How much can I learn about a nearby mobile phone with RX only and no decryption?

I live in a remote area with few visitors and it would be very interesting to detect a mobile phone in my vicinity that isn’t my own.

It would be very easy to just use a frequency counter and look for activity on those bands, but that might be my own mobile phone and might also be chatter from a base station, etc.

So I would like to actually inspect the traffic with gnuradio. I am aware that I can’t determine a phones number (need SS7 access). Also, I do not want to involve myself in illegal transmissions. But there must be some amount of data that is sent outwards from a mobile phone that I can receive and decode without decrypting or cracking and with an RX only SDR.

What can I find out in this RX only manner ? Can I differentiate between different phones ? Can I determine what their physical address is and correlate to manufacturer (sort of like a MAC address in ethernet) … can I see what base station they are associated with ?

I’d like to scan the local airwaves and see a list of operating mobile handsets, the same way you might do a site survey for wifi clients. The question is simply: How much can I see with RX only and without doing difficult (and possibly illegal) decryption ?


How to get the address of a nearby square on a chess board?

I’m making a chess game from scratch and I got stuck.

So far I have all my figures placed, I have the positions set, I’ve already done the collision detection and everything.

When I click the figure that is in position A1 for example, I want to make two green rectangles at positions A2 and A3, and they will be used to make the figure move.

Is there a method for to add 1 to the string “A1” to form the string “A2” or something? Because thats all I really need right now.

Also if there’s a more clever way to make the positions please let me know.

As an example, here is how I currently look up my display positions using the A1, A2 etc. location codes:

let positions = {         A1 : [10, 710],B1 : [110, 710],C1 : [210, 710],D1 : [310, 710],E1 : [410, 710],F1 : [510, 710],G1 : [610, 710],H1 : [710, 710],         A2 : [10, 610],B2 : [110, 610],C2 : [210, 610],D2 : [310, 610],E2 : [410, 610],F2 : [510, 610],G2 : [610, 610],H2 : [710, 610],         A3 : [10, 510],B3 : [110, 510],C3 : [210, 510],D3 : [310, 510],E3 : [410, 510],F3 : [510, 510],G3 : [610, 510],H3 : [710, 510],         A4 : [10, 410],B4 : [110, 410],C4 : [210, 410],D4 : [310, 410],E4 : [410, 410],F4 : [510, 410],G4 : [610, 410],H4 : [710, 410],         A5 : [10, 310],B5 : [110, 310],C5 : [210, 310],D5 : [310, 310],E5 : [410, 310],F5 : [510, 310],G5 : [610, 310],H5 : [710, 310],         A6 : [10, 210],B6 : [110, 210],C6 : [210, 210],D6 : [310, 210],E6 : [410, 210],F6 : [510, 210],G6 : [610, 210],H6 : [710, 210],         A7 : [10, 110],B7 : [110, 110],C7 : [210, 110],D7 : [310, 110],E7 : [410, 110],F7 : [510, 110],G7 : [610, 110],H7 : [710, 110],         A8 : [10, 10], B8 : [110, 10], C8 : [210, 10], D8 : [310, 10], E8 : [410, 10], F8 : [510, 10], G8 : [610, 10], H8 : [710, 10],     } 

the [0] of the arrays is x and the [1] is y, and that’s also how I placed the figures.

Can a mystic sense nearby creatures using telepathy?

This question was raised by one of my players who is playing a third version mystic from unearthed arcana (released on 13/03/2017).

To provide a couple of example scenarios:

  • He has tried to use this on an animated armor (before it moved) to sense if there was a mind present.
  • On a corpse to see if it was actually dead or just pretending to be.

He argues that according to the description of the telepathy feat, a telepathic connection is made between him and his target. And that he should be able to sense if there is a mind present to make this connection.

At 2nd level, your mind awakens to the ability to communicate via telepathy. You can telepathically speak to any creature you can see within 120 feet of you in this manner. You don’t need to share a language with the creature for it to understand your telepathic messages, but the creature must be able to understand at least one language or be telepathic itself.

This argument is seems backed by the description of the telepathy spell, which also mentions a telepathic link.

You create a telepathic link between yourself and a willing creature with which you are familiar. […]

From a story/roleplaying perspective, this makes sense to me and I sort of agree.

Mechanically speaking it seems pretty overpowered for a second level feature. I know unearthed arcana isn’t supposed to be perfectly balanced and imbalances are possible when using playtest content. But I’m more concerned with how to interpret the wording than with actual player power.

So far I’ve established that talking telepathically with a creature is like regular talking but instead of using sound waves you’re using telepathic signals. And instead of targeting everyone within earshot, you’re targeting one specific person. But I would be happy to change this if any literature was more specific.

I would prefer an answer with 5th literature sources but if these don’t exist, I would be happy with an answer from previous editions as well.

Is there a way to *round* a nearby point into the feasible set?

Let $ P \subset \mathbb R^d$ be a polytope with interior given by $ F$ -many linear inequalities. Suppose we have a convex problem with feasible set $ P$ . For example computing the Euclidean projection of some point onto $ P$ .

Instead of trying to directly solve the problem we run Langrange multipliers on the dual problem. This gives a sequence $ \lambda_n \in \mathbb R_+^F$ converging to the dual solution $ \lambda^*$ and a sequence $ x_n \in \mathbb R^d$ converging to the primal solution $ x^*$ .

We know $ x^*$ is feasible but $ x_n$ might not be. In practice we never compute $ x^*$ itself but only $ x_N$ for some very large $ N$ . Ideally we have theoretical results that say how big we must take $ N$ to make the error less than $ \epsilon$ .

enter image description here

Doing that, we get an infeasible approximate solution $ x_N = p$ that we know is distance $ \epsilon$ of $ x^*$ . That means the ball of radius $ 2 \epsilon$ around $ p$ intersects the interior, and we know $ x^*$ is somewhere in that intersection.

To get a feasible point near $ p$ the obvious thing to do is project onto $ P$ . Unfortunately this amounts to solving another problem on domain $ P$ and we’re back to where we’re started!

However we have in fact simplified the problem as any $ y^*$ in the red region is feasible with $ \|x^* -y^*\| < 2\epsilon$ . Is it any easier to find such a $ y^*$ than solving the original problem?

How could I block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?

My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.

When it comes to advertising, the type of ultrasonic messages that I am referring to are described in this Wired article titled “How to Block the Ultrasonic Signals You Didn’t Know Were Tracking You”, from 2016. The article says (emphasis added):

The technology, called ultrasonic cross-device tracking, embeds high-frequency tones that are inaudible to humans in advertisements, web pages, and even physical locations like retail stores. These ultrasound “beacons” emit their audio sequences with speakers, and almost any device microphone—like those accessed by an app on a smartphone or tablet—can detect the signal and start to put together a picture of what ads you’ve seen, what sites you’ve perused, and even where you’ve been.

The Wired article also mentions that:

Now that you’re sufficiently concerned, the good news is that at the Black Hat Europe security conference on Thursday, a group based at University of California, Santa Barbara will present an Android patch and a Chrome extension that give consumers more control over the transmission and receipt of ultrasonic pitches on their devices.

Being that the article was from 2016, I looked at the Black Hat Europe conference from that year for more information about the Android patch. The presentation mentioned in the Wired article seems to be this one.

The presentation slides (available here) led me to the website where the researchers do have an android patch as mentioned in the Wired article. Alas that patch is a research prototype made for android-5.0.0_r3.

There is also this research paper from 2017, titled “Privacy Threats through Ultrasonic Side Channels on Mobile Devices”. The authors of this paper found out for example that

  • Advertising platforms such as Google’s Universal Analytics and Facebook’s Conversion Pixel provided services utilizing this technology. The researchers analyzed three commercial solutions: Shopkick, Lisnr and Silverpush.
  • 234 Android applications analyzed by the researchers were constantly listening for ultrasonic beacons.
  • Out of 35 stores visited in European cities, 4 were using ultrasonic beacons at the time of the research.

Anyway my interest is not just about blocking advertising trackers. Even though the marketing departments may be the largest consumer of this technology, it can be utilized in many other ways as well.

And this issue is related to another technology, namely the Google Nearby Messages API. The overview document written by Google about this technology (here) says that (emphasis added):

The Nearby Messages API is a publish-subscribe API that lets you pass small binary payloads between internet-connected Android and iOS devices. The devices don’t have to be on the same network, but they do have to be connected to the Internet.

Nearby uses a combination of Bluetooth, Bluetooth Low Energy, Wi-Fi and near-ultrasonic audio to communicate a unique-in-time pairing code between devices.

The concerns about the Nearby Messages API are:

  1. Its ability to pass small binary payloads, i.e. presumably executable code.
  2. That while it is easy to disable Bluetooth and WiFi on a smart phone, it is not so easy to disable the microphone.


Are there ways to block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?

Does Shadow Lore require the Bard to physically whisper, and could the target or a nearby creature detect this?

A 14th level College of Whispers Bard gains the following class feature:

Shadow Lore: As an action, you magically whisper a phrase that only one creature of your choice within 30 feet of you can hear. The target must make a Wisdom saving throw against your spell save DC. It automatically succeeds if it doesn’t share a language with you or if it can’t hear you. On a successful saving throw, your whisper sounds like unintelligible mumbling and has no effect.

If the target fails its saving throw, it is charmed by you for the next 8 hours or until you or your allies attack or damage it. It interprets the whispers as a description of its most mortifying secret.

While you gain no knowledge of this secret, the target is convinced you know it. While charmed in this way, the creature obeys your commands for fear that you will reveal its secret. It won’t risk its life for you or fight for you, unless it was already inclined to do so. It grants you favors and gifts it would offer to a close friend.

When the effect ends, the creature has no understanding of why it held you in such fear.

(pg 16, Xanathar’s Guide to Everything)

When using Shadow Lore, would the Bard physically whisper something that only the Target can hear, or is it more like a telepathic whisper that the target hears?

Would the target, or a nearby creature, be able to tell that Shadow Lore was used and potentially who used it?

Data backend for a ‘Nearby’ places application


I am building an application for searching places ‘Nearby’ akin to Yelp/Google.

Objective for this question

Recommend a strategy to do paginated searches based on location and ask for advice on the same. Further, ask for frameworks and tooling that support the design.

Please note: I do not want to complicate this by doing any form of ranking, etc. This is simply ‘Nearby’ search.


Requirement: User opens the app and requests restaurants in a 5 mile radius. The server may send 20 results back. User may exhaust these 20 results and request for another set of restaurants. The server may send another 20 results (that are not duplicate).


I propose a strategy that is based on 2 simple data stores – Redis to enable Geospatial Search & a generic data store for storing Restaurants (MongoDB/PostgreSQL).

Client (1) -> Server (2) -> Redis (3) -> Mongo (4) -> Client (5) 
  1. Client sends a request (REST/GraphQL) to search for restaurants nearby; params: location, distance, skip: 0.
  2. Server handles the request and fires up a request to Redis to get ‘locations’ that match the query.
  3. Redis stores data like “location -> restaurantID”. Redis does a spatial search and finds all locations that satisfy the query.
  4. Server then takes the first 20 in this list and batch queries Mongo to get a list of restaurants and sends it back to the client.
  5. Clients handle any deduplication as I am unable to understand how to enable cursor based pagination for search.

For the next 20 results:

  • Server skips the first 20 from Redis and handles pagination accordingly.


  • Simple indexing built without cost for exhaustive search indexing.
  • 2 roundtrips to datastores per query.
    • Same query for redis for pagination
    • Don’t know if possible but short-term redis caching may help.
  • Current backend:
    • NodeJS + GraphQL + Prisma + MongoDB

Requires Advice On

  • Is this conceivable for a medium sized production solution?
  • Do these roundtrip costs make this service ‘slow’?
  • How to achieve pagination generally for geospatial searches? Is there a form of cursor based pagination when it comes to searches?
  • What are other ways to accomplish the same? Happy to read through more complex topics and build a slightly more complicated solution.

Reference for the nearby Lagrangian conjecture for $T^*S^1$

I am looking for a reference for the proof of the nearby Lagrangian conjecture of $ T^*S^1$ , that is, that every exact and compact Lagrangian submanifold of the cylinder is Hamiltonianly isotopic to the zero section in $ T^*S^1$ .

The corresponding result for $ T^*S^2$ can be found here