Enlarge/ Stuart Smalley is here to help with daily affirmations of SLS.
Aurich Lawson | SNL
There is a curious section in the new congressional reauthorization bill for NASA that concerns the agency’s large Space Launch System rocket.
The section is titled “Reaffirmation of the Space Launch System,” and in it Congress asserts its commitment to a flight rate of twice per year for the rocket. The reauthorization legislation, which cleared a House committee on Wednesday, also said NASA should identify other customers for the rocket.
“The Administrator shall assess the demand for the Space Launch System by entities other than NASA and shall break out such demand according to the relevant Federal agency or nongovernment sector,” the legislation states.
Congress directs NASA to report back, within 180 days of the legislation passing, on several topics. First, the legislators want an update on NASA’s progress toward achieving a flight rate of twice per year for the SLS rocket, and the Artemis mission by which this capability will be in place.
Additionally, Congress is asking for NASA to study demand for the SLS rocket and estimate “cost and schedule savings for reduced transit times” for deep space missions due to the “unique capabilities” of the rocket. The space agency also must identify any “barriers or challenges” that could impede use of the rocket by other entities other than NASA, and estimate the cost of overcoming those barriers.
Is someone afraid?
There is a fair bit to unpack here, but the inclusion of this section—there is no “reaffirmation” of the Orion spacecraft, for example—suggests that either the legacy space companies building the SLS rocket, local legislators, or both feel the need to protect the SLS rocket. As one source on Capitol Hill familiar with the legislation told Ars, “It’s a sign that somebody’s afraid.”
Congress created the SLS rocket 14 years ago with the NASA Authorization Act of 2010. The large rocket kept a river of contracts flowing to large aerospace companies, including Boeing and Northrop Grumman, who had been operating the Space Shuttle. Congress then lavished tens of billions of dollars on the contractors over the years for development, often authorizing more money than NASA said it needed. Congressional support was unwavering, at least in part because the SLS program boasts that it has jobs in every state.
Under the original law, the SLS rocket was supposed to achieve “full operational capability” by the end of 2016. The first launch of the SLS vehicle did not take place until late 2022, six years later. It was entirely successful. However, due to various reasons, the rocket will not fly again until September 2025 at the earliest.
Both BMW and Stellantis are recalling hundreds of thousands of vehicles in the US this month due to airbag problems. For BMW, the problem, which potentially affects 394,029 cars, is a continuation of the Takata airbag recall, the largest automotive recall in history. Stellantis has slightly fewer potentially affected cars, with 322,000 subject to recall, but for a different problem caused by a suspect sensor in the seat belt buckle.
BMW
While the BMW recall will be sent to almost 400,000 owners, the company suspects only 1 percent of that population will have a problem that needs remedying. That’s because it wants dealers to check any cars where the owner has replaced the factory-fitted steering wheel with a Sport or M-Sport version equipped with a PSDI-5 inflator.
These inflators lack a desiccant or drying agent that would otherwise prevent the ammonium nitrate airbag propellant from taking on moisture, degrading the airbag’s performance to the point where it could overinflate and shower the interior with metal fragments. At least 24 people have been killed by defective Takata airbags in the US, which led to 42 million cars being recalled to fix the problem.
BMW’s recall affects the model-years 2006–11 323i, 325i, 330i, 330Xi, 335i, 335Xi; the model-years 2006–12 325Xi, 328i, 328Xi; and the model-years 2009–11 335d. Should inspection find a replacement wheel with a Takata inflator, it will be replaced with a new airbag module, BMW says.
Stellantis
The Stellantis recall appears to affect cars produced in Italy: the model-years 2017–24 Alfa Romeo Giulia, model-years 2018–24 Alfa Romeo Stelvio, model-year 2024 Fiat 500E, model-years 2019–23 Fiat 500X, and model-years 2019–23 Jeep Renegade.
Here, the problem is not an airbag inflator but the Hall effect sensor, supplied by ZF, on the seat belt buckle—or, more specifically, the wiring that connects that sensor to the car’s internal network. Suspect connectors were used in different models at different times, some as early as 2016 and some as late as this June. In cars with faulty Hall effect sensor wiring, the airbag may not trigger during a crash.
Stellantis says that dealers will directly wire the sensor to the wiring harness with a solder tube in affected cars.
The suit followed 2022 antitrust probes in the European Union and United Kingdom that found that Amazon’s Buy Box hid cheaper items with faster delivery times to preference Fulfilled By Amazon (FBA) sellers since at least 2016.
As a result, Amazon had to change its Buy Box practices and earn back the trust of customers and sellers, the company said in a 2022 blog. Among changes, Amazon agreed to treat all sellers equally when featuring offers in the Buy Box and to promote a second competing offer when a comparable deal is available at either a lower price or with a faster delivery time.
Those steps apparently didn’t satisfy users who sued: Jeffrey Taylor and Robert Selway. They asked courts to find a “reasonable inference of injury” since they were Amazon customers for years while the price rigging occurred. They claimed that “but for Amazon’s deceptive conduct concerning the Buy Box algorithm, Plaintiffs and members of the Class would have purchased the lower priced offers from non-FBA sellers with equivalent or better delivery.”
But this week, a US district judge in Seattle, Marsha Pechman, told users suing that it wasn’t enough to show evidence of Amazon’s proven misconduct. To satisfy a claim under Washington’s Consumer Protection Act (CPA), they needed to provide receipts from transactions showing that Amazon charged them higher prices while cheaper items were available. Instead, their complaint seemingly contradicted their claim, only showing one example of a Buy Box screenshot that Pechman said showed a hand soap that was offered by other sellers for prices significantly higher than Amazon’s featured offer.
“Plaintiffs have not adequately shown that they made any specific transaction with Amazon, let alone one from the Buy Box,” Pechman wrote in her order. And they “do not allege any specific purchases in which they were deceived via the Buy Box, let alone provide receipts.”
This doesn’t necessarily end the fight to hold Amazon accountable, though. The judge granted leave for users to amend their complaint and either provide “information regarding specific orders (i.e., receipts)” or “make allegations regarding discrete transactions with Amazon.”
Now, the Amazon users have 30 days to track down receipts or otherwise show evidence of specific transactions where they were injured, Pechman wrote.
“Without a showing of a specific transaction, Plaintiffs cannot possibly allege that they themselves were overcharged for any particular purchase—which is the injury in dispute,” Pechman wrote.
It will likely be challenging for the Amazon users to establish that they paid higher prices for items purchased on the platform years ago, and Pechman admitted this much in her order.
“The Court recognizes that Plaintiffs may be unable to ultimately prove that they overpaid for specific purchases,” Pechman wrote, but the CPA requires more than a “mere possibility of injury.”
Ars could not immediately reach plaintiffs’ lawyers for comment. Amazon declined to comment.
Enlarge/ A single logical qubit is built from a large collection of hardware qubits.
One of the more striking things about quantum computing is that the field, despite not having proven itself especially useful, has already spawned a collection of startups that are focused on building something other than qubits. It might be easy to dismiss this as opportunism—trying to cash in on the hype surrounding quantum computing. But it can be useful to look at the things these startups are targeting, because they can be an indication of hard problems in quantum computing that haven’t yet been solved by any one of the big companies involved in that space—companies like Amazon, Google, IBM, or Intel.
In the case of a UK-based company called Riverlane, the unsolved piece that is being addressed is the huge amount of classical computations that are going to be necessary to make the quantum hardware work. Specifically, it’s targeting the huge amount of data processing that will be needed for a key part of quantum error correction: recognizing when an error has occurred.
Error detection vs. the data
All qubits are fragile, tending to lose their state during operations, or simply over time. No matter what the technology—cold atoms, superconducting transmons, whatever—these error rates put a hard limit on the amount of computation that can be done before an error is inevitable. That rules out doing almost every useful computation operating directly on existing hardware qubits.
The generally accepted solution to this is to work with what are called logical qubits. These involve linking multiple hardware qubits together and spreading the quantum information among them. Additional hardware qubits are linked in so that they can be measured to monitor errors affecting the data, allowing them to be corrected. It can take dozens of hardware qubits to make a single logical qubit, meaning even the largest existing systems can only support about 50 robust logical qubits.
Riverlane’s founder and CEO, Steve Brierley, told Ars that error correction doesn’t only stress the qubit hardware; it stresses the classical portion of the system as well. Each of the measurements of the qubits used for monitoring the system needs to be processed to detect and interpret any errors. We’ll need roughly 100 logical qubits to do some of the simplest interesting calculations, meaning monitoring thousands of hardware qubits. Doing more sophisticated calculations may mean thousands of logical qubits.
That error-correction data (termed syndrome data in the field) needs to be read between each operation, which makes for a lot of data. “At scale, we’re talking a hundred terabytes per second,” said Brierley. “At a million physical qubits, we’ll be processing about a hundred terabytes per second, which is Netflix global streaming.”
It also has to be processed in real time, otherwise computations will get held up waiting for error correction to happen. To avoid that, errors must be detected in real time. For transmon-based qubits, syndrome data is generated roughly every microsecond, so real time means completing the processing of the data—possibly Terabytes of it—with a frequency of around a Megahertz. And Riverlane was founded to provide hardware that’s capable of handling it.
Handling the data
The system the company has developed is described in a paper that it has posted on the arXiv. It’s designed to handle syndrome data after other hardware has already converted the analog signals into digital form. This allows Riverlane’s hardware to sit outside any low-temperature hardware that’s needed for some forms of physical qubits.
That data is run through an algorithm the paper terms a “Collision Clustering decoder,” which handles the error detection. To demonstrate its effectiveness, they implement it based on a typical Field Programmable Gate Array from Xilinx, where it occupies only about 5 percent of the chip but can handle a logical qubit built from nearly 900 hardware qubits (simulated, in this case).
The company also demonstrated a custom chip that handled an even larger logical qubit, while only occupying a tiny fraction of a square millimeter and consuming just 8 milliwatts of power.
Both of these versions are highly specialized; they simply feed the error information for other parts of the system to act on. So, it is a highly focused solution. But it’s also quite flexible in that it works with various error-correction codes. Critically, it also integrates with systems designed to control a qubit based on very different physics, including cold atoms, trapped ions, and transmons.
“I think early on it was a bit of a puzzle,” Brierley said. “You’ve got all these different types of physics; how are we going to do this?” It turned out not to be a major challenge. “One of our engineers was in Oxford working with the superconducting qubits, and in the afternoon he was working with the iron trap qubits. He came back to Cambridge and he was all excited. He was like, ‘They’re using the same control electronics.'” It turns out that, regardless of the physics involved in controlling the qubits, everybody had borrowed the same hardware from a different field (Brierley said it was a Xilinx radiofrequency system-on-a-chip built for 5G base stationed prototyping.) That makes it relatively easy to integrate Riverlane’s custom hardware with a variety of systems.
One of the most widely used network protocols is vulnerable to a newly discovered attack that can allow adversaries to gain control over a range of environments, including industrial controllers, telecommunications services, ISPs, and all manner of enterprise networks.
Short for Remote Authentication Dial-In User Service, RADIUS harkens back to the days of dial-in Internet and network access through public switched telephone networks. It has remained the de facto standard for lightweight authentication ever since and is supported in virtually all switches, routers, access points, and VPN concentrators shipped in the past two decades. Despite its early origins, RADIUS remains an essential staple for managing client-server interactions for:
VPN access
DSL and Fiber to the Home connections offered by ISPs,
Wi-Fi and 802.1X authentication
2G and 3G cellular roaming
5G Data Network Name authentication
Mobile data offloading
Authentication over private APNs for connecting mobile devices to enterprise networks
Authentication to critical infrastructure management devices
Eduroam and OpenRoaming Wi-Fi
RADIUS provides seamless interaction between clients—typically routers, switches, or other appliances providing network access—and a central RADIUS server, which acts as the gatekeeper for user authentication and access policies. The purpose of RADIUS is to provide centralized authentication, authorization, and accounting management for remote logins.
The protocol was developed in 1991 by a company known as Livingston Enterprises. In 1997 the Internet Engineering Task Force made it an official standard, which was updated three years later. Although there is a draft proposal for sending RADIUS traffic inside of a TLS-encrypted session that’s supported by some vendors, many devices using the protocol only send packets in clear text through UDP (User Datagram Protocol).
XKCD
Enlarge/ A more detailed illustration of RADIUS using Password Authentication Protocol over UDP.
Goldberg et al.
Roll-your-own authentication with MD5? For real?
Since 1994, RADIUS has relied on an improvised, home-grown use of the MD5 hash function. First created in 1991 and adopted by the IETF in 1992, MD5 was at the time a popular hash function for creating what are known as “message digests” that map an arbitrary input like a number, text, or binary file to a fixed-length 16-byte output.
For a cryptographic hash function, it should be computationally impossible for an attacker to find two inputs that map to the same output. Unfortunately, MD5 proved to be based on a weak design: Within a few years, there were signs that the function might be more susceptible than originally thought to attacker-induced collisions, a fatal flaw that allows the attacker to generate two distinct inputs that produce identical outputs. These suspicions were formally verified in a paper published in 2004 by researchers Xiaoyun Wang and Hongbo Yu and further refined in a research paper published three years later.
The latter paper—published in 2007 by researchers Marc Stevens, Arjen Lenstra, and Benne de Weger—described what’s known as a chosen-prefix collision, a type of collision that results from two messages chosen by an attacker that, when combined with two additional messages, create the same hash. That is, the adversary freely chooses two distinct input prefixes 𝑃 and 𝑃′ of arbitrary content that, when combined with carefully corresponding suffixes 𝑆 and 𝑆′ that resemble random gibberish, generate the same hash. In mathematical notation, such a chosen-prefix collision would be written as 𝐻(𝑃‖𝑆)=𝐻(𝑃′‖𝑆′). This type of collision attack is much more powerful because it allows the attacker the freedom to create highly customized forgeries.
To illustrate the practicality and devastating consequences of the attack, Stevens, Lenstra, and de Weger used it to create two cryptographic X.509 certificates that generated the same MD5 signature but different public keys and different Distinguished Name fields. Such a collision could induce a certificate authority intending to sign a certificate for one domain to unknowingly sign a certificate for an entirely different, malicious domain.
In 2008, a team of researchers that included Stevens, Lenstra, and de Weger demonstrated how a chosen prefix attack on MD5 allowed them to create a rogue certificate authority that could generate TLS certificates that would be trusted by all major browsers. A key ingredient for the attack is software named hashclash, developed by the researchers. Hashclash has since been made publicly available.
Despite the undisputed demise of MD5, the function remained in widespread use for years. Deprecation of MD5 didn’t start in earnest until 2012 after malware known as Flame, reportedly created jointly by the governments of Israel and the US, was found to have used a chosen prefix attack to spoof MD5-based code signing by Microsoft’s Windows update mechanism. Flame used the collision-enabled spoofing to hijack the update mechanism so the malware could spread from device to device inside an infected network.
More than 12 years after Flame’s devastating damage was discovered and two decades after collision susceptibility was confirmed, MD5 has felled yet another widely deployed technology that has resisted common wisdom to move away from the hashing scheme—the RADIUS protocol, which is supported in hardware or software provided by at least 86 distinct vendors. The result is “Blast RADIUS,” a complex attack that allows an attacker with an active adversary-in-the-middle position to gain administrator access to devices that use RADIUS to authenticate themselves to a server.
“Surprisingly, in the two decades since Wang et al. demonstrated an MD5 hash collision in 2004, RADIUS has not been updated to remove MD5,” the research team behind Blast RADIUS wrote in a paper published Tuesday and titled RADIUS/UDP Considered Harmful. “In fact, RADIUS appears to have received notably little security analysis given its ubiquity in modern networks.”
The paper’s publication is being coordinated with security bulletins from at least 90 vendors whose wares are vulnerable. Many of the bulletins are accompanied by patches implementing short-term fixes, while a working group of engineers across the industry drafts longer-term solutions. Anyone who uses hardware or software that incorporates RADIUS should read the technical details provided later in this post and check with the manufacturer for security guidance.
Enlarge/ Under-powered Samsung camera, meet over-powered 4G LTE dongle. Now work together to move pictures over the air.
Georg Lukas
Back in 2010—after the first iPhone, but before its camera was any good—a mirrorless, lens-swapping camera that could upload photos immediately to social media or photo storage sites was a novel proposition. That’s what Samsung’s NX cameras promised.
Unsurprisingly, Samsung didn’t keep that promise too much longer after it dropped its camera business and sales numbers disappeared. It tried out the quirky idea of jamming together Android phones and NX cameras in 2013, providing a more direct means of sending shots and clips to Instagram or YouTube. But it shut down its Social Network Services (SNS) entirely in 2021, leaving NX owners with the choices of manually transferring their photos or ditching their cameras (presuming they had not already moved on).
Some people, wonderfully, refuse to give up. People like Georg Lukas, who reverse-engineered Samsung’s SNS API to bring back a version of direct picture posting to Wi-Fi-enabled NX models, and even expand it. It was not easy, but at least the hardware is cheap. By reflashing the surprisingly capable board on a USB 4G dongle, Lukas is able to create a Wi-Fi hotspot with LTE uplink and run his modified version of Samsung’s (woefully insecure) service natively on the stick.
What is involved should you have such a camera? Here’s the shorter version of Lukas’ impressive redux:
Installing Debian on the LTE dongle’s board
Creating a Wi-Fi hotspot on the stick using NetworkManager
Configuring the web server now running on that dongle
The details of how Lukas reverse-engineered the firmware from a Samsung WB850F are posted on his blog. It is one of those Internet blog posts in which somebody describes something incredibly arcane, requiring a dozen kinds of knowledge backed by experience, with the casualness with which one might explain how to plant seeds in soil.
The hardest part of the whole experiment might be obtaining the 4G LTE stick itself. The Hackaday blog has detailed this stick (and also tipped us to this camera rebirth project), which is a purpose-built device that can be turned into a single-board computer again, on the level of a Pi Zero W2, should you apply a new bootloader and stick Linux on it. You can find it on Alibaba for very cheap—or seemingly find it, because some versions of what looks like the same stick come with a far more limited CPU. You’re looking for a stick with the MSM8916 inside, sometimes listed as a “QualComm 8916.”
Lukas’ new version posts images to Mastodon, as demonstrated in his proof of life post. It could likely be extended to more of today’s social or backup services, should he or anybody else have the time and deep love for what are not kinda cruddy cameras. Here’s hoping today’s connected devices have similarly dedicated hackers in the future.
The Federal Communications Commission said it is preparing to block a phone company that carried illegal robocalls pushing fake programs that promised to wipe out consumers’ tax debt. Veriwave Telco “has not complied with FCC call blocking rules for providers suspected of carrying illegal traffic” and now has two weeks to contest an order that would require all downstream voice providers to block all of the telco’s call traffic, the FCC announced yesterday.
Robocalls sent in the months before tax filing season “purported to provide information about a ‘National Tax Relief Program’ and, in some instances, also discussed a ‘Tax Dismissal Program,'” the FCC order said. “The [Enforcement] Bureau has found no evidence of the existence of either program. Many of the messages further appealed to recipients with the offer to ‘rapidly clear’ their tax debt.”
Call recipients who listened to the prerecorded message and chose to speak to an operator were then asked to provide private information. Nearly 16 million calls were sent, though it’s unclear how many went through Veriwave.
Veriwave is an “originating provider” that distributes call traffic to other phone companies before calls are delivered to landline and cellphone users. The Industry Traceback Group (ITG), which is run by the USTelecom trade association and coordinates with the FCC, conducted tracebacks on about two dozen calls and determined that Veriwave was the originating provider.
“The ITG notified Veriwave of these calls and provided the Company with supporting data identifying each call,” the FCC said in a previous order. “Veriwave did not contest it had originated the calls and identified one client as the source of all of the calls. Veriwave did not offer evidence of consent for the calls or contest the unlawful nature of the calls. Nor did Veriwave contest that any exceptions to the rules applied.”
No reply
The robocalls began, “I’ve been tasked to personally contact you and make sure that you have been provided the information about the new National Tax Relief Program. This relevant information is extremely important with helping those that owe back taxes to rapidly clear their debt.” The calls then listed eligibility requirements for the nonexistent program and instructed recipients to press 1 to speak to a person.
“If the recipient connected to a live operator, the live operator reportedly asked for personal information, including date of birth and Social Security number,” the FCC said.
The FCC said it reached out to Veriwave “about its robocall mitigation efforts, but the email was returned as undeliverable.” The FCC then sent a formal notice to the company but received no response.
The FCC on April 4 notified all US-based voice providers that they were permitted—but not required—to block calls from Veriwave. Under the FCC’s blocking procedures, yesterday’s order triggered a 14-day period in which Veriwave can respond and “demonstrate compliance” with the rules. After that, all phone companies “immediately downstream from Veriwave will then be required to block and cease accepting all traffic received directly from Veriwave beginning 30 days after release of the Final Determination Order.”
The FCC said the ITG conducted tracebacks of 23 illegal robocalls between November 30, 2023, and January 29, 2024, but the actual number of illegal robocalls is apparently much higher. “YouMail, a software app company, estimates that approximately 15.8 million calls of this nature were transmitted in the three months immediately preceding the start of the 2024 tax filing season,” the FCC said. “The Industry Traceback Group and the FCC traced a number of these calls to Veriwave as the originating provider.”
FCC records show that Veriwave, based in Delaware, testified under penalty of perjury in November 2023 that it completed implementation of the STIR/SHAKEN technology that inhibits robocalls by authenticating Caller ID information.
Enlarge/ Nike announced the Adapt BB as “a Self-Lacing Basketball Shoe” with app-controllable LEDs.
Nike
In 2019, Nike got closer than ever to its dreams of popularizing self-tying sneakers by releasing the Adapt BB. Using Bluetooth, the sneakers paired to the Adapt app that let users do things like tighten or loosen the shoes’ laces and control its LED lights. However, Nike has announced that it’s “retiring” the app on August 6, when it will no longer be downloadable from Apple’s App Store or the Google Play Store; nor will it be updated.
In an announcement recently spotted by The Verge, Nike’s brief explanation for discontinuing the app is that Nike “is no longer creating new versions of Adapt shoes.” The company started informing owners about the app’s retirement about four months ago.
Those who already bought the shoes can still use the app after August 6, but it’s expected that iOS or Android updates will eventually make the app unusable. Also, those who get a new device won’t be able to download Adapt after August 6.
Without the app, wearers are unable to change the color of the sneaker’s LED lights. The lights will either maintain the last color scheme selected via the app or, per Nike, “if you didn’t install the app, light will be the default color.” While owners will still be able to use on-shoe buttons to turn the shoes on or off, check its battery, adjust the lace’s tightness, and save fit settings, the ability to change lighting and control the shoes via mobile phone were big selling points of the $350 kicks.
Despite the Adapt BB being Nike’s third version of self-tying sneakers and its most widely available one yet, the sneakers look doomed to have some its most marketed features bricked. Nike still maintains other mobile apps that are directly tied to shoe functionality, like its shopping app and Run Club app for tracking running.
Disappointed sneakerheads
Adapt BB owners have shared disappointment after learning the news. One Reddit user who claimed to own multiple pairs of the shoes called the news “hyper bullshit,” while another described it as “immensely disappointing.”
Some hope that Nike will open-source the app so that customers can maintain their shoes’ original and full functionality. But Nike hasn’t shared any plans to do so. Ars Technica asked the company about this but didn’t hear back ahead of press time.
One person going by Maverick-1776 on Reddit wrote:
These shoes were so expensive when they came out. I don’t see why it’s such a big deal to keep supporting the app. It doesn’t mean they need to dedicate a dev team. …
Hopefully the app doesn’t disappear if you already have it installed. I like using the app to see how much battery is left, or just messing around with the LEDs.”
Reddit’s Taizan said companies like Nike should “offer alternatives or put out stuff to the public domain when they do these things,” adding: “Sustainability also involves maintenance of past products, digital or not.”
“I’m out. Fuck ’em.”
Some may be unsurprised that Nike’s attempt at commercializing the shoes from Back to the Future Part II has run into a wall. Nike, for instance, also discontinued NikeConnect, its app for $200 NBA jerseys announced in 2017 that turned wearers into marketing gold.
Casual sneaker wearers would overlook the Adapt BB’s flashy features, but the shoe had inherent flaws that could frustrate sneaker fanatics, too. It didn’t take long, for example, for a recommended software update to break the shoes, including making them unwearable to anyone who wanted to tighten the laces (at the time, Nike said the problem affected a small number of owners). Nike’s tech inexperience played a role, as the company’s testing reportedly didn’t fully consider all the different phone models in use and their varying Bluetooth capabilities.
Nike’s borked shoe update was early warning of what happens when expensive products are tied to technology run by companies with limited tech chops.
Reddit user rtuite81 called Adapt’s sunsetting “entirely expected, but frustrating.” They added:
I knew this day would come … I just didn’t think it would be so soon LOL. I’ve only had these for a little over a year and worn them about 15 times. Hopefully my current phone outlasts the shoes.
This year, we’ve reported on customers of numerous companies—including Amazon, Oral-B, and Spotify—that have disappointed early adopters of their ambitious tech-tied projects.
As we’re currently seeing with AI, corporations are eager to force technology into products that don’t necessarily need it in order to set themselves apart and make money. But this makes customers inadvertent test subjects for products that are inevitably dropped. And as customers like Reddit’s henkmanz get let down, they lose faith in such trendy products:
I’m done with products supported by apps, now. If you can’t trust a multi-billion dollar company like Nike to continue support for a sneaker, how can you trust a toaster maker [or] an automaker? I’m out. Fuck ‘em.
Enlarge/ Interior view of the Rhino Barn. Exposed fossil skeletons left in-situ for research and public viewing.
Rick E. Otto, University of Nebraska State Museum
Death was everywhere. Animal corpses littered the landscape and were mired in the local waterhole as ash swept around everything in its path. For some, death happened quickly; for others, it was slow and painful.
This was the scene in the aftermath of a supervolcanic eruption in Idaho, approximately 1,600 kilometers (900 miles) away. It was an eruption so powerful that it obliterated the volcano itself, leaving a crater 80 kilometers (50 miles) wide and spewing clouds of ash that the wind carried over long distances, killing almost everything that inhaled it. This was particularly true here, in this location in Nebraska, where animals large and small succumbed to the eruption’s deadly emissions.
Eventually, all traces of this horrific event were buried; life continued, evolved, and changed. That’s why, millions of years later in the summer of 1971, Michael Voorhies was able to enjoy another delightful day of exploring.
Finding rhinos
He was, as he had been each summer between academic years, creating a geologic map of his hometown in Nebraska. This meant going from farm to farm and asking if he could walk through the property to survey the rocks and look for fossils. “I’m basically just a kid at heart, and being a paleontologist in the summer was my idea of heaven,” Voorhies, now retired from the University of Georgia, told Ars.
What caught his eye on one particular farm was a layer of volcanic ash—something treasured by geologists and paleontologists, who use it to get the age of deposits. But as he got closer, he also noticed exposed bone. “Finding what was obviously a lower jaw which was still attached to the skull, now that was really quite interesting!” he said. “Mostly what you find are isolated bones and teeth.”
That skull belonged to a juvenile rhino. Voorhies and some of his students returned to the site to dig further, uncovering the rest of the rhino’s completely articulated remains (meaning the bones of its skeleton were connected as they would be in life). More digging produced the intact skeletons of another five or six rhinos. That was enough to get National Geographic funding for a massive excavation that took place between 1978 and 1979. Crews amassed, among numerous other animals, the remarkable total of 70 complete rhino skeletons.
To put this into perspective, most fossil sites—even spectacular locations preserving multiple animals—are composed primarily of disarticulated skeletons, puzzle pieces that paleontologists painstakingly put back together. Here, however, was something no other site had ever before produced: vast numbers of complete skeletons preserved where they died.
Realizing there was still more yet to uncover, Voorhies and others appealed to the larger Nebraska community to help preserve the area. Thanks to hard work and substantial local donations, the Ashfall Fossil Beds park opened to the public in 1991, staffed by two full-time employees.
Fossils discovered are now left in situ, meaning they remain exposed exactly where they are found, protected by a massive structure called the Hubbard Rhino Barn. Excavations are conducted within the barn at a much slower and steadier pace than those in the ’70s due in large part to the small, rotating number of seasonal employees—mostly college students—who excavate further each summer.
Enlarge/ The Rhino Barn protects the fossil bed from the elements.
Photos by Rick E. Otto, University of Nebraska State Museum
A full ecosystem
Almost 50 years of excavation and research have unveiled the story of a catastrophic event and its aftermath, which took place in a Nebraska that nobody would recognize—one where species like rhinoceros, camels, and saber-toothed deer were a common sight.
But to understand that story, we have to set the stage. The area we know today as Ashfall Fossil Beds was actually a waterhole during the Miocene, one frequented by a diversity of animals. We know this because there are fossils of those animals in a layer of sand at the very bottom of the waterhole, a layer that was not impacted by the supervolcanic eruption.
Rick Otto was one of the students who excavated fossils in 1978. He became Ashfall’s superintendent in 1991 and retired in late 2023. “There were animals dying a natural death around the Ashfall waterhole before the volcanic ash storm took place,” Otto told Ars, which explains the fossils found in that sand. After being scavenged, their bodies may have been trampled by some of the megafauna visiting the waterhole, which would have “worked those bones into the sand.”
Enlarge/ A skeleton found during 1950’s excavations at the Barman site.
Did ancient people practice equality? While stereotypes may suggest otherwise, the remains of one Neolithic society reveal evidence that both men and women, as well as locals and foreigners, were all equal in at least a critical aspect of life: what they ate.
The Neolithic saw the dawn of agriculture and animal husbandry some 6,000 years ago. In what is now Valais, Switzerland, the type and amount of food people ate was the same regardless of sex or where they had come from. Researchers led by Déborah Rosselet-Christ of the University of Geneva (UNIGE) learned this by analyzing isotopes in the bones and teeth of adults buried in what is now called the Barmaz necropolis. Based on the 49 individuals studied, people at the Barmaz site enjoyed dietary equality.
“Unlike other similar studies of Neolithic burials, the Barmaz population appears to have drawn its protein resources from a similar environment, with the same access to resources for adults, whether male or female,” the researchers said in a study recently published in the Journal of Archaeological Science: Reports.
Down to the bone
To determine whether food was equal among the people buried at Barmaz, Rosselet-Christ and her team needed to examine certain isotopes in the bones and others in the teeth. Certain types of bone either do or do not renew, allowing the content of those bones to be associated with either someone’s place of birth or what they ate in their last years.
Being able to tell whether an individual was local or foreign was done by analyzing several strontium isotopes in the enamel of their teeth. Tooth enamel is formed at a young age and does not self-renew, so isotopes found in enamel, which enter it through the food someone eats, are indicative of the environment that their food was from. This can be used to distinguish whether an individual was born somewhere or moved after the early years of their lives. If you know what the strontium ratios are at a given site, you can compare those to the ratios in tooth enamel and determine if the owner of the tooth came from that area.
While strontium in tooth enamel can give away whether someone was born in or moved to a certain location at a young age, various isotopes of carbon, nitrogen, and sulfur that also come from food told the research team what and how much people ate during the last years of their lives. Bones such as the humerus (which was the best-preserved bone in most individuals) are constantly renewed with new material. This means that the most recently deposited bone tissue was put in place rather close to death.
Something for everyone
Near the valley of the Rhone River in the Swiss Alps, the Barmaz necropolis is located in an area that was once covered in deciduous forests that villages and farmland replaced. Most of the Barmaz people are thought to be locals. The strontium isotopes found in their teeth showed that only a few had not lived in the area during the first few years of their lives, when the enamel formed, though whether other individuals moved there later in life was more difficult to determine.
Analysis of the Barmaz diet showed that it was heavy on animal protein, supplemented with some plant products such as peas and barley. The isotopes analyzed were mostly from young goats and pigs. Based on higher levels of particular carbon and nitrogen isotopes found in their bones, the researchers think these juvenile animals might not have even been weaned yet, which means that the people of this agrarian society were willing to accept less meat yield for higher quality meat.
Rosselet-Christ’s most significant find was that the same median fractions of certain carbon, nitrogen, and sulfur isotopes were found in the bones of both men and women. Whether these people were local or foreign also did not matter—the values of these isotopes in those with different strontium isotope content in their tooth enamel was also the same. It seems that all adults ate equal amounts of the same foods, which was not always the case in Neolithic societies.
“The individuals buried at Barmaz—whether male or female—appear to have lived with equal opportunities, painting a picture of a society with egalitarian reflections,” the research team said in the same study.
Other things in this society were also equal. The dead were buried the same way, with mostly the same materials, regardless of sex or if they were locals or foreigners. While a society this egalitarian is not often associated with Neolithic people, it shows that some of our ancestors believed that nobody should be left out. Maybe they were much more like us than we think.
Enlarge/ Four kerosene-fueled Reaver engines power Firefly’s Alpha rocket off the pad at Vandenberg Space Force Base, California.
Welcome to Edition 7.01 of the Rocket Report! We’re compiling this week’s report a day later than usual due to the Independence Day holiday. Ars is beginning its seventh year publishing this weekly roundup of rocket news, and there’s a lot of it this week despite the holiday here in the United States. Worldwide, there were 122 launches that flew into Earth orbit or beyond in the first half of 2024, up from 91 in the same period last year.
As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.
Firefly launches its fifth Alpha flight. Firefly Aerospace placed eight CubeSats into orbit on a mission funded by NASA on the first flight of the company’s Alpha rocket since an upper stage malfunction more than half a year ago, Space News reports. The two-stage Alpha rocket lifted off from Vandenberg Space Force Base in California late Wednesday, two days after an issue with ground equipment aborted liftoff just before engine ignition. The eight CubeSats come from NASA centers and universities for a range of educational, research, and technology demonstration missions. This was the fifth flight of Firefly’s Alpha rocket, capable of placing about a metric ton of payload into low-Earth orbit.
Anomaly resolution … This was the fifth flight of an Alpha rocket since 2021 and the fourth Alpha flight to achieve orbit. But the last Alpha launch in December failed to place its Lockheed Martin payload into the proper orbit due to a problem during the relighting of its second-stage engine. On this week’s launch, Alpha deployed its NASA-sponsored payloads after a single burn of the second stage, then completed a successful restart of the engine for a plane change maneuver. Engineers traced the problem on the last Alpha flight to a software error. (submitted by Ken the Bin)
Two companies added to DoD’s launch pool. Blue Origin and Stoke Space Technologies — neither of which has yet reached orbit — have been approved by the US Space Force to compete for future launches of small payloads, Breaking Defense reports. Blue Origin and Stoke Space join a roster of launch companies eligible to compete for launch task orders the Space Force puts up for bid through the Orbital Services Program-4 (OSP-4) contract. Under this contract, Space Systems Command buys launch services for payloads 400 pounds (180 kilograms) or greater, enabling launch from 12 to 24 months of the award of a task order. The OSP-4 contract has an “emphasis on small orbital launch capabilities and launch solutions for Tactically Responsive Space mission needs,” said Lt. Col. Steve Hendershot, chief of Space Systems Command’s small launch and targets division.
An even dozen … Blue Origin aims to launch its orbital-class New Glenn rocket for the first time as soon as late September, while Stoke Space aims to fly its Nova rocket on an orbital test flight next year. The addition of these two companies means there are 12 providers eligible to bid on OSP-4 task orders. The other companies are ABL Space Systems, Aevum, Astra, Firefly Aerospace, Northrop Grumman, Relativity Space, Rocket Lab, SpaceX, United Launch Alliance, and X-Bow. (submitted by Ken the Bin and brianrhurley)
The easiest way to keep up with Eric Berger’s space reporting is to sign up for his newsletter, we’ll collect his stories in your inbox.
Italian startup test-fires small rocket. Italian rocket builder Sidereus Space Dynamics has completed the first integrated system test of its EOS rocket, European Spaceflight reports. This test occurred Sunday, culminating in a firing of the rocket’s kerosene/liquid oxygen MR-5 main engine for approximately 11 seconds. The EOS rocket is a novel design, utilizing a single-stage-to-orbit architecture, with the reusable booster returning to Earth from orbit for recovery under a parafoil. The rocket stands less than 14 feet (4.2 meters) tall and will be capable of delivering about 29 pounds (13 kilograms) of payload to low-Earth orbit.
A lean operation … After it completes integrated testing on the ground, the company will conduct the first low-altitude EOS test flights. Founded in 2019, Sidereus has raised 6.6 million euros ($7.1 million) to fund the development of the EOS rocket. While this is a fraction of the funding other European launch startups like Isar Aerospace, MaiaSpace, and Orbex have attracted, the Sidereus’s CEO, Mattia Barbarossa, has previously stated that the company intends to “reshape spaceflight in a fraction of the time and with limited resources.” (submitted by EllPeaTea and Ken the Bin)
Just before the Fourth of July holiday, Elon Musk moved to dismiss a lawsuit alleging that he intentionally misled Twitter investors in 2022 by failing to disclose his growing stake in Twitter while tweeting about potentially starting his own social network in the weeks ahead of announcing his plan to buy Twitter.
Allegedly, Musk devised this fraudulent scheme to reduce the Twitter purchase price by $200 million, a proposed class action filed by an Oklahoma Firefighters pension fund on behalf of all Twitter investors allegedly harmed claimed. But in another court filing this week, Musk insisted that “all indications”—including those referenced in the firefighters’ complaint—”point to mistake,” not fraud.
According to Musk, evidence showed that he simply misunderstood the Securities Exchange Act when he delayed filing a Rule 13 disclosure of his nearly 10 percent ownership stake in Twitter in March 2022. Musk argued that he believed he was required to disclose this stake at the end of the year, rather than within 10 days after the month in which he amassed a 5 percent stake. He said that previously he’d only filed Rule 13 disclosures as the owner of a company—not as someone suddenly acquiring 5 percent stake.
Musk claimed that as soon as his understanding of the law was corrected—on April 1, when he’d already missed the deadline by about seven days—he promptly stopped trading and filed the disclosure on the next trading day.
“Such prompt and corrective disclosure—within seven trading days of the purported deadline—is not the stuff of a fraudulent scheme to manipulate the market,” Musk’s court filing said.
As Musk sees it, the firefighters’ suit “makes no sense” because it basically alleged that Musk always intended to disclose the supposedly fraudulent scheme, which in the context of his extraordinary wealth, barely saved him any meaningful amount of money when purchasing Twitter.
The idea that Musk “engaged in intentional securities fraud in order to save $200 million is illogical in light of Musk’s eventual $44 billion purchase of Twitter,” Musk’s court filing said. “It defies logic that Musk would commit fraud to save less than 0.5 percent of Twitter’s total purchase price, and 0.1 percent of his net worth, all while knowing that there would be ‘an inevitable day of reckoning’ when he would disclose the truth—which was always his intent.”
It’s much more likely, Musk argued, that “Musk’s acknowledgement of his tardiness is that he was expressly acknowledging a mistake, not publicly conceding a purportedly days-old fraudulent scheme.”
Arguing that all firefighters showed was “enough to adequately plead a material omission and misstatement”—which he said would not be an actionable claim under the Securities Exchange Act—Musk has asked for the lawsuit to be dismissed with prejudice. At most, Musk is guilty of neglect, his court filing said, not deception. Allegedly Musk never “had any intention of avoiding reporting requirements,” his court filing said.
The firefighters pension fund has until August 12 to defend its claims and keep the suit alive, Musk’s court filing noted. In their complaint, the fighterfighteres had asked the court to award damages covering losses, plus interest, for all Twitter shareholders determined to be “cheated out of the true value of their securities” by Musk’s alleged scheme.
Ars could not immediately reach lawyers for Musk or the firefighters pension fund for comment.