Day: July 26, 2018

Virgin Galactic has been saying for some time that it will reach outer space this year, and on Thursday it came the closest it has ever gotten. During the third powered flight of the VSS Unity vehicle, the spacecraft reached an altitude of 52km (32.3 miles), just over halfway toward the Kármán line, which generally is regarded as the beginning of space. This is the first time that Virgin Galactic has flown into the mesosphere.

The company also released a few other details about the flight, noting that the spacecraft was released from its carrier aircraft at 14.2km, that its engine burned for 42 seconds, and that the vehicle reached a maximum speed of Mach 2.7. Pilots Dave Mackay and Mike “Sooch” Masucci flew the Unity vehicle on Wednesday morning from the Mojave Air & Space Port.

“It was a thrill from start to finish,” Mackay said after the flight in a company news release. “Unity’s rocket motor performed magnificently again, and Sooch pulled off a smooth landing. This was a new altitude record for both of us in the cockpit, not to mention our mannequin in the back, and the views of Earth from the black sky were magnificent.”

Yesterday, Samsung showed off a supposedly unbreakable OLED panel for smartphones. It’s a flexible OLED with a plastic substrate, covered by a plastic cover window that allows it to bend and flex in ways that your typical glass-covered OLED panel wouldn’t be able to. Because it’s not necessarily ready to be put in your next phone, they instead tried to destroy it with a hammer to build hype.

In the video below, which has a fabulously awkward circus soundtrack and glorious graphics, the presenter bends and twists the panel before going after it with a rubber mallet. Of course, it doesn’t break because it’s not glass, bends in fun ways, and “plastic window is good.”

Will we see this type of display in the upcoming and oft-rumored Galaxy X? Who knows. This bad boy isn’t foldable like that phone is said to be, so it could instead make its way into other products first, which Samsung points out as being display consoles in cars, mobile military devices, and portable game consoles.

Now prepare yourselves, as it’s time to “start pounding the panel with the hammer!”

// Samsung

A large number of device makers is patching a serious vulnerability in the Bluetooth specification that allows attackers to intercept and tamper with data exchanged wirelessly. People who use Bluetooth to connect smartphones, computers, or other security-sensitive devices should make sure they install a fix as soon as possible.

The attack, which was disclosed in a research paper published Wednesday, is serious because it allows people to perform a man-in-the-middle attack on the connection between vulnerable devices. From there, attackers can view any exchanged data, which might include contacts stored on a device, passwords typed on a keyboard, or sensitive information used by medical, point-of-sale, or automotive equipment. Attackers could also forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website in an outright compromise of the connected phone or computer.

Not novel

Bluetooth combines Simple Secure Pairing or LE Secure Connections with principles of elliptic curve mathematics to allow devices that have never connected before to securely establish a secret key needed for encrypted communications. The attack uses a newly developed variant of what cryptographers call an invalid curve attack to exploit a major shortcoming in the Bluetooth protocol that remained unknown for more than a decade. As a result, attackers can force the devices to use a known encryption key that allows the monitoring and modifying of data wirelessly passing between them.

“This attack lets an attacker who can read and modify Bluetooth traffic during pairing force the key to be something they know,” JP Smith, a security engineer and Bluetooth security expert at security firm Trail of Bits, told Ars. “It’s not mathematically/theoretically novel at all, and it’s in fact about the simplest attack you can do on elliptic curve cryptosystems. Notably, this is a protocol-level fault, so if you implemented the Bluetooth spec out of the book (without some optional validation), you have this bug.”

The active man-in-the-middle attack that allows data to be modified works successfully on 50 percent of the pairings, with the remainder failing. A related passive attack works on 25 percent of the pairings. Attackers who don’t succeed on the first attempt are free to try on later pairings. Attacks work even when pairings require the user to type a six-digit number displayed on one device into the other one. Attacks require specialized hardware that probably wouldn’t be hard for more advanced hackers to build or obtain.

In the paper, researchers from Technion–Israel Institute of Technology write:

We would like to point out two major design flaws that make our attack possible. The first design flaw is sending both the x-coordinate and the y-coordinate during the public key exchange. This is unnecessary and highly inadvisable, since it greatly increases the attack surface, while calculating the y-coordinate from a given x-coordinate is simple.

The second major flaw is that although both coordinates of the public keys are sent during the second phase of the pairing, the protocol authenticates only the x-coordinate. We are not aware of any reason why the designers decided to leave the y-coordinate unauthenticated, other than for saving a tiny computational effort. Even though the point validity should be checked by the implementation, our attack could have also been avoided if both coordinates were authenticated.

Another less significant flaw is that in the protocol designers state that “To protect a device’s private key, a device should implement a method to prevent an attacker from retrieving useful information about the device’s private key using invalid public keys. For this purpose, a device can use one of the following methods.” In this quote, the specification uses the term “should” (as opposed to “must”). Therefore, implementors may skip the instruction as it is not mandatory for compliance with the specification.

A variety of devices and software—including those running macOS, iOS, or Android or made by LG or Huawei—have already received patches. In a FAQ, the researchers said Bluetooth from Microsoft “implements an old version of the standard, which is even less secure, rather than the broken contemporary standard.” An advisory from CERT is here.

For attacks to be successful, both of the paired devices must be vulnerable. That means as long as either one is patched, users aren’t susceptible. People who use Bluetooth to transmit sensitive data or control trusted devices should ensure they have installed patches on at least one of them. While patches are available for many mainstream devices, there are likely many more specialized ones used in hospitals, stores, and other environments that will remain unprotected for the foreseeable future. Users of these devices should check with manufacturers.

The game industry is not exactly known for valuing workers. Big studios are rife with soul-destroying crunch and end-of-project layoffs. French studio Motion Twin, developer of the Castlevania-inspired roguelike Dead Cells, is trying something different: Workers own and manage the company. There is no boss.

Motion Twin describes itself as an “anarcho-syndical workers cooperative.” What this means in practical terms is that all of its 11 workers are, in theory, equal. Same pay, same say.

“We actually just use a super basic formula: if a project finds success, people are basically paid more in bonuses, and everyone is paid the absolute same way,” said longtime Motion Twin game designer Sébastien Bénard in an email. “The devs and the artists are paid the same amount of money, and people like me who have been here for 17 years are paid the same amount as people who were recruited last year.”

It seems to be working. Motion Twin has been in business for nearly two decades, and the studio’s most recent game Dead Cells has sold more than 700,000 units on PC alone before even leaving early access.

Motion Twin’s pay and ownership system, Bénard said, constitutes “a direct challenge, not just to the exploitative practices you see at a lot of other companies, but also to tired old world corporate structures in general.” Games are team projects, after all, and Bénard believes that it’s “almost impossible” for anybody to definitively declare that their particular contribution of blood, sweat, and tears had more of an impact than anybody else’s. Bénard would not disclose the exact salary everybody at Motion Twin brings home, but said it’s “roughly the same as in other game companies” before bonuses.

Decision-making is also a team-based process, albeit one that doesn’t always require everybody to sit down at the table and argue their case. Small-scale decisions happen in Slack or around the coffee machine without too much brouhaha, Bénard said, but important strategic shifts and decisions that will impact everybody result in full team meetings. If a consensus doesn’t emerge, they take a vote. Sometimes that means people don’t get their way, and that, said Bénard, is “the tricky part.”

In other studios, most developers don’t get to leave their mark outside their designated cog in the machine, but at Motion Twin, everyone is used to having equal say. When things don’t go their way, this presents a new set of challenges. Bénard said the biggest one is “to accept that sometimes, you’ll be right and your proposals will be chosen, and sometimes, your well-intentioned super revolutionary idea will be thrown away by the team. That’s the way it works, and everyone has to accept that the resulting decisions were made by people who understood your point of view, but decided to scrap it anyway.”

That’s not to say Motion Twin doesn’t deal with other challenging elements of video game development as well. Crunch, for example, still exists at the studio, but Bénard said that everybody tries to avoid it most of the time because it leaves people broken and exhausted, and doing little to no work after the crunch. In all cases, Motion Twin relies on a strict time-tracking system so that if developers work late one day, they can leave early on another. “But that should always be an exceptional situation,” said Bénard. “Years of experience told us it’s much more important to have people working together, at the same time, in the same place, than people working at home, or late at night alone in the office.”

As with other studios, the threat of burnout looms heavy at Motion Twin too, but it’s exacerbated by the burden of responsibility that everybody carries. “Because everyone is responsible for many things at Motion Twin, your brain usually keeps ‘working at Motion Twin’ when you come back home everyday,” said Bénard.

“We spend lots of time reading articles, talking to players on Discord or Reddit, watching live streams, etc,” he said. “But you need to rest and cannot afford to be always focused on Dead Cells 24/7, and everyone in the Motion Twin faces burnout at least once because of our system.”

The solution? Bénard says that lately the studio has gotten good about just telling people who seem to be on the verge of burnout to go home. The company puts an emphasis on employees being happy and driven, and burnout risks stripping away both those crucial qualities forever. “It’s obviously better to lose a few work hours than a colleague,” said Bénard. “There’s absolutely no discussion about that.”

There’s a caveat to all of this, though: Motion Twin is a relatively small studio. It’s ballooned up before, but under all the specific constraints of Motion Twin’s structure, the balloon went pop.

“Years ago, we did grow a lot, but this wasn’t a great experience,” Bénard said. “We lost much of what made Motion Twin a nice company to work in, and during the process, many people lost this important motivation and focus that worked for us. I think it requires quite a clever structure to go beyond 15 people with a similar equitable design, because you’ll need innovative systems to keep everyone involved.”

Bénard isn’t sure that’s such a bad thing, though. “Passionate workers can do much more in a few work hours than any dev forced to work on weekends or late at night,” he said. “We were able to achieve much more being eight people than when we were 20+, so we plan to stay below the 15-person limit.”

He hopes, though, that if nothing else, Motion Twin’s mentality toward work in the gaming industry becomes the norm, rather than an exception, in the coming years.

“We will probably ‘joke’ about game industry work conditions in a few years,” he said, “because it’s just obviously ridiculous and inefficient. People are simply not disposable resources.”