Device Tracking via Linux's New TCP Source Port Selection Algorithm (Extended Version)

We describe a tracking technique for Linux devices, exploiting a new TCP source port generation mechanism recently introduced to the Linux kernel. This mechanism is based on an algorithm, standardized in RFC 6056, for boosting security by better randomizing port selection. Our technique detects collisions in a hash function used in the said algorithm, based on sampling TCP source ports generated in an attacker-prescribed manner. These hash collisions depend solely on a per-device key, and thus the set of collisions forms a device ID that allows tracking devices across browsers, browser privacy modes, containers, and IPv4/IPv6 networks (including some VPNs). It can distinguish among devices with identical hardware and software, and lasts until the device restarts. We implemented this technique and then tested it using tracking servers in two different locations and with Linux devices on various networks. We also tested it on an Android device that we patched to introduce the new port selection algorithm. The tracking technique works in real-life conditions, and we report detailed findings about it, including its dwell time, scalability, and success rate in different network types. We worked with the Linux kernel team to mitigate the exploit, resulting in a security patch introduced in May 2022 to the Linux kernel, and we provide recommendations for better securing the port selection algorithm in the paper.Comment: This is an extended version of a paper with the same name that will be presented in the 32nd Usenix Security Symposium (USENIX 2023). UPDATE (2022-10-08): We revised some bibliography entries and clarified some aspects of the mathematical analysi

Universal mean moment rate profiles of earthquake ruptures

Earthquake phenomenology exhibits a number of power law distributions including the Gutenberg-Richter frequency-size statistics and the Omori law for aftershock decay rates. In search for a basic model that renders correct predictions on long spatio-temporal scales, we discuss results associated with a heterogeneous fault with long range stress-transfer interactions. To better understand earthquake dynamics we focus on faults with Gutenberg-Richter like earthquake statistics and develop two universal scaling functions as a stronger test of the theory against observations than mere scaling exponents that have large error bars. Universal shape profiles contain crucial information on the underlying dynamics in a variety of systems. As in magnetic systems, we find that our analysis for earthquakes provides a good overall agreement between theory and observations, but with a potential discrepancy in one particular universal scaling function for moment-rates. The results reveal interesting connections between the physics of vastly different systems with avalanche noise.Comment: 13 pages, 5 figure

A unified method for optimal arbitrary pole placement

We consider the classic problem of pole placement by state feedback. We offer an eigenstructure assignment algorithm to obtain a novel parametric form for the pole-placing feedback matrix that can deliver any set of desired closed-loop eigenvalues, with any desired multiplicities. This parametric formula is then exploited to introduce an unconstrained nonlinear optimisation algorithm to obtain a feedback matrix that delivers the desired pole placement with optimal robustness and minimum gain. Lastly we compare the performance of our method against several others from the recent literature

GWTC-2.1: Deep Extended Catalog of Compact Binary Coalescences Observed by LIGO and Virgo During the First Half of the Third Observing Run

The second Gravitational-Wave Transient Catalog reported on 39 compact binary coalescences observed by the Advanced LIGO and Advanced Virgo detectors between 1 April 2019 15:00 UTC and 1 October 2019 15:00 UTC. We present GWTC-2.1, which reports on a deeper list of candidate events observed over the same period. We analyze the final version of the strain data over this period with improved calibration and better subtraction of excess noise, which has been publicly released. We employ three matched-filter search pipelines for candidate identification, and estimate the astrophysical probability for each candidate event. While GWTC-2 used a false alarm rate threshold of 2 per year, we include in GWTC-2.1, 1201 candidates that pass a false alarm rate threshold of 2 per day. We calculate the source properties of a subset of 44 high-significance candidates that have an astrophysical probability greater than 0.5. Of these candidates, 36 have been reported in GWTC-2. If the 8 additional high-significance candidates presented here are astrophysical, the mass range of events that are unambiguously identified as binary black holes (both objects ≥3M⊙) is increased compared to GWTC-2, with total masses from ∼14M⊙ for GW190924_021846 to ∼182M⊙ for GW190426_190642. The primary components of two new candidate events (GW190403_051519 and GW190426_190642) fall in the mass gap predicted by pair instability supernova theory. We also expand the population of binaries with significantly asymmetric mass ratios reported in GWTC-2 by an additional two events (the mass ratio is less than 0.65 and 0.44 at 90% probability for GW190403_051519 and GW190917_114630 respectively), and find that 2 of the 8 new events have effective inspiral spins χeff>0 (at 90% credibility), while no binary is consistent with χeff < 0 at the same significance

Case Report Use of Early Inhaled Nitric Oxide Therapy in Fat Embolism Syndrome to Prevent Right Heart Failure

Fat embolism syndrome (FES) is a life-threatening condition in which multiorgan dysfunction manifests 48-72 hours after long bone or pelvis fractures. Right ventricular (RV) failure, especially in the setting of pulmonary hypertension, is a frequent feature of FES. We report our experience treating 2 young, previously healthy trauma patients who developed severe hypoxemia in the setting of FES. Neither patient had evidence of RV dysfunction on echocardiogram. The patients were treated with inhaled nitric oxide (NO), and their oxygenation significantly improved over the subsequent few days. Neither patient developed any cardiovascular compromise. Patients with FES that have severe hypoxemia and evidence of adult respiratory distress syndrome (ARDS) are likely at risk for developing RV failure. We recommend that these patients with FES and severe refractory hypoxemia should be treated with inhaled NO therapy prior to the onset of RV dysfunction

Software systems for operation, control, and monitoring of the EBEX instrument

We present the hardware and software systems implementing autonomous operation, distributed real-time monitoring, and control for the EBEX instrument. EBEX is a NASA-funded balloon-borne microwave polarimeter designed for a 14 day Antarctic flight that circumnavigates the pole. To meet its science goals the EBEX instrument autonomously executes several tasks in parallel: it collects attitude data and maintains pointing control in order to adhere to an observing schedule; tunes and operates up to 1920 TES bolometers and 120 SQUID amplifiers controlled by as many as 30 embedded computers; coordinates and dispatches jobs across an onboard computer network to manage this detector readout system; logs over 3~GiB/hour of science and housekeeping data to an onboard disk storage array; responds to a variety of commands and exogenous events; and downlinks multiple heterogeneous data streams representing a selected subset of the total logged data. Most of the systems implementing these functions have been tested during a recent engineering flight of the payload, and have proven to meet the target requirements. The EBEX ground segment couples uplink and downlink hardware to a client-server software stack, enabling real-time monitoring and command responsibility to be distributed across the public internet or other standard computer networks. Using the emerging dirfile standard as a uniform intermediate data format, a variety of front end programs provide access to different components and views of the downlinked data products. This distributed architecture was demonstrated operating across multiple widely dispersed sites prior to and during the EBEX engineering flight.Comment: 11 pages, to appear in Proceedings of SPIE Astronomical Telescopes and Instrumentation 2010; adjusted metadata for arXiv submissio