SoylentNews

MrPlow writes:

Submitted via IRC for GhostofAristarchus

Swift Observatory in safe mode as NASA investigates issue:

NASA has temporarily paused science aboard the Swift Observatory after noticing a potential equipment failure.

An issue with NASA's Swift Observatory has forced it to suspend science operations and enter safe mode while the team investigates. The space-based telescope is not one of NASA's best-known missions, but it has played a key role in investigating an astronomical phenomenon called gamma-ray bursts.

The telescope, originally named the Swift Gamma-Ray Burst Explorer and later renamed the Neil Gehrels Swift Observatory, experienced a problem earlier this week suspected to be related to faulty hardware. "On the evening of Tuesday, January 18, NASA's Neil Gehrels Swift Observatory entered into safe mode, suspending pointed science observations," NASA wrote in a brief update. "The mission team is investigating a possible failure of one of the spacecraft's reaction wheels as the cause."

The reaction wheels are components that allow the spacecraft to rotate to a very precise degree, which helps to keep the telescope pointed in one direction. This is important for Swift's mission to study gamma-ray bursts as this requires a high degree of sensitivity. The bursts last a few minutes at most, and a few milliseconds at least, so Swift has to locate these events quickly before they disappear.

Original Submission

An Anonymous Coward writes:

For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads.

PCs coming out this year with Microsoft's integrated Pluton security chip won't be locked down to Windows 11, and users will have the option to turn off the feature completely as well as install, say, Linux as normal, we understand.

The first Windows 11 PCs with Pluton built-in were shown at CES earlier this month. Major PC chip houses – think Intel, AMD, and Qualcomm – are said to be embedding Pluton inside their just-launched or upcoming microprocessors.

Pluton can act as a Trusted Platform Module (TPM) or as a non-TPM security coprocessor. It's a way for Microsoft to specify exactly how it wants a TPM component to be present in microprocessors so that Windows 11 can use the hardware as a root-of-trust and secure its stuff.

Microsoft's invasion at the hardware level has some users – especially those in the open-source community – on high alert. The concern relates to the chip being a means to lock equipment exclusively to Windows 11, shutting out other operating systems, such as Linux distros and the BSDs. Manufacturers tell us that's not the case: Pluton won't get in the way.

AMD integrated Microsoft's Pluton design into its Ryzen 6000 chips, which were just introduced at CES. AMD said its goal is to bring better security to Windows PCs, and users can disable Pluton on machines that follow AMD's reference firmware.

[...] PC makers can choose to ship computers with Pluton turned off, and the technology does not verify the signature of bootloaders, Microsoft PR said. The security processor can be configured to act as a TPM, or used in a non-TPM scenario, or disabled.

Original Submission

An Anonymous Coward writes:

CMA invites comments from 'interested parties' on what merger means to them

The UK's Competition and Markets Authority[CMA] has invited comments from industry and interested parties about NortonLifeLock's proposed $8bn purchase of fellow infosec outfit Avast.

The merger inquiry will run until the 16 March when the comments will be collated and assessed to determine if there is sufficient concern to warrant a deeper investigation.

"The CMA is considering whether it is or may be the case that this transaction, if carried into effect, will result in the creation of a relevant merger situation under the merger provisions of the Enterprise Act 2002," it said.

If that is the case, the watchdog will try to ascertain "whether the creation of that situation may be expected to result in a substantial lessening of competition within any market or markets" in the UK for goods and services.

[...] A NortonLifeLock spokesperson told us: "This is the normal, expected process of review with the CMA. As we noted in the 2.7 announcement, the UK was one of a handful of countries where some level of regulatory review was anticipated. We've been proactively engaged with them, and we continue to believe that the transaction will greatly benefit consumers and enhance product innovation for the combined companies."

Original Submission

aristarchus writes:

Original source is paywalled: The New York Times. Text extracted from https://www.sciencenews.org/article/fin-whale-eat-choke-baleen-oral-plug-muscle-fat.

Scientists have discovered a new anatomical structure that allows lunge-feeding whales to take in massive amounts of water without choking.

To capture prey, humpbacks, minkes and other whales use a tactic called lunge feeding. They accelerate — their mouths open to nearly 90 degrees — and engulf a volume of water large enough to fill their entire bodies. "It's crazy. Imagine putting an entire human inside your mouth," said Kelsey Gil, a zoologist studying whale physiology at the University of British Columbia.

As water floods into the whale's mouth, its throat pouch expands, leaving the whale looking like a bloated tadpole. After about a minute, the throat pouch deflates as most of the water leaves the whale's mouth, released back into the ocean. Small fish and krill are captured in the whale's baleen — plates of keratin that hang from the top of the whale's mouth resembling bristles on a toothbrush — and are swallowed into the whale's stomach.

Scientists didn't know how these whales avoided choking on prey-filled water and flooding their respiratory tracts during a lunge feeding event. Now Dr. Gil and colleagues have discovered a large, bulbous structure that they've termed the "oral plug" — a structure never before described in any other animal — that they think makes lunge feeding possible.

upstart writes:

Genetic Research Shows Rapid Immune Response in Children Protects Them From COVID-19:

Discovery of importance of interferon response in preventing serious infection will underpin new diagnostics and therapeutics.

Fundamental differences in the immune response of adults and children can help to explain why children are much less likely to become seriously ill from SARS-CoV-2, according to new research from the Wellcome Sanger Institute, University College London, and their collaborators.

The study, published in the journal Nature, is the most comprehensive single-cell study to compare SARS-CoV-2 infection in adults and children across multiple organs. Researchers found that a stronger 'innate' immune response in the airways of children, characterized by the rapid deployment of interferons, helped to restrict viral replication early on. In adults, a less rapid immune response meant the virus was better able to invade other parts of the body where the infection was harder to control.

[...] A nasal swab to measure the immune response in newly infected adults could be used to identify those at higher risk who may be candidates for pre-emptive monoclonal antibody treatment. Recent research has also suggested inhalation of interferons could be a viable therapy.

canopic jug writes:

Hackaday has an article summarizing how LoRaWAN works, using home appliances as an example. LoRaWAN is a proprietary, bidirectional, RF broadcasting technology with very low data capacity. It can have a range of around 10 kilometers yet is low power enough to be feasible to use on embedded devices. It competes against the DASH7, Sigfox, and NB-IoT protocols.

While wireless communications are unquestionably useful in projects, common wireless protocols such as WiFi and Bluetooth peter out after only a number of meters, which is annoying when your project is installed in the middle of nowhere. Moving to an LTE-based or similar mobile solution can help with the range, but this does not help when there's poor cell coverage, and it tends to use more power. Fortunately, for low-bitrate, low-power wide-area networks (LPWAN) like e.g. sensor networks, there's a common solution in the form of LoRaWAN, as in long-range wide area network (WAN).

The proprietary LoRa RF modulation technique that underlies LoRaWAN is based on Chirp Spread Spectrum (CSS). This modulation technique is highly resistant to channel noise and fading as well as Doppler shift, enabling it to transmit using relatively low power for long distances. LoRaWAN builds on top of the physical layer provided by LoRa to then create the protocol that devices can then use to communicate with other LoRa devices.

Courtesy of global LoRaWAN gateway and software providers such as The Things Industries and ThingSpeak, it's possible even as a hobbyist to set up a LoRaWAN-powered sensor network with minimal cost. Let's take take a look at exactly what is involved in setting up LoRaWAN devices, and what possible alternatives to LoRaWAN might be considered.

upstart writes:

NASA wants to convert waste into space gold:

The thing about a spacecraft is there really isn't much room for stuff. As someone who lives on a sailboat with my family, I can certainly relate.

As human space ambitions grow beyond the moon, that creates real challenges for potential manned missions. So NASA, like all good sailors and efficiency-minded denizens of small quarters, is getting crafty. Instead of packing more stuff, what if there were useful ways to reuse the waste generated from old stuff?

That's the premise behind a new crowdsourcing challenge called Waste to Base Materials Challenge: Sustainable Reprocessing in Space, which seeks to find novel ways to deal with waste for future human missions to space sustainably. HeroX is a leading platform and open marketplace for crowdsourced solutions that's worked on previous NASA challenges in administering the competition and seeking innovative approaches to repurpose, recycle, and reprocess the waste generated onboard to enable mission sustainability.

[...] What waste, you ask? Trash, to be sure, but in the cold reaches of space, waste also includes human byproducts, such as faecal matter and carbon dioxide. Among the needs that space waste might help with, propellant or feedstock for 3D printing is two possibilities. The prize is open to anyone aged 18 or older participating as an individual or as a team, and there's some cash on the line, with a purse totaling $24,000.

Original Submission

upstart writes:

Call Of Duty QA Testers Form Activision Blizzard's First Union:

Thirty-four quality assurance testers at Raven Software, the Activision Blizzard studio in charge of its massively popular battle royale, Call of Duty: Warzone, announced today that they are unionizing after weeks of striking over recently announced layoffs in their department. Calling themselves the Game Workers Alliance, they're asking the embattled publisher which recently announced a historic sale to Microsoft to voluntarily recognize the union.

"Today, I am proud to join with a supermajority of my fellow workers to build our union, Game Workers Alliance (CWA[sic])," Becka Aigner, QA functional tester II at Raven, said in a press release. "In the video game industry, specifically Raven QA, people are passionate about their jobs and the content they are creating. We want to make sure that the passion from these workers is accurately reflected in our workplace and the content we make. Our union is how our collective voices can be heard by leadership."

Game Workers Alliance has formed with the support of the Campaign to Organize Digital Employees by the Communications Workers of America. It currently has the support of 78% of eligible workers, a representative of CWA told Polygon. QA testers have historically been overworked and underpaid at Activision Blizzard, as they are at most game companies. Game Workers Alliance has given management by January 25 to voluntarily recognize the union before it files for an election with the National Labor Review Board.

takyon writes:

SwRI scientist uncovers evidence for an internal ocean in small Saturn moon

A Southwest Research Institute scientist set out to prove that the tiny, innermost moon of Saturn was a frozen inert satellite and instead discovered compelling evidence that Mimas has a liquid internal ocean. In the waning days of NASA's Cassini mission, the spacecraft identified a curious libration, or oscillation, in the moon's rotation, which often points to a geologically active body able to support an internal ocean.

"If Mimas has an ocean, it represents a new class of small, 'stealth' ocean worlds with surfaces that do not betray the ocean's existence," said SwRI's Dr. Alyssa Rhoden, a specialist in the geophysics of icy satellites, particularly those containing oceans, and the evolution of giant planet satellites systems.

Mimas (the Death Star one). List of largest lakes and seas in the Solar System.

Also at The Verge and NYT.

The case for an ocean-bearing Mimas from tidal heating analysis (DOI: 10.1016/j.icarus.2021.114872)

Original Submission

upstart writes:

In this one, there's a heap overflow bug in the legacy_parse_param in the Linux kernel's fs/fs_context.c program. This parameter is used in Linux filesystems during superblock creation for mount and superblock reconfiguration for a remount. The superblock records all of a filesystem's characteristics such as file size, block size, empty and filled storage blocks. So, yeah, it's important.

The legacy_parse_param() "PAGE_SIZE - 2 - size" calculation was mistakenly made anunsigned type. This means a large value of "size" results in a high positive value instead of a negative value as expected. Whoops.

This, in turn, meant you copy data beyond the memory slab allocated for it. And, as all programmers know, writing beyond the memory your program is supposed to have access to is a terrible thing.

[...] So, how bad is it? By the Common Vulnerability Scoring System (CVSS) v3.1 scoring test, it's a solid 7.7. That's considered a high-security vulnerability.

A local attacker can use it to escalate their user privileges or crash the system. This can be done with a specially crafted program that triggers this integer overflow. That done, it's trivial to execute arbitrary code and give the attacker root privileges.

To exploit it requires the CAP_SYS_ADMIN privilege to be enabled. If that's the case,  an unprivileged local user can open a filesystem that does not support the File System Context application programming interface (API). In this situation, it drops back to legacy handling, and from there, the flaw can escalate an attacker's system privileges.

[...] This security hole was introduced back on Feb 28, 2019, in the Linux 5.1-rc1 kernel. It's now present in all Linux kernels. Yes, all of them. Fortunately, the patch is in.

Original Submission

upstart writes:

Cheap malware is behind a rise in attacks on cryptocurrency wallets:

A rise in cheap, easy-to-use malware means it's easier than ever for cyber criminals to steal cryptocurrency.

[...] the growing value of cryptocurrency means it has quickly become a key target for cyber criminals and they're increasingly launching attacks which aim to steal cryptocurrency from the wallets of individual users.

Research by Chainalysis warns that cryptocurrency users are increasingly under threat from malware including information stealers, clippers – which allow attackers to replace text the user has copied, redirecting cryptocurrency to their own wallets – and trojans, all of which can be purchased for what's described as "relatively little money" on cyber criminal forums.

For example, a form of info stealer malware called Redline is advertised on Russian cyber crime forums at $150 for a month's subscription or $800 for 'lifetime' access. For a cyber criminal looking to steal cryptocurrency, it's sadly highly likely they'll make back the money paid for the malware within a handful of attacks.

The illicit service also provides users with a tool which allows attackers to encrypt the malware so it's more difficult for anti-virus software to detect, increasingly the likelihood of attacks successfully stealing cryptocurrency from compromised victims.

"The proliferation of cheap access to malware families like Redline means that even relatively low-skilled cybercriminals can use them to steal cryptocurrency," warns the report.

Overall, the malware families in the report have received 5,974 transfers from victims in 2021, up from 5,449 in 2020 - although that's down significantly on 2019 which saw more that 7,000 transfers.

Original Submission

upstart writes:

New AI navigation prevents crashes in space:

What do you call a broken satellite? Today, it's a multimillion-dollar piece of dangerous space junk.

But a new collision-avoidance system developed by students at the University of Cincinnati [UC] is getting engineers closer to developing robots that can fix broken satellites or spacecraft in orbit.

UC College of Engineering and Applied Science doctoral students Daegyun Choi and Anirudh Chhabra presented their project at the Science and Technology Forum and Exposition in January in San Diego, California. Hosted by the American Institute of Aeronautics and Astronautics, it's the world's largest aerospace engineering conference.

"We have to provide a reliable collision-avoidance algorithm that operates in real time for autonomous systems to perform a mission safely. So we proposed a new collision-avoidance system using explainable artificial intelligence," Choi said.

He has been working on similar projects at UC for the past two years, publishing three articles in peer-reviewed journals based on Choi's novel algorithms.

UC researchers tested their system in simulations, first by deploying robots in a two-dimensional space. Their chosen digital battlefield? A virtual supermarket where multiple autonomous robots must safely navigate aisles to help shoppers and employees.

"This scenario presents many of the same obstacles and surprises that an autonomous car sees on the road," study co-author and UC assistant professor Donghoon Kim said.

[...] "Emerging AI is physics-informed rather than relying solely on data," Kim said. "If we know the physical behavior, we can use that as well as the data so we can get more meaningful information and a reliable AI model."

Journal Reference:
Daegyun Choi, Anirudh Chhabra, and Donghoon Kim. Collision Avoidance of Unmanned Aerial Vehicles Using Fuzzy Inference System-Aided Enhanced Potential Field, (DOI: 10.2514/6.2022-0272)

Original Submission

upstart writes:

Americans are bracing for inflation and a market crash: survey:

Inflation and a potential stock market crash. These are the two biggest threats to the US economy and to the financial wellbeing of Americans, so says a survey by personal finance software firm Quicken.

The Menlo Park, Calif.-based Quicken/SurveyMonkey online poll was taken earlier this month, which consisted of a sample of 1,200 US adults ages 18 to 74 from the Cint Consumer Network, according to Quicken's press release.

The survey revealed that nearly three-fourths who responded to the survey (71%) ranked inflation (currently at 7% and the highest since the early 1980s), as the top concern, followed by new COVID-19 variants, supply chain disruptions and a stock market crash. On that last point, the survey noted that 52% surveyed agree that there will be a stock market crash in the next five years. Of that group, 58% expect a looming stock market crash will impact their finances negatively, according to the press release.

Yet not everyone views a potential crash as such a bad prospect. Some Americans saw the financial gains that more aggressive investors had made from the day of the 2008 stock market crash, and are now looking to capitalize for the next one. According to the press release, 52% of self-described "aggressive" investors are likely to say the 2008 crash benefited them financially, compared to 18% of so-called "conservative" investors. What's more, 71% of aggressive investors, compared to 20% of conservative investors, believe a stock market crash in the future would benefit them financially. A notable percentage of respondents who believe there's going to be a crash in the next five years – 35% – agree that they're waiting for a crash in order to invest some extra cash.

A sizable percentage of younger adult generations surveyed – Millennial and Gen Z – also see the benefits to a future stock market crash. According to the survey, 41% of Gen Z and 36% of Millennials agree that they are waiting for a stock crash in order to invest their extra cash. Another 30% of Gen Z and 28% of Millennials say they're waiting for a crash so that they can start investing, according to the press release.

Original Submission

upstart writes:

Chinese APT deploys MoonBounce implant in UEFI firmware:

Security researchers have unveiled MoonBounce, a custom UEFI firmware implant used in targeted attacks.

The implant is believed to be the work of APT41, a Chinese-speaking sophisticated hacking group also known as Winnti or Double Dragon.

On January 20, Kaspersky researchers said that at the end of last year, the team uncovered a case of Unified Extensible Firmware Interface (UEFI) compromise caused by the modification of one component in the firmware – a core element called SPI flash, located on the motherboard.

"Due to its emplacement on SPI flash which is located on the motherboard instead of the hard disk, the implant is capable of persisting in the system across disk formatting or replacement," the team noted.

Not only did the tweak to the firmware result in persistence at a level that is extremely difficult to remove, the team says that the firmware image was "modified by attackers in a way that allowed them to intercept the original execution flow of the machine's boot sequence and introduce a sophisticated infection chain."

The developer of the MoonBounce UEFI rootkit is said to have a deep and thorough understanding of how UEFI systems work.

"The source of the infection starts with a set of hooks that intercept the execution of several functions in the EFI Boot Services Table, namely AllocatePool, CreateEventEx and ExitBootServices," the researchers explained. "Those hooks are used to divert the flow of these functions to malicious shellcode that is appended by the attackers to the CORE_DXE image, which in turn sets up additional hooks in subsequent components of the boot chain, namely the Windows loader."

Original Submission

upstart writes:

UK parliamentary committee casts doubt on government's gigabit connectivity targets:

The rapid roll-out of gigabit broadband throughout the UK is a source of pride for the UK government, indeed singled out by prime minister Boris Johnson as one of his personal triumphs, but a report from the UK parliamentary Public Accounts Committee (PAC) is doubting whether the Department for Digital, Culture, Media and Sport (DCMS) will meet even its downgraded target to roll out super-fast, gigabit broadband to 85% of the UK by 2025.

Furthermore, the PAC warns that despite the progress that has been made in taking full-fibre across the country, energising the altnet provider industry, the DCMS is relying too heavily on commercial contractors for the progress that has been made.

[...] However, by November 2020, the UK government began backtracking on its ambitious targets. When announcing his Spending Review in late November 2020, Sunak rowed back, reducing the original commitment to provide £5bn of public funding for hard-to-reach areas that have been traditionally badly served by broadband providers.

[...] The PAC said then that it appeared "clear that government's 2019 election pledge to deliver nationwide gigabit broadband connectivity by 2025 was unachievable", noting the UK government has committed less than a quarter of the £5bn funding needed to support roll-out to the hardest-to-reach 20% of premises. It slammed what it called a "litany" of UK government failures in gigabit broadband roll-out. In 2020, the DCMS accepted its original plan for delivering nationwide gigabit broadband across the country by 2025 was unachievable and revised that target down to 85% coverage by 2025.

Original Submission