News

3615 Articles

This Week In Security: The Battle Against Ransomware, Unicode, Discourse, And Shrootless

November 5, 2021 by 20 Comments

We talk about ransomware gangs quite a bit, but there’s another shadowy, loose collection of actors in that arena. Emsisoft sheds a bit of light on the network of researchers and law enforcement that are working behind the scenes to frustrate ransomware campaigns.

Darkside is an interesting case study. This is the group that made worldwide headlines by hitting the Colonial Pipeline, shutting it down for six days. What you might not realize is that the Darkside ransomware software had a weakness in its encryption algorithms, from mid December 2020 through January 12, 2021. Interestingly, Bitdefender released a decryptor on January 11. I haven’t found confirmation, but the timing seems to indicate that the release of the decryptor triggered Darkside to look for and fix the flaw in their encryption. (Alternatively, it’s possible that it was released in response the fix, and time zones are skewing the dates.)

Emsisoft is very careful not to tip their hand when they’ve found a vulnerability in a ransomware. Instead, they have a network of law enforcement and security professionals that they share information with. This came in handy again when the Darkside group was spun back up, under the name BlackMatter.

Not long after the campaign was started again, a similar vulnerability was reintroduced in the encryption code. The ransomware’s hidden site, used for negotiating payment for decryption, seems to have had a vulnerability that Emsisoft was able to use to keep track of victims. Since they had a working decryptor, they were able to reach out directly, and provide victims with decryption tools.

This changed when the link to BlackMatter’s portal leaked on Twitter. It seems like many people hold ransomware gangs in less-than-high regard, and took the opportunity to inform BlackMatter of this fact, using that portal. In response, BlackMatter took down that portal site, cutting off Emsisoft’s line of information. Since then, the encryption vulnerability has been fixed, Emisoft can’t listen in on BlackMatter anymore, and they released the story to encourage BlackMatter victims to contact them. They also suggest that ransomware victims always contact law enforcement to report the incident, as there may be a decryptor that isn’t public yet. Continue reading “This Week In Security: The Battle Against Ransomware, Unicode, Discourse, And Shrootless”

Brain Implant Offers Artificial Vision To The Blind

November 4, 2021 by 12 Comments

Nothing makes you appreciate your vision more than getting a little older and realizing that it used to be better and that it will probably get worse. But imagine how much more difficult it would be if you were totally blind. That was what happened to [Berna Gomez] when, at 42, she developed a medical condition that destroyed her optic nerves leaving her blind in a matter of days and ending her career as a science teacher. But thanks to science [Gomez] can now see, at least to some extent. She volunteered after 16 years to have a penny-sized device with 96 electrodes implanted in her visual cortex. The research is in the Journal of Clinical Investigation and while it is a crude first step, it shows lots of promise and uses some very novel techniques to overcome certain limitations.

The 96 electrodes were in a 10×10 grid with the four corner electrodes missing. The resolution, of course, is lacking, but the project turned to a glasses-mounted camera to acquire images and process them, reducing them to signals for the electrodes that may not directly map to the image.

Continue reading “Brain Implant Offers Artificial Vision To The Blind”

Python Ditches The GILs And Comes Ashore

November 3, 2021 by 38 Comments

The Python world has been fractured a few times before. The infamous transition from version 2 to version 3 still affects people today, and there could be a new schism in the future. [Sam Gross] proposed a solution to drop the Global Interrupt Interpreter Lock (GIL), which would have enormous implications for many projects that leverage the CPython internals, such as Pandas and NumPy.

The fact that Python is interpreted is a double edge sword. It means there can be different runtimes, such as Pyston, Cinder, MicroPython, PyPy, and others, that might support the whole language, a specific version, or a subset. But if you’re using Python, you’re probably running CPython. And it has something known as global interpreter lock that affects threaded code. In a nutshell, only one thread can run in the interpreter at a time. There are some ways around it, such as moving performance-critical sections to C or having multiple interpreters. However, most existing solutions come with considerable downsides. Continue reading “Python Ditches The GILs And Comes Ashore”

Malamud’s General Index: Research Gist, No Slap On The Wrist

November 2, 2021 by 10 Comments

Tired of that unsettling feeling you get from looking for paywalled papers on that one site that shall not be named? Yeah, us too. But now there’s an alternative that should feel a little less illegal: this new index of the world’s research papers over on the Internet Archive.

It’s an index of words and short phrases (up to five words) culled from approximately 107 million research papers. The point is to make it easier for scientists to gain insights from papers that they might not otherwise have access to. The Index will also make it easier for computerized analysis of the world’s research. Call it a gist machine.

Technologist Carl Malamud created this index, which doesn’t contain the full text of any paper. Some of the researchers with early access to the Index said that it is quite helpful for text mining. The only real barrier to entry is that there is no web search portal for it — you have to download 5TB of compressed files and roll your own program. In addition to sentence fragments, the files contain 20 billion keywords and tables with the papers’ titles, authors, and DOI numbers which will help users locate the full paper if necessary.

Nature’s write-up makes a salient point: how could Malamud have made this index without access to all of those papers, paywalled and otherwise? Malamud admits that he had to get copies of all 107 million articles in order to build the thing, and that they are safe inside an undisclosed location somewhere in the US. And he released the files under Public Resource, a non-profit he founded in Sebastopol, CA. But we have to wonder how different this really is from say, the Google Books N-Gram Viewer, or Google Scholar. Is the difference that Google is big enough to say they’re big enough get away with it?

If this whole thing reminds you of another defender of free information, remember that you can (and should) remove the DRM from his e-book of collected writings.

Via r/technology

30 Days Of Terror: The Logistics Of Launching The James Webb Space Telescope

November 2, 2021 by 21 Comments

Back during the 2019 Superconference in Pasadena, I had the chance to go to Northrop Grumman’s Redondo Beach campus to get a look at the James Webb Space Telescope. There is the high-bay class 10,000+ cleanroom in building M8, my wife and I along with fellow space nerd Tom Nardi got a chance to look upon what is likely the most expensive single object ever made. The $10 billion dollar space observatory was undergoing what we thought were its final tests before being packaged up and sent on its way to its forever home at the L2 Lagrange point.

Sadly, thanks to technical difficulties and the COVID-19 pandemic, it would be another two years before JWST was actually ready to ship — not a new story for the project, Mike Szczys toured the same facility back in 2015. But the good news is that it finally has shipped, taking the very, very slow first steps on its journey to space.

Both the terrestrial leg of the trip and the trip through 1.5 million kilometers of space are fraught with peril, of a different kind, of course, but still with plenty of chances for mission-impacting events. Here’s a look at what the priceless and long-awaited observatory will face along the way, and how its minders will endure the “30 days of terror” that lie ahead.

Continue reading “30 Days Of Terror: The Logistics Of Launching The James Webb Space Telescope”

Magnesium: Where It Comes From And Why We’re Running Out

November 1, 2021 by 94 Comments

Okay, we’re not running out. We actually have tons of the stuff. But there is a global supply chain crisis. Most of the world’s magnesium is processed in China and several months ago, they just… stopped. In an effort to hit energy consumption quotas, the government of the city of Yulin (where most of the country’s magnesium production takes place) ordered 70% of the smelters to shut down entirely, and the remainder to slash their output by 50%. So, while magnesium remains one of the most abundant elements on the planet, we’re readily running out of processed metal that we can use in manufacturing.

Nikon camera body
The magnesium-alloy body of a Nikon d850. Courtesy of Nikon

But, how do we actually use magnesium in manufacturing anyway? Well, some things are just made from it. It can be mixed with other elements to be made into strong, lightweight alloys that are readily machined and cast. These alloys make up all manner of stuff from race car wheels to camera bodies (and the chassis of the laptop I’m typing this article on). These more direct uses aside, there’s another, larger draw for magnesium that isn’t immediately apparent: aluminum production.

But wait, aluminum, like magnesium is an element. So why would we need magnesium to make it? Rest assured, there’s no alchemy involved- just alloying. Much like magnesium, aluminum is rarely used in its raw form — it’s mixed with other elements to give it desirable properties such as high strength, ductility, toughness, etc. And, as you may have already guessed, most of these alloys require magnesium. Now we’re beginning to paint a larger, scarier picture (and we just missed Halloween!) — a disruption to the world’s aluminum supply.

Continue reading “Magnesium: Where It Comes From And Why We’re Running Out”

A Fascinating Plot Twist As Researchers Recreate Classic “Primordial Soup” Experiment

October 31, 2021 by 46 Comments

Science is built on reproducibility; if someone else can replicate your results, chances are pretty good that you’re looking at the truth. And there’s no statute of limitations on reproducibility; even experiments from 70 years ago are fair game for a fresh look. A great example is this recent reboot of the 1952 Miller-Urey “primordial soup” experiment which ended up with some fascinating results.

At the heart of the Miller-Urey experiment was a classic chicken-and-the-egg paradox: complex organic molecules like amino acids and nucleic acids are the necessary building blocks of life, but how did they arise on Earth before there was life? To answer that, Stanley Miller, who in 1952 was a graduate student of Harold Urey,  devised an experiment to see if complex molecules could be formed from simpler substances under conditions assumed to have been present early in the planet’s life. Miller assembled a complicated glass apparatus, filled it with water vapor and gasses such as ammonia, hydrogen, and methane, and zapped it with an electric arc to simulate lightning. He found that a rich broth of amino acids accumulated in the reaction vessel; when analyzed, the sludge was found to contain five of the 20 amino acids.

The Miller-Urey experiment has been repeated over and over again with similar results, but a recent reboot took a different tack and looked at how the laboratory apparatus itself may have influenced the results. Joaquin Criado-Reyes and colleagues found that when run in a Teflon flask, the experiment produced far fewer organic compounds. Interestingly, adding chips of borosilicate glass to the Teflon reaction chamber restored the richness of the resulting broth, suggesting that the silicates in the glassware may have played a catalytic role in creating the organic soup. They also hypothesize that the highly alkaline reaction conditions could create microscopic pits in the walls of the glassware, which would serve as reaction centers to speed up the formation of organics.

This is a great example of a finding that seems to knock a hole in a theory but actually ends up supporting it. On the face of it, one could argue that Miller and Urey were wrong since they only produced organics thanks to contamination from their glassware. And it appears to be true that silicates are necessary for the abiotic generation of organic molecules. But if there was one thing that the early Earth was rich in, it was silicates, in the form of clay, silt, sand, rocks, and dust. So this experiment lends support to the abiotic origin of organic molecules on Earth, and perhaps on other rocky worlds as well.

[Featured image credit: Roger Ressmeyer/CORBIS, via Science History Institute]