This Week in Tech 657: DadGum Cell Phone

SXSW features killer robots and killer barbeque. Alexa’s spontaneous laugh makes us afraid of an AI takeover. Amazon wants to take over your checking account. Can blockchain reinvent fintech? Android users more loyal than iOS users. Is AI really all that smart? Apple hires M. Night Shyamalan. Millennials love Apple more than anything. Mario takes over Google Maps. Facebook asks if pedophilia is ok. On Twitter, fake news spreads faster than the truth. China’s new Department of PreCrime.

Chinese users blast Microsoft’s draconian Windows 10 upgrade

By | PCWorld

Chinese users have complained about Microsoft’s latest aggressive move to get them to adopt Windows 10, according to the news service backed by the country’s Communist government.

“IT giant Microsoft is under fire in China as the company pushes users to upgrade their operating systems to Windows 10,” said China Daily, an English-language newspaper in the People’s Republic of China (PRC), in a story reprinted from Xinhua, the government’s official news agency.

Xinhua’s account resembled those in Western media, describing users whose PCs were upgraded to Windows 10 without their approval or because they overlooked an on-screen notification.

Earlier this month, Microsoft began another push to boost adoption by pre-scheduling the free Windows 10 upgrade. On-screen notices warned users of the impending upgrade, but limited the cancel option to an easily-overlooked, one-word link in the notification’s text. And clicking the red “X” in the upper-right corner of the dialog box — by convention a last resort for users wanting to cancel an operation — instead authorized the upgrade to begin at the allotted time.

“Just because I didn’t see the pop-up reminder does not mean I agreed,” Yang Shuo, an employee of a Beijing-based public relations firm, told Xinhua.

Microsoft remains on shaky ground in China as a two-year-old antitrust investigation continues. But the Redmond, Wash. company has also scored victories, including partnering with one of the country’s largest defense conglomerates to promote and sell Windows 10 to PRC government agencies.

Microsoft has also joined forces with Baidu to distribute the Windows 10 upgrade in China in exchange for making the search provider the default within Edge, the operating system’s newest browser.

The Chinese government often uses Xinhua to express its views on Western technology firms, which makes another quote in the story stand out. “The company has abused its dominant market position and broken the market order for fair play,” Zhao Zhanling, a legal advisor with the Internet Society of China (ISC), told the news service.

The ISC is supported by several Chinese government agencies, including the Ministry of Information Industry, the Ministry of Education and the State Council Information Office.

The Windows 10 upgrade offer is to expire July 29.

China retains supercomputing crown as U.S. representation lingers near historic lows

A supercomputer developed by China’s National Defense University remains the fastest publically known computer in the world while the U.S. is close to an historic low in the latest edition of the closely followed Top 500 supercomputer ranking, which was published on Monday.

The Tianhe-2 computer, based at the National Super Computer Center in Guangzhou, has been on the top of the list for more than two years and its maximum achieved performance of 33,863 teraflops per second is almost double that of the U.S. Department of Energy’s Cray Titan supercomputer, which is at Oak Ridge National Laboratory in Tennessee.

The IBM Sequoia computer at Lawrence Livermore National Laboratory in California is the third fastest machine, and fourth on the list is the Fujitsu K computer at Japan’s Advanced Institute for Computational Science. The only new machine to enter the top 10 is the Shaheen II computer of King Abdullah University of Science and Technology in Saudi Arabia, which is ranked seventh.

The Top 500 list, published twice a year to coincide with supercomputer conferences, is closely watched as an indicator of the status of development and investment in high-performance computing around the world. It also provides insights into what technologies are popular among organizations building these machines, but participation is voluntary. It’s quite possible a number of secret supercomputers exist that are not counted in the list.

With 231 machines in the Top 500 list, the U.S. remains the top country in terms of the number of supercomputers, but that’s close to the all-time low of 226 hit in mid-2002. That was right about the time that China began appearing on the list. It rose to claim 76 machines this time last year, but the latest count has China at 37 computers.

While there are few major changes in the top positions in the ranking, the aggregate computing power of the 500 companies continues to advance, but the pace is slowing. The current list represents 361 petaflops per second of performance, up 31 percent on this time last year, but a noticeable slowdown in growth, according to the authors of the study.

The rise of the use of graphics processors, so-called GPU computing, is reflected in the top 10. Two machines used Nvidia K20x processors: the second-ranked Cray Titan and sixth-ranked Cray Piz Daint, which is installed at the Swiss National Supercomputing Centre.

But Intel’s Xeon E5 chip continues to outrank all others. Taken together, three generations of the chip (SandyBridge, IvyBridge and Haswell) are in 80 percent of systems, representing 67 percent of total performance.

The Top 500 list is compiled by supercomputing experts at the University of Mannheim, Germany; the University of Tennessee, Knoxville; and the Department of Energy’s Lawrence Berkeley National Laboratory.

via China retains supercomputing crown as U.S. representation lingers near historic lows | PCWorld.

Russia, China reportedly crack Snowden’s files, identify US, UK spies

Russian and Chinese intelligence agencies have reportedly decrypted files of former U.S. National Security Agency contractor and leaker Edward Snowden, and have identified British and U.S. secret agents.

MI6, the U.K.’s secret intelligence service, has withdrawn agents from overseas operations in hostile countries, according to a report in the Sunday Times of London, citing U.K. government officials and Western intelligence agencies.

The report contains some apparently contradictory information. Although The Sunday Times quoted a U.K. Home Office official saying that Snowden has “blood on his hands,” it also quoted a government source saying that there was no sign that agents have been hurt.

Prime Minister David Cameron’s aides, however, confirmed that Snowden’s files are in the hands of Russian and Chinese intelligence agencies, according to the report.

“It is the case that Russians and Chinese have information,” according to one top U.K. government source cited by the report. “It has meant agents have had to be moved and that knowledge of how we operate has stopped us getting vital information. There is no evidence of anyone being harmed.”

The report quotes David Omand, the former director of the U.K.’s Government Communications Headquarters (GCHQ) intelligence agency, saying that access by Russia and China to Snowden’s material is a “huge strategic setback” that was “harming” to the U.K., the U.S. America and their allies.

The NSA and U.S. Central Intelligence Agency did not reply to requests for comment about the report.

The first leaks about U.S. surveillance operations from Snowden came out two years ago. Snowden fled the U.S. to go first to Hong Kong before seeking refuge in Russia.

Snowden has said in the past that he was capable of preventing files that he obtained from being decrypted by foreign intelligence agencies. The information he leaked has led to ongoing debate in the U.S. about the scope of government spying. Just last week, the U.S. Senate passed legislation to curb the NSA’s bulk collection of domestic telephone records, sending the bill to President Barack Obama for his signature.

via Russia, China reportedly crack Snowden’s files, identify US, UK spies | PCWorld.

Google Chrome will banish Chinese certificate authority for breach of trust [Updated]

Google’s Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains.

The move could have major consequences for huge numbers of Internet users as Chrome, the world’s second most widely used browser, stops recognizing all website certificates issued by CNNIC. That could leave huge numbers of users suddenly unable to connect to banks and e-commerce sites. To give affected website operators time to obtain new credentials from a different certificate authority, Google will wait an unspecified period of time before implementing the change. Once that grace period ends, Google engineers will blacklist both CNNIC’s root and extended-validation certificates in Chrome and all other Google software.

The unauthorized certificates were issued by Egypt-based MCS Holdings, an intermediate certificate authority that operated under the authority of CNNIC. MCS used the certificates in a man-in-the-middle proxy, a device that intercepts secure connections by masquerading as the intended destination. Such devices are sometimes used by companies to monitor employees’ encrypted traffic for legal or human resources reasons. It’s one of the first times a certificate authority has faced such a banishment since the downfall of Netherlands-based DigiNotar in 2011. Other CAs, including US-based Trustwave, have also done what CNNIC did without getting the boot. While worldwide Chrome is the No. 2 most used browser, it had a commanding, 52-percent share in China last year, compared to 23 percent for IE.

The move was announced on Wednesday evening in an update to last week’s blog post disclosing the misissued certificates. The update left open the possibility that CNNIC may be reinstated at an undetermined future date if the group gives a detailed accounting of all currently valid certificates. The update read:

Update – April 1: As a result of a joint investigation of the events surrounding this incident by Google and CNNIC, we have decided that the CNNIC Root and EV CAs will no longer be recognized in Google products. This will take effect in a future Chrome update. To assist customers affected by this decision, for a limited time we will allow CNNIC’s existing certificates to continue to be marked as trusted in Chrome, through the use of a publicly disclosed whitelist. While neither we nor CNNIC believe any further unauthorized digital certificates have been issued, nor do we believe the misissued certificates were used outside the limited scope of MCS Holdings’ test network, CNNIC will be working to prevent any future incidents. CNNIC will implement Certificate Transparency for all of their certificates prior to any request for reinclusion. We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place.

As this post was being prepared, it wasn’t clear if Mozilla or Microsoft planned to update Firefox and Internet explorer to also stop trusting CNNIC. Firefox 37, released this week, stopped trusting all certificates issued by MCS Holdings, and Microsoft has announced similar plans for Windows. Revoking trust in the root CNNIC certificate would be a much more disruptive course of action, since many more website certificates would be affected.

Update 1: In an e-mailed statement, Mozilla Cryptographic Engineering Manager Richard Barnes said: “We believe it is very important to include the Mozilla community in these discussions, so we are taking a bit longer to announce our official plan. We expect to wrap up our discussion in mozilla.dev.security.policy soon, and in the meantime you can see the plan we are currently discussing here.”

The plan under consideration would:

Reject certificates chaining to CNNIC with a notBefore date after a threshold date

Request that CNNIC provide a list of currently valid certificates and publish that list so that the community can recognize any back-dated certs

Allow CNNIC to re-apply for full inclusion, with some additional requirements (to be discussed on this list)

If CNNIC’s re-application is unsuccessful, then their root certificates will be removed

Update2: Officials with CNNIC have issued a statement that’s sharply critical of Google’s move. It reads:

via Google Chrome will banish Chinese certificate authority for breach of trust [Updated] | Ars Technica.

GitHub still recovering from huge DDoS attack that started late last week

Popular coding website GitHub was the target of a huge distributed denial of service (DDoS) attack that started late last week and ran through the better part of the weekend.

Security researchers told The Wall Street Journal that the traffic was originally meant for Baidu, China’s most popular search engine. A GitHub blog post from Friday corroborates that theory, noting that the DDoS attack involved a wide range of attack vectors including every one they’ve seen from previous attacks as well as newer techniques.

The newer methods appear to be redirecting web traffic meant for Baidu and sending it to two specific GitHub pages: a copy of a Chinese version of The New York Times and one run by greatfire.org, a site that helps Chinese web users get around government-based Internet censorship.

GitHub said they believe the intent of the attack is to convince them to remove a specific class of content and that this is the largest attack in the site’s history.

The DDoS attack has evolved and we are working to mitigate

— GitHub Status (@githubstatus) March 30, 2015

As of writing, the Twitter account for the site’s health notes that mitigation tactics are deflecting most attack traffic.

The Cyperspace Administration of China didn’t respond to a request for comment by the WSJ on Sunday. Baidu said that after careful inspection by its security engineers, they ruled out the possibility of security problems or hacker attacks of their products. Security experts that the WSJ spoke to said the attack likely involved Chinese authorities because traffic was redirected at a high level.

via GitHub still recovering from huge DDoS attack that started late last week – TechSpot.

China wants Silicon Valley’s encryption keys: Good business, or get out?

The Chinese government has introduced plans for a far-reaching counter-terrorism law that would require tech companies to hand over encryption keys and source code — even “backdoors” to give Chinese authorities surveillance access, according to Reuters.

The draft law, on its second reading in the state’s parliament, is expected to be passed in a matter of weeks.

In an interview with the news agency, President Obama said he has brought up the issue with the Chinese premier.

“We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States,” the president said.

Except that’s not exactly what’s going on here. It’s U.S. tech companies that want to do business with China, thanks to its massive population, burgeoning economy, and its considerable potential financial returns. It’s where some of the big global powerhouses are. It would be absurd to no longer do business in the economic and manufacturing heart of the world.

China’s rules are broad and borderline terrifying for companies and countries wanting to do business with the Communist state. Making matters worse, tech companies can’t possibly comply with the proposed rules. It’s not surprising that China, with a history of stealing intellectual property, state-sponsored hacking, and shutting out businesses it doesn’t like from state procurement rules, is not trusted by the West.

But Beijing, which sees the rules as vital in protecting state and business secrets, is the one holding the cards. Beijing doesn’t trust Silicon Valley in the wake of the National Security Agency surveillance disclosures.

Read More: China wants Silicon Valley’s encryption keys: Good business, or get out? | ZDNet.

Sony PlayStation 4 launch in China delayed

It looks like Chinese fans of the Sony PlayStation 4 will have to wait a while longer before they can get their hands on the console, because its launch has just been delayed.

Originally slated to be launched in China on January 11th, the PlayStation 4 has been delayed due to “various factors” according to Sony’s statement.

Reuters reports via unnamed sources, that negotiations between the Japanese company and the Chinese government are to blame for the delay, which as this point is seemingly indefinite.

The launch of the PlayStation 4 would have marked the entry point for the console to China, one of the biggest gaming markets on the planet. The Chinese government banned game consoles fourteen years ago but it has recently allowed both Microsoft and Sony to join its market with highly censored and specially selected content.

After its own initial delay, Microsoft launched its Xbox One in the country late last year and the console was reportedly selling well. There’s no doubt that Sony is not happy about this delay which will hamper its ability to compete with its archrival.

via Sony PlayStation 4 launch in China delayed – Neowin.

Chinese hackers suspected in USPS breach, data on every employee compromised

The FBI is investigating a data breach at the U.S. Postal Service in which employees’ personal data may have been compromised. Every person on staff with the Postal Service, from the Postmaster General down to letter carriers, was exposed according to a report from the Washington Post.

Sources familiar with the matter told the publication that the names, dates of birth, Social Security numbers, addresses, dates of employment and other information on more than 800,000 employees was exposed. What’s more, customers that contacted the postal service customer care center via telephone between January 1, 2014, and August 16, 2014, are also at risk.

Customer credit card information, however, was not at risk.

In a statement on the matter, Postmaster General Patrick Donahoe said it is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity.

Donahoe added that they haven’t seen any evidence of malicious use of the compromised data. What’s more, they are taking steps to help employees protect against any potential misuse of their data.

Given the nature of the attack, sources familiar with the matter said Chinese government hackers are the prime suspects in the investigation. Officials overseeing the matter declined to comment on who might be responsible for the security breach which was first discovered in mid-September.

via Chinese hackers suspected in USPS breach, data on every employee compromised – TechSpot.

Researchers in China use light bulbs as a speedy alternative to Wi-Fi

Scientists at Shanghai’s Institute of Technical Physics have developed a light bulb that produces its own Wi-Fi signal. Aptly named Li-Fi, the connection it produces is said to actually work better than the average wireless connection in China. Talk about a bright idea!

A one-watt LED bulb permits up to four nearby computers to connect to the Internet using light frequencies instead of radio waves. On the technical side, we are told the bulb is embedded with a chip that produces a signal capable of wireless speeds up to 150 Mbps which is much faster than most networks in the country.

If the idea of the technology alone wasn’t cool enough, another benefit is the fact that it’s affordable. All you need is a light bulb and the Li-Fi kit.

Of course, it’s still in an early testing phase as there are a number of hurdles that still need to be overcome. For example, it doesn’t work when the bulb is off (kind of a given, no?) nor does it work if the bulb is blocked. What’s more, a good bit of work still needs to be done in terms of light communication controls and the microchip design / manufacturing.

Outside of light bulb usage, the technology could have practical implications in other areas such as with car headlights or focused light to transmit data. Researchers plan to showcase the technology at the Shanghai International Industry Fair November 5 with 10 kits on hand.

via Researchers in China use light bulbs as a speedy alternative to Wi-Fi – TechSpot.