SoylentNews

An Anonymous Coward writes:

From New Atlas

Although it outnumbers regular matter by a ratio of five to one, dark matter is frustratingly elusive. Many experiments have been and are being run to try to hunt down different types of candidate particles, but so far no direct trace has been found of any of them. Now, researchers from Max Planck have proposed a new hypothetical particle that might be behind dark matter – the superheavy gravitino – and outlined just how we might find them.

As far back as the 1930s, astronomers began to notice that galaxies are moving much faster than they should be, based on the mass we could see. Calculations led to the conclusion that there must be far more mass out there that we couldn't see, and this hypothetical invisible stuff became known as dark matter.

[...] But what's particularly interesting is that if superheavy gravitinos are real, we could find traces of them using the Earth itself as a giant detector. After all, we're bound to have had plenty of them pass through the planet in the last 4.5 billion years. And if they did, they should have left fingerprints behind.

Because superheavy gravitinos would interact with regular matter through the electromagnetic and strong nuclear forces, they could leave ionization tracks in rocks. The problem is, they might be difficult to distinguish from the paths of other particles.

See article abstracts in Physical Review letters and in Physical Review D.

Original Submission

takyon writes:

Waymo is making some of its self-driving car data available for free to researchers

The data collected by self-driving cars used to be a closely guarded secret. But recently, many companies developing autonomous driving systems have begun to release their data to the research community in dribs and drabs. The latest to do so is Waymo, the self-driving unit of Alphabet, which today is making some of the high-resolution sensor data gathered by its fleet of autonomous vehicles available to researchers.

Waymo says its dataset contains 1,000 driving segments, with each segment capturing 20 seconds of continuous driving. Those 20-second clips correspond to 200,000 frames at 10 Hz per sensor, which will allow researchers to develop their own models to track and predict the behavior of everyone using the road, from drivers to pedestrians to cyclists.

Waymo Open Dataset.

Also at TechCrunch.

Original Submission

takyon writes:

Chicago Police Department Piloting Samsung DeX in Vehicle

Chicago Police Department is rolling out a pilot of Samsung's DeX in Vehicle solution, providing officers the ability to dock their Galaxy smartphones and access policing applications on a dash-mounted display and keyboard.

The mobile-first initiative, announced at a press conference on August 21, aims to leverage the power of officer smartphones to streamline in-vehicle computing access. Officers participating in the pilot will be able to access computer-aided dispatch and other Chicago Police Department systems to conduct background checks and complete reports. Photo and video evidence captured on the smartphone will also be immediately accessible to attach to reports. The initial pilot will roll out for CPD's 11th district.

Also at Engadget.

See also: Living up to the promise of Continuum for Windows Phone, Samsung Dex makes its way into police cars

Related: Samsung to Give Linux Desktop Experience to Smartphone Users
Samsung Shows Off Linux Desktops on Galaxy 8 Smartphone

Original Submission

takyon writes:

Space telescope would turn Earth into a giant magnifying lens

When it is finished sometime next decade, Europe's Extremely Large Telescope will be the largest in the world, with a mirror nearly 40 meters across. But one astronomer has proposed an even more powerful space telescope—one with the equivalent of a 150-meter mirror—that would use Earth's atmosphere itself as a natural lens to gather and focus light. Astronomer David Kipping of Columbia University has worked out that a 1-meter space telescope, positioned beyond the moon, could use the focusing power of the ring of atmosphere seen around the edge of the planet to amplify the brightness of dim objects by tens of thousands of times.

The atmosphere is too variable for a Terrascope, as Kipping calls it, to produce beautiful images to rival those from the Hubble Space Telescope. But it could discover much fainter objects than is now possible, including small exoplanets or Earth-threatening asteroids. Kipping acknowledges that more work is needed to prove the idea, but the necessary technology already exists. "None of this is reinventing the wheel, it just needs to be pushed a bit harder," he says.

Astronomers who read the paper Kipping posted last week on arXiv were both delighted and cautious. Matt Kenworthy, of Leiden University in the Netherlands, says he was "blown away by how much work and thought he had put into it" but wants more evidence that it will work. "I'd want to sit down and do a more realistic model," he says. Bruce Macintosh of Stanford University in Palo Alto, California, adds: "It's an interesting thought experiment, but there are a lot of details to think through."

A telescope could be put on the surface of the Moon facing the Earth (thus making both sides of the Moon attractive places to put telescopes), or at another location such as the L1 Lagrange point.

Also at Scientific American.

The "Terrascope": On the Possibility of Using the Earth as an Atmospheric Lens (arXiv:1908.00490)

Related: Sun Could be Used as a Gravitational Lens by a Spacecraft 550 AU Away
Halo Drive

Original Submission

takyon writes:

One could fly to Mars in this spacious habitat and not go crazy

On Wednesday, Sierra Nevada Corporation—the company that makes aerospace equipment, not beer—showed off its proposed in-space habitat for the first time. The inflatable habitat is, first and foremost, large. It measures more than 8 meters long, and with a diameter of 8 meters has an internal volume of 300 cubic meters, which is about one-third the size of the International Space Station.

Sierra Nevada developed this full-scale prototype under a NASA program that funded several companies to develop habitats that could be used for a space station in orbit around the Moon, as well as potentially serving as living quarters for a long-duration transit to and from Mars. As part of the program, NASA astronauts have, or will, spend three days living in and evaluating the prototypes built by Sierra Nevada, Boeing, Lockheed Martin, Northrop Grumman, and Bigelow Aerospace.

The selling point for Sierra Nevada's habitat is its size, which is possible because the multi-layered fabric material can be compressed for launch, then expanded and outfitted as a habitat once in space. It can fit within a standard payload fairing used for launch vehicles such as SpaceX's Falcon Heavy rocket, United Launch Alliance's Vulcan booster, or NASA's Space Launch System. It is light enough for any of those rockets to launch to the Moon.

[...] What this habitat does not presently have is an exact purpose. Lindsey said the inflatable habitat, which has some similarities in technology to Bigelow's expandable module attached to the International Space Station, could be sized for any number of missions, from a low-Earth orbit space station to a habitat on the surface of the Moon or Mars.

Where is Bigelow's B330?

Related: Bigelow Expandable Activity Module to Continue Stay at the International Space Station
Bigelow Aerospace Forms New Company to Manage Space Stations, Announces Gigantic Inflatable Module

Original Submission

takyon writes:

Chicago Tribune Claims iPhone Radiofrequency Radiation Levels Measured Higher Than Legal Safety Limit in Tests

The Chicago Tribune recently launched an investigation into the radiofrequency radiation levels output by popular smartphones, and found that some of Apple's iPhones are allegedly emitting radiofrequency radiation that exceeds safety limits.

According to the newspaper, it contracted an accredited lab to test several smartphones according to federal guidelines. iPhones were secured below clear liquid formulated to simulate human tissue while probes measured the radiofrequency radiation the liquid absorbed.

Several iPhones measured over the legal safety limits in the tests, but the worst performer was the iPhone 7. Its radiofrequency radiation exposure was over the legal limit and more than double what Apple reported to federal regulators.

The iPhone X was slightly over limits in some tests, as was the iPhone 8, while the 8 Plus stayed within the legal range. iPhones were tested twice after Apple provided feedback on the testing method. The modified test "added steps intended to activate sensors designed to reduce the phones' power."

[...] The FCC, meanwhile, said that it is going to be doing its own testing over the next couple of months.

"We take seriously any claims on non-compliance with the RF (radiofrequency) exposure standards and will be obtaining and testing the subject phones for compliance with FCC rules," agency spokesman Neil Grace said.

Also at AppleInsider and PhoneArena.

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

Hundreds of extreme self-citing scientists revealed in new database

The world's most-cited researchers, according to newly released data, are a curiously eclectic bunch. Nobel laureates and eminent polymaths rub shoulders with less familiar names, such as Sundarapandian Vaidyanathan from Chennai in India. What leaps out about Vaidyanathan and hundreds of other researchers is that many of the citations to their work come from their own papers, or from those of their co-authors.

Vaidyanathan, a computer scientist at the Vel Tech R&D Institute of Technology, a privately run institute, is an extreme example: he has received 94% of his citations from himself or his co-authors up to 2017, according to a study in PLoS Biology this month. He is not alone. The data set, which lists around 100,000 researchers, shows that at least 250 scientists have amassed more than 50% of their citations from themselves or their co-authors, while the median self-citation rate is 12.7%.

The study could help to flag potential extreme self-promoters, and possibly 'citation farms', in which clusters of scientists massively cite each other, say the researchers. "I think that self-citation farms are far more common than we believe," says John Ioannidis, a physician at Stanford University in California who specializes in meta-science — the study of how science is done — and who led the work. "Those with greater than 25% self-citation are not necessarily engaging in unethical behaviour, but closer scrutiny may be needed," he says.

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

This new YubiKey will offer dual security for Apple users – TechCrunch

Almost two months after it was first announced, Yubico has launched the YubiKey 5Ci, a security key with dual support for iPhones, Macs and other USB-C compatible devices.

Yubico’s newest YubiKey is the latest iteration of its security key built to support a newer range of devices, including Apple’s iPhone, iPad and MacBooks, in a single device. Announced in June, the company said the security keys would cater to cross-platform users — particularly Apple device owners.

These security keys are small enough to sit on a keyring. When you want to log in to an online account, you plug in the key to your device and it authenticates you. Your Gmail, Twitter and Facebook account all support these plug-in devices as a second-factor of authentication after your username and password — a far stronger mechanism than the simple code sent to your phone.

Original Submission

martyb writes:

I just finished updating the certs for SoylentNews.

We get our certs through Let's Encrypt. Yes, we could automate the whole process, but it has been discussed and decided that given our... unique configuration, it is best to have a human in the loop than to let a script somehow run amok and then try to restore things when who-all-knows-what got deployed and things have gone sideways.

I have checked our web sites for production, dev, and staff as well as sending and retrieving e-mail; all seemed to be okay.

More than anything else, this is a check on us to see if we (well, me, actually) overlooked anything. If you do detect any issues, please post a comment to this story.

(Hat tip to The Mighty Buzzard for standing by in case I bollixed up something.)

[Update: Unless, of course, you cannot post a comment to this story! Then pop onto the #Soylent channel on our Internet Relay Chat (IRC) server and let us know over there. --martyb]

Original Submission

upstart writes:

Submitted via IRC for SoyCow2718

Router Network Isolation Broken By Covert Data Exfiltration

Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration.

Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host.

The boundary insulates sensitive or critical systems from others that enjoy less strict security policies. This practice is common and even a recommended security measure. It is a logical separation that occurs at software level, though, and it is not airtight.

Researchers at the Ben-Gurion University of the Negev discovered multiple methods to carry data across two segregated network segments on the same hardware.

They achieved this through direct or timing-based covert channels and tested the findings on seven routers in various price ranges from multiple vendors. The methods do not allow exfiltration of large aounts of data but shows that it is possble to break the logical barrier.

Clandestine direct communication is possible by encoding the data in packets that several protocols erroneously forward to both isolated networks. This method does not work on all tested routers and where it is valid, the transfer is not bidirectional in all cases.

Timing-based covert channels rely on shared hardware resources (CPU time, network and memory buffers) to send the information. This is done by influencing the use of those resources and reading the effect to interpret the bits of data.

"To exploit these [timing-based] channels, we need to construct sender and receiver gadgets which cause an increased demand on the router’s control plane or sample this demand, respectively."

[...] The flaws discovered by the researchers, though, received the following identification numbers and are tracked as:

• CVE-2019-13263
• CVE-2019-13264
• CVE-2019-13265
• CVE-2019-13266
• CVE-2019-13267
• CVE-2019-13268
• CVE-2019-13269
• CVE-2019-13270
• CVE-2019-13271

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

China Now Has AI-Powered Judges

Beijing is bringing AI judges to court. The move, proclaimed by China as "the first of its kind in the world", comes from the Beijing Internet Court, which has launched an online litigation service center featuring an artificially intelligent female judge, with a body, facial expressions, voice, and actions all modeled off a living, breathing human (one of the court's actual female judges, to be exact).

[...] But conspiracy theorists can breathe a sigh of relief — the AI apocalypse is not nigh (yet). This virtual judge, whose abilities are based on intelligent speech and image synthesizing technologies, is to be used for the completion of “repetitive basic work” only, according to the Beijing Internet Court’s official statement on the move. That means she’ll mostly be dealing with litigation reception and online guidance. Other features of the online service center include a mobile micro-court and an official Weitao (Taobao's social-media service for brands) account.

Rather than replacing human-populated courts, Beijing's Internet Court’s stated mission is to use new technology to provide more effective, more widely-reaching public services. According to court president Zhang Wen, integrating AI and cloud computing with the litigation service system will allow the public to better reap the benefits of technological innovation in China.

For the first time in China, #AI assistive technology was used in a trial at Shanghai No 2 Intermediate People's Court on Wed, the Legal Daily reported. When the judge, public prosecutor or defender asked the AI system, it displayed all related evidence on a courtroom screen. pic.twitter.com/fEI7cR5U3T

— People's Daily, China (@PDChina) January 25, 2019

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

Adwind Spyware-as-a-Service Attacks Utility Grid Operators

A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure.

Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign, researchers said. It offers a full cadre of info-gathering features, including the ability to take screenshots, harvest credentials from Chrome, Internet Explorer and Microsoft Edge, record video and audio, take photos, steal files, perform keylogging, read emails and steal VPN certificates.

“Critical infrastructure facilities are high-risk targets, and the fact that Adwind is available as a paid service is very concerning,” Bob Noel, vice president of strategic relationships for Plixer, told Threatpost. “Anyone willing to pay can target utilities, and when successful, they have the ability to collect keystrokes, steal passwords, grab screenshots, take pictures from the web camera, record sound, etc. If infected end users have access to critical system information, it could be stolen and used in an attempt to attack the facility.”

[...] Adwind has made bypassing and disabling security tools a hallmark. Last year, a new variant emerged that used a fresh take on the Dynamic Data Exchange (DDE) code-injection technique for anti-virus evasion.

“Tricking end users into clicking on malicious links or attachments continues to be the most successful means for bad actors to gain access,” said Noel. “As is true in the case of the Adwind remote access trojan, once malware lands on a device, it often has the ability to disable antivirus and other types of endpoint detection agents loaded on the device.”

Original Submission

takyon writes:

Microplastics in water not harmful to humans, says WHO report

Microplastics are increasingly found in drinking water, but there is no evidence so far that this poses a risk to humans, according to a new assessment by the World Health Organization.

However, the United Nations body warned against complacency because more research is needed to fully understand how plastic spreads into the environment and works its way through human bodies.

There is no universally agreed definition of microplastics but they are generally considered to be smaller than half a millimetre across.

Plastic production has grown exponentially in recent decades and is predicted to double again by 2025, said the report, which means more beads and threads are breaking down into minute particles and winding up in water supplies, pipes, cups, throats and bellies. Studies suggest bottled drinking water even contains minuscule elements of the polymers used in the container and cap.

Also at CNN.

Related: Car Tyres Cause 55% of Microplastic Waste, According to Study
Paper on Microplastic's Harm to Fish Will Likely be Retracted
Microplastics Found in 90 Percent of Table Salt

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

No REST for the wicked: Ruby gem hacked to siphon passwords, secrets from web devs

An old version of a Ruby software package called rest-client that was modified and released about a week ago has been removed from the Ruby Gems repository – because it was found to be deliberately leaking victims' credentials to a remote server.

Jussi Koljonen, a developer with Visma in Helsinki, Finland, discovered the hacked code in rest-client v1.6.13, and opened an issue to discuss the matter on the GitHub repo for the software. The gem, originally intended to help Ruby developers send REST requests to their web apps, was altered to fetch malicious code from pastebin.com that steals usernames, passwords, and other secrets from the client's host machine.

According to Jan Dintel, a developer with Digidentity in The Hague, Netherlands, when the infected client is used to send a REST request to a non-localhost website, the malware siphons off the URL of that site along with environment variables that may include authentication tokens, API keys, and other secrets you really don't want in the wrong hands. These details can be reused by the malicious code's mastermind to hijack the victims' accounts.

It also allowed arbitrary Ruby code to run on the infected host, and overloaded the #authenticate method in the Identity class to obtain and leak the user's email address and password every time the function is called to log into a service.

The creator of the cracked gem, Matthew Manning, a software developer based in Atlanta, Georgia, promptly apologized, saying that his rubygems.org account had been compromised.

"I take responsibility for what happened here," he explained in a post on Hacker News. "My rubygems.org account was using an insecure, reused password that has leaked to the internet in other breaches. I made that account probably over 10 years ago, so it predated my use of password managers and I haven't used it much lately, so I didn't catch it in a 1Password audit or anything. Sometimes we miss things despite our best efforts. Rotate your passwords, kids."

[...] Since developer-focused attacks have become more common, software repositories like rubygems.org, npm, and PyPI have encouraged developers to use multifactor authentication to help defend their accounts.

Original Submission

martyb writes:

Stuff like sophisticated government spyware is scary and all – but don't forget, a single .wmv file can pwn you via VLC:

VideoLAN has issued an update to address a baker's dozen of CVE-listed security vulnerabilities in its widely used VLC player software.

The VLC update includes patches to clear up flaws that range in impact from denial of service (read: application crashes) to remote code execution (i.e. malware installation). Users and admins can get fixes for all of the vulnerabilities by updating VLC to version 3.0.8 or later.

So far, no attacks exploiting these holes have been reported in the wild.

"While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user information or remotely execute code," VideoLAN offered in announcing the update. "ASLR and DEP help reduce the likeliness of code execution, but may be bypassed."

Each of the 13 flaws would be exploited by opening a booby-trapped media file, such as vids in WMV, MP4, AVI, and OGG formats. In other cases, the flaws could be exploited via browser plugins by visiting a malicious webpage.

Get updated version 3.0.8 from the VLC Download Page.

Original Submission

aristarchus has prompted this story:

According to BNN, Baltic News Network, quoting Al Jazeera reporting, the Italian government has collapsed.

Italian Prime Minister Giuseppe Conte has resigned following a decision by the far-right League party to present a no-confidence motion in the 14-month old coalition government.

The move on Tuesday leaves Italy in a political vacuum until President Sergio Mattarella decides whether to form a new coalition or call an election after talks with parties in the coming days.

Mattarella charged Conte with heading a caretaker administration after he handed in his resignation, pending consultations on a new government which are set to begin at 14:00 GMT on Wednesday.

The crisis began on August 8 when Matteo Salvini, the head of the League party, declared his alliance with the anti-establishment Five-Star Movement was dead and called for elections, a move he hopes will make him prime minister.

Addressing parliament on the turmoil unleashed by the League's move, Conte accused Salvini, who is also deputy prime minister and interior minister, of trying to drag down the coalition for personal and political gain, and putting the nation at risk of financial instability.

"I'm ending this government experience here," Conte, who does not belong to either of the coalition parties, said in his almost hour-long speech to the chamber.

Widespread reporting including:

• https://www.nytimes.com/2019/08/20/world/europe/italy-pm-giuseppe-conte-resign.html
• https://www.wsj.com/articles/italian-prime-minister-to-resign-declaring-end-of-government-11566310341
• https://www.cbc.ca/news/world/italian-premier-quits-blames-deputy-1.5253440

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

We have spotted 8 more mysterious repeating radio bursts from space

Weird blasts from space called fast radio bursts are some of the most mysterious phenomena in the universe, and now astronomers have spotted eight new and particularly unusual ones, including one that may be the closest we've ever seen.

Fast radio bursts (FRBs) are flashes of radio waves that come from distant space and last just a few milliseconds. Many hypotheses have been put forward about what may be causing them, but none of them is a perfect fit.

What makes that even more difficult is that there seem to be two types of FRBs: bursts that happen just once, and bursts that repeat many times from the same spot in space. Up until now, we had only detected two so-called repeaters, but the Canadian Hydrogen Intensity Mapping Experiment (CHIME) has found eight more.

Finding repeaters is important because they are much easier to study than bursts that only occur once. "Repeaters are nice because you can follow them up and observe the source for a long time and see if there are any changes, which can give us clues about what the emission mechanism could be," says CHIME team member Shriharsh Tendulkar at McGill University in Montreal.

That's why the first repeater, FRB 121102, was also the first FRB that we tracked back to its home galaxy. Most of the ideas we have to explain repeaters are based on FRB 121102, but these new ones seem to be different. Their radio waves do not show signs of being scrambled by a turbulent environment like the first repeater. Also, FRB 121102 sits in the same spot as another source of radio waves that glows constantly, whereas none of the newly discovered repeating signals do.

"This demonstrates that there is a vast diversity even in what the repeaters are," says Tendulkar. "Maybe some of them are older, some of them have stronger magnetic fields, they're in different environments." It has been suggested that repeaters and non-repeaters may have different origins, but maybe there are a multitude of ways to produce FRBs instead of just two.

Reference:arxiv.org/abs/1908.03507

Original Submission