Also, releasing something into the public domain means abandoning all rights to it. So rather than ensuring Google can't patent it,
He did so by publishing it (look my other post with arxiv refs). These publications constitute prior art. Google CANNOT patent it be cause by now, 2017, this techniques have been known for 10 years. (Including successful implementation by Yann Collet's FSE and another one by one of the coders of the Farbrausch demo team).
he ensured that he has no standing to sue.
He can technically challenge the patent on ground of prior art.
but simply declared that his idea was public domain. The article isn't clear on exactly how he did so.
Wut ? It's right there even in the TFS on/. : he published the stuff back in the 2000s.
The patent office won't necessarily count that as prior art, unless it's formally published.
If you google a bit around : - arXiv:0710.3861 - "Optimal encoding on discrete lattice with translational invariant constrains using statistical algorithms" first published in 2007 (that's the bat-shit crazy stuff that only a few mathematicians managed to understand but lay ground for the whole stuff) - arXiv:0902.0271 - "Asymmetric numeral systems" first published in 2009 (second paper, where he re-visited these concept, and which spawned, among other the FSE - Finite State Entropy - implementation of tANS that is used by Yann Collet's Zstd - recently moved to facebook). - arXiv:1311.2540 - "Asymmetric numeral systems: entropy coding combining speed of Huffman coding with compression rate of arithmetic coding" first published in 2013 and cites actual implementation such as ycollet's fse.
All these papers (which also cite actual real-world implementations) all predate Google's patent filing.
To actually prevent a company from monopolizing the idea, the most effective strategy would be to actually patent it and put it under a copyleft patent license... that is, patentleft.
Or you know, just publish it. Like everybody else does in the academic world. Formal publication DOES COUNT as prior art in most sane parts of the world.
That's also why Range-Coding, the predecessor of tANS and cousin of the patented arithmetic coding isn't patented itself: it was published.
Disclaimer: I've worked on entropy encoders for the compression of genomic data as part of the PoSeNoGap project.
how did Bitcoin lost more than $1000 and still be above $4000 when the all time high was $5000.
Bitcoin is so unstable and changes so fast, that by the time you finish your subtraction the numbers doesn't mean anything anymore.
And I'm only half joking.
Seriouly, do we *Really* need a new/. article each time the exchange value of BTC jolts ? At that pace we could actually use the exchange rate as an entropy source for random number generators.
Stick to the bitcoin *protocol* as a way to make decentralized transactions only, and keep using *fiat* for your long-term storage needs.
My point is: the front of the phone just isn't a good place for the fingerprint sensor to begin with.
On the other hand, Apple was never about what is theoretically "good". They mostly aim for what seems intuitive to clueless newbies
- The home button is where they put their finger anyway - Apple logic : let's put the fingerprint sensors there.
- You're removing the home button and creating a "software" one displayed on the bottom of the screen ? - Apple logic: Then the bottom of the screen should also be a finger print sensors, because that's where you're sure to find the user's finger (if he isn't holding the phone "wrong":-P )
- Oops that last one didn't work out, let's quickly scramble to make something, let's re-use that "face recognition" idea thrown by the guys at the R&D lab.
The rest of the planet : - If somebody is holding their phone in their hand, there's a high chance that they can easily reach the back with a finger.
When you incentivize something you get more of it. {...} The biggest problems with our welfare programs is that they incentivize laziness and nonwork.
The thing that you dare to call "welfare" on your side of the Atlantic pond would be considered as backward and medieval by European standards. (Common you just recently started to try to provide universal healthcare like the rest of the developed world. And the guy who you elected president is even trying to repel it).
If "more welfare" leads to "less workers" as you suggest, Europe would have completly collapsed following 100% unemployment half a century ago. That didn't happen. In fact, some of the best faring countries in Europe (e.g.: Scandinavian countries, Germany, etc.) are also country with the most advanced social welfare systems. And those still aren't collapsing under unemployment today.
Not everybody who gets welfare is lazy - some are actually very hard workers.
There are large-scale studies which have been done in Germany and in France (yes, France, the country where "going on strike every other week to insist on social welfare and benefits" is a national sport). Verdict : there are actually very few abuses of the welfare system. Far less than what far-right parties would like you to think.
There are a few lazy people, but nearly the vast majority are very hard workers.
But the programs need to be structured in a way that encourages people to work by making sure that work always pays more than not working.
If you do that by making access to welfare more tedious and difficult, you won't be helping. - The few lazy person, who have the intent of abusing the system will find more creative ways around your hurdles and still manage to get the money. - Most of the remaining people, those who have real difficulties and need help suddenly are even more likely to get their help if it is so difficult. They are already in deep shit, if you make their life even shittier, you're not helping.
You need to help measures that can help finding new jobs : - cover basic needs (food / shelter) without any question. If the people can't even get those, they'll never work. - helping people move to where the jobs are, as you suggested in your comment. - helping people retrain to other jobs that are available here. Cover the costs to make sure that education is available to anyone who wants a new job. (I know that seems hard in a country that relies on "college loans" and where the cost of a diploma is close to the budget of some small countries). etc.
I don't see why MITM attacks intended to capture information would cause SSL errors {...} I always thought the SSL connection between the victims and the MiTM were pristine, normal SSL connections in their own right. Maybe I suppose if they wanted to modify content on the way through, but even then maybe an application layer error, not an SSL issue. Enlighten me...
ONE of the part of the SSL protocol works by having both end points agree on a common password.
The usual technique used is Diffie-Hellman or Elliptic Diffie-Hellman : it's a special cryptographic way in which two end point can agree on a common random password, and nobody else from the outside is able to guess it. (they have a way to exchange a shared secret).
(it's complicated, but it relies on special system in which you can add things together commutatively, but not separate them :
- e.g. it's easier to multiply prime number than factor the product.
- e.g.: elliptic curve maths posses an easy "addition" operation, but no trivial way to do "subtraction". Each side picks a random number side 1 chooses A, side 2 chooses B. Then they together publicly pick a common number C. Side 1 computes A+C and sends it to Side 2 Side 2 computes B+C and sends it to Side 1. External observers can't separate A from A+C nor B from B+C, they can only observe C and these (n+C) combinations. Side 1 computes (B+C)+A Side 2 computes (A+C)+B - Those above are the same : it's a password that can only be known to them. - External observers could only do (B+C)+(A+C) which is not the same number (and again they can't remove the extra additionnal C from it).)
So when two end point try to establish a secure connection only they 2 know the password, 3rd parties can't.
So if a MitM tries to intercept SSL traffic, they need to negotiate a password with the server. But because they can only negotiate password between 2 sides, the MitM can't forward the SSL traffic to the victim user, as the user can only negotiate a *different* password. (because in the above detail, they would have guessed a different secret "B").
So the only way for a MitM to work is for the MitM to negociate a password with the server, and negociate a password with the victim, and then decrypt-relay-rencrypt-forward the SSL traffic.
Then comes the SECOND part of SSL - certificate :
to make sure that the password you got is actually from the server you intend and not from a MitM, the exchange is also cryptographically signed with key pairs. Only the owner of the secret private key can successful sign a signature that is validated by the publicly known public key.
Thus, when establishing the SSL traffic, the server will also sign its traffic, with a key that is itself signed by a root certificate provider. By seeing that the traffic has a legit signature, the user's browser knows that it comes from the server and not from someone pretending to be the server.
Then there are only 2 possibilities :
- most of the time : the MitM attempts fail, because they do not have access to the server's secret key, and can't forge the server's signature to pretend to be the server. They can only propose some bogus signature. The victim's browser realises that something is fishy, and it wasn't talking to the server as it though, but was talking to a MitM impersonator all along. You get a big "Wrong certificate" message on the screen.
- a few key situation : the MitM has a way to forge a false certificate that looks legit (e.g.: they have access to a root certificate provider that will sign such a bogus certificate). This is *only the situation* where the SSL connection itself might look pristine.
BUT... there are counter measures even in that case : - there are other source that can confirm if the correct certificate was used (some relying on DNS) - some browser can use "certificate pinning" plugins (Certificate patrol is one such for FireFox) : if suddenly the connection isn't signed by "DigiCert" but by "China's State cert", you know something fishy is happening.
The latest versions of Firefox opens a pop-bar telling you that this is probably a Wifi log-in screen and gives your the choice to open the login screen in a new tab so you can connect.
Android solved that problem simply and efficiently by putting the sensor on the back, a solution that Apple could have adopted as well.
Apple, for once, wanted to be a bit original and have the fingerprint sensor work on the front, through the screen. (think all the sci-fi movie where the hero is required to place a hand on the shape drawn on the screen). Turns out, they didn't manage to find a way to pull this thing while fitting the ever thinner form factor
Point was, the existing broadcast tech can carry the frequencies at the edge or even slightly beyond human hearing.
For digital TV and Radio, only barely so ("at the edge")(*). Not even beyond, and not much space up-there. (Though it might be enough to do what is a glorified form of Morse code(*) - as done by the advertiser example you site).
Still : they cannot carry the technology mentioned in the article (DolphinAttack relies on speech being pitched up all the way > 24kHz - way beyond what is carried by TV and Radio. My "infra-red over TV" metaphor still applies). So to all/.ers panicking "DolphinAttack could be used over TV !" - No it can't on technical reasons, the same reasons you can't embed an invisible infra-red qr-code in a youtuube video neither.
And if you pitch up regular speech to the upper limits of what TV and Radio CAN actually carry, the lower bound of it will still be well within hearing range. (the "frequencies at the edge of human hearing" that could be under some circumstance be carried by TV and Radio, don't have enough room to code speech, only Morse code) you won't be clearly able to understand such high pitched speech, but you'll definitely be able to hear an audible glitch during it.
Un-hearable speech in ultra-sonics range is impossible over TV, Radio or Youtube.
Can it be exploited? Of course, it can...
Yes, it can be exploited. Just not completely silently. You'll definitely hear some audible glitch during a "high pitched audible" attack.
Now per se, that doesn't prevent all possible exploitation situations.
What if you left it charging, while you take a shower? "Honey, your phone was saying something, not sure what..."
If the victim isn't nearby the phone and the TV when the attack occurs, why bother with the ultrasound in the first place ? If the victim can't hear "Confirming 100'000$ purchase", the victim would be hearing "Ok Siri, now buy this 100'000$ article on alibaba".
In other words : the existence of DolphinAttack (no matter if actually broadcastable over TV or not) doesn't change a thing to the already existing exploitability of always-on voice controlled devices.
Possibilities are numerous, not all of them evil, but all of them worrying...
Possibilites that already existed well before ultra-sound communication. (You could do exactly the same kind of tracking by paying attention to your phone's Wifi and Bluetooth MAC addresses. Or have an installed app with over-reaching permissions - e.g.: location services)
If you are worried, you shouldn't start worrying only on the day you heard about DolphinAttack's ultra-sonic gimmicks. You should have started worrying long ago, with things like always-on listening assistants, with applications that keep running in the background for no obvious reason, applications asking for access to location/camera/microphone for no obvious reasons, etc.)
Shut down your voice activated assistant NOW, don't pay attention if ultra sound works or not, the always on listening part is already a problem for quite some time.
---
(*): And even less possible nowadays. The morse-code trick would have been possible with older generations of digital TV and Radio (they relied on MPEG Layer II audio - aka MP2) and Youtube (MPEG Layer III audio - aka MP3). You can represent a > 15 kHz signal in those.
The morse-code trick done by advertiser is technically impossible with newer generation of digital TV and Radio (AACplus) and most modern Internet applications (usually modern stuff like OPUS). As I've said in my post above: AACplus doesn't directly code high frequencies, it instead generates them from mid and low frequencies present in the same signal (again, that's a very efficient space saver due to how music works). Means that you can't code a > 10kHz audio signal alone, if there is
in the days most crucial for the company's survival (in this case, getting bought out so they can continue to scam).
On the other hand the failure of his company has that much to do to where he choose to spend his vacation time, as to that "Like Nespresso, but with Fruit Juice !" is a very poorly taught-out idea.
It's like a sysape going on a trip right after your company's servers got broken into and wiped, while machines meant for backup are sitting in a closet not even been set up despite having been purchased a year ago.
If the company is so poorly run that there isn't always at least one sysop on call able to handle problems, and that you need to be able to call people back from vacations, then you company is really poorly ran.
A one of the last place I worked, a sysop could without any problem take 1 week vacation in the middle of nowhere with no cell coverage... because there were more than 1 single sysop, and at any time there's always at least 1 of them present at the premise (daytime) or on call (night-time). The other "not on call at that precise moment" sysops could do pretty much every thing they want on they free time because it's not their job to take emergencies *personally, at that precise moment*.
If the company got their servers borken, you don't call the sysop who is on vacation to fix the, you call *the OTHER* sysop who at that precise moment is supposed to be on call on your plan, and he'll be the one taking the replacement out of the closet and deploying them. If you don't have such a "who's on call now schedule", then it's your fault, not your sysops.
That would be blaming a big blunder in a large hospital on the fact that their single doctor took vacations. Who on their right mind would run a whole hospital with a single doctor ?
Same here : if the company isn't organised in such a way that 1 exec can go missing, then it's already a success for failure. What if the guy was sick or had an accident.
You're not getting it. The _whole_point_ is to only enter the house when there is no one home. Contrary to what Hollywood feeds you,
I'm not basing my scenario on what crap is currently running on the TV. I'm basing it on what has occasionally happened here around (but very likely, the burglars here around aren't the same as the one you have on your side of the Atlantic pond).
Something that is often seen : An old couple go home after buying groceries. Grandma causally leaves her hand bag by the entrance door. (with her purse inside - containing money and credit cards, and this being an old couple, there's more cash than credit cards) After finished to pack everything into the fridge, exhausted, they decide to take a nap.
When they wake up, they notice that the hand bag is missing (but nothing else of value. The big TV screen is still untouched in the middle of the living room). After inspecting the door, realize that it was forced with a crow bar.
Apparently burglar have noticed that the couple has left the living room (probably by looking at lights being turned on and off). Once they though the path was clear, they made a run as fast as possible breaking the door and grabbing the first thing they could before the couple could notice them.
This scenario has played out a couple of time here where I live (a relatively calm and peaceful city) - no kidnapping, no menacing, no mugging. Just going as fast as possible for the simplest and surest thing with value to steal (i.e.: grab the bag containing the money while the people are away elsewhere in the apartment / house).
(It isn't as typical as the other kind of burglary - namely track the content of mailbox, notice which have been left accumulating for some time (and thus whose owner is on vacation) and then take all the necessary time to break in - sometime actually sawing the door around the "secure" lock - and take *everything* out, this time including the big heavy valuable or well stashed jewelry. But it still happens) (On the other hand you hear now and then in the news, cases of burglary that have escalated to sequestration/menace/violence, etc. - but the fact that it is "news-worthy" probably means it happens VERY seldom).
The problem of this "break-and-run" technique is that breaking the door is still noisy, and there's a chance that the burglars could get discovered before they manage to grab anything of value.
Silent alternatives to get the door open (hacking shitty e-Locks, managing to give bogus commands to cloud-connected locks, etc.) would increases the chance of this kind of hit'n'run job to succeed.
Again, this are things that *have* happened here around.
As such most codecs used online are optimised for human hearing range.
Bat call recorders predominantly use.wav, which does support it. So as long as you can get.wav your set; and you can put wav audio (as an LPCM format) into both AVI and MP4 containers... so I think it should be pretty doable.
And most audio sources only use 48kHz sampling rate (i.e.: up to 24kHz sounds anyway).
Lots of options for ultrasonic recording -- again... the whole bat call niche has you covered
I was answering to a different use case. You were speaking about carrying the ultra sonics over youtube. I'm pointing out that youtube has hard limitations preventing you from carrying ultra sonics.
Of course "custom device to blurt out ultra sonic" would work (even a local app running on your high-range smartphone could probably switch the hardware in 96kHz audio out mode ? Hey, we finally found a real-world use case for these 96kHz/192kHz audio out mode that the audiophile have insisted on having !~)
For that case, the confirmation would be the giveaway.
and when your pocket suddenly says "Okay, I'm buying 180 episodes of Golden Girls" confirmation, you're going to notice that something fishy is happening.
Maybe. Depends how loud it is, and how loud it is where you are. I've not heard my phone ring in my pocket lots of times.
Please keep in mind that the whole premise is about giving *audio commands* to your smartphone - i.e.: it needs to still be able to hear them. If your smartphone is so deep in your pocket/handbag/whatever that you can't easily hear it, chances are that the device it self would have difficulties hearing the sound coming from the prankster's pocket though all these layers of cloth and other material that happens to have sonic isolating properties.
In short : if you can't hear it, chance are the device might not be able to hear you (or the prankster in return).
I was thinking that for the prank to work, you would need to target a phone that isn't deep into a hand bag, where it couldn't hear you (but where chance of hearing the confirmation are low). You would probably target a phone that is in the shirt pocket where it can clearly hear your commands (but then the victim would clearly hear the confirmation).
But yeah, that's all speculation as I haven't attempted such prank and have no interests in even trying.
what are you going to do?
Myself ? I wouldn't be using such an insecure thing as an "always on" voice command in the first place. (on top of the fact that this command needs a round trip to some cloud on the internet just to be interpretted).
People claiming it can not be done should not interrupt people already doing it.
(BTW: Spotify (or was it another networked music player ?) is also doing it to help identify the various device that are within reach. And as it's the app it self generating the code, it's not constrained by the audio compression limits - Vorbis in their case. They can easily emit beep codes at 24kHz which you would definitely NOT hear, but which could be emitted and picked up by current mic and speaker technology available to the platforms on which the various instances of music player are running and would like to "see eachother" in the physical world in addition to the network).
These ads are basic beep code, very simply signals that you can cram at the upper limit of what your medium can carry. A few short beeps at somewhere between 6kHz and 10kHz (or whatever can get through your compression) could be audible (in absolute silence, with a good pair of earphone, provided that you haven't completely borked your upper hearing range be firing guns without adequate protection), but would be easily drowned in the rest of the noise emitted by the ads.
Today's article is about speech which must convey a lot more informartions and requires much time and frequency bandwidth.
DolphinAttack works by shifting the speech a lots of octave up, until it's above 20kHz (see paper, linked in the article, linked in this summary). That CANNOT work in any way with current TV and Radio technology. There simply doesn't exist any TV or Radio technology today (both analog or digital) that can carry frequencies above 20kHz. (For the simple and obvious reason that TV and Radio was invented by humans and for humans, not for dogs, bats or dolphins. Nobody was paying attention to keep those inaudible frequencies in. And if by dropping them you save space and/or radio frequency bandwidth, so be it) So today's article technology CANNOT IN ANY WAY be carried over TV and radio due to very hard limits (**).
In theory, there should be ways to embed speech in TV and Radio. You going to use these sentences of human-like speech but shifted several octaves up until they can be squeezed somewhere between ~4kHz and 10kHz, and thus stay within what could realistically be carried by your media. That is definitely audible. Not necessarily *intelligible* but if you're sitting in front of the device and listening carefully, you'll notice some weird noise going on for a few seconds.
And of course, then suddenly hearing your phone in your pocket confirming "Okay, confirming 100'000$ purchase for 'ScamBot' article on alibaba" or "Okay, opening garage's door" - that's going to be a dead giveaway.
---
Visual analogy:
- some article : it should be possible to embed hidden infra-red images (projected by a light-bulb illuminated slide ? a special device ?) that can be interpretted as QR-Codes by selfie apps and trigger un-expected behaviour. (NOTE: Near Infra-red ARE visible to smartphone cameras).
-/. crowd reaction : great! now someone would hack my smartphone just by hiding an invisible QR-Code in my TV picture whenever I try to make a reaction selfie in from of the TV. (=I know that most smartphone don't actually scan QR-Codes from the main photo app, unlike Siri and co with voice, but for the sake of the argument we'll ignore that point).
- bandwidth limitation : No dum-dum ! TV aren't designed for snakes or insects, they can only emit R, G and B lights. There's no way to push IR over TV.
- counter point : Yeah, but in the real world, there are 3D PC monitors/projectors using visual cue for the left-right lens of 3D glasses ! (= in real world, done by shifting colors on a line). (Also, small blinking pattern have been used by some form of banking 2FA, and by some early TV games-shows to beam data t
See what's happening to those old Apple II, TRS80 or Commodore Amiga... Maybe you will be getting a lot of $$$ from ebay auctioning it;)
That worked for these because they were quite successful and popular machine back in their era.
On the other hand, Windows-running-phones barely qualify.
They are more like those old computer companies that failed to gain any market, went bust after only pushing a handful of unit and everybody has forgotten since then. You'll be having a hard even remembering that they even existed.
The only thing that might keep Windows phone barely noticed is that they were a failed product coming from a bing company. But even with that I'm doubtful they'll enjoy a celebrity nostalgia career in 20 years (common is Microsoft Bob that much popular on Youtube now ?!)
...that is if youtube, ebay & co still exist then...
The company will be gone, but the niche will be probably taken by successor.
It'll be probably snapchat video, and whatever twitter has tried to pull to try to be financially successful (after their take over by Mark Zuckerberg):-P
Like if they embedded the audio in a youtube video that you were watching?
Bad news for this use case : no matter what the meme says, internet wasn't build for dogs (Neither for bats nor dolphins)
As such most codecs used online are optimised for human hearing range. - OPUS will filter out anything above 20kHz. - AACplus only replicates spectrum from mid to high range. etc. And most audio sources only use 48kHz sampling rate (i.e.: up to 24kHz sounds anyway).
No way to hide secret message above the audible range : that range won't be carried.
And what if they are exploiting it on the phone in your pocket... you do go out of the house right? Maybe you dont want the guy behind you at starbucks to prank you by getting your phone to set an alarm at 2am, or order you all 180 episodes of the Golden Girls.
and when your pocket suddenly says "Okay, I'm buying 180 episodes of Golden Girls" confirmation, you're going to notice that something fishy is happening.
Sending audio commands while the victim isn't in the same room as the targetted device seems the better option.
Convoluted technical means to get your internet devices to "open the back door" are not the go-to tactic for any burglar. Nor will they be. The go-to tactic is to kick your door really hard or break a window, then retreat.
The problem is that "breaking the window" is a very noisy method that only works when the victim is away from home. Managing to have the door opened to you - by e.g.: jamming the FM radio constantly blaring music as backgound - could work even when the victim is in another room of the house (e.g.: taking a bath).
Alternatively, a person who is known to you but who you don't realize is malicious could use this to gain physical access. Maybe you're okay taking a FaceTime call from them, but then they transmit the inaudible signal over the call, which your iDevice faithfully reproduces, resulting in Alexa, Siri, or whatever else opening your garage door. Or maybe someone standing outside at your smart doorbell uses it when you ask what they want via the app, resulting in your phone or tablet reproducing the sounds within earshot of a device that will respond to them.
None of these can't work at all, for the exact same reason the TV/Radio attack mentionned above is severly limited : Facetime isn't designed for dogs and bats (and dolphins). Most of the modern internet applications for chat tend to use OPUS (e.g.: Skype, WhatsApp, Facebook, probably a few others). This codec is optimized at carrying only audible sound/music/speech. As such the first step of OPUS is to kill all frequencies above 20kHz (no use to spend bits to encode stuff for which the ear lack any receptor. That would be like insisting to encode UV light on video instead of only R/G/B). Given that Dolphin Attack relies on > 20kHz ultra-high-pitched speech, it won't work because it will be compressed away. (Apple, on the other hand tend to be allergic to IETF standards and probably uses AACplus on their devices. That one similarily suck at carrying ultra-sounds: high part of the spectrum is actually reproduced by replicating the lower part of the spectrum, and most application are limited to 24kHz any way due to 48kHz sampling rate and Nyquist).
A third possibility is that they could use your always-on phone to engage in an attack against your home even while you're not at home. For instance, an attacker passing you in the street could activate the commands on a device in your hand or pocket via "OK Google" or "Hey Siri" to open your garage door for a crony of theirs. For that matter, anyone who can get within listening distance of your phone can use this attack on it, all without ever having access to the devices within your home.
In that case: Yes, an attacker could be carrying special equipment that works perfectly in Dolphin Attack's range (e.g.: a device working at 96kHz combined with a special ultra-sound speaker that has a good response on frequencies > 24kHz).
I see another problem here : from the few demos I've seen, voice assistant tend to repeat or other wise confirm commands. The victim won't be hearing the ultra-sound high pitched commands, but they'll clearly hear the answer of the assistant to these command. It would be very strange to suddenly here the phone in your pocket answering "Okay, I'm opening the garage door".
A much more realistic scenario would be to emit commands while the victim isn't around. i.e.: jam the radio FM signal to give commands to the home assistant while the victim is taking a bath. They might hear a short glitch (the jamming of the signal itself, and the commands needs to fit within the much more restricted audio bandwidth of FM radio - no way to emit them at >20kHz) coming from the radio in the living room, but they are much more likely to ignore it, think : "Yeah, again one of these solar flairs expected for this week-end".
Can I inject an attack into OTA frequencies received by radios and tv.
Analog and Digital media respectively can't carry such high frequencies (the spectrum carriable by FM radio is narrower than the human ear. So it's the opposite: you can hear noises to which the radio is deaf) or compress them away (DAB+ radio and the various DVB- TV use AACplus codecs. This only encodes mid-range frequencies and re-generates high-frequencies by replicating the spectrum. It makes totally sense for compressing music - (store the base freq and the first couple of harmonics of an instrument, the rest of the spectrum can totally be guessed) - it's completely useless to encode ultra-sound-only speech. Also sound on these digital medium, the sampling rate is usually 48kHz, which (Nyquist, blabla) means you can code up to 24kHz sounds - given that DolphinAttack relies on > 20kHz ultra-high-pitched-speech that doesn't give a lot of frequency range. So even if the audio was uncompressed LPCM the quality might still be limiting).
BUT, on the other hand...
The TV in some circumstance, and the radio even more, tend to be "always on" devices that you leave working to give a background sound/music. Even if you walk away, they'll be still playing.
In other words: why bother trying to hide your command stream in the inaudible ultra-sounds, if you emit your "a lot less disguised" (but much better within the transmission ability) commands when there's nobody around to notice them ?
(Example scenario : a would-be burglar spies to see the moment you go to the bathroom to take a bath. When they see you entering the bathroom, they quickly jam the FM radio frequencies (this may cause a short audible glitch - but you might not even notice the passing glitch over the noise of the water) with a signal asking your home assistant to open the door, quickly enter, steal your purse and whatever else, and leave. By the time you leave the bath, they're gone and there's no even a sign of the burglary - door is intact)
Nokia did that too, I hear it worked out great for them.
It *did* work great for them back in the dumb-phone and feature-phone era.
Management just completely fucked up everything afterwards regarding smartphones : - They dragged the aging symbian platfrom way too much. ("But hey, it has always worked until now, so it's a safe bet !") (~yeah sure. And maybe Palm should have stuck to PalmOS even longer~) - They let go the R&D departement which was until that point striving to make nice smartphone/tablet OS (the Meamo/Meego line with N700, N800, N900, and the first large scale public N9, etc.) and would have actually helped Nokia become relevant in the smartphone era. ("But hey, it's burning money, let's leave the burning ship for shareholder's sake !") (on the other hand that team manage to escape the burning ship on a small jolla (pun intended by them) to survive and put an interesting OS on the marked) - They decided to ged in bet with Microsoft. ("But in the business world you're never wrong to go to Microsoft !" (Or was it IBM ?~) )
End result : "we didn't do anything wrong, but somehow, we lost"
They kept doing stupid shit that would sound "a safe bet" to an MBA, but didn't make any sense. (And the biggest part of these decision was taken by microsoft shills such as Elop)
" Surprisingly, despite overtaking Apple in global sales, none of Huawei's phones appear on the Top 10 list. " only surprising if you are ignorant of the market. Huawei make a shit ton of different model phones
Yup, my reflexion too. It's easier for Apple to be top selling phone - even if they sell in much smaller volume - when they basically only sell one single phone in 2 variations. Huawei might sell a much bigger total volume, but divided by hundreds of models, none of the phone will individually beat any of the top 10 sellers.
Same situation with operating system regarding iOS vs Android: back then's Apple smartphone were the top seller, but Android was (and is still today) the most popular OS even if no phone with it did beat any phone with iOS. simply there were dozens of android phone manufacturer, so even if total installation did beat iOS, none of them did individually beat Apple in volume.
The thing is, "freedom of speech" implies that there exist some actual speech to be protected. I think to understand that the parent poster doesn't consider any of the garbage that usually happens on some social site to be any form of speech. He probably thinks that nothing actually conveys information, most of it is click-baiting scams and ads anyway, and thus not worthy of "speech" status. Therefore for once his views align with those of an authoritarian regime who does also inhibit "freedom of actual speech".
He would probably consider that facebook falls more into the "freedom to defecate in public" rather than "freedom of speech".
(But somehow this content problem is magically not affecting youtube).
Though I might understand why the "...and nothing of value was lost" stance regarding facebook, my personal opinion is that we should never block anything (because that could be supporting censorship), only educate the user to better understand the usefulness of various media.
Slashdot Mirror
Also, releasing something into the public domain means abandoning all rights to it. So rather than ensuring Google can't patent it,
He did so by publishing it (look my other post with arxiv refs).
These publications constitute prior art.
Google CANNOT patent it be cause by now, 2017, this techniques have been known for 10 years.
(Including successful implementation by Yann Collet's FSE and another one by one of the coders of the Farbrausch demo team).
he ensured that he has no standing to sue.
He can technically challenge the patent on ground of prior art.
Sounds like he didn't actually register a patent,
No indeed, he didn't.
but simply declared that his idea was public domain. The article isn't clear on exactly how he did so.
Wut ? It's right there even in the TFS on /. : he published the stuff back in the 2000s.
The patent office won't necessarily count that as prior art, unless it's formally published.
If you google a bit around :
- arXiv:0710.3861 - "Optimal encoding on discrete lattice with translational invariant constrains using statistical algorithms" first published in 2007 (that's the bat-shit crazy stuff that only a few mathematicians managed to understand but lay ground for the whole stuff)
- arXiv:0902.0271 - "Asymmetric numeral systems" first published in 2009 (second paper, where he re-visited these concept, and which spawned, among other the FSE - Finite State Entropy - implementation of tANS that is used by Yann Collet's Zstd - recently moved to facebook).
- arXiv:1311.2540 - "Asymmetric numeral systems: entropy coding combining speed of Huffman coding with compression rate of arithmetic coding" first published in 2013 and cites actual implementation such as ycollet's fse.
All these papers (which also cite actual real-world implementations) all predate Google's patent filing.
To actually prevent a company from monopolizing the idea, the most effective strategy would be to actually patent it and put it under a copyleft patent license... that is, patentleft.
Or you know, just publish it.
Like everybody else does in the academic world.
Formal publication DOES COUNT as prior art in most sane parts of the world.
That's also why Range-Coding, the predecessor of tANS and cousin of the patented arithmetic coding isn't patented itself: it was published.
Disclaimer: I've worked on entropy encoders for the compression of genomic data as part of the PoSeNoGap project.
how did Bitcoin lost more than $1000 and still be above $4000 when the all time high was $5000.
Bitcoin is so unstable and changes so fast, that by the time you finish your subtraction the numbers doesn't mean anything anymore.
And I'm only half joking.
Seriouly, do we *Really* need a new /. article each time the exchange value of BTC jolts ?
At that pace we could actually use the exchange rate as an entropy source for random number generators.
Stick to the bitcoin *protocol* as a way to make decentralized transactions only, and keep using *fiat* for your long-term storage needs.
My point is: the front of the phone just isn't a good place for the fingerprint sensor to begin with.
On the other hand, Apple was never about what is theoretically "good".
They mostly aim for what seems intuitive to clueless newbies
- The home button is where they put their finger anyway
- Apple logic : let's put the fingerprint sensors there.
- You're removing the home button and creating a "software" one displayed on the bottom of the screen ? :-P )
- Apple logic: Then the bottom of the screen should also be a finger print sensors, because that's where you're sure to find the user's finger
(if he isn't holding the phone "wrong"
- Oops that last one didn't work out, let's quickly scramble to make something, let's re-use that "face recognition" idea thrown by the guys at the R&D lab.
The rest of the planet :
- If somebody is holding their phone in their hand, there's a high chance that they can easily reach the back with a finger.
When you incentivize something you get more of it. {...} The biggest problems with our welfare programs is that they incentivize laziness and nonwork.
The thing that you dare to call "welfare" on your side of the Atlantic pond would be considered as backward and medieval by European standards.
(Common you just recently started to try to provide universal healthcare like the rest of the developed world. And the guy who you elected president is even trying to repel it).
If "more welfare" leads to "less workers" as you suggest, Europe would have completly collapsed following 100% unemployment half a century ago.
That didn't happen.
In fact, some of the best faring countries in Europe (e.g.: Scandinavian countries, Germany, etc.) are also country with the most advanced social welfare systems. And those still aren't collapsing under unemployment today.
Not everybody who gets welfare is lazy - some are actually very hard workers.
There are large-scale studies which have been done in Germany and in France (yes, France, the country where "going on strike every other week to insist on social welfare and benefits" is a national sport).
Verdict : there are actually very few abuses of the welfare system.
Far less than what far-right parties would like you to think.
There are a few lazy people, but nearly the vast majority are very hard workers.
But the programs need to be structured in a way that encourages people to work by making sure that work always pays more than not working.
If you do that by making access to welfare more tedious and difficult, you won't be helping.
- The few lazy person, who have the intent of abusing the system will find more creative ways around your hurdles and still manage to get the money.
- Most of the remaining people, those who have real difficulties and need help suddenly are even more likely to get their help if it is so difficult. They are already in deep shit, if you make their life even shittier, you're not helping.
You need to help measures that can help finding new jobs :
- cover basic needs (food / shelter) without any question. If the people can't even get those, they'll never work.
- helping people move to where the jobs are, as you suggested in your comment.
- helping people retrain to other jobs that are available here. Cover the costs to make sure that education is available to anyone who wants a new job. (I know that seems hard in a country that relies on "college loans" and where the cost of a diploma is close to the budget of some small countries).
etc.
I don't see why MITM attacks intended to capture information would cause SSL errors {...} I always thought the SSL connection between the victims and the MiTM were pristine, normal SSL connections in their own right. Maybe I suppose if they wanted to modify content on the way through, but even then maybe an application layer error, not an SSL issue. Enlighten me...
ONE of the part of the SSL protocol works by having both end points agree on a common password.
The usual technique used is Diffie-Hellman or Elliptic Diffie-Hellman : it's a special cryptographic way in which two end point can agree on a common random password, and nobody else from the outside is able to guess it. (they have a way to exchange a shared secret).
(it's complicated, but it relies on special system in which you can add things together commutatively, but not separate them :
- e.g. it's easier to multiply prime number than factor the product.
- e.g.: elliptic curve maths posses an easy "addition" operation, but no trivial way to do "subtraction".
Each side picks a random number side 1 chooses A, side 2 chooses B.
Then they together publicly pick a common number C.
Side 1 computes A+C and sends it to Side 2
Side 2 computes B+C and sends it to Side 1.
External observers can't separate A from A+C nor B from B+C, they can only observe C and these (n+C) combinations.
Side 1 computes (B+C)+A
Side 2 computes (A+C)+B
- Those above are the same : it's a password that can only be known to them.
- External observers could only do (B+C)+(A+C) which is not the same number (and again they can't remove the extra additionnal C from it).)
So when two end point try to establish a secure connection only they 2 know the password, 3rd parties can't.
So if a MitM tries to intercept SSL traffic, they need to negotiate a password with the server.
But because they can only negotiate password between 2 sides, the MitM can't forward the SSL traffic to the victim user, as the user can only negotiate a *different* password. (because in the above detail, they would have guessed a different secret "B").
So the only way for a MitM to work is for the MitM to negociate a password with the server, and negociate a password with the victim,
and then decrypt-relay-rencrypt-forward the SSL traffic.
Then comes the SECOND part of SSL - certificate :
to make sure that the password you got is actually from the server you intend and not from a MitM, the exchange is also cryptographically signed with key pairs. Only the owner of the secret private key can successful sign a signature that is validated by the publicly known public key.
Thus, when establishing the SSL traffic, the server will also sign its traffic, with a key that is itself signed by a root certificate provider.
By seeing that the traffic has a legit signature, the user's browser knows that it comes from the server and not from someone pretending to be the server.
Then there are only 2 possibilities :
- most of the time : the MitM attempts fail, because they do not have access to the server's secret key, and can't forge the server's signature to pretend to be the server. They can only propose some bogus signature. The victim's browser realises that something is fishy, and it wasn't talking to the server as it though, but was talking to a MitM impersonator all along.
You get a big "Wrong certificate" message on the screen.
- a few key situation : the MitM has a way to forge a false certificate that looks legit (e.g.: they have access to a root certificate provider that will sign such a bogus certificate). This is *only the situation* where the SSL connection itself might look pristine.
BUT... there are counter measures even in that case :
- there are other source that can confirm if the correct certificate was used (some relying on DNS)
- some browser can use "certificate pinning" plugins (Certificate patrol is one such for FireFox) : if suddenly the connection isn't signed by "DigiCert" but by "China's State cert", you know something fishy is happening.
certificate patrol is an example of firefox add-on that can detect un-expected changes of certificates.
(So if suddenly a website isn't signed by "DigiCert" but by China's government you'll be alerted).
The latest versions of Firefox opens a pop-bar telling you that this is probably a Wifi log-in screen and gives your the choice to open the login screen in a new tab so you can connect.
The rumor is not that the iPhone will have no cable at all.
You know after the removal of the audio jack, to some past customer, that wouldn't sound that much implausible.
Android solved that problem simply and efficiently by putting the sensor on the back, a solution that Apple could have adopted as well.
Apple, for once, wanted to be a bit original and have the fingerprint sensor work on the front, through the screen.
(think all the sci-fi movie where the hero is required to place a hand on the shape drawn on the screen).
Turns out, they didn't manage to find a way to pull this thing while fitting the ever thinner form factor
Point was, the existing broadcast tech can carry the frequencies at the edge or even slightly beyond human hearing.
For digital TV and Radio, only barely so ("at the edge")(*). Not even beyond, and not much space up-there. (Though it might be enough to do what is a glorified form of Morse code(*) - as done by the advertiser example you site).
Still : they cannot carry the technology mentioned in the article (DolphinAttack relies on speech being pitched up all the way > 24kHz - way beyond what is carried by TV and Radio. My "infra-red over TV" metaphor still applies). /.ers panicking "DolphinAttack could be used over TV !" - No it can't on technical reasons, the same reasons you can't embed an invisible infra-red qr-code in a youtuube video neither.
So to all
And if you pitch up regular speech to the upper limits of what TV and Radio CAN actually carry, the lower bound of it will still be well within hearing range.
(the "frequencies at the edge of human hearing" that could be under some circumstance be carried by TV and Radio, don't have enough room to code speech, only Morse code)
you won't be clearly able to understand such high pitched speech, but you'll definitely be able to hear an audible glitch during it.
Un-hearable speech in ultra-sonics range is impossible over TV, Radio or Youtube.
Can it be exploited? Of course, it can...
Yes, it can be exploited. Just not completely silently.
You'll definitely hear some audible glitch during a "high pitched audible" attack.
Now per se, that doesn't prevent all possible exploitation situations.
What if you left it charging, while you take a shower? "Honey, your phone was saying something, not sure what..."
If the victim isn't nearby the phone and the TV when the attack occurs, why bother with the ultrasound in the first place ?
If the victim can't hear "Confirming 100'000$ purchase", the victim would be hearing "Ok Siri, now buy this 100'000$ article on alibaba".
In other words : the existence of DolphinAttack (no matter if actually broadcastable over TV or not) doesn't change a thing to the already existing exploitability of always-on voice controlled devices.
Possibilities are numerous, not all of them evil, but all of them worrying...
Possibilites that already existed well before ultra-sound communication. (You could do exactly the same kind of tracking by paying attention to your phone's Wifi and Bluetooth MAC addresses. Or have an installed app with over-reaching permissions - e.g.: location services)
If you are worried, you shouldn't start worrying only on the day you heard about DolphinAttack's ultra-sonic gimmicks.
You should have started worrying long ago, with things like always-on listening assistants, with applications that keep running in the background for no obvious reason, applications asking for access to location/camera/microphone for no obvious reasons, etc.)
Shut down your voice activated assistant NOW, don't pay attention if ultra sound works or not, the always on listening part is already a problem for quite some time.
---
(*): And even less possible nowadays.
The morse-code trick would have been possible with older generations of digital TV and Radio (they relied on MPEG Layer II audio - aka MP2) and Youtube (MPEG Layer III audio - aka MP3). You can represent a > 15 kHz signal in those.
The morse-code trick done by advertiser is technically impossible with newer generation of digital TV and Radio (AACplus) and most modern Internet applications (usually modern stuff like OPUS). :
As I've said in my post above
AACplus doesn't directly code high frequencies, it instead generates them from mid and low frequencies present in the same signal (again, that's a very efficient space saver due to how music works). Means that you can't code a > 10kHz audio signal alone, if there is
in the days most crucial for the company's survival (in this case, getting bought out so they can continue to scam).
On the other hand the failure of his company has that much to do to where he choose to spend his vacation time, as to that "Like Nespresso, but with Fruit Juice !" is a very poorly taught-out idea.
It's like a sysape going on a trip right after your company's servers got broken into and wiped, while machines meant for backup are sitting in a closet not even been set up despite having been purchased a year ago.
If the company is so poorly run that there isn't always at least one sysop on call able to handle problems, and that you need to be able to call people back from vacations, then you company is really poorly ran.
A one of the last place I worked, a sysop could without any problem take 1 week vacation in the middle of nowhere with no cell coverage... because there were more than 1 single sysop, and at any time there's always at least 1 of them present at the premise (daytime) or on call (night-time).
The other "not on call at that precise moment" sysops could do pretty much every thing they want on they free time because it's not their job to take emergencies *personally, at that precise moment*.
If the company got their servers borken, you don't call the sysop who is on vacation to fix the, you call *the OTHER* sysop who at that precise moment is supposed to be on call on your plan, and he'll be the one taking the replacement out of the closet and deploying them.
If you don't have such a "who's on call now schedule", then it's your fault, not your sysops.
That would be blaming a big blunder in a large hospital on the fact that their single doctor took vacations.
Who on their right mind would run a whole hospital with a single doctor ?
Same here : if the company isn't organised in such a way that 1 exec can go missing, then it's already a success for failure.
What if the guy was sick or had an accident.
You're not getting it. The _whole_point_ is to only enter the house when there is no one home. Contrary to what Hollywood feeds you,
I'm not basing my scenario on what crap is currently running on the TV.
I'm basing it on what has occasionally happened here around (but very likely, the burglars here around aren't the same as the one you have on your side of the Atlantic pond).
Something that is often seen :
An old couple go home after buying groceries. Grandma causally leaves her hand bag by the entrance door. (with her purse inside - containing money and credit cards, and this being an old couple, there's more cash than credit cards)
After finished to pack everything into the fridge, exhausted, they decide to take a nap.
When they wake up, they notice that the hand bag is missing (but nothing else of value. The big TV screen is still untouched in the middle of the living room). After inspecting the door, realize that it was forced with a crow bar.
Apparently burglar have noticed that the couple has left the living room (probably by looking at lights being turned on and off).
Once they though the path was clear, they made a run as fast as possible breaking the door and grabbing the first thing they could before the couple could notice them.
This scenario has played out a couple of time here where I live (a relatively calm and peaceful city) - no kidnapping, no menacing, no mugging. Just going as fast as possible for the simplest and surest thing with value to steal (i.e.: grab the bag containing the money while the people are away elsewhere in the apartment / house).
(It isn't as typical as the other kind of burglary - namely track the content of mailbox, notice which have been left accumulating for some time (and thus whose owner is on vacation) and then take all the necessary time to break in - sometime actually sawing the door around the "secure" lock - and take *everything* out, this time including the big heavy valuable or well stashed jewelry. But it still happens)
(On the other hand you hear now and then in the news, cases of burglary that have escalated to sequestration/menace/violence, etc. - but the fact that it is "news-worthy" probably means it happens VERY seldom).
The problem of this "break-and-run" technique is that breaking the door is still noisy, and there's a chance that the burglars could get discovered before they manage to grab anything of value.
Silent alternatives to get the door open (hacking shitty e-Locks, managing to give bogus commands to cloud-connected locks, etc.) would increases the chance of this kind of hit'n'run job to succeed.
Again, this are things that *have* happened here around.
As such most codecs used online are optimised for human hearing range.
Bat call recorders predominantly use .wav, which does support it. So as long as you can get .wav your set; and you can put wav audio (as an LPCM format) into both AVI and MP4 containers... so I think it should be pretty doable.
And most audio sources only use 48kHz sampling rate (i.e.: up to 24kHz sounds anyway).
Lots of options for ultrasonic recording -- again... the whole bat call niche has you covered
I was answering to a different use case.
You were speaking about carrying the ultra sonics over youtube.
I'm pointing out that youtube has hard limitations preventing you from carrying ultra sonics.
Of course "custom device to blurt out ultra sonic" would work
(even a local app running on your high-range smartphone could probably switch the hardware in 96kHz audio out mode ?
Hey, we finally found a real-world use case for these 96kHz/192kHz audio out mode that the audiophile have insisted on having !~)
For that case, the confirmation would be the giveaway.
and when your pocket suddenly says "Okay, I'm buying 180 episodes of Golden Girls" confirmation, you're going to notice that something fishy is happening.
Maybe. Depends how loud it is, and how loud it is where you are. I've not heard my phone ring in my pocket lots of times.
Please keep in mind that the whole premise is about giving *audio commands* to your smartphone - i.e.: it needs to still be able to hear them.
If your smartphone is so deep in your pocket/handbag/whatever that you can't easily hear it, chances are that the device it self would have difficulties hearing the sound coming from the prankster's pocket though all these layers of cloth and other material that happens to have sonic isolating properties.
In short : if you can't hear it, chance are the device might not be able to hear you (or the prankster in return).
I was thinking that for the prank to work, you would need to target a phone that isn't deep into a hand bag, where it couldn't hear you (but where chance of hearing the confirmation are low).
You would probably target a phone that is in the shirt pocket where it can clearly hear your commands (but then the victim would clearly hear the confirmation).
But yeah, that's all speculation as I haven't attempted such prank and have no interests in even trying.
what are you going to do?
Myself ?
I wouldn't be using such an insecure thing as an "always on" voice command in the first place.
(on top of the fact that this command needs a round trip to some cloud on the internet just to be interpretted).
People claiming it can not be done should not interrupt people already doing it.
(BTW: Spotify (or was it another networked music player ?) is also doing it to help identify the various device that are within reach. And as it's the app it self generating the code, it's not constrained by the audio compression limits - Vorbis in their case.
They can easily emit beep codes at 24kHz which you would definitely NOT hear, but which could be emitted and picked up by current mic and speaker technology available to the platforms on which the various instances of music player are running and would like to "see eachother" in the physical world in addition to the network).
These ads are basic beep code, very simply signals that you can cram at the upper limit of what your medium can carry.
A few short beeps at somewhere between 6kHz and 10kHz (or whatever can get through your compression) could be audible (in absolute silence, with a good pair of earphone, provided that you haven't completely borked your upper hearing range be firing guns without adequate protection), but would be easily drowned in the rest of the noise emitted by the ads.
Today's article is about speech which must convey a lot more informartions and requires much time and frequency bandwidth.
DolphinAttack works by shifting the speech a lots of octave up, until it's above 20kHz (see paper, linked in the article, linked in this summary).
That CANNOT work in any way with current TV and Radio technology.
There simply doesn't exist any TV or Radio technology today (both analog or digital) that can carry frequencies above 20kHz.
(For the simple and obvious reason that TV and Radio was invented by humans and for humans, not for dogs, bats or dolphins.
Nobody was paying attention to keep those inaudible frequencies in. And if by dropping them you save space and/or radio frequency bandwidth, so be it)
So today's article technology CANNOT IN ANY WAY be carried over TV and radio due to very hard limits (**).
In theory, there should be ways to embed speech in TV and Radio.
You going to use these sentences of human-like speech but shifted several octaves up until they can be squeezed somewhere between ~4kHz and 10kHz, and thus stay within what could realistically be carried by your media.
That is definitely audible. Not necessarily *intelligible* but if you're sitting in front of the device and listening carefully, you'll notice some weird noise going on for a few seconds.
And of course, then suddenly hearing your phone in your pocket confirming "Okay, confirming 100'000$ purchase for 'ScamBot' article on alibaba" or "Okay, opening garage's door" - that's going to be a dead giveaway.
---
Visual analogy :
- some article : it should be possible to embed hidden infra-red images (projected by a light-bulb illuminated slide ? a special device ?) that can be interpretted as QR-Codes by selfie apps and trigger un-expected behaviour.
(NOTE: Near Infra-red ARE visible to smartphone cameras).
- /. crowd reaction : great! now someone would hack my smartphone just by hiding an invisible QR-Code in my TV picture whenever I try to make a reaction selfie in from of the TV.
(=I know that most smartphone don't actually scan QR-Codes from the main photo app, unlike Siri and co with voice, but for the sake of the argument we'll ignore that point).
- bandwidth limitation : No dum-dum ! TV aren't designed for snakes or insects, they can only emit R, G and B lights. There's no way to push IR over TV.
- counter point : Yeah, but in the real world, there are 3D PC monitors/projectors using visual cue for the left-right lens of 3D glasses !
(= in real world, done by shifting colors on a line).
(Also, small blinking pattern have been used by some form of banking 2FA, and by some early TV games-shows to beam data t
See what's happening to those old Apple II, TRS80 or Commodore Amiga... ;)
Maybe you will be getting a lot of $$$ from ebay auctioning it
That worked for these because they were quite successful and popular machine back in their era.
On the other hand, Windows-running-phones barely qualify.
They are more like those old computer companies that failed to gain any market, went bust after only pushing a handful of unit and everybody has forgotten since then.
You'll be having a hard even remembering that they even existed.
The only thing that might keep Windows phone barely noticed is that they were a failed product coming from a bing company.
But even with that I'm doubtful they'll enjoy a celebrity nostalgia career in 20 years (common is Microsoft Bob that much popular on Youtube now ?!)
...that is if youtube, ebay & co still exist then...
The company will be gone, but the niche will be probably taken by successor.
It'll be probably snapchat video, and whatever twitter has tried to pull to try to be financially successful (after their take over by Mark Zuckerberg) :-P
Like if they embedded the audio in a youtube video that you were watching?
Bad news for this use case :
no matter what the meme says, internet wasn't build for dogs (Neither for bats nor dolphins)
As such most codecs used online are optimised for human hearing range.
- OPUS will filter out anything above 20kHz.
- AACplus only replicates spectrum from mid to high range.
etc.
And most audio sources only use 48kHz sampling rate (i.e.: up to 24kHz sounds anyway).
No way to hide secret message above the audible range : that range won't be carried.
And what if they are exploiting it on the phone in your pocket... you do go out of the house right? Maybe you dont want the guy behind you at starbucks to prank you by getting your phone to set an alarm at 2am, or order you all 180 episodes of the Golden Girls.
and when your pocket suddenly says "Okay, I'm buying 180 episodes of Golden Girls" confirmation, you're going to notice that something fishy is happening.
Sending audio commands while the victim isn't in the same room as the targetted device seems the better option.
Convoluted technical means to get your internet devices to "open the back door" are not the go-to tactic for any burglar. Nor will they be.
The go-to tactic is to kick your door really hard or break a window, then retreat.
The problem is that "breaking the window" is a very noisy method that only works when the victim is away from home.
Managing to have the door opened to you - by e.g.: jamming the FM radio constantly blaring music as backgound - could work even when the victim is in another room of the house (e.g.: taking a bath).
Alternatively, a person who is known to you but who you don't realize is malicious could use this to gain physical access. Maybe you're okay taking a FaceTime call from them, but then they transmit the inaudible signal over the call, which your iDevice faithfully reproduces, resulting in Alexa, Siri, or whatever else opening your garage door. Or maybe someone standing outside at your smart doorbell uses it when you ask what they want via the app, resulting in your phone or tablet reproducing the sounds within earshot of a device that will respond to them.
None of these can't work at all, for the exact same reason the TV/Radio attack mentionned above is severly limited :
Facetime isn't designed for dogs and bats (and dolphins).
Most of the modern internet applications for chat tend to use OPUS (e.g.: Skype, WhatsApp, Facebook, probably a few others).
This codec is optimized at carrying only audible sound/music/speech. As such the first step of OPUS is to kill all frequencies above 20kHz (no use to spend bits to encode stuff for which the ear lack any receptor. That would be like insisting to encode UV light on video instead of only R/G/B).
Given that Dolphin Attack relies on > 20kHz ultra-high-pitched speech, it won't work because it will be compressed away.
(Apple, on the other hand tend to be allergic to IETF standards and probably uses AACplus on their devices. That one similarily suck at carrying ultra-sounds: high part of the spectrum is actually reproduced by replicating the lower part of the spectrum, and most application are limited to 24kHz any way due to 48kHz sampling rate and Nyquist).
A third possibility is that they could use your always-on phone to engage in an attack against your home even while you're not at home. For instance, an attacker passing you in the street could activate the commands on a device in your hand or pocket via "OK Google" or "Hey Siri" to open your garage door for a crony of theirs. For that matter, anyone who can get within listening distance of your phone can use this attack on it, all without ever having access to the devices within your home.
In that case: Yes, an attacker could be carrying special equipment that works perfectly in Dolphin Attack's range (e.g.: a device working at 96kHz combined with a special ultra-sound speaker that has a good response on frequencies > 24kHz).
I see another problem here : from the few demos I've seen, voice assistant tend to repeat or other wise confirm commands.
The victim won't be hearing the ultra-sound high pitched commands, but they'll clearly hear the answer of the assistant to these command.
It would be very strange to suddenly here the phone in your pocket answering "Okay, I'm opening the garage door".
A much more realistic scenario would be to emit commands while the victim isn't around.
i.e.: jam the radio FM signal to give commands to the home assistant while the victim is taking a bath.
They might hear a short glitch (the jamming of the signal itself, and the commands needs to fit within the much more restricted audio bandwidth of FM radio - no way to emit them at >20kHz) coming from the radio in the living room, but they are much more likely to ignore it, think : "Yeah, again one of these solar flairs expected for this week-end".
Can I inject an attack into OTA frequencies received by radios and tv.
Analog and Digital media respectively can't carry such high frequencies
(the spectrum carriable by FM radio is narrower than the human ear. So it's the opposite: you can hear noises to which the radio is deaf)
or compress them away
(DAB+ radio and the various DVB- TV use AACplus codecs. This only encodes mid-range frequencies and re-generates high-frequencies by replicating the spectrum. It makes totally sense for compressing music - (store the base freq and the first couple of harmonics of an instrument, the rest of the spectrum can totally be guessed) - it's completely useless to encode ultra-sound-only speech. Also sound on these digital medium, the sampling rate is usually 48kHz, which (Nyquist, blabla) means you can code up to 24kHz sounds - given that DolphinAttack relies on > 20kHz ultra-high-pitched-speech that doesn't give a lot of frequency range. So even if the audio was uncompressed LPCM the quality might still be limiting).
BUT, on the other hand...
The TV in some circumstance, and the radio even more, tend to be "always on" devices that you leave working to give a background sound/music.
Even if you walk away, they'll be still playing.
In other words: why bother trying to hide your command stream in the inaudible ultra-sounds, if you emit your "a lot less disguised" (but much better within the transmission ability) commands when there's nobody around to notice them ?
(Example scenario : a would-be burglar spies to see the moment you go to the bathroom to take a bath. When they see you entering the bathroom, they quickly jam the FM radio frequencies (this may cause a short audible glitch - but you might not even notice the passing glitch over the noise of the water) with a signal asking your home assistant to open the door, quickly enter, steal your purse and whatever else, and leave.
By the time you leave the bath, they're gone and there's no even a sign of the burglary - door is intact)
Nokia did that too, I hear it worked out great for them.
It *did* work great for them back in the dumb-phone and feature-phone era.
Management just completely fucked up everything afterwards regarding smartphones :
- They dragged the aging symbian platfrom way too much. ("But hey, it has always worked until now, so it's a safe bet !") (~yeah sure. And maybe Palm should have stuck to PalmOS even longer~)
- They let go the R&D departement which was until that point striving to make nice smartphone/tablet OS (the Meamo/Meego line with N700, N800, N900, and the first large scale public N9, etc.) and would have actually helped Nokia become relevant in the smartphone era. ("But hey, it's burning money, let's leave the burning ship for shareholder's sake !") (on the other hand that team manage to escape the burning ship on a small jolla (pun intended by them) to survive and put an interesting OS on the marked)
- They decided to ged in bet with Microsoft. ("But in the business world you're never wrong to go to Microsoft !" (Or was it IBM ?~) )
End result :
"we didn't do anything wrong, but somehow, we lost"
They kept doing stupid shit that would sound "a safe bet" to an MBA, but didn't make any sense.
(And the biggest part of these decision was taken by microsoft shills such as Elop)
" Surprisingly, despite overtaking Apple in global sales, none of Huawei's phones appear on the Top 10 list. " only surprising if you are ignorant of the market. Huawei make a shit ton of different model phones
Yup, my reflexion too.
It's easier for Apple to be top selling phone - even if they sell in much smaller volume - when they basically only sell one single phone in 2 variations.
Huawei might sell a much bigger total volume, but divided by hundreds of models, none of the phone will individually beat any of the top 10 sellers.
Same situation with operating system regarding iOS vs Android:
back then's Apple smartphone were the top seller, but Android was (and is still today) the most popular OS even if no phone with it did beat any phone with iOS.
simply there were dozens of android phone manufacturer, so even if total installation did beat iOS, none of them did individually beat Apple in volume.
You'd also need to be away from big settlement so the light pollution doesn't completely over flood the auroras.
If the US wants it as part of our Law...then congress should be the ones to enact it.
Now the question comes :
how does this work in the US ?
Is it necessary to repeal an act before being able to pass a law ?
Or in simpler term is it mandatory to stop the temporary measure, before putting a permanent change of law ?
I can understand blocking Facebook.
going against {...} freedom of speech?
The thing is, "freedom of speech" implies that there exist some actual speech to be protected.
I think to understand that the parent poster doesn't consider any of the garbage that usually happens on some social site to be any form of speech.
He probably thinks that nothing actually conveys information, most of it is click-baiting scams and ads anyway, and thus not worthy of "speech" status.
Therefore for once his views align with those of an authoritarian regime who does also inhibit "freedom of actual speech".
He would probably consider that facebook falls more into the "freedom to defecate in public" rather than "freedom of speech".
(But somehow this content problem is magically not affecting youtube).
Though I might understand why the "...and nothing of value was lost" stance regarding facebook, my personal opinion is that we should never block anything (because that could be supporting censorship), only educate the user to better understand the usefulness of various media.