We present Wi-Peep – a new location-revealing privacy attack on non-cooperative Wi-Fi devices. Wi-Peep exploits loopholes in the 802.11 protocol to elicit responses from Wi-Fi devices on a network that we do not have access to. It then uses a novel time-of-flight measurement scheme to locate these devices. Wi-Peep works without any hardware or software modifications on target devices and without requiring access to the physical space that they are deployed in. Therefore, a pedestrian or a drone that carries a Wi-Peep device can estimate the location of every Wi-Fi device in a building. Our Wi-Peep design costs $20 and weighs less than 10 g. We deploy it on a lightweight drone and show that a drone flying over a house can estimate the location of Wi-Fi devices across multiple floors to meter-level accuracy. Finally, we investigate different mitigation techniques to secure future Wi-Fi devices against such attacks.
The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.
The goal is to assess UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture.
“These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact,” the agency said.
“The NCSC uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure, and track their remediation over time.”
NCSC’s scans are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246 and 35.177.10.231).
The agency says that all vulnerability probes are tested within its own environment to detect any issues before scanning the UK Internet.
“We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose,” NCSC technical director Ian Levy explained.
“We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”
How to opt out of vulnerability probes
Data collected from these scans includes any data sent back when connecting to services and web servers, such as the full HTTP responses (including headers).
Requests are designed to harvest the minimum amount of info required to check if the scanned asset is affected by a vulnerability.
If any sensitive or personal data is inadvertently collected, the NCSC says it will “take steps to remove the data and prevent it from being captured again in the future.”
British organizations can also opt out of having their servers scanned by the government by emailing a list of IP addresses they want to be excluded at scanning@ncsc.gov.uk.
“Microsoft’s GitHub Copilot is being sued in a class action lawsuit that claims the AI product is committing software piracy on an unprecedented scale,” reports IT Pro.
Programmer/designer Matthew Butterick filed the case Thursday in San Francisco, saying it was on behalf of millions of GitHub users potentially affected by the $10-a-month Copilot service: The lawsuit seeks to challenge the legality of GitHub Copilot, as well as OpenAI Codex which powers the AI tool, and has been filed against GitHub, its owner Microsoft, and OpenAI…. “By training their AI systems on public GitHub repositories (though based on their public statements, possibly much more), we contend that the defendants have violated the legal rights of a vast number of creators who posted code or other work under certain open-source licences on GitHub,” said Butterick.
These licences include a set of 11 popular open source licences that all require attribution of the author’s name and copyright. This includes the MIT licence, the GNU General Public Licence, and the Apache licence. The case claimed that Copilot violates and removes these licences offered by thousands, possibly millions, of software developers, and is therefore committing software piracy on an unprecedented scale.
Copilot, which is entirely run on Microsoft Azure, often simply reproduces code that can be traced back to open-source repositories or licensees, according to the lawsuit. The code never contains attributions to the underlying authors, which is in violation of the licences. “It is not fair, permitted, or justified. On the contrary, Copilot’s goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall….” Moreover, the case stated that the defendants have also violated GitHub’s own terms of service and privacy policies, the DMCA code 1202 which forbids the removal of copyright-management information, and the California Consumer Privacy Act.
The lawsuit also accuses GitHub of monetizing code from open source programmers, “despite GitHub’s pledge never to do so.”
And Butterick argued to IT Pro that “AI systems are not exempt from the law… If companies like Microsoft, GitHub, and OpenAI choose to disregard the law, they should not expect that we the public will sit still.” Butterick believes AI can only elevate humanity if it’s “fair and ethical for everyone. If it’s not… it will just become another way for the privileged few to profit from the work of the many.”
The article adds that this lawsuit “comes at a time when Microsoft is looking at developing Copilot technology for use in similar programmes for other job categories, like office work, cyber security, or video game design, according to a Bloomberg report.”
Qualcomm and Arm have been engaged in one of those very entertainingly bitter court fist-fights that the industry throws up when friends fall out over money. Briefly, Qualcomm builds its mobile device chips around Arm, for which it pays Arm a lot of money. Qualcomm bought another Arm-licensed company, Nuvia, and inherited Nuvia’s own Arm deals and derived IP. Arm said ‘Nu-uh, can’t do that.’ And into court they tumbled.
This sort of thing is normally lawyers locking horns over profit. Sometimes, though, it feels more like a fight to the death – and in this case, Qualcomm is making the case that a lot more than the details of per-chip licensing costs are involved. It says that Arm is about to make huge changes to its business model, imposing savage new restrictions on how its IP is used and making all its money from device makers, not chip companies. Which would cut Qualcomm off at the knees, if true.
[…]
The move to license device makers instead of chip makers would be massively complicated for everyone, and would give Arm much more power by not having to negotiate with a few very large concerns but a much more diverse market with many smaller clients. Doubtless the market regulators would be very interested in that, but it’s not quite world-beating suicidal madness.
World-beating suicidal madness comes with the other idea – that Arm would refuse to license a design that didn’t use purely Arm intellectual property. You want a GPU design to go with the CPU? Arm. An AI accelerator? Arm or nothing.
The chip industry has always had a fondness for these sorts of shenanigans, but has known better than to write them down. You want a particular CPU? Terribly sorry, but there’s a really long lead time on that part – unless you also buy the rest of our support chips… then we can do business. It’s unethical, usually illegal, and even the biggest names look the other way when their sales teams do it.
[…] Qualcomm’s amended response to Arm’s lawsuit against the US chip giant. Arm is right now trying to stop Qualcomm from developing custom Arm-compatible processors using CPU core designs Qualcomm obtained via its acquisition of Nuvia. According to Arm, Qualcomm should have got, and failed to get, Arm’s permission to absorb Nuvia’s technologies, which were derived from Arm-licensed IP.
Qualcomm counterclaimed that Arm tried to demand at least “tens of millions” of dollars in transfer fees and extra royalties for using the newly acquired Nuvia designs.
[…]
Qualcomm states in its filing [PDF] that Arm has signaled it “will no longer license CPU technology to semiconductor companies” once existing agreements expire.
This would be an incredible transformation for Softbank-owned Arm: how exactly would Arm-based chips get into devices if no more Arm technology licenses are issued to chip designers … unless, perhaps, Arm starts making its own chips, which it’s previously said it has no appetite for, or it gets certain chip designers to make pure Arm-designed processors for it, and the makers of the end products using these components get charged a royalty per device.
In response to Qualcomm’s filing, Arm’s veep of external communication Phil Hughes didn’t directly address the allegations about licensing changes, but said the filing is “riddled with inaccuracies, and we will address many of these in our formal legal response that is due in the coming weeks.”
[…]
Thus, Qualcomm is claiming a whole range of manufacturers – from those in the embedded electronics space to personal computing – using Arm-compatible chips may need to directly pay Arm a royalty for every device sold. And if they don’t, they’ll need to shop elsewhere for a system-on-chip architecture, which could be unfortunate for them because Arm has few rivals. In fields like smartphones, few alternatives exist. Ironically, Qualcomm acquired Nuvia to make itself a better alternative to Intel and AMD in laptops.
[…]
The language in Qualcomm’s filing is specific and nuanced. It talks of threats by Arm, and Arm indicating it intends to do certain things. At first read, Qualcomm’s filing appears to state outright that Arm will change its business model; on second read, it appears more that Qualcomm is claiming Arm is threatening it will overhaul its licensing approach – to the detriment of Qualcomm – so as to scare Qualcomm into agreeing to Arm’s terms regarding the Nuvia acquisition and its licensed technologies.
Qualcomm previously complained Arm is trying to steer it onto higher royalty rates, by making it renegotiate its licensing agreements following the acquisition of Nuvia and its Arm-derived technologies.
Meanwhile, no matter how unfair Qualcomm believes Arm has acted, Qualcomm still has to answer Arm’s initial complaint: that Qualcomm transferred Nuvia’s Arm license and Arm-derived technology to itself after the acquisition, whereas the fine print of Nuvia’s agreement with Arm is that any such transfer must be negotiated with Arm, and that Qualcomm allegedly failed to do so and is in breach of contract.
Qualcomm says this assertion is simply wrong.
Whatever happens, this case has the potential to shine a light into some dark corners of the semiconductor industry – and this filing suggests whatever we find down there will be fascinating
Less than 1% of used clothing gets recycled into new garments, overwhelming countries like Ghana with discards. From a report: It’s a disaster decades in the making, as clothing has become cheaper, plentiful and ever more disposable. Each year the fashion industry produces more than 100 billion apparel items, roughly 14 for every person on Earth and more than double the amount in 2000. Every day, tens of millions of garments are tossed out to make way for new, many into so-called recycling bins. Few are aware that old clothes are rarely recycled into new ones because the technology and infrastructure don’t exist to do that at scale.
Instead, discarded garments enter a global secondhand supply chain that works to prolong their life, if only a little, by repurposing them as cleaning rags, stuffing for mattresses or insulation. But the rise of fast fashion — and shoppers’ preference for quantity over quality — has led to a glut of low-value clothing that threatens to tank the economics of that trade and inordinately burdens developing countries. Meanwhile, the myth of circularity spreads, shielding companies and consumers from the inconvenient reality that the only way out of the global textile waste crisis is to buy less, buy better and wear longer. In other words, to end fast fashion.
[…] Globally, less than 1% of used clothing is actually remade into new garments, according to the Ellen MacArthur Foundation, a UK nonprofit. (In contrast, 9% of plastic and about half of paper gets recycled.) The retailers have vowed that what they collect will never go to landfill or waste. But the reality is far messier. Garments dropped at in-store take-back programs enter the multibillion-dollar global secondhand supply chain, joining a torrent of discards from charity bins, thrift stores and online resale platforms like ThredUp and Sellpy. The complex task of sorting through that waste stream falls to a largely invisible global industry of brokers and processors. Their business depends on exporting much of the clothing to developing countries for rewear. It’s the most profitable option and, in theory, the most environmentally responsible, because reusing items consumes less resources than recycling them.
[…]An important clinical trial is now underway in the UK. The study is the first to transfuse red blood cells grown in the lab from donated stem cells into humans. Should this research pay off, these blood cells would be incredibly valuable for people with rare blood types, though they wouldn’t replace the need for traditional blood donation.
The RESTORE trial, as it’s known, is being conducted by scientists from the UK’s National Health Services and various universities. At least 10 healthy volunteers are expected to be enrolled in the study. All of them will receive two mini-transfusions, spaced four months apart and in random order, of the lab-grown blood cells and standard cells, both of which are derived from the same donor. As of early Monday, two participants have already gotten the lab-grown blood cells and so far appear to have experienced no side-effects.
The first-of-its-kind experiment is a Phase I trial, meaning that it’s primarily designed to test the safety of a novel or experimental treatment. But the lab-grown cells are theoretically fresher than the mix of newer and older blood cells taken from a typical blood donation (on average, red blood cells live for about 120 days). So the researchers are hoping that the lab-grown cells survive longer than the standard cells in their recipients.
“If our trial, the first such in the world, is successful, it will mean that patients who currently require regular long-term blood transfusions will need fewer transfusions in [the] future, helping transform their care,” said chief researcher Cedric Ghevaert, a hematologist and a professor in transfusion medicine at the University of Cambridge, in a statement released by the NHS.
[…]
Should this project turn out to be a success, lab grown blood cells still won’t replace the donated supply anytime soon. The team’s process is much less efficient than what the human body can do. Currently, for instance, they need about 24 liters of their nutrient solution to filter out one to two tablespoons of red blood cells. Meanwhile, about 45% of our blood is composed of red blood cells.
Even if mass-produced lab-grown blood cells are a far off possibility, they may still be able to help many people in the near future. This technology could one day provide a more reliable and longer-lasting supply of blood cells to people who have a rare mix of blood types or who have developed conditions that make it difficult to receive standard transfusions, such as sickle cell disease.
A new experiment has shown that zapping clouds with electrical charge can alter droplet sizes in fog or, potentially, help a constipated cloud to rain.
Last year Giles Harrison, from the University of Reading, and colleagues from the University of Bath, spent many early mornings chasing fogs in the Somerset Levels, flying uncrewed aircraft into the gloop and releasing charge. Their findings, published in Geophysical Research Letters, showed that when either positive or negative charge was emitted, the fog formed more water droplets.
“Electric charge can slow evaporation, or even – and this is always amazing to me – cause drops to explode because the electric force on them exceeds the surface tension holding them together,” said Harrison.
The findings could be put to good use in dry regions of the world, such as the Middle East and north Africa, as a means of encouraging clouds to release their rain. Cloud droplets are larger than fog droplets and so more likely to collide, and Harrison and his colleagues believe that adding electrical charge to a cloud could help droplets to stick together and become more weighty.
China’s government-owned utility State Power Investment Corporation (SPIC) has launched the world’s first commercial offshore floating solar that’s paired with an offshore wind turbine.
SPIC is one of five major electrical utility companies in China, and the world’s largest photovoltaic power generation enterprise. The pilot is located off the coast of Haiyang, a city in Shandong, eastern China.
The project uses Norway-based Ocean Sun‘s patented floating solar power technology.
The two solar floaters (see the photo above) have an installed capacity of 0.5 megawatts peak. They’re connected to a transformer on a SPIC-owned wind turbine and then a subsea cable runs from the wind turbine to the power grid.
If the pilot is successful, the plan is to build a 20 MW floating wind-solar farm in 2023 using Ocean Sun’s technology.
Ocean Sun signed an agreement to license its proprietary floating solar technology for the project in July. This project is fully funded by SPIC, and Ocean Sun’s first “truly offshore installation.”
In July, Børge Bjørneklett, CEO and founder of Ocean Sun, said [translation edited for clarity]:
Shandong Province is projecting 42GW of floating solar installations in the next few years, and Ocean Sun will now be a contender for some of this volume. These waters see challenging annual typhoons, and all involved parties are aware of the risks. Ocean Sun will improve our product with learnings from this exposed site.
A wind-solar hybrid system potentially offers the advantage of improving power output reliability. Solar peaks during the day, and whereas offshore wind turbines typically generate most of their power in the afternoon and evening.
The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web.
The miscreant then repeatedly tried to log into the contractor’s Uber account, triggering the two-factor login approval request that the contractor initially denied, blocking access. However, eventually the contractor accepted one of many push notifications, enabling the attacker to log into the account and get access to Uber’s corporate network, systems, and data.
[…]
Microsoft and Cisco Systems were also victims of MFA fatigue – also known as MFA spamming or MFA bombing – this year, and such attacks are rising rapidly. According to Microsoft, between December 2021 and August, the number of multi-factor MFA attacks spiked. There were 22,859 Azure Active Directory Protection sessions with multiple failed MFA attempts last December. In August, there were 40,942.
[…]
In an MFA fatigue situation, the attacker uses the stolen credentials to try to sign into an protected account over and over, overwhelming the user with push notifications. The user may initially tap on the prompt saying it isn’t them trying to sign in, but eventually they wear down from the spamming and accept it just to stop their phone going off. They may assume it’s a temporary glitch or an automated system causing the surge in requests.
[…]
sometimes the attacker will pose as part of the organization’s IT staff, messaging the employee to accept the access attempt.
[…]
Ensuring authentication apps can’t be fat-fingered and requests wrongly accepted before they can be fully evaluated, for instance, would be handy. Adding intelligent handling of logins, so that there’s a cooling off period after a bout of MFA spam, is, again, useful, too.
And on top of this, some forms of MFA, such as one-time authentication tokens, can be phished along with usernames and passwords to allow a miscreant to login as their victim. Finding and implementing a phish-resistant MFA approach is something worth thinking about.
[…]
Some companies are on the ball. Microsoft, for instance, is making number matching a default feature in its Authenticator app. This requires a user who responds to an MFA push notification using the tool to type in a number that appears on their device’s screen to approve a login. The number will only be sent to users who have been enabled for number matching, according to Microsoft.
They’re also adding other features to Authenticator, including showing users what application they’re signing into and the location of the device, based on its IP address, that is being used for signing in. If the user is in California but the device is in Europe, that should raise a big red flag. That also ought to be automatically caught by authentication systems, too.
[…]
As to limiting the number of unsuccessful MFA authentication requests: Okta limits that number to five; Microsoft and Duo offer organizations the ability to implement it in their settings and adjust the number of failed attempts before the user’s account is automatically locked. With Microsoft Authenticator, enterprises also can set the number of minutes before an account lockout counter is reset.
Back in 2013, Techdirt wrote about “the monster lurking inside free trade agreements”. Formally, the monster is known as Investor-State Dispute Settlement (ISDS), but here on Techdirt we call it “corporate sovereignty“, because that is what it is: a system of secret courts that effectively places companies above a government, by allowing them to sue a nation if the latter takes actions or brings in laws that might adversely affect their profits.
In 2015, we warned that corporate sovereignty would threaten EU plans to protect the environment in the TAFTA/TTIP trade deal between the US and the EU. TAFTA/TTIP never happened, but fossil fuel companies were able to to use other treaties to demand over $18 billion as “compensation” for the potential loss of future profits as the result of increasing government action to tackle climate change.
Chief among those treaties with corporate sovereignty provisions was the Energy Charter Treaty (ECT), which is designed to protect investments in the energy sector. Research by the International Institute for Sustainable Development (IISD) shows that the fossil fuel industry accounts for almost 20% of known ISDS cases, making it the most litigious group. Recently there has been a wave of corporate sovereignty cases brought by fossil fuel companies, with most settled in their favor. The average amount awarded was over $600 million, almost five times the amount given in non-fossil fuel cases.
It has become clear that corporate sovereignty represents a serious threat to countries’ plans to tackle the climate crisis. The obvious solution is simply to withdraw from the ECT, but there’s a problem. Article 47 of the treaty states:
The provisions of this Treaty shall continue to apply to Investments made in the Area of a Contracting Party by Investors of other Contracting Parties or in the Area of other Contracting Parties by Investors of that Contracting Party as of the date when that Contracting Party’s withdrawal from the Treaty takes effect for a period of 20 years from such date.
This “sunset clause” means any of the 53 signatories to the ECT can be sued in the secret ISDS courts for 20 years after withdrawing from the treaty. As a result of this, the EU in particular has been pushing for the ECT to be “modernized”, and recently announced an “agreement in principle” to achieve that. However, it still contains a corporate sovereignty tribunal system:
The modernised ECT will allow the Contracting Parties to exclude new fossil fuel related investments from investment protection and to phase out protection for the already existing investments. This phasing out of protection for fossil fuel investments will take place within a shorter timeframe than in the case of a withdrawal from the ECT, for both existing and new investments: existing fossil fuel investments will be phased out after 10 years under modernised rules (instead of 20 years under current rules) and new investment in fossil fuels will be excluded after 9 months.
Countries that later withdraw from the modernized ECT can be sued for 10 years, rather than the current 20 years. Several EU countries have decided that is not good enough, and have announced their intention to withdraw from the treaty immediately, as Politico reports:
Spain, the Netherlands and Poland have all declared their intention to exit the Energy Charter Treaty (ECT). Italy left in 2015. Germany, France and Belgium are examining their options, officials from those countries said.
France has confirmed that it will be pulling out, as has Belgium. For those countries that leave before the “modernized” ECT comes into force, companies can potentially use the sunset clause to sue them during the full 20 years afterwards. The only solution that addresses the serious threat of corporate sovereignty is to remove the sunset clause completely from the ECT. According to one analysis from the IISD, that’s possible if a group of ECT’s contracting parties agree to the move amongst themselves (“inter se”) as part of a joint withdrawal:
There is a legal basis for a withdrawal from the ECT with an inter se neutralization of the survival clause. In contrast to the continued protection of existing and certain future fossil fuel investments under the EU’s amendment proposal, such a withdrawal would put an immediate end to treaty-based fossil fuel protection and ISDS among all withdrawing states. In the short term, this would significantly reduce ISDS risks, given that 60% of the cases based on the ECT are intra-EU. It would also enable the EU and its member states to comply with the EU’s climate objectives and EU law. If further contracting states were to join, the ISDS risk to strong climate action would be further reduced and could pave the way for a fresh, unencumbered negotiation of a truly modern energy treaty that would support the expedited phase-out from fossil fuels and the transition to renewable energy.
It’s an imperfect solution, but better than the half-hearted “modernized” ECT proposed by the EU. The current mess shows that the issue should have been addressed ten years ago, when the problems of the “lurking monster” of corporate sovereignty first became apparent.
Dr. Bik is a microbiologist who has worked at Stanford University and for the Dutch National Institute for Health who is “blessed” with “what I’m told is a better-than-average ability to spot repeating patterns,” according to their new Op-Ed in the New York Times.
In 2014 they’d spotted the same photo “being used in two different papers to represent results from three entirely different experiments….” Although this was eight years ago, I distinctly recall how angry it made me. This was cheating, pure and simple. By editing an image to produce a desired result, a scientist can manufacture proof for a favored hypothesis, or create a signal out of noise. Scientists must rely on and build on one another’s work. Cheating is a transgression against everything that science should be. If scientific papers contain errors or — much worse — fraudulent data and fabricated imagery, other researchers are likely to waste time and grant money chasing theories based on made-up results…..
But were those duplicated images just an isolated case? With little clue about how big this would get, I began searching for suspicious figures in biomedical journals…. By day I went to my job in a lab at Stanford University, but I was soon spending every evening and most weekends looking for suspicious images. In 2016, I published an analysis of 20,621 peer-reviewed papers, discovering problematic images in no fewer than one in 25. Half of these appeared to have been manipulated deliberately — rotated, flipped, stretched or otherwise photoshopped. With a sense of unease about how much bad science might be in journals, I quit my full-time job in 2019 so that I could devote myself to finding and reporting more cases of scientific fraud.
Using my pattern-matching eyes and lots of caffeine, I have analyzed more than 100,000 papers since 2014 and found apparent image duplication in 4,800 and similar evidence of error, cheating or other ethical problems in an additional 1,700. I’ve reported 2,500 of these to their journals’ editors and — after learning the hard way that journals often do not respond to these cases — posted many of those papers along with 3,500 more to PubPeer, a website where scientific literature is discussed in public….
Unfortunately, many scientific journals and academic institutions are slow to respond to evidence of image manipulation — if they take action at all. So far, my work has resulted in 956 corrections and 923 retractions, but a majority of the papers I have reported to the journals remain unaddressed.
Manipulated images “raise questions about an entire line of research, which means potentially millions of dollars of wasted grant money and years of false hope for patients.” Part of the problem is that despite “peer review” at scientific journals, “peer review is unpaid and undervalued, and the system is based on a trusting, non-adversarial relationship. Peer review is not set up to detect fraud.”
But there’s other problems. Most of my fellow detectives remain anonymous, operating under pseudonyms such as Smut Clyde or Cheshire. Criticizing other scientists’ work is often not well received, and concerns about negative career consequences can prevent scientists from speaking out. Image problems I have reported under my full name have resulted in hateful messages, angry videos on social media sites and two lawsuit threats….
Things could be about to get even worse. Artificial intelligence might help detect duplicated data in research, but it can also be used to generate fake data. It is easy nowadays to produce fabricated photos or videos of events that never happened, and A.I.-generated images might have already started to poison the scientific literature. As A.I. technology develops, it will become significantly harder to distinguish fake from real.
Science needs to get serious about research fraud.
Among their proposed solutions? “Journals should pay the data detectives who find fatal errors or misconduct in published papers, similar to how tech companies pay bounties to computer security experts who find bugs in software.”
Certain star clusters do not seem to be following current understandings of Isaac Newton’s laws of gravity, according to new research published on Wednesday.
The study, published in the Monthly Notices of the Royal Astronomical Society, analyzed open star clusters which are formed when thousands of stars are born in a short time period in a huge gas cloud.
As the stars are born, they blow away the remnants of the gas cloud, causing the cluster to expand and create a loose formation of dozens to thousands of stars held together by weak gravitational forces.
As the clusters dissolve, the stars accumulate on two “tidal tails:” one pulled behind the cluster and the other pushed forward.
“According to Newton’s laws of gravity, it’s a matter of chance in which of the tails a lost star ends up,” explains Dr. Jan Pflamm-Altenburg of the Helmholtz Institute of Radiation and Nuclear Physics at the University of Bonn. “So both tails should contain about the same number of stars. However, in our work we were able to prove for the first time that this is not true: In the clusters we studied, the front tail always contains significantly more stars nearby to the cluster than the rear tail.”
Dr. Tereza Jerabkova, a co-author of the paper, explained that it is very difficult to determine which stars belong to which tail.
“To do this, you have to look at the velocity, direction of motion and age of each of these objects,” said Jerabkova, who managed to develop a method to accurately count the stars for the first time using data from the European Space Agency’s Gaia mission.
The perks of a modified theory
When the researchers looked at the data, they found that it did not fit Newton’s law of gravity and instead fit better with an alternate theory called Modified Newtonian Dynamics (MOND).
“Put simply, according to MOND, stars can leave a cluster through two different doors,” explained Prof. Dr. Pavel Kroupa of the Helmholtz Institute of Radiation and Nuclear Physics. “One leads to the rear tidal tail, the other to the front. However, the first is much narrower than the second – so it’s less likely that a star will leave the cluster through it. Newton’s theory of gravity, on the other hand, predicts that both doors should be the same width.”
The researchers simulated the stellar distribution expected according to the MOND theory and found that it lined up well with what they observed in the data from the Gaia mission.
Dr. Ingo Thies, who played a key role in the simulations, explained that the researchers needed to rely on relatively simple computational methods in the study since currently there are no mathematical tools for more detailed analyses of the MOND theory.
The simulations also coincided with the Gaia data in terms of how long the star clusters typically survive, which is much shorter than would be expected according to Newton’s laws.
“This explains a mystery that has been known for a long time,” said Kroupa. “Namely, star clusters in nearby galaxies seem to be disappearing faster than they should.”
The MOND theory is controversial as modifications to Newton’s laws of gravity would have far-reaching consequences for other areas of physics as well, although they would solve many problems facing cosmology.
Amazon didn’t protect one of its internal servers, allowing anyone to view a database named “Sauron” which was full of Prime Video viewing habits.
As TechCrunch reports(Opens in a new window), the unprotected Elasticsearch database was discovered by security researcher Anurag Sen(Opens in a new window). Contained within the database, which anyone who knew the IP address could access using a web browser, were roughly 215 million records of Prime Video viewing habit information. The data included show/movie name, streaming device used, network quality, subscription details, and Prime customer status.
Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile.
A Whitehall source said all ministers involved in national security would be expected to attend fresh training with the security services this week ‘to ensure everyone is aware how this material should be handled’.
Ministers will be warned they should never use their personal mobile phones to conduct Government business as they are likely to be the target of hostile states such as Russia, China, North Korea and Iran.
Pauline Neville-Jones, former chairman of Britain’s joint intelligence committee, yesterday said she was ‘not at all tolerant of the notion that it’s OK for ministers to use private mobile phones’.
The warnings follow astonishing revelations in yesterday’s Mail on Sunday that Miss Truss’s personal mobile was spied on by hackers thought to be working for Moscow while she was foreign secretary.
Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile
The hack was discovered during the Tory leadership contest in the summer, but a news blackout was ordered by Boris Johnson and Cabinet Secretary Simon Case. Even MPs and officials with top level security clearance were kept in the dark.
Miss Truss is said to have been so worried about the potential damage to her leadership bid that she ‘had trouble sleeping’ until the news was suppressed.
Messages dating back up to a year are thought to have been downloaded, including highly sensitive discussions with fellow foreign ministers about issues such as arms shipments to Ukraine.
Hacked messages are said to have included private criticisms of Mr Johnson by Miss Truss and Kwasi Kwarteng, potentially opening them up to blackmail attempts at a time when they were both senior ministers in his government.
Parliamentary sources yesterday said the shocking incident was now likely to be investigated by the Intelligence and Security Committee, which oversees the work of the security services.
It’s been nearly a decade since the Pebble smartwatch started shipping to backers of its wildly successful initial Kickstarter campaign, but there’s still life in the ol’ dog yet. The wearables are now compatible with Pixel 7 and Pixel 7 Pro, as well as 64-bit-only Android devices that will arrive later.
As noted by Ars Technica, Katharine Berry, who works on Wear OS and is a prominent member of the Rebble group that’s keeping the Pebble ecosystem alive, wrote that the latest Pebble update comes four years after the previous one. The last update allowed for many of the Pebble app’s functions to run on independent servers. Fitbit, which Google has since bought, shut down Pebble’s servers in 2018, two years after buying some of the smartwatch maker’s assets.
Along with Pixel 7 compatibility, the latest update also improves Caller ID reliability on recent versions of Android. While the app isn’t available on the Google Play Store, the APK is signed with official Pebble keys and retains Google Fit integration, Berry noted.
It’s amazing how amazed the writer of this article is that there are still updates for 10 year old hardware. Shouldn’t it be the norm that hardware is supported for as long as it works – and that should be in the 30/40 year range instead of the 2/3 year range?
The study, published today in Science, was led by Finland’s Aalto University and resulted in a powerful, ultra-tiny spectrometer that fits on a microchip and is operated using artificial intelligence.
The research involved a comparatively new class of super-thin materials known as two-dimensional semiconductors, and the upshot is a proof of concept for a spectrometer that could be readily incorporated into a variety of technologies—including quality inspection platforms, security sensors, biomedical analyzers and space telescopes.
[…]
Traditional spectrometers require bulky optical and mechanical components, whereas the new device could fit on the end of a human hair, Minot said. The new research suggests those components can be replaced with novel semiconductor materials and AI, allowing spectrometers to be dramatically scaled down in size from the current smallest ones, which are about the size of a grape.
[…]
The device is 100% electrically controllable regarding the colors of light it absorbs, which gives it massive potential for scalability and widespread usability
[…]
In medicine, for example, spectrometers are already being tested for their ability to identify subtle changes in human tissue such as the difference between tumors and healthy tissue.
For environmental monitoring, Minot added, spectrometers can detect exactly what kind of pollution is in the air, water or ground, and how much of it is there.
[…]
“If you’re into astronomy, you might be interested in measuring the spectrum of light that you collect with your telescope and having that information identify a star or planet,” he said. “If geology is your hobby, you could identify gemstones by measuring the spectrum of light they absorb.”
As furious anti-government protests swept Iran, the authorities retaliated with both brute force and digital repression. Iranian mobile and internet users reported rolling network blackouts, mobile app restrictions, and other disruptions. Many expressed fears that the government can track their activities through their indispensable and ubiquitous smartphones.
Iran’s tight grip on the country’s connection to the global internet has proven an effective tool for suppressing unrest. The lack of clarity about what technological powers are held by the Iranian government — one of the most opaque and isolated in the world — has engendered its own form of quiet terror for prospective dissidents. Protesters have often been left wondering how the government was able to track down their locations or gain access to their private communications — tactics that are frighteningly pervasive but whose mechanisms are virtually unknown.
While disconnecting broad swaths of the population from the web remains a favored blunt instrument of Iranian state censorship, the government has far more precise, sophisticated tools available as well. Part of Iran’s data clampdown may be explained through the use of a system called “SIAM,” a web program for remotely manipulating cellular connections made available to the Iranian Communications Regulatory Authority. The existence of SIAM and details of how the system works, reported here for the first time, are laid out in a series of internal documents from an Iranian cellular carrier that were obtained by The Intercept.
According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests — or those of tomorrow — an expert who reviewed the SIAM documents told The Intercept.
“SIAM can control if, where, when, and how users can communicate,” explained Gary Miller, a mobile security researcher and fellow at the University of Toronto’s Citizen Lab. “In this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest.”
[…]
Based on the manuals, SIAM offers an effortless way to throttle a phone’s data speeds, one of roughly 40 features included in the program. This ability to downgrade users’ speed and network quality is particularly pernicious because it can not only obstruct one’s ability to use their phone, but also make whatever communication is still possible vulnerable to interception.
Referred to within SIAM as “Force2GNumber,” the command allows a cellular carrier to kick a given phone off substantially faster, more secure 3G and 4G networks and onto an obsolete and extremely vulnerable 2G connection. Such a network downgrade would simultaneously render a modern smartphone largely useless and open its calls and texts to interception
[…]
downgrading users to a 2G connection could also expose perilously sensitive two-factor authentication codes delivered to users through SMS.
[…]
SIAM also provides a range of tools to track the physical locations of cell users, allowing authorities to both follow an individual’s movements and identify everyone present at a given spot. Using the “LocationCustomerList” command allows SIAM operators to see what phone numbers have connected to specified cell towers along with their corresponding IMEI number, a unique string of numbers assigned to every mobile phone in the world. “For example,” Miller said, “if there is a location where a protest is occurring, SIAM can provide all of the phone numbers currently at that location.”
SIAM’s tracking of unique device identifiers means that swapping SIM cards, a common privacy-preserving tactic, may be ineffective in Iran since IMEI numbers persist even with a new SIM
[…]
user data accessible through SIAM includes the customer’s father’s name, birth certificate number, nationality, address, employer, billing information, and location history, including a record of Wi-Fi networks and IP addresses from which the user has connected to the internet.
[…]
SIAM allows its operators to learn a great deal not just about where a customer has been, but also what they’ve been up to, a bounty of personal data that, Miller said, “can enable CRA to create a social network/profile of the user based on his/her communication with other people.”
By entering a particular phone number and the command “GetCDR” into SIAM, a system user can generate a comprehensive Call Detail Record, including the date, time, duration, location, and recipients of a customer’s phone calls during a given time period. A similar rundown can be conducted for internet usage as well using the “GetIPDR” command, which prompts SIAM to list the websites and other IP addresses a customer has connected to, the time and date these connections took place, the customer’s location, and potentially the apps they opened. Such a detailed record of internet usage could also reveal users running virtual private networks, which are used to cover a person’s internet trail by routing their traffic through an encrypted connection to an outside server. VPNs — including some banned by the government — have become tremendously popular in Iran as a means of evading domestic web censorship.
Though significantly less subtle than being forced onto a 2G network, SIAM can also be used to entirely pull the plug on a customer’s device at will. Through the “ApplySuspIp” command, the system can entirely disconnect any mobile phone on the network from the internet for predetermined lengths of time or permanently. Similar commands would let SIAM block a user from placing or receiving calls.
Despite warnings of Chinese and Russian mischief and manipulation ahead of the US midterm elections, it seems American companies and citizens are perfectly capable of denting democracy on their own.
A Washington judge fined Meta $24.6 million this week after ruling that Facebook intentionally broke [PDF] the state’s campaign finance transparency laws 822 times. This fine was the maximum amount, we’re told, and represents the largest-ever penalty of its kind in the US.
To put the fine in perspective: it’s about half a day of Meta’s quarterly profits, which in these uncertain economic times dropped to $4.4 billion for Q3 this year.
In addition to paying the pocket change, Meta was ordered [PDF] by the judge to reimburse the Washington state attorney general’s costs, and noted these fees should be tripled “as punitive damages for Meta’s intentional violations of state law.”
While the exact amount hasn’t been determined, Attorney General Bob Ferguson said that legal bill totals $10.5 million for Facebook’s “arrogance.” Again, pocket change.
“It intentionally disregarded Washington’s election transparency laws. But that wasn’t enough,” Ferguson said. “Facebook argued in court that those laws should be declared unconstitutional. That’s breathtaking.”
The state requires internet outfits like Meta that display political ads on their websites and in their apps to keep records on these campaigns and make these details publicly available. This includes the cost of the advert and who paid for it along with information on which users were targeted and how far the ads reached.
Meta, which at the time was known as Facebook, repeatedly failed to do this, denying netizens details of who was pushing political ads on them. Specifically, the tech giant did not “maintain and make available for public inspection books of account and related materials” regarding the political ads, according to court documents [PDF] filed in 2020.
[…]
So-called “pink-slime newsrooms” — hyper-partisan publications that are dressed up as independent regional media — are spending millions of dollars on Facebook and Instagram ad campaigns in battleground states in the lead-up to America’s November midterm elections, a NewsGuard Misinformation Monitor found. These ads either push netizens to obviously left or right-leaning articles, or are snippets of articles contained within the ad.
Four of these outlets, some backed by Republican and others Democratic donors, have collectively spent $3.94 million on ad campaigns running simultaneously on Meta’s platforms so far in 2022, according to an investigation by the media trust org. The ad content or the articles they link to are at best highly partisan, and at worse play fast and loose with the truth to push a point. The goal, it seems, is to get people fired up enough to vote for one particular side, while appearing to be published by a normal media operation rather than a political campaign.
[…]
Their strategy seems to work, too. One of the publishers, Courier Newsroom, in an August 2022 case study, touted spending $49,000 on Facebook ads targeting 12 Iowa counties ahead of the state’s June 2022 primary election. The political spending resulted in 3,300 more votes, which NewsGuard suggested likely went to Democrats.
last December when the lander detected a massive quake on Mars.
Now, scientists know what caused the red planet to rumble. A meteoroid slammed into Mars 2,174 miles (3,500 kilometers) away from the lander and created a fresh impact crater on the Martian surface.
The ground literally moved beneath InSight on December 24, 2021, when the lander recorded a magnitude 4 marsquake. Before and after photos captured from above by the Mars Reconnaissance Orbiter, which has been circling Mars since 2006, spotted a new crater this past February.
Before and after photos taken by the Mars Reconnaissance Orbiter show where a meteoroid slammed into Mars on December 24, 2021.
NASA/JPL-Caltech/MSSS
When scientists connected the dots from both missions, they realized it was one of the largest meteoroid strikes on Mars since NASA began studying the red planet. Images from the orbiter’s two cameras showed the blast zone of the crater, which allowed scientists to compare it with the epicenter of the quake detected by InSight.
The journal Science published two new studies describing the impact and its effects on Thursday.
The space rock also revealed boulder-size ice chunks when it slammed into Mars. They were found buried closer to the warm Martian equator than any ice that has ever been detected on the planet.
Boulder-size ice chunks can be seen scattered around and outside the new crater’s rim.
NASA/JPL-Caltech/University of Arizona
“The image of the impact was unlike any I had seen before, with the massive crater, the exposed ice, and the dramatic blast zone preserved in the Martian dust,” said Liliya Posiolova, orbital science operations lead for the orbiter at Malin Space Science Systems in San Diego, in a statement.
[…]
When the meteoroid crashed into Mars, it created a crater in the planet’s Amazonis Planitia region spanning 492 feet (150 meters) across and 70 feet (21 meters) deep. Some of the material blasted out of the crater landed as far as 23 miles (37 kilometers) away. Teams at NASA also captured sound from the impact, so you can listen to what it sounds like when a space rock hits Mars.
The images captured by the orbiter, along with seismic data recorded by InSight, make the impact one of the largest craters in our solar system ever observed as it was created. Mars is littered with massive craters, but they’re much older than any mission to explore the red planet.
[…]
Ice beneath the Martian surface could be used for drinking water, rocket propellant and even growing crops and plants by future astronauts. And the fact that the ice was found so near the equator, the warmest region on Mars, might make it an ideal place to land crewed missions to the red planet.
[…]
Sadly, InSight’s mission is running out of time. Increasing amounts of dust have settled on the lander’s solar panels, only exacerbated by a continent-size dust storm detected on Mars in September, and its power levels keep dropping.
The beige clouds are a continent-size dust storm imaged by the Mars Reconnaissance Orbiter on September 29. The locations of the Perseverance, Curiosity and InSight missions are also labeled.
NASA/JPL-Caltech/MSSS
Fortunately, the storm didn’t pass over InSight directly — otherwise, the darkness of the storm would have ended the mission. But the weather event has kicked a lot of dust up into the atmosphere, and it has cut down the amount of sunlight reaching InSight’s solar panels, said Bruce Banerdt, InSight principal investigator at NASA’s Jet Propulsion Laboratory in Pasadena, California.
InSight lander’s final selfie on Mars shows why its mission is ending
The mission scientists estimate InSight will likely shut down in the next six weeks, ending a promising mission to unlock the interior of Mars.
if you’ve been paying attention over the last couple of years, anti-cheat software is quickly becoming the new DRM. Access to root layers of the computer complaints, complaints about performance effects, complaints about how the software tracks customer behavior, and now finally we have the good old “software isn’t letting me play my game” type of complaint. This revolves around Kotaku’s Luke Plunkett, whose writing I’ve always found valuable, attempting to review EA’s latest FIFA game.
I have reviewed FIFA in some capacity on this website for well over a decade, but regular readers who are also football fans may have noticed I haven’t said a word about it this year. That’s because, over a month after the PC version’s release, I am still locked out of it thanks to a broken, over-zealous example of anti-cheat protection.
Publisher EA uses Easy Anti-Cheat, which has given me an error preventing me from even launching the game that every published workaround—from running the program as an administrator to disabling overlays (?) to editing my PC’s bios (??!!)—hasn’t solved. And so for one whole month, a game that I own and have never cheated at in my life, remains unplayable. I’ve never even made it to the main menu.
Well, gosh golly gee, that sure seems like a problem. And Plunkett isn’t your average FIFA customer. He’s a professional in the gaming journalism space and has reviewed a metric ton of games in the past. If he can’t get into the game due to this anti-cheat software, what hope does the average gamer have?
He goes on to note that FIFA isn’t the only game with this problem. EA also published Battlefield 2042, which Plunkett notes at least lets him boot into the game menu and allows him to play the game for a few minutes before it freezes up entirely. The same anti-cheat software appears to be the issue there as well.
Now, console gamers may chalk this all up to the perils of PC gaming. But that is, frankly, bullshit. This isn’t a hardware problem. It’s a publisher and software problem.
[…]
there’s certainly cheating going on in these games, but it seems like the anti-cheat software is the one cheating customers out of the games they bought.
New, highly detailed images of the artificial islands China has built in the South China Sea have emerged. They show the intricacies of the radar installations, airfields, and naval gun emplacements, among buildings and other structures, located there.
Captured by photographer Ezra Acayan flying in an aircraft near the man-made fortresses in the Spratly Islands, the images are some of the most detailed yet available of what China is up to there and they give a totally new perspective compared to the daily satellite images we see of these locations.
Close-ups of one island in Cuarteron Reef show naval gun emplacements on a series of towers of increasing height, backed by a radar gunnery director. Atop the battlement-like setup is a large radome. The radar’s elevated position would give it a better line of sight over the horizon. These types of weapons installation have been something of a staple at these island outposts. In this case, it looks to host Type 730/1130 close-in weapon system (CIWS) and a H/PJ76 76mm multi-purpose deck gun. These would provide highly-localized defense against low-flying air threats, like cruise missiles, aircraft, and drones, as well as protection against vessels near the island.
An artificial island built by China in Cuarteron Reef on October 25, 2022, in the Spratly Islands, South China Sea. Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
A similar setup is seen on another structure that does not feature the large dome on the other end of the small island.
Photo by Ezra Acayan/Getty Images
What could be a truck-mounted phased array radar is also visible, as are various objects covered with camouflage tarps. The main building is festooned with domes and antennae and also features deck-like extensions with some sort of systems mounted that are also covered. Tall antennas and lines connecting them dot the forested area.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
A wider view shows all these features and a large helipad.
Photo by Ezra Acayan/Getty Images
China has been arming its manufactured islands with weapon systems since not long after they took shape. As we pointed out in this previous piece, these close-in defensive weapons are installed on roughly 30-foot-wide platforms set atop clusters of hexagonal concrete towers, in some cases built near, or as part of, a larger radar system. These images are the best look we have gotten of these structures yet.
Several photos show the finished airfield on the island built out of Fiery Cross Reef. As seen in the image below, the runway is flanked by hangars and a large tower topped with a radome. Nearby is a field of what appear to be communications antennas and another assortment of domes. Across a harbor, another series of domed towers and a four-door garage-like structure on a concrete pad are seen. The exact use of these garages is unclear, but, as we have speculated before, they could be used to house, service, and rapidly deploy transporter-erector-launchers (TELs) used to fire surface-to-air, anti-ship, and/or surface-to-surface missiles.
Another angle on the same island gives a closer look and the relative size and arrangement of additional domes. Various trucks and other systems are also seen.
Photo by Ezra Acayan/Getty Images
Two photos show one of the most built-up areas on Fiery Cross Reef. In them, a KJ-500 airborne early warning and control (AEW&C) aircraft is visible on the taxiway. These and other intelligence-gathering and submarine-hunting airframes frequently operate from the airfield there. You can also see examples of the much larger, multi-story hangars on the island. Along with residential and administrative buildings, Fiery Cross Island also includes a sports track and field, among other living quarters, recreational facilities, and administrative buildings. There is also a red-and-white lighthouse.
Ezra Acayan/Getty Images
Ezra Acayan/Getty Images
A closer look at the same facility shows the smaller hangars and what appears to be a medical landing pad, painted with a red cross. The smaller, more fighter-sized hangars can be seen here too, as well as the terminal building.
Photo by Ezra Acayan/Getty Images
Another full-size runway and airfield are seen in great detail in the photo below of the artificial island on Mischief Reef. An aircraft can be seen inside the open hangar at the top of the image, but it is difficult to identify what type it may be. Something like a Y-9 or another four-engine turboprop aircraft is most likely what is in there. As with most of the photographs, there is little sign of activity on the ground at any of the installations. The images also give a good idea of just how large the airfield is. During a contingency operation, it could be loaded up with dozens of combat aircraft, from fighters to bombers.
Ezra Acayan/Getty Images
Ezra Acayan/Getty Images
A wider-angle view of the same island shows a collection of building at the near end and another array of radome-topped towers at the far end. A large low-slung structure that is covered in grass is also seen in the distance. It is not clear what this would be used for, but weapons storage is one possibility. Beyond the towers, four aids to navigation mark the visibly deeper channel between the island and another section of the reef.
Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
The harbor and part of the living and admin section of Mischief Reef. Notice it is a bit less congested than some of China’s other man-made island layouts. Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
The picture of Mischief Reef above notably shows a pair of Type 022 Houbei class catamaran fast attack missile craft, readily recognizable by their distinct camouflage scheme. The first reports that the People’s Liberation Army Navy had deployed Type 022s to this outpost emerged last year. These boats are relatively small, but can carry up to eight YJ-83 subsonic anti-ship missiles, along with their bow-mounted 30mm H/PJ-13 Gatling-type guns.
A closer look at the two Type 022 Houbei class missile boats seen moored at Mischief Reef. Photo by Ezra Acayan/Getty Images
The image below shows a relatively small artificial island on Hughes Reef, also in the Spratly Islands, with a large tower at one end, a narrow road and what appears to be a helicopter pad in the middle, and a multi-story building at the other end, complete with what looks like a large swimming pool. The main structure is very similar to the one on Cuarteron Reef with similar decks and roof elements. The large square pylons are of interest, although it is not clear what their purpose is or was.
Photo by Ezra Acayan/Getty Images
Another of the smaller man-made islands is on Gaven Reef. It features a very similar central structure, but it also has gun platforms extending from it sporting 76mm deck guns. A harbor area and a handful of large domes are also visible.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Port facilities are visible in the below photo of an artificial island built on Subi Reef. Much undeveloped ground and planted areas are among a large cluster of buildings. The island also features a tall, slender lighthouse at one end, another of the four-door garage-like facilities, and at least one radar dome similar to those seen on other islands.
The artificial island built by China in Subi Reef. Ezra Acayan/Getty Images
Another angle of Subi Reef’s airfield shows the large number of hangars packed into the space, with the same smaller, fighter-sized ones set closer to the runway and the much larger, multi-story hangars set back. Also, note the vehicles seemingly blocking the runway. This could be a normal precaution when planes are nearby, in this case, the camera ship.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Another angle shows the extent of the support buildings and antennas farms.
Photo by Ezra Acayan/Getty Images
A wider angle of the island. Photo by Ezra Acayan/Getty Images
Beijing has aggressively asserted its claim to these and other disputed shoals in the South China Sea. By artificially expanding some existing islands, building new ones, and establishing a permanent military presence, China seeks to solidify these claims, regardless of what the international community or its neighbors think of them.
The reefs are strategically located between countries that contest China’s claim to the region and stake their own assertions on defensive and economic access. Malaysia, the Philippines, and Vietnam all have territorial claims to the areas in which China has built islands and planted its flag.
A map showing Chinese military outposts in the Spratly Islands at the southern end of the South China Sea, including those seen in the pictures in this story, as well as other non-Chinese facilities in the hotly contested region. DOD
China has long sought to create a near-seamless anti-access/area-denial bubble covering almost the entire South China Sea. Building such extensive infrastructure on these manufactured spits of land is a key part of that plan. Aside from short-range weapons like the naval guns visible in these photos, China has deployed longer-range systems to some of these islands. Clearly, their infrastructure was designed to help conceal these mobile systems when not in use or not on high alert and they could pour in additional capabilities with little notice.
As outlined in the newly published National Defense Strategy, the U.S. military considers China the pacing threat as it contemplates potential future conflict. Each U.S. military service is preparing to operate across the vast distances of the Pacific as it challenges Chinese expansionism in the region. The U.S. Navy also takes responsibility for maintaining freedom of navigation through the contested South China Sea, often steaming carrier strike groups and other ships, along with those of allies and partner nations, through the area and within sight of Chinese naval vessels. This has led to some very tense maritime encounters.
With the complex installations seen on its archipelagos of artificial islands, China presents a solid deterrent to challengers of its claims and could rapidly shut down, or at least directly challenge, any movements through the region under threat of activating all its capabilities that can be deployed on and around its island outposts.
“On October 8th, PayPal updated its terms of service agreement to include a clause enabling it to withdraw $2,500 from users’ bank accounts simply for posting anything the company deems as misinformation or offensive,” reports Grit Daily. “Unsurprisingly, the backlash was instant and massive,” causing the company to backtrack on the policy and claim the update was sent out “in error.” Now, after the criticism on social media died down, severalmediaoutlets are reporting that the company quietly reinstated the questionable misinformation fine — even though that itself may be a bit of misinformation. From a report: Apparently, they believed that everyone would just accept their claim and immediately forget about the incident. So the clause that was a mistake and was never intended to be included in PayPal’s terms of service magically ended up back in there once the criticism died back down. That sounds plausible, right? And as for what constitutes a “violation” of the company’s terms of service, the language is so vaguely worded that it could encompass literally anything.
The term “other forms of intolerance” is so broad that it legally gives the company grounds to claim that anyone not fully supporting any particular position is engaging in “intolerance” because the definition of the word is the unwillingness to accept views, beliefs, or behavior that differ from one’s own. So essentially, this clause gives PayPal the perceived right to withdraw $2,500 from users accounts for voicing opinions that PayPal disagrees with. As news of PayPal’s most recent revision spreads, I anticipate that the company’s PR disaster will grow, and with numerous competing payment platforms available today, this could deliver a devastating and well deserved blow to the company. UPDATE: According to The Deep Dive, citing Twitter user Kelley K, PayPal “never removed the $2,500 fine. It’s been there for over a year. All they removed earlier this month was a new section that mentioned misinformation.”
She goes on to highlight the following:
1.) [T]he $2,500 fine has been there since September 2021.
2.) PayPal did remove what was originally item number 5 of the Prohibited Activities annex, the portion that contained the questionable “promoting misinformation” clause that the company claims was an “error.”
3.) [T]he other portion, item 2.f. which includes “other forms of intolerance that is discriminatory,” which some have pointed out may also be dangerous as the language is vague, has always been there since the policy was updated, and not recently added.
NASA’s Lucy spacecraft captured this image (which has been cropped) of the Earth on Oct 15, 2022, as a part of an instrument calibration sequence at a distance of 380,000 miles (620,000 km). The upper left of the image includes a view of Hadar, Ethiopia, home to the 3.2 million-year-old human ancestor fossil for which the spacecraft was named.
Lucy is the first mission to explore the Jupiter Trojan asteroids, an ancient population of asteroid “fossils” that orbit around the Sun at the same distance as Jupiter. To reach these distant asteroids, the Lucy spacecraft’s trajectory includes three Earth gravity assists to boost it on its journey to these enigmatic asteroids.
The image was taken with Lucy’s Terminal Tracking Camera (T2CAM) system, a pair of identical cameras that are responsible for tracking the asteroids during Lucy’s high-speed encounters. The T2CAM system was designed, built and tested by Malin Space Science Systems; Lockheed Martin Integrated the T2CAMs onto the Lucy spacecraft and operates them.
Credits: NASA/Goddard/SwRI
On October 13, 2022, NASA’s Lucy spacecraft captured this image of the Earth and the Moon from a distance of 890,000 miles (1.4 million km). The image was taken as part of an instrument calibration sequence as the spacecraft approached Earth for its first of three Earth gravity assists. These Earth flybys provide Lucy with the speed required to reach the Trojan asteroids — small bodies that orbit the Sun at the same distance as Jupiter. On its 12 year journey, Lucy will fly by a record breaking number of asteroids and survey their diversity, looking for clues to better understand the formation of the solar system.
The image was taken with Lucy’s Terminal Tracking Camera (T2CAM) system, a pair of identical cameras that are responsible for tracking the asteroids during Lucy’s high speed encounters. The T2CAM system was designed, built and tested by Malin Space Science Systems; Lockheed Martin Integrated the T2CAMs onto the Lucy spacecraft and operates them.
A team of researchers from the National University of Singapore (NUS) have made a serendipitous scientific discovery that could potentially revolutionize the way water is broken down to release hydrogen gas—an element crucial to many industrial processes.
The team, led by Associate Professor Xue Jun Min, Dr. Wang Xiaopeng and Dr. Vincent Lee Wee Siang from the Department of Materials Science and Engineering under the NUS College of Design and Engineering (NUS CDE), found that light can trigger a new mechanism in a catalytic material used extensively in water electrolysis, where water is broken down into hydrogen and oxygen. The result is a more energy-efficient method of obtaining hydrogen.
[…]
“We discovered that the redox center for electro-catalytic reaction is switched between metal and oxygen, triggered by light,” said Assoc. Prof. Xue. “This largely improves the water electrolysis efficiency.”
[…]
an accidental power trip of the ceiling lights in his laboratory almost three years ago allowed them to observe something that the global scientific community has not yet managed to do.
Back then, the ceiling lights in Assoc. Prof. Xue’s research lab were usually turned on for 24 hours. One night in 2019, the lights went off due to a power trip. When the researchers returned the next day, they found that the performance of a nickel oxyhydroxide-based material in the water electrolysis experiment, which had continued in the dark, had fallen drastically.
“This drop in performance, nobody has ever noticed it before, because no one has ever done the experiment in the dark,” said Assoc. Prof. Xue. “Also, the literature says that such a material shouldn’t be sensitive to light; light should not have any effect on its properties.”
[…]
With their findings, the team is now working on designing a new way to improve industrial processes to generate hydrogen. Assoc. Prof. Xue is suggesting making the cells containing water to be transparent, so as to introduce light into the water splitting process.
“This should require less energy in the electrolysis process, and it should be much easier using natural light,” said Assoc. Prof. Xue. “More hydrogen can be produced in a shorter amount of time, with less energy consumed.”
[…]
More information: Xiaopeng Wang et al, Pivotal role of reversible NiO6 geometric conversion in oxygen evolution, Nature (2022). DOI: 10.1038/s41586-022-05296-7
The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company’s platforms. The company recognized the issue and fixed it immediately.
Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools.
The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.
Media giant with $6.35 billion in revenue left at least three of its databases open
At least 3TB of sensitive data exposed including Thomson Reuters plaintext passwords to third-party servers
The data company collects is a treasure trove for threat actors, likely worth millions of dollars on underground criminal forums
The company has immediately fixed the issue, and started notifying their customers
Thomson Reuters downplayed the issue, saying it affects only a “small subset of Thomson Reuters Global Trade customers”
The dataset was open for several days – malicious bots are capable of discovering instances within mere hours
Threat actors could use the leak for attacks, from social engineering attacks to ransomware
The naming of ElasticSearch indices inside the Thomson Reuters server suggests that the open instance was used as a logging server to collect vast amounts of data gathered through user-client interaction. In other words, the company collected and exposed thousands of gigabytes of data that Cybernews researchers believe would be worth millions of dollars on underground criminal forums because of the potential access it could give to other systems.
Meanwhile, Thomson Reuters claims that out of three misconfigured servers the team informed the company about, two were designed to be publicly accessible. The third server was a non-production server meant for “application logs from the pre-production/implementation environment.”
[…]
For example, the open dataset held access credentials to third-party servers. The details were held in plaintext format, visible to anyone crawling through the open instance.
[…]
The team also found the open instance to contain login and password reset logs. While these don’t expose either old or new passwords, the logs show the account holder’s email address, and the exact time the password change query was sent can be seen.
Another piece of sensitive information includes SQL (structured query language) logs that show what information Thomson Reuters clients were looking for. The records also include what information the query brought back.
That includes documents with corporate and legal information about specific businesses or individuals. For instance, an employee of a company based in the US was looking for information about an organization in Russia using Thomson Reuters services, only to find out that its board members were under US sanctions over their role in the invasion of Ukraine.
The team has also discovered that the open database included an internal screening of other platforms such as YouTube, Thomson Reuters clients’ access logs, and connection strings to other databases. The exposure of connection strings is particularly dangerous because the company’s internal network elements are exposed, enabling threat actors’ lateral movement and pivoting through Reuter Thomson’s internal systems.
[…]
The team contacted Thomson Reuters upon discovering the leaking database, and the company took down the open instance immediately.
“Upon notification we immediately investigated the findings provided by Cybernews regarding the three potentially misconfigured servers,” a Thomson Reuters representative told Cybernews.
