SoylentNews

canopic jug writes:

Ben Hawkes over at Isoceles has a review of the two OpenSSH Backdoor attempts. One, the XZ backdoor, was attempted this year in early 2024. The other, in 2002, was a matter of attempting to trojanize some distribution files.

Inserting an exploitable bug (a "bugdoor"), one that's subtle enough that developers might not even notice during code review, is probably the winning move. However, it's interesting to note that in both 2002 and 2024 we got a backdoor rather than a bugdoor. That's probably because exploits are hard, and server-side exploits are really hard. Given how much work it is to be in a position to change the source code in the first place, it's not entirely surprising that attackers want to go with a reliable option. The counter-argument is that we may just never get to see any bugdoors because they never get caught (or if they do, they don't get flagged as subterfuge), so we're biased towards the events that we can actually detect.

There are other similarities. Both the 2002 and 2024 events targeted the build system, for example. This also makes sense, because build systems are a perfect mix of inscrutability and expressiveness. There's really no constraints on what you can do with most build systems. They have to be like this in order to make everything work everywhere that it's supposed to. Making something compile on Linux, MacOS, and Windows simultaneously is no easy feat. Add in support for multiple architectures and legacy versions, and well... you see where I'm going with this. The guiding design principle for build systems has been "just make it work", and so they end up being a complicated mess of directives, rules, variables, and command invocations. As long as they're working correctly, I suspect very few people are paying close attention to the contents of their build scripts, and that includes the developers/maintainers themselves. It's the ideal place to insert the first hook for a backdoor, hiding in plain sight.

Most bugs have not been added intentionally.

Previously:
(2024) The Mystery of 'Jia Tan,' the XZ Backdoor Mastermind
(2024) xz: Upstream Repository and the xz Tarballs Have Been Backdoored

Original Submission

Arthur T Knackerbracket has processed the following story:

Google has reached a deal with California lawmakers to fund local news in the state after previously protesting a proposed law that would have required it to pay media outlets. Under the terms of the deal, Google will commit tens of millions of dollars to a fund supporting local news as well as an AI “accelerator program” in the state.

The agreement ends a months-long dispute between lawmakers and Google over the California Journalism Preservation Act, a bill that would have required Google, Meta and other large platforms to pay California publishers in exchange for linking to their websites. Google strongly opposed the measure, which was similar to laws passed in Canada and Australia.

[...] Now, under the new agreement, Google will direct “at least $55 million” to “a nonprofit public charity housed at UC Berkeley’s journalism school,” Politico reports. The university will distribute the fund, which also includes “at least $70 million” from the state of California. Google will also “commit $50 million over five years to unspecified ‘existing journalism programs.’”

The agreement also includes funding for a “National AI Innovation Accelerator.” Details of that program are unclear, but Cal Matters reports that Google will dedicate “at least $17.5 million” to the effort, which will fund AI experiments for local businesses and other organizations, including newsrooms. That aspect of the deal, which is so far unique to Google's agreement in California, could end up being more controversial as it could exacerbate existing tensions between publishers and AI companies.

In a statement, Alphabet’s President of Global Affairs, Kent Walker, credited the “thoughtful leadership” of California Governor Gavin Newsom and other state officials in reaching the agreement. “California lawmakers have worked with the tech and news sectors to develop a collaborative framework to accelerate AI innovation and support local and national businesses and nonprofit organizations,” he said. “This public-private partnership builds on our long history of working with journalism and the local news ecosystem in our home state, while developing a national center of excellence on AI policy.”

Original Submission

Arthur T Knackerbracket has processed the following story:

An unusually bright burst of radio waves—dubbed the Wow! signal—discovered in the 1970s has baffled astronomers ever since, given the tantalizing possibility that it just might be from an alien civilization trying to communicate with us. A team of astronomers think they might have a better explanation, according to a preprint posted to the physics arXiv: clouds of atomic hydrogen that essentially act like a naturally occurring galactic maser, emitting a beam of intense microwave radiation when zapped by a flare from a passing magnetar.

As previously reported, the Wow! signal was detected on August 18, 1977, by The Ohio State University Radio Observatory, known as “Big Ear.” Astronomy professor Jerry Ehman was analyzing Big Ear data in the form of printouts that, to the untrained eye, looked like someone had simply smashed the number row of a typewriter with a preference for lower digits. Numbers and letters in the Big Ear data indicated, essentially, the intensity of the electromagnetic signal picked up by the telescope over time, starting at ones and moving up to letters in the double digits (A was 10, B was 11, and so on). Most of the page was covered in ones and twos, with a stray six or seven sprinkled in.

But that day, Ehman found an anomaly: 6EQUJ5 (sometimes misinterpreted as a message encoded in the radio signal). This signal had started out at an intensity of six—already an outlier on the page—climbed to E, then Q, peaked at U—the highest power signal Big Ear had ever seen—then decreased again. Ehman circled the sequence in red pen and wrote “Wow!” next to it. The signal appeared to be coming from the direction of the Sagittarius constellation, and the entire signal lasted for about 72 seconds. Alas, SETI researchers have never been able to detect the so-called “Wow! Signal” again, despite many tries with radio telescopes around the world.

[...] Astrobiologist Abel Mendez of the University of Puerto Rico at Arecibo and his co-authors think they have the strongest astrophysical explanation to date with their cosmic maser hypothesis. The team was actually hunting for habitable exoplanets using signals from red dwarf stars. In some of the last archival data collected at the Arecibo radio telescope (which collapsed in 2020), they noticed several signals that were remarkably similar to the Wow! signal in terms of frequency—just much less intense (bright).

Arthur T Knackerbracket has processed the following story:

In a new letter, OpenAI chief strategy officer Jason Kwon insists that AI regulations should be left to the federal government. As reported previously by Bloomberg, Kwon says that a new AI safety bill under consideration in California could slow progress and cause companies to leave the state.

[...] The letter is addressed to California State Senator Scott Wiener, who originally introduced SB 1047, also known as the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act.

According to proponents like Wiener, it establishes standards ahead of the development of more powerful AI models, requires precautions like pre-deployment safety testing and other safeguards, adds whistleblower protections for employees of AI labs, gives California’s Attorney General power to take legal action if AI models cause harm, and calls for establishing a “public cloud computer cluster” called CalCompute.

In a response to the letter published Wednesday evening, Wiener points out that the proposed requirements apply to any company doing business in California, whether they are headquartered in the state or not, so the argument “makes no sense.” He also writes that OpenAI “...doesn’t criticize a single provision of the bill” and closes by saying, “SB 1047 is a highly reasonable bill that asks large AI labs to do what they’ve already committed to doing, namely, test their large models for catastrophic safety risk.”

Following concerns from politicians like Zoe Lofgren and Nancy Pelosi, companies like Anthropic, and organizations such as California’s Chamber of Commerce, the bill passed out of committee with a number of amendments that included tweaks like replacing criminal penalties for perjury with civil penalties and narrowing pre-harm enforcement abilities for the Attorney General.

The bill is currently awaiting its final vote before going to Governor Gavin Newsom’s desk.

Original Submission

Arthur T Knackerbracket has processed the following story:

Apple device users recently discovered a minor bug that causes the Settings screen and home screen to crash. While no serious issues have been reported so far, a fix in a future firmware update would not be surprising.

Swiping right on the iOS home screen until the app library appears, and then typing the characters "::" into the search bar, causes Springboard – the software that handles the main menu – to crash. A black screen with a loading icon briefly appears before the device returns to the lock screen.

Additionally, entering the same characters into the search bar at the top of the Settings menu crashes the app, immediately sending users back to the home screen. However, the bug can be triggered by variations of this character combination as well.

Security researchers have found that nearly any combination involving two quotation marks, one colon, and any other character can trigger the same effect. For example, typing "X":X also causes the issue. TechSpot confirmed that the bug occurs on iPhones and iPads running firmware version 17.6.1, but Macs remain unaffected.

Researchers told TechCrunch that the issue doesn't pose a security threat. However, the bug may raise some concerns because it resembles more serious incidents from the past.

[...] Fortunately, the recent iOS bug can only be triggered by someone physically using the device, so the potential risk remains limited.

Original Submission

Arthur T Knackerbracket has processed the following story:

Networking giant Cisco has suggested the United Nations' first-ever convention against cyber crime is dangerously flawed and should be revised before being put to a formal vote.

The document that Cisco dislikes is the United Nations convention against cyber crime [PDF]. The convention took five years to create and was drafted by a body called the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes.^*

The purpose of the Convention is to "enhance international cooperation, law enforcement efforts, technical assistance, and capacity-building relating to cyber crime," in recognition that digital technology has become a big enabler of transnational mischief.

As The Register theregister.com reported after the Committee agreed on a draft text, Russia was a big driver of the document, and human rights groups don't like it.

Human Rights Watch, for example, criticized the Convention as overly broad, while the Electronic Frontier Foundation has labelled the Convention "too flawed to adopt."

Those two orgs, and others, worry that the Convention doesn't offer a narrow definition of cyber crime, and could give signatory nations legal cover to target citizens who share views they dislike. They also worry about secrecy provisions in the document that would allow nations to demand info from service providers, without the individuals targeted by such requests being informed or having recourse.

British human rights org Article 19 has also warned the Convention's broad language could stymie legitimate infosec research, by creating a legal environment in which cyber-boffins don't feel safe to ply their trade for fear of being labelled crims.

Arthur T Knackerbracket has processed the following story:

On Sept. 26th, 2022, NASA's Double Asteroids Redirect Test (DART) collided with Dimorphos, the small moonlet orbiting the larger asteroid Didymos. In so doing, the mission successfully demonstrated a proposed strategy for deflecting potentially hazardous asteroids (PHAs)—the kinetic impact method.

By October 2026, the ESA's Hera mission will rendezvous with the double-asteroid system and perform a detailed post-impact survey of Dimorphos to ensure that this method of planetary defense can be repeated in the future.

However, while the kinetic method could successfully deflect asteroids so they don't threaten Earth, it could also create debris that might reach Earth and other celestial bodies.

In a recent study, an international team of scientists explored how this impact test also presents an opportunity to observe how this debris could someday reach Earth and Mars as meteors. After conducting a series of dynamic simulations, they concluded that the asteroid ejecta could reach Mars and the Earth-Moon system within a decade.

[...] The paper that details their findings appears online on the arXiv preprint server and has been accepted for publication by The Planetary Science Journal.

For their study, Peña-Asensio and his colleagues relied on data obtained by the Light Italian CubeSat for Imaging of Asteroids (LICIACube), which accompanied the DART mission and witnessed the kinetic impact test.

[...] "LICIACube provided crucial data on the shape and direction of the ejecta cone immediately following the collision. In our simulation, the particles ranged in size from 10 centimeters to 30 micrometers, with the lower range representing the smallest sizes capable of producing observable meteors on Earth with current technology. The upper range was limited by the fact that only ejected centimeter-sized fragments were observed."

Their results indicated that some of these particles would reach Earth and Mars within a decade or more, depending on how fast they traveled after the impact.

looorg writes:

https://github.blog/news-insights/research/survey-ai-wave-grows/

Githubs "AI in software development 2024 survey" is here. A compilation of wishful thinking and overly optimistic interpretations of survey data. It generates more questions then answers. Mostly the survey and the report wants to sing the praise of the AI as some kind of development savior, as it will literally improve everything and there doesn't appear to be any negative aspects associated with it at all. Or at least they don't ask about such things. The survey and the responses generates more questions then it answer. After all it doesn't really answer any questions.

Our survey data showed that nearly all of the survey participants reported using AI coding tools both outside of work or at work at some point. However, 17-27% of respondents indicated that they've only used AI tools at work, challenging the assumption that all developers are using AI outside of work.

Almost everyone is using AI for development, at work. But not for private projects. It's good enough for work things but not for your private projects? Why is it good enough for work but not for coding at home, or outside work whatever that is? Or do developers/programmers not code at home anymore? No explanation. No dwelling into that. Just more happy AI-shilling.

More than 97% of respondents reported having used AI coding tools at work at some point, a finding consistent across all four countries. However, a smaller percentage said their companies actively encourage AI tool adoption or allow the use of AI tools, varying by region. The U.S. leads with 88% of respondents indicating at least some company support for AI use, while Germany is lowest at 59%. This highlights an opportunity for organizations to better support their developers' interest in AI tools, considering local regulations.

That is one interpretation of the data. Another is that the Germans are seeing something the Americans are not. A risk of some kind perhaps? Also it's just filled with vague statements such as "at some point", which isn't the same as they use it all the time or even anymore. I tried something once, at some point. Not the same as it was good, or that I kept using it.

upstart writes:

Federal Appeals Court Finds Geofence Warrants Are "Categorically" Unconstitutional:

In a major decision on Friday, the federal Fifth Circuit Court of Appeals held that geofence warrants are "categorically prohibited by the Fourth Amendment." Closely following arguments EFF has made in a numberofcases, the court found that geofence warrants constitute the sort of "general, exploratory rummaging" that the drafters of the Fourth Amendment intended to outlaw. EFF applauds this decision because it is essential that every person feels like they can simply take their cell phone out into the world without the fear that they might end up a criminal suspect because their location data was swept up in open-ended digital dragnet.

The new Fifth Circuit case, United States v. Smith, involved an armed robbery and assault of a US Postal Service worker at a post office in Mississippi in 2018. After several months of investigation, police had no identifiable suspects, so they obtained a geofence warrant covering a large geographic area around the post office for the hour surrounding the crime. Google responded to the warrant with information on several devices, ultimately leading police to the two defendants.

On appeal, the Fifth Circuit reached several important holdings.

First, it determined that under the Supreme Court's landmark ruling in Carpenter v. United States, individuals have a reasonable expectation of privacy in the location data implicated by geofence warrants. As a result, the court broke from the Fourth Circuit's deeply flawed decision last month in United States v. Chatrie, noting that although geofence warrants can be more "limited temporally" than the data sought in Carpenter, geofence location data is still highly invasive because it can expose sensitive information about a person's associations and allow police to "follow" them into private spaces.

Second, the court found that even though investigators seek warrants for geofence location data, these searches are inherently unconstitutional. As the court noted, geofence warrants require a provider, almost always Google, to search "the entirety" of its reserve of location data "while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result." Therefore, "the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient."

Unsurprisingly, however, the court found that in 2018, police could have relied on such a warrant in "good faith," because geofence technology was novel, and police reached out to other agencies with more experience for guidance. This means that the evidence they obtained will not be suppressed in this case.

Nevertheless, it is gratifying to see an appeals court recognize the fundamental invasions of privacy created by these warrants and uphold our constitutional tradition prohibiting general searches. Police around the country have increasingly relied on geofence warrants and other reverse warrants, and this opinion should act as a warning against narrow applications of Fourth Amendment precedent in these cases.

Original Submission

NotSanguine writes:

The New York Times is reporting (Archive link here) on a novel lawsuit filed against Meta, using Section 230 of the Communications Decency Act of 1996.

From the article:

Facebook, X, YouTube and other social media platforms rely on a 1996 law to insulate themselves from legal liability for user posts. The protection from this law, Section 230 of the Communications Decency Act, is so significant that it has allowed tech companies to flourish.
But what if the same law could be used to rein in the power of those social media giants?

That idea is at the heart of a lawsuit filed in May against Meta, the owner of Facebook, Instagram and WhatsApp. The plaintiff has asked a federal court to declare that a little-used part of Section 230 makes it permissible for him to release his own software that lets users automatically unfollow everyone on Facebook.

The lawsuit, filed by Ethan Zuckerman, a public policy professor at the University of Massachusetts Amherst, is the first to use Section 230 against a tech giant in this way, his lawyers said. It is an unusual legal maneuver that could turn a law that typically protects companies like Meta on its head. And if Mr. Zuckerman succeeds, it could mean more power for consumers to control what they see online.
[...]
Mr. Zuckerman has focused on a part of Section 230 that spells out protection for blocking objectionable material online. In 2021, after a developer released software to purge users' Facebook feeds of everyone they follow, Facebook threatened to shut it down. But Section 230 says it is possible to restrict access to obscene, excessively violent and other problematic content. The language shields companies from liability if they censor disturbing content, but lawyers now say it could also be used to justify scrubbing any content users don't want to see.

Meta said it had asked U.S. District Court for the Northern District of California, where the lawsuit was filed, to dismiss the case because Mr. Zuckerman had not released a software tool to clean up people's Facebook pages. It also argued that Mr. Zuckerman had not shown that Section 230 should apply in his case.

"This suit is baseless, and was filed by the plaintiff over a hypothetical browser extension that he has not even built," a company spokesman said.

What do Soylentils think? Will the plaintiffs succeed? Will this make any difference whatever?

Original Submission

Arthur T Knackerbracket writes:

https://boingboing.net/2024/08/21/after-massive-public-outcry-disney-stops-attempt-to-kill-lawsuit-after-killing-restaurant-guest.html

See Previous Story: Disney Seeking Dismissal of Death Lawsuit Because Victim Was Disney+ Subscriber

AP reported yesterday that "Disney drops bid to have allergy-death lawsuit tossed because plaintiff signed up for Disney+."

I'm not a lawyer but the initial legal argument being made by Disney seems to me to be pure bad faith horseshit. This piece in New York Magazine looks at the lawsuit stemming from the allergic reaction death of a doctor named Amy Tangsuan at a Disney World Resort restaurant:

Tangsuan was allergic to dairy and nuts, and before she and her husband ordered, (they) asked a waiter whether any of the allergens were in her order... The waiter consulted with the chef, and then assured her that they could be made dairy- and nut-free.

About 45 minutes after Tangsuan ate, she went into an anaphylactic shock so severe her EpiPen was useless. She died soon after at a nearby hospital. In February, her husband filed a wrongful-death suit against the restaurant and Disney's theme-parks division, seeking money damages.

[...] Did they try this now abandoned tactic to save money? Of course. But it sounds like they're really doing it to save face — by moving cases to arbitration, it's permanently out of the public's view; however the case is settled, the general public will almost certainly be in the dark. PR problem of killing guests thus solved.

So they will not try that again until next time that they do ...

Original Submission

NASA Wants Clarity On Orion Heat Shield Issue Before Stacking Artemis II Rocket

Arthur T Knackerbracket has processed the following story:

NASA would like to start stacking the Space Launch System rocket for the Artemis II mission—the first human flight around the Moon since 1972—sometime next month, but the agency's exploration chief says the milestone could be delayed as engineers continue studying the readiness of the Orion spacecraft's heat shield.

The heat shield, already installed at the base of the Orion spacecraft, will take the brunt of the heating when the capsule blazes through Earth's atmosphere at the end of the 10-day mission. On the Artemis I test flight in late 2022, NASA sent an Orion spacecraft to the Moon and back without a crew aboard. The only significant blemish on the test flight was a finding that charred chunks of the heat shield unexpectedly stripped away from the capsule during reentry as temperatures increased to nearly 5,000° Fahrenheit (2,760° Celsius).

The spacecraft safely splashed down, and if any astronauts had been aboard, they would have been fine. However, the inspections of the recovered spacecraft showed divots of heat shield material were missing. The heat shield material, called Avcoat, is designed to erode away in a controlled manner during reentry. Instead, fragments fell off the heat shield that left cavities resembling potholes.

NASA launched internal and independent investigations to look into the heat shield issue. Catherine Koerner, NASA's associate administrator for development of exploration systems, told Ars the inquiry remains open.

"We have not made any formal decisions on the forward path yet because we still are doing analysis," she said. "There are a lot of complications associated with the heat shield, not only with identifying a root cause, but also figuring out a path forward once we identify that root cause."

This is a complicated thermodynamic and aerodynamic problem, with engineers studying the combined effects of heating and air resistance as the Orion spacecraft dives deeper into the atmosphere. Victor Glover, the pilot of the Artemis II mission, told Ars earlier this year that ground testing and analyses can only go so far, and some of the dynamics may not be fully understood without more flight data.

Commander Reid Wiseman, mission specialist Christina Koch, and Canadian astronaut Jeremy Hansen will join Glover on the Artemis II mission. They will fly around the far side of the Moon inside the Orion capsule after lifting off from NASA's Kennedy Space Center in Florida on a Space Launch System (SLS) rocket. Artemis II will pave the way for future landing missions to deliver astronauts to the Moon's south pole.

Arthur T Knackerbracket has processed the following story:

Microsoft's Patch Tuesday for August 2024 includes a fix for a security vulnerability in the Grub2 boot loader, which is used by many Linux operating systems. Tracked as CVE-2022-2601, this flaw, discovered in 2022, could lead to an out-of-bounds write with a potential bypass of Secure Boot protection.

The Grub2 boot loader provides compatibility with the Secure Boot technology on PCs running Linux systems. After installing the new patch, Windows applies a Secure Boot Advanced Targeting (SBAT) policy to block vulnerable Linux boot loaders that could compromise OS security.

Microsoft explained that the SBAT value would not be applied to dual-boot systems with both Windows and Linux on the boot drive, so the patch was expected not to impact these systems. However, many users with dual-boot configurations have reported that the CVE-2022-2601 update still rendered booting into a Linux OS impossible.

The issue appears to affect various Linux distributions, including popular ones such as Ubuntu, Linux Mint, Zorin OS, Puppy Linux, and others. Affected systems typically display a "Security Policy Violation" error at boot, indicating a failed check on "shim SBAT data." Boot problems have been reported on both dual-boot systems and on Windows devices running Linux from an ISO image, USB drive, or optical media.

Microsoft's bulletin noted that only older Linux distros' ISOs were expected to experience boot issues following the CVE-2022-2601 patch. However, users with systems released in 2024 also seem to be affected. The only reliable way to restore a bootable state appears to be disabling Secure Boot entirely. Alternatively, users can follow the steps to remove the SBAT policy introduced by Microsoft this past week.

Original Submission

Arthur T Knackerbracket writes:

https://arstechnica.com/gadgets/2024/08/microsoft-will-try-the-data-scraping-windows-recall-feature-again-in-october/

Microsoft will begin sending a revised version of its controversial Recall feature to Windows Insider PCs beginning in October, according to an update published today to the company's original blog post about the Recall controversy. The company didn't elaborate further on specific changes it's making to Recall beyond what it already announced in June.

For those unfamiliar, Recall is a Windows service that runs in the background on compatible PCs, continuously taking screenshots of user activity, scanning those screenshots with optical character recognition (OCR), and saving the OCR text and the screenshots to a giant searchable database on your PC. The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.

The problem was that other users on the same PC, or attackers with physical or remote access to your PC, could easily access, view, and export those screenshots and the OCR database since none of the information was encrypted at rest or protected in any substantive way.

Microsoft had planned to launch Recall as one of the flagship features of its Copilot+ PC launch in July, along with the new Qualcomm Snapdragon-powered Surface devices, but its rollout was bumped back and then paused entirely so that Recall could be reworked and then sent out to Windows Insiders for testing like most other Windows features are.

Among the changes Microsoft has said it will make: The database will be encrypted at rest and will require authentication (and periodic reauthentication) with Windows Hello before users will be allowed to access it. The feature will also be off by default, whereas the original plan was to turn it on by default and make users go into Settings to turn it off.

"Security continues to be our top priority and when Recall is available for Windows Insiders in October we will publish a blog with more details," reads today's update to Microsoft Windows and Devices Corporate Vice President Pavan Davuluri's blog post.

When the preview is released, Windows Insiders who want to test the Recall preview will need to do it on a PC that meets Microsoft's Copilot+ system requirements. Those include a processor with a neural processing unit (NPU) capable of at least 40 trillion operations per second (TOPS), 16GB of RAM, and 256GB of storage. The x86 builds of Windows for Intel and AMD processors don't currently support any Copilot+ features regardless of whether the PC meets those requirements, but that should change later this year.

Original Submission

Arthur T Knackerbracket has processed the following story:

The US Public Interest Research Group (US PIRG), a federation of public interest advocacy groups, has asked the FCC to halt low Earth orbit (LEO) satellite launches until the environmental consequences of space pollution can be better managed.

Those concerns were underscored on Thursday when one of China's Long March 6A rockets broke apart in LEO after deploying 18 satellites for Shanghai Spacecom Satellite Technology group's Thousand Sails constellation. Reports suggest as many as 900 pieces of debris were scattered as a result of the disintegration.

US Space Command said at least 300 pieces are large enough to be tracked, each being 10cm (4 inches) or more across, though added it has observed no "immediate threats."

China hopes to put as many as 15,000 broadband-relaying sats into orbit in that Qianfan constellation.

Writing last week, US PIRG directed its concern at SpaceX, dubbing Elon Musk's rocket show "WasteX" for the "mega-constellations" of communications satellites shot into the sky by the Texas-based firm's Starlink subsidiary.

"Over just five years Starlink has launched more than 6,000 units and now make up more than 60 percent of all satellites," said Lucas Gutterman, director of the US PIRG Education Fund's Designed to Last project, in an online article. "The new space race took off faster than governments were able to act."