I work a lot with the cruise ship industry, and one of the more interesting challenges we run into is that often there are user-facing systems that have to work without an Internet connection. I’ve designed applications that are supposed to work in a mine, or on a plane, and then later sync with the cloud, but building something that might not have a web connection for three days through the fjords  is a little different.

We’ve been looking into sending local notifications without any Internet access at all – from a server installed locally on the ship, to an app on a crew member or guest’s personal device. The basic idea is that an app, installed on the phone or tablet, can send a “local push notification” or “background push notification” to the operating system. Even if the app is not in the foreground, or the phone is asleep, the notification should wake the device up, and present the user with a message. This is exactly the same as a standard push notification (think Facebook or calendar notifications), but instead of using Apple’s push server, you are using an app itself to send the message. The problem is how do you trigger the app to do something in the background? The app has to wake up in the background, contact the local server, check for messages, download any available message or content, and then alert the user if it found anything.

There are a couple of ways to trigger a background application to do something for you. The two we looked into for our purposes were “Location Updates” and “Background Fetch”

Our limitation here is obviously the cellular modem will be turned off (Airplane mode) because there either is no cell tower around, or you don’t want your passengers paying international data roaming fees. There are other ways to trigger a background app action, but they mainly involve things like plugging in headphones, managing VoIP calls, and mainly Internet-requiring services. You can read more about the available options here: http://apple.co/29288f1

Option 1. The background fetch function appears to be the best option for this kind of app. This is something we’ve used in the past, but never had to worry about sans-Internet issues. The way background fetch works is the operating system puts your app into a queue of other apps asking for background services. The queue is processed based on which apps have the best efficiency. Apple does not really go into details, but it appears that the less data and the less battery your application uses in the background, the more frequently your app will be given background privileges (http://apple.co/291iAkd).

However, the problem here was we didn’t know exactly how efficient the application will be before we build it and start tuning it. So we built a prototype. While plugged in to a charger, it was able to receive messages every 10-12 minutes. Unplugged it was able to check the server only ever 20 minutes.

Option 2 (Augmentation). So in order to augment the inconsistent/unknown response time of the background fetch, we looked at the location updates. Location Updates are a way of triggering a background function when the device detects “a significant location change”. The idea is that if the phone detects movement that is “significant” (whatever that means) it will trigger your app. This is not exactly well documented but through some research and some experimentation it appears that “significant” means 1000 meters. This would be perfect for us, because seeing as while on a cruise you are probably moving 10 meters a second, we could have the app update every minute and a half. That would be an additional update cycle to cut down on the 10-minute maximum update cycle. The problem is that this measurement is tracked using the cellular antenna, and not the GPS! After a fair amount of banging our head on the desk, we gave up on Option 2.

As far as I know, planes and cruise ships are going to be relegated to the notification abyss for the time being. Without reliable Internet access, devices can’t get timely push notifications. The limitations on local push notifications while in airplane mode might be ok for notifying crew about training drills and passengers about dinner times, but it would not be reliable enough for emergency notifications.

Previous ArticleNext Article
I help cruise lines turn their technical ideas into reality. I'm experienced in all stages of innovation and technology management. I've also been programing since I was 8 years old, and have somehow retained the ability to have normal human interactions. Occasionally I speak about how Industrial Psychology and Neurophysiology can be interrogated with IT and systems management, because I spend a lot of time thinking about the subject, as strange as that may seem.

Leave a Reply

Capture The Flag Games in Role-Playing Games

I’ve recently been running a 5e-based game with my usual role-playing nerd circle on Sunday nights. The game is called The Spy Game. It started off as a Kickstarter campaign and doubled it’s original funding goal (well done!) It’s been fairly successful, but I’m not here to talk about that. This post is about how I’ve incorporated Capture the Flag elements to our role playing.

Yes, I’m a grown man who plays D&D-style games. We play D20 games, which are role-playing games that use dice to determine the outcomes of certain actions. They have become increasingly popularized in the media, with Stranger Things being a large contributor. I did not grow up playing D&D, but started playing when my poker group decided to mix it up. Yes that is true.

What is The Spy Game?

The Spy Game is a role-playing game that is built around telling stories set in a today-like world with… spies. That means your players pick what type of spy they want to play, and make up back stories, choose classes (Infiltrator, Assassin, Medic, etc.) Then the Game Master (me) makes up scenarios and missions for them to go on. The players decide what they want to do (e.g. attack a security guard) and they roll a die to see how devastating their attack on the poor guard was. And while this is a gross over-simplification, it’s good enough for our purposes.

Quickly, What is Capture the Flag?

Capture the flag (commonly CFP), is a style of network and systems security penetration-testing simulation for fun. The idea is that a security expert creates a small, simulated computer system that players try to break into, or crack a code to find a “flag”. The flag is the indicator of the player’s success. For example, you might be given a website that has some sort of password protection that is beatable with certain techniques. Once you bypass the security, you discovery a flag. These are often written as {Flag-name} or something similar to allow the players to know they have been successful. You can read all about them on Wikipedia, or play there with Hacker101 or even Google.

Combining CTFs and Role Playing

My roleplaying group is fairly nerdy (does that go without saying?) So I wanted to make the game a little technical and different from our usual swords and sorcery chaos romps. I thought it would be interesting for those in the group who are less technically minded to learn a little about actual hacking, rather than the “roll the dice to try and hack the system” that is built into the game. The more experienced computer-people in the group could screen share as they worked, and the team could work out the problems together. Everyone wins!

It has worked out really, really well. Everyone has enjoyed these CTFs, including me. I’ve only written a few so far, but they include:

  • Breaking a password to get into a security camera interface
  • Finding the GPS coordinates of an arms deal that is going down, hidden in a base-64 string
  • Decoding a message between two terrorists, hidden in an image
  • Cracking a cipher (spoilers) to get the code words for the security team on duty needed for a break-in!

You can find them the few I’ve written so far here on Github.

These ideas were heavily influenced by the excellent CTF run by the one and only Connor Tumbleson, at Sourcetoad.

Writing CTFs with ChatGPT

I would highly recommend adding a real world CTF to your next role playing adventure. But who has the time? Enter AI with ChatGPT. One of the scary things about ChatGPT is that it writes decent code, but it is only as good as the prompts you give it, and it is NOT secure. So basically anything you tell the bot to write for you has an exploit big enough to drive a bus through. This should be scary to anyone using it for production work, but it is amazing for CTFs.

I’ve also used ChatGPT to write quick and dirty interfaces (like the security camera on-off switch). Is it pretty? No! Would I use anything like that for a client or anywhere near a production environment? Hell no! But it’s MORE that good enough for a fun evening with friends, gathered around a Zoom table, working out how to hack into a secret vault.