Google is playing a busy game of bug Whack-A-Mole to keep Chrome safe!

Oops, They Did It Again: The Great Chrome Bug Squashing Extravaganza!

Welcome back to the wild, wacky, and sometimes slightly terrifying world of the World Wide Web! If you’ve been clicking around the internet lately, you might have noticed that your trusty sidekick, Google Chrome, has been acting a little bit like a housecat that accidentally swallowed a bumblebee. It turns out, our favorite shiny browser has been playing a high-stakes game of hide-and-seek with some digital gremlins. And not just once, not twice, but three times in a single month! It’s like a summer blockbuster movie where the monsters just keep coming back for the sequel before the first one is even out of theaters.

Now, don’t panic and throw your laptop into the nearest swimming pool just yet. In the tech world, we call these little surprises "zero-day vulnerabilities." It sounds like something out of a spy thriller, doesn't it? "Zero-Day: The Reckoning." But in reality, a zero-day just means that the clever folks who build the browser found a hole in the digital fence at the exact same time—or sometimes slightly after—the naughty hackers found it. It’s a race against the clock where the prize isn't a gold medal, but rather making sure your private data doesn't end up on a billboard in the middle of nowhere.

Imagine your browser is a giant, majestic castle. You’ve got high walls, a deep moat filled with digital alligators, and a shiny gate. Usually, this keeps all the internet ruffians out while you’re busy looking at pictures of capybaras or shopping for neon-colored socks. But every now and then, a sneaky little termite finds a tiny crack in the foundation. This month, it seems the termites have been particularly busy, finding three separate secret tunnels into the castle. It’s like a digital game of Whac-A-Mole, where Google’s engineers are the ones holding the big foam hammers.

So, what exactly is happening behind the scenes? Well, the digital wizards at Google HQ have been working overtime, fueled by gallons of coffee and probably some very high-quality snacks. When a third major bug popped up recently, they didn't just sit around and sigh. They leaped into action, coding at lightning speed to brew up a magical potion—otherwise known as a security patch. This patch is essentially a very high-tech band-aid that covers up the hole and tells the hackers, "Not today, friends! Move along!"

You might be wondering why this is happening so much lately. Is the internet getting scarier? Are the browsers getting tired? Not exactly. It’s more like a game of cat and mouse that has evolved into a game of cyborg-cat and laser-mouse. As our browsers become more powerful and capable of doing incredible things—like running 3D games or managing your entire life—they also become more complex. And in the world of code, complexity is like a big, beautiful mansion with a thousand windows; occasionally, someone is going to forget to lock one of them.

The good news is that you, the brave internet explorer, have a superpower. It’s a small, unassuming button that often pops up in the top right corner of your screen. It’s the "Update" button! Clicking that button is like giving your browser a suit of shiny new armor and a fresh sword. When you see that little green, orange, or red circle pleading for your attention, don't ignore it. It’s not just Chrome trying to be annoying; it’s Chrome asking for a quick nap and a makeover so it can keep protecting you from the spooky stuff lurking in the shadows of the web.

When you hit that update button, the browser does a quick "relaunch." It’s like a digital "Etch A Sketch"—it shakes everything up, clears out the cobwebs, and starts fresh with all the newest defenses. It only takes a few seconds, which is a small price to pay for the peace of mind that comes with knowing your digital castle is secure once again. Think of it as a spa day for your software. It comes back refreshed, rejuvenated, and ready to tackle another million tabs of research, shopping, and cat videos.

While the engineers are busy playing defense, it's a good reminder for all of us to stay sharp. The internet is a wonderful place, but it's always good to have your wits about you. Beyond just keeping your browser updated, remember to keep your passwords unique—no, "password123" is not a fortress—and maybe don't click on links that promise you’ve won a free private island from a long-lost cousin you’ve never heard of. A little bit of common sense goes a long way in keeping the digital gremlins at bay.

In the end, the fact that these bugs are being found and fixed so quickly is actually a good sign. It means the people who build our tools are watching over us like digital guardian angels. They are constantly scanning for trouble, even when we’re sound asleep. So, let's raise a metaphorical glass to the bug hunters, the code-smiths, and the security experts who keep the internet spinning. And remember, the next time you see that update notification, give it a click. Your browser will thank you, your data will thank you, and those sneaky digital termites will have to go find somewhere else to hang out!

Stay safe, stay curious, and keep those browsers shiny and chrome!

Diplomacy, not sanctions, are needed tackle state cyberespionage

More jaw jaw, less war war. Ad Meskens, CC BY-SA

The war of words between China, Russia and the US has escalated recently with the White House declaring its intention to apply sanctions in response to what the US sees as state-sponsored cyberattacks from the east.

So far in 2015, Russia been implicated in hacks of the IRS, the the White House, the Joint Chiefs, and the State Department.

China has been named the culprit for the hack of the Office of Personnel Management, which stole the personal records of nearly 21m US citizens. The two countries are now reportedly working together in the difficult work of deciphering the raw data from these hacks.

The proposed sanctions may target individuals and corporations – some of whom are likely to be close to the governments of both countries – for their role. The problem with confronting Russian moves in cyberspace is that using the tool of economic sanctions is virtually toothless and ineffective given what we know about Russia and sanctions. China may be an entirely different story, given its current economic problems and high interconnectedness with the global economy, but Russia stands better able to defy Western sanctions. The declining price of oil has hurt more than sanctions ever could, and Russia is not central to the global economy.

Russia is already in decline and confronting Russia’s leadership now will demand a response. With the continuing stalemate in the civil war in Ukraine, Russia has backed itself into a corner and has no easy way out. It has already been sanctioned for its actions in Ukraine, which include arming the separatists and sending in Russian regulars to fight alongside the rebels in Donbas. Yet these sanctions have only emboldened the Kremlin to see the conflict through to the very end and made Vladimir Putin more popular at home for his tough stance against the West.

So with this in mind, what good would sanctioning Moscow again for hacking computer networks do? Sanctions are an ineffective tool to deal with cyberspace disputes. They do not go to the root of the problem, which lies in nature of espionage and the oversights or weaknesses in securing our own networks. The fact that many government networks are still using 14-year-old Windows XP suggests that much of the blame lies with our own governments’ ineptitude. Huge vulnerabilities such as these are invitations to hackers of any sort. We should shore up our defence before finding a way to respond, to do otherwise is premature.

Espionage vs cyberespionage - tactics are different, but the game is the same. NSA

Bring everyone into the tent

Why do sanctions often fail, especially if against individuals and companies? To have any effect sanctions must be comprehensive, giving those sanctioned no other avenues to access the resources they’re denied. When sanctions are targeted and unilateral, this can be hard to achieve. It has been over a year since the Department of Justice indicted five People’s Liberation Army officers for cyber-espionage, yet China continues its campaigns against US networks.

Sanctioning Russian individuals or companies would not stop Moscow from continuing to exploit the continued vulnerabilities found in US networks without the support of the entire international community and a willingness to target the entire country. Of course, reaching international agreements is complicated by the fact that the US is also a major player in the game of international cyber-espionage, and Russia and China feel that if their cyberspace is violated by the US then they are justified in responding.

The cyberspace domain has existed for more than 25 years: these are not new threats or methods of attack – and confronting these problems with traditional sanctions fails to recognise their limitations when applied to this domain. Two steps are needed to confront Russia: achieve a workable framework for stability in Ukraine and develop rules and norms in cyberspace to regulate the constant violations that are considered part of spycraft.

There is evidence that we have done much to develop a system that might work for China. Just recently, senior Chinese and US officials have held talks to discuss cybersecurity issues ahead of Chinese president Xi Jinping’s official visit to Washington. But Russia is often left out of the picture. Russia must be brought into the international community and participate in developing a system of regulation for cyberspace. Russia should be included in the process of considering what cyber-laws might be, but currently this is impossible as this effort is centred in Tallinn, Estonia, which left post-Cold War Russia for NATO.

This is not a call for greater respect of Russia, but a call to respect every stakeholder in the international system as we try to figure out what is allowed in world of constant cyber-threats. Excluding a major state actor only insures they will do what they can to undermine any new framework.

Escalation is not the answer. Sanctions are weak and ineffective. They make us feel like something is being done even though the moves are generally regressive and target innocent civilians. “Smart sanctions” are just a buzzword. Those that feel the need to apply sanctions need to face up to their own inefficiencies in defence, their inadequacy of offence, and the weakness of any sanctions regime in achieving their aims.

There are no quick fixes, only concerted action by the entire international community will establish the rules for the cyberspace world.

Apple's iPad Pro looks good, but who needs a phone with a 13" screen?

Monica Davey/EPA

Apple’s annual September keynote as usual brings hardware changes, software updates and the occasional surprise.

Rumours of a larger iPad Pro were proved true: the significantly larger 12.9 inch iPad with upgraded ARM A9X processor and faster graphics and internal components is being sold as a device on which desktop-class applications could run.

This is supported with a stylus and keyboard (sold separately in typical Apple fashion) that essentially converts the iPad Pro into a laptop. The stylus, dubbed Apple Pencil, has provoked comment as Steve Jobs had expressed his distaste for them in the past. The Pencil features hand writing recognition software, and improvements to iOS finally allow multitasking by splitting the screen between two apps.

However, with prices starting at an eye-watering US$799, there will be many who think that this won’t light a fire under tablet sales, which have been flat. For example, Amazon has taken the opposite approach, aiming for the bottom end of the market with a US$50 tablet subsidised by purchases made through Amazon’s services.

There may be iPad sales in education, and in retail where they are often used as point of sale devices, but in business the iPad faces considerable competition. For example, the iPad Pro bears an uncanny similarity to Microsoft’s own convertible tablet/laptop device, the Surface Pro, in cost and size and style. But the big difference is that Surface comes with a full operating system, Windows 10: few will take Apple’s claims that the iPad Pro can run desktop-class applications for professional use while it’s running the stripped-down iOS operating system originally designed for phones, instead of the full OS X as found on Macbooks and iMacs.

Microsoft’s Surface Pro tablet, keyboard and stylus combo. Microsoft

Apple’s iPad Pro - spot the similarity? Beck Diefenbach/Reuters

 

 

 

 

 

A surprise was the appearance of Microsoft staff on stage to demonstrate Microsoft Office apps running on the iPad – something greeted with a stunned silence in the auditorium. Microsoft Office has been updated to support the stylus, and the invitation to appear at such a high-profile Apple event shows the extent to which Microsoft has been pouring money and effort into ensuring its software suites are cross-platform, rather than tied to Microsoft Windows. Another visitor to the stage was Adobe, whose reps showed off new design tools with the stylus – which all suggests an outbreak of corporate peace between the firms.

Pushing Apple TV into the home

The Apple TV finally gets a long-awaited upgrade, a wait during which many competing devices have appeared such as NOW TV, Roku, or Google’s Chromecast. Originally classified as a “media extender”, Steve Jobs called the Apple TV a “hobby” when introduced in 2007, but with this update Apple has refreshed the device, reorienting it to support the app ecosystem that has thrived elsewhere.

The new Apple TV features a new operating system tvOS, making use of the extensive iPhone/iPad developer tools and software already available. Boasting a much higher hardware specification, the Apple TV now runs apps and games, provides a new interface and a touch-enabled remote that can also process audio commands through the Siri digital assistant voice recognition system. With this a user can use their voice to search for content across multiple television networks.

It should be easy to port existing iPad/iPhone applications to the TV, bringing an unparalleled range of services compared to the competition. The surge in streaming services from Amazon and Netflix has sidelined Apple to some extent, so it will be interesting to see whether reorienting the device around apps will increase Apple’s footprint in this space. Sony and Microsoft should be worried that the massive back catalogue of iOS games can now be used in the living room through Apple TV. Prices start from US$149, available from October.

Phone and Watch

An update to the Watch, dubbed WatchOS2, arrives later this month and features updated accessories, colours and straps. The update will give apps direct access to the hardware, allowing developers to write full native applications for that are more independent of the iPhone, to which the Watch has so far played second fiddle.

The iPhone 6S and iPhone 6SPlus are unchanged externally, but Apple claims internal upgrades including a 12 megapixel capable camera, faster A9 processor and a Force Touch capable screen, which responds to varying degrees of pressure. This is still a new tech, for which capable software has yet to be written.

Finally, as signalled in the developer conference earlier in the year, owners of older devices will get access to new features when iOS 9 is launched very soon. An incremental upgrade, nevertheless it offers features many users have been calling for and will provide a significant increase in speed and features for older devices.

It’s unlikely these changes will lead to the extraordinary sales achieved with the larger iPhones last year, so it may provide an opportunity for other manufacturers to play catch-up – improving their hardware and services which Apple has always claimed is what differentiates them from the competition in a crowded market.

Apple's iPad Pro looks good, but who needs a phone with a 13" screen?

Monica Davey/EPA

Apple’s annual September keynote as usual brings hardware changes, software updates and the occasional surprise.

Rumours of a larger iPad Pro were proved true: the significantly larger 12.9 inch iPad with upgraded ARM A9X processor and faster graphics and internal components is being sold as a device on which desktop-class applications could run.

This is supported with a stylus and keyboard (sold separately in typical Apple fashion) that essentially converts the iPad Pro into a laptop. The stylus, dubbed Apple Pencil, has provoked comment as Steve Jobs had expressed his distaste for them in the past. The Pencil features hand writing recognition software, and improvements to iOS finally allow multitasking by splitting the screen between two apps.

However, with prices starting at an eye-watering US$799, there will be many who think that this won’t light a fire under tablet sales, which have been flat. For example, Amazon have taken the opposite approach, aiming for the bottom end of the market with a US$50 tablet subsidised by purchases made through Amazon’s services.

There may be iPad sales in education, and in retail where they are often used as point of sale devices, but in business the iPad faces considerable competition. For example, the iPad Pro bears an uncanny similarity to Microsoft’s own convertible tablet/laptop device, the Surface Pro, in cost and size and style. But the big difference is that Surface comes with a full operating system, Windows 10: few will take Apple’s claims that the iPad Pro can run desktop-class applications for professional use while it’s running the stripped-down iOS operating system originally designed for phones, instead of the full OS X as found on Macbooks and iMacs.

Microsoft’s Surface Pro tablet, keyboard and stylus combo. Microsoft

Apple’s iPad Pro - spot the similarity? Beck Diefenbach/Reuters

 

 

 

 

 

A surprise was the appearance of Microsoft staff on stage to demonstrate Microsoft Office apps running on the iPad – something greeted with a stunned silence in the auditorium. Microsoft Office has been updated to support the stylus, and the invitation to appear at such a high-profile Apple event shows the extent to which Microsoft has been pouring money and effort into ensuring its software suites are cross-platform, rather than tied to Microsoft Windows. Another visitor to the stage was Adobe, whose reps showed off new design tools with the stylus – which all suggests an outbreak of corporate peace between the firms.

Pushing Apple TV into the home

The Apple TV finally gets a long-awaited upgrade, a wait during which many competing devices have appeared such as NOW TV, Roku, or Google’s Chromecast. Originally classified as a “media extender”, Steve Jobs called the Apple TV a “hobby” when introduced in 2007, but with this update Apple has refreshed the device, reorienting it to support the app ecosystem that has thrived elsewhere.

The new Apple TV features a new operating system tvOS, making use of the extensive iPhone/iPad developer tools and software already available. Boasting a much higher hardware specification, the Apple TV now runs apps and games, provides a new interface and a touch-enabled remote that can also process audio commands through the Siri digital assistant voice recognition system. With this a user can use their voice to search for content across multiple television networks.

It should be easy to port existing iPad/iPhone applications to the TV, bringing an unparalleled range of services compared to the competition. The surge in streaming services from Amazon and Netflix has sidelined Apple to some extent, so it will be interesting to see whether reorienting the device around apps will increase Apple’s footprint in this space. Sony and Microsoft should be worried that the massive back catalogue of iOS games can now be used in the living room through Apple TV. Prices start from US$149, available from October.

Phone and Watch

An update to the Watch, dubbed WatchOS2, arrives later this month and features updated accessories, colours and straps. The update will give apps direct access to the hardware, allowing developers to write full native applications for that are more independent of the iPhone, to which the Watch has so far played second fiddle.

The iPhone 6S and iPhone 6SPlus are unchanged externally, but Apple claims internal upgrades including a 12 megapixel capable camera, faster A9 processor and a Force Touch capable screen, which responds to varying degrees of pressure. This is still a new tech, for which capable software has yet to be written.

Finally, as signalled in the developer conference earlier in the year, owners of older devices will get access to new features when iOS 9 is launched very soon. An incremental upgrade, nevertheless it offers features many users have been calling for and will provide a significant increase in speed and features for older devices.

It’s unlikely these changes will lead to the extraordinary sales achieved with the larger iPhones last year, so it may provide an opportunity for other manufacturers to play catch-up – improving their hardware and services which Apple has always claimed is what differentiates them from the competition in a crowded market.

Six amazing sights that look even better from the International Space Station

Hurricane Arthur photographed by ESA astronaut Alexander Gerst. ESA/NASA

Imagine seeing the lights of cities spreading around the Nile Delta and then in less than an hour gazing down on Mount Everest. The astronauts on the International Space Station (ISS) are among the lucky few who will have this humbling, once-in-a-lifetime experience of seeing the beauty of Earth from space.

The ISS doesn’t just offer spectacular and countless views of the natural and man-made landscapes of our planet. It also immerses its residents into the Earth’s space environment and reveals how dynamic its atmosphere is, from its lower layers to its protective magnetic shield, constantly swept by the solar wind.

The best views are seen from the Cupola, an observation deck module attached to the ISS in 2010 and comprising seven windows. So, what are the amazing sights that you can see from the space station?

1. Storms and lightning

When the ISS orbits over a sea of thunderclouds, it’s not rare for astronauts to witness an impressive amount of lightning. What is unusual, however, is seeing lightning sprites, which were observed on August 10th by astronauts aboard the space station.

ISS astronauts spotted a sprite (the red jellyfish-like structure on the right of the image) appearing above thunder clouds on August 10, 2015 NASA

Sprites are electrical discharges, similar to thunder lights. However, instead of occurring in the lower layer of Earth’s atmosphere, these very fast, red-coloured discharges (due to the excited nitrogen at this altitude) occur much higher up and are as such difficult to observe from the ground.

2. Sunrises and sunsets

Sunset over the Indian Ocean. NASA/ESA/G Bacon

With the ISS orbiting the Earth every 90 minutes, astronauts can see the Sun rise and set around 16 times every 24 hours. The dramatic views from the station display a rainbow-like horizon as the Sun appears and disappears beyond the horizon.

Swiftly flow the days

The changes in colour are due to the angle of the solar rays and their scattering in the Earth’s atmosphere. If similar jaw-dropping views can be seen from Earth, seeing our mother planet lit up in the rising Sun certainly adds to the intensity of the picture.

3. Stars and the Milky Way

Amazing sightings of distant astronomical objects as seen from the space shuttle

From the ground, atmospheric conditions and light pollution affect our ability to see stars and other celestial bodies. As light travels through layers of hot and cold air, the bending of its rays render a flickering image of these distant objects, while atmospheric particles such as dust prevent from seeing fainter objects such as nebulae and galaxies. The lack of an atmosphere at the orbiting altitude of the ISS allows the residents on the space station to see the stars, the Milky Way and other astronomical features with much greater clarity than is possible on Earth.

4. Meteor showers

The disintegration of a Perseid meteor photographed in August 2011 from the ISS. NASA

Astronauts aboard the ISS can also witness the disintegration of meteoroids in the Earth’s atmosphere. Those small bodies are fragments detached from celestial bodies such as asteroids and comets. As they enter in the Earth’s atmosphere at great speed, the heat due to the body interaction with air rapidly destroys them. Whereas the chance of seeing them from the ground is very much weather dependent, being on the ISS guarantees the best seats to watch these shooting stars flaming across our planet’s sky.

5. Auroras

Also known as northern and southern lights, auroras are created when solar storms, consisting of large magnetised clouds of energetic particles launched from the sun, or strong solar wind, interact with the Earth’s magnetic shield. Upon collision with the Earth, these solar streams energise particles within the planet’s magnetic shield.

Time lapses showing the ISS travelling through auroras

When they enter the upper layer of the Earth’s atmosphere, these energetic particles excite nitrogen and oxygen atoms present at these altitudes. Then when they return from their excited state, these atoms emit light of different colours indicative of the amount of energy they absorbed. This typically produces green and red, ribbon-like curtains.

6. Cosmic rays

Galactic cosmic rays aren’t really a phenomenon you can see. These energetic sub-atomic particles come from intense astronomical sources such as exploding stars or black holes. If they pass into the body they can damage tissue and break DNA, causing various diseases over the course of time.

Most cosmic rays do not penetrate in the thick atmosphere of the Earth. Since the ISS sits outside this protected zone, its astronauts are much more likely to be struck by the particles. Astronauts regularly see flashes of light when they close their eyes, which is thought to be caused by cosmic rays interacting with body parts that play role in vision, such as the optic nerve or visual centres in the brain.

Solar storms, which have a strong magnetic structure, act as a shield against cosmic rays. A solar storm passing by the Earth can be indirectly witnessed by astronauts aboard the ISS via a drop in the count of cosmic rays, also known as the “Forbush decrease”. What a sensation it must be to “feel” a storm passing by the Earth’s system.

Windows 95 turns 20 – and new ways of interacting show up desktop's age

Windows 95 and DOS6: actual museum pieces. m01229, CC BY

The arrival of Microsoft Windows 95 on August 24 1995 brought about a desktop PC boom. With an easier and more intuitive graphical user interface than previous versions it appealed to more than just business, and Bill Gates’ stated aim of one PC per person per desk was set in motion. This was a time of 320Mb hard drives, 8Mb RAM and 15” inch CRT monitors. For most home users, the internet had only just arrived.

Windows 95 introduced the start menu, powered by a button in the bottom-left corner of the desktop. This gives a central point of entry into menus from which to choose commands and applications. The simplicity of this menu enables users to easily find commonly used documents and applications. All subsequent versions of Windows have kept this menu, with the notable exception of Windows 8, a change which prompted an enormous backlash.

We take these intuitive graphic interfaces for granted today, but earlier operating systems such as DOS and CP/M allowed the user to interact using only typed text commands. This all changed in the 1970s, with Ivan Sutherland’s work with Sketchpad and the use of lightpens to control CRT displays, Douglas Engelbart’s development of the computer mouse, and the Xerox PARC research team’s creation of the Windows Icon Menu Pointer graphical interfaces paradigm (WIMP) – the combination of mouse pointer, window and icons that remains standard to this day. By the early 1980s, Apple had developed graphical operating systems for its Lisa (released 1983) and Macintosh (1984) computers, and Microsoft had released Windows (1985).

DOS - these were not good old days. Krzysztof Burghardt

Imagining a desktop

All these interfaces rely on the central idea of the desktop, a comprehensible metaphor for a computer. We work with information in files and organise them in folders, remove unwanted information to the trash can, and note something of interest with a bookmark.

Metaphors are useful. They enable users to grasp concepts faster, but rely on the metaphor remaining comprehensible to the user and useful for the designer and programmer putting it into effect – without stretching it beyond belief. The advantage is that the pictures used to represent functions (icons) look similar to those in the workplace, and so the metaphor is readily understandable.

Breaking windows

But 20 years after Windows 95, the world has changed. We have smartphones and smart televisions, we use the internet prolifically for practically everything. Touchscreens are now almost more ubiquitous than the classic mouse-driven interface approach, and screen resolution is so high individual pixels can be difficult to see. We still have Windows, but things are changing. Indeed, they need to change.

The desktop metaphor has been the metaphor of choice for so long, and this ubiquity has helped computers find a place within households as a common, familiar tool rather than as specialist, computerised equipment. But is it still appropriate? After all, few of us sit in an office today with paper-strewn desks; books are read on a tablet or phone rather than hard-copies; printing emails is discouraged; most type their own letters and write their own emails; files are electronic not physical; we search the internet for information rather than flick through reference books; and increasingly the categorisation and organisation of data has taken second place to granular search.

Mouse-driven interfaces rely on a single point of input, but we’re increasingly seeing touch-based interfaces that accept swipes, touches and shakes in various combinations. We are moving away from the dictatorship of the mouse pointer. Dual-finger scrolling and pinch-to-zoom are new emerging metaphors – natural user interfaces (NUI) rather than graphical user interfaces.

What does the next 20 years hold?

It’s hard to tell but one thing that is certain is that interfaces will make use of more human senses to display information and to control the computer. Interfaces will become more transparent, more intuitive and less set around items such as boxes, arrows or icons. Human gestures will be more commonplace. And such interfaces will be incorporated into technology throughout the world, through virtual reality and augmented reality.

These interfaces will be appear and feel more natural. Some suitable devices already exist, such as ShiverPad, that provide shear forces on surfaces that provide a frictional feel to touch devices. Or Geomagic’s Touch X (formerly the Sensible Phantom Desktop) that delivers three-dimensional forces to make 3D objects feel solid.

Airborne haptics are another promising technology that develop tactile interfaces in mid-air. Through ultrasound, users can feel acoustic radiation fields that emanate from devices, without needing to touch any physical surface. Videogame manufacturers have led the way with these interfaces, including the Microsoft Kinect and Hololens that allow users to use body gestures to control the interface, or with their eyes through head-mounted displays.

Once interaction with a computer or device can be commanded using natural gestures, movements of the body or spoken commands, the necessity for the Windows-based metaphor of computer interaction begins to look dated – as old as it is.

Why there must be freedom to publish flaws and security vulnerabilities

It's not just the badge that gets nicked. tedits, CC BY-ND

Two academics have been given permission to publish their security research which reveals vulnerabilities in a wireless car locking system. It comes two years after Volkswagen, one of the manufacturers using it, won a court injunction banning publication.

Despite a court order in its favour, Volkswagen has now allowed the report to be republished with only minor redactions. However the case reveals the tension between security researchers and software firms, or in this case the software used by car manufacturers. While some firms such as Facebook, Google and Microsoft offer financial rewards for those finding bugs, others such as Fiat Chrysler assert that such activity is criminal or as Volkswagen did, take it to the courts – while failing to address the highlighted problems that expose their customers to risks.

The car industry may feel bullied just now, but Volkswagen’s approach of using the courts to try to keep information about a key flaw under wraps is the equivalent of sticking your fingers in your ears and hoping everything will turn out well. This is a serious issue, one that is too important for the brute force of court rulings. In any case, the internet has little respect for national boundaries or court jurisdictions, and the information was available online regardless of the court’s ruling.

Knock knock, come in

The Megamos transponder wireless key. Verdult/Ege/Garcia

The encryption used in the Swiss-made Megamos transponder is so weak that an intruder needs only listen to two messages transmitted from the fob in order to crack the key. The vulnerability relates to the poor, proprietary cryptographic methods used by the device, where the researchers found they could generate the transponder’s 96-bit secret key and start the car in less than half an hour.

This vulnerability has been well known since 2012, and code to exploit the flaw has circulated online since 2009. Yet there has been no product recall of the dozens of models from Audi, Porsche, Bentley and Lamborghini, Nissan and Volvo it affects, and no patches released to fix its problems.

Vulnerable wireless keys are a growing problem. It is reported that 42% of all car break-ins in London were related to various wireless key access systems, particularly for high-value cars from BMW and Audi.

For example, the RollJam device can be bought online for £20 and opens many well-known brands of cars – it “jams” the wireless signal twice when the user uses their key, and then is able to grab the access code for the car. It also opens most garage doors and disables some alarm systems.

A universal canopener, the RollJam device opens cars easily. RollJam

Academic freedom vs industry interests

The researchers who have now been permitted to publish, Roel Verdult and Barıs Ege of Radboud University in the Netherlands and Flavoi D Garcia of the University of Birmingham, approached the manufacturer in May 2012, explaining that they intended to present their findings at the USENIX 2013 conference, giving the manufacturer plenty of time to produce a fix for the problem. Instead Volkswagen used the courts to block publication of the paper, pitting the prevention of the potential insecurity of Volkswagen cars against the freedom of academic publishing.

The scope of the patching required to fix Megamos’ problems would be enormous, as there is no simple update to replace the weak propriety cryptography at the heart of the problem. Clearly this was an incentive for Volkswagen to seek an injunction, but doing so hasn’t made the vehicles any more secure, nor has it prevented the information circulating on the internet.

Table of models affected (bold indicates models the researchers tested). Verdult/Ege/Garcia

Other manufacturers have been stung too – Ford recalled 433,000 Focus, C-MAX and Escape vehicles due to a software bug where drivers could not switch off their engines. And recently a security researcher showed how BMW cars could be breached by sending commands that told the cars to open their doors and lower their windows, leading BMW to issue a patch for over 2m BMW, Mini and Rolls-Royce vehicles.

But this case was avoidable: the Megamos vulnerability was one of poor design and implementation – using poor-quality, home-brewed encryption instead of one of the many common standards that would have proved far more impenetrable. This should have been reviewed as part of the due diligence process in evaluating the designs. Were they published, someone in the industry could have pointed out their flaws. Yet it’s this same process of research, publication and evaluation common in academia that Volkswagen tried to prevent.

This a sorry tale of responsible disclosure by academics followed by a gagging order, and ultimately for the problem to go unfixed. Unless the car industry takes this problem seriously, designs and tests systems properly before release then they will be weighed down by the costs of recall and repair and fines from regulators.

While some hunt vulnerabilities for glory, the researchers in this case were responsible and gave the companies involved a good amount of time to deal the problem before the paper was due to be published. While many in cryptography have faced pressures not to publish, such as government efforts to suppress Ron Rivest’s work on public key encryption, academic freedom to publish and review responsibly is a key part of how mistakes are discovered and how knowledge progresses.

Four problems the revamped Google should tackle now it's free to innovate

Reuters/Steve Marcus

Google is seen as a world leader in innovation, an important backer of tech start-ups and a pioneer in all our futures. The corporation, which is financially the size of a mid-range country, just reorganised its structure so that it can continue to invest in experimental technologies – such as drones, driverless cars and unusual medical devices – without worrying shareholders.

But many of Google’s current publicly reported innovations seem to be aimed at encouraging us to spend even more time connected to the internet. They are “technology-push” innovations, products that require the creation of a new market because there isn’t an obvious existing demand. Google Glass, the wearable optical computer that has now been discontinued is a good example. It didn’t appear to be rooted enough in a genuinely understood need.

On the other side there are “need-pull” innovations that respond to existing needs and are the result of humble enquiry. Developments by Google in security devices, and modular smart phones all appear, on the surface to meet needs. But are they the genuine result of humble enquiry?

The problem with Google’s moonshots is that they are fired at the Moon. And there’s no one on the Moon (not yet anyway). Many real needs are social, cultural and environmental, not rooted only in a hunger for the next wearable gizmo. Here are some real-need challenges that Google could put its mighty innovation machine to work tackling and improve the world in the process.

Digital dealmaker Shutterstock

1. Making money more secure

In a world of identity theft and online fraud, there is a huge need for more secure ways to transfer money and carry out transactions. Various ways to simply move money around, for example between smartphones, are emerging but other innovations could vastly improve security. “Smart contract” programs could ensure both parties stick to their side of a deal. For example, if you buy something online then a smart contract could take the money from your bank account only when it receives notification from the delivery company the product has arrived.

Virtual or cryptocurrencies such as Bitcoin are starting to incorporate such technology but these systems still carry suspicion due to their use by black markets. Google has so far just hovered around the edges of Bitcoin but it has the opportunity to lead development and help make the technology mainstream.

To do so, however, it may also have to fundamentally rethink its approach to privacy, which is an inherent part of Bitcoin but largely absent from the way Google currently operates thanks to its widespread data-gathering operation.

Online jungle. Shutterstock

2. Creating a safer online world

Google’s Project Vault will give us a digital safe in which to securely store our smartphone’s personal data and messages. Another useful gadget no doubt. But instead of developing security devices and making gadgets less stealable, I’d like to see Google support us in becoming more secure in ourselves.

Existing innovations came about as a reaction to the insecurities of a hacked world. But there are opportunities not only for creating new digital safes and padlocks, alarms and security guards but also to begin an exploration of how to create preventive and naturally safe virtual and physical environments. These environments would be less about protection and defence and more about assurance and trust.

The new windows Shutterstock

3. Making technology less intrusive

Smartphones are constantly diverting our attention from the real world. Integrating technology more seamlessly into our lives could free us from their grip. Wearable technology and smart clothing could be one way of doing this, but better would be technologies that rely on and develop our tactile relationships with the world and each other.

This may well involve finally dispensing with the “screen” and the gadget as the required focus of our attention. A big question is how can Google create technology that doesn’t require us to “look”, instead of having us squint at screens of different sizes, flashing us into trance states and harming our eyesight.

Some experiments in less noticeable technology may involve an initial intrusion, for example, digital implants for communication, enhancing our senses or even curing physical conditions. But it is not guaranteed people will want to become cyborgs. A big opportunity is to create technologies that arise and pass away as needed, that are temporary, emergent and that enter our lives when we truly need them and leave when we don’t.

Flying turbines Makani/Google

4. Changing the way we produce energy

Energy is one of the biggest challenges for the whole planet. What if Google turned its weighty innovation might towards generating truly clean energy? Others in Silicon Valley have already started making inroads into the energy sector – see this gadget that allows consumers to access solar energy through smart tech, without buying expensive panels. Electric vehicle and battery technology such as Tesla is making also continues to grow and innovate.

But country-sized corporations such as Google could do even more (perhaps they are behind closed doors). There are some crazy-sounding, alternative forms of energy emerging that might just work. Solar roads, sewage waste and even high altitude wind energy might benefit from some Google kickstart resource (the latter just has). Ok, Google! While you are up high in the sky, installing wifi balloons, why not harness some free energy for us all?

Auto industry must tackle its software problems to stop hacks as cars go online

Not what anyone wants to see while driving. Bill Buchanan, Author provided

Many companies producing software employ people as penetration testers, whose job it is to find security holes before others with less pure motives get a chance. This is especially common in the finance sector, but following the recent demonstration of a drive-by hack on a Jeep, and parent company’s Fiat Chrysler’s huge recall of 1.4m vehicles for security testing, perhaps it’s time the auto industry followed its lead.

The growing number of software vulnerabilities discovered in cars has led to calls for the US Federal Trade Commission and National Highway Traffic Safety Administration to impose security standards on manufacturers for software in their cars. Cars are likely to require a software security rating so consumers can judge how hack-proof they are.

In the past, cars have generally avoided any form of network connectivity, but now consumers want internet access to stream music or use apps such as maps. If a car has a public IP address then, just as with any computer or device attached to the internet, a malicious intruder can be potentially connect to and hijack it – just as the Jeep hack demonstrated.

Andy Davis, a researcher from NCC Group, has shown that it may be possible to create a fake digital radio (DAB) station in order to download malicious data to a car when it tries to connect. While the Jeep hack was performed on a running car, the NCC Group researchers demonstrated that an off-road vehicle could be compromised, including taking control of steering and brakes. As the malicious data was distributed through a broadcast radio signal, it could even result in a nightmare situation where many cars could be compromised and controlled at the same time. More details on how the hack works will be revealed at the Black Hat conference this summer.

Tuning into the wrong station could give you more than you bargained for. Bill Buchanan, Author provided

More devices, more bugs, more problems

In the last few weeks Ford has recalled 433,000 of this year’s Focus, C-MAX and Escape models because of a software bug which leaves drivers unable to switch off their engine, even when the ignition key is removed. Recently, it was shown that BMW cars would respond to commands sent to open their doors and lower their windows – hardly the height of security. The firm had to issue a security patch for more than 2m BMW, Mini and Rolls-Royce vehicles.

As more and more software appears in cars, the problems of patching them will grow. Our desktop and laptop computers can be set to auto-update, but with embedded systems it’s not so easy. The next wave of the internet, the internet of things where billions of devices will be network-connected, will evidently bring a whole lot more security problems in terms of finding and fixing bugs – on many more devices than just cars.

Crowdsourcing debugging

Some companies take this seriously, while others try and distance themselves from flaws in their products. Google runs a Vulnerability Reward Program with rewards from US$100-$20,000. For example, Google will pay a reward of US$20,000 for any exploit that allows the remote takeover of a Google account.

Google even has a Hall of Fame, for which it awards points for the number of bugs found, their severity, how recent, and whether the bounty recipient gives their reward to charity – Nils Juenemann is currently in top place. Google also awards grants up to US$3,133.7 as part of its Vulnerability Research Grants scheme.

Microsoft and Facebook also operate Bug Bounty schemes to encourage digging out bugs in its own internet software, with a minimum bounty of US$5,000. But while these companies actively seek people to improve software by fixing bugs, companies such as Starbucks and Fiat Chrysler take a negative approach to those who find bugs in their products, unhelpfully describing such efforts as criminal activity.

Change of approach needed

I don’t mean to alarm, but software is one of the most unreliable things we have. Imagine if you were in the fast lane of the motorway when a blue-screen appears on your dashboard saying:

Error 1805: This car has encounter a serious error and will now shutdown and reboot

It would be back at the dealer in no time. We have put up with bugs for decades. We can’t trust these embedded software systems to be bug-free, yet they’re increasingly appearing in safety-critical systems such as speeding one-tonne vehicles. When was the last time your microprocessor suffered a hardware breakdown? Compare this to the last time Microsoft Word crashed and you can see it’s not the hardware’s fault. This is generally because software suffers from sloppy design, implementation and testing. So while a word processor crash is annoying, a car crash is clearly much worse. can we say: Potentially in both senses of the word. (?)

Car owners of the future will need to be a lot more savvy about keeping their vehicles updated. Consider that you are on the motorway one evening and the car informs you:

You have a critical update for your braking system, please select YES or NO to install the update. A reboot of the car is not required, and the update will be installed automatically from your Wi-Fi enabled vehicle

Would you answer YES or NO? If you choose NO, you don’t trust the software; if you choose YES you are entrusting it to execute without problems while driving at speed along a motorway. Neither of these are good places to be.

The auto industry has a long way to go to prove that it grasps the risks posed by network-enabled vehicles and to then tackle them with our safety at all costs in mind. An independent safety rating for cars would provide some incentive for manufacturers to get this right. As for penetration testers, the industry may find that bug bounty schemes can help do this difficult work for them for less money than it costs in fines and recalls when undiscovered bugs make it to their products on the market.

Windows 10: Microsoft's universal system for an increasingly mobile world

Windows 10, a bit of the new, a bit of the old. Microsoft

With Windows 10, Microsoft is trying to turn the tide against the proliferation of operating systems across desktops, servers, tablets and smartphones by creating a single operating system that will run on them all.

Currently the world’s billions of Windows users are spread across its older versions, with Windows XP, released in 2001, still boasting the same installed base of users (around 12% market share) as the two-year-old Windows 8.1 (at 13%). The bulk of Windows users (61%), are still using Windows 7, released in 2009. And that’s not to mention the various incompatible Windows versions designed for tablets or smartphones.

Trying to consolidate different versions isn’t a new idea, although it’s much easier said than done. Recent versions of Apple OS X operating system for desktops and laptops have drawn inspiration from iOS designed for iPad and iPhone, while Canonical, the company behind the Ubuntu Linux distribution, has also produced a version for phones.

However, with Windows 10, Microsoft is taking the idea to its logical conclusion, producing not just a single OS for all devices, but a framework for apps that run on all of them, making the move between devices seamless.

One app to rule them

If we believe the Microsoft marketing machine, this will be the start of the era of Windows universal apps. There are many clever things in Windows 10, such as the integration of the digital assistant Cortana, but universal apps are what really excites me. This will allow developers to write code once and deploy it to all the different devices Windows 10 supports. It’s not quite as easy as Microsoft would have us believe though: there would still need to be some code that’s written specifically for each type of device, only some of it would be shared.

This is exciting because Microsoft is hoping to entice developers and bridge the “app gap” on Windows devices. As of May 2015, the Google Play Store has 1.5m apps, the Apple App Store has 1.4m, while the Windows Phone Store a mere 340,000. Applications, and therefore available developers to create them, are key. Getting developers on board is the best way for Microsoft to make headway in the race to get their devices into our pockets.

Mixing the new and the old

I’ve spent some time with the technical and insider previews of Windows 10 for the desktop. The latest builds are speedy and show a lot of promise, so much so that every one of my Windows tablets and desktops are now signed up and awaiting the free upgrade. As predicted, it blends the traditional desktop experience of Windows 7 with the apps-based approach of Windows 8. It feels like a new desktop experience but is also familiar, an evolution rather than a revolution.

We’ve come a long way. Microsoft

Some of the key improvements are less headline grabbing than a talking digital assistant like Cortana or the return of the start menu. A key market as personal PC sales decline is the enterprise, and under the hood changes in security have been a heavy focus for Microsoft to ensure businesses are open to upgrading from Windows 7. But other than the front-end “bells and whistles” there aren’t too many obvious internal changes.

This familiarity should entice those Windows 7 users still holding out, those who found the new Metro UI interface of Windows 8.1 too much of a culture shock. Gone are the two interfaces, now merged into a single mix of traditional start menu with start screen stuck on the side. Gone too is the charms bar (popup menu) that was so heavily reliant on touch.

In another new move Windows 10 is being given away as an upgrade for free. With successive Android, iOS, Linux and OS X updates now offered free I think it was inevitable that Microsoft would eventually go the same route.

Although Windows 10 for desktop is available now, we’ll have to wait until September for the mobile version and to experiment with universal apps. Of course it’ll be a bit longer still to see what impact a unified OS platform has, and whether Windows 10 is the fresh start Microsoft is banking on.

When Chrome, YouTube and Firefox drop it like it's hot, Flash is a dead plugin walking

Despite its longevity, now there's more than just aesthetic reasons to drop Flash. logo by 360b/Shutterstock.com

After more than 20 years making the web a slightly more interesting and interactive place, albeit one that pandered to designers’ worst excesses and (in pre-broadband days) led to interminable download waiting times, the word on the net is that Adobe Flash Must Die.

The ironic hack of Hacking Team, the controversial security and surveillance software firm, exposed yet another brace of security flaws and vulnerabilities in Flash, the hugely popular multimedia animation plugin for web browsers. This may be the final straw: Mozilla has disabled Flash by default in its Firefox browser, and Facebook’s chief of security has called for Adobe to set a date when the program will be taken behind the shed and shot:

Why hate Flash?

The software and services that Hacking Team sells provide the means for its government and law enforcement clients to break into and even control computers remotely through the internet. The huge leak of the firm’s company data also revealed details of previously unknown vulnerabilities in software that could be exploited to provide ways of hacking computers – known as zero-day vulnerabilities because the software’s manufacturer has no time to fix the problem.

Zero-day vulnerabilities are great news for criminals. Three of these vulnerabilities were in Flash, and some of those revealed in the leaked documents appeared in attack kits available online within hours – faster than the developers of the affected programs could fix the holes, let alone distribute the updates to millions of users worldwide.

The Flash plugin is notorious for being riddled with security flaws and other shortcomings. Yet it’s also one of the most popular pieces of software on the planet. So what will it take to kill it?

It seemed like a good idea at the time

Back in the web’s dim and distant past (the 1990s), web pages were static, unyielding things with just text and images and occasionally a dumb animated GIF that everyone but the designer hated.

But we wanted more: interactivity, responsiveness, perhaps even a little bit of bling. Flash made this happen, and animators and designers could create all the interactivity they wanted and wrap it up in a file that was inserted into the web page and downloaded on request.

The web is a hostile place for browsers, however, and the more functionality exposed to the web, the larger the surface exposed to attack. Flash offers a large attack surface, and because animation is often computationally demanding, Flash needed deep access to many aspects of the computer to work well, making any flaw potentially serious.

Security isn’t the only problem with Flash. For example it wasn’t security but Flash’s demanding processor and battery consumption that caused Steve Jobs to banish Flash from the iPhone and iPad. On a device with such limited resources as a smartphone or tablet, Flash just doesn’t fit.

While these drawbacks could be tackled, Flash’s proprietor Adobe seems uninterested in doing so, having not released an update to Flash Player on mobile since 2012.

Flash forward to the future

Yet Flash endures, mainly on account of the last 20 years in which websites have been created using it and the plugin has been installed in billions of browsers. There have been attempts at alternatives: Microsoft’s Silverlight was Windows-specific and never caught on, and even the company itself urges people not to use it; Java applets have even worse problems than Flash, and have already been deprecated or removed from modern browsers.

The best hope for the elimination of Flash is HTML 5. The latest version of HTML, the markup language in which web pages are written, finally includes support for directly embedding video and audio in a web page. In combination with JavaScript, web pages can now offer all the interactivity and animated bling that anyone could want. Having previously been without a doubt the largest user of Flash, YouTube now uses an HTML 5-based player as default for its video content. Google’s Chrome browser dropped support for Adobe Flash some time ago, and uses only its own version.

Inside, HTML 5 supports a lot of technologies such as audio/video now, with more to come. Sergey Mavrody, CC BY-SA

HTML 5 has two major advantages over Flash. As a much more modern technology (2014 versus 1995) it delivers better results with fewer resources, making it better suited to mobile devices. But more importantly it requires no plugin, which means the surface open to attack by hackers doesn’t expand just because you want to watch a video, or because some site wants to display an animated advert.

Of course there are still sites that use Flash extensively, and these will have to be redesigned in HTML 5. While these sites still exist and people wish to use them, the Flash problem will not go away.

It’s more than just Flash

Flash’s problems make it an easy target, but it’s just one place where security failures occur. Of the zero-day exploits discovered so far in the Hacking Team leak, three relate to Flash, one to Java, one to a font processor for Windows (also made by Adobe), and one to Microsoft’s Internet Explorer 11 browser. But security is hard, no software is invulnerable, and breaches like this will continue to happen. Even if Flash is somehow secured – or disappears entirely – security flaws will still be found and exploited in other software. Security is an ongoing journey, not a destination.

The bigger problem is how the exploits originate. Hacking Team didn’t discover most of these exploits – they bought them from hackers who found them, keeping them secret for use in their products. Perhaps this is why a security firm such as Hacking Team becomes a tempting target for criminals, as a concentrated source of zero-day exploits.

As governments and intelligence agencies collect more information, they will also become more valuable targets. If Britain’s GCHQ is able to bypass all encryption, as prime minister David Cameron has suggested, then all our data could be vulnerable to anyone who can find the slightest crack in GCHQ’s armour.

Five bizarre fossil discoveries that got scientists excited

I've made a huge discovery! Gabor Lonyai/flickr, CC BY-SA

From trilobites to tyrannosaurs, most fossils are of creatures with hard shells or bones. These materials don’t easily biodegrade and sediment has time to build up around them and turn them into a record of the creature that is still with us millions of years after it has died. Soft-bodied organisms like worms, on the other hand, decay rapidly and their fossil record is decidedly patchy.

In exceptional circumstances, however, their remains are preserved and sometimes in the most unusual places. With the right detective skills, palaeontologists can use such discoveries to open up whole new windows on the history of life on Earth. A recent discovery found in 50-million-year-old rocks from Antarctica has yielded a particularly incredible example: fossilised worm sperm.

It’s a great reminder that there are far stranger fossils out there than dinosaur bones. Here are some of the most bizarre specimens ever found.

1. Ancient sperm

A seminal discovery Department of Palaeobiology, Swedish Museum of Natural History

This remarkable find of fossilised spermatozoa from a clitellate or “collared” worm represents the oldest animal sperm ever discovered, beating the previous record holder – springtail sperm found in Baltic amber – by at least ten million years.

The sperm preservation was made possible because such worms reproduce by releasing their eggs and sperm into protective cocoons. In this case, a tough shell kept the cocoons intact until scientists discovered them in shallow marine gravels on the Antarctic Peninsula. Even then, it required high-powered microscopic analysis for the sperm to be spotted.

The sperm most resemble those of a leech-like group of worms that attach themselves to crayfish, even though today these live only in the northern hemisphere. But the researchers think the technique could be applied to other cocoon fossils, and help us learn more about previously cryptic creatures.

2. A well-endowed Silurian shrimp

Old todger?

If 50-million-year-old spermatozoa are surprising, what about a 425-million-year-old penis? Discovered in a ditch near the Anglo-Welsh border in the early 2000s, a tiny ostracod, or seed shrimp, proved to be quite clearly male. Preserved in three-dimensions with all its soft tissues fossilised, it was proportionally well-endowed. “Old Todger” was the headline in the The Sun newspaper.

During the Silurian period (443-419 million years ago), the Welsh borderlands lay on the shelf of a tropical sea. Marine animals were occasionally smothered, entombed and petrified by the ash of distant volcanoes. The ostracod – and countless other small fossils – cannot be seen adequately using microscopes, however, so their mineral tomb has to be gradually ground away and the fossil recreated with 3D digital imaging.

3. Ancient reptile poo and puke

It’s amazing what passes for a fossil. Poozeum/Wikimedia Commons, CC BY-SA

The notion that where there’s muck there’s brass is perhaps best shown by coprolites: petrified dung that can be found in many palaeontological shops. Beyond the novelty, such specimens are “trace fossils” of tremendous palaeoecological value. This means they can tell scientists precisely what an extinct creature was eating.

Coprolites are actually just one element of a richer broth, that of bromalites or “stink rocks”. The term was coined in the early 1990s to encompass all matter of excreta preserved in the rock record, and in the last few years, bromalites have been popping up everywhere.

In Australia, they show that Cretaceous plesiosaurs were bottom feeders. In Poland the regurgitated dinners of shell-crushing fish help us work out how life recovered from the biggest mass extinction in Earth history. And in Jurassic shales from Peterborough and Whitby, pavements of squid-like belemnites have been interpreted as ichthyosaur vomit.

4. Yorkshire rhinos

Buckland in the hyaena’s cave

One very odd fossil discovery was made in Kirkdale Cave, near Kirkbymoorside, North Yorkshire in 1821. Workman quarrying for roadstone found a cliffside hollow full of large animal bones. They were at first thought to be cattle, but a local naturalist saw that they were more exotic-looking, and the remains eventually made their way to Oxford University’s Professor William Buckland.

A man who claimed to have eaten his way through the entire animal kingdom, Buckland was the most marvellous experimental scientist. He recognised that the bones were mainly of large herbivores, such as elephants and rhinos. They showed signs of having been gnawed, and fossilised faeces found on the cave floor resembled those of hyaenas. Conveniently being in possession of one as a pet, Buckland proved Kirkdale Cave had been a hyaena den, and founded the science of palaeoecology. Almost two hundred years on, we know that “African” megafauna roamed the Vale of Pickering about 125,000 years ago, in a warm phase between ice ages.

5. A mystery monster

Slice of history. Ghedoghedo/Wikimedia Commons, CC BY-SA

The fossils of Mazon Creek in Illinois, USA, were first encountered during coal mining in the 19th Century. But it wasn’t until the 1950s that the site became fossiliferously famous, thanks to Francis Tully’s discovery of an exceptionally weird beast: a beautifully preserved soft-bodied animal revealed in a naturally split mineral nodule.

Specimens turned out to be quite abundant but unique to Mazon Creek, and the beast was given the name of Tullimonstrum gregarium. It is now the state fossil of Illinois. Trouble is, no-one knows what Mr Tully’s Common Monster really is. A few inches long, it has a long snout with toothy pincers at the end, two eyes on stalks, a segmented body, and a finned tail. It was probably a predator, and the rocks it was found in suggest that it lived in tropical, shallow seas.

Beyond that, after more than half a century, we’re not much the wiser. It cannot be satisfactorily united with any other invertebrate group, living or extinct. Even with exceptional preservation, the fossil record always has the capacity to surprise.