Before a massive star explodes as a supernova, it convulses and sends its outer layers into space, signalling the explosive energy about to follow. When the star does explode, it sends a shockwave out into its own ejected outer layer, lighting it up as different chemical elements shine with different energies and colours. Intermingled with this is any pre-existing matter near the supernova. The result is a massive expanding shell with filaments and knots of ionized gas, populated by even smaller bubbles.
“With NIRCam’s resolution, we can now see how the dying star absolutely shattered when it exploded, leaving filaments akin to tiny shards of glass behind.”
Danny Milisavljevic, Purdue University
Cassiopeia A exploded about 10,000 years ago, and the light may have reached Earth around 1667. But there’s much uncertainty, and it’s possible that English astronomer John Flamsteed observed it in 1680. It’s also a possibility that it was first observed in 1630. That’s for historians to determine.
But whenever the exact date is, the light has reached us and continues to reach us, making Cassiopeia A an object of astronomical fascination. It’s one of the most-studied SNRs, and astronomers have observed it in multiple wavelengths with different telescopes.
The SNR is about 10 light-years across and is expanding between 4,000 and 6,000 km/second. Some outlying knots are moving much more quickly, with velocities from 5,500?14,500 km/s. The expanding shell is also extremely hot, at about 30 million degrees Kelvin (30 million C/54 million F.)
The JWST’s NIRCam high-resolution image of Cass. A reveals intricate detail that remains hidden from other telescopes. Image Credit: NASA, ESA, CSA, STScI, Danny Milisavljevic (Purdue University), Ilse De Looze (UGent), Tea Temim (Princeton University)
But none of our prior images are nearly as breathtaking as these JWST images. These images are far more than just pretty pictures. The cursive swirls and knotted clumps of gas reveal some of nature’s detailed interactions between light and matter.
The JWST sees in infrared, so its images need to be translated for our eyes. The wavelengths the telescope can see are translated into different visible colours. Clumps of bright orange and light pink are most noticeable in these images, and they signify the presence of sulphur, oxygen, argon, and neon. These elements came from the star itself, and gas and dust from the region around the star are intermingled with it.
The image below highlights some parts of the Cassiopeia A SNR.
1 shows tiny knots of gas comprised of sulphur, oxygen, argon, and neon from the star itself. 2 shows what’s known as the Green Monster, a loop of green light in Cas A’s inner cavity, which is visible in the MIRI image of the SNR. Circular holes are outlined in white and purple and represent ionized gas. This is likely where debris from the explosions punched holes in the surrounding gas and ionized it. 3 shows a light echo, where light from the ancient explosion has warmed up dust which shines as it cools down. 4 shows an especially large and intricate light echo known as Baby Cas A. Baby Cas A is actually about 170 light-years beyond Cas A. Image Credit: NASA, ESA, CSA, STScI, Danny Milisavljevic (Purdue University), Ilse De Looze (UGent), Tea Temim (Princeton University)
The JWST’s MIRI image shows different details. The outskirts of the main shell aren’t orange and pink. Instead, it looks more like smoke lit up by campfire flames.
Seeing the NIRCam image (L) and the MIRI image (R) tells us about the SNR and the JWST. First of all, the NIRCam image is sharper because of its higher resolution. The NIRCam image also appears less colourful, but that’s because of the wavelengths of light being emitted that are more visible in Mid-Infrared. In the MIRI image, the outer ring is lit up more brightly than in the NIRCam image, while the MIRI image also shows the ‘Green Monster,’ the green inner ring that is invisible in the NIRCam image. Image Credit: NASA, ESA, CSA, STScI, Danny Milisavljevic (Purdue University), Ilse De Looze (UGent), Tea Temim (Princeton University)
The Hubble Space Telescope, the Spitzer Space Telescope, and the Chandra X-Ray Observatory have all studied Cas A. In fact, Spitzer’s first light image back in 1999 was of Cas A.
This X-ray image of the Cassiopeia A (Cas A) supernova remnant is the official first light image of the Chandra X-ray Observatory. The bright object near the center may be the long-sought neutron star or black hole that remained after the explosion that produced Cas A. Image Credit: By NASA/CXC/SAO – http://chandra.harvard.edu/photo/1999/0237/, Public Domain, https://commons.wikimedia.org/w/index.php?curid=33394808
The Hubble has imaged Cas A too. This image is from 2006 and is a composite of 18 separate images. While interesting and stunning at the time, the JWST’s image surpasses it in both visual and scientific detail.
This NASA/ESA Hubble Space Telescope image provides a detailed look at the tattered remains of Cassiopeia A (Cas A). It is the youngest known remnant from a supernova explosion in the Milky Way. Image Credit: NASA, ESA, and the Hubble Heritage (STScI/AURA)-ESA/Hubble Collaboration. Acknowledgement: Robert A. Fesen (Dartmouth College, USA) and James Long (ESA/Hubble)
The JWST’s incredible images are giving us a more detailed look at Cas A than ever. Danny Milisavljevic leads the Time Domain Astronomy research team at Purdue University and has studied SNRs extensively, including Cas A. He emphasizes how important the JWST is in his work.
“With NIRCam’s resolution, we can now see how the dying star absolutely shattered when it exploded, leaving filaments akin to tiny shards of glass behind,” said Milisavljevic. “It’s really unbelievable after all these years studying Cas A to now resolve those details, which are providing us with transformational insight into how this star exploded.”
Scientists have solved a decades-long puzzle and unveiled a near unbreakable substance that could rival diamond as the hardest material on Earth. The research is published in the journal Advanced Materials.
Researchers found that when carbon and nitrogen precursors were subjected to extreme heat and pressure, the resulting materials—known as carbon nitrides—were tougher than cubic boron nitride, the second hardest material after diamond.
The breakthrough opens doors for multifunctional materials to be used for industrial purposes including protective coatings for cars and spaceships, high-endurance cutting tools, solar panels and photodetectors, experts say.
[…]
The team subjected various forms of carbon nitrogen precursors to pressures of between 70 and 135 gigapascals—around 1 million times our atmospheric pressure—while heating it to temperatures of more than 1,500°C.
To identify the atomic arrangement of the compounds under these conditions, the samples were illuminated by an intense X-ray beam at three particle accelerators—the European Synchrotron Research Facility in France, the Deutsches Elektronen-Synchrotron in Germany and the Advanced Photon Source based in the United States.
Researchers discovered that three carbon nitride compounds were found to have the necessary building blocks for super-hardness.
Remarkably, all three compounds retained their diamond-like qualities when they returned to ambient pressure and temperature conditions.
Further calculations and experiments suggest the new materials contain additional properties including photoluminescence and high energy density, where a large amount of energy can be stored in a small amount of mass.
[…]
More information: Dominique Laniel et al, Synthesis of Ultra‐Incompressible and Recoverable Carbon Nitrides Featuring CN4 Tetrahedra, Advanced Materials (2023). DOI: 10.1002/adma.202308030
Scientists have discovered the first indication of nuclear fission occurring amongst the stars. The discovery supports the idea that when neutron stars smash together, they create “superheavy” elements — heavier than the heaviest elements of the periodic table
[…]
“People have thought fission was happening in the cosmos, but to date, no one has been able to prove it,” Matthew Mumpower, research co-author and a scientist at Los Alamos National Laboratory, said in a statement.
The team of researchers led by North Carolina State University scientist Ian Roederer searched data concerning a wide range of elements in stars to discover the first evidence that nuclear fission could therefore be acting when neutron stars merge. These findings could help solve the mystery of where the universe‘s heavy elements come from.
[…]
The picture of so-called nucleosynthesis for heavier elements like gold and uranium, however, has been somewhat more mysterious. Scientists suspect these valuable and rare heavy elements are created when two incredibly dense dead stars — neutron stars — collide and merge, creating an environment violent enough to forge elements that can’t be created even in the most turbulent hearts of stars.
The evidence of nuclear fission discovered by Mumpower and the team comes in the form of a correlation between “light precision metals,” like silver, and “rare earth nuclei,” like europium, showing in some stars. When one of these groups of elements goes up, the corresponding elements in the other group also increases, the scientists saw.
The team’s research also indicates that elements with atomic masses — counts of protons and neutrons in an atomic nucleus — greater than 260 may exist around neutron star smashes, even if this existence is brief. This is much heavier than many of the elements at the “heavy end” of the periodic table.
“The only plausible way this can arise among different stars is if there is a consistent process operating during the formation of the heavy elements,” Mumpower said. “This is incredibly profound and is the first evidence of fission operating in the cosmos, confirming a theory we proposed several years ago.”
[…]
Neutron stars are created when massive stars reach the end of their fuel supplies necessary for intrinsic nuclear fusion processes, which means the energy that has been supporting them against the inward push of their own gravity ceases. As the outer layers of these dying stars are blown away, the stellar cores with masses between one and two times that of the sun collapse into a width of around 12 miles (20 kilometers).
This core collapse happens so rapidly that electrons and protons are forced together, creating a sea of neutrons so dense a mere tablespoon of this neutron star “stuff” would weigh more than 1 billion tons if it were brought to Earth.
When these extreme stars exist in a binary pairing, they spiral around one another. And as they spiral around one another, they lose angular momentum because they emit intangible ripples in spacetime called gravitational waves. This causes neutron stars to eventually collide, merge and, unsurprisingly given their extreme and exotic nature, create a very violent environment.
This ultimate neutron star merger releases a wealth of free neutrons, which are particles normally bound up with protons in atomic nuclei. This can allow other atomic nuclei in these environments to quickly grab these free neutrons — a process called rapid neutron capture or the “r-process.” This allows the atomic nuclei to grow heavier, creating superheavy elements that are unstable. These superheavy elements can then undergo fission to split down into lighter, stable elements like gold.
In 2020, Mumpower predicted how the “fission fragments” of r-process-created nuclei would be distributed. Following this, Mumpower’s collaborator and TRIUMF scientist Nicole Vassh calculated how the r-process would lead to the co-production of light precision metals such as ruthenium, rhodium, palladium and silver — as well as rare earth nuclei, like europium, gadolinium, dysprosium and holmium.
This prediction can be tested not only by looking at neutron star mergers but also by looking at the abundances of elements in stars that have been enriched by r-process-created material.
This new research looked at 42 stars and found the precise correlation predicted by Vassh, thus showing a clear signature of the fission and decay of elements heavier than found on the periodic table, further confirming that neutron star collisions are indeed the sites where elements heavier than iron are forged.
“The correlation is very robust in r-process enhanced stars where we have sufficient data. Every time nature produces an atom of silver, it’s also producing heavier rare earth nuclei in proportion. The composition of these element groups are in lockstep,” Mumpower concluded. “We have shown that only one mechanism can be responsible — fission — and people have been racking brains about this since the 1950s.”
The team’s research was published in the Dec. 6 edition of the journal Science.
Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database.
The database is owned and operated by DonorView – provider of a cloud-based fundraising platform used by schools, charities, religious institutions, and other groups focused on charitable or philanthropic goals.
Infosec researcher Jeremiah Fowler found 948,029 records exposed online including donor names, addresses, phone numbers, emails, payment methods, and more.
Manual analysis of the data revealed what appeared to be the names and addresses of individuals designated as children – though it wasn’t clear to the researcher whether these children were associated with the organization collecting the donation or the funds’ recipients.
Another document seen by Fowler revealed children’s names, medical conditions, names of their attending doctors, and information on whether the child’s image could be used in marketing materials – though in many cases this was not permitted.
In just a single document, more than 70,000 names and contact details were exposed, all believed to be donors to non-profits.
Neither Fowler nor The Register has received a response from the US-based service provider, though Fowler said it did secure the database within days of him filing a disclosure report.
three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.
The fallout from the situation is currently roiling Polish infrastructure circles and the repair world, with the manufacturer of those trains denying bricking the trains despite ample evidence to the contrary. The manufacturer is also now demanding that the repaired trains immediately be removed from service because they have been “hacked,” and thus might now be unsafe, a claim they also cannot substantiate.
The situation is a heavy machinery example of something that happens across most categories of electronics, from phones, laptops, health devices, and wearables to tractors and, apparently, trains. In this case, NEWAG, the manufacturer of the Impuls family of trains, put code in the train’s control systems that prevented them from running if a GPS tracker detected that it spent a certain number of days in an independent repair company’s maintenance center, and also prevented it from running if certain components had been replaced without a manufacturer-approved serial number.
This anti-repair mechanism is called “parts pairing,” and is a common frustration for farmers who want to repair their John Deere tractors without authorization from the company. It’s also used by Apple to prevent independent repair of iPhones.
An image posed by q3k of how the team did their work.
In this case, a Polish train operator called Lower Silesian Railway, which operates regional train services from Wrocław, purchased 11 Impuls trains. It began to do regular maintenance on the trains using an independent company called Serwis Pojazdów Szynowych (SPS), which notes on its website that “many Polish carriers have trusted us” with train maintenance. Over the course of maintaining four different Impuls trains, SPS found mysterious errors that prevented them from running. SPS became desperate and Googled “Polish hackers” and came across a group called Dragon Sector, a reverse-engineering team made up of white hat hackers. The trains had just undergone “mandatory maintenance” after having traveled a million kilometers.
“This is quite a peculiar part of the story—when SPS was unable to start the trains and almost gave up on their servicing, someone from the workshop typed “polscy hakerzy” (‘Polish hackers’) into Google,” the team from Dragon Sector, made up of Jakub Stępniewicz, Sergiusz Bazański, and Michał Kowalczyk, told me in an email. “Dragon Sector popped up and soon after we received an email asking for help.”
The problem was so bad that an infrastructure trade publication in Poland called Rynek Kolejowy picked up on the mysterious issues over the summer, and said that the lack of working trains was beginning to impact service: “Four vehicles after level P3-2 repair cannot be started. At this moment, it is not known what caused the failure. The lack of units is a serious problem for the carrier and passengers, because shorter trains are sent on routes.”
The hiring of Dragon Sector was a last resort: “In 2021, an independent train workshop won a maintenance tender for some trains made by Newag, but it turned out that they didn’t start after servicing,” Dragon Sector told me. “[SPS] hired us to analyze the issue and we discovered a ‘workshop-detection’ system built into the train software, which bricked the trains after some conditions were met (two of the trains even used a list of precise GPS coordinates of competitors’ workshops). We also discovered an undocumented ‘unlock code’ which you could enter from the train driver’s panel which magically fixed the issue.”
Dragon Sector was able to bypass the measures and fix the trains. The group posted a YouTube video of the train operating properly after they’d worked on it:
The news of Dragon Sector’s work was first reported by the Polish outlet Zaufana Trzecia Strona and was translated into English by the site Bad Cyber. Kowalczyk and Stępniewicz gave a talk about the saga last week at Poland’s Oh My H@ck conference in Warsaw. The group plans on doing further talks about the technical measures implemented to prevent the trains from running and how they fixed it.
“These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties,” Bazański, who goes by the handle q3k, posted on Mastodon. “After a certain update by NEWAG, the cabin controls would also display scary messages about copyright violations if the human machine interface detected a subset of conditions that should’ve engaged the lock but the train was still operational. The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.”
The train had a system that detected if it physically had been to an independent repair shop.
All of this has created quite a stir in Poland (and in repair circles). NEWAG did not respond to a request for comment from 404 Media. But Rynek Kolejowy reported that the company is now very mad, and has threatened to sue the hackers. In a statement to Rynek Kolejowy, NEWAG said “Our software is clean. We have not introduced, we do not introduce and we will not introduce into the software of our trains any solutions that lead to intentional failures. This is slander from our competition, which is conducting an illegal black PR campaign against us.” The company added that it has reported the situation to “the authorized authorities.”
“Hacking IT systems is a violation of many legal provisions and a threat to railway traffic safety,” NEWAG added. “We do not know who interfered with the train control software, using what methods and what qualifications. We also notified the Office of Rail Transport about this so that it could decide to withdraw from service the sets subjected to the activities of unknown hackers.”
In response, Dragon Sector released a lengthy statement explaining how they did their work and explaining the types of DRM they encountered: “We did not interfere with the code of the controllers in Impulsa – all vehicles still run on the original, unmodified software,” part of the statement reads. SPS, meanwhile, has said that its position “is consistent with the position of Dragon Sector.”
Kowalczk told 404 Media that “we are answering media and waiting to be summoned as witnesses,” and added that “NEWAG said that they will sue us, but we doubt they will – their defense line is really poor and they would have no chance defending it, they probably just want to sound scary in the media.”
This strategy—to intimidate independent repair professionals, claim that the device (in this case, a train) is unsafe, and threaten legal action—is an egregious but common playbook in manufacturers’ fight against repair, all over the world.
Using only a sensor-filled helmet combined with artificial intelligence, a team of scientists has announced they can turn a person’s thoughts into written words.
In the study, participants read passages of text while wearing a cap that recorded electrical brain activity through their scalp. These electroencephalogram (EEG) recordings were then converted into text using an AI model called DeWave.
Chin-Teng Lin at the University of Technology Sydney (UTS), Australia, says the technology is non-invasive, relatively inexpensive and easily transportable.
While the system is far from perfect, with an accuracy of approximately 40 per cent, Lin says more recent data currently being peer-reviewed shows an improved accuracy exceeding 60 per cent.
In the study presented at the NeurIPS conference in New Orleans, Louisiana, participants read the sentences aloud, even though the DeWave program doesn’t use spoken words. However, in the team’s latest research, participants read the sentences silently.
America’s eight largest pharmacy providers shared customers’ prescription records to law enforcement when faced with subpoena requests, The Washington Post reported Tuesday. The news arrives amid patients’ growing privacy concerns in the wake of the Supreme Court’s 2022 overturn of Roe v. Wade.
The new look into the legal workarounds was first detailed in a letter sent by Sen. Ron Wyden (D-OR) and Reps. Pramila Jayapal (D-WA) and Sara Jacobs (D-CA) on December 11 to the secretary of the Department of Health and Human Services.
Pharmacies can hand over detailed, potentially compromising information due to legal fine print. Health Insurance Portability and Accountability Act (HIPAA) regulations restrict patient data sharing between “covered entities” like doctor offices, hospitals, and other medical facilities—but these guidelines are looser for pharmacies. And while search warrants require a judge’s approval to serve, subpoenas do not.
[…]
Given each company’s national network, patient records are often shared interstate between any pharmacy location. This could become legally fraught for medical history access within states that already have—or are working to enact—restrictive medical access laws. In an essay written for The Yale Law Journal last year, cited by WaPo, University of Connecticut associate law professor Carly Zubrzycki argued, “In the context of abortion—and other controversial forms of healthcare, like gender-affirming treatments—this means that cutting-edge legislative protections for medical records fall short.”
Whether the platform had any impact on pirate IPTV providers offering the big game last Friday is unclear but plans supporting a full-on assault are pressing ahead.
[…]
When lawmakers gave Italy’s new blocking regime the green light during the summer, the text made it clear that blocking instructions would not be limited to regular ISPs. The relevant section (Paragraph 5 Art. 2) for reference below;
The document issued by AGCOM acts as a clear reminder of the above and specifically highlights that VPN and DNS providers are no exception.
“[A]ll parties in any capacity involved in the accessibility of illegally disseminated content – and therefore also, by way of example and not limitation – VPN and open DNS service providers, will have to execute the blocks requested by the Authority [AGCOM] including through accreditation to the Piracy Shield platform or otherwise implementing measures that prevent the user from reaching that content,” the notice reads.
The relevant section of the new law is in some ways even more broad when it comes to search engines such as Google. Whether they are directly involved in accessibility or not, they’re still required to take action.
AGCOM suggests that Google understands its obligations and is also prepared to take things further. The company says it will deindex offending platforms from search and also remove their ability to advertise.
“Since this is a dynamic blocking, the search engine therefore undertakes to perform de-indexing of all websites/telematic addresses that are the subject of subsequent reports that can also be communicated by rights holders accredited to the platform,” AGCOM writes.
Wow. This means we can force an ISP, VPN provider, DNS host and Google to shut down shit without explanation or recourse within 30 minutes. That’s pretty totalitarian.
The case was heard by the United States District Court for the Northern District of California. As The Register has reported, the matter tested Epic’s allegations that Google stifles competition by requiring developers to pay it commissions even if they use third-party payment services, and paid some developers to secure their exclusive presence on the Play store.
The case commenced in early November and on Monday a nine-member jury found in Epic’s favor.
As it was a jury case, the reasoning was not revealed.
Epic Games CEO Tim Sweeney thanked the jurors anyway in a post that declared “Today’s verdict is a win for all app developers and consumers around the world.”
Sweeney wrote that the verdict “proves that Google’s app store practices are illegal and they abuse their monopoly to extract exorbitant fees, stifle competition and reduce innovation.”
In Sweeney’s telling, the jurors heard “evidence that Google was willing to pay billions of dollars to stifle alternative app stores by paying developers to abandon their own store efforts and direct distribution plans, and offering highly lucrative agreements with device manufacturers in exchange for excluding competing app stores.”
Google denies such skulduggery and in statement reported by Axios vowed to appeal on grounds that the search and ads giant faces strong competition from Apple and rival app stores for Android.
[…]
The Apple case produced some small wins for Epic. But the Google decision is … erm … Epic, as it appears to be a full-throated declaration that the Play store is a monopoly.
The case will return to court in early 2024, when the presiding judge will consider remedies – which could include forcing Google to offload the Play store.
But this is far from the end of the matter – both for Epic Games and for the wider issue of tech monopolies.
[…]
legislators are increasingly taking action to erode Big Tech’s power, with the UK’s Digital Markets, Competition and Consumer Bill, and the EU’s Digital Markets Act his exemplars of such activity. ®
Under rules being considered, any telecom service provider or business with custodial access to telecom equipment – a hotel IT technician, an employee at a cafe with Wi-Fi, or a contractor responsible for installing home broadband router – could be compelled to enable electronic surveillance. And this would apply not only to those involved with data transit and data storage.
This week, the US House of Representatives is expected to conduct a floor vote on two bills that reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), which is set to expire in 2024.
Section 702, as The Registernoted last week, permits US authorities to intercept the electronic communications of people outside the US for foreign intelligence purposes – without a warrant – even if that communication involves US citizens and permanent residents.
As the Electronic Frontier Foundation argues, Section 702 has allowed the FBI to conduct invasive, warrantless searches of protesters, political donors, journalists, protesters, and even members of Congress.
More than a few people would therefore be perfectly happy if the law lapsed – on the other hand, law enforcement agencies insist they need Section 702 to safeguard national security.
The pending vote is expected to be conducted under “Queen-of-the-Hill Rules,” which in this instance might also be described as “Thunderdome” – two bills enter, one bill leaves, with the survivor advancing to the US Senate for consideration. The prospect that neither would be approved and Section 702 would lapse appears … unlikely.
The two bills are: HR 6570, the Protect Liberty and End Warrantless Surveillance Act; and HR 6611, the FISA Reform and Reauthorization Act (FRRA) of 2023 (FRRA).
The former reauthorizes Section 702, but with strong civil liberties and privacy provisions. The civil rights community has lined up to support it.
As for the latter, Elizabeth Goitein, co-director of the Liberty and National Security Program at legal think tank the Brennan Center for Justice, explained that the FRRA changes the definition of electronic communication service provider (ECSP) in a way that expands the range of businesses required to share data with the US.
“Going forward, it would not just be entities that have direct access to communications, like email and phone service providers, that could be required to turn over communications,” argues a paper prepared by the Brennan Center. “Any business that has access to ‘equipment’ on which communications are stored and transmitted would be fair game.”
According to Goitein, the bill’s sponsors have denied the language is intended to be interpreted so broadly.
A highly redacted FISA Court of Review opinion [PDF], released a few months ago, showed that the government has already pushed the bounds of the definition.
The court document discussed a petition to compel an unidentified entity to conduct surveillance. The petition was denied because the entity did not satisfy the definition of “electronic communication service provider,” and was instead deemed to be a provider of a product or service. That definition may change, it seems.
Goitein is not alone in her concern about the ECSP definition. She noted that a FISA Court amici – the law firm ZwillGen – has taken the unusual step of speaking out against the expanded definition of an ECSP.
In an assessment published last week, ZwillGen attorneys Marc Zwillinger and Steve Lane raised concerns about the FRRA covering a broad set of businesses and their employees.
“By including any ‘service provider’ – rather than any ‘other communication service provider’ – that has access not just to communications, but also to the ‘equipment that is being or may be used to transmit or store … communications,’ the expanded definition would appear to cover datacenters, colocation providers, business landlords, shared workspaces, or even hotels where guests connect to the internet,” they explained. They added that the addition of the term “custodian” to the service provider definition makes it apply to any third party providing equipment, storage – or even cleaning services.
The Brennan Center paper also raised other concerns – like the exemption for members of Congress from such surveillance. The FRRA bill requires the FBI to get permission from a member of Congress when it wants to conduct a query of their communications. No such courtesy is afforded to the people these members of Congress represent.
Goitein urged Americans to contact their representative and ask for a “no” vote on the FRRA and a “yes” on HR 6570, the Protect Liberty and End Warrantless Surveillance Act. ®
At the Zooniverse, anyone can be a researcherYou don’t need any specialised background, training, or expertise to participate in any Zooniverse projects. We make it easy for anyone to contribute to real academic research, on their own computer, at their own convenience.You’ll be able to study authentic objects of interest gathered by researchers, like images of faraway galaxies, historical records and diaries, or videos of animals in their natural habitats. By answering simple questions about them, you’ll help contribute to our understanding of our world, our history, our Universe, and more.With our wide-ranging and ever-expanding suite of projects, covering many disciplines and topics across the sciences and humanities, there’s a place for anyone and everyone to explore, learn and have fun in the Zooniverse. To volunteer with us, just go to the Projects page, choose one you like the look of, and get started.
[…]
Zooniverse projects are constructed with the aim of converting volunteers’ efforts into measurable results. These projects have produced a large number of published research papers, as well as several open-source sets of analyzed data. In some cases, Zooniverse volunteers have even made completely unexpected and scientifically significant discoveries.
A significant amount of this research takes place on the Zooniverse discussion boards, where volunteers can work together with each other and with the research teams. These boards are integrated with each project to allow for everything from quick hashtagging to in-depth collaborative analysis. There is also a central Zooniverse board for general chat and discussion about Zooniverse-wide matters.
Many of the most interesting discoveries from Zooniverse projects have come from discussion between volunteers and researchers. We encourage all users to join the conversation on the discussion boards for more in-depth participation.
A new study has identified a potentially growing natural hazard in the north: frostquakes. With climate change contributing to many observed changes in weather extremes, such as heavy precipitation and cold waves, these seismic events could become more common. Researchers were surprised by the role of wetlands and drainage channels in irrigated wetlands in origin of frostquakes.
Frostquakes are seismic events caused by the rapid freezing of water in the ground. They are most common during extreme winter conditions, when wet, snow-free ground freezes rapidly. They have been reported in northern Finland in 2016, 2019 and 2022, as well as in Chicago in 2019 and Ottawa in 2022, among others.
Roads and other areas cleared of snow in winter are particularly vulnerable to frostquakes.
[.,..]
We found that during the winter of 2022–2023 the main sources of frostquakes in Oulu, Finland were actually swamps, wetlands and areas with high water tables or other places where water accumulates,” says Elena Kozlovskaya, Professor of applied geophysics at the University of Oulu Mining School.
When water in the ground, accumulated during heavy rainfalls in autumn or melting of snow during warm winter weather, freezes and expands rapidly, it causes cracks in the ground, accompanied by tremors and booms. When occurred in populated areas, frostquakes, or cryoseisms, are felt by people and they can be accompanied by specific noises. Ground motions during frostquakes are comparable to those of other seismic events, such as more distant earthquakes, mining explosions and vibrations produced by freight trains. Frostquakes are also known phenomenon in permafrost regions.
The new study, currently available as a preprint and set to be published in the journal EGUsphere, is the first applied study of seismic events from marsh and wetland areas. Researchers from the University of Oulu, Finland and the Geological Survey of Finland (GTK) showed that fracturing in the uppermost frozen ground can be initiated if the thickness of frozen layer is about 5 cm and larger. Ruptures can propagate deeper and damage infrastructure such as buildings, basements, pipelines and roads.
“With climate change, rapid changes in weather patterns have brought frostquakes to the attention of the wider audience, and they may become more common. Although their intensity is usually low, a series of relatively strong frostquakes in Oulu, 2016, which ruptured roads, was the starting point for our research.
[…]
During several days when the air temperature was decreasing rapidly, the local residents reported ground tremors and unusual sounds to the researchers. These observations were used to identify frostquakes from seismic data. The conditions for a frostquake are favorable when the temperature drops to more than—20°C at a rate of about one degree per hour.
There are many wetlands close to seismic stations in Oulu near residential area where the main sources of frostquakes were detected. In Sodankylä, the frostquakes were in addition caused by ice fracturing in the Kitinen river. “Frostquakes have often occurred in January, but other times are also possible,” says Moisio.
During frost quakes, seismic surface waves produce high ground accelerations at distances of up to hundreds of meters. “The fractures during frostquakes seem to propagate along drainage channels near roads and in irrigated wetlands” Kozlovskaya says.
Irrigated wetlands and drainage channels are also abundant around residential areas.
[…]
Further studies will help to identify areas at risk of frostquakes, which will help to prepare and protect the built environment from this specific natural hazard. Researchers at the University of Oulu and GTK aim to create a system that could predict frostquakes based on soil analysis and satellite data.
More information: Nikita Afonin et al, Frost quakes in wetlands in northern Finland during extreme winter weather conditions and related hazard to urban infrastructure (2023). DOI: 10.5194/egusphere-2023-1853
Mechanical engineers Shervin Foroughi and Mohsen Habibi were painstakingly maneuvering a tiny ultrasound wand over a pool of liquid when they first saw an icicle shape emerge and solidify.
[…]
Most commercial forms of 3-D printing involve extruding fluid materials—plastics, ceramics, metals or even biological compounds—through a nozzle and hardening them layer-by-layer to form computer-drafted structures. That hardening step is key, and it relies on energy in the form of light or heat.
[…]
Using ultrasound to trigger chemical reactions in room-temperature liquids isn’t new in itself. The field of sonochemistry and its applications, which matured in the 1980s at the University of Illinois Urbana-Champaign (UIUC), relies on a phenomenon called acoustic cavitation. This happens when ultrasonic vibrations create tiny bubbles, or cavities, within a fluid. When these bubbles collapse, the vapors inside them generate immense temperatures and pressures; this applies rapid heating at minuscule, localized points.
[…]
In their experiments, which were published in Nature Communications in 2022, the researchers filled a cylindrical, opaque-shelled chamber with a common polymer (polydimethylsiloxane, or PDMS) mixed with a curing agent. They submerged the chamber in a tank of water, which served as a medium for the sound waves to propagate into the chamber (similar to the way ultrasound waves from medical imaging devices travel through gel spread on a patient’s skin). Then, using a biomedical ultrasound transducer mounted to a computer-controlled motion manipulator, the scientists traced the ultrasound beam’s focal point along a calculated path 18 millimeters deep into the liquid polymer. Tiny bubbles started to appear in the liquid along the transducer’s path, and solidified material quickly followed. After fastidiously trying many combinations of ultrasound frequencies, liquid viscosity and other parameters, the team finally succeeded in using the approach to print maple-leaf shapes, seven-toothed gears and honeycomb structures within the liquid bath. The researchers then repeated these experiments using various polymers and ceramics, and they presented their results at the Canadian Acoustical Association’s annual conference this past October.
[…]
A crucial next step for sound-based printing would be to show how this process can function in real applications that meet the strict requirements of engineers and product designers, such as materials strength, surface finish and repeatability.
The research team will soon publish new work that discusses improvements in printing speed and, significantly, resolution. In the 2022 paper the team demonstrated the ability to print “pixels” that measure 100 microns on a side. In comparison, traditional 3-D printing can achieve pixels half that size.
Balls of human brain cells linked to a computer have been used to perform a very basic form of speech recognition. The hope is that such systems will use far less energy for AI tasks than silicon chips.
“This is just proof-of-concept to show we can do the job,” says Feng Guo at Indiana University Bloomington. “We do have a long way to go.”
Brain organoids are lumps of nerve cells that form when stem cells are grown in certain conditions. “They are like mini-brains,” says Guo.
It takes two or three months to grow the organoids, which are a few millimetres wide and consist of as many as 100 million nerve cells, he says. Human brains contain around 100 billion nerve cells.
The organoids are then placed on top of a microelectrode array, which is used both to send electrical signals to the organoid and to detect when nerve cells fire in response. The team calls its system “Brainoware”.
For the speech recognition task, the organoids had to learn to recognise the voice of one individual from a set of 240 audio clips of eight people pronouncing Japanese vowel sounds. The clips were sent to the organoids as sequences of signals arranged in spatial patterns.
The organoids’ initial responses had an accuracy of around 30 to 40 per cent, says Guo. After training sessions over two days, their accuracy rose to 70 to 80 per cent.
“We call this adaptive learning,” he says. If the organoids were exposed to a drug that stopped new connections forming between nerve cells, there was no improvement.
The training simply involved repeating the audio clips, and no form of feedback was provided to tell the organoids if they were right or wrong, says Guo. This is what is known in AI research as unsupervised learning.
There are two big challenges with conventional AI, says Guo. One is its high energy consumption. The other is the inherent limitations of silicon chips, such as their separation of information and processing.
Titouan Parcollet at the University of Cambridge, who works on conventional speech recognition, doesn’t rule out a role for biocomputing in the long run.
“However, it might also be a mistake to think that we need something like the brain to achieve what deep learning is currently doing,” says Parcollet. “Current deep-learning models are actually much better than any brain on specific and targeted tasks.”
Guo and his team’s task is so simplified that it is only identifies who is speaking, not what the speech is, he says. “The results aren’t really promising from the speech recognition perspective.”
Even if the performance of Brainoware can be improved, another major issue with it is that the organoids can only be maintained for one or two months, says Guo. His team is working on extending this.
“If we want to harness the computation power of organoids for AI computing, we really need to address those limitations,” he says.
23andMe is a terrific concept. In essence, the company takes a sample of your DNA and tells you about your genetic makeup. For some of us, this is the only way to learn about our heritage. Spotty records, diaspora, mistaken family lore and slavery can make tracing one’s roots incredibly difficult by traditional methods.
What 23andMe does is wonderful because your DNA is fixed. Your genes tell a story that supersedes any rumors that you come from a particular country or are descended from so-and-so.
[…]
ou can replace your Social Security number, albeit with some hassle, if it is ever compromised. You can cancel your credit card with the click of a button if it is stolen. But your DNA cannot be returned for a new set — you just have what you are given. If bad actors steal or sell your genetic information, there is nothing you can do about it.
This is why 23andMe’s Oct. 6 data leak, although it reads like science fiction, is not an omen of some dark future. It is, rather, an emblem of our dangerous present.
23andMe has a very simple interface with some interesting features. “DNA Relatives” matches you with other members to whom you are related. This could be an effective, thoroughly modern way to connect with long-lost family, or to learn more about your origins.
But the Oct. 6 leak perverted this feature into something alarming. By gaining access to individual accounts through weak and recycled passwords, hackers were able to create an extensive list of people with Ashkenazi heritage. This list was then posted on forums with the names, sex and likely heritage of each member under the title “Ashkenazi DNA Data of Celebrities.”
First and foremost, collecting lists of people based on their ethnic backgrounds is a personal violation with tremendously insidious undertones. If you saw yourself and your extended family on such a list, you would not take it lightly.
[…]
I find it troubling because, in 2018, Time reported that 23andMe had sold a $300 million stake in its business to GlaxoSmithKline, allowing the pharmaceutical giant to use users’ genetic data to develop new drugs. So because you wanted to know if your grandmother was telling the truth about your roots, you spat into a cup and paid 23andMe to give your DNA to a drug company to do with it as they please.
Although 23andMe is in the crosshairs of this particular leak, there are many companies in murky waters. Last year, Consumer Reports found that 23andMe and its competitors had decent privacy policies where DNA was involved, but that these businesses “over-collect personal information about you and overshare some of your data with third parties…CR’s privacy experts say it’s unclear why collecting and then sharing much of this data is necessary to provide you the services they offer.”
[…]
. As it stands, your DNA can be weaponized against you by law enforcement, insurance companies, and big pharma. But this will not be limited to you. Your DNA belongs to your whole family.
Pretend that you are going up against one other candidate for a senior role at a giant corporation. If one of these genealogy companies determines that you are at an outsized risk for a debilitating disease like Parkinson’s and your rival is not, do you think that this corporation won’t take that into account?
[…]
Insurance companies are not in the business of losing money either. If they gain access to such a thing that on your record, you can trust that they will use it to blackball you or jack up your rates.
In short, the world risks becoming like that of the film Gattaca, where the genetic elite enjoy access while those deemed genetically inferior are marginalized.
The train has left the station for a lot of these issues. That list of people from the 23andMe leak cannot put the genie back in the bottle. If your DNA is on a server for one of these companies, there is a chance that it has already been used as a reference or to help pharmaceutical companies.
[…]
There are things they can do now to avoid further damage. The next time a company asks for something like your phone number or SSN, press them as to why they need it. Make it inconvenient for them to mine you for your Personal Identifiable Information (PII). Your PII has concrete value to these places, and they count on people to be passive, to hand it over without any fuss.
[…]
The time to start worrying about this problem was 20 years ago, but we can still affect positive change today. This 23andMe leak is only the beginning; we must do everything possible to protect our identities and DNA while they still belong to us.
Scientific American was warning about this since at least 2013. What have we done? Nothing.:
If there’s a gene for hubris, the 23andMe crew has certainly got it. Last Friday the U.S. Food and Drug Administration (FDA) ordered the genetic-testing company immediately to stop selling its flagship product, its $99 “Personal Genome Service” kit. In response, the company cooed that its “relationship with the FDA is extremely important to us” and continued hawking its wares as if nothing had happened. Although the agency is right to sound a warning about 23andMe, it’s doing so for the wrong reasons.
Since late 2007, 23andMe has been known for offering cut-rate genetic testing. Spit in a vial, send it in, and the company will look at thousands of regions in your DNA that are known to vary from human to human—and which are responsible for some of our traits
[…]
Everything seemed rosy until, in what a veteran Forbes reporter calls “the single dumbest regulatory strategy [he had] seen in 13 years of covering the Food and Drug Administration,” 23andMe changed its strategy. It apparently blew through its FDA deadlines, effectively annulling the clearance process, and abruptly cut off contact with the agency in May. Adding insult to injury the company started an aggressive advertising campaign (“Know more about your health!”)
[…]
But as the FDA frets about the accuracy of 23andMe’s tests, it is missing their true function, and consequently the agency has no clue about the real dangers they pose. The Personal Genome Service isn’t primarily intended to be a medical device. It is a mechanism meant to be a front end for a massive information-gathering operation against an unwitting public.
Sound paranoid? Consider the case of Google. (One of the founders of 23andMe, Anne Wojcicki, is presently married to Sergei Brin, the founder of Google.) When it first launched, Google billed itself as a faithful servant of the consumer, a company devoted only to building the best tool to help us satisfy our cravings for information on the web. And Google’s search engine did just that. But as we now know, the fundamental purpose of the company wasn’t to help us search, but to hoard information. Every search query entered into its computers is stored indefinitely. Joined with information gleaned from cookies that Google plants in our browsers, along with personally identifiable data that dribbles from our computer hardware and from our networks, and with the amazing volumes of information that we always seem willing to share with perfect strangers—even corporate ones—that data store has become Google’s real asset
[…]
23andMe reserves the right to use your personal information—including your genome—to inform you about events and to try to sell you products and services. There is a much more lucrative market waiting in the wings, too. One could easily imagine how insurance companies and pharmaceutical firms might be interested in getting their hands on your genetic information, the better to sell you products (or deny them to you).
[…]
ven though 23andMe currently asks permission to use your genetic information for scientific research, the company has explicitly stated that its database-sifting scientific work “does not constitute research on human subjects,” meaning that it is not subject to the rules and regulations that are supposed to protect experimental subjects’ privacy and welfare.
Those of us who have not volunteered to be a part of the grand experiment have even less protection. Even if 23andMe keeps your genome confidential against hackers, corporate takeovers, and the temptations of filthy lucre forever and ever, there is plenty of evidence that there is no such thing as an “anonymous” genome anymore. It is possible to use the internet to identify the owner of a snippet of genetic information and it is getting easier day by day.
This becomes a particularly acute problem once you realize that every one of your relatives who spits in a 23andMe vial is giving the company a not-inconsiderable bit of your own genetic information to the company along with their own. If you have several close relatives who are already in 23andMe’s database, the company already essentially has all that it needs to know about you.
The following is an extract from our Lost in Space-Time newsletter. Each month, we hand over the keyboard to a physicist or two to tell you about fascinating ideas from their corner of the universe. You can sign up for Lost in Space-Time for free here.
Space-time is a curious thing. Look around and it’s easy enough to visualise what the space component is in the abstract. It’s three dimensions: left-right, forwards-backwards and up-down. It’s a graph with an…
x, y and z axis. Time, too, is easy enough. We’re always moving forwards in time so we might visualise it as a straight line or one big arrow. Every second is a little nudge forwards.
But space-time, well that’s a little different. Albert Einstein fused space and time together in his theories of relativity. The outcome was a new fabric of reality, a thing called space-time that permeates the universe. How gravity works popped out of the explorations of this new way of thinking. Rather than gravity being a force that somehow operates remotely through space, Einstein proposed that bodies curve space-time, and it is this curvature that causes them to be gravitationally drawn to each other. Our very best descriptions of the cosmos begin with space-time.
Yet, visualising it is next to impossible. The three dimensions of space and one of time give four dimensions in total. But space-time itself is curved, as Einstein proposed. That means to really imagine it, you need a fifth dimension to curve into.
Luckily, all is not lost. There is a mathematical trick to visualising space-time that I’ve come up with. It’s a simplified way of thinking that not only illustrates how space-time can be curved, but also how such curvature can draw bodies towards each other. It can give you new insight into how gravity works in our cosmos.
First, let’s start with a typical way to draw space-time. Pictures like the one below are meant to illustrate Einstein’s idea that gravity arises in the universe from massive objects distorting space-time. Placing a small object, say a marble, near one of these dimples would result in it rolling towards one of the larger objects, in much the same way that gravity pulls objects together.
The weight of different space objects influences the distortion of space-and-time
Manil Suri
However, the diagram is missing a lot. While the objects depicted are three dimensional, the space they’re curving is only two dimensional. Moreover, time seems to have been entirely omitted, so it’s pure space – not space-time – that’s curving.
Here’s my trick to get around this: simplify things by letting space be only one dimensional. This makes the total number of space-time dimensions a more manageable two.
Now we can represent our 1-D space by the double-arrowed horizontal line in the left panel of the diagram below. Let time be represented by the perpendicular direction, giving a two-dimensional space-time plane. This plane is then successive snapshots, stacked one on top of the other, of where objects are located in the single space dimension at each instant.
Suppose now there are objects – say particles – at points A and B in our universe. Then if these particles remained at rest, their trajectories through space-time would just be the two parallel paths AA’ and BB’ as shown. This simply represents the fact that for every time instant, the particles remain exactly where they are in 1-D space. Such behaviour is what we’d expect in the absence of gravity or any other forces.
However, if gravity came into play, we would expect the two particles to draw closer to each other as time went on. In other words, A’ would be much closer to B’ than A was to B.
Now what if gravity, as Einstein proposed, wasn’t a force in the usual sense? What if it couldn’t act directly on A and B to bring them closer, but rather, could only cause such an effect by deforming the 2-D space-time plane? Would there be a suitable such deformation that would still result in A’ getting closer to B’?
Manil Suri
The answer is yes. Were the plane drawn on a rubber sheet, you could stretch it in various ways to easily verify that many such deformations exist. The one we’ll pick (why exactly, we’ll see below) is to wrap the plane around a sphere, as shown in the middle panel. This can be mathematically accomplished by the same method used to project a rectangular map of the world onto a globe. The formula this involves (called the “equirectangular projection”) has been known for almost two millennia: vertical lines on the rectangle correspond to lines of longitude on the sphere and horizontal ones to lines of latitude. You can see from the right panel that A’ has indeed gotten closer to B’, just as we might expect under gravity.
On the plane, the particles follow the shortest paths between A and A’, and B and B’, respectively. These are just straight lines. On the sphere, the trajectories AA’ and BB’ still represent shortest distance paths. This is because the shortest distance between two points on a spherical surface is always along one of the circles of maximal radius (these include, e.g., lines of longitude and the equator). Such curves that produce the shortest distance are called geodesics. So the geodesics AA’ and BB’ on the plane get transformed to corresponding geodesics on the sphere. (This wouldn’t necessarily happen for an arbitrary deformation, which is why we chose our wrapping around the sphere.)
Einstein postulated that particles not subject to external forces will always move through space-time along such “shortest path” geodesics. In the absence of gravity, these geodesics are just straight lines. Gravity, when introduced, isn’t counted as an external force. Rather, its effect is to curve space-time, hence changing the geodesics. The particles now follow these new geodesics, causing them to draw closer.
This is the key visualisation afforded by our simplified description of space-time. We can begin to understand how gravity, rather than being a force that acts mysteriously at a distance, could really be a result of geometry. How it can act to pull objects together via curvature built into space-time.
The above insight was fundamental to Einstein’s incorporation of gravity into his general theory of relativity. The actual theory is much more complicated, since space-time only curves in the local vicinity of bodies, not globally, as in our model. Moreover, the geometry involved must also respect the fact that nothing can travel faster than the speed of light. This effectively means that the concept of “shortest distance” has to also be modified, with the time dimension having to be treated very differently from the space dimensions.
Nevertheless, Einstein’s explanation posits, for instance, that the sun’s mass curves space-time in our solar system. That is why planets revolve around the sun rather than flying off in straight lines – they are just following the curved geodesics in this deformed space-time.
This has been confirmed by measuring how light from distant astronomical sources gets distorted by massive galaxies. Space-time truly is curved in our universe, it’s not just a mathematical convenience.
There’s a classical Buddhist parable about a group of blind men relying only on touch to figure out an animal unfamiliar to them – an elephant. Space-time is our elephant here – we can never hope to see it in its full 4-D form, or watch it curve to cause gravity. But the simplified visualisation presented here can help us better understand it .
Genetic testing company 23andMe changed its terms of service to prevent customers from filing class action lawsuits or participating in a jury trial days after reports revealing that attackers accessed personal information of nearly 7 million people — half of the company’s user base — in an October hack.
In an email sent to customers earlier this week viewed by Engadget, the company announced that it had made updates to the “Dispute Resolution and Arbitration section” of its terms “to include procedures that will encourage a prompt resolution of any disputes and to streamline arbitration proceedings where multiple similar claims are filed.” Clicking through leads customers to the newest version of the company’s terms of service that essentially disallow customers from filing class action lawsuits, something that more people are likely to do now that the scale of the hack is clearer.
“To the fullest extent allowed by applicable law, you and we agree that each party may bring disputes against the other party only in an individual capacity and not as a class action or collective action or class arbitration,” the updated terms say. Notably, 23andMe will automatically opt customers into the new terms unless they specifically inform the company that they disagree by sending an email within 30 days of receiving the firm’s notice. Unless they do that, they “will be deemed to have agreed to the new terms,” the company’s email tells customers.
23andMe did not respond to a request for comment from Engadget.
In October, the San Francisco-based genetic testing company headed by Anne Wojcicki announced that hackers had accessed sensitive user information including photos, full names, geographical location, information related to ancestry trees, and even names of related family members. The company said that no genetic material or DNA records were exposed. Days after that attack, the hackers put up profiles of hundreds of thousands of Ashkenazi Jews and Chinese people for sale on the internet. But until last week, it wasn’t clear how many people were impacted.
In a filing with the Securities and Exchange Commission, 23andMe said that “multiple class action claims” have already been against the company in both federal and state court in California and state court in Illinois, as well as in Canadian courts.
Forbidding people from filing class action lawsuit, as Axiosnotes, hides information about the proceedings from the public since affected parties typically attempt to resolve disputes with arbitrators in private. Experts, such as Chicago-Kent College of Law professor Nancy Kim, an online contractor expert, told Axios that changing its terms wouldn’t be enough to protect 23andMe in court.
The company’s new terms are sparking outrage online. “Wow they first screw up and then they try to screw their users by being shady,” a user who goes by Daniel Arroyo posted on X. “Seems like they’re really trying to cover their asses,” wrote another user called Paul Duke, “and head off lawsuits after announcing hackers got personal data about customers.”
A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps.
The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the vulnerability and presented their research at Black Hat Europe this week.
The researchers, Ankit Gangwal, Shubham Singh and Abhijeet Srivastava, found that when an Android app loads a login page in WebView, password managers can get “disoriented” about where they should target the user’s login information and instead expose their credentials to the underlying app’s native fields, they said. This is because WebView, the preinstalled engine from Google, lets developers display web content in-app without launching a web browser, and an autofill request is generated.
[…]
“When the password manager is invoked to autofill the credentials, ideally, it should autofill only into the Google or Facebook page that has been loaded. But we found that the autofill operation could accidentally expose the credentials to the base app.”
Gangwal notes that the ramifications of this vulnerability, particularly in a scenario where the base app is malicious, are significant. He added: “Even without phishing, any malicious app that asks you to log in via another site, like Google or Facebook, can automatically access sensitive information.”
The researchers tested the AutoSpill vulnerability using some of the most popular password managers, including 1Password, LastPass, Keeper and Enpass, on new and up-to-date Android devices. They found that most apps were vulnerable to credential leakage, even with JavaScript injection disabled. When JavaScript injection was enabled, all the password managers were susceptible to their AutoSpill vulnerability.
It’s pretty well known that you shouldn’t use in app browsers anyway though PSA: Stop Using In-App Browsers Now but I am not sure how you would avoid using webview in this case
Google is dealing with its second “lost data” fiasco in the past few months. This time, it’s Google Drive, which has been mysteriously losing files for some people. Google acknowledged the issue on November 27, and a week later, it posted what it called a fix.
It doesn’t feel like Google is describing this issue correctly; the company still calls it a “syncing issue” with the Drive desktop app versions 84.0.0.0 through 84.0.4.0. Syncing problems would only mean files don’t make it to or from the cloud, and that doesn’t explain why people are completely losing files. In the most popular issue thread on the Google Drive Community forums, severalusersdescribespreadsheets and documents going missing, which all would have been created and saved in the web interface, not the desktop app, and it’s hard to see how the desktop app could affect that. Many users peg “May 2023” as the time documents stopped saving. Some say they’ve never used the desktop app.
[…]
Google’s recovery instructions outline a few ways to attempt to “recover your files.” One is via a new secret UI in the Google Drive desktop app version 85.0.13.0 or higher. If you hold shift while clicking on the Drive system tray/menu bar icon, you’ll get a special debug UI with an option to “Recover from backups.” Google says, “Once recovery is complete, you’ll see a new folder on your desktop with the unsynced files named Google Drive Recovery.” Google doesn’t explain what this does or how it works.
Option No. 2 is surprising: use of the command line to recover files. The new Drive binary comes with flags for ‘–recover_from_account_backups’ and ‘–recover_from_app_data_path’, which tells us a bit about what is going on. When Google first acknowledged the issue, it warned users not to delete or move Drive’s app data folder. These flags from the recovery process make it sound like Google hopes your missing files will be in the Drive cache somewhere. Google also suggests trying Windows Backup or macOS Time Machine to find your files.
Google locked the issue thread on the Drive Community Forums at 170 replies before it was clear the problem was solved. It’s also marking any additional threads as “duplicates” and locking them.
[…]
Of the few replies before Google locked the thread, most suggested that Google’s fix did not work. One user calls the fix “complete BS,” adding, “The “solution” doesn’t work for most people.” Another says, “Google Drive DELETED my files so they are not available for recovery. This “fix” is not a fix!” There are lotsof otherreports of the fix not working, and not many that say they got their files back. The idea that Drive would have months-old copies of files in the app data folder is hard to believe.
A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.
We’re told the attacks – which are usable against servers running the default configuration of Microsoft Dynamic Host Configuration Protocol (DHCP) servers – don’t require any credentials.
Akamai says it reported the issues to Redmond, which isn’t planning to fix the issue. Microsoft did not respond to The Register‘s inquiries.
The good news, according to Akamai, is that it hasn’t yet seen a server under this type of attack. The bad news: the firm’s flaw finders also told us that massive numbers of organizations are likely vulnerable, considering 40 percent of the “thousands” of networks that Akamai monitors are running Microsoft DHCP in the vulnerable configuration.
In addition to detailing the security issue, the cloud services biz also provided a tool that sysadmins can use to detect configurations that are at risk.
While the current report doesn’t provide technical details or proof-of-concept exploits, Akamai has promised, in the near future, to publish code that implements these attacks called DDSpoof – short for DHCP DNS Spoof.
“We will show how unauthenticated attackers can collect necessary data from DHCP servers, identify vulnerable DNS records, overwrite them, and use that ability to compromise AD domains,” Akamai security researcher Ori David said.
The DHCP attack research builds on earlier work by NETSPI’s Kevin Roberton, who detailed ways to exploit flaws in DNS zones.
[…]
In addition to creating non-existent DNS records, unauthenticated attackers can also use the DHCP server to overwrite existing data, including DNS records inside the ADI zone in instances where the DHCP server is installed on a domain controller, which David says is the case in 57 percent of the networks Akamai monitors.
“All these domains are vulnerable by default,” he wrote. “Although this risk was acknowledged by Microsoft in their documentation, we believe that the awareness of this misconfiguration is not in accordance with its potential impact.”
[…]
we’re still waiting to hear from Microsoft about all of these issues and will update this story if and when we do. But in the meantime, we’d suggest following Akamai’s advice and disable DHCP DNS Dynamic Updates if you don’t already and avoid DNSUpdateProxy altogether.
“Use the same DNS credential across all your DHCP servers instead,” is the advice.
Profiteering has played a significant role in boosting inflation during 2022, according to a report that calls for a global corporation tax to curb excess profits.
Analysis of the financial accounts of many of the UK’s biggest businesses found that profits far outpaced increases in costs, helping to push up inflation last year to levels not seen since the early 1980s.
The report from the IPPR and Common Wealth thinktanks found that business profits rose by 30% among UK-listed firms, driven by just 11% of firms that made super-profits based on their ability to push through stellar price increases – often dubbed greedflation.
Excessive profits were even larger in the US, where many important sections of the economy are dominated by a few powerful companies.
This surge in profits happened as wage increases largely failed to keep pace with inflation, and workers suffered their largest fall in disposable incomes since the second world war.
Researchers said the energy companies ExxonMobil and Shell, mining firms Glencore and Rio Tinto, and food and commodities businesses Kraft Heinz, Archer-Daniels-Midland and Bunge all saw their profits far outpace inflation in the aftermath of Russia’s invasion of Ukraine.
“Because energy and food prices feed so significantly into costs across all sectors of the wider economy, this exacerbated the initial price shock – contributing to inflation peaking higher and lasting longer than had there been less market power,” the report said.
After the analysis of 1,350 companies listed on the stock markets in the UK, US, Germany, Brazil and South Africa, the report said firms in the technology sector, telecommunications and the banking industry also pushed through significant price increases that raised their profit margins.
[…]
The report echoes research by the Unite union, which last year revealed how the biggest price increases affecting the UK consumer prices index (CPI) were driven by firms that either maintained or improved their profit margins.
[…]
Four food companies – the listed suppliers Archer-Daniels-Midland and Bunge, plus the privately owned Cargill and Dreyfus – control an estimated 70%–90% of the world grain market.
“This has caused significant harm to the economy as a whole,” the report said. “Global GDP could be 8% higher than it is now had market power not risen.
[…]
Last year, Isabel Schnabel, a member of the executive board of the European Central Bank, said that “on average, profits have recently been a key contributor to total domestic inflation, above their historical contribution”.
Jung and the Common Wealth economist Chris Hayes said a tax on the estimated $4tn of excess global profits was needed alongside moves to break up monopolistic practices that allowed firms to exploit their market power.
Jung said the Bank of England had fallen behind in the debate and needed to “catch up”.
The number of birthdays you’ve had—better known as your chronological age—now appears to be less important in assessing your health than ever before. A new study shows that bodily organs get “older” at extraordinarily different rates, and each one’s biological age can be at odds with a person’s age on paper.
[…]
The team sampled the blood of more than 5,500 people, all with no active disease or clinically abnormal biomarkers, to look for proteins that originated from specific organs. The scientists were able to determine where those proteins came from by measuring their gene activity: when genes for a protein were expressed four times more in one organ, that designated its origin. Next the team measured the concentrations of thousands of proteins in a drop of blood and found that almost 900 of them—about 18 percent of the proteins measured—tended to be specific to a single organ. When those proteins varied from the expected concentration for a particular chronological age, that indicated accelerated aging in the corresponding organ.
“We could say with reasonable certainty that [a particular protein] likely comes from the brain and somehow ends up in the blood,” explains Tony Wyss-Coray, a professor of neurology at Stanford University and co-author of the new study. If that protein concentration changes in the blood, “it must also likely change in the brain—and [that] tells us something about how the brain ages,” Wyss-Coray says.
By comparing study participants’ organ-specific proteins, the researchers were able to estimate an age gap—the difference between an organ’s biological age and its chronological age. Depending on the organ involved, participants found to have at least one with accelerated aging had an increased disease and mortality risk over the next 15 years. For example, those whose heart was “older” than usual had more than twice the risk of heart failure than people with a typically aging heart. Aging in the heart was also a strong predictor of heart attack. Similarly, those with a quickly aging brain were more likely to experience cognitive decline. Accelerated aging in the brain and vascular system predicted the progression of Alzheimer’s disease just as strongly as plasma pTau-181—the current clinical blood biomarker for the condition. Extreme aging in the kidneys was a strong predictor of hypertension and diabetes.
[…]
Wyss-Coray anticipates this research could lead to a simple blood test that could guide prognostic work—in other words, a test that could help foretell future illness. “You could start to do interventions before that person develops disease,” he says, “and potentially reverse this accelerating aging or slow it down.”
[…]
The momentum of commercial epigenetic testing is a “gold rush,” Shiels says. “There is a degree of oversell on what [the tests] can do.”
A single organ doesn’t tell the whole story of aging because deterioration processes are interconnected and affect an entire organism. “We understand a lot about the aging process on sort of a micro level,” Shiels says. “But a lot of the factors that drive age-related organ dysfunction are environmental. So it’s lifestyle, pollution, what you eat, microbes in your gut.”
“Researchers have identified a large number of bugs to do with the processing of images at boot time,” writes longtime Slashdot reader jd. “This allows malicious code to be installed undetectably (since the image doesn’t have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are capable of blocking the attack.” Ars Technica reports: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year’s worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.
As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment. “Once arbitrary code execution is achieved during the DXE phase, it’s game over for platform security,” researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. “From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started.” From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected device — a Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in June — runs standard firmware defenses, including Secure Boot and Intel Boot Guard. LogoFAIL vulnerabilities are tracked under the following designations: CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238. However, this list is currently incomplete.
“A non-exhaustive list of companies releasing advisories includes AMI (PDF), Insyde, Phoenix, and Lenovo,” reports Ars. “People who want to know if a specific device is vulnerable should check with the manufacturer.”
“The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device. It’s also a good idea, when possible, to configure UEFIs to use multiple layers of defenses. Besides Secure Boot, this includes both Intel Boot Guard and, when available, Intel BIOS Guard. There are similar additional defenses available for devices running AMD or ARM CPUs.”
In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet’s (GOOGL.O) Google and Apple (AAPL.O). Although details were sparse, the letter lays out yet another path by which governments can track smartphones.
Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. These are the audible “dings” or visual indicators users get when they receive an email or their sports team wins a game. What users often do not realize is that almost all such notifications travel over Google and Apple’s servers.
That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them “in a unique position to facilitate government surveillance of how users are using particular apps,” Wyden said. He asked the Department of Justice to “repeal or modify any policies” that hindered public discussions of push notification spying.
In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.
“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”
Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”
The Department of Justice did not return messages seeking comment on the push notification surveillance or whether it had prevented Apple of Google from talking about it.
Wyden’s letter cited a “tip” as the source of the information about the surveillance. His staff did not elaborate on the tip, but a source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.
The source declined to identify the foreign governments involved in making the requests but described them as democracies allied to the United States.
The source said they did not know how long such information had been gathered in that way.
Most users give push notifications little thought, but they have occasionally attracted attention from technologists because of the difficulty of deploying them without sending data to Google or Apple.
Earlier this year French developer David Libeau said users and developers were often unaware of how their apps emitted data to the U.S. tech giants via push notifications, calling them “a privacy nightmare.”
The world has reached a pivotal moment as threats from Earth system tipping points – and progress towards positive tipping points – accelerate, a new report shows
Story highlights
Rapid changes to nature and societies already happening, and more coming
The report makes six key recommendations to change course fast
A cascade of positive tipping points would save millions of lives
Humanity is currently on a disastrous trajectory, according to the Global Tipping Points report, the most comprehensive assessment of tipping points ever conducted.
The report makes six key recommendations to change course fast, including coordinated action to trigger positive tipping points.
Behind the report is an international team of more than 200 scientists, coordinated by the University of Exeter, in partnership with Bezos Earth Fund. Centre researchers David Armstrong McKay, Steven Lade, Laura Pereira, and Johan Rockström have all contributed to the report.
A tipping point occurs when a small change sparks an often rapid and irreversible transformation, and the effects can be positive or negative.
Based on an assessment of 26 negative Earth system tipping points, the report concludes “business as usual” is no longer possible – with rapid changes to nature and societies already happening, and more coming.
With global warming now on course to breach 1.5°C, at least five Earth system tipping points are likely to be triggered – including the collapse of major ice sheets and widespread mortality of warm-water coral reefs.
As Earth system tipping points multiply, there is a risk of catastrophic, global-scale loss of capacity to grow staple crops. Without urgent action to halt the climate and ecological crisis, societies will be overwhelmed as the natural world comes apart.
Impacts of physical tipping points could trigger social tipping such as financial destabilization, disruption of social cohesion, and violent conflict that would further amplify impacts on people.
Centre researcher Steven Lade
Positive tipping points
But there are ways forward. Emergency global action – accelerated by leaders meeting now at COP28 – can harness positive tipping points and steer us towards a thriving, sustainable future.
The report authors lay out a out a blueprint for doing this, and says bold, coordinated policies could trigger positive tipping points across multiple sectors including energy, transport, and food.
A cascade of positive tipping points would save millions of lives, billions of people from hardship, trillions of dollars in climate-related damage, and begin restoring the natural world upon which we all depend.
Phase out fossil fuels and land-use emissions now, stopping them well before 2050.
Strengthen adaptation and “loss and damage” governance, recognising inequality between and within nations.
Include tipping points in the Global Stocktake (the world’s climate “inventory”) and Nationally Determined Contributions (each country’s efforts to tackle climate change)
Coordinate policy efforts to trigger positive tipping points.
Convene an urgent global summit on tipping points.
Deepen knowledge of tipping points. The research team supports calls for an IPCC Special Report on tipping points.
This report was released at COP28 and is being taken extremely seriously by scientists and news people alike – as it should be. Stuff really does need to happen and it’s positive that there are possibly points that we can use to tip the balance in our favour.
