Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Proposed Web Service: Simple Location Service

  1. #11
    licensed to kill - FKA kev000
    Auto Apps:loading...
    tripzero's Avatar
    Join Date
    Aug 2006
    Location
    16.40618, 120.61106
    Posts
    2,560
    seems like we need login powers before we can move forward. Justchat_t, do you think you can get the login service started? This requires working with our mp3car resource. Bugbyte, do you think you can connect the dots and get communication going so we can get account integration working?
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

  2. #12
    Maximum Bitrate Crinos's Avatar
    Join Date
    Mar 2009
    Location
    Kristiansand, Norway
    Posts
    489
    Don't need login... All network devices have a MAC adresse... Use this as ID.


    Note: IP adresses can be translated mistankenly... If a segment of the IP ranged is owned by a Sweedish company, but a subnet of the same segment is used in Norway... It will still report back as Sweeden!

    GSM Triangulation is the phone messuring signal strength from the radio masts it have connection to. This, with poor GPS signals can give a very accurate location.
    PS: Triangulation "navigation" can be thrown off if there's something interfering with the signal, making it weaker than it actually are. Making the phone think it's further away from the mast than it really is.

  3. #13
    licensed to kill - FKA kev000
    Auto Apps:loading...
    tripzero's Avatar
    Join Date
    Aug 2006
    Location
    16.40618, 120.61106
    Posts
    2,560
    Quote Originally Posted by Crinos View Post
    Don't need login... All network devices have a MAC adresse... Use this as ID.


    Note: IP adresses can be translated mistankenly... If a segment of the IP ranged is owned by a Sweedish company, but a subnet of the same segment is used in Norway... It will still report back as Sweeden!

    GSM Triangulation is the phone messuring signal strength from the radio masts it have connection to. This, with poor GPS signals can give a very accurate location.
    PS: Triangulation "navigation" can be thrown off if there's something interfering with the signal, making it weaker than it actually are. Making the phone think it's further away from the mast than it really is.
    There are lots of ways to generate a unique id for this service. I'm totally okay with mac address or some hardware combination md5 or whatever. The only reason why i'd suggest doing the login first is that a lot of other services depend on it. But i'm also totally okay with just getting a service done as a proof of concept and this may be the way to do it.
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

  4. #14
    Maximum Bitrate Borte's Avatar
    Join Date
    Jan 2006
    Location
    Norway
    Posts
    529
    Quote Originally Posted by Crinos View Post
    Don't need login... All network devices have a MAC addresse... Use this as ID.
    Wouldn't using MAC adresses block accessing the data from multiple sources, like uploading data from your car (with one MAC address) and reading it back to your home computer (with another MAC address).

    I think login should be created in a way so that a user can access his data from multiple sources.

    And yes you could set the system so that it allows for multiple MAC addresses but to set this you still need some kind of authentication to acknowledge who you are to confirm this new MAC address, hence some kind of user/password policy. Seems kinda double up to me...
    Failure is not an option...
    __________________________________________________ ______________________________
    The only full multizone / multiscreen cross platform open source Front End -> OpenMobile

  5. #15
    licensed to kill - FKA kev000
    Auto Apps:loading...
    tripzero's Avatar
    Join Date
    Aug 2006
    Location
    16.40618, 120.61106
    Posts
    2,560
    Quote Originally Posted by Borte View Post
    Wouldn't using MAC adresses block accessing the data from multiple sources, like uploading data from your car (with one MAC address) and reading it back to your home computer (with another MAC address).

    I think login should be created in a way so that a user can access his data from multiple sources.

    And yes you could set the system so that it allows for multiple MAC addresses but to set this you still need some kind of authentication to acknowledge who you are to confirm this new MAC address, hence some kind of user/password policy. Seems kinda double up to me...
    The mac address scenario would be anonymized data used for generating traffic and other statistics. The other scenario, which you are describing here does require a user account for the purposes you mentioned.
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

  6. #16
    Raw Wave
    Auto Apps:loading...
    justchat_1's Avatar
    Join Date
    Jul 2008
    Location
    Boston, Ma or NY,NY
    Posts
    2,359
    No one uses a MAC address for any type of uniqueid verification......way too easy to spoof and its identical on some virtual machines.

    The problem here is far more complex then you are making it. You need a way of identifying which data is submitted by each unique user for the purposes of data integrity while at the same time ensuring no personally identifiable information is stored about the user. Sound like a contradiction?

  7. #17
    licensed to kill - FKA kev000
    Auto Apps:loading...
    tripzero's Avatar
    Join Date
    Aug 2006
    Location
    16.40618, 120.61106
    Posts
    2,560
    Quote Originally Posted by justchat_1 View Post
    No one uses a MAC address for any type of uniqueid verification.
    Really? I thought the whole point of a MAC address was to uniquely identify hardware. Anyway, i'm really sleepy and so my brain isn't working quite right but why do we need to identify anything? For traffic, as long as we have a coord and a speed we can do what we need to. For user tracking, that can wait for a proper account login.

    goodnight
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

  8. #18
    Maximum Bitrate Crinos's Avatar
    Join Date
    Mar 2009
    Location
    Kristiansand, Norway
    Posts
    489
    First time I've heard that MAC adresses is not unique... Though, they are fairly easy to spoof. For those wishing to do so.

    But MACID + secret hash + MD5 = bingo!
    Packets can still be spoofed if wanted to, but still...

    In the end, there is nothing thats un-hackable, and if userless data gathering is requierd... Well, there will always be mischiefs around!

  9. #19
    FLAC SFiorito's Avatar
    Join Date
    May 2004
    Posts
    1,365
    the hash of the macid + secret hash will need to be validated on the server. so that means the secret hash needs to be shared between server and client so it's not secret any more, so not sure what it's providing you. also, you should probably stick with SHA2 for any hashing algorithm.

    but all this time you guys are spending on authentication has already been covered either in existing frameworks or standard auth mechanisms many times already.... take a look at the login thread. if you need SSO then use OAuth, GoogleSSO, etc. otherwise just keep it simple and use HTTPS + Basic Auth, write an auth filter that validates the credentials on the server-side by hashing (using SHA2) the incoming credentials against your DB. and you're done.
    EWF, HORM, MinLogon on XP.

    Zotac ION Atom N330, 2GB low-profile RAM, M3-ATX
    Win Embedded Std 2011 RC
    OCZ Vertex Turbo 30GB SSD
    Lilliput 629 Transflective, WRX Screen Mount
    BlueSoleil BT, i-Blue GM-2 GPS, DirectedHD Radio, Andrea Mic
    VoomPC 2

  10. #20
    Raw Wave
    Auto Apps:loading...
    justchat_1's Avatar
    Join Date
    Jul 2008
    Location
    Boston, Ma or NY,NY
    Posts
    2,359
    When you pick a uniqueid you want the hardware that is least likely to change (the cpu id) not the hardware that can have its id changed and is the most likely to be replaced or missing completely (a mac address). But again the problem here is that a cpuid is not anonymous, anyone with access to your pc could find everywhere you've been.

    Edit:
    @SFiorito
    This isn't about authentication, thats already done, this is the whole question of ensuring valid data is submitted to the web service without compromising a users anonymity.

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Proposed Webservice - Proximity Web Control
    By ioi8 in forum OSDash - Web Services
    Replies: 7
    Last Post: 12-29-2009, 04:54 PM
  2. Open GPS-Traffic Link Web Service
    By tripzero in forum Software & Software Development
    Replies: 0
    Last Post: 07-14-2008, 03:39 PM
  3. New web hosting service! A must see to believe!
    By Genesisfactor in forum Off Topic
    Replies: 2
    Last Post: 12-23-2006, 01:49 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •