- video: https://www.youtube.com/watch?v=f0eqo6jU9gc
- example gadget: http://www.japantrendshop.com/keitai-otohime-toilet-sound-bl...
- background and wall mounted examples: http://travel.cnn.com/tokyo/shop/sound-princess-loo-001106/
On another note, I'm surprised to see so many comments worrying about bathroom noises in what I presume is a male-dominated forum. Do these dynamics exist in men's rooms as well? In my workplace, at least, all manner of sounds accompanying bowel movements are ignored, or, judging by occasional laughs, sometimes even encouraged.
The Japanese word for sound is also pronounced "oto". So, a device which makes noise to help you be discreet...
But things that look like cognates with Japanese do exist. Notably そう ("sou") is pronounced the same as English "so" and means roughly the same thing, at least in phrases like "is that so?" and "Make it so, Number One."
https://www.youtube.com/watch?v=bfHCt5z1kd8 (Brian Eno - Neroli)
Without fail, it makes everyone in the room talk more calmly, at a quieter volume. It's one of my favourite ambient albums ever (if anyone knows more of something quite like this, I'd love to hear suggestions). It even works on children, I work at a youth centre, just playing it over a relatively shitty PA can calm down an over-active morning in 5-10 minutes.
Today modern laptops emit almost no sound.
Also noise cancelling headphones was a good investment for me. Strange, that device created for use in helicopters proved so useful in office environment.
It's not much of a revelation: "If I actively purchase a token to have something inoffensive sent to an address, why, the company will send it without verifying that the person who handed over the money is the recipient!".
The company doesn't want to mail ants to the wrong people, but they have no safeguards against it either. They're not acting out of malice, but they're peforming a malign action anyway. They're relying on your good spirit to ensure the ants end up in the right place.
This is one of those ridiculous scenarios that security folks dream up. I imagine Schneier doesn't live in a concrete bunker with a blast door, because a regular door can conceivably be broken open with a sledgehammer. The vast majority of homes do not have a sledgehammer-proof door, because it's not actually a problem. Same with the shipping of ants.
On the other hand, those first 8 bytes of the packet may be some authentication/verification scheme which would have to be reverse engineered. Also, it may only play UDP packets coming from 220.127.116.11:2046, which would likely mean you would have to convince the DHCP server to assign you that address instead of its intended host.
This does not agree with my understanding.
18.104.22.168 is probably the destination address. I think if a DHCP server gave out an address in this range it would be misconfigured.
In 802.3 and 802.11 I think multicast packets are actually broadcast, so this is why you don't need to join the group.
These multicast packets also aren't L2 broadcast addresses. For more info, see:
Hell, if that's UDP traffic it doesn't necessarily even look like it requires a response, so you could spoof the source IP address and the server might not even care...
Though I wonder if he had time to look at the packets long or careful enough. Would have been interesting to inspect all these devices closer too. Were there also other sessions established maybe that could hint at controlling them? E.g. such as volume of the sound? I doubt that the actual elevator would be controlled could be controlled remotely:
> "Garota de Ipanema" ("The Girl from Ipanema") is a Brazilian bossa nova jazz song.
> Numerous recordings have been used in films, sometimes as an elevator music cliché.
> those first 8 bytes of the packet may be some authentication/verification scheme
The server could verify the auth on a per packet basis and only play the sound if it matches. There's no reason you couldn't have an authentication scheme on top of a UDP transport, you just can't rely on the tcp sequence numbering to prevent bad actors from injecting into the stream. But so what, you could implement your own thing. You could go so far as to simulate TCP over UDP if you really wanted to.
It's kind of weird for you to address him/her in the condescending tone, especially when you're not exactly correct.
The part you quoted is correct. The sentence after it is not at all correct. And that final sentence was the one joantune was responding to.
In other words, you are the person being wrong and condescending. ;)
At that point (assuming it's the kind of elevator music that uses low-intensity instrumental versions of pop hits), it would be really fun to get the original versions of the songs they're playing and sync up the position and playback rate.
Or you could just manually configure your computer to use that address.
This feels as exciting as what they do with video feeds in Hollywood movies, i.e. where the hacker puts in her own camera loops replacing live feed.
Since it is multicast seeing the packet doesn't mean the path to a specific receiver goes through your network.
There was another recent post about a hotel that had android devices controlling the lights, in the entire hotel. Which had no auth protection at all. I'd bet money, it would be the same for the elevator music.
We'd wait until the lift was totally crammed with people, call it and then ask to speak to someone we knew was in the lift!
Even luxury homes with small elevators.
Turns out the emergency system on this elevator is too an embedded phone...
We came across two on the PBX that no one could identify. Numbers not in the internal directory. No tags in the PBX terminal. Rang them repeatedly with no answer.
So we disabled them on the grounds that if they were in use we would soon get a call from someone enquiring why their line was dead. Nothing all week. Went home for the weekend.
You can probably see how this ended, and that's (just one of the reasons) why you don't route them through your PBX.
yeah, about that...
A `sudo apt-get install foremost` works on Ubuntu to install it, IIRC
Revelation/Disappointment -- it is elevator music.
Or is it? Maybe he gave up too quick. Maybe that is how they disguise the secret spy transmissions!
There two modes. One for normal people. Parents, cops, investigative journalists, government employees etc.
Then there's the mode for geeks. Then your base case should be that everybody is Norman Bates
1. Multicast is 1:N so one stream can be played on all phones. Pulling the files from a server would be N:N so your network bandwidth would be consumed unnecessarily due to all the phones streaming the same data. Also, the phones are going to have limited memory so storing music locally is not going to scale well (phone memory is a cost that gets multiplied by N phones).
2. Synchronization, especially for the elevator scenario: if the music outside the elevator door isn't synchronized to the music inside the elevator, it will be rather disconcerting.
BTW, I suspect the streaming audio you saw was "background music" that could be played from the phones speakers. "Ambiance audio" would tie in with #2 synchronization; having adjacent phones playing unsynchronized "ambiance audio" would also be jarring.
Music on hold will be inserted by the PBX (head end), not the individual phones. Inserting "music on hold" by the phone would mean that music would be sent by the PBX to the phone back to the PBX and then to the "on hold" line where having the PBX insert it involves only the link from the PBX to the "on hold" line.
tcpflow -p -C -i eth0 port 80 | grep -oE '(GET|POST|HEAD) .* HTTP/1.|Host: .*'
(Yes, I chose to link to Wikipedia instead of its home page on SourceForge.)
I wonder how hard it might be to hijack the stream to have the receivers play your own packets.
- text-to-speech output based on a definitive history of elevators
- same for an exhaustive safety lecture that'll probably horrify some guests
- BBC programming interspersed with random bits of Arabic speech
- sound of iPhone ringing using the most common ringtone
- toilet flushing noises
- JFK's "we choose to go to the moon" speech
- "thank you for using the elevator - achievement unlocked! Please visit the hotel's reception desk to collect your prize. Your raffle code is: ID-10T"
- "dear guests: a gentle reminder that floors in our hotel are zero-indexed"
- mouse scratching sounds on full blast
- Soviet anthem on repeat
I can do this all day.
If this were an officially endorsed thing, hotels could even stick a Physical Web Beacon (https://g.co/beacons) in the lift, pointing customers to your app.
All that said, I guess my above scenario, headphones may be a simpler option ;).
Moreover, in some places the first underground floor "primer subsuelo" is "-1".
(I've never seen a "1/2" for "entrepisos" :( . I don't know the translation, with autotranslation I get "mezzanine" and "intermediate floor".)
Some images: http://www.ascensoreseguren.com/cabinas-y-decoraciones/acces... http://www.thinkstockphotos.es/image/foto-de-stock-forefinge...
Ah, nothing like a dash of racism to prank someone.
But there is nothing even remotely racist about saying some people are scared of something that has to do with an ethnic group.
Exactly! Isn't that what he implied? He didn't say "Here are some pranking options that would work on some people" he made a general assertion "Here are some pranking options" meaning they would work on all people meaning all people are terrified of anything Arabic sounding.
Spare us next time, please.
More seriously, no investigation as to what happens when you try to inject your own data?
Have you tried multicasting your own audio to the same port? That might have been fun.
- most Android devices back then required a special OS call to tall the wireless chipset to listen to multicast packets at all --- otherwise they'd just ignore them and not wake up;
- in about half the devices, this switch didn't actually work;
- in an astonishing amount of consumer routers, multicast routing doesn't actually work;
- multicast on mobile is so, so, so not worth the effort.
I expect that multicast is way better supported these days. I would be totally unsurprised if it were not.
I wouldn't be, how often is multicast really used? Coming from the broadcast era, it seemed like a no-brainer. But the internet is built for n:n communication. Special cases for n:1 cost more in terms of engineering effort than would be saved in bandwidth and processing overhead.
Pretty much every time I've upgraded my router firmware I've lost TV service and had to reconfigure it. Apparently multicast is hard, even if you're a networking company!
If they haven't done a check on the IP address that they are receiving the data from, then it would now be trivial to panic people in elevators by recording a fake emergency broadcast.
Not jus that, but what else is that hooked up to? If they are multicasting to your IP address and your IP address isn't the lift, then you can do some IGMP snooping to see what else there is out there. Or you could do a DoS on the lifts to see what happens.
Of course, it might be nothing. But when I get in a lift, I'd hope this sort of thing wasn't possible.
The hotel could still have them, mind you, but transmitting them in the clear would be a clear violation of the law, which in fact specifically cites the "transmission of the recordings over a network" as something that must be secured.
My girlfriend: Was that something I would also laugh at?
Me: Most likely not ;)