Having the train use Bluetooth Low Energy advertising to broadcast its location and some other data, like time-to-next station, next station name, would be a nice feature.
GPS spoofing should not be done in my opinion until the negative side-effects are well understood.
This is the case in some stations in Paris. To retrofit ancient trains with station announcements, they have installed Bluetooth broadcasters on each station so the train can detect when it enters/leaves and announce the next station for visually impaired people. Smart and simple imo.
Ona similar note I always thought it would be cool if there was a standard allowing (trusted) WiFi access points to relay location data, so that in-flight WiFi could pass on the plane's GPS feed.
No need; phones use sensor fusion these days. Wifi, ble, 4G/5G base stations, signals, etc. it's all taken into account. Which is why you can get accurate position in a lot of places where you definitely don't have any line of sight to any GPS satellites. Some of the more recent wifi standards also have some positioning features.
Early Android dev had a guide on how devs could pick the best location from various sources individually, and it was massive pain with dubious results.
You'd need to spoof at least three satellites to get a fix, right? And then you'd need to spoof different signals for different regions of the subway, because your signal sources aren't really in the orbit.
Sounds to me this could be very complicated and expensive. I wonder if it would even be possible because you'd need to have the same signal spoof the correct positions to everyone who hears that signal.
I don't understand this. As far as I know, the satellite basically sends its identifier and precise time, and from this information (combined with the information in GPS calendar that tells the locations of the satellites) the recipient can determines its own location.
How could it be possible to determine the location from a single timestamp and information about which satellite it belongs to? I suppose if the recipient already has a fix, then it could perhaps survive with less than 3 satellites by making some assumptions, but I imagine this will result in lower quality location information.
Were you proposing to assume the location of a 5m sphere the recipient is in?
> I don't understand this. As far as I know, the satellite basically sends its identifier and precise time, and from this information (combined with the information in GPS calendar that tells the locations of the satellites) the recipient can determines its own location.
I'd assumed the GPS calendar was somehow broadcasted by the GPS network too, which kind of means that they also share their location.
> Were you proposing to assume the location of a 5m sphere the recipient is in?
I guess the proposal was to change the problem from pinpoint a single point in space, to figure out roughly where I am, in which case being anywhere in a tiny sphere is pretty much the same as being in a point after you account for errors.
The satellite also sends information about all the other satellites that a receiver should be able to see. This is what makes adding other transmitters hard/impossible I guess - no way to tell the overhead satellites that your ground station also exists (there would presumably be thousands of them - most not in range of your receiver which would be even more problems.)
Well, you are not a GPS satellite, so you are indeed spoofing military equipment.
On a serious note, I recall that smartphone location in metro in my city started to "just work" as soon as all stations and tunnels had indoor cell towers. Suddenly all apps worked fine and I forgot that problem ever existed.
Modern location detection is as scary as it is amazing.
I take Wellbutrin and I’m not sure what it does for other people, but for me, it gives me a buffer of patience to draw from that I didn’t really have before. Negative or frustrating events don’t feel quite as urgent and I’m able to calmly move forward better than I can without it. Which is very helpful when you’re taking care of kids.
This is my experience, too. Bupropion (Wellbutrin) seems to dampen the spike of cortisol or adrenaline or something that I can get when something really irritates me. As a single father of two middle school age boys, it has helped a lot.
Btw, have you noticed exposure to sunlight to make you even more laid back? I've recently been casually tracking a correlation in that for myself.
This has been my experience with citalopram as well. The negative side effect though is that natural highs are lower, so I view it very much as a mood stabilizer.
The mast that your phone communicates with doesn't always have lots of fiber bandwidth. Sometimes it's only connected to other masts using microwave links (which could be outdated).
Looking only at capacity, it will definitely be cheaper to provide unlimited plans but even if that was the only factor, there isn't much of an incentive for carriers to change how they charge for bandwidth.
In all likelihood prices will go up as 5G requires a massive infrastructure deployment of very expensive hardware, spectrum licensing, and they'll have to pay to transmit and receive that data to the internet. All of those additional costs will be passed on to customers.
Even if it wasn't expensive to deploy, carrier customers pay for value provided. 5G will be in some way better, so more expensive. In the same way we use pay insane roaming rates until EU ruled they can't stay - suddenly carriers advertise how cheap the roaming is with them and how they're the first ones to offer it in the country...
https://web.whatsapp.com/ only allows login through a cert (via a QR-code). Some banks also use this. A smartphone is used a a cert vault. Not a client cert in the traditional sense, though it's basically the same thing.
Nah it's not the same thing. Client Authenticated TLS provides a mutually authenticated channel. Mutually authenticated channels cannot be man-in-the-middled. The auth is happening at the transport layer.
A login through a QR code (basically a token) is just normal TLS with the same MiTM risk. Its just an application layer login.
I don't understand the security argument you're making. Are you claiming that, if I use client certs, I am protected against a rogue CA issuing a fake certificate for web.whatsapp.com? How?
If you're thinking of a protocol like Kerberos, then yes, you can derive a shared secret because there's a single-point-of-trust authentication entity (the KDC) which has knowledge of both your password and the server's password/key, and yes, your password certifies that you're talking to the right server (as long as the KDC is trustworthy). But that's not how TLS mutual auth works.
I've just set that up, thanks - the UX is brilliant, exactly what's needed to increase adoption. Of course, it requires that you've gone through the WhatsApp phone app setup, but I'm sure this model could be applied on an equivalent system - especially as smart phones are almost ubiquitous now.
How is it the same thing? If it's the system I'm familiar with (the QRCode is basically a OTP for your phone), then they're no where near "basically" or even any at all the same.
What it reminds me of, is Google Project Tango, which also has the NASA's JPL listed as a partner[1]. Also worth mentioning, is Johnny Lee, who worked for Microsoft Kinect, and is now working at Google for project Tango.
First thing, it crashes, a lot. We're talking 2-5 minutes active 3d scanning before the structure sensor driver bites the big one. Requires killing and restarting service along with all programs associated.
Also had hard freezes as well.
Its "google quality" in other words, crap. It might get better. It probably won't, given their track history regarding consumer devices in "google beta" (read as alpha).
from http://www.reddit.com/r/netsec/comments/209h4d/samsung_galax... :
This is not a backdoor. It's a feature, and a reasonably common one for Qualcomm based devices.
It's an interface to allow the modem access to a persistent data store (ie. eMMC modem partitions) even though only the application processor may access the MMC controller.
Have a look at the rmt_storage client documentation found in a Qualcomm kernel tree. It used to be pretty common to ship a rmt_storage daemon to do the very same thing Samsung is being accused of here (hint: Nexus 5 still uses it), I don't know about other recent devices, but I'd imagine they'd employ something similar.
Also, there are many more ways for the baseband to compromise the application processor, without an explicit interface.
> This is not a backdoor. It's a feature, and a reasonably common one for Qualcomm based devices
Are these really mutually exclusive? I don't doubt that qualcomm had good reasons to add this interface, but clearly it can be used as a backdoor, and since the user is not made aware of it, I'd say this meets all the qualifications of a backdoor.
They could have easily designed this in a way that allowed the baseband processor to only write to a designated area instead of giving it full access.
You are right that that the baseband in phones usually has many other ways to directly access sensitive data from the main processor (DMA is the obvious one). But this differs from phone to phone, depending on the hardware design. There are phones where the baseband talks to the main processor through a serial interface with no access to DMA.
"Bug" implies a mistake/oversight where the additional functionality was known to noone, and then discovered. This functionality was deliberately created, thus it's a "backdoor".
Based on what seemingly passes for "accepted practice" in the mobile world (download QPST for tons of fun!), the only sane way to have a trustable mobile device is with a separate cell-modem and a well-defined interface.
I mean, maybe I'm confused, but this sounds like they closed one method (among others) that could potentially be used to create a backdoor by, I guess, a carrier or OEM.
There's no evidence that anyone's phone was open to remote exploit at any time.
