I work a lot with the cruise ship industry, and one of the more interesting challenges we run into is that often there are user-facing systems that have to work without an Internet connection. I’ve designed applications that are supposed to work in a mine, or on a plane, and then later sync with the cloud, but building something that might not have a web connection for three days through the fjords  is a little different.

We’ve been looking into sending local notifications without any Internet access at all – from a server installed locally on the ship, to an app on a crew member or guest’s personal device. The basic idea is that an app, installed on the phone or tablet, can send a “local push notification” or “background push notification” to the operating system. Even if the app is not in the foreground, or the phone is asleep, the notification should wake the device up, and present the user with a message. This is exactly the same as a standard push notification (think Facebook or calendar notifications), but instead of using Apple’s push server, you are using an app itself to send the message. The problem is how do you trigger the app to do something in the background? The app has to wake up in the background, contact the local server, check for messages, download any available message or content, and then alert the user if it found anything.

There are a couple of ways to trigger a background application to do something for you. The two we looked into for our purposes were “Location Updates” and “Background Fetch”

Our limitation here is obviously the cellular modem will be turned off (Airplane mode) because there either is no cell tower around, or you don’t want your passengers paying international data roaming fees. There are other ways to trigger a background app action, but they mainly involve things like plugging in headphones, managing VoIP calls, and mainly Internet-requiring services. You can read more about the available options here: http://apple.co/29288f1

Option 1. The background fetch function appears to be the best option for this kind of app. This is something we’ve used in the past, but never had to worry about sans-Internet issues. The way background fetch works is the operating system puts your app into a queue of other apps asking for background services. The queue is processed based on which apps have the best efficiency. Apple does not really go into details, but it appears that the less data and the less battery your application uses in the background, the more frequently your app will be given background privileges (http://apple.co/291iAkd).

However, the problem here was we didn’t know exactly how efficient the application will be before we build it and start tuning it. So we built a prototype. While plugged in to a charger, it was able to receive messages every 10-12 minutes. Unplugged it was able to check the server only ever 20 minutes.

Option 2 (Augmentation). So in order to augment the inconsistent/unknown response time of the background fetch, we looked at the location updates. Location Updates are a way of triggering a background function when the device detects “a significant location change”. The idea is that if the phone detects movement that is “significant” (whatever that means) it will trigger your app. This is not exactly well documented but through some research and some experimentation it appears that “significant” means 1000 meters. This would be perfect for us, because seeing as while on a cruise you are probably moving 10 meters a second, we could have the app update every minute and a half. That would be an additional update cycle to cut down on the 10-minute maximum update cycle. The problem is that this measurement is tracked using the cellular antenna, and not the GPS! After a fair amount of banging our head on the desk, we gave up on Option 2.

As far as I know, planes and cruise ships are going to be relegated to the notification abyss for the time being. Without reliable Internet access, devices can’t get timely push notifications. The limitations on local push notifications while in airplane mode might be ok for notifying crew about training drills and passengers about dinner times, but it would not be reliable enough for emergency notifications.

Previous ArticleNext Article
I help companies turn their technical ideas into reality.

CEO @Sourcetoad and @OnDeck

Founder of Thankscrate and Data and Sons

Author of Herding Cats and Coders

Fan of squash, whiskey, aggressive inline, and temperamental British sports cars.

Leave a Reply

Is Anyone Working on Agentic Authentication?

In Technology

Everyone is building AI-powered tools, even people who shouldn’t be. Agents seem to be the next obvious (and big?) step. But these little bots need a secure way to act on behalf of users without causing chaos.

Richard Dulude at Underscore VC wrote about the lack of identity standards for AI agents in this LinkedIn article. I don’t know Richard or Underscore VC (sorry). But, he’s right, traditional authentication assumes either a human or a machine with static credentials, and that doesn’t work for AI agents that need to make decisions and take actions. Companies want accountability (and probably liability), and users need control of what their potentially psychedelic robot is doing on their behalf. This balance doesn’t exist yet.

This is probably for another blog post, but right now, everyone, including the bots, are using human interfaces as a stopgap. OpenAI’s Operator is a great example, agents pretending to be humans to interact with systems that weren’t built for them. That’s fine for now, but eventually, the human interfaces will be an afterthought. Like how “mobile-first” design took over, we’ll be doing “agent-first” design with human-accessible backups. Having a dedicated standard for agentic authentication might be a good first step in that machine-to-machine way of thinking and designing systems.

Agentic Proxy Credentials (APC): A Solution (A Term I Totally Made Up)

I made this up. It’s probably a bad term, but naming things is fun. This doesn’t exist… if you are a large battery and power supply company, don’t sue me. I’m spitballing here.

One possible fix is the “sucked out of my thumb” Agentic Proxy Credentials (APC). This would let users grant their AI agents secure, limited permissions to interact with systems while making sure the right level of oversight are in place. There are things that I wanted to do this very week, but I don’t trust my bots with my actual usernames and passwords:

Stop me talking to Airline Idiot Bots

Talking to airline chatbots is painful. Right now, they can only regurgitate FAQ answers. With an APC, my AI assistant could log into my airline account, check flights based on my loyalty status, and rebook me without you having to touch anything. This would make AI actually useful instead of just a slightly smarter help page.

Paying for small things without having to deal with entering my ACH data AGAIN

I don’t want to give an AI full access to my bank account. But I wouldn’t mind letting it handle small transactions in a controlled way. With APCs, I could grant my assistant time-limited access to approve payments or move money within strict limits. The AI does the work, I stay in control, and my bank account doesn’t mysteriously empty overnight… unless I’m Ambien shopping again.

AI Dungeon Master’s Assistant

D&D is great, but session prep is a time sink. I want an AI that logs into my D&D Beyond account, manages stat blocks, generates lore-friendly content, and even takes session notes. The AI handles the boring admin work, and you get to focus on making your players cry (or cheer, if you’re nice). Yes, serious stuff here.

How It Could Work

There are a few ways to make this happen, I think. I’m no longer allowed to do actual engineering at my own companies I founded, so this blog is my outlet. Everyone needs a hobby.

Is Someone Already Building This?

Honestly, I wouldn’t be surprised if Okta, OAuth, or OpenAI are already working on this and I’m just ranting for no reason. But if they aren’t, they should be. The pieces are all there, someone just has to put them together.

I need this, but I can’t find it. If anyone is working on it, let me know. I’m too busy trying to solve employee gifting at scale at Thankscrate, implementing AI into every existing business at Sourcetoad, and making sure passengers can watch TV and book dinner reservations in the middle of nowhere at OnDeck.