SoylentNews

Phoenix666 writes:

Phys.org:

Clothes are usually made of textiles and have to be both wearable and washable for daily use; however, smart clothing presents a challenge with its power sources and moisture permeability, which causes the devices to malfunction. This problem has now been overcome by a KAIST research team, who developed a textile-based wearable display module technology that is washable and does not require an external power source.

To phase out external power sources and enhance the practicability of wearable displays, Professor Kyung Cheol Choi from the School of Electrical Engineering and his team fabricated their wearable display modules on real textiles that integrate polymer solar cells (PSCs) with organic light emitting diodes (OLEDs).

PSCs are one of the most promising candidates for next-generation power sources, especially for wearable and optoelectronic applications, because they can provide stable power without an external power source, while OLEDs can be driven with milliwatts. However, the problem is that they are both vulnerable to external moisture and oxygen. The encapsulation barrier is essential for their reliability. The conventional encapsulation barrier is sufficient for normal environments; however, it loses its characteristics in aqueous environments such as water. It limits the commercialization of wearable displays that must operate even on rainy days or after washing.

Hooray. We'll be able to watch ads on people's overcoats on the subway.

Original Submission

takyon writes:

Blue Origin studying repurposing of New Glenn upper stages

Blue Origin has studied repurposing upper stages of its future New Glenn launch vehicle to serve as habitats or for other applications as part of a series of NASA-funded commercialization studies.

Brett Alexander, vice president of government sales and strategy at Blue Origin, said the company looked at ways it could make use of the second stage of New Glenn rather than simply deorbiting the stage at the end of each launch, but emphasized the company currently had no firm plans to reuse those stages at this time.

[...] That included, he said, turning those stages into habitation modules or other facilities for commercial use in Earth orbit. Those stages could be launched already outfitted for those uses or refitted once in orbit.

"We don't have actual plans at this moment" to reuse the upper stages in those ways, he noted. "We'll see what the best approach is at the end of the day."

Better to go fully reusable. New Armstrong?

Related: Lockheed Martin Repurposing Shuttle Cargo Module to Use for Lunar Orbiting Base
ISRO Will Attempt to Repurpose the Final Stage of a Rocket as a Satellite
Blue Origin to Provide Multiple Orbital Launches for Telesat

Original Submission

Phoenix666 writes:

Adhesive Gel Bonds to Eye Surface, Could Repair Injuries Without Surgery:

An adhesive gel packed with light-activated chemicals can seal cuts or ulcers on the cornea -- the clear surface of the eye -- and then encourage the regeneration of corneal tissue, according to a preclinical study published online today in Science Advances. The new technology, named GelCORE (gel for corneal regeneration), could one day reduce the need for surgery to repair injuries to the cornea, including those that would today require corneal transplantation.

"Our hope is that this biomaterial could fill in a major gap in technology available to treat corneal injuries," said co-corresponding author Reza Dana, MD, Director of the Cornea and Refractive Surgery Service at Massachusetts Eye and Ear and the Claes H. Dohlman Professor of Ophthalmology at Harvard Medical School. "We set out to create a material that is clear, strongly adhesive, and permits the cornea to not only close the defect, but also to regenerate. We wanted this material to allow the cells of the cornea to mesh with the adhesive and to regenerate over time to mimic something as close to the native cornea as possible."

Corneal injuries are a common cause of visual impairment worldwide, with more than 1.5 million new cases of corneal blindness reported every year. The current standard of care for filling in cuts, thinning areas, or holes in the cornea (corneal defects) includes the use of synthetic glues or surgery to patch the eye with tissue and/or corneal transplants. The synthetic glues currently available are rough, inherently toxic to tissues, difficult to handle, and can lead to significant vision loss due to the material's opacity and poor integration with corneal tissues. Corneal transplants carry risks of post-transplant complications, including infection or rejection.

Journal Reference:
Ehsan Shirzaei Sani, et. al. Sutureless repair of corneal injuries using naturally derived bioadhesive hydrogels. Science Advances, 2019; 5 (3): eaav1281 DOI: 10.1126/sciadv.aav1281

What if you blink before it's dry?

Original Submission

An Anonymous Coward writes:

https://www.geek.com/news/watch-mexicos-popocatepetl-volcano-explodes-in-one-of-largest-eruptions-in-years-1779064/

Mexico's Popocatépetl volcano erupted late on Monday, hurling incandescent rock about 1.5 miles down its slopes and sending ash into the night sky near the nation's capital.

The explosion, one of the volcano's largest eruptions in years, was heard from nearby communities and was loud enough to shake doors and windows of houses in the city of Puebla, according to local media.

[...] Mexico's National Centre for Disaster Prevention (CENAPRED) said the blast had sent a column of ash almost a mile (1.2 km) into the air.

In a statement, the agency urged residents — especially the some 25 million who live within about 60 miles of the mountain's crater — not to approach the volcano, because of the danger involved in the fall of ballistic fragments.

[...] Popocatépetl is considered the most threatening volcano in North America, in terms of explosive activity and population threat. Its current low- or moderate-scale eruptive behavior can switch relatively quickly to a large, catastrophic Plinian eruption, the largest and most violent of all the types of volcanic eruptions, according to the volcanologists at the National History Museum.

According to a report in The New York Times:

MEXICO CITY — Popocatépetl, the active volcano that rises some 40 miles southeast of the Mexican capital, exploded Monday night, sending a plume of ash and gas more than two miles into the inky sky and raining glowing rocks onto its slopes.

Video released by Mexico's national disaster prevention agency showed a fiery light at the volcano's crater at 9:38 p.m. The explosion was quickly enveloped in ash and pulverized rock as burning fragments of the volcano's dome fell over a radius of a mile and a half.

[...] Over the past few weeks, the volcano has become more active, prompting the authorities to repeat warnings to keep a distance of about seven miles away from the summit.

Even then, the image of Monday's eruption caught residents off guard, and social media was filled with awe-struck views of the volcano's red-hot crater.

Wikipedia entry on the volcano.

Original Submission

black6host writes:

Ok, I recently submitted a story about forensic tests for distracted driving. Now we have this:

https://www.washingtonpost.com/transportation/2019/03/20/volvo-says-in-car-cameras-will-monitor-drivers-take-action-prevent-distracted-or-impaired-driving/

Volvo on Wednesday announced plans to install cameras in its vehicles that will monitor drivers for signs of distracted or impaired driving and take action if it appears that a driver’s behavior becomes dangerous.

The Swedish automaker, which recently announced that it would limit the top speeds of its cars as a way of making highways safer, said the cameras would be part of a system that would slow the vehicles and “safely park” them on the side of the road if they detected that a driver was becoming incapacitated or if the driver’s attention had lapsed for a long time. The technology would also summon help from its 24/7 assistance center.

Fuck this. That's my opinion. The day my vehicle tells me that I can't go faster than 73, when I'm headed to the emergency room...

Also, I know that this post is from the Washington Post. If you've already read too many of their articles this month, and are paywalled, consider blocking java script. Works for me...

Also at TechRadar, Engadget & CNet Roadshow.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

A vulnerability in Ghidra, the generic disassembler and decompiler released by the NSA in early March, could be exploited to execute code remotely, researchers say.

The flaw, an XML external entity (XXE) issue, was discovered in the Ghidra project loading process immediately after the tool was released.

Impacting the project open/restore, the vulnerability can be exploited by anyone able to trick a user into opening or restoring a specially crafted project, a GitHub report reveals.

To reproduce the issue, one would need to create a project, close it, then put an XXE payload in any of the XML files in the project directory. As soon as the project is opened, the payload is executed.

Now that's just embarrassing.

Source: https://www.securityweek.com/vulnerability-nsas-reverse-engineering-tool-allows-remote-code-execution

Original Submission

martyb writes:

NASA's Fermi Satellite Clocks 'Cannonball' Pulsar Speeding Through Space:

Astronomers found a pulsar hurtling through space at nearly 2.5 million miles an hour -- so fast it could travel the distance between Earth and the Moon in just 6 minutes. The discovery was made using NASA's Fermi Gamma-ray Space Telescope and the National Science Foundation's Karl G. Jansky Very Large Array (VLA).

Pulsars are superdense, rapidly spinning neutron stars left behind when a massive star explodes. This one, dubbed PSR J0002+6216 (J0002 for short), sports a radio-emitting tail pointing directly toward the expanding debris of a recent supernova explosion.

"Thanks to its narrow dart-like tail and a fortuitous viewing angle, we can trace this pulsar straight back to its birthplace," said Frank Schinzel, a scientist at the National Radio Astronomy Observatory (NRAO) in Socorro, New Mexico. "Further study of this object will help us better understand how these explosions are able to 'kick' neutron stars to such high speed."

[...]Schinzel, together with his colleagues Matthew Kerr at the U.S. Naval Research Laboratory in Washington, and NRAO[*] scientists Dale Frail, Urvashi Rau and Sanjay Bhatnagar presented the discovery at the High Energy Astrophysics Division meeting of the American Astronomical Society in Monterey, California. A paper describing the team's results has been submitted for publication in a future edition of The Astrophysical Journal Letters.

[*] NRAO: The National Radio Astronomy Observatory.

For comparison purposes, according to Wikipedia:

Since October 11, 2018, the longest non-stop scheduled airline flight by great circle distance is Singapore Airlines Flights 21/22 between Singapore and Newark, New Jersey at 15,344 kilometres (8,285 nmi; 9,534 mi).

If that 18+ hour journey could be flown at the speed this pulsar is traveling, that distance would be covered in about 15 seconds.

Original Submission

takyon writes:

Justice Department issues subpoenas in criminal investigation of Boeing

US Justice Department prosecutors have issued multiple subpoenas as part of an investigation into Boeing's Federal Aviation Administration certification and marketing of 737 Max planes, sources briefed on the matter told CNN.

[...] Criminal investigators have sought information from Boeing on safety and certification procedures, including training manuals for pilots, along with how the company marketed the new aircraft, the sources said.

It's not yet clear what possible criminal laws could be at issue in the probe. Among the things the investigators are looking into is the process by which Boeing itself certified the plane as safe, and the data it presented the FAA about that self-certification, the sources said.

The FBI Seattle office and Justice Department's criminal division in Washington are leading the investigation.

See also: FAA: Boeing 737 MAX to get software update
Europe and Canada Just Signaled They Don't Trust the FAA's Investigation of the Boeing 737 MAX

Original Submission

martyb writes:

Artificial Meat: UK Scientists Growing 'Bacon' in Labs:

Scientists at the University of Bath have grown animal cells on blades of grass, in a step towards cultured meat.

If the process can be reproduced on an industrial scale, meat lovers might one day be tucking into a slaughter-free supply of "bacon".

The researchers say the UK can move the field forward through its expertise in medicine and engineering.

Lab-based meat products are not yet on sale, though a US company, Just, has said its chicken nuggets, grown from cells taken from the feather of chicken that is still alive, will soon be in a few restaurants.

[...]Chemical engineer Dr Marianne Ellis, of the University of Bath, sees cultured meat as "an alternative protein source to feed the world". Cultured pig cells are being grown in her laboratory, which could one day lead to bacon raised entirely off the hoof.

MrPlow brings us this IRC submission from soysheep9857:

A lawyer and psychologist expose the interrogation techniques that make people confess to crimes they didn't commit.

Would you confess to a crime you didn't commit?

It's a question to which most people would respond with a confident and resounding "no".

That is because few people are aware of the techniques police in the United States are permitted to use during interrogations; techniques that presume guilt and are designed to break people down into a sense of complete despair before offering them one route out: a confession.

In fact, in the US, more than 25 percent of overturned wrongful convictions involve a false confession. [...]

Source: https://www.aljazeera.com/programmes/witness/2019/03/false-confessions-innocent-people-confess-crime-190311093100363.html

Ed's notes: Firstly, apparently there's a vid accompanying the story, which those of us on prehistoric browsers are destined not to see. Secondly, of course, there's no reason that this should be a US-specific thing, as deep down it's just applied game theory. -- FP

Original Submission

t-3 writes:

https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/

In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. The company confirmed the vulnerability and assigned it CVE-2019-0797. Microsoft have just released a patch, crediting Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin with the discovery.

[...]This is the fourth consecutive exploited Local Privilege Escalation vulnerability in Windows we have discovered recently using our technologies. Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat. While FruityArmor is known to have used zero-days before, SandCat is a new APT we discovered only recently. In addition to CVE-2019-0797 and CHAINSHOT, SandCat also uses the FinFisher/FinSpy framework.

[...]CVE-2019-0797 is a race condition that is present in the win32k driver due to a lack of proper synchronization between undocumented syscalls NtDCompositionDiscardFrame and NtDCompositionDestroyConnection.

[...]The exploit that was found in the wild was targeting 64-bit operating systems in the range from Windows 8 to Windows 10 build 15063. The exploitation process for all those operating systems does not differ greatly and is performed using heap spraying palettes and accelerator tables with the use of GdiSharedHandleTable and gSharedInfo to leak their kernel addresses. In exploitation of Windows 10 build 14393 and higher windows are used instead of palettes. Besides that, that exploit performs a check on whether it’s running from Google Chrome and stops execution if it is because vulnerability CVE-2019-0797 can’t be exploited within a sandbox.

Original Submission

upstart brings us this IRC submission from SoyCow1984:

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.

Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once again discovered a new flaw in the content management software (CMS) that could potentially lead to remote code execution attacks.

The flaw stems from a cross-site request forgery (CSRF) issue in the Wordpress' comment section, one of its core components that comes enabled by default and affects all WordPress installations prior to version 5.1.1.

Unlike most of the previous attacks documented against WordPress, this new exploit allows even an "unauthenticated, remote attacker" to compromise and gain remote code execution on the vulnerable WordPress websites. [...]

Ed's notes: Considering that WordPress 5.1 contained "significant security enhancements", and being a cynic, I'm genuinely curious why people still use it - I've not checked the stats to see if its popularity is waxing or waning. -- FP

Original Submission

An Anonymous Coward brings us a tale from Techdirt of potential US copyright changes:

Last week we wrote a critical analysis of Elizabeth Warren's big plan to break up "big tech." As we noted, there was a lot in the plan that was nonsensical, unsupported by the facts or just plain confused. We'll be talking more about some of these ideas a lot over the next few years I imagine (stay tuned), but there was one line in Warren's plan that deserved a separate post: it appears that a part of Warren's big attack on big tech... is to give a massive handout to Hollywood. Here's the line:

We must help America's content creators — from local newspapers and national magazines to comedians and musicians — keep more of the value their content generates, rather than seeing it scooped up by companies like Google and Facebook.

That may sound rather basic and lacking any details, but what's notable about it is that the language reflects -- almost exactly -- the language used in the EU in support of the absolute worst parts of the EU Copyright Directive (specifically, Article 11 and Article 13). For example, this Q & A page by the Legislative Affairs Committee of the EU Parliament uses quite similar language:

The draft directive intends to oblige giant internet platforms and news aggregators (like YouTube or GoogleNews) to pay content creators (artists/musicians/actors and news houses and their journalists) what they truly owe them;

Why, that sounds quite familiar. Indeed, Warren's announcement even uses "keep more of the value their content generates," which appears to be a reference to the completely made up notion of a "value gap" between what internet platforms make and what they should be paying artists.

Original Submission

martyb writes:

New Zealand Bans Sale of Assault, Semi-Automatic Rifles: PM:

New Zealand has banned the sale of assault rifles and semi-automatic weapons after the country's worst-ever attack that killed 50 people in two mosques.

"Be assured this is just the beginning of the work we'll be doing," Prime Minister Jacinda Ardern told a news conference on Thursday.

[...]Ardern said she expects a new law to be in place by April 11 and buy-back schemes will be established for outlawed weapons.

"Now, six days after this attack, we are announcing a ban on all military style semi-automatics [MSSA] and assault rifles in New Zealand," Ardern said.

She said the man arrested in the attacks on two Christchurch mosques had purchased his weapons legally and enhanced their capacity by using 30-round magazines "done easily through a simple online purchase".

"Related parts used to convert these guns into MSSAs are also being banned, along with all high-capacity magazines.

"In short, every semi-automatic weapon used in the terrorist attack on Friday will be banned in this country," she said.

That was quick.

Original Submission

RandomFactor writes:

Zipcar, a subsidiary of Avis Rent a Car, is a popular car-sharing service. The cars are dependent on communications with the company's reservation system in order to function. This is fine of course, until the inevitable happens:

On Saturday, customers of car-sharing service Zipcar made a startling discovery. No matter what they did or how hard they tried, they couldn’t get the cars they had reserved to turn on.

The incident, which lasted several hours and affected an unknown number of vehicles and customers, serves as a reminder of the hazards associated with technology that is increasingly reliant on network connectivity to function.

Zipcar manages a fleet of 12,000 cars many of which were rendered inoperative due to an outage experienced by a third party telecommunications vendor. So once a driver turned off the engine (say to get gas, or any other reason)

The doors could open, but the engine and electronic systems wouldn’t respond.

Customers in various states and Canada shared stories of being stranded and waiting on a no doubt overwhelmed customer service to respond.

According to well known IT security wonk Bruce Schneier

This is a reliability issue that turns into a safety issue. Systems that touch the direct physical world like this need better fail-safe defaults.

Reality and Virtual Reality continue their inevitable merger.

Original Submission

t-3 writes:

https://arstechnica.com/information-technology/2019/03/godaddy-apple-and-google-goof-results-in-1-million-misissued-certificates/

A major operational error by GoDaddy, Apple, and Google has resulted in the issuance of at least 1 million browser-trusted digital certificates that don’t comply with binding industry mandates. The number of non-compliant certificates may be double that number, and other browser-trusted authorities are also likely to be affected.

The snafu is the result of the companies' misconfiguration of the open source EJBCA software package that many browser-trusted authorities use to generate certificates that secure websites, encrypt email, and digitally sign code. By default, EJBCA generated certificates with 64-bit serial numbers, in keeping, it seemed, with an industry mandate that serial numbers contain 64 bits of output from a secure pseudo-random number generator. Upon further scrutiny, engineers discovered that one of the 64 bits must be a fixed value to ensure the serial number is a positive integer. As a result, the EJBCA default produced a serial number with 63 bits of entropy.

[...]Section 7.1 of the Baseline Requirements for publicly trusted certificates [SUB: link is to a PDF] is clear that the minimum threshold for serial numbers must be no fewer than 64 bits of entropy. The 2016 ballot that enacted this requirement referred to a 2008 proof-of-concept hack in which researchers, using a raft of PlayStation consoles to generate cryptographic collisions in the MD5 hash algorithm, essentially became a rogue authority that could generate browser-trusted certificates at will. In 2012, state-sponsored malware dubbed Flame used a similar technique to hijack Microsoft’s widely used Windows update mechanism.