Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Ventoy – add an iso to usb drive and boot it (or any other iso on it) up without any configuration

Posted on by

Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.
With ventoy, you don’t need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)/EFI files to the USB drive and boot them directly.
You can copy many files at a time and ventoy will give you a boot menu to select them (screenshot).
x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, ARM64 UEFI and MIPS64EL UEFI are supported in the same way.
Most type of OS supported (Windows/WinPE/Linux/ChromeOS/Unix/VMware/Xen…)
770+ image files are tested (list),     90%+ distros in distrowatch.com supported (details),

Source: Ventoy

FAA says lack of federal whistleblower protections is ‘enormous factor’ hindering Blue Origin safety review

Posted on by

Jeff Bezos’ rocket company, Blue Origin, became the subject of a federal review this fall after a group of 21 current and former employees co-signed an essay that raised serious questions about the safety of the company’s rockets — including the rocket making headlines for flying Bezos and other celebrities to space.

Blue Origin: Essay alleges sexism, 'dehumanizing' culture at Jeff Bezos' rocket company

But that review was hamstrung by a lack of legal protections for whistleblowers in the commercial spaceflight industry, according to emails from Federal Aviation Administration investigators that were obtained by CNN Business.
The FAA also confirmed in a statement Friday that its Blue Origin review is now closed, saying the “FAA investigated the safety allegations made against Blue Origin’s human spaceflight program” and “found no specific safety issues.”
The emails obtained by CNN Business, however, reveal that investigators were not able to speak with any of the engineers who signed the letter anonymously. Investigators also were not able to go to Blue Origin and ask for documents or interviews with current employees or management, according to the FAA.
The situation highlights how commercial spaceflight companies like Blue Origin are operating in a regulatory bubble, insulated from much of the scrutiny other industries are put under. There are no federal whistleblower statues that would protect employees in the commercial space industry if they aid FAA investigators, according to the agency.
[…]

Source: FAA says lack of federal whistleblower protections is ‘enormous factor’ hindering Blue Origin safety review – CNN

Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package, hugely popular

Posted on by

A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string.

Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We’re calling it “Log4Shell” for short.

The 0-day was tweeted along with a POC posted on GitHub. Since this vulnerability is still very new, there isn’t a CVE to track it yet. This has been published as CVE-2021-44228.

This post provides resources to help you understand the vulnerability and how to mitigate it for yourself.

Who is impacted?

Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.

Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach.

Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of log4j2.

Simply changing an iPhone’s name has been shown to trigger the vulnerability in Apple’s servers.

Updates (3 hours after posting): According to this blog post (see translation), JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to false meaning JNDI cannot load remote code using LDAP.

However, there are other attack vectors targeting this vulnerability which can result in RCE. An attacker could still leverage existing code on the server to execute a payload. An attack targeting the class org.apache.naming.factory.BeanFactory, present on Apache Tomcat servers, is discussed in this blog post.

Affected Apache log4j2 Versions

2.0 <= Apache log4j <= 2.14.1

Permanent Mitigation

Version 2.15.0 of log4j has been released without the vulnerability. log4j-core.jar is available on Maven Central here, with [release notes] and [log4j security announcements].

The release can also be downloaded from the Apache Log4j Download page.

[…]

Source: Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package | LunaSec

You can find sites that have been exloited https://github.com/YfryTchsGD/Log4jAttackSurface

MCH2022 Submit a talk above and beyond the final frontier!

Posted on by

In the first part of this series of posts where we explore possible subjects that may trigger your “Aha! I know about this and can talk about this!” reflex, medical technology was suggested as an avenue of interest. In this second part, we would like to tickle your memories from not so very long ago but quite far far away and suggest space as a topic for your consideration.

There has been an incredible acceleration of technology and accessibility in this space. With the introduction of CubeSats, space became much more accessible and a few years ago the first fully open-source CubeSat was launched. Companies such as Astra, Rocket Labs and SpaceX have entered the space race, elbowing out the traditional nationally funded efforts. A car was fired into space. Mars was landed on – twice – with the first aircraft on another planet flying around. The moon was rear-ended by the Chinese. 2021 was the year where we launched billionaires into space willy-nilly with even Captain Kirk having a go. NASA got all childish and changed the definition of an astronaut so that some billionaires were one and some weren’t suddenly. Satellite mesh networks are cluttering the skies so ground astronomers can’t see out any more. Nations are firing missiles at satellites, contributing significantly to the space junk problem. Satellites are jamming each other and trying to take each other over. The ISS is leaking and suddenly firing thrusters when it isn’t avoiding aforesaid trash. SpinLaunch is using a giant snail-like centrifuge that launches stuff into space from Earth. Neumann Space is trying to build a gas station for satellites in space. Steve Wozniak wants to become a space janitor and clean up all that mess. China has its own space station.

With all this action also comes condemnation. Should we be spending all that money on space when there are so many problems here on Earth? Reflection: What kind of legal structures and governance do we try to impose on foreign planets, the moon, the space above us, and how do we enforce this? But also what does cheap and plentiful access to space mean on a societal level, looking forward? Technically, what efforts have we thrown into tracking and communicating with these satellites? What should we do with old satellites? How can we as a community access space, and what do we want to do there?

We are looking forward to hearing from you – a workshop, lecture, anything you feel you can contribute is welcome!

Call for Participation

Source: May Contain Hackers 2022

I wrote this in the hopes that you are inspired to join the CFP!

Italian regulator fines Amazon $1.28 billion for abusing its market dominance

Posted on by

Italy’s antitrust authority (AGCM) has fined Amazon €1.13 billion ($1.28 billion) for “abuse of dominant position,” the second penalty it has imposed on Amazon over the last month. Amazon holds a position of “absolute dominance” in the Italian brokerage services market, “which has allowed it to promote its own logistics service, called Fulfillment by Amazon (FBA),” the authority wrote in a (Google translated) press release.

According to the AGCM, companies must use Amazon’s FBA service if they want access to key benefits like the Prime label, which in turn allows them to participate in Black Friday sales and other key events. “Amazon has thus prevented third-party sellers from associating the Prime label with offers not managed with FBA,” it said.

The authority said access to those functions are “crucial” for seller success. It also noted that third-party sellers using FBA are not subject to the same stringent performance requirements as non-FBA sellers. As such, they’re less likely to be suspended from the platform if they fail to meet certain goals. Finally, it noted that sellers using Amazon’s logistics services are discouraged from offering their products on other online platforms, at least to the same extent they do on Amazon.

[…]

Source: Italian regulator fines Amazon $1.28 billion for abusing its market dominance | Engadget

Report: VPNs Are Often a Mixed Bag for Privacy

Posted on by

[…] Consumer Reports, which recently published a 48-page white paper on VPNs that looks into the privacy and security policies of 16 prominent VPN providers. Researchers initially looked into some 51 different companies but ultimately honed in on the most prominent, high-quality providers. The results are decidedly mixed, with the report highlighting a lot of the long offered criticisms of the industry—namely, it’s lack of transparency, its PR bullshit, and its not always stellar security practices. On the flip side, a small coterie of VPNs actually seem pretty good.

[…]

. Consumers may often believe that by using a VPN they are able to become completely invisible online, as companies promise stuff like “unrivaled internet anonymity,” and the ability to “keep your browsing private and protect yourself from hackers and online tracking,” and so on and so forth.

In reality, there are still a whole variety of ways that companies and advertisers can track you across the internet—even if your IP address is hidden behind a virtual veil.

[…]

via a tool developed by a group of University of Michigan researchers, dubbed the “VPNalyzer” test suite, which was able to look at various security issues with VPN connections. The research team found that “malicious and deceptive behaviors by VPN providers such as traffic interception and manipulation are not widespread but are not nonexistent. In total, the VPNalyzer team filed more than 29 responsible disclosures, 19 of which were for VPNs also studied in this report, and is awaiting responses regarding its findings.”

The CR’s own analysis found “little evidence” of VPNs “manipulating users’ networking traffic when testing for evidence of TLS interception,” though they did occasionally run into examples of data leakage.

And, as should hopefully go without saying, any VPN with the word “free” near it should be avoided at all costs, lest you accidentally download some sort of Trojan onto your device and casually commit digital hari-kari.

[…]

According to CR’s review, four VPN providers rose to the top of the list in terms of their privacy and security practices. They were:

Apparently in that order.

These companies stood out mostly by not over-promising what they could deliver, while also scoring high on scales of transparency and security

[…]

Source: Report: VPNs Are Often a Mixed Bag for Privacy

Physicists discover special transverse sound wave

Posted on by

A research team at City University of Hong Kong (CityU) has discovered a new type of sound wave: The airborne sound wave vibrates transversely and carries both spin and orbital angular momentum like light does. The findings shattered scientists’ previous beliefs about the sound wave, opening an avenue to the development of novel applications in acoustic communications, acoustic sensing and imaging.

The research was initiated and co-led by Dr. Shubo Wang, Assistant Professor in the Department of Physics at CityU, and conducted in collaboration with scientists from Hong Kong Baptist University (HKBU) and the Hong Kong University of Science and Technology (HKUST). It was published in Nature Communications, titled “Spin-orbit interactions of transverse sound.”

Beyond the conventional understanding of sound wave

The physics textbooks tell us there are two kinds of waves. In like light, the vibrations are perpendicular to the direction of wave propagation. In longitudinal waves like sound, the vibrations are parallel to the direction of wave propagation. But the latest discovery by scientists from CityU changes this understanding of sound waves.

“While the airborne sound is a longitudinal wave in usual cases, we demonstrated for the first time that it can be a transverse wave under certain conditions. And we investigated its spin-orbit interactions (an important property only exists in transverse waves), i.e. the coupling between two types of angular momentum. The finding provides new degrees of freedom for sound manipulations.”

The absence of shear force in the air, or fluids, is the reason why sound is a longitudinal wave, Dr. Wang explained. He had been exploring whether it is possible to realize transverse sound, which requires shear force. Then he conceived the idea that synthetic shear force may arise if the air is discretized into “meta-atoms,” i.e., volumetric air confined in small resonators with size much smaller than the wavelength. The collective motion of these air “meta-atoms” can give rise to a transverse sound on the macroscopic scale.

Negative refraction induced by the spin-orbit interaction in momentum space. Credit: S. Wang et al. DOI: 10.1038/s41467-021-26375-9

Conception and realization of ‘micropolar metamaterial’

He ingeniously designed a type of artificial material called “micropolar metamaterial” to implement this idea, which appears like a complex network of resonators. Air is confined inside these mutually connected resonators, forming the “meta-atoms.” The metamaterial is hard enough so that only the air inside can vibrate and support sound propagation. The showed that the collective motion of these air “meta-atoms” indeed produces the shear force, which gives rise to the transverse sound with spin-orbit interactions inside this metamaterial. This theory was verified by experiments conducted by Dr. Ma Guancong’s group in HKBU.

Moreover, the research team discovered that air behaves like an elastic material inside the micropolar metamaterial and thus supports transverse sound with both spin and orbital angular momentum. Using this metamaterial, they demonstrated two types of spin-orbit interactions of sound for the first time. One is the momentum-space spin-orbit interaction, which gives rise to negative refraction of the transverse sound, meaning that sound bends in the opposite directions when passing through an interface. Another one is the real-space spin-orbit interaction, which generates sound vortices under the excitation of the transverse sound.

[…]

Source: Physicists discover special transverse sound wave

Prisons snoop on inmates’ phone calls with speech-to-text AI

Posted on by

Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

“(The) sheriff believes (the calls) will help him fend off pending liability via civil action from inmates and activists,” Sexton said. Verus transcribes phone calls and finds certain keywords discussing issues like COVID-19 outbreaks or other complaints about jail conditions.

Prisoners, however, said the tool was used to catch crime. In one case, it allegedly found one inmate illegally collecting unemployment benefits. But privacy advocates aren’t impressed. “T​​he ability to surveil and listen at scale in this rapid way – it is incredibly scary and chilling,” said Julie Mao, deputy director at Just Futures Law, an immigration legal group.

[…]

Source: Prisons snoop on inmates’ phone calls with speech-to-text AI • The Register

Spotify Pulls Content of Comedians Fighting to Get Royalties

Posted on by

[…]

Spotify took down the work of hundreds of comedians, including big names like John Mulaney, Jim Gaffigan, and Kevin Hart, the Wall Street Journal reported on Saturday. Mulaney, Gaffigan, Hart, and other comedians are represented by Spoken Giants, a global rights company that’s leading the fight to get radio and digital platforms, such as Spotify, SiriusXM, Pandora, and YouTube, to pay comedians royalty payments on the copyright for their written work.

According to the outlet, the streaming giant been in negotiations with Spoken Giants but couldn’t reach an agreement. On Thanksgiving, Spotify informed Spoken Giants that would pull all work by comedians represented by the organization until they could come to an understanding.

[…]

“In music, songwriter royalties are a very basic revenue stream, so this is not an unfamiliar concept and our work is based on established precedents and clear copyright language,” King said. “With this take-down, individual comedians are now being penalized for collectively requesting the same compensation songwriters receive.”

[…]

Source: Spotify Pulls Content of Comedians Fighting to Get Royalties

Cuba ransomware gang scores almost $44m from 49 victims: FBI

Posted on by

The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year.

The attacks were spread across five “critical infrastructure”, which, besides government, included the financial, healthcare, manufacturing, and – as you’d expect – IT sectors. The Feds said late last week the threat actors are demanding $76m in ransoms and have already received at least $43.9m in payments.

The ransomware gang’s loader of choice, Hancitor, was the culprit, distributed via phishing emails, or via exploit of Microsoft Exchange vulnerabilities, compromised credentials, or Remote Desktop Protocol (RDP) tools. Hancitor – also known as Chanitor or Tordal – enables a CobaltStrike beacon as a service on the victim’s network using a legitimate Windows service like PowerShell.

[…]

Source: Cuba ransomware gang scores almost $44m from 49 victims: FBI • The Register

Executive at Swiss Tech Company Said to Operate Secret Surveillance Operation

Posted on by

The co-founder of a company that has been trusted by technology giants including Google and Twitter to deliver sensitive passwords to millions of their customers also operated a service that ultimately helped governments secretly surveil and track mobile phones, Bloomberg reported Monday, citing former employees and clients. From the report: Since it started in 2013, Mitto AG has established itself as a provider of automated text messages for such things as sales promotions, appointment reminders and security codes needed to log in to online accounts, telling customers that text messages are more likely to be read and engaged with than emails as part of their marketing efforts. Mitto, a closely held company with headquarters in Zug, Switzerland, has grown its business by establishing relationships with telecom operators in more than 100 countries. It has brokered deals that gave it the ability to deliver text messages to billions of phones in most corners of the world, including countries that are otherwise difficult for Western companies to penetrate, such as Iran and Afghanistan. Mitto has attracted major technology giants as customers, including Google, Twitter, WhatsApp, Microsoft’s LinkedIn and messaging app Telegram, in addition to China’s TikTok, Tencent and Alibaba, according to Mitto documents and former employees.

But a Bloomberg News investigation, carried out in collaboration with the London-based Bureau of Investigative Journalism, indicates that the company’s co-founder and chief operating officer, Ilja Gorelik, was also providing another service: selling access to Mitto’s networks to secretly locate people via their mobile phones. That Mitto’s networks were also being used for surveillance work wasn’t shared with the company’s technology clients or the mobile operators Mitto works with to spread its text messages and other communications, according to four former Mitto employees. The existence of the alternate service was known only to a small number of people within the company, these people said. Gorelik sold the service to surveillance-technology companies which in turn contracted with government agencies, according to the employees.

Source: Executive at Swiss Tech Company Said to Operate Secret Surveillance Operation – Slashdot

$150m – $200m of digital assets stolen in BitMart security breach

Posted on by

Cryptocurrency exchange BitMart has coughed to a large-scale security breach relating to ETH and BSC hot wallets. The company reckons that hackers made off with approximately $150m in assets.

Security and analytics outfit PeckShield put the figure at closer to $200m.

“We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets today. At this moment we are still concluding the possible methods used. Hackers were able to withdraw assets of the value of approximately 150 million USD,” BitMart said.

“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress,” it added.

Worryingly for customers, BitMart has blocked withdrawals until it has completed a “thorough security review” or, in the common metaphor, shut the stable door after the horse has bolted.

[…]

Source: $150m of digital assets stolen in BitMart security breach • The Register

The SEC is probing Tesla’s faulty solar panels prone to fire, whistleblower says they kept evidence of danger under wraps

Posted on by

The Securities and Exchange Commission has launched an investigation into whether Tesla failed to tell investors and customers about the fire risks of its faulty solar panels.

Whistleblower and ex-employee, Steven Henkes, accused the company of flouting safety issues in a complaint with the SEC in 2019. He filed a freedom of information request to regulators and asked to see records relating to the case in September, earlier this year. An SEC official declined to hand over documents, and confirmed its probe into the company is still in progress.

[…]

Tesla started selling and installing solar panels after it acquired SolarCity for $2.6bn in 2016. But its goal of becoming a renewable energy company hasn’t been smooth. Several fires have erupted from Tesla’s solar panels installed on the roofs of Walmart stores, Amazon warehouses, and people’s homes.

In fact, Walmart sued the company in 2019 after seven of its supermarkets in the US caught fire. The lawsuit accused Tesla of “utter incompetence or callousness, or both.” Walmart later dropped its claims, and settled the matter privately.

Before Walmart’s lawsuit, however, Steven Henkes, who was employed as a field quality manager by Tesla after the acquisition, said he attempted to raise concerns about fire risks with managers. He claimed in a lawsuit [PDF] filed last year in November that he was wrongfully terminated after he was fired in August, last year. Henkes claimed his concerns about defects in the company’s solar panels and electrical connectors were repeatedly ignored, and after he filed initial whistleblower complaints with the SEC and the US Consumer Protection Safety Commission (CPSC).

Over 60,000 people as well as over 500 commercial consumers could have been potentially affected by fire risks from Tesla’s faulty solar panels, the lawsuit said. Tesla started replacing and reimbursing defective components in 2019, Business Insider reported. The CPSC has also been investigating the company, too. Tesla did not respond to The Register’s questions.

Source: The SEC is probing Tesla’s faulty solar panels prone to fire • The Register

Suspected Russian Activity Targeting Government and Business Entities Around the Globe after Solarwinds

Posted on by

Mandiant continues to track multiple clusters of suspected Russian intrusion activity that have targeted business and government entities around the globe. Based on our assessment of these activities, we have identified two distinct clusters of activity, UNC3004 and UNC2652. We associate both groups with UNC2452 also referred to as Nobelium by Microsoft.

Some of the tactics Mandiant has recently observed include:

  • Compromise of multiple technology solutions, services, and reseller companies since 2020.
  • Use of credentials likely obtained from an info-stealer malware campaign by a third-party actor to gain initial access to organizations.
  • Use of accounts with Application Impersonation privileges to harvest sensitive mail data since Q1 2021.
  • Use of both residential IP proxy services and newly provisioned geo located infrastructure to communicate with compromised victims.
  • Use of novel TTPs to bypass security restrictions within environments including, but not limited to the extraction of virtual machines to determine internal routing configurations.
  • Use of a new bespoke downloader we call CEELOADER.
  • Abuse of multi-factor authentication leveraging “push” notifications on smartphones

In most instances, post compromise activity included theft of data relevant to Russian interests. In some instances, the data theft appears to be obtained primarily to create new routes to access other victim environments. The threat actors continue to innovate and identify new techniques and tradecraft to maintain persistent access to victim environments, hinder detection, and confuse attribution efforts.

The sections below highlight intrusion activity from multiple incident response efforts that are currently tracked as multiple uncategorized clusters. Mandiant suspects the multiple clusters to be attributable to a common Russian threat. The information below covers some of the Tactics, Techniques, and Procedures (TTPs) used by the threat actors for initial compromise, establishing a foothold, data collection, and lateral movement; how the threat actors provision infrastructure; and indicators of compromise. The information is being shared to raise awareness and allow organizations to better defend themselves.

[…]

Source: Suspected Russian Activity Targeting Government and Business Entities Around the Globe | Mandiant

Life360 Reportedly Sells Location Data of Families and Kids

Posted on by

Life360, a popular tracking app that bills itself as “the world’s leading family safety service,” is purportedly selling location data on the 31 million families and kids that use it to data brokers. The chilling revelation may make users of the Tile Bluetooth tracker, which is being bought by Life360, think twice before continuing to use the device.

Life360’s data selling practices were revealed in a damning report published by the Markup on Monday. The report claims that Life360 sells location data on its users to roughly a dozen data brokers, some of which have sold data to U.S. government contractors. The data brokers then proceed to sell the location data to “virtually anyone who wants to buy it.” Life360 is purportedly one of the largest sources of data for the industry, the outlet found.

While selling location data on families and kids is already alarming, what’s even more frightening is that Life360 is purportedly failing to take steps to protect the privacy of the data it sells. This could potentially allow the location data, which the company says is anonymized, to be linked back to the people it belongs to.

[…]

Source: Life360 Reportedly Sells Location Data of Families and Kids

AWS Outage Takes Down Amazon, Disney+, Venmo, loads of online games

Posted on by

Amazon Web Services (AWS), the engine that powers many of the internet’s most-trafficked websites and apps, appears to be experiencing a widespread outage that is bringing down several popular services.

Amazon, Disney+, and Venmo are all being affected by the outage, and are showing error messages when users attempt to visit their websites. Amazon appears to be aware of the issue and admitted to seeing “Increased Error Rates” in the AWS Management Console. We reached out to Amazon, and the company pointed us to its AWS Service Health Dashboard. An update posted at 8:26 a.m. PT reads:

“We are experiencing API and console issues in the US-EAST-1 Region. We have identified root cause and we are actively working towards recovery. This issue is affecting the global console landing page, which is also hosted in US-EAST-1.

Amazon further revealed the issue to be caused by an “impairment of several network devices.” In a 2:47 p.m. PT update, the company claims to have “mitigated the underlying issue” that caused network devices to be faulty. Server health is improving, according to Amazon, which is now conducting a service-by-service recovery. The company disabled Event Deliveries for Amazon EventBridge in US-EAST-1 as it works for a full recovery for all affected AWS customers. There is still no timeline on when your favorite sites will be fully operational again.

Source: AWS Outage Takes Down Amazon, Disney+, and Venmo

yay cloud!

DARPA Funded Researchers Accidentally Create The World’s First Warp Bubble

Posted on by

Warp drive pioneer and former NASA warp drive specialist Dr. Harold G “Sonny” White has reported the successful manifestation of an actual, real-world “Warp Bubble.” And, according to White, this first of its kind breakthrough by his Limitless Space Institute (LSI) team sets a new starting point for those trying to manufacture a full-sized, warp-capable spacecraft.

“To be clear, our finding is not a warp bubble analog, it is a real, albeit humble and tiny, warp bubble,” White told The Debrief, quickly dispensing with the notion that this is anything other than the creation of an actual, real-world warp bubble. “Hence the significance.”

Warp Bubble Theoretical
Theoretical Warp Bubble Structure: Image Credit LSI

In 1994, Mexican Mathematician Miguel Alcubierre proposed the first mathematically valid solution to the warp drive. More specifically, he outlined a spacecraft propulsion system previously only envisioned in science fiction that can traverse the cosmos above the speed of light without violating currently accepted laws of physics.

[…]
“While conducting analysis related to a DARPA-funded project to evaluate possible structure of the energy density present in a Casimir cavity as predicted by the dynamic vacuum model,” reads the actual findings published in the peer-reviewed European Physical Journal, “a micro/nano-scale structure has been discovered that predicts negative energy density distribution that closely matches requirements for the Alcubierre metric.”

Or put more simply, as White did in a recent email to The Debrief, “To my knowledge, this is the first paper in the peer-reviewed literature that proposes a realizable nano-structure that is predicted to manifest a real, albeit humble, warp bubble.”

This fortuitous finding, says White, not only confirms the predicted “toroidal” structure and negative energy aspects of a warp bubble, but also resulted in potential pathways he and other researchers can follow when trying to design, and one day actually construct, a real-world warp-capable spacecraft.

[…]

“This is a potential structure we can propose to the community that one could build that will generate a negative vacuum energy density distribution that is very similar to what’s required for an Alcubierre space warp.”

When asked by The Debrief in December if his team has built and tested this proposed nano-scale warp craft design since that August announcement, or if they have plans to do so, White said, “We have not manufactured the one-micron sphere in the middle of a 4-micron cylinder.” However, he noted, if the LSI team were to undertake that at some point, “we’d probably use a nanoscribe GT 3D printer that prints at the nanometer scale.” In short, they have the means, now they just need the opportunity.

[…]

White and his team have also outlined a second testable experiment that involves stringing a number of these Casimir-created warp bubbles in a chain-like configuration. This design, he said, would allow researchers to better understand the physics of the warp bubble structure already created, as well as how a craft may one day traverse actual space inside such a warp bubble.

“We could go through an examination of the optical properties as a result of these little, nano-scale warp bubbles,” explained White at the AIAA conference. “Aggregating a large number of them in a row, we can increase the magnitude of the effect so we can see (and study) it.”

Source: DARPA Funded Researchers Accidentally Create The World’s First Warp Bubble – The Debrief

Huge 20-Year Study Shows Trickle-Down Is a Myth, Inequality Rampant

Posted on by

The 2022 World Inequality Report, a huge undertaking coordinated by economic and inequality experts Lucas Chancel, Thomas Piketty, Emmanuel Saez, and Gabriel Zucman, was the product of four years of research and produced an unprecedented data set on just how wealth is distributed.

“The world is marked by a very high level of income inequality and an extreme level of wealth inequality,” the authors wrote.

The data serves as a complete rebuke of the trickle-down economic theory, which posits that cutting taxes on the rich will “trickle down” to those below, with the cuts eventually benefiting everyone. In America, trickle-down was exemplified by President Ronald Reagan’s tax slashes. It’s a theory that persists today, even though most research has shown that 50 years of tax cuts benefits the wealthy and worsens inequality.

[…]

Piketty, who was Zucman’s doctoral adviser, wrote the tome “Capital in the 21st Century” which used an unprecedented data set going back to the French Revolution to expose how centuries of growing wealth inequality was a feature of capitalism, not a bug. The World Inequality Report was his effort to do the same for recent history.

They argue in the new report that the last two decades of wealth data show that “inequality is a political choice, not an inevitability.”

For instance, when it comes to wealth, which accounts for the values of assets people hold, researchers found that the “poorest half of the global population barely owns any wealth at all.” That bottom half owns just 2% of total wealth. That means that the top half of the world holds 98% of the world’s wealth, and that gets even more concentrated the wealthier you get.

Indeed, the richest 10% of the world’s population hold 76%, or two-thirds of all wealth. That means the 517 million people who make up the top hold vastly more than the 2.5 billion who make up the bottom. The world’s policy choices have led to wealth trickling up rather than down.

[…]

Billionaires now hold a 3% share of global wealth, up from 1% in 1995

The report notes that “2020 marked the steepest increase in global billionaires’ share of wealth on record.” Broadly, the number of billionaires rose to a record-number in 2020, with Wealth-X finding that there are now over 3,000 members of the three-comma club.

[…]

Source: Huge 20-Year Study Shows Trickle-Down Is a Myth, Inequality Rampant

LINE Pay leaks around 133,000 users’ data to GitHub

Posted on by

Smartphone payment provider LINE Pay announced yesterday that around 133,000 users’ payment details were mistakenly published on GitHub between September and November of this year.

Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.

Among the leaked details were the date, time, and amount of transactions, plus user and franchise store identification numbers. Although names, addresses, telephone, credit card and bank account numbers were not shared, the names of the users and other details could be traced with a little effort.

The information – which covered of over 51,000 Japanese users and almost 82,000 Taiwanese and Thai users – was accessed 11 times during the ten weeks it was available online.

[…]

Source: LINE Pay leaks around 133,000 users’ data to GitHub • The Register

The UAE Just Became The Biggest Export Customer For Dassault’s Rafale Fighter

Posted on by

[…]

A contract for the sale of the 80 Rafales was agreed today between Eric Trappier, Chairman and CEO of Dassault, and Tareq Abdul Raheem Al Hosani, CEO of Tawazun Economic Council, which is responsible for security and defense acquisitions on behalf of the United Arab Emirates (UAE). Dassault describes the deal as “the largest ever obtained by the French combat aeronautics industry.” The total value of the Rafale contract is $16 billion, on top of which will be added weapons for the jets. These deals fall within a larger French arms package for the UAE worth $19 billion that also includes 12 Airbus H225M Caracal military transport helicopters.

DASSAULT AVIATION

An artist’s conception of a UAE Rafale equipped for the air-to-air mission, with Meteor and Mica missiles.

Underlining the significance of the Rafale sale, the French President Emmanuel Macron and Sheikh Mohammed bin Zayed Al Nahyane, Crown Prince of Abu Dhabi, one of the Emirates within the UAE and the country’s effective ruler, as well as vice-commander of its armed forces, were both present at the contract signing.

[\…]

the United Arab Emirates Air Force and Air Defense (UAEAF&AD) will also become the first export recipient of the F4-standard Rafale.

The latest F4 version of the Rafale is part of an ongoing process to continuously improve the fighter and is optimized for networked combat, with new satellite and intra-flight data links, as well as a communication server and software-defined radio. Aside from this, the F4 features upgrades to the radar, electro-optical system, and helmet-mounted display. New weapons are also being integrated, including the forthcoming Mica NG air-to-air missile and the 2,200-pound version of the AASM modular air-to-ground weapon.

[…]

The contract UAE comes as a boost to the French aerospace industry and the Rafale program in particular, which has now secured six export customers. The previous countries to select the French fighter are Egypt, Qatar, India, Greece, and Croatia. Other potential customers have been linked with the Rafale in the recent past, including Indonesia, although the type was rejected this year by Switzerland in favor of the F-35.

[…]

Source: The UAE Just Became The Biggest Export Customer For Dassault’s Rafale Fighter

Draken Doubles Its Fleet Of Private Aggressor F-16s With A Dozen Surplus Jets From Norway

Posted on by

Draken International has signed a contract to bring yet more F-16 fighter jets to its fast-expanding “red air” fleet, as the adversary air support contractor adds ex-Norwegian Vipers to the dozen former Dutch examples it acquired earlier this year. Up to 12 F-16s acquired from Norway will form part of an impressive private tactical jet air force, already one of the world’s largest, which also includes a dozen ex-South African Atlas Cheetahs, and 22 ex-Spanish Air Force Mirage F1Ms, plus assorted other subsonic jets, as well as a deep backstock of MiG-21s.

Draken took to Facebook yesterday to announce it was buying the F-16s plus “supporting assets” in a deal signed with the government of Norway but which still requires approval from U.S. and Norwegian authorities. The value of the contract has not been revealed.

[…]

the Norwegian Defense Materiel Agency provided more details of the sale, noting that the jets could be delivered to Draken as early as next year and they will support training “against American fighter aircraft.” Headquartered at Lakeland Linder International Airport, in Lakeland, Florida, the company also provides contractor adversary services within Europe.

[…]

By adding another batch of F-16s to its adversary fleet, Draken will keep pace with rival red air provider Top Aces, which is now operating the first of the 29 ex-Israeli F-16A/Bs acquired from Israel.

[…]

As well as the former Norwegian F-16s, and the 12 already acquired from the Netherlands, Draken could expand its fleet still further, with the Dutch government having announced an option for the firm to acquire another 28 examples, which are planned to be retired from service by the end of 2024.

As it stands, Draken’s fleet currently includes two supersonic fighter jets for adversary work: a dozen ex-South African Atlas Cheetahs, and 22 ex-Spanish Air Force Mirage F1Ms. One of the latter jets was lost in a fatal crash near Nellis Air Force Base, Nevada, earlier this year.

[…]

Source: Draken Doubles Its Fleet Of Private Aggressor F-16s With A Dozen Surplus Jets From Norway

How to Build a Supersonic Trebuchet

Posted on by

What do you get when you combine ancient designs with modern engineering? An exciting new way to convert time and money into heat and noise! I’m not sure whether to call this a catapult or a trebuchet, but it’s definitely the superior siege engine.

Have you ever sat down and thought “I wonder if a trebuchet could launch a projectile at supersonic speeds?” Neither have we. That’s what separates [David Eade] from the rest of us. He didn’t just ask the question, he answered it! And he documented the entire build in a YouTube video which you can see below the break.

Source: https://hackaday.com/2021/12/01/supersonic-projectile-exceeds-engineers-dreams-the-supersonic-trebuchet/

Documents Shows Just How Much The FBI Can Obtain From Encrypted Communication Services

Posted on by

There is no “going dark.” Consecutive FBI heads may insist there is, but a document created by their own agency contradicts their dire claims that end-to-end encryption lets the criminals and terrorists win.

Andy Kroll has the document and the details for Rolling Stone:

[I]n a previously unreported FBI document obtained by Rolling Stone, the bureau claims that it’s particularly easy to harvest data from Facebook’s WhatsApp and Apple’s iMessage services, as long as the FBI has a warrant or subpoena. Judging by this document, “the most popular encrypted messaging apps iMessage and WhatsApp are also the most permissive,” according to Mallory Knodel, the chief technology officer at the Center for Democracy and Technology.

The document [PDF] shows what can be obtained from which messaging service, with the FBI noting WhatsApp has plenty of information investigators can obtain, including almost real time collection of communications metadata.

WhatsApp will produce certain user metadata, though not actual message content, every 15 minutes in response to a pen register, the FBI says. The FBI guide explains that most messaging services do not or cannot do this and instead provide data with a lag and not in anything close to real time: “Return data provided by the companies listed below, with the exception of WhatsApp, are actually logs of latent data that are provided to law enforcement in a non-real-time manner and may impact investigations due to delivery delays.”

The FBI can obtain this info with a pen register order — the legal request used for years to obtain ongoing call data on targeted numbers, including numbers called and length of conversations. With a warrant, the FBI can get even more information. A surprising amount, actually. According to the document, WhatsApp turns over address book contacts for targeted users as well as other WhatsApp users who happen to have the targeted person in their address books.

Combine this form of contact chaining with a few pen register orders, and the FBI can basically eavesdrop on hundreds of conversations in near-real time. The caveat, of course, is that the FBI has no access to the content of the conversations. That remains locked up by WhatsApp’s encryption. Communications remain “warrant-proof,” to use a phrase bandied about by FBI directors. But is it really?

If investigators are able to access the contents of a phone (by seizing the phone or receiving permission from someone to view their end of conversations), encryption is no longer a problem. That’s one way to get past the going darkness. Then there’s stuff stored in the cloud, which can give law enforcement access to communications despite the presence of end-to-end encryption. Backups of messages might not be encrypted and — as the document points out — a warrant will put those in the hands of law enforcement.

If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message content.

[…]

Source: Documents Shows Just How Much The FBI Can Obtain From Encrypted Communication Services | Techdirt

‘Wall of secrecy’ in Pfizer contracts as company accused of profiteering

Posted on by

Ministers have agreed a secrecy clause in any dispute with the drugs manufacturer Pfizer over Britain’s Covid vaccine supply. Large portions of the government’s contracts with the company over the supply of 189m vaccine doses have been redacted and any arbitration proceedings will be kept secret.

The revelation comes as Pfizer is accused by a former senior US health official of “war profiteering’’ during the pandemic. In a Channel 4 Dispatches investigation to be broadcast this week, Tom Frieden, who was director of the US Centers for Disease Control and Prevention under Barack Obama, said: “If you’re just focusing on maximising your profits and you’re a vaccine manufacturer … you are war profiteering.”

Zain Rizvi, research director at Public Citizen, a US consumer advocacy organisation which has examined Pfizer’s global vaccine contracts, said: “There is a wall of secrecy surrounding these contracts and it’s unacceptable, particularly in a public health crisis.”

Rizvi said the UK needed to explain why it had agreed to secret arbitration proceedings. He said: “It’s the only high-income country we have seen that has agreed to this provision. It allows pharmaceutical companies to bypass domestic legal processes.

“The UK government has allowed the drug firms to call the shots. How did we end up in a situation where a handful of drug firms were able to exert so much control over the most powerful governments in the world? It points to a broken system.”

Pfizer has won plaudits for its vaccine delivery programme, but the US multinational faces growing scrutiny over the scale of its profits and the proportion of doses it has delivered to low-income countries.

While AstraZeneca agreed to sell its vaccine at cost during the pandemic, Pfizer wanted to secure its profits. The Pfizer/BioNTech vaccine, which now has the brand name Comirnaty, will be one of the most lucrative drugs in pharmaceutical history.

The Channel 4 investigation reveals analysis by one biological engineering expert claiming the Pfizer vaccine costs just 76p to manufacture for each shot. It is reportedly being sold for £22 a dose to the UK government.

The estimated manufacturing costs do not include research, distribution and other costs, but Pfizer says its profit margin as a percentage before tax are in the “high-20s”. Pfizer expects to deliver 2.3bn vaccines this year with predicted revenues of $36bn (£26.3bn).

Vials for vaccine
One biological engineering expert claims the Pfizer vaccine costs just 76p to manufacture for each shot. Photograph: Rafiq Maqbool/AP

A report last month by the People’s Vaccine Alliance, a coalition of organisations including aid charities, said Pfizer and other drug firms have sold the majority of doses to rich countries, leaving low-income countries “out in the cold” . Only 2% of people in low-income countries had been fully vaccinated against coronavirus. Drug firms should suspend intellectual property rights for Covid-19 vaccines, tests, treatments and other medical tools.

Pfizer has faced increased scrutiny allegations of excessive global profits after its partner, the biotechnology company BioNTech, announced in September 2020 it was to receive up to €375m (£320m) from the German government to fund vaccine development.

Anna Marriott, Oxfam’s health policy manager said: “It is deplorable that billions of people around the world are being denied vaccines so that pharmaceutical companies can make obscene profits. Given that public investment was crucial to vaccine development, it’s incomprehensible that pharma monopolies are being prioritised over people’s lives.”

[…]

Source: ‘Wall of secrecy’ in Pfizer contracts as company accused of profiteering | UK news | The Guardian

UK competition regulator orders Meta to sell Giphy

Posted on by

As rumored, the UK’s Competition and Markets Authority (CMA) has ordered Meta (Facebook) to sell Giphy, saying the deal “could harm social media users and UK advertisers.” It found that the deal would boost Meta’s already prodigious market power by limiting other platforms’ access to Giphy GIFs, “driving more traffic to Facebook owned sites — Facebook, WhatsApp and Instagram.”

The CMA said that Meta’s sites dominated social media user time to the tune of 73 percent and that it could further muscle out rivals like TikTok, Twitter and Snapchat by leveraging Giphy. It added that prior to the merger, Giphy launched “innovative advertising services” used by brands like Dunkin’ Donuts and Pepsi that it could have brought to the UK.

“Facebook terminated Giphy’s advertising services at the time of the merger, removing an important source of potential competition,” the regulator wrote. “The CMA considers this particularly concerning given that Facebook controls nearly half of the £7 billion display advertising market in the UK.”

[…]

Source: UK competition regulator orders Meta to sell Giphy | Engadget