# Planet Aardvark

## February 26, 2020

• PRESS RELEASE: BCCLA raises serious concerns about privacy rights at B.C.âs public inquiry into money laundering

For Immediate Release

VANCOUVER, B.C. â On February 25, 2020, the British Columbia Civil Liberties Association (BCCLA) will make its opening statement to the Cullen Commission, the public inquiry into money laundering in B.C. The BCCLA urges the Commission to ensure that the rights and liberties of everyday people are taken into account in governmental and private sector efforts to combat money laundering.

In its opening statement to the Inquiry, the BCCLA will advocate for the protection of the rights and liberties of ordinary citizens in developingÂ appropriate responses to moneyâlaundering in British Columbia.Â The BCCLA will argue that there must be checks and balances in place for all measures that are recommended by the Commission to ensure that they operate in a manner that does not infringe on the rights and liberties of Canadians.

Megan Tweedie, Staff Counsel:Â  âThe BCCLA is supportive of efforts to combat money laundering in the province, however the recommendations proposed to date call for significant expansions of police and regulatory powers and the overâcollection, retention, and sharing of private information, without evidence demonstrating that these changes would be effective in combatting money laundering. The risk to the privacy rights and civil liberties of British Columbians is profound. Developing an effective anti-money laundering regime cannot simply reflect calls for more invasive powers, broader disclosures of sensitive, highly prejudicial information, and more resources for policing and FINTRAC. The implications for the rights and liberties of Canadians must form a part of the analysis.â

The BCCLA will bring its expertise in criminal law reform, police accountability, access to justice, due process and privacy rights to its role as a participant in the Inquiry in order to provide a muchâneeded civil libertiesâbased perspective. This perspective is crucial; the BCCLA intends to be a voice for the citizens of the province who cannot speak for themselves at the Inquiry.

The BCCLA is represented by staff counsel, Megan Tweedie and Emily Lapper of the BCCLA.

The BCCLAâs written opening statement isÂ available here.

Media Contacts:

• Megan Tweedie, staff counsel for the BCCLA, available for comment at 604-359-2416 orÂ megan@bccla.org
• Emily Lapper, senior counsel for the BCCLA, available for comment at 778-370-5655 orÂ emily@bccla.org
• G 9-40b: Confirming a Planet Candidate

M-class dwarfs within 100 light years are highly sought after objects these days, given that any transiting worlds around such stars will present unusually useful opportunities for atmospheric analysis. Thatâs because these stars are small, allowing large transit depth â in other words, a great deal of the starâs light is blocked by the planet. Studying a starâs light as it filters through a planetary atmosphere â transmission spectroscopy â can tell us much about the chemical constituents involved. Weâll soon extend that with space-based direct imaging.

While the discoveries weâre making today are exciting in their own right, bear in mind that weâre also building the catalog of objects that next generation ground telescopes (the extremely large, or ELT, instruments on the way) and their space-based cousins can examine in far greater depth. And itâs also true that we are tuning up our methods for making sure that our planet candidates are real and not products of data contamination.

Thus a planet called G 9-40b orbiting its red dwarf host about 90 light years out is significant not so much for the planet itself but for the methods used to confirm it. Probably the size of Neptune or somewhat smaller, G 9-40b is a world first noted by Kepler (in its K2 phase) as the candidate planet made transits of the star every six days. Confirmation that this is an actual planet has been achieved through three instruments. The first is the Habitable-zone Planet Finder (HPF), a spectrograph developed at Penn State that has been installed on the 10m Hobby-Eberly Telescope at McDonald Observatory in Texas.

HPF provides high precision Doppler readings in the infrared, allowing astronomers to exclude possible signals that might have mimicked a transiting world â we now know that G 9-40b is not a close stellar or substellar binary companion. HPF is distinguished by its spectral calibration using a laser frequency comb built by scientists at the National Institute of Standards and Technology and the University of Colorado. The instrument was able to achieve high precision in its radial velocity study of this planet while also observing the worldâs transits across the star.

A post on the Habitable Zone Planet Finder blog notes that the brightness of the host star (given its proximity) and the large transit depth of the planet makes G 9-40b ââ¦one of the most favorable sub-Neptune-sized planets orbiting an M-dwarf for transmission spectroscopy with the James Webb Space Telescope (JWST) in the futureâ¦â

But the thing to note about this work is the collaborative nature of the validation process, putting different techniques into play. High contrast adaptive optics imaging at Lick Observatory showed no stellar companions near the target, helping researchers confirm that the transits detected in the K2 mission were indeed coming from the star G 9-40. The Apache Point observations using high-precision diffuser-assisted photometry (see the blog entry for details on this technique) produced a transit plot that agreed with the K2 observations and allowed the team to tighten the timing of the transit. The Apache Point observations grew out of lead author GuÃ°mundur StefÃ¡nssonâs doctoral work at Penn State. Says StefÃ¡nsson:

âG 9-40b is amongst the top twenty closest transiting planets known, which makes this discovery really exciting. Further, due to its large transit depth, G 9-40b is an excellent candidate exoplanet to study its atmospheric composition with future space telescopes.â

Image: Drawn from the HPF blog. Caption: Precise radial velocities from HPF (left) on the 10m Hobby-Eberly Telescope (right) allowed us to place an upper limit on the mass of the planet of 12 Earth masses. We hope to get a further precise mass constraint by continuing to observe G 9-40 in the future. Image credit: Figure 11a from the paper (left), Gudmundur Stefansson (right).

Near-infrared radial velocities from HPF allowed the 12 MEarth mass determination, the tightening of which through future work will allow the composition of the planet to be constrained. All of this is by way of feeding a space-based instrument like the James Webb Space Telescope with the data it will need to study the planetâs atmosphere. In such ways do we pool the results of our instruments, with HPF continuing its survey of the nearest low-mass stars in search of other planets in the Sunâs immediate neighborhood.

The paper is Stefansson et al., âA Sub-Neptune-sized Planet Transiting the M2.5 Dwarf G 9-40: Validation with the Habitable-zone Planet Finder,â Astronomical Journal Vol. 159, No. 3 (12 February 2020). Abstract / preprint.

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

This weekâs story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. Alex Holden, the security expert who first spotted the code for sale, said at the time the vulnerability was so âstupidâ and easy to exploit that he wouldnât be surprised to find other Zyxel products were similarly affected. Now it appears Holdenâs hunch was dead-on. âWeâve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,â Zyxel wrote in an email to KrebsOnSecurity. âHotfixes have been released immediately, and the standard firmware patches will be released in March.â The updated security advisory from Zyxel states the exploit works against its UTM, ATP, and VPN firewalls running firmware version ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2, and that those with firmware versions before ZLD V4.35 Patch 0 are not affected. Zyxelâs new advisory suggests that some affected firewall product wonât be getting hotfixes or patches for this flaw, noting that the affected products listed in the advisory are only those which are âwithin their warranty support period.â Indeed, while the exploit also works against more than a dozen of Zyxelâs NAS product lines, the company only released updates for NAS products that were newer than 2016. Its advice for those still using those unsupported NAS devices? âDo not leave the product directly exposed to the internet. If possible, connect it to a security router or firewall for additional protection.â Hopefully, your vulnerable, unsupported Zyxel NAS isnât being protected by a vulnerable, unsupported Zyxel firewall product. CERTâsÂ advisory on the flawÂ rate this vulnerability at a â10â â its most severe. My advice? If you canât patch it, pitch it. The zero-day sales thread first flagged by Holden also hinted at the presence of post-authentication exploits in many Zyxel products, but the company did not address those claims in its security advisories. Recent activity suggests that attackers known for deploying ransomware have been actively working to test the zero-day for use against targets. Holden said the exploit is now being used by a group of bad guys who are seeking to fold the exploit intoÂ Emotet, a powerful malware tool typically disseminated via spam that is frequently used to seed a target with malcode which holds the victimâs files for ransom. âTo me, a 0day exploit in Zyxel is not as scary as who bought it,â he said. âThe Emotet guys have been historically targeting PCs, laptops and servers, but their venture now into IoT devices is very disturbing.â • Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost$100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study.

Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.

[...]

The privacy board, working with the intelligence community, got several additional salient facts declassified as part of the rollout of its report. Among them, it officially disclosed that the system has gained access to Americans' cellphone records, not just logs of landline phone calls.

It also disclosed that in the four years the Freedom Act system was operational, the National Security Agency produced 15 intelligence reports derived from it. The other 13, however, contained information the F.B.I. had already collected through other means, like ordinary subpoenas to telephone companies.

The report cited two investigations in which the National Security Agency produced reports derived from the program: its analysis of the Pulse nightclub mass shooting in Orlando, Fla., in June 2016 and of the November 2016 attack at Ohio State University by a man who drove his car into people and slashed at them with a machete. But it did not say whether the investigations into either of those attacks were connected to the two intelligence reports that provided unique information not already in the possession of the F.B.I.

This program is legal due to the USA FREEDOM Act, which expires on March 15. Congress is currently debating whether to extend the authority, even though the NSA says it's not using it now.

• Photo

• Truck Proximity

Iâve always suspected that if a woman went back to a guyâs place and found a round bed with mirrors on the ceiling, she would consider it an instant deal breaker.

Conversely, I think if a man when back to a womanâs place and found a round bed and ceiling mirrors, heâd be cool with it. To be fair, most guys could find a bare concrete floor and a stolen park bench as the only furniture and theyâd be cool with it.

As always, thanks for using my Amazon Affiliate links (US, UK, Canada).

## February 25, 2020

• The Newbieâs Guide To JTAG

This JTAG primerÂ will get you up to snuff on snarfing, and help you build your reverse engineering skills.

Whatever your motivation for diving into reverse engineering devices with microcontrollers, JTAG skills are a must, and [Sergio Prado]âs guide will get you going. He starts with a description and brief history of the Joint Test Action Group interface, from its humble beginnings as a PCB testing standard to the de facto standard for testing, debugging, and flashing firmware onto devices. He covers how to locate the JTAG pads â even when theyâve been purposely obfuscated â including the use of brute-force tools likeÂ the JTAGulator. Once youâve got a connection, his tutorial helps you find the firmware in flash memory and snarf it up to a file for inspection, modification, or whatever else you have planned.

via The Newbieâs Guide To JTAG â Hackaday

• Carnival 2020 in Brazil (29 photos)

Over the past two nights in SÃ£o Paulo and Rio de Janeiro, thousands of spectators jammed into Sambadromes to watch the annual spectacle of samba-school floats, dancers, and extravagant costumes during Carnival. Over the past couple of weeks, even more people took part in the many blocos, or street parties, dancing and drinking into the wee hours of the night. Collected below are images of Carnival 2020 festivities in Brazil.

• Moon Creeps Up On Venus And Betelgeuse Brightens

A fresh face appears in the evening sky this week. Look low in the west tonight (Feb. 25) below beaming Venus, and youâll see a delicate crescent moon with its horns tilted upward. Little devil. It moves about a fist a night upward, making a fairly close pass of Venus on Thursday, Feb. 27.Â  Conjunctions or close approaches of the brightest planet and the moon are easy to capture in a mobile phone. Photograph them in twilight when thereâs enough light to include a landmark like a scenic tree or building. Clouds in the right places can also add beauty to the scene.

Lockheed SR-71 Blackbird clip

The moon orbits the Earth with a mean velocity of 2,288 miles an hour (3,683 kph). This is nearly the same speed as the worldâs fastest manned plane, the Lockheed SR-71 Blackbird, which set a record of 2,193.2 mph at Beale Air Force Base in California back in 1976. You can imagine how fast it would be to see that plane fly by. In contrast, the moon appears to move much more slowly because itâs a quarter million miles away. Plodding along at one moon-diameter per hour it covers about 12Â° of sky (a little more than one fist) a day as it toddles eastward in its orbit about the Earth.

One complete orbit takes 27.3 days â the moonâs orbital period. But the moon also has a synodic period of 29.5 days. Thatâs the time between two identical phases â full moon to full moon for example. Why the difference? During the 27.3 days the moon takes to circle the Earth, the Earth is also revolving around the sun. To return to the same phase, the Moon must continue a little farther along its orbit (2.2 days) to catch up to the same position it started from relative to the sun and Earth. Thatâs why its synodic period, also called a lunar month, is longer than its orbital period.

In other observing news, the star Betelgeuse has finally turned around and started to brighten again. The star normally waxes and wanes in brilliance because it pulsates (physically expands and contracts). Itâs also lobbing tons of dust into space that form in its cool atmosphere from elements dredged from its core. Like a passing cloud the material can temporarily dim the star.

Astronomer Ed Guinan of Villanova University reports that Betelgeuse reached minimum light on Feb. 7-13 at magnitude 1.6 but brightened to 1.5 on Feb. 22. Many skywatchers have reported it as fainter than the neighboring star Bellatrix (magnitude 1.6). A few nights ago I estimated its light at 1.7, but last night (Feb. 24) the two stars appeared equally bright to my eye.

If you were planning that supernova party you might want to reschedule. Guinan notes that the slump coincides with the bottom of the starâs ~424-day pulsation cycle. Its unusual faintness may also be due in part to fresh dust ejected along our line of sight, which would further dim the mighty supergiant. I urge you to keep watching as more surprises may lie ahead â¦ plus itâs just fun to watch a star change before your eyes.

• Photo

• Inrupt, Tim Berners-Lee's Solid, and Me

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety. And most recently, I have been writing and speaking about how technologists need to get involved with public policy.

All of this is a long-winded way of saying that I have joined a company called Inrupt that is working to bring Tim Berners-Lee's distributed data ownership model that is Solid into the mainstream. (I think of Inrupt basically as the Red Hat of Solid.) I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.

The ideal would be for this to be completely distributed. Everyone's pod would be on a computer they own, running on their network. But that's not how it's likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers. Even if you do hand your pod over to some company, it'll be like letting them host your domain name or manage your cell phone number. If you don't like what they're doing, you can always move your pod -- just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.

I believe this will fundamentally alter the balance of power in a world where everything is a computer, and everything is producing data about you. Either IoT companies are going to enter into individual data sharing agreements, or they'll all use the same language and protocols. Solid has a very good chance of being that protocol. And security is critical to making all of this work. Just trying to grasp what sort of granular permissions are required, and how the authentication flows might work, is mind-altering. We're stretching pretty much every Internet security protocol to its limits and beyond just setting this up.

Building a secure technical infrastructure is largely about policy, but there's also a wave of technology that can shift things in one direction or the other. Solid is one of those technologies. It moves the Internet away from overly-centralized power of big corporations and governments and towards more rational distributions of power; greater liberty, better privacy, and more freedom for everyone.

I've worked with Inrupt's CEO, John Bruce, at both of my previous companies: Counterpane and Resilient. It's a little weird working for a start-up that is not a security company. (While security is essential to making Solid work, the technology is fundamentally about the functionality.) It's also a little surreal working on a project conceived and spearheaded by Tim Berners-Lee. But at this point, I feel that I should only work on things that matter to society. So here I am.

Whatever happens next, it's going to be a really fun ride.

EDITED TO ADD (2/25): More press coverage.

• Firefox Enables DNS over HTTPS

This is good news:

Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site.

[...]

But the move is not without controversy. Last year, an internet industry group branded Mozilla an "internet villain" for pressing ahead the security feature. The trade group claimed it would make it harder to spot terrorist materials and child abuse imagery. But even some in the security community are split, amid warnings that it could make incident response and malware detection more difficult.

The move to enable DoH by default will no doubt face resistance, but browser makers have argued it's not a technology that browser makers have shied away from. Firefox became the first browser to implement DoH -- with others, like Chrome, Edge, and Opera -- quickly following suit.

I think DoH is a great idea, and long overdue.

Slashdot thread. Tech details here. And here's a good summary of the criticisms.

• Solder Smoke

In the latest edition of the SolderSmoke podcast, host Bill Meara, N2CQR put out a plea for listeners to drop him a note and let him know how you listen, via direct download, iTunes, Stitcher, etc.

Iâve been listening to SolderSmoke since it launched, the only ham radio program I can make that claim about. Intended for low-power enthusiasts, home brewers, and boat anchor aficionados, the personality and delivery make it the most highly anticipated program in all of hamdom. Sometimes I wish it was produced more frequently, but its semi-scarcity is one of its many charms.

Also be sure to visit the SolderSmoke daily news blog.

## February 24, 2020

• Excessive rdrand harvesting on DragonFly

This recent commit changes how random number provision is seeded on DragonFly.ÃÂ  It sounds interesting, but I donât know if the performance improvement translates to real-world activity.

• How NASA Approaches Deep Space Missions

Centauri Dreams reader Charley Howard recently wrote to ask about how NASA goes about setting its mission priorities and analyzing mission concepts like potential orbiter missions to the ice giants. Itâs such a good question that I floated it past Ashley Baldwin, who is immersed in the evolution of deep space missions and moves easily within the NASA structure to extract relevant information. Dr. Baldwin had recently commented on ice giant mission analysis by the Outer Planets Advisory Group. But what is this group, and where does it fit within the NASA hierarchy? Here is Ashleyâs explanation of this along with links to excellent sources of information on the various mission concepts under analysis for various targets, and a bit of trenchant commentary.

By Ashley Baldwin

Each of the relevant NASA advisory groups has its own page on the NASA site with archives stuffed full of great presentations. The most germane to our discussion here is the Outer Planets Assessment Group (OPAG). My own focus has been on the products OPAG and the other PAGs produce, though OPAG produces the most elegant presentations with interesting subject matter. Product more than process is my focus, along with politics with a little âpâ within the NASA administration, and âhighâ politics with a big P.

There are a number of such âadvisory groupsâ feeding into NASA through its Planetary Science Advisory Committee (PAC), some of them of direct interest to Centauri Dreams readers::

Venus Exploration Analysis Group (VEXAG);

Small Bodies Assessment Group (SBAG)

The relative influence of these groups doubtless waxes and wanes over time, with Mars in the ascendancy for a long time and Venus in inferior conjunction for ages. Most were formed in 2004, with the exoplanet group unfortunately a year later (see * below for my thoughts on why and how this happened).

These groups are essentially panels of relevant experts/academics â astronomers, astrophysicists, geophysicists, planetary scientists, astronautical engineers, astrobiologists etc â from within the various NASA centers (JPL, Glenn, Goddard et al.), along with universities and related institutions. The chairpersons are elected and serve a term of three years. James Kasting, for instance, chaired the exoplanetary advisory group ExoPAG during the first decade of this century.

Each group has two to three full member meetings per year which are open to the public. They have set agendas and take the form of plenary sessions discussing presentations â all of which are made available in the meeting archives, which over the years tell the story of what is being prioritised as well as offering a great deal on planetary science. There are also more frequent policy committee meetings, some of which I have attended via Skype. The PAGs also work in collaboration with other space agencies, the European Space Agency (ESA) and Japan Aerospace Exploration Agency (JAXA) in particular. This all creates technological advice that informs and is informed by NASA policy, which is in turn informed politically, as you would imagine. All of this leads to the missions under consideration, such as Europa Clipper, the Space Launch System (SLS), the James Webb Space Telescope (JWST), the International Space Station (ISS) and the planning for future manned Lunar/Martian landings.

NASA can task the advisory groups to produce work relating to particular areas, such as ice giant missions, and with contributing towards the Decadal studies via a report that is due in March of 2023. On the Decadals: The National Research Council (NRC) conducts studies that provide a science community consensus on key questions being examined by NASA and other agencies. The broadest of these studies in NASAâs areas of research are the Decadal surveys.

So once each decade NASA and its partners ask the NRC to project 10 or more years into the future in order to prioritize research areas and develop mission concepts needed to make the relevant observations. You can find links to the most recent Decadal surveys here.

There is obviously jostling and internal competition for each group to get its priorities as high up the Decadal priority list as possible. Bearing in mind that there is a similar and equally competitive pyramid lobby for astrophysics, earth science and heliophysics.

Each PAG is encouraged to get its members to both individually and collectively submit âwhite papersâ championing research areas they feel are relevant. Thatâs thousands, so no wonder they need some serious and time consuming collation to produce the final document. This time around it will be Mars sample return versus the ice giants vying for the all important top spot (anything less than this and you are unlikely to receive a once-a-decade flagship mission).

The Planetary Science Advisory Committee, in turn, advises the central NASA Advisory Council (NAC). Its members are appointed at the discretion of and are directly advisory to the NASA administrator on all science matters within NASAâs purview. NAC was formed from the merger of several related groups in 1977, though its origins predate NASAâs formation in 1958.

The Discovery (small) and New Frontiers (medium ) Planetary Science programmes (with âflagshipâ missions like Clipper effectively being âlarge,â occurring generally once per decade) each run over a five year cycle, with one New Frontiers being picked each round and up to two Discovery missions chosen. This after short-listing from all concepts submitted in response to âan announcement of opportunityâ â the formal NASA application process. The Discovery and New Frontiers programmes are staggered, as are the missions chosen under those programmes, with the aim of having a mission launching roughly on a 24 monthly rolling basis, presumably to help spread out their operational costs.

Both Discovery and New Frontiers come with a set budget cap, the $850-1000 million New Frontiers and$500 million Discovery. However, on top of this they have receive a free launcher (from a preselected list), some or all operational costs for the duration of the primary mission (which without extensions is about 2 years for Discovery like Insight and 3-4 years for a New Frontiers). There are also varying additional government furnished equipment (GFEs) on offer, consisting of equipment, special tooling, or special test equipment.

Sometimes other additional cost technology is included such as multi-mission radioisotope thermoelectric generators (MMRTG). Two have been slotted this time around for Discovery, which is very unusual as MMRTGs are at a premium and generally limited to New Frontiers missions or bigger. There were three on offer for last yearâs New Frontiers round but as Dragonfly to Titan only needs one, there were two left over and they only have a limited shelf life.

This Discovery round also has broken with former policy in so much as ALL operations costs are being covered, including those outside of the mission proper (i.e whilst in transit to the target), thus removing cost penalties for missions with long transit times, like Trident to Triton. Even in hibernation there are system engineering costs and maintaining a science team that together add up to several million dollars per year. A big clue as to NASAâs Planetary Science Divisionâs priorities? I hope so!

The Explorer programme is the Astrophysics Division parallel process, run in similar fashion with one medium Explorer and one small Explorer (budget $170 million) picked every five years, though each programme is again staggered to effectively push out a mission about every two and a half years. There is some talk of the next Decadal study creating a funded âProbeâ programme. Such programmes are generally only conceptual, but there is talk of a$1 billion budget for some sort of astrophysics mission, hopefully exoplanet related. No more than gossip at this point, though.

* And here is the ExoPAG bone of contention I mentioned above. Kepler was selected as a Discovery mission in 2003 prior to the formation of ExoPAG, and the rest of the planetary science groups went ballistic. This led to NASA excluding exoplanet missions from future Discovery and New Frontier rounds. Despite the tremendous success of Kepler, this limited ExoPAG to analogous but smaller Astrophysics Explorer funding. These are small- and medium-class, PI-led astrophysics missions, as well as astrophysics missions of opportunity.

Imagine what could have been produced, for instance, if the ESAâs ARIEL (or EChO) transit telescope had been done in conjunction with a New Frontiers budget instead of Astrophysics Explorer. The Medium Explorer budget reaches $200 million plus; New Frontiers gets up to$850-1000 million.

• Zyxel Fixes 0day in Network Storage Devices

Networking hardware vendor ZyxelÂ today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp.Â (a.k.a âZyXELâ) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale. KrebsOnSecurity first learned about the flaw on Feb. 12 from Alex Holden, founder of Milwaukee-based security firm Hold Security. Holden had obtained a copy of the exploit code, which allows an attacker to remotely compromise more than a dozen types of Zyxel NAS products remotely without any help from users. A snippet from the documentation provided by 500mhz for the Zyxel 0day. Holden said the seller of the exploit code â a neâer-do-well who goes by the nickname â500mhzâ âis known for being reliable and thorough in his sales of 0day exploits (a.k.a. âzero-days,â these are vulnerabilities in hardware or software products that vendors first learn about when exploit code and/or active exploitation shows up online). For example, this and previous zero-days for sale by 500mhz came with exhaustive documentation detailing virtually everything about the flaw, including any preconditions needed to exploit it, step-by-step configuration instructions, tips on how to remove traces of exploitation, and example search links that could be used to readily locate thousands of vulnerable devices. 500mhzâs profile on one cybercrime forum states that he is constantly buying, selling and trading various 0day vulnerabilities. âIn some cases, it is possible to exchange your 0day with my existing 0day, or sell mine,â his Russian-language profile reads. The profile page of 500mhz, translated from Russian to English via Google Chrome. #### PARTIAL PATCH KrebsOnSecurity first contacted Zyxel on Feb. 12, sharing a copy of the exploit code and description of the vulnerability. When four days elapsed without any response from the vendor to notifications sent via multiple methods, this author shared the same information with vulnerability analysts at the U.S. Department of Homeland Security (DHS) and with the CERT Coordination Center (CERT/CC), a partnership between DHS and Carnegie Mellon University. Less than 24 hours after contacting DHS and CERT/CC, KrebsOnSecurity heard back from Zyxel, which thanked KrebsOnSecurity for the alert without acknowledging its failure to respond until they were sent the same information by others. âThanks for flagging,â Zyxelâs team wrote on Feb. 17. âWeâve just received an alert of the same vulnerabilities from US-CERT over the weekend, and weâre now in the process of investigating. Still, we heartilyÂ appreciate you bringing it to our attention.â Earlier today, Zyxel sent a message saying it had published a security advisory and patch for the zero-day exploit in some of its affected products. The vulnerable devices includeÂ NAS542, NAS540, NAS520, NAS326, NSA325 v2, NSA325, NSA320S, NSA320, NSA310S, NSA310, NSA221, NSA220+, NSA220, and NSA210. The flaw is designated as CVE-2020-9054. However, many of these devices are no longer supported by Zyxel and will not be patched. Zyxelâs advice for those users is simply âdo not leave the product directly exposed to the internet.â âIf possible, connect it to a security router or firewall for additional protection,â the advisory reads. Holden said given the simplicity of the exploit â which allows an attacker to seize remote control over an affected device by injecting just two characters to the username field of the login panel for Zyxel NAS devices â itâs likely other Zyxel products may have related vulnerabilities. âConsidering how stupid this exploit is, Iâm guessing this is not the only one of its class in their products,â he said. CERTâs advisory on the flaw rates it at a â10â â its most severe. The advisory includes additional mitigation instructions, including a proof-of-concept exploit that has the ability to power down affected Zyxel devices. #### EMOTET GOES IOT? Holden saidÂ recent activity suggests that attackers known for deploying ransomware have been actively working to test the zero-day for use against targets. Specifically, Holden said the exploit is now being used by a group of bad guys who are seeking to fold the exploit into Emotet, a powerful malware tool typically disseminated via spam that is frequently used to seed a target with malcode which holds the victimâs files for ransom. Holden said 500mhz was offering the Zyxel exploit for$20,000 on cybercrime forums, although itâs not clear whether the Emotet gang paid anywhere near that amount for access to the code. Still, he said, ransomware gangs could easily earn back their investment by successfully compromising a single target with this simple but highly reliable exploit.

âFrom the attackerâs standpoint simple is better,â he said. âThe commercial value of this exploit was set at $20,000, but thatâs not much when you consider a ransomware gang could easily make that money back and then some in a short period of time.â Emotetâs nascent forays into IoT come amid other disturbing developments for the prolific exploitation platform. Earlier this month, security researchers noted that Emotet now has the capability to spread in a worm-like fashion via Wi-Fi networks. âTo me, a 0day exploit in Zyxel is not as scary as who bought it,â he said. âThe Emotet guys have been historically targeting PCs, laptops and servers, but their venture now into IoT devices is very disturbing.â #### DISCLOSURE DEBATE This experience was a good reminder that vulnerability reporting and remediation often can be a frustrating process. Twelve days turnaround is fairly quick as these things go, although probably not quick enough for customers using products affected by zero-day vulnerabilities. It can be tempting when one is not getting any response from a vendor to simply publish an alert detailing oneâs findings, and the pressure to do so certainly increases when there is a zero-day flaw involved. KrebsOnSecurity ultimately opted not to do that for three reasons. Firstly, at the time there was no evidence that the flaws were being actively exploited, and because the vendor had assured DHS and CERT-CC that it would soon have a patch available. Perhaps most importantly, public disclosure of an unpatched flaw could well have made a bad situation worse, without offering affected users much in the way of information about how to protect their systems. Many hardware and software vendors include a link from their home pages to /security.txt, which is a proposed standard for allowing security researchers to quickly identify the points of contact at vendors when seeking to report security vulnerabilities. But even vendors who havenât yet adopted this standard (Zyxel has not) usually will respond to reports at security@[vendordomainhere]; indeed, Zyxel encourages researchers to forward any such reports to security@zyxel.com.tw. On the subject of full disclosure, I should note that while this author is listed by Hold Securityâs site as an advisor, KrebsOnSecurity has never sought nor received remuneration of any kind in connection with this role. • Winners of the 2020 Underwater Photographer of the Year Contest (15 photos) The winners of this yearâs Underwater Photographer of the Year contest were just announced, and the photographer Greg Lecoeur was named Underwater Photographer of the Year 2020 for his image of crabeater seals in Antarctica. More than 5,500 images were submitted by photographers from around the world. Prizes and commendations were handed out in categories including Wide Angle, Macro, Wrecks, Behavior, Portrait, Black and White, Compact, Up and Coming, Marine Conservation, and in British waters, Wide Angle, Living Together, Compact, and Macro Shots. UPY was once again kind enough to share some of this yearâs honorees with us below, with captions written by the photographers. • Selling Out Iâd like to sell all my modern transceivers, along with all the accessories that go with them. That includes the IC-7610, IC-9700, and the IC-7300. At least thatâs the plan. But one of my least favorite things to do is to sell almost anything. Itâs hard work. If it were only a matter of taking photos, listing online, boxing it up and shipping it, that would be easy. Itâs the other stuff that makes me sweat. Five years ago I sold my TenTec Eagle. The Eagle was a very simple to operate HF transceiver. There were only a few knobs and buttons to contend with. I sold it to some fellow who continued to contact me for months afterwards with endless questions; âHow do I make it do this, how do I make it do that, I canât get it to transmit in CW â are you sure you didnât sell me a defective transceiver?â Being unpaid product support is not for me and I vowed never to sell anything of significant value again. Iâd rather take used equipment to the dump than deal with that again. Imagine my consternation at listing stuff for sale thatâs considerably more complex than that old Eagle! So Iâm looking for alternatives. One of those being to trade it all in for store credit. Thatâs still not ideal, but it beats putting it into storage, or something worse. • An Introduction to Stability Note: This post is adapted from a lecture I gave to my undergrads. Itâs focused on presenting the basics of stability for dynamical systems. The big question this lecture is intended to answer is what will our system do if we perturb it a small amount? This is not a rigorous treatment and in some locations, I have traded being technically correct for being clear. If you want a rigorous treatment of the material I suggest a textbook. ### Linear Systems When our dynamics are linear, we can always write our state space in the following form $\dot{\vec{X}}(t)=A(t)\vec{X}(t) + B(t)\vec{u}(t)$ where $\vec{X}$ is an n-by-1 state vector, A is a n-by-n state matrix , $\vec{u}$ is a m-by-1 vector of controls, and B is a n-by-m input matrix. $m\ddot{x}=-k_1x-c_1\dot{x}+F$ $\vec{X}=\begin{bmatrix} x \\ \dot{x} \end{bmatrix}\quad,\quad \dot{\vec{X}}=\begin{bmatrix} \dot{x} \\ \ddot{x} \end{bmatrix}=\begin{bmatrix} \dot{x} \\ -\frac{k_1 x}{m}-\frac{c_1\dot{x}}{m}+\frac{F}{m} \end{bmatrix}$ $\dot{\vec{X}}=\begin{bmatrix} 0 & 1 \\ \frac{-k_1}{m}& \frac{-c_1}{m} \end{bmatrix}\begin{bmatrix} x\\ \dot{x} \end{bmatrix} + \begin{bmatrix} 0\\ \frac{1}{m} \end{bmatrix} \begin{bmatrix} F \end{bmatrix}$ #### Linear Stability For the rest of this lecture, letâs pretend that our system has no controls. This leaves us with the reduced state space $\dot{\vec{X}}(t)=A(t)\vec{X}(t)$ We can determine that our systemâs stability by analyzing the eigenvalues, $\vec{\lambda}$ of the state matrix $det(A- \lambda I)=0$ where I is an n-by-n identity matrix. #### Eigenvalue practice $A=\begin{bmatrix} 0 & 1 \\ \frac{-k_1}{m} & \frac{-c_1}{m} \end{bmatrix}$ $|A-\lambda I|=0$ $\bigg|\begin{bmatrix} 0 & 1 \\ \frac{-k_1}{m} & \frac{-c_1}{m} \end{bmatrix}-\lambda\begin{bmatrix} 1 & 0 \\ 0 & 1 \end{bmatrix}\bigg| \rightarrow \bigg|\begin{bmatrix} -\lambda & 1 \\ \frac{-k_1}{m} & \frac{-c_1}{m}-\lambda \end{bmatrix}\bigg| = 0$ $\lambda^2+\frac{c_1}{m}\lambda + \frac{k_1}{m}=0$ $x=\frac{-b\pm\sqrt{b^2-4ac}}{2a}$ $\lambda = \frac{1}{2}\bigg(-\frac{c_1}{m}\pm\sqrt{\frac{c_1^2}{m^2}-4\frac{k_1}{m}} \quad\bigg)$ $(A-\lambda I)\vec{V}=\vec{0} \quad,\quad |\vec{V}|=1$ #### Understanding eigenvalues Now, each eigenvalue corresponds to a different behavior, and each eigenvector corresponds to a different mode ##### Positive Real Portion An unstable system that goes to infinity in finite time (Technical term: Blowâs up) $\lambda_i = c_1 \Re \pm c_2 \Im \quad,\quad s.t. \quad c_1>0$ ##### Zero Real Portion some imaginary portion This is called Marginally stable, never gonna stop, never gonna blow up, never gonna give you up $\lambda_i = 0 \Re \pm c_2 \Im$ ##### Negative Real Portion no imaginary portion Stable (and simple) $\lambda_i = c_1 \Re \pm 0 \Im \quad,\quad s.t. \quad c_1<0$ ##### Negative Real Portion some imaginary portion Stable (and oscillatory) $\lambda_i = c_1 \Re \pm c_2 \Im \quad,\quad s.t. \quad c_1<0$ Note: Eigenvalues with imaginary components always come in pairs of $\pm c_2 \Im$ ##### Multiple Eigenvalues If you have multiple eigenvalues, your system is dominated by the eigenvalue with the largest real portion. If the largest real portion is positive, your entire system is unstable. If your largest real portion of the eigenvalues is 0 your system is marginally stable. If your largest real portion of the eigenvalue is negative, the system is stable. #### System of equations practice $F_1 = -k_1x_1 - c_1\dot{x}_1 + k_2(x_2-x_1) + c_2(\dot{x}_2-\dot{x}_1)$ $F_2 =-k_2(x_2-x_1) -c_2(\dot{x}_2-\dot{x}_1) + F$ Assume$m_1=m_2=1$$\dot{\vec{X}}=\begin{bmatrix} 0 & 0 & 1 & 0\\ 0 & 0 & 0 & 1\\ -k_1-k_2 & k_2 & -c_1-c_2 & c_2\\ k_2 & -k_2 & c_2 & -c_2 \end{bmatrix}\begin{bmatrix} x_1\\x_2\\ \dot{x}_1\\ \dot{x}_2 \end{bmatrix} + \begin{bmatrix} 0\\0\\0\\1 \end{bmatrix}F$ Assume that $k_1=k_2=c_1=c_2=1$ $A=\begin{bmatrix} 0&0&1&0\\ 0&0&0&1\\ -2&1 &-2 &1\\ 1&-1 &1 &-1 \end{bmatrix}$ $\lambda = -1.309 \pm .9511 i \quad,\quad -0.1910 \pm 0.5878 i$ #### Connecting Eigenvalues to a solution of ODEâs Weâve seen that thereâs a connection on which relates the eigenvalues of the state matrix and the stability of the system, but why is that? Letâs start this whole explanation off with a simple infinite series $f(x):=\sum_{k=1}^{\infty}\frac{x^k}{k!} = 1 + x + \frac{x^2}{2}+\frac{x^3}{6}+\hdots$ Now letâs take itâs derivative with respect to x $f'(x)= 1 + x + \frac{x^2}{2}+\frac{x^3}{6}+\hdots$ The derivative of f is also f! $\frac{df(x)}{dx}=f(x)$ Thatâs such a nice property that we gave this function name e $e^x = f(x) = \frac{de^x}{dt} = f'(x) = exp(x)$ Now, letâs return to differential equation land. The simplest linear differential equation is the following $\frac{dy(x)}{dt}=y(x)$ Does this look familiar? Yes, itâs the same as our above equation (with some constants added), so we can say $y(x)=c_1e^{c_2x}+c_3$ Note: thereâs this thing called a uniqueness proof which shows that for a linear ODE, this is the only solution. I wont go over it here, but just know we can rigorously prove that the exponential is the basic solution to a linear ODE. Now that we have the solution for a single linear ODE, what about for system of linear ODEs? Instead of there just being a single exponential, the solution is the linear superposition of several of these base solutions $\vec{X}(t) = \sum_{i=1}^{j}c_ie^{\lambda_i t}\vec{V}_i,$ where $\lambda_i$, is the iâth eigenvalue, and $\vec{V}_i$, the iâth eigenvector. ### Nonlinear Stability Exploring stability, like most dynamics, is easy to do in linear systems. Extending it out to non-linear systems is less so. First we must define the concept of stationary points #### Stationary Points Stationary points are defined as states that satisfy the following condition $\dot{\vec{X}}=\vec{0}$ #### Stationary Points Practice For the simple pendulum we have the following equation of motion, where all constants have been set to 1 $\ddot{\theta}=-sin(\theta)$ This gvies us the following nonlinear state space $\vec{X}=\begin{bmatrix} \theta\\\dot{\theta} \end{bmatrix} \quad,\quad \dot{\vec{X}}=\begin{bmatrix} \dot{\theta}\\-sin(\theta) \end{bmatrix}$ setting the derivative of the state vector to 0 we get the following two equations $\dot{\theta}=0$ $sin(\theta)=0 \rightarrow \theta = \{n\pi\mid n\subset \mathbb{Z}\}$ Note there are an infinite number of stationary points for the humble pendulum, and we can mark each stationary point as $\vec{X}_i$. #### Linearization Letâs expand the derivative of our state vector about these stationary points using a Taylor series and then truncate the second order and higher terms $\dot{\vec{X}}(\vec{X}) \approx \dot{\vec{X}}|_{\vec{X}_i} + \nabla\dot{\vec{X}}|_{\vec{X}_i}\big(\vec{X}-\vec{X}_i\big) + \mathcal{O}(\vec{X}^2)$ where $|_{\vec{X}_i}$ indicates that you evaluate that term at stationary point $i$. Now, at least for the region about that stationary point, we obtain the following relationship $A\approx\nabla\dot{\vec{X}}|_{\vec{X}_i}$ We can now use the tools we developed for linear systems to determine the stability of stationary points. #### Caveats About Linearization Note: Because the linearization is only an approximation of the state matrix, you have to be aware of the following • Linearization makes the assumption that we can approximate the derivative of the state vector by ignoring higher order terms. This is not always true! Explore the following example on your own $\dot{x}=xy \quad,\quad \dot{y}=x^2-y$ • This only covers a region close to the stationary point. How close? That depends on how important those higher-order terms we truncated are. • While linearization can tell us if a stationary point is stable or unstable, if there is no real component (aka marginally stable), the results are inconclusive. The higher order terms can tip the system towards or away from stability. #### Linearization Practice Returning to our simple pendulum, letâs practice linearizing the system $\nabla\dot{\vec{X}}=\begin{bmatrix} \frac{\partial \dot\theta}{\partial \theta} & \frac{\partial \dot\theta}{\partial\dot\theta} \\ \frac{\partial \ddot\theta}{\partial \theta} & \frac{\partial \ddot\theta}{\partial\dot\theta} \end{bmatrix} = \begin{bmatrix} 0 & 1 \\-cos(\theta) & 0 \end{bmatrix}$ Now, letâs get the eigenvalues when our pendulum is completely down $\theta=0,$ and our pendulum is upright $\theta=\pi$ $\lambda_{\theta=0}=\pm 1i,$ which is marginally stable, so we would need a more advanced technique to determine the actual stability, but due to the nature of the symmetry weâll find that it is truly marginally stable, and $\lambda_{\theta=0}=\pm 1,$ which is clearly unstable as expected. ### Want More Gereshes? If you want to receive the weekly Gereshes blog post directly to your email every Monday morning, you can sign up for the newsletterÂ here!Â Donât want another email? Thatâs ok, Gereshes also has aÂ twitter accountÂ andÂ subreddit! The post An Introduction to Stability appeared first on Gereshes. • Russia Is Trying to Tap Transatlantic Cables The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financial transactions to take place seamlessly. Garda and military sources believe the agents were sent by the GRU, the military intelligence branch of the Russian armed forces which was blamed for the nerve agent attack in Britain on Sergei Skripal, a former Russian intelligence officer. This is nothing new. The NSA and GCHQ have been doing this for decades. Boing Boing post. • ToorCamp call for papers Call For Papers Released:Â Weâre now accepting talk submissions for ToorCamp! You have until April 20th to submit your talk to be considered by our esteemed review panel. Weâre looking forward to seeing what you all have been working on! ToorCamp, the American hacker camp, first âlaunchedâ at the Titan-1 Missile Silo in Washington State in 2009. The second and third ToorCamp happened in 2012 and 2014 on the beautiful Washington Coast. For the past 2 events (2016 and 2018) and upcoming 2020 are now at theÂ Doe Bay ResortÂ on Orcas Island, WA and are looking for groups to participate. Show off your crazy projects youâve been working on, bring some ideas you want to hack on with the other technology experts that will be showing up, organize a campsite with all of your friends and show how awesome your group is, or just see what all the other groups are up to. Itâs up to you! Either way, weâd like to show that the US can throw down as much as the European hacker camps (CCC Camp,Â HAR, etc) so this is your invitation to come! • Ringtone Timeline • Putting the Drake 2B on 30 and 17 meters Recently I noticed the optional crystal frequency chart in my Drake 2B manual. It shows that a 14.0 MHz crystal allows you to listen to WWV on 10 MHz and 30 mtrs on 10.1-10.150. Nice, but wait, buy one get a second one free! The chart in the manual also shows that by retuning the preselector that same 14.0 MHz crystal also covers 17.5-18.1 MHz. This includes the lower half of the 17 mtr band. It looked like shifting the crystal up 100 KHz would shift coverage to include the entire 17 mtr band and still keep WWV and 30 mtrs on the dial. Outstanding! A quick check of AF4K's website at http://www.af4k.com shows that he stocks 14.1 MHz crystals in both the HC49 and HC6 style holders. Being cheap I bought the HC49 version for$12 instead of the HC6 plug and play option for $24. I mounted my new crystal on a hacked off HC6 base and plugged it in. It works fine. Range C on my 2B now covers WWV, 30 mtrs and 17 mtrs. Where is Solar Cycle 25? • A DMR Primer ## Our meeting presenters say its the way of the future... A recent SARC meeting featured two guests, Doug Pattengale VE7CQT and Brad Wilson VA7BWX, who have been heavily involved in local Digital Mobile Radio (DMR). They have kindly agreed to share their presentation slides.Â DMR is a limited open digital mobile radio standard defined in the European Telecommunications Standards Institute (ETSI) Standard TS 102 361 and used in commercial products around the world. In the commercial world, DMR, along with P25 phase II and NXDN are the main competitor technologies in achieving 6.25 kHz equivalent bandwidth using the proprietary AMBE+2 vocoder. DMR and P25 II both use two-slot TDMA in a 12.5 kHz channel, while NXDN uses discrete 6.25 kHz channels using frequency division and TETRA uses a four-slot TDMA in a 25 kHz channel. DMR was designed with three tiers. DMR tiers I and II (conventional) were first published in 2005, and DMR III (Trunked version) was published in 2012, with manufacturers producing products within a few years of each publication. In our Amateur Radio world, DMS is one of three main digital radio technologies, with iCom D-Star and Yaesu System Fusion as earlier players. The primary goal of the standard is to specify a digital system with low complexity, low cost and interoperability across brands, so radio communications purchasers are not locked into a proprietary solution. In practice, given the current limited scope of the DMR standard, many vendors have introduced proprietary features that make their product offerings non-interoperable with other brands. To view or download the presentation, visit: Our thanks to Doug and Brad for an informative evening. • How to Talk Through a Troubling Experience Sadly, I find that all too often in life Plan B is just âPlan A, but harder.â The story I tell in the comic about the Englishman spanking his 14 year old in public is true. I saw it in the grocery department at Target. Think about that for a second, I saw a family of British tourists in the grocery department at Target, and that wasnât the weird part. I never saw that in Seattle, and I havenât seen it yet in Phoenix. But in Orlando, you get used to seeing international tourists in places you wouldnât expect. If youâve never seen a huge group of Brazilian teenagers wearing identical t-shirts swarming through the outlet mall, itâs an experience you donât ever forget. As always, thanks for using my Amazon Affiliate links (US, UK, Canada). ## February 23, 2020 • How To Use An Ursa Major To Find A Leo Use a bear to find a lion? I canât think of a better way. In late February, the Big Dipper stands on its handle in the northeastern sky at nightfall. Canât miss it. The handle is actually the tail of the Great Bear called Ursa Major. The Dipper forms only the brightest part of the bear with handle representing the tail and the bucket the bearâs torso. Fainter stars extends in short chains from the Dipper to fashion the head, legs and claws. Itâs a beautiful constellation in total when viewed from a dark sky because it strongly resembles a real bear on all fours nosing through the forest. Along with Orionâs Belt, the Big Dipper is one of the most recognizable star groups in the sky. Thatâs why weâre going to use it to point to a less familiar constellation, Leo the lion. First, youâll need a clear night with a view to the north. Focus your attention on the Dipperâs Bowl and then pivot to the right to face east-northeast. Ball your fist and hold it at armâs length horizontally against the sky. If you âtouchâ the left end of your fist to the bottom of the Bowl and mark off a little more than three fists to the lower right, youâll see a sickle-shaped group of stars with a bright star at its bottom. Thatâs the head of Leo the lion. Because it resemblesÂ a farming tool called a sickleÂ thatâs its nickname.Â Others see it a backwards question mark. The bright star at the bottom of the Sickle is called Regulus, Latin for âlittle king.â Once youâve located the Sickle, slide a fist and half below and to the left of Regulus to find the triangle of stars that form the lionâs rump and tail. See how easy that was? If houses or trees compromise your view of the eastern sky wait an hour and look again. In that time Leo will have risen more than fist higher and be easier to see. Leo is one of the zodiac constellations, the ones the sun, moon and planets travel through as they make their rounds about the sky. Right now, Leo is planet-less and moonless. If you learn to recognize the group, youâll also know when it hosts a planet because it will appear as a bright star that doesnât belong there. All the planets orbit the sun in the same flat plane. That plane projected against the sky is called the ecliptic, and the ecliptic runs straight through all 12 constellations of the zodiac. Get to know them all, and youâll always know where the planets are. What better place to start than with a lion. • newtonpermetersquare: Youâve gotta use protection YouÃ¢â¬â¢ve gotta use protection • Oregon: Images of the Beaver State (35 photos) TodayÃ¢â¬â¢s photo story is the seventh in a year-long Sunday series, focusing on each of the 50 states in the United States of America. The landscape of Oregon is incredibly diverse, ranging from high deserts in the east to lush rain forests in the west, separated by the volcanic mountains of the Cascade range. Gathered here are a few glimpses into the varied terrain of Oregon, and some of the animals and people calling it home. • CircuitBrains Deluxe packs CircuitPython into 1 square inc Kevin NeubauerÂ designed this tiny module that makes it easy to add CircuitPython to a project: ### CircuitBrains Deluxe CircuitPython on an ARM Cortex M4 in almost 1 square inch! This âJust Add Solderâ castellated module is perfect for incorporating into your own project. The CircuitBrains Deluxe board footprint is small enough to fit into narrow spaces and wearable projects. Rolling your own microcontroller board is time consuming. You have to make sure your design has proper power, decoupling, flash storage, and clock. Then you source all of the parts. After that you lay out the PCB and have it fabricated. When the PCB and parts arrive, you have to deal with finicky small-pitch surface mount assembly. Finally, you need to download the sources for the UF2 bootloader and CircuitPython and define your board, compile, and flash. CircuitBrains Deluxe aims to save makers and hackers some time & frustration. Using it in your project is as simple as importing the footprint libraries, adding those libraries to your schematic and layout (along with your USB port of choice), and soldering it on once your board arrives. Kevin is aiming to launch a Crowd Supply campaign soon: • Dollar Store Special [NOTE: This is an updated version of an old article from myÂ QSL.NETÂ website. In the interest of full disclosure: My local dollar store no longer sells the speaker wire I used. While itâll probably cost you a few more bucks to build one, itâll still be a cheap antenna. Although the original article has been on my website for 15 years, I still get the occasional email from folks who have built one.] I love rummaging through our local dollar store. One of the biggest bargains in our local dollar store is speaker wire. You can get 50 feet of two-conductor speaker wire for a buck. Not too shabby. I always keep a bunch of the stuff on hand for antenna experimentation.Â Using a single 50-foot roll of dollar store speaker wire, I made a simple 50-foot random wire antenna with counterpoise wires to cover the 40, 30 and 20-meter bands. I stashed the whole kit in a zip-lock sandwich bag and always keep it on hand as a backup antenna system whenever I operate in the field. With a simple antenna tuner of some sort, this will get you on the air in a pinch, should your primary antenna fail.Â Hereâs all you have to do: 1. Separate the conductors so that you now have two separate 50-foot wires. 2. For the radiator, take one of the 50-foot wires and crimp a small ring lug to one endâright over the insulation. This gives you someplace to tie a line to hoist it up. On the other end, just strip off a half-inch or so of the insulation. You can leave it bare or add whatever kind of connector you want; whatever works best with your tuner. 3. For the counterpoise wires, take the remaining 50-foot wire and cut it so that you have a 33-foot wire and a 17-foot wire. If you only want to work 40 and 20 meters, you can stop right here. You now have counterpoise wires for both of these bands. 4. To provide a counterpoise wire for 30 meters, take the 33-foot wire from Step #3 and cut it so that you now have a 23-foot wire and a 10-foot wire. Strip off about 1/2-inch of insulation from one end of the 23-foot wire. Install a quick-disconnect connector of some sort on the other end, so that you can join the 23-foot and 10-foot wire sections together. The idea here is that, with the two wires connected, you have a 33-foot counterpoise wire for 40 meters. With the two sections separated, you now have a 23-foot counterpoise wire for 30 meters. [Note: If you only plan to operate with the radials laying on the ground, cutting them to resonance isnât too important. You can simplify things a bit by going with just the 33 and 16-foot wires. I think two 25-foot wires would be sufficient, as well. Three 16.6-ft radials is another option to consider. Feel free to experiment here and see what works for you.] In operation, just hoist one end of the 50-foot radiator up in a tree or other suitable support. Connect the other end to the hot side of your tuner. Connect the 33-foot and 17-foot counterpoise wires to the ground connection on your tuner and lay them out on the ground. When you want to work 30 meters, just disconnect the quick-disconnect on the longer counterpoise wire. Pretty simple, eh? Any type of simple L-tuner should work fine for this.Â Please note that I wouldnât recommend using this wire for a permanent outdoor antenna. Itâs not suited for that kind of use. But for temporary outdoor use, itâll do just fine. Besides, if the wire goes bad, you can always replace the whole thing for a dollar!Â 73, Craig WB3GCK Â©2005-2020 Craig LaBarge WB3GCK • Lazy Reading for 2020/02/23 Still backlogged, which means one of these weekends Iâll catch up and youâll have about a zillion links to click. • Due to Pandemic Iâm curious if the Swains DXpedition delay due to a global pandemic was a first in ham radio history event? The backstory here being that an international team of 10 operators planned to be active from Swains Island as W8S from March 10-25th of this year. Being number 34 on the Most Wanted list made this one highly anticipated and the team planned to be active on all HF bands in CW, SSB, FT8 and RTTY. But then came breaking news that the operation would have to be canceled due to the Coronavirus. Not that anyone on the team had contracted the virus, but rather the sudden travel restrictions implemented upon entering American Samoa, restrictions imposed by the Department of Health as a result of the outbreak. The Department of Health allows non-residents to enter American Samoa only via Hawaii, after a 14 days mandatory quarantine in Hawaii. This wasnât workable for the team as it would have extended the time of the excursion by an additional two weeks, and would require re-routing of flights and purchasing new tickets, etc. The GOOD NEWS is that the operation has been re-scheduled: Following the disappointing news earlier this week the Swains2020 team is extremely happy that we can announce the new schedule for the W8S DXpedition to Swains Island. The team will be on the island from September 23 until October 6, 2020. The impact of the deadly Coronavirus continues to be much more serious than simple changes in travel plans. With thousands having died of the virus and the impending collapse of the global economy, the final results from this pandemic have yet to fully materialize. Still I wonder, as just a footnote in our history, was this a first for amateur radio? • Policy vs Technology Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. (He didn't become a senator until 2013.) Back then, he and Vermont Senator Patrick Leahy were the most knowledgeable on this issue and our biggest supporters against government backdoors. They still are. Markey was against forcing encrypted phone providers to implement the NSA's Clipper Chip in their devices, but wanted us to reach a compromise with the FBI regardless. This completely startled us techies, who thought having the right answer was enough. It was at that moment that I learned an important difference between technologists and policy makers. Technologists want solutions; policy makers want consensus. Since then, I have become more immersed in policy discussions. I have spent more time with legislators, advised advocacy organizations like EFF and EPIC, and worked with policy-minded think tanks in the United States and around the world. I teach cybersecurity policy and technology at the Harvard Kennedy School of Government. My most recent two books, Data and Goliath -- about surveillance -- and Click Here to Kill Everybody -- about IoT security -- are really about the policy implications of technology. Over that time, I have observed many other differences between technologists and policy makers -- differences that we in cybersecurity need to understand if we are to translate our technological solutions into viable policy outcomes. Technologists don't try to consider all of the use cases of a given technology. We tend to build something for the uses we envision, and hope that others can figure out new and innovative ways to extend what we created. We love it when there is a new use for a technology that we never considered and that changes the world. And while we might be good at security around the use cases we envision, we are regularly blindsided when it comes to new uses or edge cases. (Authentication risks surrounding someone's intimate partner is a good example.) Policy doesn't work that way; it's specifically focused on use. It focuses on people and what they do. Policy makers can't create policy around a piece of technology without understanding how it is used -- how all of it's used. Policy is often driven by exceptional events, like the FBI's desire to break the encryption on the San Bernardino shooter's iPhone. (The PATRIOT Act is the most egregious example I can think of.) Technologists tend to look at more general use cases, like the overall value of strong encryption to societal security. Policy tends to focus on the past, making existing systems work or correcting wrongs that have happened. It's hard to imagine policy makers creating laws around VR systems, because they don't yet exist in any meaningful way. Technology is inherently future focused. Technologists try to imagine better systems, or future flaws in present systems, and work to improve things. As technologists, we iterate. It's how we write software. It's how we field products. We know we can't get it right the first time, so we have developed all sorts of agile systems to deal with that fact. Policy making is often the opposite. U.S. federal laws take months or years to negotiate and pass, and after that the issue doesn't get addressed again for a decade or more. It is much more critical to get it right the first time, because the effects of getting it wrong are long lasting. (See, for example, parts of the GDPR.) Sometimes regulatory agencies can be more agile. The courts can also iterate policy, but it's slower. Along similar lines, the two groups work in very different time frames. Engineers, conditioned by Moore's law, have long thought of 18 months as the maximum time to roll out a new product, and now think in terms of continuous deployment of new features. As I said previously, policy makers tend to think in terms of multiple years to get a law or regulation in place, and then more years as the case law builds up around it so everyone knows what it really means. It's like tortoises and hummingbirds. Technology is inherently global. It is often developed with local sensibilities according to local laws, but it necessarily has global reach. Policy is always jurisdictional. This difference is causing all sorts of problems for the global cloud services we use every day. The providers are unable to operate their global systems in compliance with more than 200 different -- and sometimes conflicting -- national requirements. Policy makers are often unimpressed with claims of inability; laws are laws, they say, and if Facebook can translate its website into French for the French, it can also implement their national laws. Technology and policy both use concepts of trust, but differently. Technologists tend to think of trust in terms of controls on behavior. We're getting better -- NIST's recent work on trust is a good example -- but we have a long way to go. For example, Google's Trust and Safety Department does a lot of AI and ethics work largely focused on technological controls. Policy makers think of trust in more holistic societal terms: trust in institutions, trust as the ability not to worry about adverse outcomes, consumer confidence. This dichotomy explains how techies can claim bitcoin is trusted because of the strong cryptography, but policy makers can't imagine calling a system trustworthy when you lose all your money if you forget your encryption key. Policy is how society mediates how individuals interact with society. Technology has the potential to change how individuals interact with society. The conflict between these two causes considerable friction, as technologists want policy makers to get out of the way and not stifle innovation, and policy makers want technologists to stop moving fast and breaking so many things. Finally, techies know that code is lawÂ­ -- that the restrictions and limitations of a technology are more fundamental than any human-created legal anything. Policy makers know that law is law, and tech is just tech. We can see this in the tension between applying existing law to new technologies and creating new law specifically for those new technologies. Yes, these are all generalizations and there are exceptions. It's also not all either/or. Great technologists and policy makers can see the other perspectives. The best policy makers know that for all their work toward consensus, they won't make progress by redefining pi as three. Thoughtful technologists look beyond the immediate user demands to the ways attackers might abuse their systems, and design against those adversaries as well. These aren't two alien species engaging in first contact, but cohorts who can each learn and borrow tools from the other. Too often, though, neither party tries. In October, I attended the first ACM Symposium on Computer Science and the Law. Google counsel Brian Carver talked about his experience with the few computer science grad students who would attend his Intellectual Property and Cyberlaw classes every year at UC Berkeley. One of the first things he would do was give the students two different cases to read. The cases had nearly identical facts, and the judges who'd ruled on them came to exactly opposite conclusions. The law students took this in stride; it's the way the legal system works when it's wrestling with a new concept or idea. But it shook the computer science students. They were appalled that there wasn't a single correct answer. But that's not how law works, and that's not how policy works. As the technologies we're creating become more central to society, and as we in technology continue to move into the public sphere and become part of the increasingly important policy debates, it is essential that we learn these lessons. Gone are the days when we were creating purely technical systems and our work ended at the keyboard and screen. Now we're building complex socio-technical systems that are literally creating a new world. And while it's easy to dismiss policy makers as doing it wrong, it's important to understand that they're not. Policy making has been around a lot longer than the Internet or computers or any technology. And the essential challenges of this century will require both groups to work together. This essay previously appeared in IEEE Security & Privacy. • LED Street Light Replacement ## Â ## Will we soon have more RFI noise to deal with? Our local electrical supplier, BC Hydro, says it may begin installing thousands of light emitting diode (LED) street lights across the province this summer. The utility currently owns and maintains approximately 95,000 streetlights around the province, roughly 30 per cent of all streetlights in British Columbia. Most of the ones attached to BC Hydro's electricity poles are high pressure sodium (HPS) lights. Hydro says: "LED lights are known to last longer, are brighter and render colours significantly better than HPS lights." The transition to the energy-saving technology could lead to cost savings of 50 to 70 per cent for the smaller communities who rely on the utility's public lighting, according to the Union of B.C. Municipalities (UBCM). As taxpayers we're certainly in favour of lower costs but, you have only to run a Google searchÂ to learn that, in other areas, Amateurs have expressed concern that these lights may contribute to anÂ increase in RF interference across the spectrum., specifically in the HF bands (below 30 MHz). In some cases this is apparently due to inadequate shielding, poor quality, or lack of components to reduce noise, but it is generally agreed that the electronic power supplies in LED street lights can be the culprit. Here are some of the story links: ABC News Toledo, OHÂ NBC Philadelphia #### RAC, are you monitoring this? ________________________________ Shortly after this story appeared on our blog page, Keith Whitney VE7KW, RAC Director BC & Yukon, responded. It shows that RAC has taken notice: I appreciate your concern, but would like to make a couple of points. • RAC monitors this through the RABC (Radio Advisory Board of Canada) EMC Committee. • The relevant regulation is ICES-005 Lighting Equipment last updated in December 2018 which sets limits on conducted (HF) and radiated (VHF) emissions. Note the LED limits are lower than the Gas Discharge (Sodium light) limits. • Section 4(3) of the Radio Communications Act states that "No person shall manufacture, import, distribute, lease, offer for sale or sell any radio apparatus, interference-causing equipment or radio-sensitive equipment for which technical standards have been established under paragraph 6(1)(a), unless the apparatus or equipment complies with those standards." It is to be assumed that a public utility would be compliant. My personal experience indicates this is not a major problem.Â • I follow the RSGB EMC reports and am not aware that approved LED lighting has been identified as a problem. • I do a lot of contesting from VE7SCC which uses LED lighting almost exclusively in the shack and monitors for noise with an SDR. The site (Riverview Hospital) changed over to LED street lights about 18 months ago with no noticeable noise increase. • I have just come from V3T (Belize) where the 80 through 15m noise levels were some of the lowest I have seen despite the entire resort using LED lighting as well as the Town we overlooked using LED street lamps.Â Nothing in the field of EMC is guaranteed and this will merit ongoing monitoring. I would encourage people with access to an SDR to take a wide band âreference noise spectrumâ now for comparison later. It would be particularly useful if they turn off their house power to prove that the noise source(s) are external. ~ 73 Keith VE7KW Â Â RAC Director BC and Yukon ## February 22, 2020 ## February 21, 2020 • Venus, The Zodiacal Light And A Stealthy Visitor Last night I drove to the country to check on the zodiacal light. I was joined by a wolf! More on that encounter in a minute. Beginning about February and continuing into early May the ecliptic, the path the planets, sun and moon follow across the sky, meets the western horizon at a steep angle. Not only does that cause Venus, the current bright evening planet, to stand high above the horizon after sunset, but everything else that lies along the same path including the zodiacal light. Thatâs why itâs especially easy to see this time of year as long as the moonâs out of the sky. The zodiacal light is shaped something like the top half of a surfboard or a long, elegant finger. It points upward from the western horizon and is best visible from 90 minutes to 2 hours after sunset. Youâll need a dark sky to see it, so plan a trip to the countryside where light pollution is at a minimum. As you can tell from the photo, the sky doesnât have to be perfect. While youâre there, turn to face south, too to enjoy theÂ soft star smoke of the winter Milky Way, complemented by the radiance of Orion and other bright constellations nearby. The zodiacal light may look like some random glow, but youâre seeing a great disk of dusk in the plane of the solar system, seeded by vaporized comets and crashing asteroids. Backlit by the sun, the dust glows the same way sunlight lights up dust when you shake out a dirty rug. Planet orbits are flat, but the zodiacal light extends outward from the ecliptic because dust tends to diffuse outward, and lots of comets circle the sun in highly tilted orbits. Find a location with a wide open view of the western sky and allow your eyes to get used to the dark. Venus will be your guide. It shines from near the center of the smoky glow and points the way. In fact, it may be too helpful because its bright light distracts a little. The zodiacal light is an enormous feature, brighter near the horizon and gradually fading and tapering to a narrow band the higher you look. In terms of fists, if you make a fist and hold it at armâs length, the zodiacal light measures 5-6 fists tall by 2-3 fists wide. I hope you get to see it. The moon wonât trouble this interplanetary dust bunny until after February 25. Hold off looking again until the bright moon exits the evening sky starting around March 12. From March 12 to 25 youâll have nearly two solid weeks of z-lightful viewing. Now about that wolf. When I arrived at my observing spot there were no tracks, nor had any cars been there in a while. But sometime during the next hour, a wolf passed within 20 feet of where I was standing. Maybe even while I took the picture. I only realized it had happened when I flicked my flashlight on to make sure I didnât leave any equipment. Whoa! Judging from the tracks the animal never veered in my direction but proceeded in nearly a straight line. The tracks came from the woods and let to a nearby highway. Apparently I wasnât interesting enough to bother with. Good thing I guess. • Friday Squid Blogging: 13-foot Giant Squid Caught off New Zealand Coast It's probably a juvenile: Researchers aboard the New Zealand-based National Institute of Water and Atmospheric Research Ltd (NIWA) research vessel Tangaroa were on an expedition to survey hoki, New Zealand's most valuable commercial fish, in the Chatham Rise Â­ an area of ocean floor to the east of New Zealand that makes up part of the "lost continent" of Zealandia. At 7.30am on the morning of January 21, scientists were hauling up their trawler net from a depth of 442 meters (1,450 feet) when they were surprised to spot tentacles in amongst their catch. Large tentacles. According to voyage leader and NIWA fisheries scientist Darren Stevens, who was on watch, it took six members of staff to lift the giant squid out of the net. Despite the squid being 4 meters long and weighing about 110 kilograms (240 pounds), Stevens said he thought the squid was "on the smallish side," compared to other behemoths caught. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. • tmpfs paging speedups tmpfs on DragonFly now clusters writes better, so performance is improved in high-activity environmentsâ¦ which is probably why you are using tmpfs anyway.ÃÂ The post says 2-4x improvement when paging out. • Writeups of problem solutions are the best If you post about a problem and later solve it, you will help many people in the future if you summarize the problem and (very important) the fix.Â In this case, Nelson H. F. Beebe installing DragonFlyBSD 5.6.2 on his Dell Precision 7920 workstation. • Juno: Looking Deep into Jupiterâs Atmosphere Weâre learning more about the composition of Jupiterâs atmosphere, and in particular, the amount of water therein, as a result of data from the Juno mission. The data come in the 1.25 to 22 GHz range from Junoâs microwave radiometer (MWR), depicting the deep atmosphere in the equatorial region. Here, water (considered in terms of its component oxygen and hydrogen) makes up about 0.25 percent of the molecules in Jupiterâs atmosphere, almost three times the percentage found in the Sun. All of this gets intriguing when compared to the results from Galileo. Youâll recall that the Galileo probe descended into the Jovian atmosphere back in 1995, sending back spectrometer measurements of the amount of water it found down to almost 120 kilometers, where atmospheric pressure reached 320 pounds per square inch (22 bar). Unlike Juno, Galileo showed that Jupiter might be dry compared to the Sun â there was in fact ten times less water than expected â but it also found water content increasing even as it reached its greatest depth, an oddity given the assumption that mixing in the atmosphere would create a constant water content. Did Galileo run into some kind of meteorological anomaly? A new paper in Nature Astronomy looks at the matter as part of its analysis of the Juno results, which also depict an atmosphere not well mixed: The findings of the Galileo probe were puzzling because they showed that where ammonia and hydrogen sulfide become uniformly mixed occurs at a level much deeper (~10 bar) than what was predicted by an equilibrium thermochemical model. The concentration of water was subsolar and still increasing at 22 bar, where radio contact with the probe was lost, although the concentrations of nitrogen and sulfur stabilized at ~3 times solar at ~10 bar. The depletion of water was proposed to be caused by meteorological effects at the probe location. The observed water abundance was assumed not to represent the global mean water abundance on Jupiter, which is an important quantity that distinguishes planetary formation models and affects atmospheric thermal structure. Now Juno has found water content greater than what Galileo measured. But the fact that Galileo showed a water concentration that was still increasing when the probe no longer could send data makes its results inconclusive. The matter is important for those interested in planet formation because as the likely first planet to form, Jupiter would have contained the great bulk of gas and dust that did not go into the composition of the Sun. Thus planet formation models are keyed to factors like the amount of water the young planet would have assimilated. Scott Bolton, Juno principal investigator at the Southwest Research Institute in San Antonio, comments: âJust when we think we have things figured out, Jupiter reminds us how much we still have to learn. Junoâs surprise discovery that the atmosphere was not well mixed even well below the cloud tops is a puzzle that we are still trying to figure out. No one would have guessed that water might be so variable across the planet.â Image: The JunoCam imager aboard NASAâs Juno spacecraft captured this image of Jupiterâs southern equatorial region on Sept. 1, 2017. The image is oriented so Jupiterâs poles (not visible) run left-to-right of frame. Credit: NASA/JPL-Caltech/SwRI/MSSS/Kevin M. Gill. The research team, led by Cheng Li (JPL/Caltech) used data from Junoâs first eight science flybys, focusing on the equatorial region first because the atmosphere appears to be better mixed there than in other regions. Junoâs microwave radiometer can measure the absorption of microwave radiation by water at multiple depths at the same time. Using these methods, Juno could collect data from deeper in the atmosphere than Galileo, where pressures reach about 480 psi (33 bar). The next move will be to compare this with other regions, giving us a picture of water abundance as Juno coverage extends deeper into Jupiterâs northern hemisphere. Of particular interest will be what Juno will find at the planetâs poles. From the paper: We have shown that the structure of Jupiterâs EZ [equatorial zone] is steady, relatively uniform vertically and close to a moist adiabat [a region where heat does not enter or leave the system]; from this we have derived its water abundance. The thermal structure outside of the equator is still ambiguous owing to the non-uniform distribution of ammonia gas, for which we do not know the physical origin. Deriving the thermal structure outside of the equator in the future not only hints about the water abundance on Jupiter at other latitudes but also places constraints on the atmospheric circulation model for giant planets in the Solar System and beyond. Image: Thick white clouds are present in this JunoCam image of Jupiterâs equatorial zone. These clouds complicate the interpretation of infrared measurements of water. At microwave frequencies, the same clouds are transparent, allowing Junoâs Microwave Radiometer to measure water deep into Jupiterâs atmosphere. The image was acquired during Junoâs flyby of the gas giant on Dec. 16, 2017. Credit: NASA/JPL-Caltech/SwRI/MSSS/Kevin M. Gill. The authors add that Juno has already revealed a deep atmosphere that is surprisingly variable as a function of latitude, highlighting the need to tread cautiously before making any assumptions about the planetâs overall water abundance. Extending these observations into other regions of the planet will be useful because oxygen is the most common element after hydrogen and helium in Jupiterâs atmosphere, and as water ice may thus have been the primary condensable in the protoplanetary disk. Consider this a deep probe into planet formation. The paper is Li et al., âThe water abundance in Jupiterâs equatorial zone,â Nature Astronomy 10 February 2020 (abstract). • Call for Proposals for Teardown 2020 in Portland Call for Proposals for Teardown 2020 in Portland is now on Crowd Supply:Â This yearâs call for proposals is now open. Have an idea for a talk, workshop, demo, or installation? Share it with the world!Â Proposals are due by May 1, 2020. • Photos of the Week: Ghost Ship, Greek Spring, Naked Festival (35 photos) Dog catchers in Cairo, luge championships in Russia, flooding in parts of England, a crash at the Daytona 500, London Fashion Week, heavy rains in Australia, continued fighting in Syria, demining in Colombia, Carnival in Venice, and much more • Grandpa Jason and Grandpa Chad • Mobile Radio Exemption... This news just in tonight: The Ontario Ministry of Transportation has âmade permanent the exemption under Ontario Regulation 366/09 (Display Screens and Hand-Held Devices) of the Highway Traffic Act for hand-held two-way radios for commercial drivers and Amateur Radio operators.âÂ This is about time, it's been a long time coming. Â We should never have beenÂ under threat of losing our mobileÂ privileges at all....but that's another story. • How to Survive the Dreaded Post-Holiday Phone Call My father and I express how much we care for each other by sparing each other the discomfort of ever talking about our feelings. What do we talk about instead? Anything. Literally, anything we can think of that isnât our feelings. The last time we spoke, we spent ten minutes talking about the innovative experimental sail Jacques Cousteau attached to one of his ship in the â80s. As always, thanks for using my Amazon Affiliate links (US, UK, Canada). • How to Survive the Dreaded Post-Holiday Phone Call My father and I express how much we care for each other by sparing each other the discomfort of ever talking about our feelings. What do we talk about instead? Anything. Literally, anything we can think of that isnât our feelings. The last time we spoke, we spent ten minutes talking about the innovative experimental sail Jacques Cousteau attached to one of his ship in the â80s. As always, thanks for using my Amazon Affiliate links (US, UK, Canada). • Report to Members 7 - AMSAT-NA Board of Directors 2020 Greetings all! Since I last wrote, Patrick and I continued to face obstruction on access to corporate records and communications. Recently some things have changed for the better. In late October 2019, AMSAT President Joe Spier had asserted on a teleconference that allowing Patrick Stoddard and I to see ordinary corporate records would lead to us suing AMSAT-NA, therefore we simply couldnât see them. He claimed it was a personnel matter, even though Patrick and I have never been and are not employed by AMSAT. He suggested we had ulterior motives or a conflict of interest. We do not. Refusing to answer questions and denying us access to ordinary corporate records prevented me and Patrick from doing the job that members elected us to do. For this teleconference, Joe Spier brought in a lawyer. This was a big surprise. The funds for this lawyer, it turns out, were paid for by AMSAT. There is no record in the minutes about this expense. The lawyer is not licensed to practice in Washington D.C., where AMSAT is headquartered. This means the law firm cannot represent AMSAT in court. This law firm has been used multiple times, by multiple officers of AMSAT, going back to 2018. No board meetings were scheduled after the annual meeting in October 2019 at Symposium. This was an unusual practice for AMSAT. It was a departure from the traditional schedule that we were expecting, and it definitely slowed things down. Patrick and I repeatedly requested a board meeting. Three members are required to request a board meeting. However, no other board members joined in this request. The other board members, presumably denied access to the same documents that we were, expressed no opinion about this matter at all and took no action to address it. Why suddenly stop the meetings? Did things suddenly get super easy when we were elected? Did votes suddenly become unnecessary? No, of course not. AMSAT is in, according the immediate past treasurer and the current one, in an âunsustainable financial positionâ. That reason alone is reason to meet regularly, come together, and support the one current fundraising project - Kidzsat. Other than fundraising, Patrick and I wanted to address two major issues. The direction of ITAR policy work and what appeared to be several unauthorized expenses. Patrick uncovered the expenditures by repeatedly asking questions about the financial reports. Some of these questions were answered, and the answers contained surprising and disappointing details. We wanted a discussion and a redirection on ITAR/EAR policy, and we wanted answers on the unauthorized expenditures. Without a board meeting, we could not make a lot of progress, especially with officers refusing to answer questions about either subject. With respect to regulatory law issues, we wanted AMSAT to take advantage of the public domain carve outs in ITAR and EAR. We both believe that enshrining a proprietary ITAR policy is completely wrong for an amateur radio 501(c)(3) with heavy educational focus. AMSAT has spent the$10,000 authorized at the 2018 Symposium in Huntsville on consultants that, so far, have summarized a very traditional proprietary path. The consultants did not provide a policy at Symposium. This is one of the biggest reasons we stood for election, was to stand up for a different path forward, while there was still time to save money and effort.

I asked to see the instructions that were given to the ITAR consulting firm. There was no reply. I submitted questions for the consultants to Joe Spier. The consultants never received them. I made multiple efforts to write the board members and raise the discussion. This was fruitless.

I wrote a letter asking AMSAT to support a commodity jurisdiction request to the State Department in support of open source amateur satellite work. This effort takes the opposite approach of the AMSAT consultants. It asks, for the first time, for a State Department ruling on whether amateur satellite work, of the type that we all want to see, falls under ITAR or not. As of today, we do not have anything like this. We do not have any landmark decision to base our work upon. What we have is fear, uncertainty, and doubt. This request was finalized and submitted today, 20 February 2020.

Regardless of the outcome of the decision, whether it is to move amateur satellite work out from under ITAR or to assert that it must be under ITAR, we will have a solid legal answer in the US. Obviously, I and many others want amateur satellite work to be ruled as not subject to ITAR. This places it within EAR. From EAR, public domain work can proceed in a way that our hobby has not enjoyed in decades. But even if itâs ruled as subject, itâs an improvement over guessing and assuming.

This letter was sent mid-December 2019 to AMSAT and a number of other related organizations, all of which have a huge interest in this ruling. There was no answer at all from AMSAT. The letter was not sent to the board for discussion. It was not even acknowledged as received.

This is the sort of work that AMSAT should have done years ago. I am personally paying for this legal effort, and Open Research Institute is the organization making the application. I firmly believe AMSAT-NA should have been the one to do this, but if itâs successful, AMSAT-NA can take full advantage of it. Itâs as win-win as one can get.

On 28 January 2020, Patrick and I delivered a legal demand letter to Joe Spier and the lawyer he hired, and AMSAT paid for. This letter clearly stated the legal facts about denying Directors of a corporation access to ordinary corporate documents. AMSAT was in violation of DC corporate code and the reasons given to date for denying us access and answers were completely legally irrelevant. Specific case law was cited and remedies were listed. A deadline of 7 February 2020 was given.

Joe Spier resigned on 31 January 2020. Neither he nor the law firm replied.
Unlike with our previous requests for a board meeting, one was scheduled pretty damn quick to elect a new President. Joe Spier resigned on a Friday, and the board meeting was proposed for the coming Tuesday. I suggested that we take our time, use the 30 days notice resignation rule in our by-laws, and form a search committee. I thought this was an excellent opportunity to find a highly qualified president that would work with everyone, even people like Patrick and myself.

Paul Stoetzer, as Executive Vice President of AMSAT, was acting president. He could keep the job until the next annual board meeting without any action. However, he refused to delay the election. He set the election as one agenda item. The only other item was approval of the biannual financial report.

Ironically, this report says that AMSAT suffers from no legal threats. Somewhat of a stark contrast to the picture painted by the senior officers regarding me and Patrick. There was no response at all to the request to consider a search committee. No other board members responded to this proposal.

Given the short notice, I asked Bill Reed NX5R if he would consider being nominated for president of AMSAT. I had nominated him at the Symposium board meeting. He lost 5-2 at Symposium, but he replied that he was ready to serve and agreed to be nominated again now that the position was open. I wrote the board, told them I planned to nominate him, and circulated his resume in advance.

At the meeting on Tuesday, Bruce Paige nominated Clayton Coleman. Clayton Coleman had resigned as AMSAT Secretary on 24 September 2019. There wasnât any discussion in advance of Claytonâs nomination. His credentials were not provided. Some of the other board members stated on the conference call that theyâd met with Clayton, had discussed him running. It was obvious they had decided that they would vote for him in advance of the meeting. In other words, it didnât matter who else was nominated.
Clayton won the election 4-3.

Patrick and I delivered a copy of the demand letter to the new President. On the afternoon of 7 February, the lawyer paid for by AMSAT requested a month delay. We consulted with our lawyer, and decided against waiting. We asked our lawyer to call the AMSAT lawyer, and AMSAT (through the lawyer) backed down completely, stating that yeah, ok, fine, we had to have access to all corporate records and documents.

Two days ago, the board of directors email archive was restored, and we could finally see the communications. Presumably, other financial and technical documentation will be available to us in short order. We can now get to work.

This is a huge victory for transparency, accountability, and access.

Or is it?

Why should we have had to fight for five months just to start our volunteer job? Why should we have to personally pay for expensive legal assistance to make AMSAT do the right thing? Why did Clayton Coleman suggest in a message to ANS (https://www.amsat.org/ans-047-amsat-news-service-weekly-bulletins-for-february-16th/) that AMSAT was not in violation of DC corporate code, days before anything was done to address the issues in the demand letter? What is the organization afraid of?

By denying any director access to corporate records, the organization was not complying with the law. Directors normally see a lot more than is publicly available on AMSAT's web site to meet their fiduciary obligations to the organization and its membership. There are a lot of documents that are never published to the website. Are we going to have to fight individually for each of those?

The good news here, is if (and only if) things keep going in the direction they are going, the answer is no, we wonât have to keep fighting for what we have the right to see.

Yes, Claytonâs article was a big surprise, and possibly premature, but it was evidence of the intent of some significant progress, and Clayton did follow through on restoring the email archive.

Clayton made very appreciated efforts to come see me at HamCation 2020. This was the first positive step forward that I had seen from any other senior officer or Director at AMSAT in over a year. He apologized for past treatment by AMSAT leadership, said internal processes were not where they should be, and declared that he wanted things to be different moving forward.

He said without qualification that the problems Patrick and I were facing needed to be addressed. He spoke in front of the people that happened to be at the ORI and TAPR booths. Clayton Coleman heard some blunt criticism from some of them and heard some from me. The most important part, to me, was an acknowledgement of the problems we were facing.

What problems are those? From our view it is a lack of cooperation from officers that truly, honestly believe that they can run AMSAT however they wish with extremely limited involvement from a largely apathetic and disconnected board of directors.

Hereâs an example. The annual budget was delivered to the board meeting at Symposium at nearly the last minute. I abstained from voting on this budget. I had read through it, but the lack of detail, the amount of deficit spending, and the presentation of it as something the board was simply expected to rubber stamp was unnerving. It was evidence of some hard work in the year ahead.
I naively thought I would be well into the necessary details at this point, and not still getting treated like a hostile force.

When I say âhostile forceâ I mean not just resistance from other board members, which is normal when you have differing views, but things like multiple personal attacks on social media from multiple officers of AMSAT.

Patrick and I decided not to include the silly attacks on social media in our legal effort. Itâs beneath us. Social media policy and the abuse of members, the treatment of volunteers, and social media policies are a big reason that Patrick and I both ran for Director. Those reasons appear to remain. The hot-headed and inaccurate attacks on members and leaders are even more surprising since the one and only threat to AMSAT that the current officers acknowledge is âbad publicityâ. Not âlack of fundingâ or âtechnical failuresâ. No, the premier threat to AMSAT is âbad publicityâ. This has been stated at Symposium, at HamCation, by Robert Bankston in the November/December 2019 Journal, and in board email.

When dissent is reflexively classified as bad publicity, then anyone disagreeing becomes an existential threat to the organization and must be attacked. That is the culture you currently have at the top. If you want this to change, then vote this summer and make a difference.

I donât like AMSAT spending many thousands of dollars on unauthorized expenses. I especially donât like it when the expenses are used to try to prevent me from doing a volunteer job that I am deeply committed to carrying out to the best of my ability.

I strongly believe that open source policies and procedures are the absolute best way forward for AMSAT and will continue to fight for and advocate for this at the board level as long as members are willing to send me in to do the job. I have literally put my money where my mouth is here with the Commodity Jurisdiction request.

Clayton proposed a âworking sessionâ for 3 March 2020. This will not be a board meeting, but it is the first actual work session, aside from the emergency board meeting to elect Joe Spierâs replacement, that we have had since the October 2019 Symposium annual meeting. The day after the working session was proposed, the board of directors email archives were restored.

My top priority for the working session is the budget.

What is yours? Let me know, and I will do my best to represent your views at this meeting, and the ones to come. Iâm very optimistic that we will see a return to regular meetings and an improvement in processes and governance.

Thank you for the support over the past months. I refrained from public statements on the advice of the legal expert Patrick and I hired. This was good advice, but hard for an open source and transparency advocate to take!

Yours,
-Michelle W5NYV

## February 20, 2020

Google announced today thatÂ Libre Space Foundation is among the mentoring organizations of Googleâs Summer of Code 2020. This selection provides opportunities for students that would like to work full-time on open space technologies during their summer break and start participating in theÂ Libre Space community.

Google Summer of CodeÂ is an annual program providing university students the chance to work on open -source projects during their summer break while earning a stipend!

If you are interested in working with open-source space technologies this summer, donât hesitate to study theÂ student guideÂ thoroughly, and check ourÂ detailed instructions, withÂ suggested ideas, or introduceÂ your ideas for consideration.

Feel free to check the following video for a quick review of Google Summer of Code.

• BSD Now 338: iocage in Jail

BSD Now 338 is up, which strangely is listed as the â100th episodeâ on the site, but I think that means itâs only indexed through #239.ÃÂ  Anyway, it has the normal ingredients â a ZFS article, a convention note, and a link into a conversation about OpenBSD, among other things.

• Internet of Things Candle

There's a Kickstarter for an actual candle, with real fire, that you can control over the Internet.

What could possibly go wrong?

• The Great Sphinx of Giza Through the Years (21 photos)

The monumental statue known to the world as the Great Sphinx of Giza is believed to have been built more than 4,500 years ago. While photography has only been around for about 200 years, photographers have flocked to the Giza pyramid complex to capture images of the enigmatic creature in the Egyptian desert. Gathered below are varied photographs of the Sphinx throughout the past 170 years, from Maxime du Campâs image of a still-mostly-buried Sphinx, in 1849, to 21st century light shows, and much more.

• A nice round number
 A quiet milestone was reached some months ago, and has only just been tallied up.Â  Doug Sinclair has now built hardware for exactly 100 satellites that have launched from the Earth's surface.Â  A small handful of that count are launch failures, but most made it into orbit!
• Google Summer of Code 2020 Application Results
Today is the day for Google Summer of Code "Accepted Organizations", and I got the extremely kindly written rejection notice for Open Research Institute's application a few minutes ago. There are a *lot* more organizations applying than spots, this was our first year, and we will 100% try again.

Also, there are also designated "umbrella" groups that we can potentially move underneath and still participate. I'm going to reach out and see if we can't get that rolling! If you know of one that would be a good match, let me know.

This is the first year applying, and it resulted in the creation of a much more publicly accessible list of project content than we had with the task board on GitHub.

So, we are going to fully use this list and tackle all the jobs! The content will go straight over the The Ham Calling, a new site designed specifically for connecting high-tech ham work with high-tech hams!

Here's the current lineup:

I'm writing up an article for the Journal as well.

What other projects do you think should be added? This list best serves as a "base" of potential work to advance the radio arts in the community.

Thank you very much to those that volunteered to be mentors! Several of you volunteered to be mentors for the first time, ever. That is a big step and greatly appreciated.

In several cases, hams contacted me with anxiety over being "technical enough" to mentor students. Yes, some of these projects are complex, but mentorship is much much more than being able to answer a student's technical questions. Being supported while taking risks, learning about amateur satellite operation, learning about the amateur "code", and how to fail and start over or roll back to what most recently worked - these are foundational things.

Encouragement and steady support are, in the long run, of greater value than being able to substitute in for a Wikipedia article on FEC.

Next year, assuming things continue to improve, TAPR, AMSAT, and ARRL will all apply to be mentoring organizations along with ORI and GNU Radio and others. Amateur radio is uniquely qualified to serve a meaningful and significant role in open source technical advancement, and I cannot wait to see the future results.

-Michelle W5NYV

• Light curve of the week

The light curve of TIC 394177355 was already flagged by the Kepler team (KOI-3156) when it was observed back in 2015. It shows a multi-eclipsing quintuple system of pulsating stars with orbital periods of 94.2, 8.65, 1.52 and 1.43 days. TESS saw this target 5 years later in Sector 15, and observed it during a triple eclipse. Check out the paper by HeÃâminiak et al. (2017) to find out more about this very interesting and rare system.

• Photo

• U.S. Officials Who Left Office in 2019 and Why

Who left office in 2019? Why? The Cicero Data team mapped the U.S. officials who left office before the end of their term in 2019.

The post U.S. Officials Who Left Office in 2019 and Why appeared first on Azavea.

• Screaming LM386: An Audio Amplifier with PCB Art

Beautiful project from Frank Milburn on element14:

### Screaming LM386: An Audio Amplifier with PCB Art

I decided to give PCB art a try and will be basing my attempt on methods described byÂ Andrew Sowa.Â  Andrew uses Adobe Illustrator for the art work and KiCad for the PCB design.Â  I will also use KiCad but will use my trusty pre-subscription version of Photoshop for the artwork.Â  Inkscape is another possibility.Â  Andrewâs process is described inÂ this videoÂ from which my work is derived.Â  The detail behind many of the steps wonât be described in this post â watch the video for that.

The goal is to take a photograph, painting, etc. and place it on a PCB using the FR4, copper layer, solder mask, and silk screen to make the palette.Â  My PCB will feature the famous workÂ by Edvard Munch, The Scream which has always fascinated me.Â  So, how to turn a masterpiece into a PCB facsimile?

Palette

The limited palette is a challenge.Â  For this exercise the focus will be on the central figure in order to reduce board size (and thus cost) of the experiment.Â  The OSHPark purple solder mask will hopefully give the dark colors desired.Â  Andrew also used OSHPark in his example, and helpfully provided a palette which has been modified here to help describe how the layers translate to color and are stacked for conversion in KiCad.

There is a shared project for the board:

Â