Daily Archives: April 2, 2021

Sierra Nevada Corporation resurrects plans for crewed Dream Chaser spaceplane, inflatable space station

Posted on by

Sierra Nevada Corporation (SNC) has unveiled plans for an enormous inflatable space station tended by cargo and crew carrying versions of its Dream Chaser spaceplane.

“There is no scalable space travel industry without a spaceplane,” said SNC chair and owner Eren Ozmen.

That’s handy, because with the retirement of the Space Shuttle, the Dream Chaser is nearasdammit the last spaceplane standing. NASA, however, disagreed and selected Boeing’s Calamity Capsule and SpaceX’s Crew Dragon for transportation purposes to and from the International Space Station (ISS).

The space agency did, however, pop SNC into the second round of ISS Commercial Resupply Services (CRS-2), meaning the reusable cargo version of the spaceplane will see orbital action once assembly is complete (due this summer with launch expected late in 2022), but the crew version was not to be troubling the old Space Shuttle runway at Kennedy Space Center.

SNC’s proposal for a space station as an alternative for the ageing ISS is the LIFE habitat: a 27-foot-long, three-storey inflatable module that launches on a conventional rocket and inflates once in orbit. A full-sized prototype is currently being transferred from Johnson Space Center in Texas to Kennedy Space Center in Florida.

The crewed version of the Dream Chaser has also been resurrected and is planned to be used to both “shuttle” private astronauts (we see what you did there, SNC) as well as “rescuing astronauts from space destinations and returning them to Earth via a safe and speedy runway landing.”

[…]

Source: Sierra Nevada Corporation resurrects plans for crewed Dream Chaser spaceplane • The Register

SCO Linux FUD Returns From the Dead

Posted on by
The Courts IBM Red Hat Software Linux

SCO Linux FUD Returns From the Dead (zdnet.com) 115

Posted by msmash from the how-about-that dept.
wiredog shares a ZDNet report: I have literally been covering SCO’s legal attempts to prove that IBM illegally copied Unix’s source code into Linux for over 17 years. I’ve written well over 500 stories on this lawsuit and its variants. I really thought it was dead, done, and buried. I was wrong. Xinuos, which bought SCO’s Unix products and intellectual property (IP) in 2011, like a bad zombie movie, is now suing IBM and Red Hat [for] “illegally Copying Xinuos’ software code for its server operating systems.” For those of you who haven’t been around for this epic IP lawsuit, you can get the full story with “27 eight-by-ten color glossy photographs and circles and arrows and a paragraph on the back of each one” from Groklaw. If you’d rather not spend a couple of weeks going over the cases, here’s my shortened version. Back in 2001, SCO, a Unix company, joined forces with Caldera, a Linux company, to form what should have been a major Red Hat rival. Instead, two years later, SCO sued IBM in an all-out legal attack against Linux.

The fact that most of you don’t know either company’s name gives you an idea of how well that lawsuit went. SCO’s Linux lawsuit made no sense and no one at the time gave it much of a chance of succeeding. Over time it was revealed that Microsoft had been using SCO as a sock puppet against Linux. Unfortunately for Microsoft and SCO, it soon became abundantly clear that SCO didn’t have a real case against Linux and its allies. SCO lost battle after battle. The fatal blow came in 2007 when SCO was proven to have never owned the copyrights to Unix. So, by 2011, the only thing of value left in SCO, its Unix operating systems, was sold to UnXis. This acquisition, which puzzled most, actually made some sense. SCO’s Unix products, OpenServer and Unixware, still had a small, but real market. At the time, UnXis now under the name, Xinuos, stated it had no interest in SCO’s worthless lawsuits. In 2016, CEO Sean Synder said, “We are not SCO. We are investors who bought the products. We did not buy the ability to pursue litigation against IBM, and we have absolutely no interest in that.” So, what changed? The company appears to have fallen on hard times. As Synder stated: “systems, like our FreeBSD-based OpenServer 10, have been pushed out of the market.” Officially, in his statement, Snyder now says, “While this case is about Xinuos and the theft of our intellectual property, it is also about market manipulation that has harmed consumers, competitors, the open-source community, and innovation itself.”

Source: SCO Linux FUD Returns From the Dead – Slashdot

Unlock your DJI’s FPV Drone and Crank Up The Power

Posted on by

Apparently, if the GPS on your shiny new DJI FPV Drone detects that it’s not in the United States, it will turn down its transmitter power so as not to run afoul of the more restrictive radio limits elsewhere around the globe. So while all the countries that have put boots on the Moon get to enjoy the full 1,412 mW of power the hardware is capable of, the drone’s software limits everyone else to a paltry 25 mW. As you can imagine, that leads to a considerable performance penalty in terms of range.

But not anymore. A web-based tool called B3YOND promises to reinstate the full power of your DJI FPV Drone no matter where you live by tricking it into believing it’s in the USA. Developed by the team at [D3VL], the unlocking tool uses the new Web Serial API to send the appropriate “FCC Mode” command to the drone’s FPV goggles over USB. Everything is automated, so this hack is available to anyone who’s running a recent version of Chrome or Edge and can click a button a few times.

[..]

Source: Web Tool Cranks Up The Power On DJI’s FPV Drone | Hackaday

Tesla customers say they’ve been double-charged for their cars

Posted on by

Finding an extra $10 charge on your groceries is enough to make most people angry, but what if you paid twice for a a $56,000 car? Tesla buyers have been reporting that they’ve been double-charged on cars for recent purchases and have had trouble contacting the company and getting their money back, according to a report from CNBC and posts on Twitter and the Tesla Motors Club forum.

[…]

As of yesterday, the customers mentioned in the CNBC report have yet to receive their refunds and all have refused to take delivery until the problem is resolved. “This was not some operator error,” Peterson said. “And for a company that has so much technology skill, to have this happening to multiple people really raises questions.” Engadget has reached out for comment.

Source: Tesla customers say they’ve been double-charged for their cars | Engadget

Virgin Galactic’s VSS Imagine is its shiny, next-gen spaceship

Posted on by

Virgin Galactic took to YouTube to reveal, briefly, its first SpaceShip III, which will start ground tests and “glide flights” later this year. It’s an eye-catching vessel, channeling that Star Wars: The Phantom Menace Naboo starship look in a wonderful way. It’s finished with a mirror-like material that’s meant to reflect its surroundings, whether that’s the blackness of space or the blueness of Earth’s atmosphere. It’s not all about aesthetics: it also offers thermal protection.

Source: Virgin Galactic’s VSS Imagine is its shiny, next-gen spaceship | Engadget

Scientists Implant and Then Reverse False Memories in People

Posted on by

now, for the first time ever, scientists have evidence showing they can reverse false memories, according to a study published in the journal Proceedings of the National Academy of Sciences.

“The same way that you can suggest false memories, you can reverse them by giving people a different framing,” the lead researcher of the paper, Aileen Oeberst, head of the Department of Media Psychology at the University of Hagen, told Gizmodo. “It’s interesting, scary even.”

[…]

“As the field of memory research has developed, it’s become very clear that our memories are not ‘recordings’ of the past that can be played back but rather are reconstructions, closer to imaginings informed by seeds of true experiences,” Christopher Madan, a memory researcher at the University of Nottingham who was not involved in the new study, told Gizmodo

[…]

Building off of that, Oeberst’s lab recently implanted false memories in 52 people by using suggestive interviewing techniques. First, they had the participants’ parents privately answer a questionnaire and come up with some real childhood memories and two plausible, but fake, ones—all negative in nature, such as how their pet died or when they lost their toy. Then they had researchers ask the participants to recall these made-up events in a detailed manner, including specifics about what happened. For example, “Your parents told us that when you were 12 years old during a holiday in Italy with your family you got lost. Can you tell me more about it?”

The test subjects met their interviewer three times, once every two weeks, and by the third session most participants believed these anecdotes were true, and over half (56%) developed and recollected actual false memories—a significantly higher percentage than most studies in this area of research.

These findings reveal the depth of false memory and fit closely with prior research in the field, according to Robert Nash, a psychologist at Aston University who was not involved in the study. “Such as the fact that some of the false memories arose almost immediately, even in the first interview, the fact that they increased in richness and frequency with each successive interview, and the fact that more suggestive techniques led to much higher levels of false remembering and believing,” Nash told Gizmodo.

According to Henry Otgaar, a false memory researcher at Maastricht University who was a reviewer of this study, there’s been an increase in people thinking that it’s difficult to implant false memories. This work is important in showing the relative ease by which people can form such false memories, he told Gizmodo.

“Actually, what we see in lab experiments is highly likely underestimation of what we see in real-world cases, in which, for example, a police officer or a therapist, suggestively is dredging for people’s memories that perhaps are not there for weeks, for months, in a highly suggestive fashion,” he said, suggesting this is what happens in some cases of false confessions.

But researchers, to some extent, already knew how easy it is to trick our memories. Oeberst’s study is innovative in suggesting that it’s equally as easy to reverse those false memories. And knowing the base truth about what actually happened isn’t even necessary to revert the fake recollections.

In the experiment, Oeberst had another interviewer ask participants to identify whether any of their memories could be false, by simply thinking critically about them. The scientists used two “sensitization” techniques: One, source sensitization, where they asked participants to recall the exact source of the memory (what is leading you to remember this; what specific recollection do you, yourself, have?). And two, false memory sensitization, where they explained to the subjects that sometimes being pressured to recall something can elicit false memories.

“And they worked, they worked!” Oeberst said, adding that of course not every single participant was persuaded that their memory was false.

Particularly with the false memory sensitization strategy, participants seemed to regain their trust in their initial gut feeling of what they did and didn’t remember, as if empowered to trust their own recollection more. “I don’t recollect this and maybe it’s not my fault, maybe it’s actually my parents who made something up or they were wrong,” Oeberst said, mimicking the participants’ thought process. “Basically, it’s a different solution to the same riddle.” According to Oeberst, the technique by which false memories are implanted is the same used to reverse them, “just from a different angle, the opposite angle.”

The memories didn’t completely vanish for everybody; 15% to 25% of the participants still believed their false memories were real, and this is roughly the same amount of people who accepted false memories right after the first interview. A year later, 74% of all participants still recognized which were false memories or didn’t remember them at all.

“Up until now, we didn’t have any way to reject or reverse false memory formation,” said Otgaar, who has published over 100 studies on false memory. “But it’s very simple, and with such a simple manipulation that this can already lead to quite strong effects. That’s really interesting.”

The researchers also suggest reframing thinking about false memories in terms of “false remembering,” an action determined by information and context, rather than “false memories,” as if memories were stable files in a computer.

“This is especially important, I think, insofar that remembering is always contextual. It’s less helpful for us to think about whether or not people ‘have’ a false memory and more helpful to think of the circumstances in which people are more or less likely to believe they are remembering,” said Nash.

[…]

Source: Scientists Implant and Then Reverse False Memories in People

Another successful flight for SpaceX’s Starship apart from the landing-in-one-piece thing

Posted on by

SpaceX continued its rich tradition of destroying Starship prototypes with SN11 succumbing to an explosive end during a high-altitude flight test.

Originally planned for 29 March, the test flight from the company’s facility in Boca Chica, Texas, had been postponed until this morning because a Federal Aviation Administrator (FAA) had been unable reach the site in time to observe the test.

The inspector was present today to witness another demonstration of Tesla Technoking Elon Musk’s prowess at blowing up big, shiny rockets.

The test was a repeat of the Serial Number 10 prototype vehicle flight earlier in March. SN10 broke the heart of SpaceX fanbois around the globe by coming so close to complete success. That vehicle managed to return from its high-altitude test in one piece, landing upright. However, seconds later it exploded spectacularly, leaving the way clear (except for some bits of twisted metal) for SN11.

With SN10 almost succeeding, hopes were high for SN11.

The silver rocket, obscured by mist, launched on time. The three Raptor engines appeared to burn normally during the flight, with one shutting down just after the two-minute mark as planned. A second engine was then shut down before the vehicle reached the desired 10km point and the last engine was cut off.

Despite spotty video, the signature “belly flop” of the vehicle was visible as SN11 flipped over for its return to Earth. As it passed through 1km in altitude (according to the SpaceX announcer) the Raptors could be seen gimballing into position and at least one igniting.

And then the video froze again.

However, the audio continued for a few more seconds before a very audible bang was heard. Shortly after, SpaceX’s announcer returned to the air to confirm “another exciting test.”

Exciting for those on the ground, perhaps, as the rocket exploded in the mist.

[…]

 

Source: Another successful flight for SpaceX’s Starship apart from the landing-in-one-piece thing • The Register

Oh dear mr Musk. I’m not going up on that

Wi-Fi devices set to become object sensors by 2024 under planned 802.11bf standard – no, they haven’t thought of security and privacy

Posted on by

In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals.

“When 802.11bf will be finalized and introduced as an IEEE standard in September 2024, Wi-Fi will cease to be a communication-only standard and will legitimately become a full-fledged sensing paradigm,” explains Francesco Restuccia, assistant professor of electrical and computer engineering at Northeastern University, in a paper summarizing the state of the Wi-Fi Sensing project (SENS) currently being developed by the Institute of Electrical and Electronics Engineers (IEEE).

SENS is envisioned as a way for devices capable of sending and receiving wireless data to use Wi-Fi signal interference differences to measure the range, velocity, direction, motion, presence, and proximity of people and objects.

It may come as no surprise that the security and privacy considerations of Wi-Fi-based sensing have not received much attention.

As Restuccia warns in his paper, “As yet, research and development efforts have been focused on improving the classification accuracy of the phenomena being monitored, with little regard to S&P [security and privacy] issues. While this could be acceptable from a research perspective, we point out that to allow widespread adoption of 802.11bf, ordinary people need to trust its underlying technologies. Therefore, S&P guarantees must be provided to the end users.”

[…]

“Indeed, it has been shown that SENS-based classifiers can infer privacy-critical information such as keyboard typing, gesture recognition and activity tracking,” Restuccia explains. “Given the broadcast nature of the wireless channel, a malicious eavesdropper could easily ‘listen’ to CSI [Channel State Information] reports and track the user’s activity without authorization.”

And worse still, he argues, such tracking can be done surreptitiously because Wi-Fi signals can penetrate walls, don’t require light, and don’t offer any visible indicator of their presence.

Restuccia suggests there needs to be a way to opt-out of SENS-based surveillance; a more privacy-friendly stance would be to opt-in, but there’s not much precedent for seeking permission in the technology industry.

[…]

Source: Wi-Fi devices set to become object sensors by 2024 under planned 802.11bf standard • The Register

Android, iOS beam telemetry to Google, Apple even when you tell them not to

Posted on by

In a recent released research paper, titled “Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google” [PDF], Douglas Leith, chairman of computer systems in the school of computer science and statistics at Trinity College Dublin, Ireland, documents how iPhones and Android devices phone home regardless of the wishes of their owners.

According to Leith, Android and iOS handsets share data about their salient characteristics with their makers every 4.5 minutes on average.

“The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google,” the paper says. “Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.”

These transmissions occur even when the iOS Analytics & Improvements option is turned off and the Android Usage & Diagnostics option is turned off.

Such data may be considered personal information under privacy rules, depending upon the applicable laws and whether they can be associated with an individual. It can also have legitimate uses.

Of the two mobile operating systems, Android is claimed to be the more chatty: According to Leith, “Google collects a notably larger volume of handset data than Apple.”

Within 10 minutes of starting up, a Google Pixel handset sent about 1MB of data to Google, compared to 42KB of data sent to Apple in a similar startup scenario. And when the handsets sit idle, the Pixel will send about 1MB every 12 hours, about 20x more than the 52KB sent over the same period by an idle iPhone.

[…]

Leith’s tests excluded data related to services selected by device users, like those related to search, cloud storage, maps, and the like. Instead, they focused on the transmission of data shared when there’s no logged in user, including IMEI number, hardware serial number, SIM serial number, phone number, device ids (UDID, Ad ID, RDID, etc), location, telemetry, cookies, local IP address, device Wi-Fi MAC address, and nearby Wi-Fi MAC addresses.

This last category is noteworthy because it has privacy implications for other people on the same network. As the paper explains, iOS shares additional data: the handset Bluetooth UniqueChipID, the Secure Element ID (used for Apple Pay), and the Wi-Fi MAC addresses of nearby devices, specifically other devices using the same network gateway.

“When the handset location setting is enabled, these MAC addresses are also tagged with the GPS location,” the paper says. “Note that it takes only one device to tag the home gateway MAC address with its GPS location and thereafter the location of all other devices reporting that MAC address to Apple is revealed.”

[…]

Google also has a plausible fine-print justification: Leith notes that Google’s analytics options menu includes the text, “Turning off this feature doesn’t affect your device’s ability to send the information needed for essential services such as system updates and security.” However, Leith argues that this “essential” data is extensive and beyond reasonable user expectations.

As for Apple, you might think a company that proclaims “What happens on your iPhone stays on your iPhone” on billboards, and “Your data. Your choice,” on its website would want to explain its permission-defying telemetry. Yet the iPhone maker did not respond to a request for comment.

Source: Android, iOS beam telemetry to Google, Apple even when you tell them not to – study • The Register

Wi-Fi slinger Ubiquiti hints at source code leak after claim of ‘catastrophic’ cloud intrusion emerges

Posted on by

News that Ubiquiti’s cloud servers had been breached emerged on January 11, 2021, when the company emailed customers the text found in this support forum post. That missive stated: “We recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.”

That announcement continued, “We have no indication that there has been unauthorized activity with respect to any user’s account,” but also recommended customers change their passwords because if their records had been accessed, hashed and salted passwords, email addresses, and even physical addresses and phone numbers could be at risk.

An update on Wednesday this week stated an investigation by outside experts “identified no evidence that customer information was accessed, or even targeted,” however.

Crucially, the update also revealed that someone “unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials.” The update does not suggest the extortion attempt was fanciful.

Ubiquiti has not said when the external experts decided customer data was untouched. Which leaves the company in the interesting position of perhaps knowing its core IP has leaked, and not disclosing that, while also knowing that customer data is safe and not disclosing that, either.

The update contains another scary nugget in this sentence: “Please note that nothing has changed with respect to our analysis of customer data and the security of our products since our notification on January 11.”

But the January 11 notification makes no mention of “the security of our products.”

The update on Wednesday was published two days after Krebs On Security reported that it has seen a letter from a whistleblower to the European Data Protection Supervisor that alleges Ubiquiti has not told the whole truth about the incident.

Krebs said the letter described the attack on Ubiquiti as “catastrophically worse than reported.”

“The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk,” the letter reportedly claimed, adding that Ubiquiti’s legal team “silenced and overruled efforts to decisively protect customers.”

The whistleblower separately claimed that whoever was able to break into Ubiquiti’s Amazon-hosted servers, they could have swiped cryptographic secrets for customers’ single sign-on cookies and remote device access, internal source code, and signing keys – far more than the Wi-Fi box maker disclosed in January. The intruder, it is said, obtained a Ubiquiti IT worker’s privileged credentials, got root access to the business’s AWS systems, and thus had a potential free run of its cloud-hosted storage and databases.

Backdoors were apparently stashed in the servers, too, and, as Ubiquiti acknowledged this week, a ransom was demanded to keep quiet about the break-in.

[…]

The update ends with another call for customers to refresh their passwords and enable two-factor authentication. The Register fancies some readers may also consider refreshing their Wi-Fi supplier. ®

PS: It’s not been a great week for Ubiquiti: it just promised to remove house ads it added to the web-based user interface of its UniFi gear.

Source: Wi-Fi slinger Ubiquiti hints at source code leak after claim of ‘catastrophic’ cloud intrusion emerges • The Register

Security has never been one of their strong points so this is not really surprising…