About that weird interstellar object

This is a nice interview with a prominent Harvard space scientist regarding the mysterious elongated object that was observed hurtling through the solar system in 2017, marking our first close brush with an interstellar object:

On October 19, 2017, astronomers at the University of Hawaii spotted a strange object travelling through our solar system, which they later described as “a red and extremely elongated asteroid.” It was the first interstellar object to be detected within our solar system; the scientists named it ‘Oumuamua, the Hawaiian word for a scout or messenger. The following October, Avi Loeb, the chair of Harvard’s astronomy department, co-wrote a paper (with a Harvard postdoctoral fellow, Shmuel Bialy) that examined ‘Oumuamua’s “peculiar acceleration” and suggested that the object “may be a fully operational probe sent intentionally to Earth’s vicinity by an alien civilization.” Loeb has long been interested in the search for extraterrestrial life, and he recently made further headlines by suggesting that we might communicate with the civilization that sent the probe. “If these beings are peaceful, we could learn a lot from them,” he told Der Spiegel.

Quote from Loeb:

Well, it’s exactly the approach that I took. I approached this with a scientific mind, like I approach any other problem in astronomy or science that I work on. The point is that we follow the evidence, and the evidence in this particular case is that there are six peculiar facts. And one of these facts is that it deviated from an orbit shaped by gravity while not showing any of the telltale signs of cometary outgassing activity. So we don’t see the gas around it, we don’t see the cometary tail. It has an extreme shape that we have never seen before in either asteroids or comets. We know that we couldn’t detect any heat from it and that it’s much more shiny, by a factor of ten, than a typical asteroid or comet. All of these are facts. I am following the facts. […]

But when you mention the possibility that there could be equipment out there that is coming from another civilization—which, to my mind, is much less speculative, because we have already sent things into space—then that is regarded as unscientific. But we didn’t just invent this thing out of thin air. The reason we were driven to put in that sentence was because of the evidence, because of the facts.

As Sherlock Holmes said: “When you have excluded the impossible, whatever remains, however improbable, must be the truth.”

More here and here.

Luna incognita

Far side of moon China

A glimpse of the far side

We have a touchdown:

China successfully landed the Chang’e 4 spacecraft on the far side of the moon on Thursday morning, Beijing time, according to state news agency Xinhua, becoming the first in history to touch the lunar surface unseen by those on Earth.

The Chang’e 4 mission launched in early December. It took the spacecraft three days to travel to the moon, where it spent the last few weeks in orbit preparing for touch down on the Von Karman crater. The crater is a relatively flat spot on the moon’s far side.

“China’s Chang’e-4 probe softlands on Moon’s far side,” the state news agency tweeted on Thursday.

[…]

Landing on the far side is a technical challenge, as there is no direct way to communicate with the spacecraft as it nears its target. China put a relay satellite in orbit around the moon in May to overcome that communication challenge.

The far side of the moon has been seen and mapped before, even by astronauts of the Apollo missions. But the successful landing of Chang’e 4 represents the first time any spacecraft has touched down on the moon’s far side.

Most impressive.

Interstellar

Voyoager 2 satellite interstellar

The second man-made object in history has now broken free of the sun’s influence and embarked on the long, cold journey into interstellar space:

After launching in 1977, NASA’s trailblazing spacecraft Voyager 2 has finally escaped the heliosphere, the Sun’s protective bubble of charged particles. It follows in the path of its sibling, Voyager 1, which crossed into interstellar space in 2012.

The Sun’s solar wind makes up the heliosphere, which surrounds all the planets in our solar system. The boundary where the hot solar winds of the heliosphere end and give way to the cold interstellar medium is known as the heliopause, and it’s also the border of interstellar space. On November 5, 2018, instruments aboard NASA’s Voyager 2 spacecraft sent back data indicating the craft had crossed the heliopause. The craft is now traveling and collecting data in interstellar space more than 11 billion miles (17 billion kilometers) from Earth.

Safe travels!

Speaking of space, this caught my eye:

In a study published March 9 in The Monthly Notices of the Royal Astronomical Society, astronomers announced the discovery that all disk galaxies rotate about once every billion years, no matter their size or mass.

“It’s not Swiss watch precision,” said Gerhardt Meurer, an astronomer from the International Centre for Radio Astronomy Research (ICRAR), in a press release. “But regardless of whether a galaxy is very big or very small, if you could sit on the extreme edge of its disk as it spins, it would take you about a billion years to go all the way round.”

Alpha Centauri Sucks

Latest XKCD cartoon:

I believe this is known as a “dad joke.” In any case, nothing wrong with a little mild astronomy humor. Astro-comedy? Reminds me of this quote from Douglas Adams’s The Restaurant at the End of the Universe:

The History of every major Galactic Civilization tends to pass through three distinct and recognizable phases, those of Survival, Inquiry and Sophistication, otherwise known as the How, Why, and Where phases. For instance, the first phase is characterized by the question ‘How can we eat?’ the second by the question ‘Why do we eat?’ and the third by the question ‘Where shall we have lunch?”

(See also. And.)

The most relaxing song on earth, according to science

Here is “Weightless,” a song specially designed to be the most relaxing piece of music on earth:

Listen and feel your blood pressure and cortisol levels ebb.

It’s science:

According to Dr. David Lewis-Hodgson of Mindlab International, which conducted the research, the top song produced a greater state of relaxation than any other music tested to date.

In fact, listening to that one song — “Weightless” — resulted in a striking 65 percent reduction in participants’ overall anxiety, and a 35 percent reduction in their usual physiological resting rates.

That is remarkable.

Equally remarkable is the fact the song was actually constructed to do so. The group that created “Weightless”, Marconi Union, did so in collaboration with sound therapists. Its carefully arranged harmonies, rhythms, and bass lines help slow a listener’s heart rate, reduce blood pressure and lower levels of the stress hormone cortisol.

The greatness of gait

Ministry of Silly Walks Monty Python

People have been interested in gait since the time of Aristotle. I think it’s one of the most vivid aspects of human individuality. Like snowflakes, no two gaits are alike.

Some people stride from point A to point B. Others trudge. You can also amble, bimble, bounce, clump, falter, gimp, glide, hike, hobble, limp, lumber, lurch, march, mince, mosey, nip, pace, parade, perambulate, peregrinate, plod, pound, power walk, prance, promenade, pussyfoot, ramble, roam, sashay, saunter, scuff, shamble, shuffle, stagger, stalk, step, stomp, stroll, strut, stumble, stump, swagger, tiptoe, toddle, totter, traipse, tramp, trample, traverse, tread, trip, tromp, troop, trot, waddle, and wander. And these are just categories of walking. Each individual has a unique locomotive signature, which is always more complex and distinctive than any of the above words can capture.

Gait should be recognized as a seamless part of one’s personality. For example, I am constantly told that I walk too fast. Criticism is important to me, so I considered this carefully for many years. Finally, I came to the conclusion that the rest of the world walks too slow.

Forensic gait analysis is used by law enforcement to identify criminals on surveillance videos when their faces are obscured. If only the government had the technology to accurately record and identify each person’s gait, then it would be much easier to track everyone.

Wait, did someone say “track everyone”?

China’s on it:

Chinese authorities have begun deploying a new surveillance tool: “gait recognition” software that uses people’s body shapes and how they walk to identify them, even when their faces are hidden from cameras.

Already used by police on the streets of Beijing and Shanghai, “gait recognition” is part of a push across China to develop artificial-intelligence and data-driven surveillance that is raising concern about how far the technology will go.

Huang Yongzhen, the CEO of Watrix, said that its system can identify people from up to 50 meters (165 feet) away, even with their back turned or face covered. This can fill a gap in facial recognition, which needs close-up, high-resolution images of a person’s face to work.

“You don’t need people’s cooperation for us to be able to recognize their identity,” Huang said in an interview in his Beijing office. “Gait analysis can’t be fooled by simply limping, walking with splayed feet or hunching over, because we’re analyzing all the features of an entire body.”

The worst idea in history?

Earth laser

Or we could not

It could prove to be:

A pair of MIT researchers has proposed a radical method for making our presence known in the universe.

In a new feasibility study, the team says it could be possible to use laser technology as a beacon to attract the attention of alien astronomers, much like a planetary-scale porch light.

Using a laser focused through a huge telescope, the researchers say this ‘porch light’ could be seen from as far as 20,000 light-years away.

In a paper published in the Astrophysical Journal, the MIT team describes how a high-powered 1 to 2-megawatt laser could be aimed toward space through a 30 to 45-meter telescope to create a detectable beacon.

With this configuration, the infrared radiation from the system would be strong enough for an intelligent species to differentiate it from the sun.

Granted, this is just a feasibility study rather than an actual proposal.

I think Stephen Hawking had the right idea about contacting aliens:

“One day, we might receive a signal from a planet like this, but we should be wary of answering back,” he in the documentary, “Stephen Hawking’s Favourite Places.”

“Meeting an advanced civilization could be like Native Americans encountering Columbus. That didn’t turn out so well.”

He claimed alien life could be “rapacious marauders roaming the cosmos in search of resources to plunder, and planets to conquer and colonize.”

My concern would be catching the attention of an aggressive von Neumann probe launched by a xenophobic alien civilization. Such a probe would have a search and destroy mission to identify signs of intelligent life throughout the galaxy, and exterminate it. Aiming a giant laser beacon at space would be like announcing your position to the enemy. Sometimes you just need to lay low.

Is Bloomberg peddling fake news about Chinese hardware hacking?

Infosec hardware implants

The state of infosec right now (Credit: Colin O’Flynn)

The jury is still out, but this isn’t looking great for Bloomberg:

The veracity of a bombshell yarn claiming Chinese agents managed to sneak spy chips into Super Micro servers used by Amazon, Apple and the US government is still being fiercely argued over five days after publication. […]

Faced with such uncertainty, some are reaching for a unifying explanation: that Bloomberg was misled by some in the intelligence community that wish, for their own reasons, to raise the specter of Chinese interference in the global electronics supply chain. Bloomberg could be accurately reporting an intelligence misinformation campaign. […]

On the possible failure of adequate fact checking, earlier this week one of the security experts that Bloomberg spoke to in order to explain how the claimed spy chip would actually work, Joe Fitzpatrick, gave an interview to Aussie veteran infosec journalist Patrick Gray in which Fitzpatrick said he had told the Bloomberg spy-chip reporters of his doubts that it was feasible and that he was “uncomfortable” with the final article.

An NSA official is also pushing back:

Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA, is the latest official to question the accuracy of Bloomberg Businessweek’s bombshell “The Big Hack” report about Chinese spies compromising the U.S. tech supply chain.

“I have pretty good understanding about what we’re worried about and what we’re working on from my position. I don’t see it,” said Joyce, speaking at a U.S. Chamber of Commerce cyber summit in Washington, D.C. today, according to a subscriber-only Politico report viewed by MacRumors.

“I’ve got all sorts of commercial industry freaking out and just losing their minds about this concern, and nobody’s found anything,” Joyce added.

Twitter user Hector Martin (@marcan42) had a fierce response to Bloomberg’s second story on the alleged Chinese hardware hacking:

Ah, I see, Bloomberg. So instead of a (partial) retraction of your at least half if not fully bullshit China implant story, you’re going to now publish *one guy’s* claim of Ethernet jack implants. When you had <5 days to check anything he provided.

Remember when a certain other security researcher was convinced his Ethernet jacks had implants? Remember all this “evidence”? How *we* knew it was BS? Now consider whether Bloomberg’s technically clueless journalists would know it’s BS.

Seriously, this is just pathetic now. They just went from “1 year and multiple sources” to “<5 days and one guy”. This is just negligence.

https://t.co/eReEXegOHZ

Why is it that every time something like this happens nobody has any hard documentation or analysis results? Ah yes, the best cop-out. “We don’t have it any more, we can’t give you more details”.

So now we have *software* detecting *analog* stuff like the “power consumption” of a *network*.

None of those words go together. At all.

Basically every Ethernet jack I’ve seen in anything but cheapo consumer routers/switches has been metal. How the hell is this an IOC?

Nevermind that… Ethernet jacks don’t have power pins. Where is this module (that uses so much power that it gets hot) magically powering itself from? Nobody runs PoE out to servers. Did they modify the board design to add power pins too?

Commenting on the above thread, Joe Fitzpatrick had this to say:

I was contacted and declined to give comment for this story. I explained this wasn’t the first time this year someone was making this claim.

@marcan42 has experience debunking claims of ‘backdoored’ ethernet jacks. Details in this story are almost identical to last time.

Sepio systems also shared a document with me yesterday. It had juicy details about rogue hardware.

It was a marketing 1-pager.

Whatever the truth of the  matter, Yossi Appleboum, the ex-Israeli intelligence guy cited in Bloomberg’s follow-up story, gets the last word:

We found it in different vendors, not just Supermicro. We found it not just in servers, in different variations, but hardware manipulation on different interfaces, mostly in network related. We found it in different devices connected to the network, even Ethernet switches. I am talking about really big what are considered to be major American brands, many compromised through the same method.

This is why I think that Supermicro has nothing to do with that. In many cases, by the way, it is not through manufacturing, it is after through the supply chain.

People think of the supply chain in a very narrow sense between the manufacturer and the customer. Supply chain never ends. There are technicians, there are integrators, there are people that work in your facilities. We have seen after installation, after the fact attacks where someone switched something already installed. This is why Supermicro would have no idea what happens later in the supply chain. […]

We have a problem. The problem is the hardware supply chain. All of us are dealing with what happened to Supermicro, and whether Amazon knew or did not know. That is not the main issue for me. The main issue is that we have a problem. It is global. This is why I think Supermicro is suffering from the big players. I am talking about the really big players who know that they have the same problem, and they are kind of using the story right now to throw Supermicro under the bus instead of coming out and saying that it is a global problem, let’s fix it and find a solution.

More evidence of massive Chinese hardware hack

Bloomberg has a new story out about China’s alleged tampering with the global hardware supply chain, revealing that an unnamed, major US telecom company discovered a malicious implant in a Supermicro server back in August. The source of the story seems credible (Bloomberg’s previous story on the Supermicro hacking did not name sources.)

If true, the scale of the potential damage from this hardware hacking is almost incomprehensible.

In the wake of Bloomberg’s reporting on the attack against Supermicro products, security experts say that teams around the world, from large banks and cloud computing providers to small research labs and startups, are analyzing their servers and other hardware for modifications, a stark change from normal practices. Their findings won’t necessarily be made public, since hardware manipulation is typically designed to access government and corporate secrets, rather than consumer data.

National security experts say a key problem is that, in a cybersecurity industry approaching $100 billion in revenue annually, very little of that has been spent on inspecting hardware for tampering. That’s allowed intelligence agencies around the world to work relatively unimpeded, with China holding a key advantage.

Brian Krebs has an insightful post about the issue on his security blog. Of particular interest:

The U.S. Government isn’t eager to admit it, but there has long been an unofficial inventory of tech components and vendors that are forbidden to buy from if you’re in charge of procuring products or services on behalf of the U.S. Government. Call it the “brown list, “black list,” “entity list” or what have you, but it’s basically an indelible index of companies that are on the permanent Shit List of Uncle Sam for having been caught pulling some kind of supply chain shenanigans.

More than a decade ago when I was a reporter with The Washington Post, I heard from an extremely well-placed source that one Chinese tech company had made it onto Uncle Sam’s entity list because they sold a custom hardware component for many Internet-enabled printers that secretly made a copy of every document or image sent to the printer and forwarded that to a server allegedly controlled by hackers aligned with the Chinese government.

And he identifies the crux of the issue:

Like it or not, the vast majority of electronics are made in China, and this is unlikely to change anytime soon. The central issue is that we don’t have any other choice right now. The reason is that by nearly all accounts it would be punishingly expensive to replicate that manufacturing process here in the United States. […]

Indeed, noted security expert Bruce Schneier calls supply-chain security “an insurmountably hard problem.”

The original Bloomberg piece, as he points out, also addresses what he calls “this elephant in the room.” Quote from that piece:

The problem under discussion wasn’t just technological. It spoke to decisions made decades ago to send advanced production work to Southeast Asia. In the intervening years, low-cost Chinese manufacturing had come to underpin the business models of many of America’s largest technology companies. Early on, Apple, for instance, made many of its most sophisticated electronics domestically. Then in 1992, it closed a state-of-the-art plant for motherboard and computer assembly in Fremont, Calif., and sent much of that work overseas.

Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories.

As time goes on, the evidence mounts that offshoring advanced manufacturing to low-cost countries in Asia was an epochal blunder by the US. Now the US is abjectly dependent on a hardware supply chain that may be deeply compromised and there is no obvious way to fix or even detect its vulnerabilities. However, to call this “an insurmountably hard problem” is an exaggeration; it is merely staggeringly hard.

The solution would almost certainly have to involve moving a large amount of high-tech production back to the US. This would be terrifyingly expensive, but the US may not have a choice, and the economic benefits of creating all those new jobs and factories could be enormous.

Anything that has been offshored can be reshored. Anything that was invented in the US can be made in the US. If I’m wrong, please explain how.

Spy fail

Burn After Reading GRU

Suspected GRU operative

The GRU, what happened to you?

It must go down as one of the most embarrassing months ever for Russia’s military intelligence.

In the 30 days since Theresa May revealed the cover identities of the Salisbury poison suspects, the secretive GRU (now GU) has been publicly exposed by rival intelligence agencies and online sleuths, with an assist from Russia’s own president.

Despite attempts to stonewall public inquiry, the GRU’s dissection has been clinical. The agency has always had a reputation for daring, bolstered by its affiliation with special forces commando units and agents who have seen live combat.

But in dispatching agents to the Netherlands who could, just using Google, be easily exposed as graduates of an elite GRU academy, the agency appears reckless and absurdly sloppy.

In response to the surreal interview with the Skripal poisoning suspects, I wrote: “I thought Russian intelligence operatives were supposed to be smart? What is going on here?” It gets worse:

[…] And then came Thursday’s bombshell: four men outed by Dutch investigators for attempting to hack into the Organisation for the Prohibition of Chemical Weapons (as well as Malaysia’s investigation into a downed jetliner).

The alleged spies were caught carrying enough telephones to fill an electronics store. Moreover, like all meticulous Russians on a business trip, they held on to their taxi receipts from GRU headquarters.

At a glance, it’s hard to square such ridiculous incompetence with the idea that Putin and his operatives are crafty enough to destroy Western democracy. In any case, the GRU’s epic fails do seem to indicate the declining value of human intelligence in the age of the internet.