SoylentNews

takyon writes:

Virgin Galactic unveils luxury lounge at its airport for space tourism

Richard Branson's space tourism startup, Virgin Galactic, is showing off a luxurious lounge area and top-shelf amenities for its wealthy clientele. The company on Thursday shared images of the interior at Spaceport America in New Mexico. Ticket holders, most of whom paid $200,000 or more for a Virgin Galactic flight, will one day congregate at the spaceport before they board a supersonic plane for a 90-minute ride into the upper atmosphere.

The renovations are another sign that Virgin Galactic is preparing to open for business at Spaceport America, a controversial facility that was built a decade ago using local taxpayer dollars. Images of the first-floor lounge area show a large coffee bar made of "back-lit Italian marble hovering above hand-crafted oak," according to a press release. Modern couches line the floor-to-ceiling windows at the spaceport with panoramic views of the surrounding desert. Other new facilities include a mission control center, a working area for pilots, and a briefing center.

Hundreds of people are lined up to ride a short high-speed trip aboard a Virgin Galactic space plane. Branson, who founded the venture in 2004, plans to be the first tourist aboard a Virgin Galactic space plane. The company said it has additional test flights planned and will be ready to start flying paying customers in the first half of 2020.

Also at TechCrunch.

Older article: Virgin Galactic prepares to move vehicles, staff to Spaceport America

Related: Virgin Galactic: Rocket Reaches Space Again in Test Flight (Update)

Original Submission

Arthur T Knackerbracket has found the following story:

A billion light years away, a monster star tore itself to shreds.

And by that I mean it tore itself to shreds. In general exploding stars — supernovae — leave behind a neutron star or black hole, but in this case it’s possible that the explosions was so over-the-top ridiculously violent that even the star’s core was ripped apart. It’s difficult to exaggerate how violent an event this was… but then, when huge amounts of antimatter are involved, that’s what happens.

Yes, seriously.

The event is called SN2016iet, a supernova that was detected on November 14, 2016. It was first spotted in data taken by the space-based Gaia observatory, and was followed-up by the Catalina Real-Time Transient Survey, then Pan-STARRS, and eventually the huge Gemini Telescope to get deep spectra of it. But it didn’t take long to determine that this particular supernova was weird.

And then they found it was really weird.

But even then it didn’t behave properly. Instead of fading away into obscurity, the supernova continued to shine, fading much more slowly than usual. The astronomers were still able to observe it in spring of this year, more than two years after the initial explosion.

Arthur T Knackerbracket has found the following story:

As cloud rises to encompass to more corporate applications, data and processes, there's potential for end-users to outsource their security to providers as well. 

The need to take control of security and not turn ultimate responsibility over to cloud providers is taking hold among many enterprises, an industry survey suggests. The Cloud Security Alliance, which released its survey of 241 industry experts, identified an "Egregious 11" cloud security issues. 

The survey's authors point out that many of this year's most pressing issues put the onus of security on end user companies, versus relying on service providers. "We noticed a drop in ranking of traditional cloud security issues under the responsibility of cloud service providers. Concerns such as denial of service, shared technology vulnerabilities, and CSP data loss and system vulnerabilities -- which all featured in the previous 'Treacherous 12' --  were now rated so low they have been excluded in this report. These omissions suggest that traditional security issues under the responsibility of the CSP seem to be less of a concern. Instead, we're seeing more of a need to address security issues that are situated higher up the technology stack that are the result of senior management decisions." 

This aligns with another recent survey from Forbes Insights and VMware, which finds that proactive companies are resisting the temptation to turn security over to their cloud providers -- only 31% of leaders report turning over many security measures to cloud providers. (I helped design and author the survey report.) Still, 94% are employing cloud services for some aspects of security.  

Original Submission

Arthur T Knackerbracket has found the following story:

Garments from Adversarial Fashion feed junk data into surveillance cameras, in an effort to make their databases less effective.

The news: Hacker and designer Kate Rose unveiled the new range of clothing at the DefCon cybersecurity conference in Las Vegas. In a talk, she explained the that hoodies, shirts, dresses, and skirts trigger automated license plate readers (ALPRs) to inject useless data into systems used to track civilians.

False tags: The license-plate-like designs on a garment are picked up and recorded as vehicles by readers, which frequently misclassify images like fences as license plates anyway, according to Rose (pictured above modeling one of her dresses). The idea is that feeding more junk data into the systems will make them less effective at tracking people and more expensive to deploy.

[...] Fashion fights back: Though it's the first to target ALPRs, this isn't the first fashion project aimed at fighting back against surveillance. Researchers have come up with adversarial images on clothing aimed at bamboozling AI, makeup that lets you hide your face from recognition systems, and even a hat that can trick systems into thinking you're Moby.

Original Submission

takyon writes:

Micron shared details of its 3rd generation of "10 nm-class" DRAM fabrication:

Micron's 3rd Generation 10 nm-class (1Z nm) manufacturing process for DRAM will allow the company to increase the bit density, enhance the performance, and the lower power consumption of its DRAM chips as compared to its 2nd Generation 10 nm-class (1Y nm) technology. In particular, the company says that its 16 Gb DDR4 device consumes 40% less power than two 8 Gb DDR4 DRAMs (presumably at the same clocks). Meanwhile, Micron's 16 Gb LPDDR4X ICs will bring an up to 10% power saving. Because of the higher bit density that the new 1Z nm technology provides, it will be cheaper for Micron to produce high-capacity (e.g., 16 Gb) memory chips for lower-cost, high-capacity memory sub-systems.

[...] As for mobile memory, Micron's 16 Gb LPDDR4X chips are rated for transfer rates up to 4266 MT/s. Furthermore, along with offering LPDDR4X DRAM packages with up to 16 GB (8x16Gb) of LPDDR4X for high-end smartphones, Micron will offer UFS-based multichip packages (uMCP4) that integrate NAND for storage and DRAM. The company's uMCP4 family of products aimed at mainstream handsets will include offerings ranging from 64GB+3GB to 256GB+8GB (NAND+DRAM).

Finally, a reasonable amount of RAM for smartphones. But I think we may need at least 24 GB, if not 32 GB.

Related: Xiaomi Announces Smartphones with 10 GB of RAM
Samsung Mass Producing LPDDR5 DRAM (12 Gb x 8 for 12 GB Packages)

Original Submission

Fnord666 writes:

Mozilla patched a vulnerability in the Firefox web browser with the launch of the 68.0.2 release which would allow unauthorized users to copy passwords from the browser's built-in Save Logins database even when protected with a master password.

"Stored passwords in 'Saved Logins' can be copied without master password entry" according to Mozilla security advisory, which also rates the security flaw tracked as CVE-2019-11733 as having a 'moderate' impact.

The flaw allows anyone with local access to a computer running an unpatched version of Firefox to go to the Save Logins dialog available in Firefox's Options > Privacy & Security preferences menu and copy the password stored for any of the saved logins by right-clicking and choosing the "Copy Password" option.

"When a master password is set, it is required to be entered before stored passwords can be accessed in the 'Saved Logins' dialog," says Mozilla.

"It was found that locally stored passwords can be copied to the clipboard through the 'copy password' context menu item without first entering the master password, allowing for potential theft of stored passwords."

Mozilla Firefox Bug Let Third-Parties Access Saved Passwords

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow1984

Judge finds several serious flaws with Georgia's current election technology.

Election security advocates scored a major victory on Thursday as a federal judge issued a 153-page ruling ordering Georgia officials to stop using its outdated electronic voting machines by the end of the year. The judge accepted the state's argument that it would be too disruptive to switch to paper ballots for municipal elections being held in November 2019. But she refused to extend that logic into 2020, concluding that the state had plenty of time to phase out its outdated touchscreen machines before then.

The state of Georgia was already planning to phase out its ancient touchscreen electronic voting machines in favor of a new system based on ballot-marking machines. Georgia hopes to have the new machines in place in time for a presidential primary election in March 2020. In principle, that switch should address many of the critics' concerns.

The danger, security advocates said, was that the schedule could slip and Georgia could then fall back on its old, insecure electronic machines in the March primary and possibly in the November 2020 general election as well. The new ruling by Judge Amy Totenberg slams the door shut on that possibility. If Georgia isn't able to switch to its new high-tech system, it will be required to fall back on a low-tech system of paper ballots rather than continue using the insecure and buggy machines it has used for well over a decade.

Alex Halderman, a University of Michigan computer scientist who served as the plaintiffs' star witness in the case, hailed the judge's ruling.

"The court's ruling recognizes that Georgia's voting machines are so insecure, they're unconstitutional," Halderman said in an email to Ars. "That's a huge win for election security that will reverberate across other states that have equally vulnerable systems."

Source: https://arstechnica.com/tech-policy/2019/08/judge-bans-insecure-touchscreen-voting-machines-from-georgia-after-2019/

[Update 20190818_234547 UTC: changed title from "Judge Orders Georgia to Switch to Paper Ballots for 2020 Elections" to be "Judge Bans Insecure Touchscreen Voting Machines from Georgia after 2019". Paper ballots are required only if they fail to implement a new high-tech system in time. --martyb]

Original Submission

DeathMonkey writes:

Breaking a long silence about a high-profile National Security Agency program that sifts records of Americans' telephone calls and text messages in search of terrorists, the Trump administration on Thursday acknowledged for the first time that the system has been indefinitely shut down — but asked Congress to extend its legal basis anyway.

In a letter to Congress delivered on Thursday and obtained by The New York Times, the administration urged lawmakers to make permanent the legal authority for the National Security Agency to gain access to logs of Americans' domestic communications, the USA Freedom Act. The law, enacted after the intelligence contractor Edward J. Snowden revealed the existence of the program in 2013, is set to expire in December, but the Trump administration wants it made permanent.

The unclassified letter, signed on Wednesday by Dan Coats in one of his last acts as the director of National Intelligence, also conceded that the N.S.A. has indefinitely shut down that program after recurring technical difficulties repeatedly caused it to collect more records than it had legal authority to gather. That fact has previously been reported, but the administration had refused to officially confirm its status.

[...] The executive branch had been internally divided over whether to push for an extension of the part of the Freedom Act that authorizes the phone records program. Months ago, the N.S.A. presented a bleak assessment of the program to the White House, saying it carried high costs and few benefits, but some officials argued that it made sense to keep the legal authority in case technical solutions emerged to make it work better, according to officials familiar with internal deliberations.

Trump Administration Asks Congress to Reauthorize N.S.A.'s Deactivated Call Records Program

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

Math Is Beautiful, Study Says

For some people, math can be a necessary headache. Yes, algorithms guide countless aspects of daily life. There are tips to calculate and hours to count. But unless someone's a specialist, they'll probably ignore complex math in any given situation if they can help it.

But Yale assistant professor of mathematics Stefan Steinerberger wants to challenge that perception. His new study shows that an average American can assess mathematical arguments for beauty just as they can pieces of art or music.

And he has the numbers to prove it.

Beauty is in the eye of the beholder, of course. But for Steinerberger and coauthor Samuel G.B Johnson, beauty is made up of nine separate components: seriousness, universality, profundity, novelty, clarity, simplicity, elegance, intricacy, and sophistication. They didn't come up with those criteria themselves, but expanded on ideas laid out in “A Mathematician’s Apology,” a 1940 essay by mathematician G.H. Hardy.

"The mathematician’s patterns, like the painter’s or the poet’s must be beautiful; the ideas like the colours or the words, must fit together in a harmonious way. Beauty is the first test: there is no permanent place in the world for ugly mathematics," Hardy wrote in his essay, which meant to draw distinctions between applied mathematics, as seen today in computer science and statistics, and what he called "pure," or theoretical, mathematics.

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

This Supercomputer Is Generating Millions of Universes

How does one study the formation of a galaxy? Or the formation of the oldest thing known to exist, the universe? There are many ways, including powerful telescopes both on land and in space. But Peter Behroozi, an assistant professor at the University of Arizona Steward Observatory, and his team, came up with a different method: generating millions of different universes on a supercomputer.

Examining all the generated universes together, Behroozi's team hoped, would show the likelihood of different physical theories of universal and galactic formation. The team wanted to specifically focus on the role that mysterious dark matter plays in galaxy formation, as well as how galaxies evolve over time and how they give birth to stars.

"On the computer, we can create many different universes and compare them to the actual one, and that lets us infer which rules lead to the one we see," said Behroozi, the study's lead author, in a press statement.

The virtual universes, each known as an "Ex Machina," feature a system that would put any open-world video game to shame. They contain 12 million galaxies and start 400 million years after the Big Bang, evolving all to the present day.

The tests challenged commonly held ideas on the formation of galaxies.

[...] "We took the past 20 years of astronomical observations and compared them to the millions of mock universes we generated," Behroozi explained. "We pieced together thousands of pieces of information to see which ones matched. Did the universe we created look right? If not, we'd go back and make modifications, and check again."

Original Submission

"upstart" writes:

Submitted via IRC for SoyCow7671

New Allegations: Capital One Suspect Stole From 30+ Organizations

The woman allegedly responsible for the massive breach of customer data at Capital One stole data from 30 other organizations, according to new information from prosecutors.

In a new court filing, they alleged that Paige Thompson stole terabytes of information from enterprises, educational institutions and other organizations, although she claims not to have sold or distributed any of it to others.

The information is being revealed as part of efforts by prosecutors to persuade the judge to deny bail.

It alleges that Thompson has a history of threatening behavior, including threats to kill others and herself. She is also said to have harassed a couple for seven years, forcing them to obtain a protection order.

Investigators found the new information on data breaches on servers in Thompson’s bedroom.

“That data varies significantly in both type and amount. For example, much of the data appears not to be data containing personal identifying information,” the court filing explained.

“At this point, however, the government is continuing to work to identify specific entities from which data was stolen, as well as the type of data stolen from each entity. The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified.”

Also at ArsTechnica

Original Submission

An Anonymous Coward writes:

Khara and Anime/CG production company "Project Studio Q, Inc." are preparing to switch their primary 3D CG tools to Blender. Blender will be used for some parts of "EVANGELION:3.0+1.0" they are currently working on.

Khara has been using Autodesk "3ds Max" as their primary tool so far. "EVANGELION:3.0+1.0" production is mainly done with 3ds Max. They are now starting to switch from 3ds Max to Blender. Usually the reason being "due to differences such as quality and functionalities", but Khara's reason is different.

Hiroyasu Kobayashi, General Manager of Digital Dpt. and Director of the Board of Khara and President of Studio Q, and Daisuke Onitsuka, CGI Director of Digital Dpt. of Khara and General Manager of Production Dpt. of Studio Q, told about their situation.

[Onitsuka] "We need cooperative work with friend companies for our production. However, many of those companies are small or middle-sized, so if we stick to 3ds Max it will cause higher management costs. ... While we still have the challenge whether a new partner company can use Blender or not, but at least, cost-wise is much simpler, so we are proposing them to use Blender as we use it."

[...] [Takumi] Shigyo: "We are getting more artists that started by using Blender in Studio Q. We are also seeing more high quality works by Blender users from high school students in Award:Q. I expect these new generations to be the majority working at studios in the future."

https://www.blender.org/user-stories/japanese-anime-studio-khara-moving-to-blender/

Original Submission

Arthur T Knackerbracket has found the following story:

Scientists have taken the temperature of a huge expanse of seafloor in the Arctic Ocean in new research by the U.S. Geological Survey and the Geological Survey of Canada. The study, published in the Journal of Geophysical Research, is accompanied by the release of a large marine heat flow dataset collected by the USGS from an ice island drifting in the Arctic Ocean between 1963 and 1973. These never-before-published data greatly expand the number of marine heat flow measurements in the high Arctic Ocean.

Marine heat flow data use temperatures in near-seafloor sediments as an indication of how hot Earth's outer layer is. These data can be used to test plate tectonic theories, provide information on oil and gas reservoirs, determine the structure of rock layers and infer fluid circulation patterns through fractures in those rock layers.

Starting in 1963, now-retired USGS scientist Arthur Lachenbruch and his team of researchers conducted 356 marine heat flow measurements and acquired more than 500 seafloor sediment samples while working from a hut installed on Fletcher's Ice Island, a 30-square-mile ice floe also known as T-3. These Arctic Ocean heat flow measurements taken by the USGS over the course of 10 years represent far more than the number available for the U.S. Atlantic margin.

[...] In the Journal of Geophysical Research paper describing these measurements, USGS geophysicist Carolyn Ruppel and co-authors combine the legacy T-3 heat flow data with modern seismic images. These Arctic Ocean seismic data are acquired by icebreakers taking images hundreds to thousands of meters (up to many miles) below the seafloor to reveal sediment and rock structures, faults, and other features.

[...] The new paper analyzes the variability in the T-3 heat flow dataset and shows that the temperatures of the seafloor and upper levels of the crust are not dependent on bathymetry or sediment thickness. The analysis also shows that high heat flow variability on Alpha Ridge, which was formed when a mantle hotspot triggered the creation of the High Arctic Large Igneous Province, is consistent with thin sediment cover over fractured basement rock permeated by circulating fluids.

The new study also confirms results obtained in the 1960s by Lachenbruch and USGS colleague B. Vaughn Marshall. They had postulated that differences between the make-up of the rock layers between Canada Basin and Alpha Ridge could account for a heat flow anomaly at the boundary between these provinces.

C. D. Ruppel, A. H. Lachenbruch, D. R. Hutchinson, R. J. Munroe, D. C. Mosher. Heat Flow in the Western Arctic Ocean (Amerasian Basin). Journal of Geophysical Research: Solid Earth, 2019; DOI: 10.1029/2019JB017587

Original Submission

[Updated 20190818_014119 UTC. (1) Added expansion of KNOB acronym and link to their site. (2) Note: the linked story has been updated since this story went live and the first 3 paragraphs you see here are no longer present on Bleeping Computer. --martyb]

Arthur T Knackerbracket has found the following story:

A new Bluetooth vulnerability named "KNOB"[*] has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.

In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1.

This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.

"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."

This reduction in key length would make it much easier for an attacker to brute force the encryption key used by the paired devices to communicate with each other.

Once the key was known to the attackers, they could monitor and manipulate the data being sent between the devices. This includes potentially injecting commands, monitoring key strokes, and other types of behavior.

[...] Below is the full list provided by ICASI of members and partners and whether they are affected:

[*] KNOB: Key Negotiation Of Bluetooth attack.

Original Submission

Arthur T Knackerbracket has found the following story:

A group of researchers led by Professor Myakzyum Salakhov has been working on the problem of optical states in plasmonic-photonic crystals (PPCs).

First Category Engineer Artyom Koryukin says that the research was dedicated to modeling bandgap—the range of light wavelength where propagation through a crystal is difficult. PPCs, on the other hand, allow the passage of light of a certain wavelength through this photonic bandgap. The problem of three-dimensional opal-like PPCs (OLPPCs), however, is that they don't admit light of certain wavelengths.

[...] OLPPCs with the hybrid mode of the optical states can be used in high-polarization-sensitive sensors. "We assume that the hybrid mode can be useful for improving the control of light in PPCs. New types of resonators based on OLPPCs can be used for the strong interaction of light and matter," adds Mr. Koryukin.

The group is planning to create a theoretical description of the model of such processes. Additionally, they want to find effective applications for OLPPCs, such as strong light-matter interactions with a single photon source.

Original Submission