is really cranking it, and how aggressive
| they are riding.
| jasonjayr wrote:
| ... Which is precisely the data those data loggers you plug in
| from insurance companies track to adjust/refine your rates
| .....
| mikepurvis wrote:
| Honestly, it seems pretty fair to me. If I'm a careful,
| occasional driver, and the insurance company otherwise has no
| way of knowing that, then they have to bill me like I'm
| commuting every day in stop and go traffic, distracted by
| podcasts and who knows what else.
|
| There will probably always be a "premium" market for no-
| questions-asked insurance, but if the company can give me a
| break on my rate based on my driving behaviours correlating
| to a lower incident likelihood, I'll happily take that break.
| Even better if such measures correspond to drivers across the
| board adjusting their habits now that it hits them directly
| in the wallet.
| jasonjayr wrote:
| At it's face, yea, it sounds fair, and the more data you
| feed to the actuarial tables, the more accurately they can
| identify the specific cost of insuring that driver.
|
| My concern is that it's a tragedy of the commons type
| situation: this normalizes data surveillance. We have no
| idea exactly what data the device is transmitting, and what
| the insurance company will do with that data. Regulations
| protecting this data are weak-to-non existent.
|
| With everyone's budget being stressed, people are quick to
| trade a few dollars to sacrifice privacy, and then this
| technology is being mandated everywhere.
| mikepurvis wrote:
| Fair, though given that manufacturers are already doing
| this stuff anyway, it feels like a problem to be solved
| with broader privacy legislation than by making good
| drivers pay for the cost of bad drivers.
|
| On the other hand, I suppose I'm a bad person to make
| this argument since I actually dislike personal
| automobiles for a whole host of reasons, so I'd just as
| soon get back my privacy by walking, cycling, and using
| mass transit.
| LesZedCB wrote:
| I did one of those once and tried for three months to drive
| really carefully.
|
| in Boston.
|
| it basically broke me and my driving sanity for 6+ months and
| made me a really worse driver for a while, maybe
| permanently?? and my rate basically didn't change at all.
| mvkel wrote:
| Love this kind of stuff.
| MayeulC wrote:
| Ah, interesting. I guess this could be used by UnifiedNLP:
| https://f-droid.org/en/packages/de.sorunome.unifiednlp.train...
|
| Also, KDE Itinerary:
| https://invent.kde.org/pim/itinerary/-/blob/master/src/app/S...
|
| I'm off pinging the relevant projects :)
| bowsamic wrote:
| What a waste of time
| mavili wrote:
| Almost a duplicate, but actually not:
| https://news.ycombinator.com/item?id=37692832
| sciencerobot wrote:
| Just make sure to never send a PATCH request
| jamesbvaughan wrote:
| Considering how delayed that flight was, I'd have loved to be
| able to PATCH the `dist_remain` field.
| hackmiester wrote:
| Here is how to get the equivalent data on a Delta flight.
| $ curl https://wifi.delta.com/api/flight-data | jq %
| Total % Received % Xferd Average Speed Time Time
| Time Current Dload
| Upload Total Spent Left Speed 100 448 100
| 448 0 0 5600 0 --:--:-- --:--:-- --:--:-- 5743
| { "timestamp": "2023-07-11T14:54:41Z", "eta":
| "17:48", "flightDuration": 278,
| "flightNumber": "DAL786", "latitude":
| 39.723472595214844, "longitude": -97.1514205932617,
| "noseId": "3879", "paState": false,
| "vehicleId": "N879DN", "destination": "KPDX",
| "origin": "KATL", "flightId":
| "N879DN_SF_20230711121358", "airspeed": null,
| "airTemperature": 24, "altitude": 33922,
| "distanceToGo": 179, "doorState": "Closed",
| "groundspeed": 442, "heading": -73,
| "timeToGo": 174, "wheelWeightState": "Off" }
|
| And a fun snippet for you. $ curl -s
| https://wifi.delta.com/api/flight-data | jq -r
| '"https://maps.google.com/?q=", .latitude, ",", .longitude' | tr
| -d '\n'; echo
| https://maps.google.com/?q=40.5615234375,-101.2824478149414
| denvaar wrote:
| What makes it so that you can only resolve the host
| wifi.delta.com during a flight?
| gsk22 wrote:
| I assume the DNS server on the in-flight router is programmed
| to resolve that hostname to some local device.
|
| Similar to how I can log into my ASUS router from my home
| wifi by visiting asusrouter.com.
| c7DJTLrn wrote:
| It would be nice if you could send a POST request to open the
| door if you want some fresh air.
| hackmiester wrote:
| I tried to change the flight level by PATCHing altitude, but
| it seemed to require authentication. Oh well.
| CamperBob2 wrote:
| This sounds like a good way to meet some upset people with
| expensive sunglasses shortly after you land.
| [deleted]
| jmharvey wrote:
| It's not like that at all. The sunglasses aren't that
| expensive.
| hackernewds wrote:
| after you land also open to interpretation
| ComputerGuru wrote:
| Maybe you can take risks like that, but I certainly can't.
| I don't think anyone with my name or skin color would be
| given the benefit of the doubt for even a moment.
| thomashop wrote:
| Your comment made my day. Eye opening
| queuebert wrote:
| You probably can. I suspect airliner software is appallingly
| insecure.
| epse wrote:
| Relies very strongly on simple airgapping. Can't do
| anything to it if there's no wires in the direction you
| want. Can't remotely hack if there's nothing antenna
| connected that can talk to flight control. It has the
| luxury of not needing to do the "limited RCE" that is a
| modern web request
| hk1337 wrote:
| Someone will probably figure out how to send a request to
| disable auto-pilot or turn off the fasten seat belt sign.
| naikrovek wrote:
| the airline industry is nowhere nearly as stupid as the
| software industry with things like this.
|
| the communication between plane and wifi/entertainment
| system, if there is any, is _almost certainly_ one-way.
| likely, the wifi system providing this info is receiving
| data from the flight systems and repeating it or
| transforming it a bit and providing that.
|
| it would not surprise me at all if the flight attendants
| have to program everything about the flight into the system
| prior to departure each flight, and there is no
| communication from the aircraft at all.
| jpalomaki wrote:
| "The computer network in the Dreamliner's passenger
| compartment, designed to give passengers in-flight
| internet access, is connected to the plane's control,
| navigation and communication systems, an FAA report
| reveals." [1]
|
| (I guess there's some kind of firewall, but we know that
| those are not always perfect)
|
| [1] https://www.wired.com/2008/01/dreamliner-security/
| eep_social wrote:
| IIRC the in-flight infotainment systems are entirely
| separate from the avionics control systems at the data
| layer. I recall being told that in some cases even the
| flight status is actually pulled from a 3p api service
| rather than hooked into the onboard avionics.
|
| There could be some fuckery via shared power or other
| non-data systems but that's probably beyond someone
| sitting in a seat with standard laptop hardware.
| hackmiester wrote:
| If the latter was true, then "wheelWeightState" (and
| others) would not work. But, they do work.
| chaps wrote:
| Might be one way, but that doesn't mean you can't DDoS it
| (by accident or otherwise).
| pwillia7 wrote:
| DELTE
| fnord77 wrote:
| Please stand by, a DHS agent will be with you shortly
| remram wrote:
| You can use jq's string interpolation feature to simplify this:
| $ curl -s https://wifi.delta.com/api/flight-data | jq -r
| '"https://maps.google.com/?q=\(.latitude),\(.longitude)"'
| hackmiester wrote:
| Thanks! I was trying to figure this out but I didn't have
| great Internet access (for some reason...) so I just hacked
| it instead.
| [deleted]
| bunabhucan wrote:
| > "airspeed": null
|
| [nervously looks out window]
| PNWChris wrote:
| I have nothing insightful to add, I just want to say thanks for
| posting this!
|
| I'm on a flight right now and just went to this URL. Sure
| enough, it works!
|
| I know this information is available via the wifi portal's UI,
| but a JSON blob just hits different.
|
| ```
|
| {"timestamp":"2023-09-28T21:57:39Z","eta":"23:45","flightDurati
| on":164,"flightNumber":"DAL992","latitude":47.4557876586914,"lo
| ngitude":-111.73490905761719,"noseId":"3883","paState":false,"v
| ehicleId":"N883DN","destination":"KMSP","origin":"KSEA","flight
| Id":"N883DN_SF_20230928195737","airspeed":null,"airTemperature"
| :null,"altitude":35273,"distanceToGo":13,"doorState":"Closed","
| groundspeed":499,"heading":95,"timeToGo":107,"wheelWeightState"
| :"Off"}
|
| ```
|
| Apologies for the JSON formatting, I'm on mobile.
| eddieroger wrote:
| Interesting how they chose to make more general `vehicleId`
| instead of `planeId` or `tailNumber` or something. I wonder if
| Delta's fleet includes other things that have matching APIs to
| this one. I also wonder how much of their internal system
| structure one could learn from the `flightId` if they knew
| about other systems. It doesn't look like much beyond a
| composite key of otherwise knowable data, but still
| interesting.
| blcknight wrote:
| I doubt Delta made this. It's an official the shelf product
| that can do ships, trains, planes, etc.
| eddieroger wrote:
| Valid point. It makes a lot of sense in that light instead.
| mulmen wrote:
| But they also have airplane/flight specific identifiers
| like "flightNumber", "flightId", "noseId(?)" and
| "airSpeed". Maybe vehicleId is part of a base class or
| primary key somewhere and that abstraction is leaking.
| hackmiester wrote:
| Hey, a train has airspeed. :)
| mulmen wrote:
| Heh, true. I deliberately left out altitude because this
| is HN but you caught me anyway.
|
| Presumably a train's groundSpeed and airSpeed are the
| same. If they diverge you have bigger problems than a
| JSON schema.
|
| Is there a variant of this for ships? surfaceSpeed vs
| seaFloorSpeed?
| wasmitnetzen wrote:
| A train can easily run in a head- or tailwind in the same
| order of magnitude as its groundspeed.
| CommieBobDole wrote:
| As always, there's a relevant XKCD:
|
| https://xkcd.com/2170/
| not2b wrote:
| But SouthWest will give you a much prettier display of that same
| data (track your flight, see the current altitude and ETA, and a
| lot more, like the plane's position on the map) without paying
| for their WiFi. My guess is that they are using the same data
| that article writer wrote a program to process. Essentially there
| is one site you can visit for free and that's where it is.
| jamesbvaughan wrote:
| Yep, that's exactly right! They have a nice status page that
| you can visit free of charge that visualizes this data.
|
| I chose to scrape it for a couple reasons:
|
| 1. I wanted see all of the data for the entire flight - that
| status page only visualizes the current values.
|
| 2. It was fun!
| fragmede wrote:
| Plus there's no Internet. What're you going to do, read a
| book?
| coffeebeqn wrote:
| I was on some US flight recently - maybe Alaskan airlines - and
| they basically had a LAN box with movies and shows accessible
| on wifi without internet access
___________________________________________________________________
(page generated 2023-09-28 23:00 UTC)