2020-07-01 00:00:00 ..
2020-08-02 18:26:48 UTC
2020-08-03 12:59:18 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
India plans to establish its own "very small" space station in the next decade as the country gears up for a first manned mission beyond earth.
Indian Space Research Organisation (ISRO) chief K. Sivan said Thursday that the ambitious project would follow a successful launch of a manned space flight scheduled by 2022.
"Our space station is going to be very small... useful to carry out experiments," Sivan told reporters in New Delhi.
"We are not having a big plan of sending humans on tourism and other things," he added.
OK, but if a guy named Khan Noonien Singh takes over the project, then what?
Europa, the fourth-biggest moon orbiting gas giant Jupiter, hides a salty, liquid ocean underneath its icy shell and thus, may harbor the ingredients necessary for life. A new study has found that Europa's surface is full of sodium chloride -- table salt -- and concludes the hidden ocean underneath Europa's ice may be more similar to Earth's oceans than previously imagined.
The study, published Wednesday in Science Advances by researchers at Caltech and NASA's Jet Propulsion Laboratory, show for the first time how yellow patches on Europa's surface, first noticed by NASA proves Voyager and Galileo decades ago, actually indicate the presence of sodium chloride.
Excellent! The astronaut who catches the first Europan fish won't have to send away for seasoning.
Also at Caltech.
Telegram founder Pavel Durov said a massive cyber-attack on his messaging service originated in China, raising questions about whether Beijing tried to disrupt a protest involving hundreds of thousands that erupted on the streets of Hong Kong.
The encrypted messaging app said it experienced a powerful distributed denial of service attack after "garbage requests" flooded its servers and disrupted legitimate communications. Most of those queries came from Chinese internet protocol addresses, founder Pavel Durov said in a subsequent Twitter post. "This case was not an exception," he tweeted without elaborating.
[...] Hong Kong protesters have grown increasingly concerned about legal repercussions as Beijing tightens its influence over the former British colony and the local government prosecutes demonstrators. They've relied on encrypted services to avoid detection. Telegram and Firechat -- a peer-to-peer messaging service that works with or without internet access -- are among the top trending apps in Hong Kong's Apple store.
The UK Home Secretary Sajid Javid has signed off on the extradition of Julian Assange to the United States, reports El Reg.
Javid's certifying of the US extradition request lodged this week is the first formal step in having Assange sent across the pond. The next phase is tomorrow, when Belmarsh Magistrates' Court will set a date for a full extradition hearing. After that, assuming a district judge (full-time professional magistrate) OKs the extradition, Javid himself will make the final decision on whether or not to send the one-time chief WikiLeaker to America, as UK.gov's website explains. It is almost certain Assange will file an appeal to the High Court after the district judge's ruling, and again (as the law allows) after the Home Secretary's final decision.
In the US, Assange will face charges of violating espionage law.
Submitted via IRC for SoyCow1944
A Google security expert today revealed that an unpatched issue in the main cryptographic library of Microsoft's operating system can cause a denial-of-service (DoS) condition in Windows 8 servers and above.
The problem is in SymCrypt, the primary library for implementing symmetric cryptographic algorithms in Windows 8 and also for asymmetric ones starting with Windows 10 version 1703.
Tavis Ormandy, a vulnerability researcher at Google, noticed that SymCrypt could easily be used to cause a never-ending operation "when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric."
He was able to test the bug with the help of a specially crafted X.509 digital certificate that prevents completing the verification process. Any program on the system that processes the certificate triggers the vulnerability.
Affected systems can receive a malformed certificate in multiple ways since it is used in secure internet protocols (e.g. TLS) or for validating identity in digital signatures.
Thus, it can be delivered in digitally signed and encrypted messages via the S/MIME protocol or through a Secure Channel (schannel) connection that provides authentication between clients and servers.
The researcher considers the bug has low severity but can help an attacker take down a "Windows fleet" in a short period.
Submitted via IRC for Bytram
Marking the culmination of a 33-year odyssey, scientists today report a milestone in type 1 diabetes: the first time the disease has been markedly delayed in young people at high risk. Presenting at the American Diabetes Association meeting in San Francisco and publishing simultaneously in the New England Journal of Medicine, researchers found that 2 weeks of an experimental intravenous drug held off disease by an average of about two years.
The mainstay of type 1 diabetes treatment is insulin, discovered 97 years ago. These results open a new chapter, says Jeffrey Bluestone, an immunologist at the University of California, San Francisco, and part of the research team. "On the one hand," the outcome is "pretty exciting," Bluestone says. "On the other hand, now the real hard work begins." That will mean considering how to move this treatment forward and probing whom it's most likely to help.
The clinical trial began 8 years ago and included 76 people, the youngest of whom were 8 years old and the oldest in their 40s. Nearly three-quarters were 18 and under. Each had an extremely high risk of type 1 diabetes. In this autoimmune disease, the body attacks cells in the pancreas that make insulin, which helps keep blood glucose levels in check. By the time diabetes is diagnosed, most of these insulin-producing cells, called beta cells, are gone.
More than a million people in the United States have type 1 diabetes, which requires constant attention to blood sugar levels and insulin injections to stay alive. The condition carries a risk of long-term complications, including heart disease, blindness, and kidney failure. (People with the more common type 2 diabetes generally produce their own insulin, but their bodies can't use it properly.)
Over time, scientists have learned that type 1 diabetes begins years before it's diagnosed. Subtle attacks on the pancreas are led by the sentries of the immune system, T cells. Those attacks are detectable via antibody markers in the blood. During this quiet battle, beta cells in the pancreas are still largely intact, offering a crucial window in which to intervene and save them.
Weather forecasters need a ton of knowledge and a fair bit of experience with local weather patterns to do their job well. They also need a good forecast model. These computer models take in measurements from weather stations on the ground, satellites in orbit, and balloons in between and then simulate the physics of weather forward in time a few days.
For the first time in about 40 years, the guts of the US model got swapped out for something new today. The upgrade brings us a new "Finite-Volume Cubed-Sphere" (or FV3) dynamical core, which simulates the basic atmospheric physics at the heart of this endeavor, a change that has been in the works for a while.
The new core had its origins in simulating atmospheric chemistry but ended up being adapted into other models. A few years ago, it was selected to replace the old core in the US Global Forecast System model. And for more than a year now, the new version of the model has been running in parallel so its results could be compared to the operational model.
[...] The results have been a little mixed. The new core improves computational efficiency and allows some processes to be simulated at a higher resolution [...] But there have also been grumblings in the weather community over the past year about results that didn't seem so hot. For example, surface temperatures have been biased low in some situations, throwing off forecasts.
Submitted via IRC for SoyCow4463
A security breach at a billing company has resulted in nearly 20 million patients of LabCorp and Quest Diagnostics getting their information stolen from them. The breach was first disclosed Monday by Quest Diagnostics, which reported in a Securities and Exchange Commission filing that a breach at third-party collections vendor American Medical Collection Agency (AMCA) compromised 11.9 million customers. Today, LabCorp indicated that 7.7 million of its patients were also affected by the AMCA breach.
The attack targeted at AMCA's website is just the latest in a series of breaches that have managed to skim personal information from major companies. Similar attacks hit British Airways, Ticketmaster and Newegg late last year.
Submitted via IRC for Bytram
August's Perseid meteor shower is known for being among the year's most dazzling, but a lesser-known shower in June could be the most dangerous.
The Beta Taurid meteor shower is less well known because it is considered a weak daytime shower that peaks after sunrise, making it very difficult to spot from Earth. But for at least a few decades now, some scientists have suspected that the Beta Taurids have made their presence felt in other ways in the past.
Oxford scientists published research in 1993 suggesting that the space rock behind the Tunguska Event may've been hiding among the cloud of debris left behind by Comet Encke, which is responsible for the Taurids. The little bits of dust and pebbles burn up in our atmosphere and are seen as "shooting stars." But the researchers said there's reason to believe that Encke's dust cloud also harbors bigger boulders, and that it dropped one on the Tunguska River region of Siberia in 1908.
The Tunguska Event represents perhaps the most powerful meteoroid impact with the Earth in modern times. A bolide exploded in the atmosphere over the Siberian wilderness, flattening the forest and tossing people from their chairs over 40 miles away.
[...]Related research finds that this month Earth will make its closest approach to the center of the Taurid swarm since 1975. The scientists aren't suggesting that we should worry about a Tunguska-like impact, as we'll still be 18.6 million miles (30 million kilometers) away from the swarm center.
However, there could be a "possibility of enhanced daylight fireballs and significant airbursts," later this month, according to the AGU paper.
Astronomers are hoping to take advantage of the close approach to get a better look inside the swarm to see if they can spot any large objects.
Submitted via IRC for AnonymousLuser
Modern Android smartphones are susceptible to a new type of attack named "Tap 'n Ghost" that can induce fake finger taps to take unwanted actions.
The attack exploits flaws at both the software and hardware level and has been proven to work even against the most recent smartphone models.
It works against most NFC-enabled smartphones with capacitive touchscreens -- which is the most common smartphone touchscreen technology today.
The Tap 'n Ghost attack -- discovered and documented by three academics from the Waseda University in Tokyo -- works using an attack rig that consists of a 5mm thick copper sheet connected to a DDS signal generator, a high-voltage transformer, a battery pack, NFC readers/writers, and a small computer (laptop, Raspberry Pi).
This rig might look bulky, but the research team says it can be embedded inside regular tables, coffee tables, or any other furniture object on which a victim might place their smartphone.
The attack itself consists of two steps. Once a user has placed their smartphone near the attack rig to be in the smartphone's NFC range (of 4 to 10cm), the NFC readers/writers can get basic info about a device and trigger one of three actions.
It can make the user's smartphone open and access a specific URL (doesn't require any interaction), it can ask the smartphone to pair a rogue Bluetooth device (requires interaction), or it can ask the user to connect to a malicious WiFi network (requires interaction).
This works because, by default, Android devices always look for nearby NFC transmissions, at all times.
At this point, the attack moves in the second phase where the attacker can use the copper plate to induce electrical disturbances into the touchscreen.
Because capacitive touchscreens are a collection of electrodes that exchange small currents between each other during a touch interaction, the extra induced noise can cause ghost taps on the screen, either on a vertical or horizontal axis.
These fake taps can be used to hijack a user's original tap on a "No" button and apply it on the "Yes" one, allowing the smartphone to connect to a rogue WiFi network, or approve a malicious Bluetooth connection.
The Waseda research team says it tested the Ghost 'n Tap attack on seven smartphone models and were successful on five.
Submitted via IRC for Bytram
A French-built communications satellite for Russia's Gazprom Space Systems launched May 30 is maneuvering toward its final operating location in geostationary orbit using a set of backup thrusters after the spacecraft encountered a problem with its main engine.
Ground controllers planned a series of burns using the Yamal 601 satellite's main engine to send the craft into geostationary orbit more than 22,000 miles (nearly 36,000 kilometers) above the equator, where its speed will match the rate of Earth's rotation, giving Yamal 601 a constant coverage zone over Russia, the Middle East and parts of Southeast Asia.
But a main engine burn June 1 was cut short when the Yamal 601 satellite's pointing, or attitude, drifted away from expected parameters, according to Gazprom Space Systems, a subsidiary of the Russian oil giant. The spacecraft went into safe mode, but all other systems on Yamal 601 remained healthy, officials said.
Gazprom Space Systems said the problem was presumably caused by a deviation in the thrust vector from Yamal 601's primary orbit-raising engine, which was built in Germany by ArianeGroup. Thales Alenia Space of France, the prime contractor for the Yamal 601 spacecraft, determined the satellite's lower-thrust rocket engines could be used for orbit-raising.
Submitted via IRC for Bytram
You've probably seen ads for apps promising to make you smarter in just a few minutes a day. Hundreds of so-called "brain training" programs can be purchased for download. These simple games are designed to challenge mental abilities, with the ultimate goal of improving the performance of important everyday tasks.
But can just clicking away at animations of swimming fish or flashed streets signs on your phone really help you improve the way your brain functions?
Two large groups of scientists and mental health practitioners published consensus statements, months apart in 2014, on the effectiveness of these kinds of brain games. Both included people with years of research experience and expertise in cognition, learning, skill acquisition, neuroscience and dementia. Both groups carefully considered the same body of evidence available at the time.
Yet, they issued exactly opposite statements.
One concluded that "there is little evidence that playing brain games improves underlying broad cognitive abilities, or that it enables one to better navigate a complex realm of everyday life."
The other argued that "a substantial and growing body of evidence shows that certain cognitive training regimens can significantly improve cognitive function, including in ways that generalize to everyday life."
[...]The most important lesson from the literature on training is this: If you want to improve your performance on a task that's important to you, practice that task. Playing brain games may only make you better at playing brain games.
Submitted via IRC for Bytram
Maine Internet service providers will face the strictest consumer privacy protections in the nation under a bill signed Thursday by Gov. Janet Mills, but the new law will almost certainly be challenged in court.
Several technology and communication trade groups warned in testimony before the Legislature that the measure may be in conflict with federal law and would likely be the subject of legal action.
The new law, which goes into effect on July 1, 2020, would require providers to ask for permission before they sell or share any of their customers’ data to a third party. The law would also apply to telecommunications companies that provide access to the Internet via their cellular networks.
[...]State Sen. Shenna Bellows, D-Manchester, the sponsor of the new law, said Maine was taking a leading role when it came to protecting online consumer privacy.
“Mainers need to be able to trust that the private data they send online won’t be sold or shared without their knowledge,” Bellows said. “This law makes Maine first and best in the nation in protecting consumer privacy online.”
[...]Opponents to the law, including several coalitions of the nation’s leading telecommunication and technology sector companies, have argued it is in conflict with the FCCs rules and could also be a violation of U.S. Constitution’s interstate commerce clause, which prohibits any one state from regulating industries that do business across state lines.
Submitted via IRC for Bytram
It's been exactly one year since Opportunity sent this final message home—on its 5,111th Martian day
Opportunity's final message home is not much to look at on its own. If you're old enough to remember film cameras, it looks like the final exposure on a roll of film, developed but partly missing. It's a suitable epitaph for Opportunity's mission.
Opportunity captured this image with the left half of its PanCam, or Panoramic Camera. The rover had the solar filter on the camera at the time, which is why the image is so dark. The bottom is cut off because it was unable to transmit the entire image before losing power.
It bears similarity to Opportunity's first image from Mars, also taken with the left Panoramic Camera.
The image was captured on the 5,111th Martian Sol, in the Perseverance Valley. It was captured at about 9:30 a.m. PDT (12:30 p.m. EDT) on June 10, 2018, one year ago today. It transmitted the image up to the Mars Reconnaissance Orbiter at about 9:45, then on to Earth. It arrived here at about 10:05 a.m. PDT (1:05 p.m. EDT), where it was received by one of the stations in NASA's Deep Space Network.
Florida International University ("FIU") needed a foot bridge to cross a canal and busy street. An FIU committee selected a design without redundant structural support because they were wanting a dramatic landmark (the bridge looked like it was a cable stayed design, but it wasn't -- the faux cables were almost entirely aesthetic). The original specs had called for structural redundancy so that the failure of one structural member would not cause a collapse -- the committee ignored this requirement in favor of visual appeal.
The engineering firm selected for the bridge (FIGG) made an error in calculation for a critical member at the end of the span. The engineering firm providing peer review of the design (Louis Berger) has refused to turn over to OSHA, certain documentation regarding what it was supposed to evaluate and what it actually did. When the bridge section which had been built on the side of the road was moved into place, experienced workers became extremely worried about cracks that started appearing and made their worries known to those up the chain. A FIGG engineer examined the cracks but determined they "did not present a safety concern even though its engineers did not know what caused them — and despite clear evidence that they were growing daily." Apparently, the guidelines are that cracks deeper than a half inch are to be taken seriously and these were much deeper and growing daily -- one photo shows a crack 4" deep.
The final bridge would have two sections -- the long section over the roadway and a short section over the canal. The canal section was to be built in place and tied into the long section. Had the canal section been built first, the risk of collapse for the section over the roadway would have been reduced because it would have shored up the longer road section.
The bridge collapsed killing six and permanently disabling another.
Article regarding the OSHA report: https://www.miamiherald.com/news/local/community/miami-dade/article231428938.html
Article regarding independent engineering review with some good explanations which I, as a non-engineer, found informative: https://www.miamiherald.com/news/local/community/miami-dade/article212571434.html
Time Lapse Video of Bridge Collapse (released by FIU): https://www.youtube.com/watch?v=vrBOF2jugFM
Original Soylent item: https://soylentnews.org/article.pl?sid=18/03/19/1746219
Link to the OSHA report itself: https://www.osha.gov/doc/engineering/pdf/2019_r_03.pdf
After six years as a solo effort, Troy Hunt has found that he can no longer keep up with all the data breaches in his spare time. He's also aware that he has become a single-point-of-failure for an increasingly important service. He is, therefore, looking to sell his site https://haveibeenpwned.com/. News of this was relayed to users in a blog post and covered by threatpost in Troy Hunt Looks to Sell Have I Been Pwned:
Citing overwhelming demands on his time, Troy Hunt is looking for a buyer for his site, Have I Been Pwned (HIBP).
HIBP offers a free service for consumers wanting to know if their user names and passwords have been compromised in a data breach; it also offers commercial services that include alerts for members of identity-theft programs, enabling infosec companies to provide services to their customers, protecting large online assets from credential stuffing attacks, preventing fraudulent financial transactions, and giving governments and law enforcement assistance with investigations.
Hunt has been running the site for six years, and said in a posting on Tuesday that the sheer amount of breached information out there needing to be loaded into the database has accelerated to the point of outstripping one person's capability to keep up with it.
He noted that starting in January, with the massive Collection #1 data dump, his responsibilities in keeping HIBP afloat have spiked. This has led to him having to cut back on other things, like maintaining his social media presence on Twitter and writing technical blog posts. Even so, he's continued to travel and speak globally, upload weekly videos, and participate in industry and media events – resulting in something "very close to burnout," he said, as he tried to keep up with it all plus have a family life.
Here's hoping he can find an organization that will be as good a steward of the information as he has been.