Road Pollution Doesn’t Just Come From Exhaust

September 25, 2020 by Brian McEvoy 48 Comments

Alumni from Innovation Design Engineering at Imperial College London and the Royal College of Art want to raise awareness of a road pollution source we rarely consider: tire wear. If you think about it, it is obvious. Our tires wear out, and that has to go somewhere, but what surprises us is how fast it happens. Single-use plastic is the most significant source of oceanic pollution, but tire microplastics are next on the naughty list. The team calls themselves The Tyre Collective, and they’re working on a device to collect tire particles at the source.

Continue reading “Road Pollution Doesn’t Just Come From Exhaust” →

This Week In Security: UTorrent Vulnerable, Crowd-Sourcing Your Fail2Ban, And Cryptographers At Casinos

September 25, 2020 by Jonathan Bennett 22 Comments

The uTorrent client was recently updated to fix a null pointer dereference (CVE-2020-8437), discovered by [whtaguy]. Triggering the dereference simply crashes the client — so far an actual RCE hasn’t been found. Given the nature of the null pointer dereference, it’s possible this bug is limited to denial of service. That’s extremely good, because the flaw is extremely easy to target.

BitTorrent is a clever protocol. It’s still used to distribute large files, like Linux ISOs. The concept is simple: Split a large file into small chunks. Send the chunks to a client one at a time. As each chunk is received, the client sends a copy of that chunk to the next client. As a result of this peer-to-peer (p2p) arrangement, the bandwidth available to the server is greatly multiplied. As with all other p2p arrangements, the sticking point is how to make those connections between peers, particularly when most of the world’s desktops are behind NAT routers. In practice, for two peers to share data, at least one of them has to have a port opened or forwarded to the client. This is often accomplished through Universal Plug-n-Play (UPnP) or the NAT Port Mapping Protocol (NAT-PMP). The idea of both protocols are the same; a client on an internal device can request a temporary port forward without manual intervention. Whether it’s a good idea to allow automatic port forwards is another issue for another day. Continue reading “This Week In Security: UTorrent Vulnerable, Crowd-Sourcing Your Fail2Ban, And Cryptographers At Casinos” →

ESP32 Vulnerability Affects Older Chips

September 24, 2020 by Al Williams 24 Comments

There is a scene from the movie RED (Retired, Extremely Dangerous) where Bruce Willis encounters a highly-secure door with a constantly changing lock code deep inside the CIA. Knowing the lock would be impossible to break, he simply destroyed the wall next to the door, reached through, and opened the door from the other side. We thought about that when we saw [raelize’s] hack to bypass the ESP32’s security measures.

Before you throw out all your ESP32 spy gadgets, though, be aware that the V3 silicon can be made to prevent the attack. V1 and V2, however, have a flaw that — if you know how to exploit it — renders secure boot and flash encryption almost meaningless.

Continue reading “ESP32 Vulnerability Affects Older Chips” →

Community Testing Suggests Bias In Twitter’s Cropping Algorithm

September 23, 2020 by Lewin Day 77 Comments

With social media and online services are now huge parts of daily life to the point that our entire world is being shaped by algorithms. Arcane in their workings, they are responsible for the content we see and the adverts we’re shown. Just as importantly, they decide what is hidden from view as well.

Important: Much of this post discusses the performance of a live website algorithm. Some of the links in this post may not perform as reported if viewed at a later date.

The initial Zoom problem that brought Twitter’s issues to light.

Recently, [Colin Madland] posted some screenshots of a Zoom meeting to Twitter, pointing out how Zoom’s background detection algorithm had improperly erased the head of a colleague with darker skin. In doing so, [Colin] noticed a strange effect — although the screenshot he submitted shows both of their faces, Twitter would always crop the image to show just his light-skinned face, no matter the image orientation. The Twitter community raced to explore the problem, and the fallout was swift.

Continue reading “Community Testing Suggests Bias In Twitter’s Cropping Algorithm” →

SpaceX Sending Tom Cruise To The Space Station In 2021

September 22, 2020 by Tom Nardi 53 Comments

Several months after NASA Administrator Jim Bridenstine confirmed the project was in the works, sources are now reporting that Tom Cruise and director Doug Liman will officially be making the trip to the International Space Station in October of 2021 to film scenes for an as of yet untitled movie. Cruise and Liman previously worked together on the science fiction spectacle Edge of Tomorrow in 2014, which may give us a hint at what the duo are planning for their trip to the final frontier.

Industry insiders claim that the two film makers and potentially a female co-star will fly aboard a SpaceX Crew Dragon capsule under the command of Michael López-Alegría, a veteran astronaut who currently holds the American record for number and duration of extra-vehicular activities (EVAs). The mission is being organized by Axiom Space, which previously announced they would perform a series of privately funded flights to the ISS as a precursor to constructing their own commercial expansion to the orbiting laboratory.

Mars One living units under regolith — This never happened.

Of course, with more than a year before liftoff, anything could happen. SpaceX has been linked, officially or otherwise, to several private trips to space that literally and figuratively never got off the ground.

Mars-One was touting concept art that showed a fleet of modified SpaceX Dragons on the Red Planet as far back as 2012, and Elon Musk himself once announced that the Falcon Heavy would send private passengers on a trip around the Moon by the end of 2018. But to date, a pair of NASA astronauts have been the only humans to actually fly on SpaceX hardware.

Undoubtedly, some will see this flight of fancy as a waste of valuable resources. After all, there’s no shortage of scientists and researchers who would be more deserving of trip to a space than Jerry Maguire. But according to Bridenstine, the hope is that a big budget Hollywood film featuring scenes shot on the ISS could do for NASA what Top Gun once did for the Navy:

There was a day when I was in elementary school and I saw Top Gun. From that day, I knew I was going to be a Navy pilot. If we can get Tom Cruise to inspire an elementary kid to join the Navy and be a pilot, why can’t we get Tom Cruise to inspire the next Elon Musk? That’s what we need.

While we might not all agree on who the next generation of engineers should look to for inspiration, the impact that Top Gun had on Navy recruitment in the 80s and 90s is well established. If sending Tom Cruise to space for a few weeks might help inspire more kids to look into a STEM education, it’s probably worth a shot. Though it seems like Tom Hanks and his fellow Apollo 13 crew mates did a respectable enough job celebrating the incredible engineering behind NASA’s greatest triumph without actually going into orbit themselves.

Second-Hand Television SHINEs, Takes Down Entire Village’s Internet

September 22, 2020 by Dan Maloney 53 Comments

We occasionally get stories on the tips line that just make us want to know more. This is especially true with tech stories covered by the mass media, which usually leave out the juicy tidbits that would just clutter up the story for the majority of non-technical readers. That leaves us to dig a little deeper for the satisfying details.

The latest one of these gems to hit the tips line is the tale of a regular broadband outage in a Welsh village. As in, really regular — at 7:00 AM every day, the internet customers of Aberhosan suffered a loss of their internet service. Customers of Openreach, the connectivity arm of the British telco BT, complained about the interruptions as customers do, and technicians responded to investigate the issue. Nobody was able to find the root cause, and despite replacing nearly all the cables in the system, the daily outages persisted for 18 months.

In the end, Openreach brought in a crack team from their Chief Engineer’s office to investigate. Working against COVID-19 restrictions, the team set up a spectrum analyzer in the early morning hours, to capture any evidence of whatever was causing the problem. At the appointed hour they saw a smear of radio frequency interference appear, a high-intensity pulse of noise at just the right frequency to interfere with the village’s asymmetric digital subscriber line (ADSL) broadband service.

A little sleuthing led to the home of a villager and a second-hand TV, which was switched on every day at 7:00 AM. The TV was found to be emitting a strong RF impulse when it was powered up, strong enough to knock out the ADSL service to the entire village. Openreach categorized this as SHINE, or single high-level impulse noise. We’d never heard of this, but apparently it’s common enough that BT warns customers about it and provides helpful instructions for locating sources with an AM radio.

We’ll say one thing for the good people of Aberhosan: they must be patient in the extreme to put up with daily internet outages for 18 months. And it’s funny how there was no apparent notice paid by the offending television’s owner that his or her steady habit caused the outage. Perhaps they don’t have a broadband connection, and so wouldn’t have noticed the borking.

In any case, the owner was reportedly “mortified” by the news and hasn’t turned the TV on since learning of the issue. This generally seems to be the reaction when someone gets caught inadvertently messing up the spectrum — remember the Great Ohio Key Fob Mystery?

Thanks to [Kieran Donnelly] for spotting this for us.

Historical Satellite Tracker Saved From Scrap Heap

September 21, 2020 by Maya Posch 23 Comments

In a bit of rare Australian space news, the Arnhemland Historical Society has managed to save one of the satellite trackers used during the 1960s and 1970s from the scrap heap. As the Space Race intensified during the 1950s and 1960s, every nation wanted a piece of this new technology. A number of European nations banded together in the form of ELDO, the European Launcher Development Organisation.

Australia was a partner in this program, with launches of the Europa-1 and Europa-2 rockets taking place from Woomera, South Australia. Initially the UK’s cancelled Blue Streak IRBM program provided the first stage for Europa-1, but this was later replaced with the French Diamant. France also provided the Coralie second stage in addition to the German-developed Astris third stage.

The satellite tracker being dismantled at the South Australian defence base before it was trucked north. (Photo: Arnhemland Historical Society)

The first launch of the Europa-1 took place in 1966, with the rocket performing well, but inaccurate readings from a radar station leading to the rocket to be wrongly instructed to self-destruct. Of nine launches, four were successful, with the satellite trackers at Arnhemland providing tracking support. Ultimately, the many technical setbacks led to the demise of ELDO, and it was merged by the 1970s into what is now the European Space Agency, with its main launch site in Kourou, French Guiana.

Despite the lack of success, these early days at Woomera were instrumental in getting Europe’s feet wet in the development of the Ariane rockets. Woomera’s rocketing days may also not be over yet, with NASA having announced in 2019 plans to use Woomera for launches.

Maybe one day Arnhemland will have its own space port, with the old satellite track on display to remind of those early days.

[Top photo: The ELDO satellite trackers were state-of-the-art when they stood in Gove in the 1960s. (Supplied: Arnhemland Historical Society)]

(Thanks, David)