HN Gopher Feed (2017-08-04) - page 1 of 10
Airport lounges will let anyone in, provided you can fake a QR code
115 points by rbanffyhttps://boingboing.net/2016/08/05/airport-lounges-will-let-anyon...
joeblau - 3 hours ago
I know United checks your ticket and flight info before they let
you in. That's been my experience in the U.S. at least.
tcas - 1 hours ago
Same with Delta. Whenever I check in they pull more information
than what's on the ticket. I would be amazed if they don't do
simple validation to see that the PNR/name/etc... match their
systems.When I have a physical ticket, and change my seat on the
app, they usually re-print my boarding pass with the new seat
number on it.This might work for some non-airline run partner
lounges without flight data access, but usually those have
"coupons" given by the check in agent for access. The video shows
someone entering a Star Alliance lounge, using self serve
scanners. They probably aren't network connected like a normal
check in agent stand
toweringgoat - 3 hours ago
It's worth noting that most airlines can view most tickets given
the name and ticket number (you can use the saudia website to
view the gory details of tickets issued by most TAs and airlines
yourself if you wish). Whether or not they do is a separate
question, but United certainly do check (partly since the
itinerary can grant lounge access even if the flight you are
taking next doesn't).
hbosch - 1 hours ago
Up until relatively recently, there was an iOS tweak (if you were
jailbroken) that would inject status signifiers into your
Delta/United/America/Airline app. Or something. Via the "Flex"
jailbreak app, you could tweak and change all sorts of flags in
your current apps ? e.g. "Infinite Skips" in Pandora, or "Remove
banner ads" in Candy Crush ? and one of the most widely abused one
was a tweak that would put, say, "Diamond Status" on your device's
boarding pass.I don't know if this got you into lounges, but users
reported it did at least get them into expedited security lines.
raverbashing - 39 minutes ago
They can still check by requiring either that your ticket
corresponds to the "fast lane" or that you have the status card
losteverything - 1 hours ago
It's been yearsQuestion: can a member bring in a guest?I assume yes
as my spouse accompanied me.So? Why not create a way (app) to have
members already in the lounge come and let in their "guest/SO"?"Im
available / not available for "guesting" flag
callahad - 53 minutes ago
In most cases, you can bring in a guest as long as they're also
traveling on the same day, on the same alliance.The FlyerTalk
forums have reasonably active threads to arrange this sort of
thing on an ad-hoc basis.
MBCook - 1 hours ago
Uber for airport lounges! It's like a temporary AirBnB. First we
can...I suddenly feel terrible about myself.
tyingq - 2 hours ago
From a security standpoint, I'm actually relieved that 3rd party
operated airport lounges don't have direct apis to match passengers
to flights.I'm sure there's some middle ground solution that
protects info, but I'd prefer this situation to the polar opposite
of unfettered API access.This seems to be a deliberate case of
light protection on purpose...not much is lost if you grant access.
I can sneak into a local gym easy enough as well by catching the
door before it shuts.
curun1r - 1 hours ago
This is a case where the airline should sign the information in
the QR code. Lounges get the airlines' public keys and pick the
one for the passenger's flight and, after verifying the
signature, can trust the information in the QR code. No API
access necessary.Don't over think, just use HMAC. It's disturbing
how often that advice is needed.
tyingq - 41 minutes ago
Yes, that's a solution, but the boarding pass is used by
different entities like the TSA. So it's unsurprisingly a big
political event to change what's encoded.It's similarly
surprising how often devs think the problem is solely technical
arasmussen - 1 hours ago
Sounds like a good answer to "When have you most successfully
hacked some (non-computer) system to your advantage?"
linker3000 - 3 hours ago
Then there's the time United cancelled my early morning flight from
SFO to LHR and rerouted me home via an 8pm flight to Dulles and
refused to let me use the lounge when I suggested it would be a
nice gesture ('some people have paid an annual fee for the lounge
you know...') so I spent the whole day moving between restaurants
and seats in the departure lounge.That was the last time I flew
with them./Not bitter..//Hell, yes, I was sooo pissed.
zippergz - 2 hours ago
I pay $400/yr for United Club access specifically so that I can
go there when there's a flight delay or cancelation. Like, that
is specifically the reason I pay it. As a regular business
traveler, it is worth it to have access to better and less busy
agents, and a nicer place to sit, when something goes wrong.
Letting in people for free when something goes wrong would
eliminate the benefit in it (because the most important thing is
the lack of lines/crowds).
MichaelGG - 3 hours ago
United lounges are unfortunately pretty full already with their
awards programs plus their "tens of dollars" upgrades. If they
let every person they rerouted or canceled in, it'd be even
worse. Though it doesn't mitigate how crappy it must have been
saryant - 3 hours ago
TOD upgrades don't get lounge access since domestic F doesn't
get lounge access.
MichaelGG - 3 hours ago
There's plenty of light international travel that TOD applies
to though. Not US-EU but CA/MX/Central America?
toweringgoat - 3 hours ago
There is no early morning flight from SFO to LHR. In fact there
are no morning flights (on United) from SFO to LHR. It just
doesn't make any sense in terms of timings.And random flight
cancellations happen on any airline (and rebooking options can be
limited depending on time of year). Its part of flying, deal with
kps - 2 hours ago
> There is no early morning flight from SFO to LHR. It took
about 20 seconds to have Google Flights show me a 6:40am
departure from SFO to LHR via ORD.
linker3000 - 2 hours ago
Fair play - I have just checked this out and my memory wasn't
too accurate - it was UA901, which leaves around 12:55 (when
it's not cancelled!), and I was probably basing my comment on
the fact that I was getting to the airport around 9.30am to
allow for returning the rental and security etc., so I would
have been on the road to the airport around 8am.
komali2 - 3 hours ago
>deal with itWhy is his solution (suggesting the behavior is
poor) a better implementation of "dealing with it" than your
implied implementation (doing nothing)?
toweringgoat - 2 hours ago
I'm just pointing out that disruptions are nothing unexpected
if you travel often - you can't really expect extraordinary
treatment. (Sure, in the EU at least you get food and lodging
by law - but lounge access is a completely different
beast.)After all do you expect to be put in first class just
because a weather or security issue caused your flight to be
cancelled? You aren't the only person affected, airlines
can't handle everyone like a snowflake.
icebraining - 2 hours ago
Weather and security issue, maybe not, but otherwise,
they're liable to pay 600? in indemnity for a 3h+ delay on
such a long flight. I think that should cover a few hours
of lounge access.
toweringgoat - 1 hours ago
No. They. Aren't. EU regulations only affect EU carriers,
or flights departing the EU. (And also Switzerland,
possibly Norway.) Not applicable here.And if they had to
pay that compensation (as explained they don't in this
case), they definitely won't want to add bonus lounge
icebraining - 41 minutes ago
Right, I was talking about the EU rights, since you
brought it up. Sorry for not being clear.
driverdan - 1 hours ago
I don't see the problem. If you want lounge access pay for it.
Flights get cancelled and delayed, especially in SFO.
koyote - 2 hours ago
If you had flown BA and they cancelled your flight you'd have
been in for a nice amount of cash in compensation due to EU law.
throwaway049 - 1 hours ago
Entitled anyway. That delay compensation applies to all flights
starting or ending in the EU.
atomwaffel - 1 hours ago
Almost, but not quite. It does apply on all flights departing
from the EU, but only on flights arriving in the EU if they
are operated by a carrier from an EU country. It's a small
but important distinction.For example, if you were travelling
from London to New York, it would always apply regardless of
the airline. In the other direction, however, it would apply
on BA but not on AA.
syntheticnature - 4 hours ago
Needs a (2016) on it; the article is almost a year old.Also, per
the comments, seems very YMMV.
Spivak - 3 hours ago
What's the takeaway here? That they use a rudimentary security
system as a mild deterrent which is easily exploitable. That it's
okay to commit fraud as long as you use tech to do it?You wouldn't
see this kind of thing on a lockpicking forum, "Airport lounges
will let anyone in, provided you brink your kit."
iainmerrick - 3 hours ago
Exactly! Just because the flaw is there, that doesn't give you
the right to gratuitously exploit it. Do we really want to force
people to implement super-strict security for relatively trivial
things like this?
eunoia - 3 hours ago
Oh the poor airlines! They would never, ever gratuitously
exploit their passengers. How could these mean awful people
take advantage of them like this?It's pretty hard to root for a
corporation when it's smart individual vs faceless
multinational ineptitude. Human nature perhaps?
mseebach - 2 hours ago
By that logic, shoplifting from sufficiently large stores is
ok. Not stealing bread to feed your family, just randomly
grabbing stuff because you feel like it (and it isn't locked
eunoia - 2 hours ago
Stealing physical items for fun != exploiting ineptitude to
have a less terrible layover. It's also harder to even
begin to measure the economic cost.I think it's more akin
to buying terrible cheap seats to a show and moving into a
better yet unoccupied section once it starts.The internet
has always seemed to have a lot more moralists than the
mwfunk - 1 hours ago
Actually no, the internet is just where many people
realize that the things they think are OK sometimes
aren't, because on the internet they're telling the whole
world what sketchy stuff they do, instead of just their
buddies that they do sketchy stuff with. You're much more
likely to interact with people you wouldn't normally
cross paths with on the internet, and the audience is
much wider.Tangentially, I really hate buying good seats
and getting to a show to find some cheapo sitting in them
because they're proactively hoping no one shows up. If
you want good seats, buy good seats. Lots of people in
the real world feel that way, and respecting other
people's wishes (even, and especially, when you think
it's unreasonable and can't relate) is a basic part of
being a grownup.
eunoia - 54 minutes ago
Your first point is spot on and interesting. I would
also argue that we all have different flaws and it's easy
to judge others for theirs while pretending ours are
somehow less bad. For example the most judgemental
people I know are also some of the "worst" people I know.
Their morality matrix is just incredibly biased towards
looking favorably upon themselves vs others.As for the
tangent, if you can't be bothered to show up for a show
by the time it starts you can at least be bothered to say
"Hey, these are my seats." I've been on both sides of
that interaction many times. Every time it's been
resolved immediately and amicably.That might be too much
human interaction though. Maybe we should get further
away from humans talking to each other and invent another
app to solve this "problem".
mikeash - 2 hours ago
Maybe, as long as you don't touch any of the food or
drink. How likely is that, though?
eunoia - 2 hours ago
Did you know most airlines have absolutely awful
inventory control over the supplies on their planes? If
you make friends with a flight attendant they usually
have the leeway to bring you just about anything you want
for free. Is that stealing too?Pro tip: Bring candy or
snacks for flight attendants on long flights, they
appreciate it and may even reciprocate in kind.
mikeash - 1 hours ago
It's not stealing when they give it to you willingly
without any fraud.Are you that fuzzy on the concept of
"stealing" that you don't see the difference here?
eunoia - 49 minutes ago
Actually it is stealing, you're just not the one doing
mikeash - 27 minutes ago
I bet the airlines allow flight attendants to use their
discretion here.Forging a ticket is just not equivalent
to asking nicely if you can have something.
somabc - 19 minutes ago
Airlines have fired staff for eating a sandwich or
drinking a coke taken from the plane e en if it was going
to be thrown away. It's the same concept as most food
outlets. They have no discretion yo give away free things
to people who give them candy.
BeetleB - 2 hours ago
>I think it's more akin to buying terrible cheap seats to
a show and moving into a better yet unoccupied section
once it starts.And GP thinks otherwise.You are merely
stating an opinion.
watty - 2 hours ago
Apparently it's ok to create fake barcodes.
arnarbi - 2 hours ago
Opposing stealing is now rooting for corporations?
CodeMage - 2 hours ago
I really wish people would stop slapping the "theft" label
on things that aren't. It's intellectual laziness that just
cheapens the discussion.Sitting in an airport lounge you
shouldn't have access to isn't stealing. Piracy isn't
stealing. Using ad blockers on a site that supports itself
through ads isn't stealing.
pharrington - 53 minutes ago
Physical space in a building is a limited resource. "IP"
SilasX - 1 hours ago
They call it "theft" for the defensible reason that it
maps to traditional theft in (what they regard as) the
most important dimensions. Your disagreement with the
validity of the (IMHO, obvious) mapping doesn't make it
lazy.Theft is wrong for well-known reasons. Most of
those same reasons apply to these situations.
BeetleB - 2 hours ago
You may have a point.So opposing trespass is now rooting
CodeMage - 2 hours ago
Well, @eunoia seems to think so. I happen to disagree.
But at least now we can discuss it without the emotional
baggage of calling someone a thief. For whatever reason,
people get worked up over that label more than
"trespasser" or "squatter" or "moocher" ;)
zo1 - 44 minutes ago
I'm afraid we all might be wrong/right on some level.
I.e.:1. Getting into an area you don't have access to:
Trespassing.2. Tricking the security they have in place:
Fraud.3. Taking snacks from the lounge-area: Stealing.
KGIII - 1 hours ago
It may be classed as theft of services.If curious,
consult a qualified legal representative in the
usertrjx - 2 hours ago
What about the food and drink that are offered in these
eh78ssxv2f - 31 minutes ago
> Sitting in an airport lounge you shouldn't have access
to isn't stealing.What do you think of random people
occupying your house while you are gone out to work or
grocery store? Is that okay too?> Using ad blockers on a
site that supports itself through ads isn't stealing.I
agree with this because browsers are "user agents" not
eunoia - 2 hours ago
Many/most forms of hacking could be construed as stealing
if you squint hard enough. What was this community founded
around again?Do you think "disruption" is a peaceful,
happy, 100% beneficial process for everyone involved? Is
Uber stealing by taking business from incumbents that play
by a different (regulated) rulebook?
kinkrtyavimoodh - 2 hours ago
This 'community' (to the extent that all the users of
this site can be clubbed into one) was definitely not
formed on any founding principle which would legitimize
theft.Not that sneaking into airport lounges is some huge
theft, but acting like it's completely okay isn't cool
eunoia - 2 hours ago
I agree, it's not 100% okay. I wouldn't feel bad doing
it though. I also wouldn't do it in a situation where my
presence hurts another paying customer (i.e. full
lounge).My personal ethics apply to how my actions impact
other living things. I don't lose sleep worrying if I've
wronged an entity created solely for the purpose of
maximizing shareholder value.I'm honestly surprised how
many people don't agree with that. To each their own I
suppose.Edit: You're totally right about the futility of
trying to shove all of us into any one descriptive bucket
though. That was a mistake.
bdcravens - 2 hours ago
I don't think it's rooting for a corporation, but a simple
matter of ethics.
finnn - 2 hours ago
They have no ethics while exploiting you for as much money
as possible, so you should be nice to them and treat them
as you would another human?Edit: sorry, this was kind of a
flippant remark that I made without thinking a lot.
ImSkeptical - 1 hours ago
Don't they transport you and your luggage safely through
the air at high speed for a sum of money that you agreed
to pay? Where is exploitation coming from?
zo1 - 35 minutes ago
Capitalism, apparently.Though, to be a bit more generous,
I'd interpret that people hate airlines without really
having a conscious reason, so they make something up
that's visible and easy to be upset about. E.g. Cost of
flying, leg-room, crappy service, "run by evil
corporation". I'd posit that they somehow see something
wrong with it, yet can't pin-point what that is. In my
view, somehow they realize that a government-enabled and
enforced monopoly makes the whole thing unfair. And if
only we had no intervention and prevention of
competition, they'd finally see "nice" airlines. But
until they actively "see" that, they'll always think that
it's the government that's preventing the really nice
peachy happy people from running an airline that they'd
bdcravens - 1 hours ago
Yes, I should be honest.
opportune - 2 hours ago
That's a vast exaggeration of things. "Exploiting" my
ass. You know the reason why airlines are so shitty?
Because people only buy the cheapest tickets to their
destination. I'm guilty of this myself. The end result is
a race to the bottom .And yes, when the man refused to
get off the United plane, he should not have been beaten.
Big deal, hundreds of millions of people fly every year.
The fact that that happened sucks, but the reality is
that 99.99% of people will at worst just deal with
incompetent customer service during a cancelled or
heavily delayed flight. That doesn't give you
justification to steal from the airliner.This is a
discussion I feel you would have with a teenager.
whipoodle - 2 hours ago
I mean, I see your point, but if that's what they have to do to
stop fraud, and the fraud is something they really care about,
then yeah, they should do that. Surely it's no great tragedy
that stores have cash registers and bill checkers.
mikeash - 2 hours ago
Most stores have far fewer controls than they could, because
they'd rather be nice to their customers. This changes if the
level of fraud/theft increases.Stores places where few people
steal are nice and open, have nobody watching the doors, and
basically rely on the honor system to ensure that you pass by
a cashier before you leave. Stores in places where theft is
common have all sorts of unpleasant security measures.Society
only works because most of us behave. Look around you, and
you'll see an incredible number of structures that only work
because 99% of people are basically decent and honest. Don't
be in the 1% who aren't, and definitely don't encourage that
1% to grow.
techsupporter - 1 hours ago
> Most stores have far fewer controls than they could,
because they'd rather be nice to their customers. This
changes if the level of fraud/theft increases.Yep, and
people can easily see this for themselves. It is
incredibly telling to note the difference between going
into the Rite Aid on Rainier Ave S in Seattle and the Rite
Aid on 35th Ave NE in the same city. They're almost
directly due north/south of each other and separated by
less than ten miles.However, the Rainier one has at least
one visible store security guard, tags on the shopping
trolleys to prevent leaving the store with them, locked-
down shaving razor refills and baby formula and small
electronics, and "you are being recorded" security
televisions prominently placed.The one on 35th has none of
those. If there is a security guard or loss-prevention
specialist, that person is often hidden. Shave refills are
easily accessed (though do have removable security tags),
there are corrals outside so customers can use the trolleys
to load purchases into their vehicles, and the store simply
feels more open and accessible.
another-dave - 1 hours ago
"Hotel breakfast buffets will let anyone in, provided you can say
a room number."
catshirt - 2 hours ago
the takeaway is that you can do it, as the title suggests :)
mikeash - 2 hours ago
Reminds me of the common joke life pro-tip: you can get stuff
without paying for it by going to a store, picking something up,
and just walking out with it!
mnutt - 15 minutes ago
I think the HN-framed takeaway here is that the developer
building the system could have used a timestamp + HMAC and
prevented the issue, but chose not to for whatever reason. Maybe
they wanted to be able to generate barcodes from the app itself
while offline, maybe they were getting the data from the server
anyway and just didn't know any better.
habosa - 36 minutes ago
"Life hacks" like this are part of the larger category "crimes that
Americans like to brag about".There's some strange cultural thing
where people are proud of telling others how much they can get away
with. You hear this all the time when talking about taxes, "yeah I
figure out how to put all my personal travel down as a business
expense". It's especially egregious with warranty/insurance fraud,
such as when people drop their phone in water and then pretend it's
a manufacturer's defect.None of this really bothers me, but we
wonder why companies look to nickel and dime us all the time. It's
because we can't be trusted! Give the american consumer an inch,
and he takes a mile. We have an adversarial relationship with
almost everyone we buy from / sell to, which I think is a big
source of pain and inefficiency.
gumby - 5 minutes ago
> There's some strange cultural thing where people are proud of
telling others how much they can get away with.I am not a fan of
many aspects of American culture, but I certainly disagree with
your assertion.In fact I would go farther and say that in my
experience Americans are less likely to do this than the majority
of other countries. It's why you can buy a trainer full of grain
sight unseen or sell something on eBay. Kind of amazing,
actually.We focus more intensely, as we should, on the bad news
or violations. But overall Americans don't have a zero-sum
mentality and stick to their word, which is why the society and
economy have done as well as they have.
berberous - 29 minutes ago
I think you have the cause/effect reversed. People don't want to
fuck over their local coffee shop. But companies have
consolidated into giant monopolistic mega corps with no humanity
that try to fuck you over, which makes returning the favor an
Dunnorandom - 3 hours ago
You don't even have to fake a QR code to get into a lounge: There
was a case in Germany a few years ago where someone bought a fully
flexible business class ticket, used it to enter the business
lounge in Munich and then rebooked it to another day from inside
the lounge.After doing that 36 times, Lufthansa noticed it and sent
him a bill over 1980? (55? per lounge visit). He refused to pay,
got sued and lost.Source (in German):
cfontes - 3 hours ago
There is also a Chinese case but he did it for a whole
13of40 - 2 hours ago
I keep meaning to do that someday, just so I can say I've done
it, but if you think about it the hassle of traveling to the
airport, going through security, paying $12 for a cocktail in a
sterile room full of strangers, etc. would probably make for an
overall crappy experience.Edit: Oh, now that I clicked the
link I see he got to eat for free. Hmmm...
bdamm - 1 hours ago
Also useful if you have somewhere to fly on an economy
ticket. Noteworthy is that often the alcohol is free, along
with the food. Having flown business on a couple of trips I
can tell you with 100% certainty that I'd rather wait in the
lounge than out at the gates. Because, beds & showers.
ubernostrum - 31 minutes ago
If you're going to do it, do it properly and get a first-
class ticket on Lufthansa. At their hub in Frankfurt, first-
class passengers get their own private terminal. Here's a
kchoudhu - 1 hours ago
Actually, the cocktail is more than likely free.The sterility
of airport lounges is also HIGHLY questionable.
imgabe - 1 hours ago
Wouldn't that business class ticket cost thousands of dollars?
You can usually buy a lounge pass for a yearly fee of a few
nikanj - 1 hours ago
Yes, but business tickets often are 100% refundable
toweringgoat - 1 hours ago
No they aren't. You can choose to buy refundable business
fares, much as you can buy refundable economy fares. But the
default is non-refundable tickets with hundreds of dollars
high change fees.Some business travellers do buy mostly
refundable tickets, but they specifically have to select them
regardless of class of travel. Tickets bought on day of
travel also tend to be refundable since that's often the only
fare that can be sold close to departure.
SilasX - 1 hours ago
Yes. AIUI, German law seems to draw heavily from the school of
thought that "obviously you're not supposed to do that, jerk, now
pay up". American law prefers to say, "oh, crud, you caught us.
Add it to the ever-lengthening terms of service (that no one
reads) so we can prove you agreed you wouldn't do it."
m_mueller - 15 minutes ago
It goes both ways though. You can use the intent of a law as a
defense in court. It gives more power to judges to interpret
things, which can be seen as a disadvantage. Overall I'd still
rather have that - in the American legal system I feel like the
law being a sword of damocles over my head, constantly waiting
for me to inadvertently walk into a trap, while with a European
civil law system I get the feeling that the system works for me
as long as I don't have bad intents (i.e. as long as my inner
moral matches that of the culture I'm in).
driverdan - 1 hours ago
I know people who have done this too, just not abusing it like
that guy. If it's a 100% refundable ticket you can get into the
airport and so long as you reschedule or cancel before boarding
pcl - 2 hours ago
Here's the text from the QR code in the YouTube video:>
M1SIMPSON/BARTHOLOMEWMEXYZ123 ISTLGWTK 1965 099C005A0015 100Looks
like XYZ123 is the PNR and TK 1965 is the flight number. I haven't
looked at how the 099... field is encoded yet, but it appears to be
date + class of service + checkin sequence number.
CSDude - 1 hours ago
Its Bart Simpson
mittermayr - 1 hours ago
Looks like page 27 has the format:
Implementati...Starts with M1.
AlexCoventry - 1 hours ago
I've never been in one of those lounges... Do they contain anything
worth committing fraud for? Cool trick either way, though.
URSpider94 - 1 hours ago
It really depends. In the USA, the biggest benefit is that you
can set your bags down and go to the can without worrying they
are going to get stolen or carted off by bomb disposal. Also, you
get free WiFi.In other countries, airports tend to be more
spartan, and the lounges nicer. Many of the Asian carriers offer
sushi, noodle bars, top-shelf drinks, and showers.
OxO4 - 1 hours ago
The one in the video (IST) is actually very nice, there is lots
of space (especially compared to the rest of the airport, which
is usually very crowded), free food and drinks (including alcohol
and decent, non-drip coffee).
jamesmishra - 1 hours ago
They have good food and alcohol. They also have unusually nice
fellow passengers that are worth talking to.A friend of mine took
me into airport lounges a few times, and they were all pretty
callahad - 56 minutes ago
For the most part, Western lounges just feel like hotel lobbies,
but with free booze and buffets. Significantly quieter than the
main terminals, genuinely helpful staff, clean bathrooms,
etc.Great if you have access, but nothing I'd go out of my way to
pay for.One exception: Showers. Holy hell is it an amazing
feeling to take a shower half-way through a 20+ hour itinerary.
Worth their weight in gold.
lexicality - 3 hours ago
The talk in question: https://www.youtube.com/watch?v=qnq0UfOUTlM