Now Playing Tracks

QUOTE from http://ift.tt/1tmsy7g
Display
files/images/stanford-university-campus-bronze-statue_450.jpg


Chris Parr, Times Higher Education, [Sept] 02, 2014


You can’t just say “ Moocs have started out as a free opportunity – and free is a great way to get people interested,” as Stanford’s John Mitchell does. MOOC means free. If academia wants to charge tuition for instruction, I won’t complain, since academia has been doing that for 2,500 years. But they don’t get to call such courses open or MOOCs. Because they’re not!

[Link] [Comment]

END QUOTE
Moocs are free – but for how much longer? http://ift.tt/1tmsy7g
QUOTE from http://ift.tt/VYaFxa

In a previous post I was delighted to report that assisted GPS (A-GPS) has become fast enough so I no longer have to rely on Google’s Wi-Fi location service that in return requires me to send Wi-Fi and location data back to Google periodically. Unfortunately it turns out that the A-GPS implementation of one of my Android smartphones sends the ID of my SIM card (the IMSI) to the A-GPS server. From a technical point of view absolutely unnecessary and a gross privacy violation.

Read on for the details…

How Assisted GPS (A-GPS) works

To get a position fix, the GPS chip in a device needs to acquire the signal of at least three satellites. If the GPS chip is unaware of the identities of the satellites and their orbits this task can take several minutes. To speed things up a device can get information about satellites and their current location from an A-GPS server on the Internet. The single piece of information the server requires is a rough location estimate from the device. Usually a device is not aware of its rough location but it knows other things that can help such as the current cellular network id (MCC and MNC) and the id of the cell that is currently used. This information is sent to the A-GPS server on the Internet that then determines the location of the cell or network with a cell id / location database.The location off the cell or network is precise enough to assemble the satellite information that applies to the user’s location which is then returned over the Internet connection. The satellite information is then fed to the GPS chip which can then typically find the signals of the GPS satellites in just a few seconds.

No Private Information Required

It’s important to realize at this point that no personal information such as a user’s ID is required in this process. The only information that can be traced back to a person, if the A-GPS client is implemented with privacy in mind, is the IP address from which the request was made to the server. In practice a mobile device is usually assigned a private IP address which is mapped to a public IP address from which the request seems to have originated. This public IP address is shared with many other users. Hence, only the network operator can identify which user has originated the request while the A-GPS server never gains any insight into who has sent the request.

The SUPL protocol and Privacy Breaching Information Fields

A standardized method for a device to gather A-GPS information from a server is the Secure User Plane Location protocol (SUPL). Several companies provide A-GPS SUPL servers answering requests on TCP port 7275 such as Google (supl.google.com) and Nokia/Microsoft (supl.nokia.com). In the case of my Android smartphone, supl.google.com is used. As the ‘S’ in ‘SUPL’ suggests, the protocol uses an encrypted connection for the request. As a consequence, using Wireshark without any additional tools to decode the request won’t work as the content of the exchange is encrypted. Fortunately there’s SUPL-PROXY, an open source piece of software by Tatu Mannisto that can be used in combination with domain redirection to proxy the SUPL SSL connection and decode the request and response messages. And on top, the SSL certificate generated by Tatu’s software for the proxying can be fed into Wireshark which will then also decode the SUPL messages. And what I saw here very much disappointed me:

My SIM Card ID In The SUPL Request And No SSL Certificate Check

I almost anticipated it but I was still surprised and disappointing so see my SIM card’s ID, the International Mobile Subscriber Identity (IMSI) in the request. This is shown in the first screenshot below. As explained above, the IMSI or any other personal information is not necessary at all for the request so I really wonder why it is included!? And just to make sure this is really the case I ran another test without a SIM card in the device and also got a valid SUPL return with the IMSI field set to 0’s.

The second screenshot shows the cell id in the request which is required for the SUPL request. The IMSI in combination with the cell ID provides the owner of the SUPL server (i.e. Google in my case) a permanent personal identifier and as a consequence the ability to pinpoint and record my location whenever a SUPL request is made. And in this day and age, it’s pretty certain that my network operator is not the only entity that is aware of my IMSI…

The third screenshot below shows the first part of the SUPL response which includes the location of the cell that served me when I recorded the SUPL request. Just type the two coordinates into Google search and you’ll end up with a nice map of the part of Austria where I was when I put together this post. The second part, not shown in the screenshot, contains the satellite information for the GPS receiver.

And the cream on top is that the SUPL client on my Android device did NOT check the SSL certificate validity. I did not include the server certificate in the trusted certificate list so the client should have aborted the request during the SSL negotiation phase. But it didn’t and thus anyone between me and the SUPL server at Google can get my approximate location by spoofing the request in the same way I did. I’m sure that two years ago, most people would have laughed and said that it’s unlikely this could happen or that someone else but my network operator would know my IMSI, but year post-Snowden I don’t think anyone’s laughing anymore…

When The Baseband Makes The Query

And now to the really scary part: The next thing I tried was if I could reproduce this behavior with other Android devices at hand. To my surprise the two I had handy would not send a SUPL request over Wi-Fi and also not over the cellular network (which I traced with tcpdump on the device). After some more digging I found out that some cellular radio chips that include a GPS receiver seem to perform the requests themselves over an established cellular IP connection. That means that there is NO WAY to trace the request and ascertain if it contains personal information or not. This is because the request completely bypasses the operating system of the device if it is made directly by the radio chip. At this point in time I have no evidence that the two devices from which I did not see SUPL requests actually use such a baseband chip A-GPS implementation and if there are personal indentifiers in the message or not. However, I’m determined to find out.

     Supl-issue-1-imsi-removed Supl-issue-2 Supl-issue-3

 

And for those of you who’d like to try yourselves I’ll have a follow up post that describes the details of my trace setup with two Raspberry PI’s, Wireshark, and the SUPL-PROXY software mentioned above.


END QUOTE
How SUPL Reveals My Identity And Location To Google When I Use GPS http://ift.tt/VYaFxa
QUOTE from http://ift.tt/1u28bKv

From Penny Coupland:

.

Today I counted 31 kids under 14 on bikes during my trip from Chinatown to Jericho and back (33 if you count the cute baby in a bike seat, 36 if you count the ones in bike trailers, 37 if you count the one on a trail-a-bike).

.

PGR K4

PGR K2

.

Training wheeled bikes on the road are becoming much more common now – like the small boy at the rear.

PGR K 1

.

And apropos your latest post re people parking in bike lanes – I encountered only 2 today. One on PGR, one on Union at Gore, which means I only got sworn at twice for taking photos of them. Today was a good day!

PGR K3

.

Had a car pull out of a parking space on Union/Gore into the bike lane, narrowly missing me, earlier this month. He drove ahead of me further down and pulled in left, to a parking spot that suited him better. The bike store owner who saw the whole thing came out and asked the cop standing outside why he didn’t do something about it. Cop replied (quite correctly) ‘Happens all the time here’.

Saw two drivers turn into Union bike track from Gore as I was returning home!   Is there a city-wide shortage of post bollards currently? I’d happily sponsor a few!



END QUOTE
The New Point Grey Road – 29: The Coupland Report http://ift.tt/1u28bKv
QUOTE from http://ift.tt/1tU8Iye

Is this it?

.

Indie

The mural that’s being painted on the six gigantic industrial Ocean Concrete silos on Vancouver’s Granville Island by OSGEMEOS, the two twin-brother Brazilian artists, is their biggest project to date and their first in Canada. 

This Vancouver Biennale project “is destined to become one of the most recognizable and iconic works of public art anywhere in the world.”

You can check on the progress here – and contribute to the crowd-sourced campaign.



END QUOTE
The Biggest Public Art Project in Vancouver – or Canada? http://ift.tt/1tU8Iye
QUOTE from http://ift.tt/1qXPZkT

SkyTrain

.

Here is the complete series by Kent Acott, a writer with the West Australian, who compared the transportation systems and strategies of the two cities.  I excerpted several of the pieces here and here - but there are still a few other articles in the series, including this one:

.

Less roads reduces congestion

Former Vancouver city councillor Gordon Price made worldwide headlines when he suggested congestion could be a city’s friend. He is convinced that congestion can be managed to achieve benefits for a community.

“On one hand, congestion encourages more people to consider other forms of transport – like walking or bike riding or public transport,” Mr Price said. “But it can also help authorities to manage the transport system.

“Well co-ordinated traffic lights can act as meters, allowing a certain number of vehicles through at any one time. If done effectively, it means the traffic continues to flow.

“And as the traffic is moving, albeit slowly, it makes it less attractive for motorists to dart off into side streets looking for a quicker route – the concept known as rat runs.” Mr Price, who now works at Vancouver’s Simon Fraser University, said building more roads to solve congestion was a legacy of engineers who had been dictating urban design and transport networks in many cities for many decades. …

Mr Price said that, as populations grew, more people needed to travel in ways other than cars to allow enough room for the current number of cars, trucks and buses to move around efficiently.

“If the next million or so people all choose to drive, then we really do get gridlock since there isn’t enough room to handle an increase on that scale,” he said.

.

While we’re at it, here’s a repost of the video made by Matt Taylor which effectively illustrates the absurdity of trying to accommodate the next million people in this region if they all drove cars. (For a quick view of the consequences, go to 3:21 to see what we’d need to do just to park them.)’

.



END QUOTE
Perth vs Vancouver: “A tale of two cities” http://ift.tt/1qXPZkT
We make Tumblr themes