In 1968, during a period called the "Prague Spring," Alexander Dubček, the newly-elected leader of Czechoslovakia, enacted pro-democracy reforms loosening state control and expanding individual rights, giving hope to Czech citizens and angering the Soviet Union. Soviet leaders in Moscow believed that Czechoslovakia, a member of the Warsaw Pact, had gone too far, and summoned Czech leaders for discussions. By late summer, the talks were not going the way the Kremlin wanted, so more than 2,000 tanks and thousands more Warsaw Pact troops were sent to invade and occupy the country on August 21. In the first weeks, occupying soldiers were met with protests and limited resistance, and more than 70 civilians were killed in the conflicts. Within the following year, resistance faded, Dubček was removed from office, his reforms were undone, and a more Soviet-controlled government was installed.
Last week, tens of thousands of people headed home from Vegas, fresh out of this year’s DEF CON. This was a great year for DEF CON, especially when it comes to hardware. This was the year independent badges took over, thanks to a small community of people dedicated to creating small-run hardware, puzzles, and PCB art for thousands of conference-goers. This is badgelife, a demoscene of hardware, and this is just the beginning. It’s only going to get bigger from here on out.
We were lucky enough to sit down with a few of the creators behind the badges of this year’s DEF CON and the interviews were fantastic. Right here is a lesson on electronic design, manufacturing, and logistics. If you’ve ever wanted to be an engineer that ships a product instead of a lowly maker that ships a product, this is the greatest classroom in the world.
Although badgelife may seem like a bunch of hardware engineers sitting behind a pick and place machine for a weekend’s worth of lulz, this is a masterclass of product design and manufacturing. Badgelife is product development, and unlike many other hardware design jobs, the ship date will not slip for any reason. The hardware must be done on time, and if you’re not shipping all the features you promised everyone will be upset. Badgelife is the best experience you’ll ever get in engineering for production, product design, and manufacturing.
The first time I ran into the term ‘water world,’ it had a seductive quality. After all, we think of habitable zones in terms of water on the surface, and a world with an overabundance of water suggested a kind of celestial Polynesia, archipelagos surrounded by a planet-circling, azure sea.
But we immediately run into problems when we think about planets with substantially more water than Earth. For one thing, we may have no land at all. Let’s leave aside the icy moons of our Solar System that may well contain oceans beneath their surface and concentrate on exoplanets in the interesting size range of two to four times the size of Earth. We have to ask what would happen if a planet were completely covered with water, with no run-off of nutrients from exposed rock. Such an ocean could be starved of key elements like phosphorus.
Or how about a planet with a high-pressure zone of ice effectively cutting off the global ocean from the rocky mantle? A world with enough water — 50 times that of Earth has been considered — could create enough pressure on the seafloor to prevent geological activity, blocking the kind of carbon-silicate cycle that adjusts the atmospheric composition we find here on Earth. Cayman Unterborn (Arizona State) thinks liquid water on the 5th planet in the TRAPPIST-1 system could be as much as 200 kilometers deep, 20 times deeper than the Marianas Trench.
Image: A water world as envisioned in a photo-illustration by Christine Daniloff/MIT/ESO.
We don’t want to be too doctrinaire about this. For instance, Ramses Ramirez (Tokyo Institute of Technology) and Amit Levi (Harvard-Smithsonian Center for Astrophysics), have argued that there are ways to exchange greenhouse gases between deep sea ice and the atmosphere (citation below). In other words, we can have a carbon cycle without rock weathering, subject to a number of constraints like stellar type (hotter stars work best here) and rotation rate (thanks to Alex Tolley for his overview of this paper in private correspondence).
This is a work I hope to write about soon, but for now, let me quote from an essay by Shannon Hall on the topic that cites both Ramirez and Edwin Kite (University of Chicago), with a useful reminder from both on not being too quick to limit our thinking to Earth-centric models:
“What I’ve taken away from this project is the inadequacy of working from Earth’s analogy,” says Kite, admitting this conclusion is ironic given that he is a geologist by training. “I love rocks and Earth-history, but you really need to build up from basic physics and chemistry, rather than relying on Earth’s analogy in order to tackle exoplanet problems.” This consideration will be important when astronomers have to determine which individual worlds to further assess with large telescopes like the James Webb Space Telescope or when they have to choose between future missions that would survey hundreds of worlds and those that would study a handful of Earth clones in detail. But there is no consensus yet. “I think it could be dangerous just thinking about everything in an Earth-mindset,” Ramirez says. “You might be missing out on other possibilities.”
Exactly so, and when telescope time is precious, as it will continue to be for all our space-based resources in particular, target selection is critical. Meanwhile, I’ve run across the presentation that Li Zeng (Harvard University) and colleagues made at the recent Goldschmidt conference in Boston. The researchers point to data from both Kepler and the Gaia mission indicating that many known exoplanets may contain as much as 50 percent water. Here we can definitely toss the Earth-centric model out the window. Consider that Earth’s water content is 0.02% by weight. If these data are correct, huge numbers of exoplanets are entirely awash.
Zeng and team have been developing a model of the internal structure of two kinds of exoplanets: Those with a radius averaging about 1.5 times that of Earth, and those averaging 2.5 times Earth’s radius. According to their developing model, those with a radius 1.5 times the Earth’s are generally rocky planets, perhaps five times as massive as the Earth. Those with a radius 2.5 times that of Earth, massing about 10 Earth masses, are likely water worlds.
The model the researchers have developed tracks the changes in mass and radius when planets grow from a rocky core and later accrete either ices or hydrogen/helium gas, with the observed radius and mass-radius distribution reproduced in the model’s simulations. Many of the interesting planets in this range turn out to be water worlds.
“Our data indicate that about 35% of all known exoplanets which are bigger than Earth should be water-rich,” says Zeng. “These water worlds likely formed in similar ways to the giant planet cores (Jupiter, Saturn, Uranus, Neptune) which we find in our own solar system. The newly-launched TESS mission will find many more of them, with the help of ground-based spectroscopic follow-up. The next generation space telescope, the James Webb Space Telescope, will hopefully characterize the atmosphere of some of them. This is an exciting time for those interested in these remote worlds.”
On the larger planets, we can throw out my fanciful ‘Polynesia’ model. The researchers believe the surface temperature here would be in the range of 200 to 500 degrees Celsius. We would see an atmosphere dominated by water vapor, with a liquid water layer beneath, and high-pressure ices below. Our next generation of telescopes can put these ideas to the test.
“It’s amazing to think that the enigmatic intermediate-size exoplanets could be water worlds with vast amounts of water,” says MIT planet-hunter Sara Seager. “Hopefully atmosphere observations in the future–of thick steam atmospheres—can support or refute the new findings.”
The abstract for the Zeng et al. presentation at the Goldschmidt Conference, “Growth Model Interpretation of Planet Size Distribution,” is here. The Unterborn paper is “Inward migration of the TRAPPIST-1 planets as inferred from their water-rich compositions,” Nature Astronomy 19 March 2018 (abstract). The Ramirez and Levi paper is “The Ice Cap Zone: A Unique Habitable Zone for Ocean Worlds,” Monthly Notices of the Royal Astronomical Society 477, 4 (2018), 4627-4640 (abstract / preprint).
James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security -- racism, sexism, etc. -- and the problems with machine learning and the Internet.
Dust from Mars’ global storm is finally beginning to settle out of the atmosphere. As proof, I can report that I’m able to see the south polar cap and several surface features through my telescope. Other observers have reported similar views. But the fact that NASA’s Opportunity rover has yet to “wake up” and contact its handlers back home means we still have a ways to go before the Martian air clears.
NASA’s Opportunity rover has been silent since June 10, when choking dust cut off solar power for the nearly 15-year-old rover. Now that it appears more dust is falling out of the atmosphere than being blown back into it, mission control is hoping to hear from Opportunity soon. There’s reason to be optimistic. Studies before the storm showed the batteries to be in good health, and because dust storms tend to moderate temperatures, the rover should have stayed warm enough to survive its solar limbo.
Just as they do on Earth, dust storms on Mars block sunlight from reaching the surface. Scientists use the “tau” unit to measure how much sunlight is screened by dust. The higher the tau, the less sunlight. The last tau measured by Opportunity was 10.8 on June 10, the highest ever recorded by the rover. Compare that to an average tau of 0.5 for its location. At the time, NASA reported that the sky was as dark as midnight over the rover.
JPL engineers predict that Opportunity will need a tau of less than 2.0 before the solar-powered rover will be able to recharge its batteries. NASA’s Mars Reconnaissance Orbiter (MRO) has been watching for surface features to become visible as the skies clear to help scientists estimate the atmospheric transparency.
During the previous week (Aug. 7-14), the tau was measured at 2.1 — tantalizingly within range — before rising back up to 2.5. According to the latest rover update, it’s possible Opportunity has had a problem with its mission clock, the only instrument still operating. The clock is programmed to wake the computer so it can check power levels. If the rover’s computer determines that its batteries don’t have enough charge, it will again put itself back to sleep. The clock also tells the rover when to communicate; if it doesn’t know what time it is, it won’t know when to send a signal. As a backup, Opportunity can use environmental cues like an increase in sunlight to make an assumption about the time of day.
Several times a week, engineers use NASA’s Deep Space Network, which communicates between planetary probes and Earth, to attempt to talk with Opportunity. The antennas ping the rover during scheduled “wake-up” times, and then search for signals sent from Opportunity in response. In addition, JPL’s radio science group uses special equipment on the antennas to record any radio signal coming from Mars during the rover’s daylight hours, then searches the recordings for Opportunity’s “voice.”
Assuming they finally do hear back, the engineering team will want to know the state of the rover, take its temperature and ask for a history of its batteries and solar cells usage. If the clock lost track of time, the crew will reset it much like the way you or I would re-enter the time on the microwave clock after a power outage.
The rover will take photos of itself to see how much dust has caked onto sensitive parts and solar cells and check to see if dust is affecting mechanical operations. Even if engineers hear back from Opportunity, there’s a real possibility the rover won’t be the same. The batteries have been inactive for so long, their capacity or ability to be fully charged up again may be reduced. This would affect running Opportunity’s heaters during the bitter cold Martian winter when the batteries could quickly lose charge and “brown out.” As for dust, it’s has always been a problem for Mars rovers, but most of it falls away — or is blown off — over time.
While you and I continue to watch Mars from our yards back on Earth, NASA’s best are waiting for a sign. To keep their spirits up they’ve been sending the rover a “wake-up” song each day since August 4 in hopes of hearing back. Granted it’s quirky, but a sense of humor has helped many of us get through tense times.
Here’s the playlist through Aug. 15:
It’s almost a cliche that “I came to Emacs for X but stayed for Org mode.” Org really is the killer app for n00bs, although I believe it’s more of a gateway drug. After you’ve been here for a while, Org is still really nice but it’s all the other benefits that really matter. No matter; there’s no denying that Org really is reason enough to move to Emacs.
Sid Raval has an interesting post in which he exclaims the wonders of Org. He came to Emacs for its Haskell support but it was Org mode that convinced him to stay. His journey is like many others: Org and Emacs just make life so much easier that he started building his workflow around it.
You probably won’t learn anything new from Raval’s post but it serves as yet another reminder why we’re all here. Emacs, provides an unusually rich environment for getting your work done. Some of us think that that’s because it recapitulates the Lisp Machine experience, others because it’s just a really nice work environment that happens to include an editor. Whatever your reason, Emacs is a clear win. Raval’s post is yet another affirmation of that fact.
Bzzz… All that buzzing you heard on the bands on Sunday was the annual running of the NJQRP Skeeter Hunt contest. Happily, I got home from my recent vacation in time to join in the hunt.
The theme of this year’s contest was “water – the breeding ground for Skeeters!” In the spirit of the theme, I headed down to Upper Schuylkill Valley Park along the Schuylkill River near Royersford, Pennsylvania.
It had been raining all morning and it was drizzling when I got to the park and started setting up. Because of the inclement weather, I opted to operate from inside my truck. I put my usual 19-foot vertical on the back of the truck and fired up my KX3. I tested the rig on 40M by working a SOTA station in Vermont and a special event station in Illinois.
As I was operating, a fellow was curious about my antenna and walked over to ask about it. As I started to explain what I was doing, we both recognized each other. As it turns out, we were childhood friends and grew up less than a block away from each other. He happened to be visiting in the area and took his grand-kids fishing in the river. We hadn’t seen each other in more than 40 years, so we spent a half hour chatting and getting caught up. If he hadn’t been curious about my antenna, we never would have noticed each other. What an amazing coincidence!
Back to the contest… I operated for about an hour and a half. There was some deep fading on the bands but 20M eventually seemed to open up a bit. I bounced between 40M and 20M, alternating between CQing and search & pounce. When it started raining again, I figured it was a good time to wrap things up. I ended up with 20 QSOs (18 skeeters) in 11 SPCs.
Here’s my log:
UTC BAND CALL MODE RST-S RST-R SPC SKEETER NUMBER 1703 40M N3AQC CW 559 449 PA Skeeter #77 1713 40M KD3CA CW 589 579 PA Skeeter #44 1720 40M VE2DDZ CW 569 559 QC Skeeter #35 1723 40M N8RVE CW 559 559 OH 5W 1727 40M WF4I CW 579 559 NC Skeeter #70 1733 40M WQ4RP CW 559 559 NC Skeeter #11 1804 20M W5IQS CW 559 559 TX Skeeter #170 1807 20M KF5RY CW 559 559 TX Skeeter #26 1811 20M NN9K CW 599 599 IL Skeeter #64 1817 20M AD0YM CW 599 449 MO Skeeter #16 1821 20M NE5DL CW 559 559 TX Skeeter #25 1825 20M NQ3N CW 599 579 FL Skeeter #141 1829 20M WB4OMM CW 579 579 FL Skeeter #98 1841 20M N5GW CW 599 569 MS 5W 1844 20M KD0V CW 569 559 MN Skeeter #99 1851 20M W3HZZ CW 559 559 GA Skeeter #131 1907 20M N0JBF CW 559 559 MO Skeeter #37 1913 20M K4BYF CW 599 549 FL Skeeter #107 1915 20M K4BAI CW 559 589 GA Skeeter #163 1920 40M NK9G CW 559 559 WI Skeeter #6
As always, the Skeeter Hunt was fun, even with the lousy weather. Thanks to Larry W2LJ and the NJQRP Club for once again putting on this great contest!
72, Craig WB3GCK
Unlike normal weekend plans for Curiosity that encompass three martian days, this plan only covers two. This ‘Soliday Sunday’ isn’t really a day off for the rover like it implies, but instead allows the planning schedule on Earth and Mars to get back in sync. On Monday, the team returns to regular planning but there’s still some great science happening this weekend.
CheMin is continuing its analysis of the ‘Stoer’ drill sample but it’s not the only instrument interested in getting a piece of the latest drill target. SAM, Curiosity’s mass spectrometer instrument, is going to receive a sample drop-off from the drill assembly in the weekend plan. However, the Evolved Gas Analysis (EGA) won’t actually be planned until Monday. Evolved Gas Analysis is a powerful technique that allows SAM to reveal the chemical makeup of the sample. In an EGA, the sample is heated and the materials that decompose or desorb (the opposite of adsorbing) at a specific temperature are measured in a mass spectrometer.
Targeted remote sensing on a suite of samples in the workspace continues to help us better understand the context of the drill hole. Environmental monitoring to track the waning dust storm and change detection on the drill hole tailings will also be carried out.
Written by Christopher Edwards, Planetary Geologist at Northern Arizona University
On Aug. 13 (Sol 2139), NASA’s Mars Curiosity rover came across a strange-looking object while rolling through Pettegrove Point on the lower slopes of Mt. Sharp in Gale Crater. What could it be? Duct tape, birch bark, a flake of paint from the rover? It’s easy to imagine something unnatural or even alien in its appearance.
The rover team originally thought it might be a piece of spacecraft debris but on closer observation, they arrived at a more prosaic explanation: a very thin flake of rock. Brittney Cooper, writing in the most recent Curiosity update offered this tongue-in-cheek comment:
“Perhaps the target should have been given a different name befitting the theme of the current quadrangle in which Curiosity resides: “Rabhadh Ceàrr”, or “False Alarm” in Scottish Gaelic.”
In the closeup photo, taken with Curiosity’s close-up ChemCam camera, the mystery lessens as the extra detail clearly shows its rocky nature. I know what you’re thinking — you wanted it to be some kind of life-related Martian artifact, too. Maybe next time. In the upcoming Mars 2020 mission, set for launch in July/August 2020, the new rover will drill into promising soils and rocks in habitats that could have supported life then cache the samples for later retrieval and deliver to Earth for analysis.
When you have a complex task that would sap the time and energy of your microprocessor, it makes sense to offload it to another piece of hardware. We are all used to this in the form of the graphics chipsets our computers use — specialised processors whose computing power in that specific task easily outshines…
Done well ahead of time, knowing I’d be on the road this past week.
DynamicUserfeature is (currently) dangerous. Yeesh.
Ayrat Badykov has a short post on Why Emacs is a great text editor. The post is really about why he switched to Emacs and why he’s sticking with it. Although you won’t find anything in the post to convince a n00b, there are a couple of interesting points worth commenting on.
First, Badykov says that he was convinced to move from Sublime to Emacs when he pair programmed with a Vim user. He was, he says, blown away by how much more productive the Vim user was in his editing compared to his. The Vim user never used the touch pad; he did everything with shortcuts and had shortcuts for everything. He chose Emacs instead of Vim because Emacs was “popular” in his community and there were lots of videos and blogs about using it.
This really resonated with me. Most of you know that I’m strictly laissez-faire about what editor people use. It’s not that I don’t have strong feelings about the matter, it’s just that I wouldn’t think of imposing my views on others. I’m happy to let people use whatever editor they find is best for them. All that said, I have to admit to a bit of annoyance when people who have never used Emacs or Vim or, in fact, have never used any editor other then some menu/mouse driven abomination complain that Emacs/Vim are “old technology” and don’t look as nice as whatever it is they’re using. Badykov provides the perfect rejoinder: those Emacs/Vim users with their old editors are much more efficient than you are. They save a second or two on each operation and that can add up to hours a day. Whether or not Emacs/Vim users can actually save hours every day, there’s no doubt that we are a lot more efficient.
The second thing I found interesting about the post is that under “disadvantages of Emacs,” Badykov notes that there’s a steep learning curve and that it might take you a couple of weeks to become proficient with it. I’m as much in favor of instant gratification as the next guy but it would never occur to me that I could install Emacs and instantly become proficient. After 10 years I’m still learning and it’s not unusual for me to think, “How did I not know that?” after learning some new feature or trick.
Like anything else worthwhile, Emacs requires a commitment to become even reasonably adept at its use. If you aren’t prepared to make that commitment, there’s always nano or whatever mouse/driven editor you’re using now. Just don’t expect to be as efficient as those of us using those “outdated editors.”
Harking back to my old post on Using Emacs, I expect that Badykov is or is going to become a first rate developer. Not because he uses Emacs but because he cares about his tools and is willing to put in the effort to master them.
Update: Batsov → Badykov
Thursday announced itself as one of those summer-privileged days perfect for a leisurely sail in Lac Deschènes: sunny, with day temperatures from 20º C to 26º C, with light albeit fairly sustained NW winds at around five Kts.
The crossing started at 10:15am EDT. At the KN8 junction marker the sail was hoisted and sheeted with the end of the boom levelled with the toe-rail (close-reaching with the mainsail at midship is not recommended for cat-rigged boats). Then the chase (for the wind) started… The first two tacks, were done in good wind for the first 1.5 NM where speed was sustained above 2.5 Kts. From there on, frequent lulls significantly reduced the average speed. Also, at the end of the fourth tack the wind veered more to the NNE forcing the close-hauled course to be adjusted accordingly. After a couple of more short tacks, the fairway buoy at the entrance of the channel was already abeam. The sail was dropped and the Tohatsu took over.
The chart piece on the left shows the entire track recorded by the Garmin GPSMAP 78 in a MacENC display of CHS raster chart 1550, and the one on the right is courtesy of program GPXSee (https://www.gpxsee.org), showing the speed over distance graph for the upriver journey. The colour arrows indicate the “helm’s a lee” moments. The brief drops in boat speed were due to sudden wind lulls. On sail, the distance covered was of 4.3 NM, in 2:50 Hrs, at the “zooming” average speed of 1.5 Kts.
In the Aylmer marina the floating docks for visitors are superb and docking on idle was even easier than it usually is when approaching Sassy’s dock at Nepean.
After performing the required salute to the captain overseeing the river from the upper floor of the club house of le Club de Voile Grande Rivière…
… two hours were spend visiting, first the Resto Bar for a long glass of Cheval Blanc (a white brew from Montreal, QC), and then a nice stroll along the beach and woods of “Les Cèdres”.
Sassy reluctantly bid “au revoir” undocking exactly at 16:00 hrs. In almost no wind, she surrendered herself to the muscle of the Tohatsu and the gently steering of Steve-Theodore, her ST-1000 first mate, supported by the flexible UniSolar 11W solar pannel charging her dual 48 AHr batteries. Sassy was also more than happy to share the ride with the lonely bumblebee that insisted in trying to extract nectar from the colour threads in the rope of the mainsheet.
The entrance to the marina was perfectly timed just before the able racers of the club lined up in the channel to exit for their regatta of the day. After a perfect single-handed docking at Sassy’s narrow slip in the Nepean Sailing Club marina (something that Sassy’s skipper is not always able to achieve), he had the rare opportunity of sharing a table and an inspiring chat about sailing and literature with Dr. Nigel G., a formidable sailor and colleague sailing-instructor at the CYA (now Sailing Canada), with whom he once had the pleasure of sharing the decks of “Constance”, a Bavarian 37 that once set sail off Granville Island in the Port of Vancouver.
Last time on Circuit VR, we looked at creating a very simple common emitter amplifier, but we didn’t talk about how to select the capacitor values, or much about why we wanted them.
Overflow from two weeks running, cause of travel.
Look up at the half-moon tonight and you’ll see dark spots on its top half. Kids assemble these and other dusky patches into the face of the man-in-the-moon. Because they looked smooth and dark from Earth, ancient skywatchers wondered whether they might be bodies of water. But with the advent of the telescope in the early 1600s astronomers quickly realized that they were relatively craterless plains of solid rock.
These days, we know that the seas (“maria” — MAH-ree-uh — in Latin) began as giant scars left by asteroid impacts around 3.9 billion years ago, when the moon was just a babe. Between 3.5 and 3 billion years ago they filled with dark basaltic magma that bubbled up from deep within the moon’s interior. Because most of the heavy meteoroid bombardment by meteoroids had occurred millions of years earlier, the seas generally lack big craters, giving them a smooth appearance. Closer inspection with a telescope especially around lunar sunrise and sunset, when the sun’s light strikes the landscape at a low slant, a modest number of smaller craters pop into view.
Tonight, with the moon approaching half (first quarter phase), more than a half-dozen are on display from the iconic Sea of Tranquillity (Mare Tranquillitatis), site of humankind’s first boot prints in the lunar soil, to Mare Smythii, one of the few seas named for a person, William Henry Smyth, a 19th century British astronomer.
Most if not all the maria — along with a bay and two lakes — should be visible in a pair of 7x binoculars. Any small telescope will show them all without difficulty. Because the moon’s speed varies along its orbit, faster when closer to the Earth and slower when farther, we get to occasionally peek around the edges to see features that are otherwise hidden or foreshortened. The effect is called libration. This weekend, libration will expose two otherwise tricky seas: Mare Smythii and Mare Marginis, the fittingly-named Sea of the Edge, along the eastern limb of the moon.
Once you’ve spotted the seas, try for the smaller regions including the Bay of Roughness and the poetic Lake of Dreams and Lake of Time. Even if you only find the largest — Serenity, Crisis, Tranquillity, Fertility, Nectar — you’re well on your way to finding your way around Earth’s only natural satellite. And if tonight’s cloudy, the next few nights they’ll still all be there plus a few more.
Recently I’ve been reading a lot about the general area of digital commons - which includes open online resources, open source projects, and (presumably) whatever a data commons is. Most broadly defined, these are resources and projects that are open to contribution, and produce digital public goods. I’m particularly interested in the question of sustainability, which led me to Ostrom’s design principles for common pool resources, and the idea that “engaged effort” or “attention” is the common pool resource to be managed by a community for sustainability.
I’ve come across several different ideas about what the common pool resource is in digital commonses, and I wanted to explore them a bit. So, here goes.
The Data Commons Blueprint is a brilliant writeup of what a Data Commons might be, and I share most of their ideas about community governance and the importance of building communities of practice around data sharing and data analysis. But I have a pretty basic disagreement with one pillar of their argument. The authors define a data commons as being significantly founded on the availability of data:
Unless all parties feel good about sharing their data, they will be unlikely to do so. … A model where data is fenced off as private property reinforces silos of competing interests rather than data integration of sharing.” (p11)
How - and why - access to and reuse of data is controlled goes a long way to explaining why creation of a commons faces real challenges. (p20)
This view of data is enshrined in their first Principle of a Data Commons: “Data is a common-pool resource.” (p31).
But there is a fundamental disconnect here with common-pool resource (CPR) theory. A CPR must be both non-excludable, and rivalrous (see this matrix). Non-excludability is “easy”, in the context of a Data Commons: it just means that data access is hard to restrict in practice, which is clearly true. But rivalrous is is harder to achieve with data, because, fundamentally, data doesn’t get “consumed” by use - and, in fact, opening up data access is an act with significant positive externalities, in that data use and reuse generates many indirect benefits for people other than the originator of the data. That’s actually kind of the point of a data commons!
An additional challenge for me, if not for the general idea of a data commons, is that the NIH Data Commons cannot open up data access to all because we are including human subjects data, e.g. the TOPmed and GTEx studies and eventually many more. Access to much this data will never be completely open due to IRB requirements. This legal restriction would suggest that the NIH Data Commons cannot ever be a Data Commons, which seems problematic to me, at least, as someone engaged in trying to build it.
Interestingly, this intersects with another disagreement I have - this time, with Albert Wenger in World After Capital, a book that Nadia Eghbal pointed me towards. In this (fascinating and very readable) book, Wenger argues that eventually all information will be open, and has a whole section on “Getting over Privacy and Confidentiality.” While he makes many interesting arguments, I think he’s arguing past a fundamental mismatch with human psychology and how humans view risk, and that this will involve a pretty radical shift in how human brains work. More to the point, data discoverability and interoperability seems at least as important as data access - it doesn’t matter if you can access the data if you can’t find it or work with it, and if you can find the data and believe you can work with it, you will be more motivated to seek access.
I think we can work our way past both of these disagreements if we state that data openness itself is not the key to a data commons, but rather a “good” that is managed and curated by a data commons for a purpose, e.g. knowledge production from that data. If the data is not open, it can be viewed as a club good; if it’s open, it’s a public good. But either way it requires management and curation (and presumably various kinds of infrastructure to help with knowledge production).
This brings us back around to the concept of engaged effort or attention as the resource to be managed by a Data Commons, in support of sustainability.
I just finished my first pass reading of an argument by Schweik in Ostrom and Hess, 2007 that defines source code as the common pool resource being managed by an open source project:
In FOSS commons, groups of people act collectively to produce a public good (the software), rather than overappropriate the resource. (p279)
I also disagree fundamentally with this. There are some interesting arguments about copyleft and the GPL and management of the CPR, but at least on first reading, they fall apart when you realize that (a) a lot of FOSS uses non-copyleft licenses, and (b) a public good cannot be a common-pool resource anyway, because source code itself is not rivalrous.
This intersects with a point that Nadia Eghbal and others pointed out to me - that successful open source projects are at least partly about managing the maintenance effort involved in software production.
Interestingly, this all connects to another discussion, this time about open access, and scientific publication more generally. Recently, William Gunn made the argument that publishers contribute quite a bit to science by “assemb[ing] thousands of people to devote their lives to producing and distributing a corpus of high quality [ … ] knowledge. … this is a valuable thing & it’s worth the money spent.” Viewed through the above lens of a commons and its sustainability, what Gunn is saying is that the effort Elsevier and others are putting into sustaining a scholarly commons is valuable.
I actually agree with that! I have at least two points of major disagreement, though - first, it is clear that Elsevier in particular is making a particularly handsome profit off of the scholarly commons, and that seems like an unwise use of our limited funds for science. I certainly don’t think this should be a for-profit activity, but I do see value in it and agree that someone needs to be paid to do it, somehow; and there are many models for that.
My second (more fundamental) disagreement with Gunn is that Elsevier and others’ business models depend on restricting access to information, and this impedes research. More specifically, all closed-access publishers' business models rely on “successfully monetizing inconvenience” (this wonderful phrasing is from Justin Peters at Slate!) Rephrasing this in the terms above, the academic-publishing complex is producing club goods, and publishers are not only profiting from producing these goods (see previous paragraph) but for accessing these goods. This is bullshit, period - the marginal cost of distributing digital content on this scale is effectively zero, and closed access publishing is an absolutely absurd case of rent seeking. We know this because there is a perfect counterexample: Sci-Hub distributes scientific publications to all and sundry for free.
Circling back around once again: if a scholarly commons is partly about managing effort in pursuit of sustainability, then universities and faculty positions can be viewed as one way to pay for the effort involved, while publication fees can be viewed as another. This is quite distinct from the question of whether the knowledge produced (publications) should be club goods or public goods; whatever they should be, it’s impossible to to argue that publications are a rivalrous commodity, and hence they cannot be considered as a common pool resource.
Commons should be about managing common-pool resources.
Common-pool resources are defined as resources that are non-excludable and rivalrous.
Data is non-rivalrous. Source code is non-rivalrous. Publications are non-rivalrous. Bits, in general, are non-rivalrous. So bits can’t be the common pool resource being managed by a commons.
This is fine and leads in some interesting directions!
p.s. Thanks, as always, to Nadia Eghbal for her insight! And thanks to Josh Greenberg, once again, for pointing me at club goods!
My family and I went on our annual vacation in Corolla on the Outer Banks of North Carolina. Ham radio-wise, it started off as a challenging week.
We arrived at the house we rented for the week after a long but fairly non-eventful drive. As we were unloading at the house, a storm rolled in. This delayed getting an antenna set up.
We were also visited by a security officer for the development we were in. Apparently, my daughter’s small cargo trailer was in violation of the Development’s rules. I won’t go further into that but, because of that drama, I decided to keep my antenna as low-profile as possible.
On Sunday afternoon, I finally got an antenna set up. I sloped a 29.5-foot wire down from a 3rd story deck to a wooden fence behind the house. It tuned up OK and I appeared to be getting out. Unfortunately, the local noise level was horrendous. Despite the high noise levels, I managed three quick contacts in the SKCC WES contest.
On my second full day there, I used my Alexloop outside on the deck. It helped to make the noise situation more manageable on most bands. The 20M band was still a bit noisier than I would have liked, though. Even though we were only 2 blocks from the ocean, our rental house overlooked a scenic little lake. The struggle with the noise levels was at least partially offset by the great view I had.
On the third day, I removed the sloper and installed a 53-foot inverted L antenna. I mounted a 9:1 UNUN near ground level and ran the wire up the deck support. I ran the horizontal portion of the wire along the top rail of the deck. I estimate that the vertical portion was about 20 feet with the remaining 33 feet running horizontally. Surprisingly, the inverted L had significantly lower noise levels and seemed to be getting out pretty well. There was a picnic table conveniently-located near the antenna’s feed point, which provided a shady spot in the morning hours.
For the remainder of the week, I fell into a pattern of getting on the air each morning for a few QSOs. Most of my contacts were casual rag chews. It was nice to chat with a few familiar stations I haven’t worked in a while. The shade out there was usually gone by 1PM, so I limited my operating to the morning hours. The rest of the time was spent with the family and doing the usual things you would expect for a beach vacation.
It was a great vacation. This week was a perfect example of why I always like to bring several options for antennas. These rental houses are all different and sometimes you never know what you’re going to run into when you get here.
72, Craig WB3GCK
On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries.
The FBI put out its alert on Friday, Aug. 10. The criminals who hacked into Pune, India-based Cosmos Bank executed their two-pronged heist the following day, sending co-conspirators to fan out and withdraw a total of about $11.5 million from ATMs in 28 countries.
The FBI warned it had intelligence indicating that criminals had breached an unknown payment provider’s network with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.
Organized cybercrime gangs that coordinate these so-called “unlimited attacks” typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum withdrawal amounts and any limits on the number of customer ATM transactions daily.
The perpetrators alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.
My story about the FBI alert was breaking news on Sunday, but it was just a day short of useful to financial institutions impacted by the breach and associated ATM cashout blitz.
But according to Indian news outlet Dailypionneer.com, there was a second attack carried out on August 13, when the Cosmos Bank hackers transferred nearly $2 million to the account of ALM Trading Limited at Hang Seng Bank in Hong Kong.
“The bank came to know about the malware attack on its debit card payment system on August 11, when it was observed that unusually repeated transactions were taking place through ATM VISA and Rupay Card for nearly two hours,” writes TN Raghunatha for the Daily Pioneer.
Cosmos Bank was quick to point out that the attackers did not access systems tied to customer accounts, and that the money taken was from the bank’s operating accounts. The 112-year-old bank blamed the attack on “a switch which is operative for the payment gateway of VISA/Rupay Debit card and not on the core banking system of the bank, the customers’ accounts and the balances are not at all affected.”
Visa issued a statement saying it was aware of the compromise affecting a client financial institution in India.
“Our systems were able to identify the issue quickly, enabling the financial institution to take appropriate action,” the company said. “Visa is working closely with the client in supporting their ongoing investigations on the matter.”
The FBI said these types of ATM cashouts are most common at smaller financial institutions that may not have sufficient resources dedicated to staying up to date with the latest security measures for handling payment card data.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert read. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
In July 2018, KrebsOnSecurity broke the news of two separate cyber break-ins at tiny National Bank of Blacksburg in Virginia in a span of just eight months that led to ATM cashouts netting thieves more than $2.4 million. The Blacksburg bank is now suing its insurance provider for refusing to fully cover the loss.
As reported by Reuters, Cosmos Bank said in a press statement that its main banking software receives debit card payment requests via a “switching system” that was bypassed in the attack. “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” the bank said.
Translation: If a financial institution is not fully encrypting its payment processing network, this can allow intruders with access to the network to divert and/or alter the response that gets sent when an ATM transaction is requested. In one such scenario, the network might say a given transaction should be declined, but thieves could still switch the signal for that ATM transaction from “declined” to “approved.”
One final note: Several news outlets have confused the attack that hit Cosmos Bank with another ATM crime called “jackpotting,” which requires thieves to have physical access to the inside of the cash machine and the ability to install malicious software that makes the ATM spit out large chunks of cash at once. Like ATM cashouts/unlimited operations, jackpotting attacks do not directly affect customer accounts but instead drain ATMs of currency.
Update, 8:10 p.m. ET: An earlier version of this story incorrectly stated that there were only 25 ATMs used in the cashout against Cosmos. The figure was meant to represent the number of countries with ATMs that were used in the heist, not ATMs, and that number is 28 at last count.
Flowers carpet Brussels, an alt-right rally is met with overwhelming opposition in Washington, D.C., City2Surf takes off in Sydney, the Women’s Softball World Championship is underway in Japan, a farewell is bid to Aretha Franklin, the Obon prayer is made in Japan, abandoned share bikes find homes in Germany, record-setting hot dogs are lined up in Mexico, a cardboard Viking church collapses in Liverpool, a bridge collapses in Italy, a newborn gibbon shows off in Prague, and much more.
When we think about what is usually called ‘planetary protection,’ we’re talking about the probes we send to possibly life-bearing places like Mars or Europa. It would confound our investigations if we couldn’t be sure we hadn’t contaminated such a place with microorganisms from Earth, unwittingly carried aboard a lander that was not properly stripped of such passengers. Even our Cassini Saturn orbiter was guided into the planet as a way of ensuring that it would not, at some future date, crash into a place as biologically interesting as Enceladus.
Yesterday, having looked at an essay by Ethan Siegel, I asked rhetorically whether we should think up some kind of exoplanetary protection policy as well. After all, we’re fleshing out an actual mission design through Breakthrough Starshot, aiming to reach nearby stars in coming decades. Siegel (Lewis & Clark College) had expressed his concern that Breakthrough Starshot might inadvertently start an interstellar war. The idea is extreme, but I use the word ‘war’ because it was right there in the title of Siegel’s piece.
What Siegel worries about is that among the large number of payloads Breakthrough Starshot would like to send to nearby stars there might be one that accidentally impacted the planet under study. He’s concerned about the ‘cone of uncertainty’ that would be involved in any trajectory aimed at making a close pass of a planet like Proxima b and argues that at 60,000 km/sec, which is the Starshot goal of 20 percent of c, a tiny 1-gram payload will strike with the force of a 1 tonne asteroid moving at 60 km/sec, a hit like Chelyabinsk.
Harvard’s Avi Loeb, who chairs the Breakthrough Starshot advisory board, finds little merit in the concern. I had been wondering as I wrote yesterday’s post just what Dr. Loeb would have to say about Siegel’s views, only to find an email with a link to his new essay in Forbes in my mailbox shortly after I published — his piece had already appeared that morning. Loeb points out that at a tenth of the speed of light, a payload of Starshot size would “…merely carry the energy of a common asteroid, only a few meters in size — of order the height of a person. Such asteroids hit the Earth a few times per year and burn up in the atmosphere.”
Here is a map of asteroid impacts that Loeb linked to in his essay.
Image: This diagram maps the data gathered from 1994-2013 on small asteroids impacting Earth’s atmosphere to create very bright meteors, technically called “bolides” and commonly referred to as “fireballs”. Sizes of red dots (daytime impacts) and blue dots (nighttime impacts) are proportional to the optical radiated energy of impacts measured in billions of Joules (GJ) of energy, and show the location of impacts from objects about 1 meter (3 feet) to almost 20 meters (60 feet) in size. Credit: Planetary Science.
The map, the work of NASA’s Near Earth Object Program, is instructive. All told, 556 small asteroids impacted our atmosphere in a 20-year period, almost all of them disintegrating in the atmosphere, with the obvious exception of the Chelyabinsk event, which was caused by the largest asteroid to strike in this timeframe. My understanding about Chelyabinsk is that the meteor was approximately 20 meters in size, moving at roughly 19 kilometers per second.
But wouldn’t a one-gram payload moving at Starshot speeds still wreak havoc if it fell on a planetary surface? Evidently the event wouldn’t happen. Let me quote Loeb on this:
…a gram-scale starchip would burn up in the atmosphere of a planet much more easily than a tonne-mass asteroid. Its impact on a planet would be no more irritating than the impact of a dust grain on the skin of a grazing cow. The interplanetary medium is full of debris that poses far greater risks to a planet, as the dinosaurs realized when wiped out by the impact of a 10-15 kilometer asteroid (a trillion times more massive than we just considered) some sixty five million years ago.
In any case, Loeb sees the chances of collision at something less than one part in a million, given the fact that knowing the relative positions of planet and spacecraft over a journey lasting decades is impossible with the payload as envisioned. What Breakthrough Starshot does expect is a closest approach thousands of times larger than the surface of any planet.
We should pause on the deceleration question, which comes up repeatedly whenever I talk about Starshot probes with people new to the project. While it is certainly true that deceleration and orbit in, say, the Proxima Centauri system would be a huge benefit, there is no way to make it happen given the current constraints on the payload, which relies on miniaturization and nonetheless requires vast energies to be brought up to cruising speed. Our initial interstellar efforts will surely be flybys for this reason, and there is a wealth of science that can be gathered.
The other thing to be remembered is that Breakthrough Starshot is an ongoing effort to demonstrate the feasibility of beamed laser sail technologies. Submissions from the first Requests for Proposals are being evaluated as sail stability and materials are considered by way of moving toward experimental work in what we can hope will be a dedicated sail facility. The laser array that would drive these craft presents huge challenges of its own, as do the many other issues, like communications, that will have to be resolved before any interstellar mission can be flown.
We’re looking at an interstellar capability that, if everything were to go well, would still take 30 years to produce a working infrastructure. To those new to Breakthrough Starshot, I recommend looking at the list of technical problems that face the project as it determines whether the concept is sound enough to move to prototype stage enroute to a full deployment. This is going to take time, and we won’t know for quite a while whether the Starshot concept, as is, is workable.
What we do already know is that the commitment of resources underlying the project is already paying off, and will continue to pay off, in the form of newly funded research.
Anyone familiar with the history of interstellar flight studies will know how rare it is to have this level of cooperation and participation among the scientists best equipped to tackle the problem. For most of the past century, researchers interested in the interstellar conundrum did their work in their spare time and met only at the occasional conference, with infrequent journal articles maintaining the thread. The research Breakthrough Starshot will produce will thus be a solid advance for the entire field, no matter if, when or how often the actual missions are flown.
|POTA at Clinton State Park, Kansas|
|The Elecraft KX2 paired with the Elecraft KXPA100 amplifier|
|The N6BT Bravo 7K vertical|
|Suzy chilling in the shade of the van.|
|The scene at Clinton.|
Michael W. Lucas is reading from his ‘git commit murder‘ book tonight at 7 PM, in Clawson, Michigan.
Interesting research on web tracking: "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies:
Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.
In this paper, we evaluate the effectiveness of these defense mechanisms by leveraging a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identify several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were evaluated. We find that even built-in protection mechanisms can be circumvented by multiple novel techniques we discover. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.
The researchers discovered many new tracking techniques that work despite all existing anonymous browsing tools. These have not yet been seen in the wild, but that will change soon.
Nurullah Akkaya has an interesting project, Ferret, that compiles a Lisp dialect into C++. It’s very portable and can compile code not only for the major platforms but for embedded systems as well. Basically anything that can support C++ can be used as a target.
The system is written in Clojure so it would normally fall outside of Irreal’s interests but it has one feature that makes it very interesting to Irreal: The source of the whole system is a single Org mode file. If you had any doubts as to whether Org could support a literate programming approach in a non-trivial project, you can put them aside. If you follow the above link, you’ll see a beautifully rendered manual complete with the source code presented in literate form. For example, if you click on the Compiler section, you’ll see the actual compiler code along with an explanation of what it’s doing.
All of this is generated from the ferret.org file (which I’ve linked to in RAW format so you can see how it works). If you look at the Makefile, you’ll see that it calls Emacs in batch mode to tangle the
ferret.org file into the various files needed for the runtime and compiler.
This is an outstanding example of literate programming made all the better by leveraging the power of Emacs and Org mode. Take a look even if you aren’t interested in Lisp or Clojure. The way Akkaya ties everything together in a single Org file is instructive and worth study.
Every year we host Breakfast at DEF CON on the Sunday morning of the largest hacker conference in the United States. I think it’s a brilliant time to have a meetup — almost nobody is out partying on Sunday morning, and coffee and donuts is a perfect way to get your system running again after…
Lil' Mersereau posted a photo:
BSDNow 259 is out, and I happen to have just come off a 10-hour drive, so I will do nothing other than point you at the episode.
The Motorola Razr made the fastest trip from being cool to being uncool of any gadget I can think of. I feel for the designer. They made something insanely cool and desirable, and as such, almost everybody got one, robbing it of its coolness and desirability.
I never had a Razr, but I did have a Motorola Pebl, which is interesting in that it’s the exact same phone while being the total opposite phone. It had pretty much the same internal guts as the Razr, but instead of being impossibly thin and shiny, it was a rounded matte black lump.
The planning day began with an interesting result from the previous plan’s ChemCam RMI analysis of a target that was referred to as ‘Pettegrove Point Foreign Object Debris’ (PPFOD), and speculated to be a piece of spacecraft debris. In fact it was found to be a very thin flake of rock, so we can all rest easy tonight – Curiosity has not begun to shed its skin! Perhaps the target should have been given a different name befitting the theme of the current quadrangle in which Curiosity resides: ‘Rabhadh Ceàrr’, or ‘False Alarm’ in Scottish Gaelic.
While indications of mechanical success from the previous plan’s CheMin analysis of the drill sample at the ‘Stoer’ target were received, the data will not be down until late this evening, so the drill campaign is taking a small hiatus to do some remote observations in this two-sol plan.
Environmental monitoring of the dust opacity or ‘tau‘ in Gale crater continues with multiple observations planned on each sol to observe diurnal variations, as well as the day-to-day trends as the global dust storm declines (as seen in the Navcam image below, the crater is still quite dusty!). Additional cloud monitoring observations and a dust devil survey are also included.
ChemCam will be taking the remote sensing to another level with its laser (LIBS) on targets ‘Balnakeil,’ ‘Ben Arkle,’ ‘Traboyack,’ and ‘Strontian 2’ in the late morning of sol 2143, and ‘Loch Ranza’ and ‘Strathconon’ in the late morning of 2144. Following the ChemCam activities, Mastcam will provide additional change detection monitoring of the LIBS targets, as well as targets ‘Belhelvie,’ ‘Camas_Mor,’ ‘Sandray,’ and the drill tailings of the ‘Stoer’ drill target. These observations will take place on both sols to observe the effect of the wind on the tailings and regolith.
Once the SAM team receives the preliminary results of the CheMin analysis, they will decide whether or not to request a SAM drop-off in the weekend plan, to prepare the drill sample for baking in an oven for what’s known as an ‘evolved gas analysis’ (EGA).
Written by Brittney Cooper, Atmospheric Scientist at York University
The death of V.S. Naipaul (1932-2018), that cross-grained and all too combative man who saw so unflinchingly into the post-colonial lands from which he drew his heritage, invariably brings to mind his strangest novel, The Enigma of Arrival (Vintage Books, 1987). Temporarily settled into a cottage in Wiltshire in rural England, the author looks back on his career in search of a renewal as cyclic as the seasons. Landscape inspires creativity in this deeply visualized microcosm, even as Naipaul broods over the painting that gives the book its title.
The novel is an odd, self-indulgent work, one I completed more out of a sense of duty (I was reviewing it for a newspaper) than enthusiasm. Yet its introspective imagery keeps resonating. Naipaul was obsessed with the sub-story of the painting, showing the arrival of a visitor at a strange port city and implying a subsequent journey that would in some way parallel his own career.
The work of Giorgio de Chirico (1888-1978), ‘The Enigma of Arrival and the Afternoon’ is a canvas showing this surreal cityscape, a world fitting into Naipaul’s autobiographical meditation with its characters disembarked in a place suggestive of antiquity under a brooding Levantine sky.
A classical scene, Mediterranean, ancient-Roman — or so I saw it [writes Naipaul]. A wharf; in the background, beyond walls and gateways (like cutouts), there is the top of the mast of an antique vessel; on an otherwise deserted street in the foreground there are two figures, both muffled, one perhaps the person who has arrived, the other perhaps a native of the port. The scene is of desolation and mystery…
Which gets us to interstellar flight and other, more exotic arrivals. I’ve always believed that if we ever do discover hard evidence of an extraterrestrial civilization, that experience will not translate into trade opportunities or galactic encyclopedias but mysteries that leave us in some ways more baffled about the nature of intelligence than ever before. I draw a distinction here between ‘contact’ and ‘encounter,’ which are entirely different things, and wonder what this kind of arrival would look like to humans finding evidence for extraterrestrial intelligence.
Here I’ll invoke the splendid novel Roadside Picnic, by Arkady and Boris Strugatsky (1971). Alien artifacts appear at various places on Earth, so-called ‘zones of visitation’ filled with bizarre items, many of them dangerous, and inexplicable happenings. Unseen themselves, the aliens are glimpsed only through what they leave behind in our region of spacetime before moving on. Protagonist “Red” Schuhart is a ‘stalker,’ one who defies the danger to enter the alien zones in search of artifacts. What happens in a Zone can never be predicted.
He had never experienced anything like this before outside the Zone. And it had happened in the Zone only two or three times. It was as though he were in a different world. A million odors cascaded in on him at once—sharp, sweet, metallic, gentle, dangerous ones, as crude as cobblestones, as delicate and complex as watch mechanisms, as huge as a house and as tiny as a dust particle. The air became hard, it developed edges, surfaces, and corners, like space was filled with huge, stiff balloons, slippery pyramids, gigantic prickly crystals, and he had to push his way through it all, making his way in a dream through a junk store stuffed with ancient ugly furniture … It lasted a second. He opened his eyes, and everything was gone. It hadn’t been a different world—it was this world turning a new, unknown side to him. This side was revealed to him for a second and then disappeared, before he had time to figure it out.
Ursula Le Guin was quick to note the connection between the Strugatskys and the work of Stanislaw Lem, the great Polish novelist whose Solaris (1961) is widely admired and twice filmed. Here too, coping with a planet-wide ocean with its own kind of sentience, the human characters come up hard against their own preconceptions and the failure of their paradigms to understand an alien presence. Lem chided what he called ‘the myth of our cognitive universalism,’ a myth the Strugatsky’s equally exploit in the ravishingly strange Roadside Picnic. Like Naipaul, Lem has his own obsession with arrivals.
“We don’t want to conquer the cosmos, we simply want to extend the boundaries of Earth to the frontiers of the cosmos… We are searching for an ideal image of our own world: we go in quest of a planet, a civilization superior to our own but developed on the basis of a prototype of our primeval past. At the same time, there is something inside us which we don’t like to face up to, from which we try to protect ourselves, but which nevertheless remains, since we don’t leave Earth in a state of primal innocence. We arrive here as we are in reality, and when the page is turned and that reality is revealed to us – that part of our reality which we would prefer to pass over in silence – then we don’t like it anymore.”
Is an arrival always a wakening of self-knowledge? Here I might also mention Arthur C. Clarke’s Rendezvous with Rama (1973), in which an alien starship passes through the Solar System, an approach that reminded many Centauri Dreams readers of the recent appearance of ‘Oumuamua. A survey vessel despatched to study the object called Rama discovers geometric structures and a ‘cylindrical sea,’ along with an atmosphere that turns out to be breathable. But Rama will not tarry. After a gravitational slingshot maneuver, it departs the Solar System for the Magellanics.
It is an arrival wrapped in mystery but, as Clarke goes on, “at least we have answered one ancient question. We are not alone. The stars will never again be the same to us.”
Could anything ever be the same? In tales like these, we confront the unknowable in disturbing ways, conflicted by our inability to establish the kind of contact that would explain and enlarge our own existence. No one can know what an actual alien contact might involve, but I suspect that dealing with an entirely separate lifeform deriving from an evolution under wholly different skies will prove to be as enigmatic as anything written by the Strugatskys, Lem or Clarke.
In that vein, I recently ran across an essay by astrophysicist Ethan Siegel, sent on by several readers who knew how often we’ve discussed Breakthrough Starshot in these pages. What Siegel does is to reverse the story. He wonders how the recipients of an arrival from Earth would react, and speculates that if we’re not careful, we may send entirely the wrong signal.
Breakthrough Starshot, after all, envisions pushing a fleet of small sails carrying payloads of a gram or so to a nearby stellar system. Right now the obvious target is Proxima Centauri, where we know we have a planet in the habitable zone, but we may find equally promising possibilities around Centauri A or B. The goal here is not contact but simply the opportunity to perform flybys of an interesting planet and return data and imagery, and Siegel is quick to note that sails boosted to 20 percent of lightspeed have no deceleration mechanism available to them.
The problem: A ‘cone of uncertainty’ exists for any trajectory that will take us close enough to the planet to retrieve good data, an aiming problem requiring unprecedented levels of precision. Thus the possibility that we could be entering an inhabited stellar system and colliding with a living world cannot be ruled out. Siegel notes the invariable relationship between kinetic energy and speed: Double the speed and you get four times the energy. Even our tiny 1-gram spacecraft moving at 60,000 km/sec, says Siegel, will hit with the force of a 1 tonne asteroid moving at 60 km/sec, which in effect means we could cause a Chelyabinsk-like event, or more than one.
If you were an alien on this world that got struck by these relativistic masses, what would you conclude? You’d know that these were too massive and too fast-moving to be created naturally; they were made by an intelligent civilization. You’d know that you were being intentionally targeted; space is too vast for these to strike you by random chance. And — worst of all — you’d assume this civilization had a malicious intent. No benevolent aliens would launch something so recklessly and carelessly given the damage it would cause. If we’re smart enough to send a spacecraft across the galaxy to another star, surely we can be wise enough to reckon the disastrous consequences of doing so.
What an arrival this would be. And yet, in order to study nearby worlds, we have yet to come up with a plan remotely as feasible as the admittedly longshot Breakthrough Starshot. Are there ways we can minimize this risk or eliminate it altogether while still finding a way to begin interstellar explorations? Because we do need to consider how we are perceived when we probe into the utterly unknown, and if the odds seem long that there is a civilization on Proxima b or that we might inadvertently hit the planet we are studying, they are still not zero.
The enigma of arrival is magnified and transformed when we are arriving at a place we are seeing for the first time, just as our arrival at Pluto/Charon opened up two worlds while posing new mysteries about the surfaces we flew past. Naipaul referred to de Chirico’s scene as the depiction of ‘a dangerous classical city,’ one in which the newcomer sought orientation and meaning. How much more enigmatic might our own arrival be if perceived by other intelligences? Should the need for ‘exoplanetary protection’ join our other mission parameters?
[Addendum]: Be sure to look at Avi Loeb’s spirited response to Siegel in Why Humanity Probably Won’t Accidentally Start An Interstellar War With An Alien Civilization. More on this tomorrow.
Many (many) years ago in the age of MS-DOS when Unix on the PC was still a dream, there was an editor called Brief. It was far and away the best editor available for DOS. It was fast, had multiple windows, regular expression search and replace, multiple undo/redo, could deal with rectangular regions, and could even call and interact with your compiler directly from the editor.
It was, in short, very Emacs-like and even had a Lisp extension language. Later, they added a C-like extension language. I recall the developers saying that it was inspired by Emacs. For example, a lot of the editor was implemented in the extension language(s). Of course, it wasn’t as powerful as Emacs: you couldn’t do things like listen to music with it or any of the many other things that we do from within Emacs but it was a darn good editor and had a fanatical following.
I remember it fondly and regret that it died with DOS (although there were OS/2 and Window versions). It turns out, though, that it hasn’t quite died. One of those fanatical followers, Luke Lee, has been working on emulating it under Emacs for over 17 years. Now, finally, he feels that it’s ready for official release.
There probably aren’t a lot of people who still have Brief muscle memory or who would prefer the Brief emulation to normal Emacs but if you are such a person, Lee has just added it to the ELPA package master branch. Lee’s announcement on
emacs-devel is detailed and describes the changes and enhancements he made. If you were a Brief user and would like to relive the old days, give it a try.
Another speculative-execution attack against Intel's SGX.
At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine's private attestation key. Making things worse, due to SGX's privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.
The details of the Foreshadow attack are a little more complicated than those of Meltdown. In Meltdown, the attempt to perform an illegal read of kernel memory triggers the page fault mechanism (by which the processor and operating system cooperate to determine which bit of physical memory a memory access corresponds to, or they crash the program if there's no such mapping). Attempts to read SGX data from outside an enclave receive special handling by the processor: reads always return a specific value (-1), and writes are ignored completely. The special handling is called "abort page semantics" and should be enough to prevent speculative reads from being able to learn anything.
However, the Foreshadow researchers found a way to bypass the abort page semantics. The data structures used to control the mapping of virtual-memory addresses to physical addresses include a flag to say whether a piece of memory is present (loaded into RAM somewhere) or not. If memory is marked as not being present at all, the processor stops performing any further permissions checks and immediately triggers the page fault mechanism: this means that the abort page mechanics aren't used. It turns out that applications can mark memory, including enclave memory, as not being present by removing all permissions (read, write, execute) from that memory.
EDITED TO ADD: Intel has responded:
L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We've provided more information on our web site and continue to encourage everyone to keep their systems up-to-date, as it's one of the best ways to stay protected.
An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.
The claims come in a lawsuit filed this week in Los Angeles on behalf of Michael Terpin, who co-founded the first angel investor group for bitcoin enthusiasts in 2013. Terpin alleges that crooks stole almost $24 million worth of cryptocurrency after fraudulently executing a “SIM swap” on his mobile phone account at AT&T in early 2018.
A SIM card is the tiny, removable chip in a mobile device that allows it to connect to the provider’s network. Customers can legitimately request a SIM swap when their existing SIM card has been damaged, or when they are switching to a different phone that requires a SIM card of another size.
But SIM swaps are frequently abused by scam artists who trick mobile providers into tying a target’s service to a new SIM card and mobile phone that the attackers control. Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many banks and online services rely on text messages to send users a one-time code that needs to be entered in addition to a password for online authentication.
Terpin alleges that on January 7, 2018, someone requested an unauthorized SIM swap on his AT&T account, causing his phone to go dead and sending all incoming texts and phone calls to a device the attackers controlled. Armed with that access, the intruders were able to reset credentials tied to his cryptocurrency accounts and siphon nearly $24 million worth of digital currencies.
According to Terpin, this was the second time in six months someone had hacked his AT&T number. On June 11, 2017, Terpin’s phone went dead. He soon learned his AT&T password had been changed remotely after 11 attempts in AT&T stores had failed. At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made.
Terpin claims an investigation by AT&T into the 2018 breach found that an employee at an AT&T store in Norwich, Conn. somehow executed the SIM swap on his account without having to enter his “extra security” PIN, and that AT&T knew or should have known that employees could bypass its customer security measures.
Terpin is suing AT&T for his $24 million worth of cryptocurrencies, plus $200 million in punitive damages. A copy of his complaint is here (PDF).
AT&T declined to comment on specific claims in the lawsuit, saying only in a statement that, “We dispute these allegations and look forward to presenting our case in court.”
Mobile phone companies are a major weak point in authentication because so many companies have now built their entire procedure for authenticating customers on a process that involves sending a one-time code to the customer via SMS or automated phone call.
In some cases, thieves executing SIM swaps have already phished or otherwise stolen a target’s bank or email password. But many major social media platforms — such as Instagram — allow users to reset their passwords using nothing more than text-based (SMS) authentication, meaning thieves can hijack those accounts just by having control over the target’s mobile phone number.
Allison Nixon is director of security research at Flashpoint, a security company in New York City that has been closely tracking the murky underworld of communities that teach people how to hijack phone numbers assigned to customer accounts at all of the major mobile providers.
Nixon calls the current SIM-jacking craze “a major identity crisis” for cybersecurity on multiple levels.
“Phone numbers were never originally intended as an identity document, they were designed as a way to contact people,” Nixon said. “But because of all these other companies are building in security measures, a phone number has become an identity document.”
In essence, mobile phone companies have become “critical infrastructure” for security precisely because so much is riding on who controls a given mobile number. At the same time, so little is needed to undo weak security controls put in place to prevent abuse.
“The infrastructure wasn’t designed to withstand the kind of attacks happening now,” Nixon said. “The protocols need to be changed, and there are probably laws affecting the telecom companies that need to be reviewed in light of how these companies have evolved.”
Unfortunately, with the major mobile providers so closely tied to your security, there is no way you can remove the most vulnerable chunks of this infrastructure — the mobile store employees who can be paid or otherwise bamboozled into helping these attacks succeed.
No way, that is, unless you completely disconnect your mobile phone number from any sort of SMS-based authentication you currently use, and replace it with Internet-based telephone services that do not offer “helpful” customer support — such as Google Voice.
Google Voice lets users choose a phone number that gets tied to their Google account, and any calls or messages to that number will be forwarded to your mobile number. But unlike phone numbers issued by the major mobile providers, Google Voice numbers can’t be stolen unless someone also hacks your Google password — in which case you likely have much bigger problems.
With Google Voice, there is no customer service person who can be conned over the phone into helping out. There is no retail-store employee who will sell access to your SIM information for a paltry $80 payday. In this view of security, customer service becomes a customer disservice.
Mind you, this isn’t my advice. The above statement summarizes the arguments allegedly made by one of the most accomplished SIM swap thieves in the game today. On July 12, 2018, police in California arrested Joel Ortiz, a 20-year-old college student from Boston who’s accused of using SIM swaps to steal more than $5 million in cryptocurrencies from 40 victims.
Ortiz allegedly had help from a number of unnamed accomplices who collectively targeted high-profile and wealthy people in the cryptocurrency space. In one of three brazen attacks at a bitcoin conference this year, Ortiz allegedly used his SIM swapping skills to steal more than $1.5 million from a cryptocurrency entrepreneur, including nearly $1 million the victim had crowdfunded.
Ortiz reportedly was a core member of OGUsers[dot]com, a forum that’s grown wildly popular among criminals engaging in SIM swaps to steal cryptocurrency and hijack high-value social media accounts. OG is short for “original gangster,” and it refers to a type of “street cred” for possession of social media account names that are relatively short (between one and six characters). On ogusers[dot]com, Ortiz allegedly picked the username “j”. Short usernames are considered more valuable because they confer on the account holder the appearance of an early adopter on most social networks.
Discussions on the Ogusers forum indicate Ortiz allegedly is the current occupant of perhaps the most OG username on Twitter — an account represented by the number zero “0”. The alias displayed on that twitter profile is “j0”. He also apparently controls the Instagram account by the same number, as well as the Instagram account “t”, which lists its alias as “Joel.”
Shown below is a cached snippet from an Ogusers forum posting by “j” (allegedly Ortiz), advising people to remove their mobile phone number from all important multi-factor authentication options, and to replace it with something like Google Voice.
All four major wireless carriers — AT&T, Sprint, T-Mobile and Verizon — let customers add security against SIM swaps and related schemes by setting a PIN that needs to be provided over the phone or in person at a store before account changes should be made. But these security features can be bypassed by incompetent or corrupt mobile store employees.
Mobile store employees who can be bought or tricked into conducting SIM swaps are known as “plugs” in the Ogusers community, and without them SIM swapping schemes become much more difficult.
Last week, KrebsOnSecurity broke the news that police in Florida had arrested a 25-year-old man who’s accused of being part of a group of at least nine individuals who routinely conducted fraudulent SIM swaps on high-value targets. Investigators in that case say they have surveillance logs that show the group discussed working directly with mobile store employees to complete the phone number heists.
In May I wrote about a 27-year-old Boston man who had his three-letter Instagram account name stolen after thieves hijacked his number at T-Mobile. Much like Mr. Terpin, the victim in that case had already taken T-Mobile’s advice and placed a PIN on his account that was supposed to prevent the transfer of his mobile number. T-Mobile ultimately acknowledged that the heist had been carried out by a rogue T-Mobile store employee.
So consider establishing a Google Voice account if you don’t already have one. In setting up a new number, Google requires you to provide a number capable of receiving text messages. Once your Google Voice number is linked to your mobile, the device at the mobile number you gave to Google should notify you instantly if anyone calls or messages the Google number (this assumes your phone has a Wi-Fi or mobile connection to the Internet).
After you’ve done that, take stock of every major account you can think of, replacing your mobile phone number with your Google Voice number in every case it is listed in your profile.
Here’s where it gets tricky. If you’re all-in for taking the anti-SIM-hacking advice allegedly offered by Mr. Ortiz, once you’ve changed all of your multi-factor authentication options from your mobile number to your Google Voice number, you then have to remove that mobile number you supplied to Google from your Google Voice account. After that, you can still manage calls/messages to and from your Google Voice number using the Google Voice mobile app.
And notice what else Ortiz advises in the screen shot above to secure one’s Gmail and other Google accounts: Using a physical security key (where possible) to replace passwords. This post from a few weeks back explains what security keys are, how they can help harden your security posture, and how to use them. If Google’s own internal security processes count for anything, the company recently told this author that none of its 85,000 employees had been successfully phished for their work credentials since January 2017, when Google began requiring all employees to use physical security keys in place of one-time passwords sent to a mobile device.
Standard disclaimer: If the only two-factor authentication offered by a company you use is based on sending a one-time code via SMS or automated phone call, this is still better than relying on simply a password alone. But one-time codes generated by a mobile phone app such as Authy or Google Authenticator are more secure than SMS-based options because they are not directly vulnerable to SIM-swapping attacks.
The web site twofactorauth.org breaks down online service providers by the types of secondary authentication offered (SMS, call, app-based one-time codes, security keys). Take a moment soon to review this important resource and harden your security posture wherever possible.
The legendary soul singer, pianist, and performer Aretha Franklin died on Thursday, surrounded by family and friends, at the age of 76. The Queen of Soul will be remembered for countless songs and performances throughout her life, and is eloquently memorialized here by our own Spencer Kornhaber. Below, a collection of images of Franklin’s amazing career, spanning the past five decades.
Two or three years back you would see a handful of really interesting unofficial badges at DEF CON. Now, there’s a deluge of clever, beautiful, and well executed badges. Last weekend I tried to see every badge and meet every badge maker. Normally, I would publish one megapost to show off everything I had seen,…
I’m a decade into programming but I never touched a SOAP interface before. So last week was a first: I saw my first WSDL ever.
There’s not much Scala tooling around SOAP so I went for Java. Now I know a lot of acronyms like JAXB or JAX-WS (I have no idea what these mean tho), and I generated code from WSDL like in the perfect wet dream of a 00s SOA consultant. Mutable Java classes of course, but you get what you pay for.
Although I didn’t really understand what I was doing everything worked well—I even wrote an SBT plugin to run
wsimport and publish the generated code—and I spent no more time with this stuff that I should.
But I do feel a little dirty now…
Fiona Goodall, a photographer working with Getty Images, recently visited the tiny South Pacific island nation of Tuvalu, a country battling rising sea levels with limited resources. Goodall reports that high tides regularly bring flooding that “inundates taro plantations, floods either side of the airport runway, and affects people’s homes.” While a study released in February showed that Tuvalu’s land area had actually increased by 2.9 percent since 1970, due mostly to wave-driven beach buildup, the elevation of the nation’s nine islands was not growing—and the sea has been rising by approximately 0.2 inches (5 millimeters) every year, above the global average, since 1993. The government of Tuvalu is working with public and private groups from around the Pacific to develop hardy crops, shore up vulnerable beaches, and move toward a goal of becoming 100 percent renewable-energy dependent by 2025.
From Bradley Ramsey on the Tindie blog:
When you take your first steps on the road to becoming a maker, one of the first skills you’ll need to master is soldering. It’s the backbone of just about every electronics project, but it’s not an easy skill to master. Don’t let the fear stop you, soldering opens up a lot of DIY projects for you.
With the I Can Solder Badge, you’ll not only learn the basics, but you’ll also have proof to show the world. This badge project is unique in that it also teaches you about circuits and includes a switch to save the battery power.
Included in the kit is a purple PCB manufactured in the USA by OSH Park, an RGB LED, a resistor, a switch, and a battery holder for the CR2032. Keep in mind that you’ll need to purchase the battery yourself as it cannot be mailed out with the kit due to USPS guidelines.