SoylentNews

upstart writes in with an IRC submission for Bytram:

Apple Pushes Back Against Zero-Day Exploit Claims:

Company said there is no evidence that iOS bugs revealed by ZecOps earlier this week were ever used against customers.

Apple has pushed back against claims that two zero-day bugs in its iPhone iOS have been exploited for years, saying it's found no evidence to support such activity.

Apple officials made the statement in response to a widely disseminated report published Wednesday by ZecOps, which claimed that two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads already had been exploited in the wild since 2018 by an "advanced threat operator."

"Both vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released," ZecOps said in its report.
However, Apple said in a statement to Bloomberg's Apple correspondent Mark Gurman that he posted on Twitter that this is just not true.

"We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users," the company said in the statement.

Also at www.securityweek.com

Previously: A Critical iPhone and IPad Bug That Lurked for Eight Years May be Under Active Attack

Original Submission

martyb writes:

Elon Musk says SpaceX Starlink satellite broadband beta testing starts in a few months:

This week [SpaceX] launched another batch of 60 satellites to bring the total size of its growing Starlink broadband constellation to more than 400. While it has the go-ahead to launch more than 12,000 satellites in the coming years, Musk said Wednesday that a "private beta" test of the service will begin in about three months, followed by a public beta about three months later for testers at northern latitudes.

In response to a Twitter user, Musk said Germany qualifies as far enough north, which could mean that much of northern Europe, Canada and the northernmost parts of the US may be eligible to try the service.

There is only so much bandwidth per satellite, so your pizza-box-sized transceiver would experience more congestion and lower throughput in an urban area than it would in a rural setting.

How many Soylentils are interested in signing up?

Original Submission

An Anonymous Coward writes:

GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps
Static analyzer proves its worth with discovery of null-pointer error

A static analysis feature set to appear in GCC 10, which will catch common programming errors that can lead to security vulnerabilities, has scored an early win – it snared an exploitable flaw in OpenSSL.

Bernd Edlinger discovered CVE-2020-1967, a denial-of-service flaw deemed to be a high severity risk by the OpenSSL team. It is possible to crash a server or application that uses a vulnerable build of OpenSSL by sending specially crafted messages while setting up a TLS 1.3 connection.

This means it's possible to disrupt or knock offline HTTPS websites that use a vulnerable version of the crypto library, by sending a prod-of-death. It can also be used by rogue servers to crash web browsers and other apps connecting in.

OpenSSL is a software library widely used to provide encrypted connections across networks and the internet. Here's the technical description from the OpenSSL maintainers of the flaw:

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.

[...] The analyzer is available from the master branch of the GCC 10 source code. It's hoped the feature will be finalized in time for version 10's official release, due this month or next. The current latest version is 9.3.

Original Submission

Arthur T Knackerbracket has found the following story:

Detached, double-lined, eclipsing spectroscopic binaries are crucial for astronomers testing stellar models. This is due to the fact that the masses and radii of both stars can be directly measured from the light and radial velocity curves of the system.

[...] To date, several tens of eclipsing binaries (EBs) have been detected in NGC 2264, and one of them is Mon-735, identified by observations with NASA's Spitzer spacecraft. A team of astronomers led by Edward Gillen of the Cavendish Laboratory at the University of Cambridge, UK, took a closer look at Mon-735 in order to get more insights into the nature of this system. For this purpose, they re-analyzed the archival Spitzer data and conducted follow-up observations of this binary using the Keck HIRES spectrograph.

[...] According to the paper, Mon-735 consists of PMS M dwarfs with masses of about 0.29 and 0.26 solar masses, radii of 0.76 and 0.75 solar radii, and effective temperatures of 3,260 and 3,213 K. The system is estimated to be between 7 and 9 million years old.

[...] "CoRoT 223992193 and Mon-735 are the first two low-mass EBs to come out of the CoRoT and Spitzer observations of NGC 2264, with more systems in preparation. These will form a powerful sample of near-coeval EB systems, formed from the same parent molecular cloud, with which to test PMS stellar evolution theory and better understand both the age of, and age spread within, the NGC 2264 region," the authors of the paper concluded.

Journal Reference:
Edward Gillen, Lynne A. Hillenbrand, John Stauffer, Suzanne Aigrain, Luisa Rebull, Ann Marie Cody. "Mon-735: A new low-mass pre-main sequence eclipsing binary in NGC 2264", arXiv:2004.04753 [astro-ph.SR] https://arxiv.org/abs/2004.04753

Original Submission

Phoenix666 writes:

Coronavirus: Scientists brand 5G claims 'complete rubbish':

Conspiracy theories claiming 5G technology helps transmit coronavirus have been condemned by the scientific community.

Videos have been shared on social media showing mobile phone masts on fire in Birmingham and Merseyside - along with the claims.

The UK's mobile networks have reported 20 cases of masts being targeted in suspected arson attacks over the Easter weekend, including damage to a mast providing mobile connectivity to Birmingham's Nightingale Hospital.

The posts have been shared on Facebook, YouTube and Instagram - including by verified accounts with hundreds of thousands of followers.

TV regulator Ofcom is assessing comments made by presenter Eamonn Holmes in which he cast doubts on media outlets for their attempts to debunk the claims.

But scientists say the idea of a connection between Covid-19 and 5G is "complete rubbish" and biologically impossible.

The conspiracy theories have been branded "the worst kind of fake news" by NHS England Medical Director Stephen Powis.

[...] Many of those sharing the post are pushing a conspiracy theory falsely claiming that 5G - which is used in mobile phone networks and relies on signals carried by radio waves - is somehow responsible for coronavirus.

Tough sledding for the engineers, but concerns about 5G have been raised prior to the coronavirus.

Original Submission

martyb writes:

European programmers take an extended lunch break as GitHub goes TITSUP* again:

Big sack o' source GitHub is having a hellish week as the Microsoft tentacle suffered wobbles aplenty even as it tipped the scorn bucket over the emissions of the US administration.

Having fallen over in dramatic style on 21 April, seen its notifications totter on 22 April, and had trouble with Actions Workflows in the small hours of 23 April, the platform decided to take an extended lunch break today.

Twitter[1] was its usual supportive self as developers found themselves faced with the dread error code 500 and a humorous depiction of the GitHub mascot tumbling into a ravine (like the unfortunate Wile E Coyote of Looney Tunes fame).

[...] GitHub itself recognised that there were "issues" at 13:20 UTC. By 13:33 UTC, engineers reckoned they had found the source of the borkage and were hurriedly plugging the servers back in working on a fix.

[...] Access to Vulture Central, at least, seemed to return shortly before 14:00 UTC.

The issue looked to be global, although the timing meant that much of the US remained in blissful ignorance while Europe and the rest of the world wailed.

[*] Total Inability To Service User Pulls

[1] https://twitter.com/Justin64558161/status/1252629251968376834.

[Update - looks like the issue is resolved- Ed.]

Original Submission

Phoenix666 writes:

Phys.org:

The mollusk Leptogyra bujnitzkii first appeared in a biological collection in Russia thanks to the legendary Arctic drift that began on 23 October 1937. Three icebreaking steamers—Georgiy Sedov, Malygin and Sadko—were beset and drifting in the ice following the sea current in the area of the New Siberian Islands. The same current transports driftwood from the Siberian rivers toward Greenland. In August 1938, the veteran icebreaker Yermak freed the Sadko and Malygin. However, the Sedov, whose rudder was badly damaged, had to be left in the ice as a drifting high-latitude station. This enforced wintering in the Arctic resulted in many scientific discoveries, included the debunking of the myth about the Sannikov Land.

The discoveries, however, continue today. The latest has been the discovery of sea snails from the subclass Neomphaliones among the exhibits in the collection compiled by the research expedition of the Sadko. The species description was based on only two specimens raised from a depth of about 3800 metres north of the Laptev Sea. Initially, in 1946, the Russian hydrobiologist Grigory Gorbunov assigned it to the genus Ganesa. Then, in 2003, the mollusk was assigned to the genus Skenea. However, in 2020, the experts' opinion about the rare sea snail unexpectedly changed.

The snail seems to be a sort of extremophile related to species that live near black smokers at the bottom of the ocean.

Journal Reference:
Ekaterina N. Krol, Ivan O. Nekhaev. "Redescription of Leptogyra bujnitzkii (Gorbunov, 1946) comb. nov., the first representative of the gastropod subclass Neomphaliones from the high Arctic", Zootaxa (2020). DOI: 10.11646/zootaxa.4759.3.13

Original Submission

Phoenix666 writes:

CNet:

Apple will start selling Macs that use in-house processors in 2021, based on ones in upcoming iPhones and iPad Pros, Bloomberg reported Thursday. The company is apparently working on three of its own chips, suggesting a transition away from traditional supplier Intel.

The initial batch of custom chips won't be on the same level as the Intel ones used in high-end Apple computers, so they're likely to debut in a new type of laptop, the report noted. These processors could have eight high-performance cores and at least four energy-efficient cores, respectively codenamed Firestorm and Icestorm.

Just another brick in the wall[ed garden]?

Original Submission

Phoenix666 writes:

ScienceX:

Existing e-skins and wearable devices primarily focus on monitoring physiological parameters like heart rate and can't assess health information at the molecular level. Moreover, they typically require batteries to power them, and the batteries need to be recharged frequently.

Despite recent efforts to harvest energy from the human body, there are no reports of self-powered e-skins that are able to perform biosensing and transmit the information via standard Bluetooth wireless communications. This comes down to the lack of power efficiency. There is a need for a self-powered device that can continuously collect molecular as well as physical information and wirelessly transmit the information to other devices.

The approach we take to harvesting energy from the human body is based on biofuel cells. Fuel cells convert chemical energy to electricity. The biofuel cells we developed for our e-skin convert the lactic acid in human sweat to electricity. In addition to the biofuel cells, the e-skin contains biosensors that can analyze metabolic information like glucose, urea and pH levels, to monitor for diabetes, ischaemia another health conditions, as well as physical information like skin temperature. The e-skin, made of soft materials and attached to a person's skin, performs real-time biosensing, powered solely by sweat.

Journal Reference:
Y. Yu et al., "Biofuel-powered soft electronic skin with multiplexed and wireless sensing for human-machine interfaces," [$] Science Robotics (DOI: 10.1126/scirobotics.aaz7946).

Cool appliqué. Can I get one that says, "AC⚡DC Rulez!"?

Original Submission

upstart writes in with an IRC submission for Bytram:

A critical iPhone and iPad bug that lurked for 8 years may be under active attack:

A critical bug that has lurked in iPhones and iPads for eight years is under active attack by sophisticated hackers who are using a zero-day exploit to hack the devices of high-profile targets, a security firm reported on Wednesday.

The exploit is triggered by sending booby-trapped emails that, in some cases, require no interaction at all and, in other cases, require only that a user open the message, researchers from ZecOps said in a post. The malicious emails allow attackers to run code in the context of the default mail apps, which make it possible to read, modify, or delete messages. The researchers suspect the attackers are combining the zero-day with a separate exploit that gives full control over the device. The vulnerability dates back to iOS 6 released in 2012. Attackers have been exploiting the bug since 2018 and possibly earlier.

"With very limited data we were able to see that at least six organizations were impacted by this vulnerability— and the full scope of abuse of this vulnerability is enormous," ZecOps researchers wrote. "We are confident that a patch must be provided for such issues with public triggers ASAP."

Targets from the six organizations include:

• Individuals from a Fortune 500 organization in North America
• An executive from a carrier in Japan
• A VIP from Germany
• Managed security services providers in Saudi Arabia and Israel
• A journalist in Europe
• Suspected: An executive from a Swiss enterprise

Apple has currently patched the flaw in the beta for iOS 13.4.5. At the time this post went live, a fix in the general release had not yet been released.

upstart writes in with an IRC submission for Bytram:

A Jaw-Dropping Demo In Only 256 Bytes:

"Revision" is probably the Olympics of the demoscene. The world's best tiny graphics coders assemble, show off their works, and learn new tricks to pack as much awesome into as few bytes as possible or make unheard-of effects on limited hardware. And of course, there's a competition. Winning this year's 256-byte (byte!) competition, and then taking the overall crowd favorite award, was [HellMood]'s Memories.

If you watch it in the live-stream from Revision, you'll hear the crowd going (virtually) wild, and the announcer losing his grip and gasping for words. It's that amazing. Not only are more effects put into 2⁸ bytes than we thought possible, but there's a full generative MIDI score to go with it. What?!?

But almost as amazing is [HellMood]'s generous writeup of how he pulled it off. If you're at all interested in demos, minimal graphics effects, or just plain old sweet hacks, you have your weekend's reading laid out for you. [HellMood] has all of his references and influences linked in as well. You're about to go down a very deep rabbit hole.

Video (2m).

Original Submission

martyb writes:

YouTube turns 15 today. Watch the first video it posted:

The clip is just 18 seconds long, but 15 years ago, it kicked off an online video revolution. Thursday marks the 15th anniversary of the first-ever YouTube video, which shows company co-founder Jawed Karim standing in front of an elephant enclosure at the San Diego Zoo.

[Video is at https://www.youtube.com/watch?v=jNQXAC9IVRw]

[...] "All right, so here we are in front of the, uh, elephants, and the cool thing about these guys is that, is that they have really, really, really long, um, trunks," Karim says. "And that's, that's cool. And that's pretty much all there is to say."

[...] Karim founded YouTube along with Steven Chen and Chad Hurley, all of whom were former PayPal employees. He's said in the past that part of the inspiration for the site came when he missed Janet Jackson's famous wardrobe malfunction at the 2004 Super Bowl[*], and couldn't find online video of the goof. Just one year after the 2005 zoo video was made, Karim and his fellow YouTube co-founders sold the platform to Google for $1.65 billion.

Obligatory link to YouTube video of the 2004 Super Bowl wardrobe malfunction.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

People Are Making Bots to Snatch Whole Foods Delivery Order Time Slots:

Social distancing and stay-home orders have led to booming demand for grocery delivery services. In some big cities, people report not being able to find an open delivery time slot for days or weeks at a time. And now Motherboard has found a series of bots that automatically give some people an upper hand when limited delivery time slots are available on Amazon Fresh or Wholefoods.

A slew of developers have made bots and other tools that, in some cases, automatically hunt for a free delivery slot, grab it, and then complete the user's food order, making sure they have a much better chance of buying food before other people snatch up the slot. While some of the developers told Motherboard they designed their bots to help those in need, such as senior citizens who may need to stay inside as exposure to the coronavirus could be more serious for them, others are dealing with the ethical issue of releasing a tool that can clearly be abused, by allowing those who can figure out how to use a technical tool to buy food while others go without.

[...] Data scientist Pooja Ahuja publicly released her own bot a few weeks ago, which checks for a free delivery slot on Wholefoods or Amazon Fresh. Her tool goes a step further though, and can also checkout automatically.

"You just have to run the bot once, and as soon as there is a delivery slot available, it secures it for you, and completes the entire process through checkout," Ahuja told Motherboard in an email.

[...] "Yes, it's an unfair advantage over others who aren't tech-savvy but may still need to purchase items urgently."

upstart writes in with an IRC submission for AnonymousCoward:

An SSD can resurrect your old Sega Saturn and Dreamcast consoles:

Classic disc-based consoles are getting long in the tooth. As their optical drives burn out, they're rendered unplayable, which is a shame -- these systems were the peak of gaming in the eyes of many. Hardcore gamers who miss titles like Panzer Dragoon Saga and Power Stone may want to perform life-saving surgery on their Sega Saturn or Dreamcast consoles this summer, as a new solution will be able to replace dead disc drives, with no soldering skills needed. The Terraonion MODE -- Multi-Optical Disc Emulator -- simply drops into your console of choice, reads ROMs from a storage medium, and passes the data onto the console for processing. The dream of the '90s is alive.

[...] Some may wonder what the big deal is. Most of these games can be played on an emulator. But emulators simply don't have that magic that original hardware does. Is that worth the nearly $200 price of something like the MODE? For a lot of hardcore gamers -- especially those who are privy to the Saturn and Dreamcast's vast Japanese libraries -- the answer could be yes. It may be time to dust off some old consoles and relive one of gaming's greatest eras.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

We may have seen two asteroids annihilate each other in another solar system:

We've not actually "seen" the vast majority of exoplanets we've found orbiting distant stars. Instead, their existence has been inferred based on changes in the light of the stars that they orbit. That makes the 20 or so we have imaged directly exceptional. Direct imaging typically requires a very large planet, which means this sample isn't entirely representative, but these planets do provide a unique opportunity for us to observe how bodies interact with each other and their environments in exosolar systems.

But, if two researchers at the University of Arizona are right, we can scratch one of these examples off the list. They say that the supposed planet has vanished in more recent images, which indicates it was never actually there in the first place. Instead, they argue that we've been observing the debris of a smash-up between two very large asteroids.

Original Submission