An anonymous reader writes For the fifth consecutive year, the solar car team from the University of Michigan has won the American Solar Car Challenge. The event is an eight-day, 1,700-mile race with a total of 23 participating teams. The Umich victory comes in spite of a 20-30 minute delay when they had problems with the motor at the very beginning of the race. "They made the time up when team strategists decided to push the car to the speed limit while the sun was shining bright, rather than hold back to conserve energy." Footage of the race and daily updates on the car's performance are available from the team's website, as are the specs of the car itself. Notably, the current iteration of the car weighs only 320 pounds, a full 200 pounds lighter than the previous version.

chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.

New submitter meeotch writes: According to a new study by the Urban Institute, 35% of U.S. adults with a credit history (91% of the adult population of the U.S.) have debt "in collections" — a status generally not acquired until payments are at least 180 days past due. Debt problems seem to be worse in the South, with states hovering in the 40%+ range, while the Northeast has it better, at less than 30%. The study's authors claim their findings actually underrepresent low-income consumers, because "adults without a credit file are more likely to be financially disadvantaged."

Oddly, only 5% of adults have debt 30-180 days past due. This latter fact is partially accounted for by the fact that a broader range of debt can enter "in collections" status than "past due" status (e.g. parking tickets)... But also perhaps demonstrates that as one falls far enough along the debt spiral, escape becomes impossible. Particularly in the case of high-interest debt such as credit cards — the issuers of which cluster in states such as South Dakota, following a 1978 Supreme Court ruling that found that states' usury laws did not apply to banks headquartered in other states.

Even taking into account the folks who lost a parking ticket under their passenger seat, 35% is a pretty shocking number. Anyone have other theories why this number is so much higher than the 5% of people who are just "late"? How about some napkin math on the debt spiral?

An anonymous reader writes: Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people the two extensions achieve largely the same end, but in slightly different ways. However, recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some updates that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user's locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open.

From the Firepick website: 'We are developing a really cool robotic machine that is capable of assembling electronic circuit boards (it also 3D prints, and does some other stuff!). It uses a vacuum nozzle to pick really tiny resistors and computer chips up, and place them down very carefully on a printed circuit board.' There are lots of companies here and in China that will happily place and solder components on your printed circuit board, but hardly any that will do a one-off prototype or a small quantity. And the components have gotten small enough that this is really a job for a robot (or at least a Waldo), not human fingers. || There are obviously other devices on the market that do this, but Firepick Delta creator Neil Jansen says they are far too expensive for small companies, let alone individual makers.

The Firepick Delta Hackaday page talks about a $300 price for this machine. That may be too optimistic, but even if it ends up costing two or three times that amount, that's still a huge step forward for small-time inventors and custom manufacturers who need to populate just a few circuit boards, not thousands. They have a Haxlr8r pitch video, and have been noticed by TechCrunch, 3DPrintBoard.com, and Adafruit, just to name a few. Kickstarter? Not yet. Maybe next year. Open source? Totally, complete with GitHub repository. And they were at OSCON 2014, which is where Timothy found them. (Alternate Video Link)

Back in 2009, OKLabs/NICTA announced the first formally verified microkernel, seL4 (a member of the L4 family). Alas, it was proprietary software. Today, that's no longer the case: seL4 has been released under the GPLv2 (only, no "or later versions clause" unfortunately). An anonymous reader writes OSnews is reporting that the formally verified sel4 microkernel is now open source: "General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world's most highly assured OS." Source is over at Github. It supports ARM and x86 (including the popular Beaglebone ARM board). If you have an x86 with the VT-x and Extended Page Table extensions you can even run Linux atop seL4 (and the seL4 website is served by Linux on seL4).

astroengine writes: New observations from NASA's Saturn-orbiting Cassini spacecraft have revealed at least 101 individual geysers erupting from Enceladus' crust and, through careful analysis, planetary scientists have uncovered their origin. From the cracked ice in this region, fissures blast out water vapor mixed with organic compounds as huge geysers. Associated with these geysers are surface "hotspots" but until now there has been some ambiguity as to whether the hotspots are creating the geysers or whether the geysers are creating the hotspots. "Once we had these results in hand, we knew right away heat was not causing the geysers, but vice versa," said Carolyn Porco, leader of the Cassini imaging team from the Space Science Institute in Boulder, Colo., and lead author of one of the research papers. "It also told us the geysers are not a near-surface phenomenon, but have much deeper roots." And those roots point to a large subsurface source of liquid water — adding Enceladus as one of the few tantalizing destinations for future astrobiology missions.

Nerval's Lobster writes: Over at Dice, there's a breakdown of the programming languages that could prove most popular over the next year or two, including Apple's Swift, JavaScript, CSS3, and PHP. But perhaps the most interesting entry on the list is Erlang, an older language invented in 1986 by engineers at Ericsson. It was originally intended to be used specifically for telecommunications needs, but has since evolved into a general-purpose language, and found a home in cloud-based, high-performance computing when concurrency is needed. "There aren't a lot of Erlang jobs out there," writes developer Jeff Cogswell. "However, if you do master it (and I mean master it, not just learn a bit about it), then you'll probably land a really good job. That's the trade-off: You'll have to devote a lot of energy into it. But if you do, the payoffs could be high." And while the rest of the featured languages are no-brainers with regard to popularity, it's an open question how long it might take Swift to become popular, given how hard Apple will push it as the language for developing on iOS.

An anonymous reader writes: Today Senator Patrick Leahy (D-VT) introduced a bill that would ban bulk collection of telephone records and internet data for U.S. citizens. This is a stronger version of the legislation that passed the U.S. House in May, and it has support from the executive branch as well. "The bill, called the USA Freedom Act, would prohibit the government from collecting all information from a particular service provider or a broad geographic area, such as a city or area code, according to a release from Leahy's office. It would expand government and company reporting to the public and reform the Foreign Intelligence Surveillance Court, which reviews NSA intelligence activities. Both House and Senate measures would keep information out of NSA computers, but the Senate bill would impose stricter limits on how much data the spy agency could seek."