This is pretty cool. I believe it was Bob Metcalf at PARC who had a device in his office that was hooked up to the 3Mbs Ethernet cable and would essentially do the same thing. He built and installed it to get a feel for how much of an issue "collisions" would really be on the network. At the time, the idea that you could just back off when you detected a collision and re-transmit was considered heresy of the highest order and the "experts" all believed that once you got to a certain small number of clients the wire would be overwhelmed with collisions and the network would be unusable. His gizmo proved that wasn't the case.
In NSA parlance, a "selector" primarily is a string that semi-uniquely identifies and addresses a persons intercepted data, such as
- an IP address,
- an email address,
- a phone number,
- a SIM card's MSIN
- a person's social security number,
- a national ID card number,
- a passport number,
- a social media handle etc.
(elsewhere also known as "accessor", "key", "handle" or "index")
They are interesting because combining and updating them is a non-trivial problem, as I've realized today while implementing a user ban system.
There's a certain system I work with where random unauthenticated visitors on the internet end up supplying data like name/phone/email, with no validation... And of course, the business wants to somehow convert that into a list of "real people" and start correlating it to other records.
I've been trying to stop anything too terrible from happening by asking them to clarify their business requirements, e.g. what should happen when there is malicious impersonation, or the expected result should be when inconsistencies and overlaps exist.
It's not like there's no value to the data... but I'm afraid they don't really understand the problem are are hoping the magic computer can somehow *poof* garbage into fine cuisine.
“Enrichment” is what they actually want. People think it’s Google, Amazon, Facebook etc selling their data when in reality they are simply letting people target based on it.
On the other hand there are hundreds of companies nobody has ever heard of that do buy, collate, clean, and sell access to the data that apps, browser extensions, windows apps, loyalty card programs, branded credit cards, retailers, and companies that scrape LinkedIn etc will happily sell.
You provide what you have and for a price these “enrichment” services will provide what is essentially a dossier of everything that can be even remotely inferred from the thousands of datapoints they have based on your email/name/phone.
What most people think big tech is doing is actually being done in ways that are far more unsettling by companies with cutesy names and vague services that major companies sign contracts with to improve their signal to noise ratio.
Everyone in countries with data protection laws: concern.
Since he's building a sequencer, I'm almost disappointed it wasn't named Selecta.
Rewind Bo Selecta!!
That doesn't tell me why this is called selector.
> In CSS, selectors are patterns used to match, or select, the elements you want to style. Selectors are also used in JavaScript to enable selecting the DOM nodes to return as a NodeList.
From [1]. This nomenclature was also used way before CSS even existed; in SQL.
That doesn't help at all. What do SQL or CSS have to do with it
My guess is it is meant tongue-in-cheek seeing as it is a way to render into audio all network traffic. The idea being that if you are being targeted by some nefarious, infamous 3 letter agency who has gotten something nefarious running on your system, this could, in theory, be used to identify traffic you didn't intend to have happen.
Realistically speaking, it's hogwash because you'd have to profile all "loopback" traffic and whatnot, but in theory, with enough time and effort, that dastardly stream of bits could be heard, I guess. The circuit board itself though has quite a bit of punning in it.
Also... If they really want on your databus, they will get on your databus. After a certain point, cost is not an issue.
Probably as a piss-take? After all, the NSA is a wholesale subjugator of human rights - why not take the piss out of it?
> if possible disable encryption, then you can profit from not only timing pattern (of white noise), but also listen in on the plaintext payload. the NSA loves plaintext.
Haha, incredible.
On a more serious note this is a really cool idea. Would be interesting to listen to the same origin traffic in different network conditions to hear things like TCP rate control.
It really starts getting good at 15:00 when he starts losing packets.
Those who recall cars with fm radios and gsm phones will have heard something similar if their car had a random compartment right below the stereo.
When a call came in, before the phone would ring, the radio would emit this very clear tri di di dit dah dah. But only when the phone was very near the radio.
Yes kinda, I would say network activity rather then traffic. Audio signal is going to be in scale of 48Khz while measuring ethernet signal at scale of 100Mhz. At that rate it wouldn't even get more then 1 sample from a full size packet. So really it's polling 48Khz whether or not there was activity during that period. The gimmick is that it uses some analog components. Fully digital you could craft a meaningful audio signal that represents traffic.
This is a fun demonstration of the principle.
"every website sounds different" - that's super cool.
The bitmap images sent at the end of the video also sound really cool.
There used to be a thing on SunOS (I think) where you'd get `ping` to write to /dev/audio so you could diagnose network stuff by sound.
You can "ping -a" nowadays to get beeps for each reply, but it's not quite as cool!
You can still do this with /dev/dsp or similar. Might need sudo these days
`cat /dev/urandom > /dev/dsp`
For a more modern approach, try ffplay: cat /dev/urandom | ffplay -f s16le -
thanks this almost crashed my pc
some people learn the hard way that blindly copying and pasting things from the interweb directly to a terminal is not always the best of ideas. some times, they're bloody brilliant
curl $url | bash is probably the only worse culprit.
[flagged]
Some people are just evil.
One of the funnier parameters to encounter in the snoop manpage.
The joke is on him - I used to get this functionality for free way back in the day when (what I presume was) RF noise generated during the processing of ethernet traffic would get picked up by my cheap ISA sound card and sent to the speakers. I never built a sequencer out of it though.
Back in college, I would listen to AM radio while I worked on my computer. The radio would pick up electrical noise from the keyboard and the mechanical mouse. I wonder if this sounds anything like it.
TRS-80s were famous for bleeding over AM band. The entire AM band.
I read that the FCC really started cracking down on EM interference because early microcomputers were serious offenders. I'm guessing that's why there's a humongous RF shield inside my Amiga 1200.
Good for network wiring diagnostic. It would be great if it can pipe the noise to Bluetooth audio. I can pair a headphone to it, plug this into the network in another room and still can hear it while checking the line connections on the switch/router.
That audio port is blasting out a total bandwidth of 100 Mbps (4 bits at 25 MHz) versus 768 Kbps for BT audio, assuming a high quality codec (16 bits at 48 KHz), so not without loss.
Can be downsampled for the purpose. It's just noise after all.
It would be nice to compare all packets dumped by system and check if there are any unmatching packets running from your computer that were not sent by OS but a closed source hardware inside like Intel ME
Don't forget the GHCQ which installs a mirror on each UK modem. I don't think the NSA goes to these extremes
The NSA worked with GHCQ to tap Google's fiber between data centers, which at the time, was not encrypted. You can see several presentations including "SSL added and removed here" (reference to the SSL connection being terminated at the Google front end and then transmitted unencrypted to the backend in another data center), as well as an actual BigTable packet from tcpdump that included a user identifier.
If you read The Idea Factory, it shows that AT&T leadership worked closely with NSA and other governmental agencies (on a "secret schedule" so nobody would know who the execs were meeting with) to help them access US phone data.
I'd love to know the extent of what NSA has done between its founding and today; I'm sure they've pulled off some astounding things, and bolluxed up other stuff badly.
FWIW, as we've had this twice, GCHQ - Government Communications Headquarters.
I doubt encryption makes much of a difference, depending on the magic numbers in your implementation.
I've worked with quite a few ISPs and exchanges. I haven't set up port mirrors for the NSA but I have setup temporary mirrors for the FBI upon request.
The NSA/govt gets its own dedicated floor in some DCs, esp. large interconnects
This seems hard to believe, given how many different modems from different sources you can use, as well as thirdparty ones. Source?
Oh man, I really hope they don't get all my TLS connections.
Really cool, but has anyone built software to do this locally on a PC? For example:
Feature request: Replace all the blinking LEDs with these to drown out the fan noise in the server room.
When I was young, I'd use an AM radio right next to my Sinclair ZX81 to hear what it was doing when it was running in FAST mode.
By making loops of different speeds, one could even make basic tones and crude music.
The video really brought back memories of those sounds :)
Stuff like this is exactly why I come to Hacker News.
Many times over the decades I have constructed a MIDI->Audio cable so that I can record MIDI signals as audio, which as a technique is very useful for measuring and fixing MIDI->Synthesizer engine latency.
Its nice to know that if I ever get around to shipping a product with RTP-Midi (MIDI over Ethernet), I can just get a ready-made Eurorack module to do that testing! :P
You can also achieve something like this with a powerline networking adapter + a shortwave radio
bit evil really, they shit up almost the entire 0-30mhz
but they do work...
The seller does not ship to the United States at all..
:(
How are you going to name this product after the NSA, and not ship to the US???
The seller does not ship to the United States at all.. :(
How are you going to name this product after the NSA, and not ship to the US???
Click through, and you'll find a more expensive version that is shipped to the US. It's called TariffBox.
We should make an American version and not allow it for sale anywhere else but the US.
You should make the NSA not function anywhere but within the US too, while you're at it.
Their charter is literally to spy on everyone outside the US.
You might as well ask the SVR/GRU to stick to snooping on Russians.
Their charter is to spy on the entire planet.
Nobody should be okay with that.
And yet every major country has an agency whose charter it is to do it.
And really, in that kind of situation, do they really have a choice?
Schoolyard bully justifications do not a great nation make. Especially when that nation is the worlds #1 committer of human rights abuses and supporter of genocide^Wmass murder at heinous scale.
Who are you talking about exactly? Germany? US? Russia? Britain? China?
All have these agencies. All could/did meet your other criteria now or at different recent periods.
Overall, why should they give a shit what you think on the topic either?
The USA of course. Who else is committing war crimes, crimes against humanity and insane human rights abuses at the same scale, this century? No other nation has given itself carte blanche to mass murder as fervently as the USA and its minion states in the 5-eyes coalition of the 'willing'.
As for giving a shit, those who allow themselves to be wilfully ruled by war criminals always become their final victim, so you should give a little more than a shit, yo.
Russia. Russia has. Oh, and China (if you count domestic ‘issues’ like Muslims).
And if you count the last 100 years, not just 20ish then Germany has a lot of notoriety on that front, as does Russia.
Frankly, they both make the US look like total amateurs.
No, you've got this entirely backwards. The USA and its allies have murdered more innocent people this century than any other nation, by a long, long margin.
How easily Americans forget that they massacred 5% of Iraqs population in cold blood, and then proceeded to wreak havoc in countless other states in the region.
And then, there's the human rights violations. No other nation violates human rights at massive scale like the USA and its minions. By a HUGE scale.
If you aren’t spying, you’re BEING spied on. Germany of all places shouldn’t be claiming any moral high ground on mass murder and human rights abuses.
Germany is a modern-day contributor to the mass violations of human rights, war crimes, and human rights abuses of the Western hemisphere, as a lackey state of the USA.
Eh, or you’ll get spied on regardless - might as well have some clue what others are doing too, so you don’t get blindsided as badly.
No matter how much everyone sings kum-ba-ya, nations have too many important reasons to spy, and very few real reasons not to. Even on allies.
‘Trust but verify’, eh?
Imagining in a server farm. Cool project!
So could you stream an MP4 movie, record the sound, then decode the sound back into a (probably lossy) reconstruction of the movie?
Can you say "calm down my selector"?
Cool idea to audio-ize network traffic. Artwork is peak edgelord cringe, though . . .
Something like this, but with a hard drive-like sound for SSDs, would be nice.
Is there a plugin for Goom ?
This seems viscerally “correct”, in some crazy sense.
Cool, but I was hoping for some 80s era modem sounds.
This is pretty cool. I believe it was Bob Metcalf at PARC who had a device in his office that was hooked up to the 3Mbs Ethernet cable and would essentially do the same thing. He built and installed it to get a feel for how much of an issue "collisions" would really be on the network. At the time, the idea that you could just back off when you detected a collision and re-transmit was considered heresy of the highest order and the "experts" all believed that once you got to a certain small number of clients the wire would be overwhelmed with collisions and the network would be unusable. His gizmo proved that wasn't the case.
In NSA parlance, a "selector" primarily is a string that semi-uniquely identifies and addresses a persons intercepted data, such as
- an IP address,
- an email address,
- a phone number,
- a SIM card's MSIN
- a person's social security number,
- a national ID card number,
- a passport number,
- a social media handle etc.
(elsewhere also known as "accessor", "key", "handle" or "index")
They are interesting because combining and updating them is a non-trivial problem, as I've realized today while implementing a user ban system.
There's a certain system I work with where random unauthenticated visitors on the internet end up supplying data like name/phone/email, with no validation... And of course, the business wants to somehow convert that into a list of "real people" and start correlating it to other records.
I've been trying to stop anything too terrible from happening by asking them to clarify their business requirements, e.g. what should happen when there is malicious impersonation, or the expected result should be when inconsistencies and overlaps exist.
It's not like there's no value to the data... but I'm afraid they don't really understand the problem are are hoping the magic computer can somehow *poof* garbage into fine cuisine.
“Enrichment” is what they actually want. People think it’s Google, Amazon, Facebook etc selling their data when in reality they are simply letting people target based on it.
On the other hand there are hundreds of companies nobody has ever heard of that do buy, collate, clean, and sell access to the data that apps, browser extensions, windows apps, loyalty card programs, branded credit cards, retailers, and companies that scrape LinkedIn etc will happily sell.
You provide what you have and for a price these “enrichment” services will provide what is essentially a dossier of everything that can be even remotely inferred from the thousands of datapoints they have based on your email/name/phone.
What most people think big tech is doing is actually being done in ways that are far more unsettling by companies with cutesy names and vague services that major companies sign contracts with to improve their signal to noise ratio.
Everyone in countries with data protection laws: concern.
Since he's building a sequencer, I'm almost disappointed it wasn't named Selecta.
Rewind Bo Selecta!!
That doesn't tell me why this is called selector.
> In CSS, selectors are patterns used to match, or select, the elements you want to style. Selectors are also used in JavaScript to enable selecting the DOM nodes to return as a NodeList.
From [1]. This nomenclature was also used way before CSS even existed; in SQL.
[1] https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_selecto...
That doesn't help at all. What do SQL or CSS have to do with it
My guess is it is meant tongue-in-cheek seeing as it is a way to render into audio all network traffic. The idea being that if you are being targeted by some nefarious, infamous 3 letter agency who has gotten something nefarious running on your system, this could, in theory, be used to identify traffic you didn't intend to have happen.
Realistically speaking, it's hogwash because you'd have to profile all "loopback" traffic and whatnot, but in theory, with enough time and effort, that dastardly stream of bits could be heard, I guess. The circuit board itself though has quite a bit of punning in it.
Also... If they really want on your databus, they will get on your databus. After a certain point, cost is not an issue.
Probably as a piss-take? After all, the NSA is a wholesale subjugator of human rights - why not take the piss out of it?
> if possible disable encryption, then you can profit from not only timing pattern (of white noise), but also listen in on the plaintext payload. the NSA loves plaintext.
Haha, incredible.
On a more serious note this is a really cool idea. Would be interesting to listen to the same origin traffic in different network conditions to hear things like TCP rate control.
SSL added and removed here! :-)
https://www.agwa.name/blog/post/cloudflare_ssl_added_and_rem...
This went over my head at first, but I really like it. So for those like me: it converts network traffic into audio output.
YouTube explainer: https://youtu.be/vfgySTaM1TI
For those interested in hearing some beats, the terminal demo starts at 4:34 https://youtu.be/vfgySTaM1TI?t=274
It really starts getting good at 15:00 when he starts losing packets.
Those who recall cars with fm radios and gsm phones will have heard something similar if their car had a random compartment right below the stereo.
When a call came in, before the phone would ring, the radio would emit this very clear tri di di dit dah dah. But only when the phone was very near the radio.
Yes kinda, I would say network activity rather then traffic. Audio signal is going to be in scale of 48Khz while measuring ethernet signal at scale of 100Mhz. At that rate it wouldn't even get more then 1 sample from a full size packet. So really it's polling 48Khz whether or not there was activity during that period. The gimmick is that it uses some analog components. Fully digital you could craft a meaningful audio signal that represents traffic.
This is a fun demonstration of the principle.
"every website sounds different" - that's super cool.
The bitmap images sent at the end of the video also sound really cool.
There used to be a thing on SunOS (I think) where you'd get `ping` to write to /dev/audio so you could diagnose network stuff by sound.
You can "ping -a" nowadays to get beeps for each reply, but it's not quite as cool!
You can still do this with /dev/dsp or similar. Might need sudo these days
`cat /dev/urandom > /dev/dsp`
For a more modern approach, try ffplay: cat /dev/urandom | ffplay -f s16le -
thanks this almost crashed my pc
some people learn the hard way that blindly copying and pasting things from the interweb directly to a terminal is not always the best of ideas. some times, they're bloody brilliant
curl $url | bash is probably the only worse culprit.
[flagged]
Some people are just evil.
One of the funnier parameters to encounter in the snoop manpage.
The joke is on him - I used to get this functionality for free way back in the day when (what I presume was) RF noise generated during the processing of ethernet traffic would get picked up by my cheap ISA sound card and sent to the speakers. I never built a sequencer out of it though.
Back in college, I would listen to AM radio while I worked on my computer. The radio would pick up electrical noise from the keyboard and the mechanical mouse. I wonder if this sounds anything like it.
TRS-80s were famous for bleeding over AM band. The entire AM band.
I read that the FCC really started cracking down on EM interference because early microcomputers were serious offenders. I'm guessing that's why there's a humongous RF shield inside my Amiga 1200.
Good for network wiring diagnostic. It would be great if it can pipe the noise to Bluetooth audio. I can pair a headphone to it, plug this into the network in another room and still can hear it while checking the line connections on the switch/router.
That audio port is blasting out a total bandwidth of 100 Mbps (4 bits at 25 MHz) versus 768 Kbps for BT audio, assuming a high quality codec (16 bits at 48 KHz), so not without loss.
Can be downsampled for the purpose. It's just noise after all.
It would be nice to compare all packets dumped by system and check if there are any unmatching packets running from your computer that were not sent by OS but a closed source hardware inside like Intel ME
Don't forget the GHCQ which installs a mirror on each UK modem. I don't think the NSA goes to these extremes
The NSA worked with GHCQ to tap Google's fiber between data centers, which at the time, was not encrypted. You can see several presentations including "SSL added and removed here" (reference to the SSL connection being terminated at the Google front end and then transmitted unencrypted to the backend in another data center), as well as an actual BigTable packet from tcpdump that included a user identifier.
If you read The Idea Factory, it shows that AT&T leadership worked closely with NSA and other governmental agencies (on a "secret schedule" so nobody would know who the execs were meeting with) to help them access US phone data.
I'd love to know the extent of what NSA has done between its founding and today; I'm sure they've pulled off some astounding things, and bolluxed up other stuff badly.
FWIW, as we've had this twice, GCHQ - Government Communications Headquarters.
I doubt encryption makes much of a difference, depending on the magic numbers in your implementation.
I've worked with quite a few ISPs and exchanges. I haven't set up port mirrors for the NSA but I have setup temporary mirrors for the FBI upon request.
The NSA/govt gets its own dedicated floor in some DCs, esp. large interconnects
This seems hard to believe, given how many different modems from different sources you can use, as well as thirdparty ones. Source?
Oh man, I really hope they don't get all my TLS connections.
Really cool, but has anyone built software to do this locally on a PC? For example:
snoop -a on solaris
https://slashdot.org/comments.pl?sid=46328&cid=477520411
A good comment :)
The Snowden silkscreen is a nice touch. What a great hardware build!
[flagged]
Wow! You taught me something new: https://en.wikipedia.org/wiki/Putler
I don't see any traces of Putler on the silkscreen.
The accompanying video is really nice: https://youtu.be/vfgySTaM1TI?t=269
Feature request: Replace all the blinking LEDs with these to drown out the fan noise in the server room.
When I was young, I'd use an AM radio right next to my Sinclair ZX81 to hear what it was doing when it was running in FAST mode.
By making loops of different speeds, one could even make basic tones and crude music.
The video really brought back memories of those sounds :)
Stuff like this is exactly why I come to Hacker News.
Many times over the decades I have constructed a MIDI->Audio cable so that I can record MIDI signals as audio, which as a technique is very useful for measuring and fixing MIDI->Synthesizer engine latency.
Its nice to know that if I ever get around to shipping a product with RTP-Midi (MIDI over Ethernet), I can just get a ready-made Eurorack module to do that testing! :P
You can also achieve something like this with a powerline networking adapter + a shortwave radio
bit evil really, they shit up almost the entire 0-30mhz
but they do work...
The seller does not ship to the United States at all.. :(
How are you going to name this product after the NSA, and not ship to the US???
The seller does not ship to the United States at all.. :( How are you going to name this product after the NSA, and not ship to the US???
Click through, and you'll find a more expensive version that is shipped to the US. It's called TariffBox.
We should make an American version and not allow it for sale anywhere else but the US.
You should make the NSA not function anywhere but within the US too, while you're at it.
Their charter is literally to spy on everyone outside the US.
You might as well ask the SVR/GRU to stick to snooping on Russians.
Their charter is to spy on the entire planet.
Nobody should be okay with that.
And yet every major country has an agency whose charter it is to do it.
And really, in that kind of situation, do they really have a choice?
Schoolyard bully justifications do not a great nation make. Especially when that nation is the worlds #1 committer of human rights abuses and supporter of genocide^Wmass murder at heinous scale.
Who are you talking about exactly? Germany? US? Russia? Britain? China?
All have these agencies. All could/did meet your other criteria now or at different recent periods.
Overall, why should they give a shit what you think on the topic either?
The USA of course. Who else is committing war crimes, crimes against humanity and insane human rights abuses at the same scale, this century? No other nation has given itself carte blanche to mass murder as fervently as the USA and its minion states in the 5-eyes coalition of the 'willing'.
As for giving a shit, those who allow themselves to be wilfully ruled by war criminals always become their final victim, so you should give a little more than a shit, yo.
Russia. Russia has. Oh, and China (if you count domestic ‘issues’ like Muslims).
And if you count the last 100 years, not just 20ish then Germany has a lot of notoriety on that front, as does Russia.
Frankly, they both make the US look like total amateurs.
No, you've got this entirely backwards. The USA and its allies have murdered more innocent people this century than any other nation, by a long, long margin.
How easily Americans forget that they massacred 5% of Iraqs population in cold blood, and then proceeded to wreak havoc in countless other states in the region.
And then, there's the human rights violations. No other nation violates human rights at massive scale like the USA and its minions. By a HUGE scale.
If you aren’t spying, you’re BEING spied on. Germany of all places shouldn’t be claiming any moral high ground on mass murder and human rights abuses.
Germany is a modern-day contributor to the mass violations of human rights, war crimes, and human rights abuses of the Western hemisphere, as a lackey state of the USA.
Eh, or you’ll get spied on regardless - might as well have some clue what others are doing too, so you don’t get blindsided as badly.
No matter how much everyone sings kum-ba-ya, nations have too many important reasons to spy, and very few real reasons not to. Even on allies.
‘Trust but verify’, eh?
Imagining in a server farm. Cool project!
So could you stream an MP4 movie, record the sound, then decode the sound back into a (probably lossy) reconstruction of the movie?
Can you say "calm down my selector"?
Cool idea to audio-ize network traffic. Artwork is peak edgelord cringe, though . . .
Something like this, but with a hard drive-like sound for SSDs, would be nice.
Is there a plugin for Goom ?
This seems viscerally “correct”, in some crazy sense.
Cool, but I was hoping for some 80s era modem sounds.
Great idea and +1 for excellent PCB art!
No Such Agen^H^H^H^HAttachment
So ridiculous, love it
[dead]
[dead]
[dead]
[dead]
[flagged]
This is killer art