Is a vulnerabiluty which has been known for hundreds of years. It's why soldiers are trained to march across bridges out-of-step.
The music video for Janet Jackson's 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers. "A colleague of mine shared a story from Windows XP product support," wrote Microsoft blogger Raymond Chen. The story detailed how "a …
A friend has a neighbour who - as part of a campaign of harassment - discovered the resonant frequency of my friend's windows and often plays the tone on a big bass speaker the other side of the wall. The original tone itself is below audible range, and there appears no danger of glass shattering dramatically, but the various harmonics coming back off the windows and other strange noises from frames are surprisingly intolerable in a sort of quiet fingernails-on-blackboard way. Since experiencing it first hand I have a lot more respect for resonance.
[Anonymous because this is an ongoing criminal incident]
Get a transducer (an acoustic guitar pickup will work), double backed tape, a small transmitter and receiver, a good sound system, and a copy of Edgar Winter's "Frankenstein".
Tape the transducer to the window in an inconspicuous place (bushes outside, curtains inside should work), and attach the transmitter. Verify comms before making your tactical retreat.
Crank Frankenstein while watching the output of the transducer. Note peaks.
Retrieve gear when expedient.
Or so a friend told me
"Get a transducer (an acoustic guitar pickup will work), double backed tape, a small transmitter and receiver, a good sound system, and a copy of Edgar Winter's "Frankenstein"."
Naw, try Toccata and Fugue in D minor played on a really big pipe organ. That usually roots out everything with a strong low frequency resonance. For something more modern, "Ambush" by Heart played on a stereo with a good subwoofer can be quite impressive.
"And it'll make the neighbours think they have a vampire or mad scientist living next door!"
So, a bonus.
My neighbors already know I'm both undead and do sciencey things. The undead thing is really good for a photographer doing interiors. We don't show up in reflections.
At our college radio station there was one song that turned the transmitter off. Turns out that one of the notes in the song resonated one of the protection relays at the transmitter. We tested this during engineering tests with organ music and let the turntable slow down. We could hear the various notes of the chord vibrating the relay until, poof!, the transmitter turned off.
Only if you've got spinning rust inside. SSDs should not suffer from this due to having no moving parts. And since they're are no moving parts on your processor, etc. They should all be safe too.
I suppose you could damage someone's fans with the right frequency, but there are so many different fans in use, that finding the right frequency for your intended victim would be a lot of work.
I'd say your safe for now...
The manufacturer that found the problem apparently added a custom filter in the audio pipeline to detect and remove the offending frequencies during audio playback.
If they added a feature to block out anything by Oasis and Coldplay then I'd definitely be in the market to buy one.
At the time XP came out, that song was a ten year old favorite, and played a LOT on radio stations nation-wide. And the tasteless freaks who enjoy that song frequently cranked it. Often, I am sure, around laptops of all makes and models (especially on college campuses).
Shirley this would have quickly become a fairly well known problem to those of us in the trade if it were true? Sheer numbers alone suggest it could not possibly have been overlooked.
Depends on the source of the sound, I guess. Sound waves from a relatively distant radio would probably have a different effect to sound waves from the internal laptop speakers. Which perhaps also accounts for why it was only certain models - positioning and size of the internal speakers would also be relevant.
How about the example where "playing the video on one laptop would crash another nearby laptop"?
I'd like to see this one demonstrated in a trustworthy lab. I've searched online, all I can find is assertions (basically, every tech publication has picked up on the same story). But I see no proof.
Note that I'll be equally happy if it's real or a hoax ... I have no dog in this race.
Indeed, my thoughts on this were "Cool story, bro". My second thoughts we 'why state video, when it's the sound that's allegedly having the effect?". Then I thought "why just this song, there's a lot of music with varying tempo and beats, so why just this one song?". Given I listen to anything from classical, rock, metal, Norse folk music, electronica, drum 'n bass, hip hop, jazz etc through a decent set of monitor speakers by my desk, at reasonable volume, and none of it has triggered anything.. I think there's a whiff about this story.
> Given I listen to anything from classical, rock, metal, Norse folk music, electronica, drum 'n bass, hip hop, jazz etc through a decent set of monitor speakers by my desk, at reasonable volume, and none of it has triggered anything
Music produced in the 80s often featured the new toys - synthesisers and digital recording - available to producers... if any era of music was going to feature notes of unnaturally clean timbre, it'd be the 1980s.
re: "It’s a specific type of HDD with the issue"
If there was any merit in the story though, we'd expect different tempo music affecting different hardware in the same way, and we've never encountered that. If your datacentre dumps it's fire suppression gas, that goes off with a bit of a pressure wave, and that can damage hard drives, but it is an energectic event. I doubt a few watts of sound energy can have the same effect as gas stored at a couple of hundred bar being dumped in seconds.
"Where where you during GCSE Physics classes?"
Getting a grade A.
And tempo could have an effect, as it's also a potential source of resonance. A drum beat is like pushing a swing, if the timing is right, the swing moves. I don't know the song, as I'm not a pop fan, but I doubt it has sustained monotone sine waves, so whatever is allegedly going on, it is fairly complex and unique to this song, so you can't really disregard any component of the music until you've tested it.
It could be misinformation, but we are a few months removed from April 1st.
It is entirely possible this WAS a problem back in the day. We just never identified it as such. We probably just said 'XYZ Brand' is absolute shite and we all knew to buy something different. Never gave it this much analysis.
> Shirley this would have quickly become a fairly well known problem to those of us in the trade if it were true?
To spot this problem, you'd have to work through all the other reasons XP might crash or be laggy. For starters, one, it's Windows XP, and two, it's XP trying to run on a 5200 RPM HDD.
The noise floor is high.
There's a fetch/seek/hunt joke in there someplace, but I can't get my head around how to serve it up on a nice platter...
Might be time to grab another cylinder of cold drinkable and work on the low level format for it.
Ok, Ok, I'll grab my coat and wander to another sector, stop reaching for the fragmentation grenade...
I like to keep the past alive (and I'm a tight-wad), so all of my PCs have 5400 spinning rust drives. Am I at risk, I wonder?
Following the CVE link takes me to mitre.org, which links to nist.gov, which links to the Raymond Chen blog. No mention anywhere, as far as I can tell, of what precise brand of HDD is affected.
I guess all I can do is ban Janet Jackson from the house until I find out. I can live with that.
I wouldn't worry too much about attacks like this (nobody cares about you unless you're working in critical infrastructure), but everything you have is running 10x slower than it could be. Spinning rust drives really are the bottleneck on anything they're in.
We had a 5 year old computer at work that had a 1 TB HD - it would take 5 minutes to boot chunka chunka chunka chunka. This week we replaced it with a cheapass 870 EVO SATA SSD (nowhere near the fastest drive you can get) and now it boots in 15 seconds. Compiles that took 10 minutes take 30 seconds.
Not everything about the past was good.
The CVE-writer(s) should have named manufacturers and drive models! Otherwise, it's just sensationalistic click-bait.
In my experience (scads of USB flash drives, few SSDs), flash drives tend to fail without warning. Spinning rust, much less so. Thus I use actual-disc-disc-drives for bulk data, and SSDs for compilation-related subdirs: /usr/src/, /usr/ports/, /usr/obj/, /usr/xobj/, and /usr/xenocara/.
"In my experience (scads of USB flash drives, few SSDs), flash drives tend to fail without warning. Spinning rust, much less so."
A very good point. Also SSD tends to fail irrevocably, whereas if you have the dosh you can get spinning platters read in a cleanroom supposing the drive electronics have failed. There's also a so far largely undetermined potential for data loss from SSD due to charge leakage, but I have some 30 year old platter HDDs that can still be read reliably.
So very definitely horses for courses, rather than 'bleeding edge' versus 'legacy', but the bottom line is nevertheless 'back up and back up'.
A very good point. Also SSD tends to fail irrevocably, whereas if you have the dosh you can get spinning platters read in a cleanroom supposing the drive electronics have failed.
No need for clean room. I recall recovering customer's data from "dead" drives by swapping in PCB from a working drive.
Granted, these were old Seagate MFM/RLL drives and I also tried to use same/similar revision board if possible.
Also worked for a SCSI disk that let the magic smoke out (blowing a neat little hole in the controller IC). Luckily, that was back in the dim and distant days of 1994 (approximately), when local Computer Faires were a thing and there were so few drive types available to home users that it was actually a practical idea to go and hope to find a matching second-hand drive to be a board donor.
Fun story. But please, when writing, lay off the anti-Black prejudice. Sure, you may not like Janet Jackson's music yourself, especially the old stuff, but she's still an icon for many people. She's as talented as anyone else in that family, has been making music successfully for decades, and has suffered a *lot* of nasty attacks because of her race and gender.
It's really not a good look to be bashing Black culture so casually, when the story's actually about something else. Do better, please, vultures!
For the record, I've been listening to a lot of the old Motown stuff for the last ten days or so, male and female artists, mostly black, in memory of Lamont Dozier. I didn't have to purchase any tunes, I already own them on CD, and they are all on the permanent rotation here at chez jake.
Calling crap crap has nothing to do with race or gender.
The writing was lazy, talking about Janet Jackson as though her music is axiomatically rubbish. The story was a fun piece about music trashing HDs. No need for casual dismissal of the music and its creator, surely.
I fully appreciate that El Reg has a casual tone, but there's casual-fun and casual-thoughtless. Let's try and avoid the latter.
"Calling crap crap has nothing to do with race or gender."
And with that little slip of the tongue we actually know your true agenda.
Janet's Rhythm Nation
is not only considered the high point of her musical career it is also her most popular album, with over 14 million copies sold, and is also critically well received. The hit songs are still being covered by modern artists to this day, and some of today's top-selling artists quote it as an influence.
So with that Freudian slip we know that YOU choose not to like it and are trying to use your influential position to push that dislike as a acceptable position to others. Many, many "influencers" in today's society try to push that garbage, "I don't like it, therefore nobody should!" on others all the time - heck, it's the modus operandi to a lot of today's social and news media.
Just own up to it: you don't like Ms. Jackson's music and wish to [openly] communicate this dislike to others. At least be honest in your intentions and people can then accept, or dismiss, your personal agenda inside the balance of the story.
I'll agree with that, just because you don't like Janet Jackson doesn't mean, in any measure, that you do so because of her race or gender. You just may not like the genre / sound of the music.
Still, the author hides his personal bias against Janet Jackson with 'weasel words' rather than let readers openly know his stance, and therefore why he/she might be so thrilled to cover such a story. I've simply grown tired of this personal yet hidden agenda in many media outlets (it is especially vivid in the motorcycle reviewer realm), I've been seeing it for way over a decade now, and I'm calling it out. If you have a bias against the object / person being covered, either expose your bias openly or simply don't cover the story at all.
You mean the time that Justin Timberlake ripped off her clothes live on stage, and she was the one whose career was harmed? Oh, you'd forgotten that it wasn't actually her doing, or that the display of her body on TV doesn't seem to have been fully consensual? Funny, that.
If it said nobody listens to JJ any more that would be untrue - hardly anyone implies that some do but not many.
I started a WTF post a few hours go but couldn't decide if you were trying to find offense somewhere like a woke teenage Twitter user, if you were an offended superfan who was just misguided in their musical preference or having a laugh and trolling... You may have answered that one - back to twitter with you!
That's fully twice as many people as listen to Aqua's Barbie Girl each month..
You probably shouldn't judge Aqua by that track. They've released three albums so far and all were pretty good for the most part. I'd particularly recommend their last album - although not as a birthday gift for young children.
And if Spotify users I know are anything to go by, they just keep adding to their play lists and playing on shuffle. They rarely delete a song from the list so people some of those people playing her songs are doing so not out of "fandom" but simple inertia and laziness :-)
Causually denigrating a musician isn't attacking all black musicians. Janet Jackson is objectively crap: there, I've said it. It's only overly sensitive troublemakers who see a race problem in everything. There are a lot of white musicians about whom many people would say 'nobody listens to them any more'.
Nobody listens to Scott Joplin much any more, relatively. He's certainly not crap.
And Michael Jackson, good riddance.
OK. I have to say I have absolutely no idea where you're coming from on this one, so I shall not pursue it further.
If you want to make out that this is because I am somehow unconsciously racist, misogynistic, or in any other way down on some subsection of my fellow humans, I'm afraid I shall have to laugh at you, loudly.
There's nothing racist or sexist about calling her awful music awful.
I mean, I don't know her, she might be an absolutely lovely person. But the music is truly bad. There's nothing racist about that, virtually all pop music throughout history has been truly awful.
If it makes you feel any better, her music has nothing on her dead pedo brother's horrific aural assaults.
Based on who's analysis? Yours? Both Michael and Janet are *objectively* two of the most beloved artists in mainstream pop, in both critical reception and long-lasting cultural influence. Stop talking outta your ass and leave it at "not my cup o' tea" because you clearly know nothing about music but your little dusty corner.
Oh, do give over. I believe I have a dog in this fight, having some African ancestry. I don't see slagging off JJ as being in any way racist. The song is tripe, as is, IMO, most of her output. At best, I'd describe her stuff as throwaway pop fluff, at worst, something I'd go a long way to avoid.
Sorry but her music is commercial "gruel" churned out by corporate song writers who's main job is to produce music that fits the current popular radio sound! As far as talent, her vocals are always a mix of over-layed voices of which hers is just a small part!
As far as abuse, she and her siblings got far more abuse from their father than they did from anyone in the public. The man was an abusive A-hole!
Black culture (in the US) from when they were kids was a vibrant and positive thing. Black culture from the 80's to the present is hopelessly broken! Until blacks in America realize that the people they've entrusted their lives to are the ones screwing them over this won't change!
My wife has a Shakira CD with some kind of DRM. It is printed on the case "will not play on a PC or Mac".
It says nothing about not playing on a Sun Sparc server. So I put in to see what would happen. Instant kernel panic and dropped to the OK prompt. Yikes!
It only took a few seconds for the support phone to start ringing...
"Don't worry, I'm working on the problem already and should have it back up in a few minutes"
Many years ago I had a Discman which would also play MP3s (as in the files on a filesystem) burned onto a CD. Great as you could get a lot of music into ~650MB back then. The slight down side is that it would refuse to play any CDs that had some of the DRM stuff on it. Any such CD was sent back for a refund.
C'mon folks, some tracks are known issues:
Led Zeppelin Communication Breakdown: Causes immediate NIC failure
Prodigy Firestarter: PSU magic smoke
Proclaimers 500 miles: DAT cartridge spooling fault
Oh - and if you play Pink Floyd's Learning To Fly near BOFF central you can expect an accountancy head crash.
I'm sure there are more.....
"But it does feel safe to remind readers of the weirdest bug The Register has previously encountered"
Nothing strange about cosmic rays causing crashes. It is a phenomenon known about for over 40 years - IIRC affecting particularly DRAM. Hence the FITS*** measurement for such devices. The denser the number of memory cells - the more likely that a bit change could be effected by altering the charge.
It was interesting that using higher spec ceramic rather than plastic chip encapsulations made the problem worse. Ceramics are a natural source of localised cosmic rays IIRC subatomic particles due to radioactive decay.
A customer wanted to keep their large number of new banking terminals (no RAM parity or ECC) running without reloading daily over the network. We asked our environmental specialist for his opinion on the FITS risk. He calculated an undetected error somewhere in their branches once every two weeks. What the error would corrupt might be code or data - or unused memory space. The customer decided a daily reload would be advisable.
***Failures in Ten to the Nine
The fact that Raymond Chen and others find this story of holes believable is the most disturbing part. A colleague told me... instant hearsay established. Major laptop manufacturer and hard drive brand unnamed. No problem. The fix = "adding a custom filter in the audio pipeline that detected and removed the offending frequencies during audio playback". So the laptop manufacturer try to fix a resonance problem with somebody's else's hard drive, by adding an audio filter to their own laptop. And that make sense why? Raymond Chen admits the CVE part is somebody playing a joke, but you know... still trusts his colleague is not pranking the hell out of him. Too late.
It is the summer silly season when actual news is thin on the ground. August is the perfect time of tales that seem too good to be true.
On a more serious note, it is just reporting what Chen said, and that a CVE was assigned, which is funny. No one's confirmed the actual issue.
Our readers are smart enough to know how much weight to put on these sorts of yarns.
Perhaps Bootnotes instead of Security for this kind of thing?
It's all good. I seriously doubt you'll lose any readership over it, regardless.
It's Friday, this round's on me :-)
 Except perhaps the odd teen-angst account, created especially to bitch about it ...
People used to do this with chain printers.
Those printers rotate a chain containing characters at high speed past 132 hammers. As the character to be printed passes the hammer, the hammer strikes the chain, the chain then punches onto the paper via the inked ribbon. With each hammer strike the paper advances one line. This gives about the quality of text you'd expect. But they were fast, since they printed an entire line very quickly.
With rotating chains, hammering and paper being pulled through at a high speed, these printers were open to all sorts of physical nastiness by people carefully choosing text to print. Beginners would fire all hammers at once, experts would fire them all, wait, and fire them all again, and maybe throw in a page feed, to initiate a harmonic rocking of the printer. The godlike could time hammer strikes to make the chain temporarily halt, leading to a sideways rocking of the printer.
Resonant frequencies? Music? I wonder how many line printers suffered back in the day when certain prints were sent to the queue for loud musical entertainment in the computer room? After, of course, the necessary copies of 'Eskimo Nell' were printed following the nsfw 'acsii-art' printouts of other lovely ladies were queued for pinning up in the operators' cabin! ;-)