Apple Lets Some Network Traffic Bypass Firewalls on MacOS Big Sur
"Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that
allows some Apple apps to bypass content filters and VPNs..." reports Threatpost. "While users assumed Apple would fix the flaw before the OS emerged from beta into full release, this doesn't appear to have happened."
"Beginning with macOS Catalina released last year, Apple
added a list of 50 Apple-specific apps and processes that were to be exempted from firewalls like Little Snitch and Lulu," explains
The undocumented exemption, which didn't take effect until firewalls were rewritten to implement changes in Big Sur, first came to light in October. Patrick Wardle, a security researcher at Mac and iOS enterprise developer Jamf, further documented the new behavior over the weekend. To demonstrate the risks that come with this move, Wardle — a former hacker for the NSA — demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure...
Wardle tweeted a portion of a bug report he submitted to Apple during the Big Sur beta phase. It specifically warns that "essential security tools such as firewalls are ineffective" under the change.
Apple has yet to explain the reason behind the change.
Werner Herzog On Asteroids, Star Wars, and the 'Obscenity' of a City On Mars
78-year-old filmmaker Werner Herzog shared some interesting thoughts before the release of his new documentary on asteroids,
Fireball: Visitors From Darker Worlds now available on Apple TV+.
From Herzog's new interview with the science site
Herzog tells Inverse he's less concerned than ever that a meteorite will destroy the Earth, but that doesn't mean we shouldn't still be worried about our own extinction. "It may be 100 million years to go until then," Herzog says, before adding, "within the next thousand years, we may have done such stupid things that we are not around anymore to contemplate it...."
There's a theory that all life on Earth came from a meteorite. Do you think that's possible...?
[I]f you expand the question, it wouldn't surprise me if we found life somewhere outside of our solar system, or even within our solar system, because we share the same chemistry with the universe. We share the same physics with the universe. And we share the same history with the universe. So with trillions and trillions and trillions of stars out there, it's highly likely that somewhere there are some forms of life. Probably not as good and interesting as in movies. We can be pretty certain there are no creatures out there like in Star Wars...
Have you heard the theory that we're living inside a simulation?
Yes, but I don't buy it. Because when I kick a soccer ball from the penalty spot, I know this is for real. If the goalie saves it, oh shit, this is for real.
He also discusses the 1998 asteroid disaster film
Deep Impact and his own appearance on
Rick and Morty, as well as part on
The Mandalorian — and the experience of watching its premiere with 1,000 hardcore
Star Wars fans. ("It was unbelievable. The first credit appears and there's a shout of joy that you cannot describe... It's evident Star Wars is a new mythology for our times, whether you like it or not.")
But though Herzog's films "often feature ambitious protagonists with impossible dreams, people with unique talents in obscure fields, or individuals who are in conflict with nature,"
according to Wikipedia, Herzog insists to
Elon Musk's plan to build a city on Mars is a "mistake."
In a blistering criticism, Herzog describes the idea as "an obscenity," and says humans should "not be like the locusts...."
Herzog is not opposed to going to Mars at all. In fact, the German filmmaker would "love to go [to Mars] with a camera with scientists." But the long-term vision of a Mars city is a "mistake." Herzog's main concern is that humanity should "rather look to keep our planet habitable," instead of trying to colonize another one.
In short, Mars is not a livable place. There is no liquid water at the surface, or air to breathe. Solar wind means inhabitants would be "fried like in a microwave," Herzog says.
In the Last Week America Experienced 1 Million New Coronavirus Cases
The total number of U.S. coronavirus cases since the pandemic started has now surpassed 12 million, CNN reports — "
an increase of more than 1 million cases in less than a week."
Researchers at John Hopkins University calculate that over a quarter of a million Americans have now died from the disease.
Almost every state has reported a rapid surge in cases, and nationwide numbers have been climbing much faster than ever before — with the country reporting a staggering 2.8 million infections since the beginning of the month. On Friday, more than 195,500 new infections were reported — the country's highest for a single day, and far beyond what the nation was seeing just weeks ago. The highest number of single-day cases during the country's summer surge was a little more than 77,100 in July, Johns Hopkins University data shows.
The U.S. on Friday also recorded its highest number of Covid-19 patients in hospitals on a given day: just over 82,100 — according to the COVID Tracking Project. Rising death rates typically follow rising hospitalizations. In just the past week, more than 10,000 U.S. deaths have been reported — nearly double the weekly death toll of just a month ago... The virus is still running unabated in the U.S. and the rate of rising cases is now "dramatically" different from what it was before, White House Coronavirus task force coordinator Dr. Deborah Birx told CNN's Chief Medical Correspondent Dr. Sanjay Gupta....
The good news? Experts say promising vaccines are on the horizon and until then, there are things the American public can do to help hold down the virus. Those include wearing a mask, social distancing, avoiding crowds and washing hands regularly. The University of Washington's Institute for Health Metrics and Evaluation projected this week about 65,000 lives could be saved by March 1 if 95% of Americans wore masks.
The rising graph (midway through the story) says it all.
UPDATE: CNN reported Sunday that in just the month of November America
experienced three million new Covid-19 infections.
Does the Human Brain Resemble the Universe?
"Does the human brain resemble the Universe?" teases an announcement that an astrophysicist of the University of Bologna and a neurosurgeon of the University of Verona "
compared the network of neuronal cells in the human brain with the cosmic network of galaxies...and surprising similarities emerged."
Iwastheone shares their report:
Despite the substantial difference in scale between the two networks (more than 27 orders of magnitude), their quantitative analysis, which sits at the crossroads of cosmology and neurosurgery, suggests that diverse physical processes can build structures characterized by similar levels of complexity and self-organization. The human brain functions thanks to its wide neuronal network that is deemed to contain approximately 69 billion neurons. On the other hand, the observable universe can count upon a cosmic web of at least 100 billion galaxies.
Within both systems, only 30% of their masses are composed of galaxies and neurons. Within both systems, galaxies and neurons arrange themselves in long filaments or nodes between the filaments. Finally, within both system, 70% of the distribution of mass or energy is composed of components playing an apparently passive role: water in the brain and dark energy in the observable Universe.
Starting from the shared features of the two systems, researchers compared a simulation of the network of galaxies to sections of the cerebral cortex and the cerebellum. The goal was to observe how matter fluctuations scatter over such diverse scales. "We calculated the spectral density of both systems. This is a technique often employed in cosmology for studying the spatial distribution of galaxies", explains Franco Vazza (astrophysicist at the University of Bologna). "Our analysis showed that the distribution of the fluctuation within the cerebellum neuronal network on a scale from 1 micrometre to 0.1 millimetres follows the same progression of the distribution of matter in the cosmic web but, of course, on a larger scale that goes from 5 million to 500 million light-years".
The two researchers also calculated some parameters characterising both the neuronal network and the cosmic web: the average number of connections in each node and the tendency of clustering several connections in relevant central nodes within the network. "Once again, structural parameters have identified unexpected agreement levels. Probably, the connectivity within the two networks evolves following similar physical principles, despite the striking and obvious difference between the physical powers regulating galaxies and neurons", adds Alberto Feletti (neurosurgeon at the University of Verona).
Email and Web Traffic Redirected for Multiple Cryptocurrency Sites After GoDaddy Attack
redirected email and web traffic destined for several cryptocurrency trading platforms over the past week," reports security researcher Brian Krebs:
The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, KrebsOnSecurity has learned...
This latest campaign appears to have begun on or around Nov. 13, with an attack on cryptocurrency trading platform liquid.com. "A domain hosting provider 'GoDaddy' that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," Liquid CEO Kayamori said in a blog post. "This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage."
In the early morning hours of Nov. 18 Central European Time (CET), cyptocurrency mining service NiceHash disclosed that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site. NiceHash froze all customer funds for roughly 24 hours until it was able to verify that its domain settings had been changed back to their original settings. "At this moment in time, it looks like no emails, passwords, or any personal data were accessed, but we do suggest resetting your password and activate 2FA security," the company wrote in a blog post. NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github. But he said GoDaddy was impossible to reach at the time because it was undergoing a widespread system outage in which phone and email systems were unresponsive. "We detected this almost immediately [and] started to mitigate [the] attack," Skorjanc said in an email to this author. "Luckily, we fought them off well and they did not gain access to any important service. Nothing was stolen...."
[S]everal other cryptocurrency platforms also may have been targeted by the same group, including Bibox.com, Celcius.network, and Wirex.app. None of these companies responded to requests for comment.
In response to questions from KrebsOnSecurity, GoDaddy acknowledged that "a small number" of customer domain names had been modified after a "limited" number of GoDaddy employees fell for a social engineering scam.
Why Amazon's Echo Shines an Ominous Red Light When Its Microphone is Muted
This year Amazon followed up its cylindrical Echo (and its hockey puck-shaped Echo Dot) with a cloth-wrapped
sphere-shaped Echo device. And
Fast Company reports
that one significant change was to the light pipe, "that glowing ring on top of the Echo that signals it's talking or thinking.
"For the fourth generation, that light pipe has been moved to the bottom of the device, to reflect off tables or countertops, and provide a more ambient lighting experience that blends into one's environment — with a catch."
Once you hit the privacy button on your Echo, deafening it from hearing your speech, the ring glows a DEFCON 2 red until you unmute it. (Note: Google uses an orange to convey mute for its Assistant, as does Sony's new PS5 controller that has a mic built in.) It's not just overt; it's borderline warlike, adding a Red October glow to your space. Echos have always glowed red when muted. Now your environment does, too.
When I mention this design decision, which seems to punish consumers who prefer privacy, Miriam Daniel, vice president of Echo and Alexa devices at Amazon, acknowledges, but brushes off, the criticism. "[Red] makes for a strong [statement]. There's always a tradeoff. Is it too bright? Annoying? Too in your face?" she muses. But she argues that the greater benefit is that "it gives people a sense of comfort knowing the mic isn't working."
The article notes that in 2019, Amazon announced it had already sold 100 million Alexa-powered devices.
In Historic Test, US Navy Shoots Down an Intercontinental Ballastic Missile
historic test, a U.S. Navy guided missile destroyer shot down an intercontinental ballistic missile (ICBM) warhead aimed at a patch of ocean off the Hawaiian Islands," reports
Once the missile launched, a network of sensors picked it up. The data was then handed off to the guided missile destroyer USS John Finn, which launched a SM-3 Block IIA interceptor. Just as the ICBM released a [simulated] nuclear warhead, the SM-3 released an Exoatmospheric Kill Vehicle (EKV) designed to smash itself into the incoming warhead. Infrared cameras recorded a visible explosion as the EKV took out the simulated nuclear warhead.
Most types of ballistic missiles are basically small payload space rockets designed to boost nuclear warheads into low-Earth orbit. Once in space, the warhead coasts through orbit at several thousand miles per hour — the so-called midcourse phase when the warhead is midway between its launch point and target. The warhead then de-orbits into a trajectory that sends it plunging toward its target.
Meanwhile, space-based infrared sensors pick up the hot launch plume of the ballistic missile. A launch alert is passed on to ground-based long range radars, which search the skies for the incoming threat. As the missile falls away and the warhead continues on to its target, missile defense radars track the target, plot its trajectory, and alert any "shooters" in the flight path capable of shooting down the warhead. The shooter then launches an interceptor, and the EKV steers itself into the warhead path...
The article includes
video of the test, and concludes that the ability to shoot down missiles is "terrible news for China" — while adding this "could very well cause Beijing to increase its nuclear arsenal."
Assigning Homework Exacerbates Class Divides, Researchers Find
"Education scholars say that
math homework as it's currently assigned reinforces class divides in society and needs to change for good," according to Motherboard — citing
a new working paper from education scholars:
Status-reinforcing processes, or ones that fortify pre-existing divides, are a dime a dozen in education. Standardized testing, creating honors and AP tracks, and grouping students based on perceived ability all serve to disadvantage students who lack the support structures and parental engagement associated with affluence. Looking specifically at math homework, the authors of the new working paper wanted to see if homework was yet another status-reinforcing process. As it turns out, it was, and researchers say that the traditional solutions offered up to fix the homework gap won't work.
"Here, teachers knew that students were getting unequal support with homework," said Jessica Calarco, the first author of the paper and an associate professor of psychology at Indiana University. "And yet, because of these standard, taken-for-granted policies that treated homework as students' individual responsibilities, it erased those unequal contexts of support and led teachers to interpret and respond to homework in these status-reinforcing ways...."
The teachers interviewed for the paper acknowledged the unequal contexts affecting whether students could complete their math homework fully and correctly, Calarco said. However, that did not stop the same teachers from using homework as a way to measure students' abilities. "The most shocking and troubling part to me was hearing teachers write off students because they didn't get their homework done," Calarco said.... Part of the reason why homework can serve as a status-reinforcing process is that formal school policies and grading schemes treat it as a measure of a student's individual effort and responsibility, when many other factors affect completion, Calarco said....
"I'm not sure I want to completely come out and say that we need to ban homework entirely, but I think we need to really seriously reconsider when and how we assign it."
After Restoring YouTube-dl, GitHub Revamps Its Copyright Takedown Policy
On October 23rd GitHub initially
complied with a takedown request for the open-source project youtube-dl — and then
after 24 days, reinstated it.
"If there's a silver lining to the episode, it's that GitHub is
implementing new policies to avoid a repeat of a repeat situation moving forward," reports Engadget:
First, it says a team of both technical and legal experts will manually evaluate every single section 1201 claim. In instances where there's any ambiguity to a claim, the company says it will err on the side of developers and leave their repository online. If the company's technical and legal teams ultimately find any issues with a project, GitHub will give its owners the chance to address those problems before it takes down their work. Following a takedown, it will continue to give people the chance to recover their data — provided it doesn't include any offending code.
GitHub is also establishing a $1 million defense fund to provide legal aid to developers against suspect section 1201 claims, as well as doubling down on its lobbying work to amend the DMCA and other similar copyright laws across the world.
SpaceX Begins a Day With Two Falcon 9 Launches, Seventh Flight of a Recycled Rocket
While tonight will see SpaceX's 16th launch of its broadband satellites, that launch will also make history, reports CNET:
The first stage of the Falcon 9 rocket is set to make its seventh flight, which would be a record for rocket recycling for the company. The booster previously flew on four Starlink missions and a pair of larger telecom satellite launches. SpaceX will likely attempt to land the booster on a droneship in the Atlantic shortly after launch and may also try to catch the two halves of the nose cone or fairing with another pair of ships.
This all happens just about 10 hours after SpaceX is scheduled to perform another big launch on the other side of the country. On Saturday morning [in just one half hour], another Falcon 9 will blast off from Vandenburg Air Force Base in California carrying the new NASA/European Space Agency Sentinel 6 Michael Freilich satellite designed to monitor global sea level rise and improve weather forecasting...
You can watch the whole thing right here.
SpaceX has also begun tweeting photos taken last weekend during its Crew Dragon capsule's
flight from earth— and its
arrival at the International Space Station.
Masks are Effective, Despite One Flawed Study From Denmark
the overwhelming body of evidence suggests that masks are effective," the lead author of a study recently cited by America's Center for Disease Control told the Washington Post.
They were responding to another (very controversial) outlier study whose findings "
conflict with those from a number of other studies," according to the New York Times, citing numerous experts. "Critics were quick to note [that] study's limitations, among them that the design depended heavily on participants reporting their own test results and behavior, at a time when both mask-wearing and infection were rare in Denmark."
The Washington Post reports:
In the large, randomized study published Wednesday in the Annals of Internal Medicine, researchers observed more than 6,000 people in Denmark from April to June when mask-wearing was not required in the country. Fewer people in the group that was advised to wear masks contracted the virus — or about a 14 percent reduced risk because of mask-wearing — but the difference was not statistically significant, indicating that the medical masks issued were not particularly effective at preventing the wearers from being infected. Other experts, however, argue that the study was conducted when there was relatively less community spread of the virus and that testing the participants' antibodies cannot reliably measure whether they had the virus during the time of the study.
"We think you should wear a face mask at least to protect yourself, but you should also use it to protect others," lead author Henning Bundgaard told The Washington Post. "We consider that the conclusion is we should wear face masks." Bundgaard said even the small risk reduction masks offer "is very important, considering it is a life-threatening disease..."
"Because the issue has become so politicized, there's a real risk — and it's already being used in this way — that studies like this will be sort of cherry-picked and presented as conclusive evidence that masks are completely ineffective," Columbia University virologist Angela Rasmussen said... In letters and blog posts, public health experts express concern about the design of the study and warn that policymakers could misinterpret the research to mean that masks are ineffective. "However, the more accurate translation is that this study is uninformative regarding the benefits (or lack thereof) of wearing masks outside of the healthcare setting," one letter states. "As such, we caution decision-makers and the media from interpreting the results of this trial as being anything other than artifacts of weak design."
Even the Denmark study itself
acknowledged its own limitations, citing "Inconclusive results, missing data, variable adherence, patient-reported findings on home tests, no blinding, and no assessment of whether masks could decrease disease transmission from mask wearers to others."
And it also acknowledges large gaps in adherence to proper mask usage among its participants: "Based on the lowest adherence reported in the mask group during follow-up, 46% of participants wore the mask as recommended, 47% predominantly as recommended, and 7% not as recommended."
Post notes that America's Center for Disease Control reiterated that people do benefit from wearing a mask that can filter out virus-carrying droplets, and last week "cited multiple studies evaluating mechanical evidence that concluded masks can block certain respiratory particles, depending on the material of the mask..."
Deep Frozen Arctic Microbes Are Waking Up
An anonymous reader shares an opinion piece from Scientific American:
Permafrost covers 24 percent of the Earth's land surface, and the soil constituents vary with local geology. Arctic lands offer unexplored microbial biodiversity and microbial feedbacks, including the release of carbon to the atmosphere. In some locations, hundreds of millions of years' worth of carbon is buried. The layers may still contain ancient frozen microbes, Pleistocene megafauna and even buried smallpox victims. As the permafrost thaws with increasing rapidity, scientists' emerging challenge is to discover and identify the microbes, bacteria and viruses that may be stirring. Some of these microbes are known to scientists. Methanogenic Archaea, for example metabolize soil carbon to release methane, a potent greenhouse gas. Other permafrost microbes (methanotrophs) consume methane. The balance between these microbes plays a critical role in determining future climate warming. Others are known but have unpredictable behavior after release...
It is clear that the warmer we make the Arctic, the weirder it will get, as temperatures at the surface become more extreme and thawing deepens. With the coalescence of microbes reawakening from the deep and surface conditions unprecedented in human history, it is challenging to assess risks accurately without improved Arctic microbial datasets. We should pay attention to both known unknowns, such as antibiotic-resistant bacteria, and unknown unknowns, including the potential risks from the resurrection of ancient and poorly described viral genomes from Arctic ice by synthetic biologists. For all of these reasons, we must come up with guidelines for future Arctic research. As travel through the region increases, the likelihood of pathogen export and import rises as well. The planetary protection guidelines that space agencies follow to prevent interplanetary contamination can provide a framework for how microbial investigation can safely continue. Biosurveillance measures must be put into place to protect communities in the Arctic and beyond. As the Arctic continues to transform, one thing is clear: as climate change warms this microbial repository during the 21st century, the full range of consequences is yet to be told.
T-Mobile Becomes First Carrier To Enable 988 Number For Mental Health Services
added support for the 988 emergency mental health services number more than a year and a half ahead of the Federal Communications Commission's deadline, the company
announced on Friday. The Verge reports:
T-Mobile customers who dial 988 will be connected to the National Suicide Prevention Lifeline (NSPL) and its network of crisis centers across the US. T-Mobile says it is the first carrier in the US to make 988 available to its customers. T-Mobile chief technology officer Abdul Saad said in a statement that making the shorter emergency number available to customers was "a matter of urgency for us, particularly as the COVID-19 pandemic continues and the holiday season approaches." People in need of mental health support can still contact the NSPL by calling 1-800-273-8255 (1-800-273-TALK) or by using online chats.
Astronomers Discover New 'Fossil Galaxy' Buried Deep Within the Milky Way
fahrbot-bot shares a report from Phys.Org:
Scientists working with data from the Sloan Digital Sky Surveys' Apache Point Observatory Galactic Evolution Experiment (APOGEE) have discovered a 'fossil galaxy' hidden in the depths of our own Milky Way. The proposed fossil galaxy may have collided with the Milky Way ten billion years ago, when our galaxy was still in its infancy. Astronomers named it Heracles, after the ancient Greek hero who received the gift of immortality when the Milky Way was created.
The remnants of Heracles account for about one third of the Milky Way's spherical halo. But if stars and gas from Heracles make up such a large percentage of the galactic halo, why didn't we see it before? The answer lies in its location deep inside the Milky Way. "To find a fossil galaxy like this one, we had to look at the detailed chemical makeup and motions of tens of thousands of stars," says Ricardo Schiavon from Liverpool John Moores University (LJMU) in the UK, a key member of the research team. "That is especially hard to do for stars in the center of the Milky Way, because they are hidden from view by clouds of interstellar dust. APOGEE lets us pierce through that dust and see deeper into the heart of the Milky Way than ever before." APOGEE does this by taking spectra of stars in near-infrared light, instead of visible light, which gets obscured by dust. Over its ten-year observational life, APOGEE has measured spectra for more than half a million stars all across the Milky Way, including its previously dust-obscured core.
To separate stars belonging to Heracles from those of the original Milky Way, the team made use of both chemical compositions and velocities of stars measured by the APOGEE instrument. [...] Stars originally belonging to Heracles account for roughly one third of the mass of the entire Milky Way halo today -- meaning that this newly-discovered ancient collision must have been a major event in the history of our galaxy. That suggests that our galaxy may be unusual, since most similar massive spiral galaxies had much calmer early lives. The findings have been
reported in Monthly Notices of the Royal Astronomical Society.