Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Siri Protocol Cracked

Unknown Lamer posted more than 2 years ago | from the siri-like-way-ogg-speex dept.

Apple 403

First time accepted submitter jisom writes with something that will probably not be working come morning. Quoting the source: "Today, we managed to crack open Siri's protocol. As a result, we are able to use Siri's recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we're going to share this know-how with you." Basically, Siri sends the data to the processing server using non-standard HTTP extensions. Of note is that the audio is encoded using Ogg Speex.

cancel ×

403 comments

You still need iPhone 4S (5, Informative)

CmdrPony (2505686) | more than 2 years ago | (#38055616)

While you could write an Android app or anything else, the protocol sends an unique ID with the request. That ID is unique to every iPhone 4S. End result being, you can probably use your own for your personal use, but if you try to sell an App for Android and include your ID with it, Apple will just blacklist it. So you will still need your own iPhone 4S.

Re:You still need iPhone 4S (5, Insightful)

jollyreaper (513215) | more than 2 years ago | (#38055626)

How long until they crack the unique ID generator and create viable clones of existing phones?

Re:You still need iPhone 4S (3, Insightful)

ackthpt (218170) | more than 2 years ago | (#38055654)

How long until they crack the unique ID generator and create viable clones of existing phones?

You can probably already buy them on the streets in Shanghai.

Re:You still need iPhone 4S (2, Insightful)

CmdrPony (2505686) | more than 2 years ago | (#38055660)

Never, unless they manage to hack into Apple's servers. The ID check is server side.

Re:You still need iPhone 4S (4, Insightful)

iluvcapra (782887) | more than 2 years ago | (#38055678)

How long until they figure out how to clone a phone? They already can do this :)

Besides, why would an Android user want to goto the trouble? I'm informed (rabidly and often) that Android phones already have superior features and that Siri is merely a clone with fancy marketing.

Re:You still need iPhone 4S (1)

Anonymous Coward | more than 2 years ago | (#38056010)

Besides, why would an Android user want to goto the trouble? I'm informed (rabidly and often) that Android phones already have superior features and that Siri is merely a clone with fancy marketing.

LOL those whacky fans of that big ad network Google.

Re:You still need iPhone 4S (4, Insightful)

demonlapin (527802) | more than 2 years ago | (#38056040)

(rabidly and often)

No doubt. Those users are the worst thing about having an Android phone.

I like my Android phone. It does what I need, it does it fairly smoothly. It's not as slick as my iOS devices, but I'm used to the downsides of Android and for the moment I'd rather deal with them than deal with the downsides of iOS. But the fanbois are just awful.

Re:You still need iPhone 4S (5, Interesting)

Odin_Zifer (1967888) | more than 2 years ago | (#38055780)

If some one where to gather a couple dozen unique ID's they could use those to setup a Siri relay service.

Re:You still need iPhone 4S (5, Insightful)

hydrofix (1253498) | more than 2 years ago | (#38055872)

If it is correctly implemented, that's easier said than done. It is not necessarily a key-value pair that are cryptographically verified (i.e. there exists a purely arithmetic function f(x,y) that returns true iff (x, y) is a valid pair, and client is allowed access if it supplies correct (x,y) ) This kind of system would be crackable; just find another arithmetic function f' that returns y for some x (one usually exists).

However, if Apple knew what they were doing (and they usually do), it's a GUID [wikipedia.org] database stored on Apple's server. Say, they generate a 128-bit random access code for each manufactured iPhone, and the only way you can use Siri is to supply a valid GUID. Such system is virtually uncrackable, because even for a 128-bit GUID and 200 million iPhone 4S manufactured, it would take a staggering 17 million trillion trillion guesses (i.e. HTTP requests to Apple servers) to guess right ONE correct GUID. If one request took a mere 100 bytes with its TCP/IP headers, you would have to transfer 170 million yottabytes (170 million trillion terabytes) of data to find one valid access key.

Good luck explaining this to your ISP! :)

Re:You still need iPhone 4S (3, Interesting)

inflex (123318) | more than 2 years ago | (#38055892)

Genuine question... couldn't you just get the GUIDs of existing valid iPhones?

Re:You still need iPhone 4S (3, Informative)

hydrofix (1253498) | more than 2 years ago | (#38055932)

Sure. But then you'd have to buy an iPhone.

Re:You still need iPhone 4S (1)

The MAZZTer (911996) | more than 2 years ago | (#38055966)

Then Apple just blacklists them from Siri for violating their ToS (I'm sure reverse engineering protocols are covered somewhere in there).

Re:You still need iPhone 4S (2)

inflex (123318) | more than 2 years ago | (#38056020)

I guess the subsequent point will be - what does Apple do when they find themselves blacklisting legitimate phone owners that simply have had the GUID lifted by a 3rd party ?

Re:You still need iPhone 4S (1, Insightful)

CmdrPony (2505686) | more than 2 years ago | (#38056038)

Maybe that's a good reason not to root your phone and download unverified stuff from warez places?

Re:You still need iPhone 4S (5, Informative)

Anonymous Coward | more than 2 years ago | (#38056074)

Or use an open WiFi access point. I'd point out the iThingies send their UUID in a lot of requests to Apple servers over ordinary HTTP. I know this because I block it in Privoxy.

Re:You still need iPhone 4S (4, Funny)

sangreal66 (740295) | more than 2 years ago | (#38056048)

Not trying to suggest that this would be a viable approach, but you only seem to have considered the worst case. You would not have to transfer 170 million yottabytes if your first guess was correct.

Re:You still need iPhone 4S (1)

mug funky (910186) | more than 2 years ago | (#38056076)

sounds like a fun prank to play on apple's servers :)

Re:You still need iPhone 4S (1)

SCVirus (774240) | more than 2 years ago | (#38055912)

for each phone: id = secure_get_uuid() phone.flash(id) db.add(id)

Re:You still need iPhone 4S (1)

ghn (2469034) | more than 2 years ago | (#38055652)

Who said the ID needed to be valid? TFA does not mention if they tried random ID's.

Re:You still need iPhone 4S (1, Insightful)

CmdrPony (2505686) | more than 2 years ago | (#38055690)

They say this:

The iPhone 4S sends identifiers everywhere. So if you want to use Siri on another device, you still need the identfier of at least one iPhone 4S. Of course Apple could blacklist an identifier, but as long as youâ(TM)re keeping it for personal use, that should be allright!

Re:You still need iPhone 4S (1)

sunderland56 (621843) | more than 2 years ago | (#38055886)

So you will still need your own iPhone 4S.

You don't need your own, you just need a unique ID.

I'm sure that there must be someone you don't like who owns an iPhone? Just borrow it for a sec to "make a quick call"...

your ass cherry cracked (-1)

Anonymous Coward | more than 2 years ago | (#38055618)

by massive cock.

Re:your ass cherry cracked (4, Insightful)

masternerdguy (2468142) | more than 2 years ago | (#38055664)

The quality of the anonymous coward troll posts is declining. I expected more.

Obligatory that's what she said joke. (2)

mosb1000 (710161) | more than 2 years ago | (#38055838)

That's what she said.

Re:your ass cherry cracked (-1)

Anonymous Coward | more than 2 years ago | (#38056006)

you expected more dick in your ass cherry?

Apple upending their Bucket o' Lawyers on this (4, Funny)

ackthpt (218170) | more than 2 years ago | (#38055642)

3.. 2.. 1...

Re:Apple upending their Bucket o' Lawyers on this (1)

fidget42 (538823) | more than 2 years ago | (#38055658)

Here is an easier solution, how about just send everything via HTTPS.

Re:Apple upending their Bucket o' Lawyers on this (1)

NemosomeN (670035) | more than 2 years ago | (#38055682)

They are already having capacity problems. Sending everything via HTTPS would crush the servers.

Re:Apple upending their Bucket o' Lawyers on this (5, Informative)

CmdrPony (2505686) | more than 2 years ago | (#38055704)

They are already sending everything with HTTPS. That's why the researchers had to use gateway machine and certificate tricks to do man-in-the-middle attack.

Re:Apple upending their Bucket o' Lawyers on this (1)

NemosomeN (670035) | more than 2 years ago | (#38055714)

Grah, was just about to ninja correct myself after having read the article.

Re:Apple upending their Bucket o' Lawyers on this (4, Informative)

Fnord666 (889225) | more than 2 years ago | (#38055806)

Here is an easier solution, how about just send everything via HTTPS.

Apple is. From TFA:

Surprisingly, when we did, we wouldnâ(TM)t gather any traffic when using Siri. So we ressorted to using tcpdump on a network gateway, and we realised Siriâ(TM)s traffic was TCP, on port 443, to a server at 17.174.4.4.

The app even validated that the cert used was signed by a trusted CA. Fortunately the iphone4S allows you to add your own trusted CA to the trust chain.

Slightly less impressed (3, Insightful)

RightwingNutjob (1302813) | more than 2 years ago | (#38055666)

I thought it ran on the phone itself.

Re:Slightly less impressed (3, Informative)

Anonymous Coward | more than 2 years ago | (#38055692)

Ummmm.... no.... that would be why Siri fails so often due to network issues.

Re:Slightly less impressed (4, Insightful)

Darinbob (1142669) | more than 2 years ago | (#38055724)

That's what they wanted people to think. 99% of all phone apps have very little to do with the actual phone and instead they're just quick reference URLs to some external site that does most of the work. Of course they tie all the apps to the phone so that you can't bypass the store.

Re:Slightly less impressed (3, Informative)

Anonymous Coward | more than 2 years ago | (#38055758)

Apple has stated publicly that Siri uses Apple servers for processing. And observing the behavior of the device under lost network connection makes this quite obvious.

Re:Slightly less impressed (2)

Nogami_Saeko (466595) | more than 2 years ago | (#38056060)

I foresee some time in the (near?) future where Apple may "split" Siri - have some limited processing available on the client device for easy requests, or for when the network is unavailable, leaving network-only use for the really hard requests.

Because Siri is sending all of the requests to Apple's servers, I have no doubt that they're building a huge speech database and using it to refine their systems to make it far more accurate as people enter commands, use the correction tools and try rephrasing things in different ways.

This may be another reason why Apple is considering leaving Siri only for new devices. It's "possible" that if they provide client-side processing at some point, (some) older devices may really not have the memory or processing power available to handle that new version...

Really? (1)

Anonymous Coward | more than 2 years ago | (#38055996)

That's why almost all apps work in airplane mode? Must be magic!

Re:Really? (5, Funny)

mug funky (910186) | more than 2 years ago | (#38056096)

planes have wifi these days.

in other news, you're no longer allowed to smoke.

Re:Slightly less impressed (4, Insightful)

Psyborgue (699890) | more than 2 years ago | (#38055728)

Why would they waste the processing horsepower? It would eat the battery if it was even at all possible. They can do higher quality recognition on their servers anyway. The customer does not need to know where the processing is done as long as "it just works". To the consumer, and even some more technically inclined, it's magic -- and that is the real genius in the way Apple presents it's products. They make people feel like they're somehow in the future, that they're talking to an intelligent phone, that Saint Steve has somehow created artificial life and they get to own a piece of this future for the price of a modest chunk of change and a two year contract.

Re:Slightly less impressed (5, Interesting)

aXis100 (690904) | more than 2 years ago | (#38055770)

Doing the processing on the server seems very slow to me - I can find a contact much faster by pressing the first few letters than waiting for the round-trip latency to siri.

Heaps of people have tried to demo siri to me and most of the time it was a gimick that failed badly - either was slower than manual methods or just innacurate.

The scam of Siri (4, Insightful)

jmorris42 (1458) | more than 2 years ago | (#38055756)

> I thought it ran on the phone itself.

Nope, and that is the scam. Basically you are calling a service. Thus they could make Siri available on every iProduct with zero effort. That they decided to hold it as an exclusive feature for the 4S to try and create the 'gotta upgrade' stampede is truly lame. Keeping it to iProducts is ok, they ain't giving away a hefty compute farm after all, who do ya think they are after all, Google? But locking access to the service to one submodel of one product line is a terrible idea.

Re:The scam of Siri (3, Informative)

Torodung (31985) | more than 2 years ago | (#38055834)

It's still a bit scammy, but I would guess they're using early adopters as a massive beta test before rolling it out to iLife in general, so rather than depriving anyone, they're being cautious and scaling up usage slowly. Think "Apple Newton," and it's reasonable to suspect the company may still be a little gun shy with this kind of tech. Even if it is running "in the cloud" instead of on the device, there's a whole lot that could go wrong with Siri [siriousfails.com] . (Page is for entertainment purposes only. Not to be construed as actual examples. I am a non-attorney spokesperson.)

More than that, availability matters here, and they want the initial adopters to have a premium experience before they roll it out to the hoi polloi, and everything goes pear shape when they run into the usual scaling issues. You know, like the ones AT&T ran into with the first iPhones.

Re:The scam of Siri (1)

demonlapin (527802) | more than 2 years ago | (#38056054)

Apple doesn't have the experience that Google got out of 1-800-GOOG-411, of collecting a vast number of American voices speaking colloquial English. They need to limit it to the 4S for the time being in order to keep the total data load below threshold.

Re:The scam of Siri (2)

bucky0 (229117) | more than 2 years ago | (#38055992)

It's my understanding from reading the articles from a guy who managed to hack it onto the 3GS that the 4S actually has some pretty good voice canceling hardware onboard. Whether or not that's true, I can't say, but from the article I read, apparently things needed to be VERY quiet or the text-to-speech would fail hard.

Re:The scam of Siri (1)

scdeimos (632778) | more than 2 years ago | (#38056102)

Whether or not that's true, I can't say, but from the article I read, apparently things needed to be VERY quiet or the text-to-speech would fail hard.

It's not true. Ambient noise has no effect on the rendering of text-to-speech, just your ability to hear it. Oh, you meant speech-to-text! Carry on then.

Re:The scam of Siri (0)

Anonymous Coward | more than 2 years ago | (#38056058)

Easy there guys, it's not a scam... unless you want to completely water-down the meaning of what a 'scam' is, and render true scams meaningless.

Re:Slightly less impressed (2)

safetyinnumbers (1770570) | more than 2 years ago | (#38056120)

I thought it ran on the phone itself.

The outage [theregister.co.uk] was a bit of a giveaway.

The last time somebody screwed with Apple.. (0)

Anonymous Coward | more than 2 years ago | (#38055674)

... the SWAT team showed up

So it's remote? (3, Insightful)

Stormwatch (703920) | more than 2 years ago | (#38055688)

So the iPhone can't really do the speech recognition and synthesis by itself? That's quite underwhelming.

Re:So it's remote? (1, Redundant)

Mashiki (184564) | more than 2 years ago | (#38055706)

What? You're shocked by that or something. It was all a gimmick to begin with. You won't have synthesis and recognition on board for another 2-4 generations.

Re:So it's remote? (5, Insightful)

Psyborgue (699890) | more than 2 years ago | (#38055760)

I, too am shocked at how many people didn't realize this was all done server side -- especially here.

Re:So it's remote? (0)

Anonymous Coward | more than 2 years ago | (#38055824)

I blame article summaries for not mentioning it. Some of us just don't care about certain topics and don't research it.

Re:So it's remote? (2)

amiga3D (567632) | more than 2 years ago | (#38055844)

Actually there was an article at /. the other day that talked about this fact already. For most people though it seems like it's the phone doing it and really that's all that matters for 90 percent of the users.

Pain in all the diodes behind my Retina display (1)

Torodung (31985) | more than 2 years ago | (#38055864)

I am shocked anybody wants a "plastic pal that's fun to be with" in the first place. I mean, sh!t, did anybody notice that GPPs are made by Sirius Cybernetics in his books? Douglas Adams is probably suing Steve Jobs in ghost court right now.

Re:So it's remote? (0)

Anonymous Coward | more than 2 years ago | (#38055890)

I had assumed it was the case, otherwise why would they introduce it with their dual core update, and refuse to install it on less powerful devices? As it stands, offloading everything to a server, siri could probably run on a 1st gen...

Re:So it's remote? (1, Redundant)

MBCook (132727) | more than 2 years ago | (#38055734)

The iPhone is more than capable of speech synthesis. How do you think Voice Over works? Speech synthesis doesn't require a lot of processor, the original 1984 Mac could do it. Did the article mention that the results are sent back as sound files? I didn't see that.

But recognizing the speech, doing a good job, and figuring out all the commands... they use the server for that and I don't blame them. That way they can keep it constantly updated, with a huge database of phonemes/accents/vocabulary, and do it much faster than there iPhone would be able to on it's own.

Re:So it's remote? (-1, Troll)

MBCook (132727) | more than 2 years ago | (#38055762)

The iPhone is more than capable of speech synthesis. How do you think Voice Over works? Speech synthesis doesn't require a lot of processor, the original 1984 Mac could do it. Did the article mention that the results are sent back as sound files? I didn't see that.

But recognizing the speech, doing a good job, and figuring out all the commands... they use the server for that and I don't blame them. That way they can keep it constantly updated, with a huge database of phonemes/accents/vocabulary, and do it much faster than there iPhone would be able to on it's own.

Re:So it's remote? (5, Insightful)

muon-catalyzed (2483394) | more than 2 years ago | (#38055794)

The most alarming fact, for me, is that they are sending all my speech data over the Internet to some enormous Cloud database. Oh, and while they have it all, I must trust Apple now that they are not gonna mine this data and send it backdoor to advertisers and other interests.

Re:So it's remote? (5, Insightful)

amiga3D (567632) | more than 2 years ago | (#38055852)

What? I think that may be the primary purpose of Siri in the end. Only a small minority give a crap about security anyway.

Re:So it's remote? (4, Insightful)

mosb1000 (710161) | more than 2 years ago | (#38055880)

Well, they send your Siri requests. And, of course, almost everything you do on you cellphone is sent somewhere it can be tracked and recorded.

Trust in ads... (0)

SuperKendall (25149) | more than 2 years ago | (#38056100)

Oh, and while they have it all, I must trust Apple now that they are not gonna mine this data and send it backdoor to advertisers and other interests.

So in protest you are going to buy a GOOGLE Android phone?

Yes, your data is quite safe from advertising profiling there!

Re:So it's remote? (5, Insightful)

mo (2873) | more than 2 years ago | (#38055818)

Speech recognition isn't too CPU intensive, but it's *massively* memory intensive. It's not unreasonable for speech recognition engines to eat up a gig of ram, and the 4S only has 512mb. However, push it to a server with lots of ram and it can handle lots and lots of simultaneous speech recognition queries. It's tailor made to be a server-side task. At least until phones have gigs of free memory that aren't needed.

Re:So it's remote? (1)

n5vb (587569) | more than 2 years ago | (#38055842)

So the iPhone can't really do the speech recognition and synthesis by itself? That's quite underwhelming.

Indeed. Doing it all server side just seems like cheating, somehow ..

Sure they can publish it, but.... (-1)

Anonymous Coward | more than 2 years ago | (#38055700)

Don't these idiots realize that Apple will find some excuse to exclude their apps from the app store? I mean if you crack Apple's protocol and put it on the web, for crying out loud post it anonymously if you are an iOS developer, as those clowns (Applidium) are. I hope boasting about cracking the protocol was worth losing your job....

Win for Xiph (and open source) (3, Insightful)

nzac (1822298) | more than 2 years ago | (#38055716)

Appears that Xiph came out on top for speech codecs.

This also shortly after apple realized that ALAC was going to fail (at least as a closed source product, they may push it better as an open source project now it can be played by everyone).

They still have the very entrenched AAC though.

Re:Win for Xiph (and open source) (2)

iluvcapra (782887) | more than 2 years ago | (#38055846)

They don't have AAC. AAC is an MPEG-4 standard invented and licensed to MPEG-LA by the only company that could ever out-Apple Apple on IP, Dolby Laboratories.

Re:Win for Xiph (and open source) (3, Insightful)

pipedwho (1174327) | more than 2 years ago | (#38055860)

Isn't AAC just the MPEG4 version of what we know as mp3 (which is really just MPEG1/Audio layer 3)? There are already many open source implementations of AAC, so I don't see it as the same thing.

The real problem with AAC is the MPEG patent swamp. Even if Apple were to release an open source codec, it would still be under the same shadow that hangs over anyone that isn't lining the pockets of the MPEG licensing body.

Re:Win for Xiph (and open source) (2)

Guy Harris (3803) | more than 2 years ago | (#38055898)

Appears that Xiph came out on top for speech codecs.

...in the opinion of a spin-off from SRI; it might've been easier for them to go with an open source codec than to license a non-open-source codec. Remember, Apple bought the company that developed Siri; they didn't develop it themselves from Day One.

I'm not saying that the availability of the codec as open source was one of the reasons for the choice and that, if the open-source availability weren't an advantage, it would have lost to some closed-source codec; I'm just saying that one shouldn't assume this was an Apple decision (meaning the open-sourceness of it might have been irrelevant or perhaps a disadvantage) and draw conclusions from that assumption.

Re:Win for Xiph (and open source) (1)

nzac (1822298) | more than 2 years ago | (#38056012)

You miss the point, its adoption that matters. All modern codecs preform adequately considering the gains in bandwidth and storage.

If apple end up using Speex then, in hypothetical idealist opensouce theory, the line is drawn and only companies more closed (source) than apple can use the codec which is not many.

Re:Win for Xiph (and open source) (1)

Guy Harris (3803) | more than 2 years ago | (#38056118)

You miss the point, its adoption that matters.

I was responding to "This also shortly after apple realized that ALAC was going to fail", if your intent was to connect the two, rather than just citing them as two independent cases where Apple were either using somebody else's open-source code or open-sourcing something of theirs.

If apple end up using Speex then, in hypothetical idealist opensouce theory, the line is drawn and only companies more closed (source) than apple can use the codec which is not many.

I presume you mean "only companies more closed (source) than Apple would refuse to consider the codec" or something such as that, as no sane theory would argue that Apple's adoption of the open-source Speex codec would prevent companies more open-source-friendly than Apple from using it. Whether Apple's use of it would encourage other companies to use it is another matter.

The culprit is gonna be associated with Android... (1)

bogaboga (793279) | more than 2 years ago | (#38055738)

While this is an enviable achievement, I must say I am not that happy and here's why.

Apple fan boys are going to ramp up the mantra that Android geeks are behind this effort. With Ice Cream Sandwich's code released, we will be seeing an Android app pretty soon.

What will happen next are events reinforcing the myth that Android is a stolen product.

It's a sad day indeed.

Re:The culprit is gonna be associated with Android (1)

c0d3g33k (102699) | more than 2 years ago | (#38055808)

I'm not sure you really understand what source code is. The ICS source release has nothing to do with developers who write apps that use the Siri protocol. Nothing. At. All.

Re:The culprit is gonna be associated with Android (0)

Anonymous Coward | more than 2 years ago | (#38055814)

You really think Android and iOS just HAPPENED to be so similar and just HAPPENED to come out within a year of each other? You are seriously that gullible?
All that will happen is that Apple will simply tack on a requirement to register a 4S with serial number, original purchase receipt and a plan verification from the cell provider before you can use SIRI. So confirmation from 3 different sources would be much more inconvenient for hackers to bother with.
Plus that fact that SIRI servers, if inundated with requests from all devices, would not handle the overload and be very poorly responding, making the hackers not want to use it anyway.
Either way, these hackers who think they are so very smart, are actually quite stupid for failing to anticipate that there are so many ways for them to lose.

Re:The culprit is gonna be associated with Android (1)

amiga3D (567632) | more than 2 years ago | (#38055862)

I don't see an Android app being allowed access to an Apple server. Somehow I think someone at Cupertino will frown on that.

Re:The culprit is gonna be associated with Android (1)

Anonymous Coward | more than 2 years ago | (#38055924)

The only people who think Android is stolen are either a) below contempt or b) worthy of being punched or c) OMG STEVE JOBS IS MY GAAWWWDDDDD!!!!!! and probably fit squarely into a) and b) already.

Re:The culprit is gonna be associated with Android (1)

pipedwho (1174327) | more than 2 years ago | (#38055998)

What will happen next are events reinforcing the myth that Android is a stolen product.

It's a sad day indeed.

You're telling me. I was trying to use my iPhone yesterday and half the OS was missing! Stolen from right under my nose.

Nothing new (5, Funny)

CanEHdian (1098955) | more than 2 years ago | (#38055776)

I knew this long ago... I just asked "Siri, what protocols are you using to communicate with your server?"

Re:Nothing new (0)

amiga3D (567632) | more than 2 years ago | (#38055868)

damn.....I have no mod points....you should be +5 funny for sure.............

Command: (5, Funny)

PowerCyclist (2058868) | more than 2 years ago | (#38055786)

"Siri, Don't sue. Confirm.", Siri, "I'm afraid I can't do that Dave."

Re:Command: (2)

corychristison (951993) | more than 2 years ago | (#38055812)

"Siri, Don't sue. Confirm.", Siri, "I'm afraid I can't do that Dave."

That's fine and all, but my name is not Dave..

Re:Command: (1)

PowerCyclist (2058868) | more than 2 years ago | (#38055848)

Yeah, neither is mine, but it's not often that you can make that joke and it be more relevant to the situation than this time.

Re:Command: (0)

Anonymous Coward | more than 2 years ago | (#38055950)

Siri, Don't sue. Conform.
I'm afraid you're too late Dave.

Re:Command: (1)

PowerCyclist (2058868) | more than 2 years ago | (#38055986)

Oh no, It's the guys they sent to reclaim their prototypes again, RUUUNNNNN!

Re:Command: (1)

Anonymous Coward | more than 2 years ago | (#38056000)

"Siri, Don't sue. Confirm.", Siri,
"I'm afraid I can't do that Dave."

This is so Siri, so sue me! Siri people.

Would Apple mind? (4, Insightful)

fluffy99 (870997) | more than 2 years ago | (#38055792)

If Apple is learning anything from Google, it's that customer info is valuable. Siri could easily become an advertising platform that rivals Google. Targeted advertising, where companies pay Apple for premium listings ( eg Asking Siri about a Pizza place returns Pizza Hut who paid the most for that key word).

If that's their angle, they might welcome more traffic to Siri.

Apple didn't write Siri anyway (0)

Anonymous Coward | more than 2 years ago | (#38055796)

Hell, even the name comes from its origin: Stanford Research Institute. SRI wrote it, finished it, Apple bought it, closed it up. That's Apple's prerogative, but it should be very clear that they're now very much in the Microsoft territory of knowing who to buy over what to write.

Re:Apple didn't write Siri anyway (1, Insightful)

amiga3D (567632) | more than 2 years ago | (#38055900)

The difference being that generally MS bought up rivals to kill their products rather than compete with them. This got superior products out of the way so crappy MS stuff could continue to stifle. Apple buys up new and innovative tech to promote and market it. Have a few billion laying around they can do that now.

Re:Apple didn't write Siri anyway (1)

mosb1000 (710161) | more than 2 years ago | (#38055906)

Apple makes consumer electronics. Why should they be in the business of developing speech recognition and AI? Wouldn't they be spreading themselves thin? Apple likes to focus on doing only a few things. That kind of diversification would be counterproductive. Maybe in a few years when the tech is more established they'd take a crack at developing their own version.

Re:Apple didn't write Siri anyway (1)

Guy Harris (3803) | more than 2 years ago | (#38055964)

That's Apple's prerogative, but it should be very clear that they're now very much in the Microsoft territory of knowing who to buy over what to write.

Or, to put it another way, knowing when to buy and when to write - which I'd apply to Apple, Microsoft, and other tech companies as well. (Note that one of the main competitors to iOS was developed by a company that was bought by the company that's now developing it.) Perhaps buying technology is the sign of a company losing its innovative mojo; it might also be the sign of a company that's gotten big enough that they can deal with the dictum that "not all the smart people in the world work for you" by buying some of the companies that have those other smart people rather than just by buying their products.

So how many times .. (4, Funny)

n5vb (587569) | more than 2 years ago | (#38055830)

.. can you ask Siri "where to hide a body" before a backend notification gets emailed to a detective at your local PD?

Re:So how many times .. (5, Funny)

Bill Dimm (463823) | more than 2 years ago | (#38055910)

I asked Siri that question, and it responded: "You've already asked one time too many." It then displayed a map showing me how to get to Mexico.

Re:So how many times .. (4, Funny)

Sloppy (14984) | more than 2 years ago | (#38055978)

I didn't know they let you have a phone, Hans.

The Legal Battle Line is Drawn ... (0)

Anonymous Coward | more than 2 years ago | (#38055894)

© 2002-2003, Jean-Marc Valin/Xiph.Org Foundation

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of the Xiph.org Foundation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

This software is provided by the copyright holders and contributors “as is” and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the foundation or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

Re:The Legal Battle Line is Drawn ... (1)

jonwil (467024) | more than 2 years ago | (#38055928)

Isn't that just 3-clause BSD (or something almost the same) and therefore there is no requirement for apple to share anything?

Re:The Legal Battle Line is Drawn ... (1)

king neckbeard (1801738) | more than 2 years ago | (#38055968)

Apple doesn't have to share source code, but the license includes attribution, which doesn't appear to have happened (if it did, we'd have known that from the day Siri was first available). It is possible, however, that it uses an independently developed codebase that fits the speex spec, but that would be a waste of time for most people.

Re:The Legal Battle Line is Drawn ... (1)

Guy Harris (3803) | more than 2 years ago | (#38056062)

Apple doesn't have to share source code, but the license includes attribution, which doesn't appear to have happened (if it did, we'd have known that from the day Siri was first available).

We would if somebody'd bothered to fire up System Preferences^W^WSettings on an iOS 5 device and then go to General -> About -> Legal and scroll through all that crap looking for the text in question [slashdot.org] and found it. (I don't have an iOS 5 device to check it on.)

SOS ... HMS Apple Has Hit a Berg ... SOS ... (-1)

Anonymous Coward | more than 2 years ago | (#38055976)

Cook is Cooked!

Siri is a Trojen Horse that Steve left behind to giggle to death his enemies at Apple.

10 Points! (-1)

Anonymous Coward | more than 2 years ago | (#38055990)

Anything that fucks with Apple is a good thing.

A lesson in client/server security (5, Interesting)

AndrewStephens (815287) | more than 2 years ago | (#38056094)

TFA is actually pretty interesting:

As you know, the “S” in HTTPS stands for “secure” : all traffic between a client and an https server is ciphered. So we couldn’t read it using a sniffer. In that case, the simplest solution is to fake an HTTPS server, use a fake DNS server, and see what the incoming requests are. Unfortunately, the people behind Siri did things right : they check that guzzoni’s certificate is valid, so you cannot fake it. Well they did check that it was valid, but thing is, you can add your own “root certificate”, which lets you mark any certificate you want as valid.

Some Apple software (parts of iTunes) goes further and checks that the certificate presented by the server is actually signed by Apple. If the Siri software did this then the server would be impossible to fake man-in-middle-wise without hacking the client itself. Just checking that the certificate is valid is pretty useless protection - any certificate could be valid, what you care about is whether the server is who it says it is.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...