Welcome to tech Stuff, a production from iHeartRadio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with iHeartRadio and a love of all things tech. It is time for the Tech News per Tuesday, September twenty eight, twenty twenty one. And first, let's follow up on one of the recent Facebook stories, specifically the one about how Facebook researchers conducted an internal study that linked Instagram use with potential negative effects on mental health, particularly for teenage girls. Now, the head of Facebook's research department has posted on Facebook Newsroom that the conclusions that were drawn by the Wall Street Journal, which reported on all this, are inaccurate and do not reflect a proper interpretation of Facebook data. But really, the post mostly is an indictment against her own department's research practices. Because she stated that the study in question only had forty participants. That means that that sample size was way too small to allow for any kind of broad generalizations. Now, I actually agree with that, because forty is an incredibly small sample size for any kind of study. One might even argue that it really doesn't make any sense to conduct a study that has that small of a sample size, particularly if you are a company that has a platform with more than a billion users, more than two billion users. Now, that does not mean that the findings are necessarily inaccurate, right, I mean those findings might be accurate, But rather than that, you can say, well, you can't be sure of that because a sample size is way too small. It may be that you just happen to have outliers and that if you did a larger sample size, any effect would disappear. And you know, you just can't really say for sure to what if any degree Instagram contributes to negative mental health outcomes based on a study like that. But I will also say that her post feels a lot like Facebook is doing kind of a tight rope routine of saying the data doesn't show that, but also saying the study isn't sufficient to draw conclusions from, like unless there's other data that Facebook has, and there may well be, but they haven't shared it, then it's impossible to say. And because Facebook hasn't shared any extra information, there's no way to validate whether or not you know, the arguments that this is inaccurate are true. This Thursday and Tigany Davis, the head of safety at Facebook, will appear before the Senate Commerce Subcommittee to answer questions about the company and its research on Instagram's effects. And I am sure that there will be some senators with some pretty pointed questions. We will have to see if Davis answers those in a straightforward way or if we get more of what we've seen in the past, where Facebook kind of dances around answering things when it comes to accountability. In related news, Facebook has announced that has put a temporary hold on its plans to launch an Instagram app aimed at kids under the age of thirteen. According to the head of Instagram, Adam Massari, the decision to do this was in response to the public backlash that the company has faced, particularly in light of those Wall Street Journal stories I mentioned. He also took the time to lament that you know, we all just have it all wrong. This new Instagram app isn't meant for little kids, he explained. It's meant for kids that are between the ages of ten and twelve. Now I'm going to spare you my personal reaction to that particular response, because I think you could probably guess what it is. But he also tweeted out that kids are getting smart folks like younger ages, and then they go around and download apps and they misrepresent their ages in order to use those apps. So clearly it would be better to make apps for the kids. I would say, this doesn't explain how that stops kids from just continuing to download adult apps and to misrepresent their ages. Like that doesn't seem to solve that problem. It's really just saying, hey, they're already on there, so what harm could we do by introducing more of what they're already on. If anything, this is really a call both to companies and to parents to take more steps to protect kids. And I think parents need to have a lot of that responsibility. But how you know, we can't give companies a get out of jail free card just because they have a token age verification system that doesn't actually verify ages. In my mind, that's just a type of se purity theater, Right, You've got the appearance of security, but it's not actually making anything more secure. Now that's my own personal opinion. I could be way off base. Mossi argues that the app that was planned for younger users would give parents more oversight into what their kids are doing. But I don't know. I mean, with every story that I cover in this vein, I am tempted to just go move into the woods and become a hermit, except I know me, I would die of exposure within like two days. I'm a soft city boy, but the urge to retreat is definitely there. The Chinese government is taking some pretty extreme steps to curb energy consumption and carbon dioxide emissions within the country. More than half of all China's electricity comes from coal power plants, something like sixty three percent of it does, and while the country has committed to never building another coal power plant, it doesn't change the fact that right now China largely runs on coal. The price of coal in China has been on the rise lately, and so energy costs have subsequently been going up, and of course we have the carbon dioxide emissions issue. So to deal with these problems, China has started to cut off power to some major manufacturing centers in certain regions of the country, with the plan to potentially have a schedule in place for when those regions will be allowed to power these manufacturing centers and when those centers are going to go without power. Now, the hope is that doing all this will allow energy companies to get hold of some more commodities to offset production and stabilize prices, though there are some analysts who say that at best that would be like a temporary band aid. But in the meantime, it means that it's not always going to be business as usual in China's manufacturing centers, and since a lot of the world's leading electronics companies depend upon Chinese factories, this could mean that some companies experience some production lays. Coupled with the ongoing semiconductor shortage, this could mean that we're in for some tough times when it comes to consumer electronics. However, I should add that the semiconductor industry in particular will be allowed to continue to operate throughout this process, so China's not going to shut off power to facilities that are making semiconductor chips. Also, a lot of companies have facilities in different regions of China, and some regions are not affected by this. Some regions will continue and not be cutting off power to manufacturing centers, so those companies might just shift operations around as much as they can to offset any delays they would face due to the downtime. This next story needs a little bit of a lead in, all right, So have you ever tried to log into a service but you couldn't remember which password you used for it? So you try a few of your old standbys, and after three or so attempts, you get shut out and told that you can't try and log in again for several minutes. Well, that kind of system is in place to protect against a type of password attack called brute force, and with that name you probably have a pretty good idea of how this works. Someone trying to access a system you know they don't have authorization will end up submitting guests after guests in the password field, perhaps using a dictionary of common passwords to start off, and then moving beyond that to other guesses should the dictionary fail to score any hits. This is all done automatically. By the way, There are computer programs that are just meant to do this kind of attack. This is not a quick way to gain access to a system, but with a sufficiently powerful computer system behind it, you can get it done. It just takes time. So these protection systems are in place in order to prevent that. Right, the brute force attack would take a lot longer to do because the attacker would regularly get shut out after giving a few incorrect passwords. Another way that you can protect systems is to require two factor authentication. So a password is one factor, it represents something you know. A two factor authentication process would require either that you also submit something that you own, like your phone. So this is like when you try and log into something and a system sends you a text message with an access code that you need to put in an addition to your password, or maybe it requires something that you are like your biometric data like a fingerprint scan, and it's used in connection with the password. These systems also protect against brute force because the attacker needs more than just the password in order to access the system. All right, now we've got all that. Other way we can get to the actual story. Microsoft has a product called Azure Active Directory or Azure a D, and apparently it has neither of those protections in place. It is a single factor authentication system, so you just need a password and you can submit password to your heart's content, and apparently, in at least some versions, the system doesn't log the password attempts, so there's no record kept that someone is trying and failing to submit a password. Now, consider for a moment that Azure Active Directory is a way for corporate users to sign into a corporate account and then connect to all integrated corporate systems and devices. It's a one login solution in other words, so you might use it to log into your corporate email, but then it also logs you into the corporate HR system or maybe like a project management system that all of these different things. Because they have the one login approach, you already have authorization, so you're not frustrated by the fact that you have to authenticate every single time you try to access any company system. It's meant to make things more streamlined. Right, As long as you were able to authenticate that one gateway, you can access everything. So that means that this is a potential huge security vulnerability, right if a hacker targets and Azure ad log in and they have a user name and they're just submitting passwords, and those failed passwords aren't getting logged, So no system administrators are aware of this because there's no you know, notification popping up saying hey, so and so has submitted five seven eighty three incorrect guesses for their password. Maybe you need to look into this. Then you could just keep on attacking until you got a hit and managed to get into the system. If you would like to learn more about what scenarios this would work in and what you need to be on the lookout for, I really recommend reading As Sharma's post on Ours Technica. It is titled new Azure Active Directory password brute forcing flaw has no fix. That headline kind of as it all. All right, We've got some more news stories to cover, but before we get to that, let's take a quick break. If you are in the United States, you might remember that a couple of years ago, the Chinese telecommunications company Huawei fell under a lot of scrutiny here in America, and in part this was because then President Trump had engaged in a trade war with China, and so at least some of that motivation for the pressure on Huawei was political trade pressure, but there was also a growing concern that a Chinese company, one that presumably has important and tight connections with China's communist government, might not be the best fit when it comes to building out telecommunications infrastructure. So, in other words, if you're worried about potential Chinese spies. Maybe it's better not to hire a Chinese communications company to install critical infrastructure components within your own communications network. It's like opening the door for potential spies. In other words, so the US moved to push American communications companies to scuttle Huawei systems and to replace them with other systems. Now, the Federal Communications Commission, or FCC, says it has created a nearly two billion dollar program to reimburse telecom carriers that are going through the process of removing and replacing Huawei network hardware from their systems. These telecom companies are largely in rural areas in the United States, and I'm sure that that relief is a literal relief to them. These are not necessarily your gigantic coast to coast companies. In other words, video game company Activision Blizzard has entered into a settlement agreement with the US Equal Employment Opportunity Commission. This was in response to a lawsuit that the EOC brought against the company following multiple allegations of issues ranging from a hostile work environment to sexual harassment, to pay disparity and discrimination. As part of the settlement, activision. Blizzard will create a fund that will compensate employees who claim damages. So it Plays will submit a claim, it will be evaluated and then determined whether or not that employee merits getting money from this fund, and the total amount in that fund is in the neighborhood of eighteen million dollars. Any unclaimed funds after a certain period of time end up going to nonprofit organizations dedicated to attracting more women to enter into the video game development industry. Bobby Kodik, the CEO of the company, says that he and the executive team are dedicated to putting an end too the toxic work environment, which I really hope is a sincere statement. I mean, the cynical part of me says, well, of course you want to bring an end to that, because it's costing you money. As long as it wasn't costing you money, there was no real incentive. But the hopeful part of me says, we're trying to get better, and people genuinely want to make workplaces a more positive environment. So the optimist will continue to hope and the cynic will continue to mistrust. A researcher at the Ethereum Foundation named Virgil Griffith has pled guilty to charges that he helped the country of North Korea get around US sanctions that aimed to prevent North Korea from using blockchain technology. And that needs some explanation. So, first of all, Ethereum is a type of cryptocurrency, and when we talk about cryptocurrency, a lot of people just think Bitcoin, or maybe if they're in it for the means, they might think dogecoin. Ethereum is another big popular cryptocurrency that is currently trying to switch from a proof of work approach, which is what Bitcoin uses. That's where you're using very fast computers to try and solve a very hard computer problem before anyone else can, and it's the reason why these systems end up consuming so much energy and as a result, contribute to things like carbon emissions and energy spikes and all that kind of stuff. Ethereum is trying to move to a proof of stake approach, which does not require that kind of computational processing power in order to mine new coins. However, it does mean that you have to have a sufficient stake in ethereum in order to earn interest more ethereum. And so some people point out that that approach means that you already have to be wealthy in order to even enjoy that potential payout, so upside and downsides anyway, Like bitcoin, Ethereum uses blockchain to track transactions and to prevent people from spending the same ethereum unit twice. You know, if you have something that's digital, then arguably you could just copy it a billion times, so now instead of having one dollar bill, you have a billion dollar bills. Block Chain prevents that kind of stuff from happening. Well. Back in twenty nineteen, Virgil Griffith attended a blockchain conference in Pyongyang, and the US government alleges that Griffith's presentation at the conference was in effect an instruction manual for how North Korea could make use of blockchain technologies, despite US sanctions meant to prevent that very thing from happening. Griffith was arrested upon returning from the conference, and his trial was set to begin next week, but he decided to plead guilty to the charges, which could mean he could face up to twenty years in prison. We'll have to follow up on this as we learn more. No once we get to sentencing, Tesla has started to open up its full self driving or FSD program to a larger number of Tesla drivers, prompting them with a request feature that appears on the dashboard touchscreen, so you select it and then you can put in your request to be part of the program. So now if you have a Tesla that's capable of supporting FSD, you can ask to have that feature enabled on your Tesla. Except there is a catch. The company will run a safety check on each driver, checking their driving against five criteria to be certain that the drivers are responsible and safe. Those criteria include instances in which the driver prompted a forced autopilot disengagement. So autopilot is a driver assist feature that some Tesla owners have famously abused by treating it more as like a fully autonomous vehicle mode. And this particular feature asks drivers that they keep their hands on the wheel and they maintain their attention on the road, and if a driver does not do this, then the mode is supposed to alert the driver and disengage and thus force the driver to take over manual control of the car. So if that had happened, that would be a strike against you, would that would knock points off your safety score, but other criteria include stuff like how frequently the car had to engage features like a forward collision warning, which might indicate that you're following too closely or not paying enough attention, or how frequently the driver had to use hard breaking. Again, maybe you were traveling too fast or you break too late when you're coming up two stops. So you have to accrue a sufficient safety score before you will be given access to subscribe to FSD, But Tesla is not actually saying what that score threshold is. Only the drivers will be judged out of a total possible one hundred points, and most folks will land somewhere around eighty points. The FSD product requires a monthly subscription of one hundred ninety nine dollars a month, which is a princely sum. Tesla also offered a version where you could just buy it outright for the life of the car for ten thousand dollars. And I've got a lot of thoughts about this, and one of those is that the name of it full self driving is just as misleading as the name autopilot is, because it's really just more features that augment autopilot, so it can do stuff like in at least some cases have a car navigate out of a parking space on its own, so you can have it pull out of a space and then you get into the car. You don't have to squeeze by and that kind of stuff. But it doesn't always work in every situation, and it can also do things like obey traffic signals and stop signs, so it can travel on surface streets in this mode, and not just on highways. It can navigate from one highway to another. But it is not true self driving, or at least it's not truly fully self driving. It can't autonomously operate the car in all situations and scenarios, and many critics, including myself, have argued that the name doesn't reflect what the product actually does. Also, I find it somewhat telling that the company refers to the system as full self driving, but it is requiring drivers who are applying for this to pass a safety test before they get access to the features, because if it were really a full self driving feature, you would want bad drivers to get that, right, I mean, if the vehicle is capable of driving itself, which I argue full self driving at least heavily implies, presumably it will do so safely without the risk of an accident, and it makes more sense to give bad drivers that service and thus remove their human error from the road. But the fact that Tesla requires drivers to meet a minimum safety requirement tells me that that's not really what FSD does, right, Like, if it really did that, then you wouldn't need the safety check. If you need a safety check, you need to make sure that the person who's driving the car is going to be responsible, which tells you that FSD is not really FSD. It's an augmentation system, not a truly autonomous system. And I've got a lot of really critical thoughts about Tesla doing this kind of stuff because I feel that they set an unrealistic expectation in their customer base, and then people have an overreliance on technology that is not able to measure up to what the people are putting it to, Like they're putting way too much responsibility on the tech, and the tech just isn't up to the challenge, and part of that is fueled by the way Tesla markets it's technology. So yeah, I think it's reprehensible. If I'm being you know, blunt, all right, I'm gonna I'm gonna take a break and I'm gonna find a way down off this high horse. But we'll be back with some more news in just a second. Okay, we're back now. By the time you hear this episode, Amazon will have held a hardware event and revealed some new products, potentially a bunch of new ones. The event was invitation only. I did not get an invite. It's hurtful, so I have no idea what it is that they revealed. In fact, as I record this, the event has not yet happened, but it will within like twenty five minutes of me saying the sentence. The Verge has made some guesses as to what could be revealed, so I thought I would share with you what the Verge is guessing, and then you can compare and see if the Verge got it right. And I hope they did because I really, actually, I really like that site a lot. Anyway, the Verge predicts that Amazon will likely have a wall mounted echo device, so you know, another smart speaker screen device that you could actually mount on your wall. They also are predicting that there's probably going to be a sound bar system with Alexa integration in it. I mean We're already seeing sound bars that have Alexa integration incorporated into them, but this would be an official, like Echo soundbar type thing. There's also the possibility that the company will have a dash cam for cars that has Alexa integration built into it. That seems to be, you know, a pretty safe bet. But one thing that the Verge says we probably will not see is more information about a robot that Amazon has had in development for several years. It's a home assistant robot that was called Vesta, but apparently there have been some concerns within the company that there might not be sufficient demand for Vesta and that if Amazon released it as a product, it could just be a total flop, and that they would end up costing the company more because not enough people would buy it. So it's possible that the company is actually backing away from that project. We will have to wait and see what it is, they said, or you won't have to wait and see, because, like I said, by the time you hear this, they've already had that event. Anyway. Amazon is also facing some opposition in the state of California, and it's not the only one. Governor Knewsome signed a bill into law last week that will require companies that employ more than one thousand warehouse workers that they will have to disclose how they judge worker productivity, including how they set productivity quotas. Amazon and other companies that meet that criteria will then have thirty days after the bill becomes an actual law, which will happen on January first, twenty twenty two. At that point, they will have to disclose how they measure productivity and how they collect that information. And this law gives employees the right to sue their employers for unsafe quotas. So if a company is like working people beyond reason, if the quotas are so stringent and so restrictive that people can't you go to the bathroom, or they can't take a reasonable number of breaks, or they run the risk of injuring themselves because they have to work so hard in order to meet very high quotas. Well, now those employees could potentially sue their employers, and the employers would be held accountable for that in a court of law, at least in California. Now it will take quite a bit of effort on the part of workers in this process. It's not like a worker can just step forward and say I don't like working here and I'm going to sue the company. The law will demand that workers who assert that the company they work for has unsafe quotas, they will be required to provide ninety days so three months worth of documentation on productivity quotas that they have to meet in order to be considered you know, successful or failing at their job. In addition, California regulators will also be authorized to investigate work sites that have an injury rate that is one and a half times or greater than the industry average. If you remember from a previous Tech News episode, I talked about how Amazon delivery centers have an unusually high injury rate compared to other Amazon facilities and others within the delivery and warehouse industries. That might be a case where a state regulator would have the authorization to go in and conduct a full investigation to get to the bottom of why is that happening and to hold the company accountable for it down UNDA in Australia, and I apologize for that. I know I can never do an Australian accent. Australian and Scottish are two that I will never ever ever be able to do anyway down in Australia, citizens can rest assured that nature, which as I understand it is eighty percent more deadly in Australia, is prepared to fight the robot uprising. Now I say that because the drone company Wing, which is part of Google's parent company Alphabet, so this is like Google and Weymo, part of the Alphabet family, Wing has put its delivery service, which uses drones to deliver packages, on pause following a few cases of bird attacks on their drones. Google has been conduct tests of home delivery via drone in Canberra, Australia, which has been particularly useful during the pandemic where a lot of Australia is on lockdown and there are very stiff restrictions on when, if at all, people are allowed to leave their homes. But ravens have taken to attacking the drones, presumably out of concern that the drones are a predator. It is nesting season and so there's a fear from these ravens apparently that the drones are predators. Not predator drones, those are different. That's kind of a pun. So the ravens are just sort of protecting their nests. In other words, at least one of the attacks has downed a drone. So I'm very glad to hear this news because I would worry that the drones could potentially cause harm to the birds. And obviously I also worry that the birds could cause some packages to go undelivered, and if those packages are like critical, like maybe it's medication or something, that could be a really bad thing. And also, I bet it's weird to fill out a port saying you never got your package because birds were roughing up the delivery person. Anyway, Wing is studying ways to work around this issue, including learning more about bird behavior and any measures that the company could take to make certain their drones cause no environmental harm. And finally, on Monday, TikTok said it had passed the one billion monthly user mark that would be active users. The installed base is actually quite a bit larger than that. Of course, some people have TikTok installed on more than one of their own devices, so it's not apples to apples thing. TikTok launched in August twenty eighteen, so it took a little more than three years to reach one billion monthly users. Let's Compare that to Facebook, the king of social network platforms, reached one billion users eight years after the company launched. TikTok did it in less than half that time. TikTok is really a true beast of a player in the social networking space. Its parent company byte Dance reported it's revenue doubled in size from twenty nineteen to twenty twenty thanks largely to TikTok. Now I'm behind the times on TikTok. I am thankful that the app reminded me of that great Mika song Grace Kelly. You know, it's the one where everyone's going to I could be Brown, I could be blue, I could be Violet Sky. Great song, great album. Actually went out and bought that album on vinyl after being reminded of that song that I hadn't thought about in years. So thank you TikTok. I appreciate it. As for myself, I have only ever done one TikTok video. It is terrible. That's all I have to say about that. But you know, I'm also old, so there are other old people who are way better at TikTok than I am. I just don't think I'm ever gonna get there. Maybe I'll give it another try at some point. Anyway, that's it. That's the tech news that I have for you on Tuesday, September twenty eight, twenty twenty one. I hope you are all well. If you have anything you would like to share with me, maybe a topic you would like me to cover on tech Stuff, then reach out to me on Twitter. The handle for the show is tech stuff HSW and I'll talk to you again and really soon. Tech Stuff is an iHeartRadio production. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever you listen to your favorite shows

Welcome to tech Stuff, a production from iHeartRadio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with iHeartRadio and a love of all things tech. It is time for the Tech News per Tuesday, September twenty eight, twenty twenty one. And first, let's follow up on one of the recent Facebook stories, specifically the one about how Facebook researchers conducted an internal study that linked Instagram use with potential negative effects on mental health, particularly for teenage girls. Now, the head of Facebook's research department has posted on Facebook Newsroom that the conclusions that were drawn by the Wall Street Journal, which reported on all this, are inaccurate and do not reflect a proper interpretation of Facebook data. But really, the post mostly is an indictment against her own department's research practices. Because she stated that the study in question only had forty participants. That means that that sample size was way too small to allow for any kind of broad generalizations. Now, I actually agree with that, because forty is an incredibly small sample size for any kind of study. One might even argue that it really doesn't make any sense to conduct a study that has that small of a sample size, particularly if you are a company that has a platform with more than a billion users, more than two billion users. Now, that does not mean that the findings are necessarily inaccurate, right, I mean those findings might be accurate, But rather than that, you can say, well, you can't be sure of that because a sample size is way too small. It may be that you just happen to have outliers and that if you did a larger sample size, any effect would disappear. And you know, you just can't really say for sure to what if any degree Instagram contributes to negative mental health outcomes based on a study like that. But I will also say that her post feels a lot like Facebook is doing kind of a tight rope routine of saying the data doesn't show that, but also saying the study isn't sufficient to draw conclusions from, like unless there's other data that Facebook has, and there may well be, but they haven't shared it, then it's impossible to say. And because Facebook hasn't shared any extra information, there's no way to validate whether or not you know, the arguments that this is inaccurate are true. This Thursday and Tigany Davis, the head of safety at Facebook, will appear before the Senate Commerce Subcommittee to answer questions about the company and its research on Instagram's effects. And I am sure that there will be some senators with some pretty pointed questions. We will have to see if Davis answers those in a straightforward way or if we get more of what we've seen in the past, where Facebook kind of dances around answering things when it comes to accountability. In related news, Facebook has announced that has put a temporary hold on its plans to launch an Instagram app aimed at kids under the age of thirteen. According to the head of Instagram, Adam Massari, the decision to do this was in response to the public backlash that the company has faced, particularly in light of those Wall Street Journal stories I mentioned. He also took the time to lament that you know, we all just have it all wrong. This new Instagram app isn't meant for little kids, he explained. It's meant for kids that are between the ages of ten and twelve. Now I'm going to spare you my personal reaction to that particular response, because I think you could probably guess what it is. But he also tweeted out that kids are getting smart folks like younger ages, and then they go around and download apps and they misrepresent their ages in order to use those apps. So clearly it would be better to make apps for the kids. I would say, this doesn't explain how that stops kids from just continuing to download adult apps and to misrepresent their ages. Like that doesn't seem to solve that problem. It's really just saying, hey, they're already on there, so what harm could we do by introducing more of what they're already on. If anything, this is really a call both to companies and to parents to take more steps to protect kids. And I think parents need to have a lot of that responsibility. But how you know, we can't give companies a get out of jail free card just because they have a token age verification system that doesn't actually verify ages. In my mind, that's just a type of se purity theater, Right, You've got the appearance of security, but it's not actually making anything more secure. Now that's my own personal opinion. I could be way off base. Mossi argues that the app that was planned for younger users would give parents more oversight into what their kids are doing. But I don't know. I mean, with every story that I cover in this vein, I am tempted to just go move into the woods and become a hermit, except I know me, I would die of exposure within like two days. I'm a soft city boy, but the urge to retreat is definitely there. The Chinese government is taking some pretty extreme steps to curb energy consumption and carbon dioxide emissions within the country. More than half of all China's electricity comes from coal power plants, something like sixty three percent of it does, and while the country has committed to never building another coal power plant, it doesn't change the fact that right now China largely runs on coal. The price of coal in China has been on the rise lately, and so energy costs have subsequently been going up, and of course we have the carbon dioxide emissions issue. So to deal with these problems, China has started to cut off power to some major manufacturing centers in certain regions of the country, with the plan to potentially have a schedule in place for when those regions will be allowed to power these manufacturing centers and when those centers are going to go without power. Now, the hope is that doing all this will allow energy companies to get hold of some more commodities to offset production and stabilize prices, though there are some analysts who say that at best that would be like a temporary band aid. But in the meantime, it means that it's not always going to be business as usual in China's manufacturing centers, and since a lot of the world's leading electronics companies depend upon Chinese factories, this could mean that some companies experience some production lays. Coupled with the ongoing semiconductor shortage, this could mean that we're in for some tough times when it comes to consumer electronics. However, I should add that the semiconductor industry in particular will be allowed to continue to operate throughout this process, so China's not going to shut off power to facilities that are making semiconductor chips. Also, a lot of companies have facilities in different regions of China, and some regions are not affected by this. Some regions will continue and not be cutting off power to manufacturing centers, so those companies might just shift operations around as much as they can to offset any delays they would face due to the downtime. This next story needs a little bit of a lead in, all right, So have you ever tried to log into a service but you couldn't remember which password you used for it? So you try a few of your old standbys, and after three or so attempts, you get shut out and told that you can't try and log in again for several minutes. Well, that kind of system is in place to protect against a type of password attack called brute force, and with that name you probably have a pretty good idea of how this works. Someone trying to access a system you know they don't have authorization will end up submitting guests after guests in the password field, perhaps using a dictionary of common passwords to start off, and then moving beyond that to other guesses should the dictionary fail to score any hits. This is all done automatically. By the way, There are computer programs that are just meant to do this kind of attack. This is not a quick way to gain access to a system, but with a sufficiently powerful computer system behind it, you can get it done. It just takes time. So these protection systems are in place in order to prevent that. Right, the brute force attack would take a lot longer to do because the attacker would regularly get shut out after giving a few incorrect passwords. Another way that you can protect systems is to require two factor authentication. So a password is one factor, it represents something you know. A two factor authentication process would require either that you also submit something that you own, like your phone. So this is like when you try and log into something and a system sends you a text message with an access code that you need to put in an addition to your password, or maybe it requires something that you are like your biometric data like a fingerprint scan, and it's used in connection with the password. These systems also protect against brute force because the attacker needs more than just the password in order to access the system. All right, now we've got all that. Other way we can get to the actual story. Microsoft has a product called Azure Active Directory or Azure a D, and apparently it has neither of those protections in place. It is a single factor authentication system, so you just need a password and you can submit password to your heart's content, and apparently, in at least some versions, the system doesn't log the password attempts, so there's no record kept that someone is trying and failing to submit a password. Now, consider for a moment that Azure Active Directory is a way for corporate users to sign into a corporate account and then connect to all integrated corporate systems and devices. It's a one login solution in other words, so you might use it to log into your corporate email, but then it also logs you into the corporate HR system or maybe like a project management system that all of these different things. Because they have the one login approach, you already have authorization, so you're not frustrated by the fact that you have to authenticate every single time you try to access any company system. It's meant to make things more streamlined. Right, As long as you were able to authenticate that one gateway, you can access everything. So that means that this is a potential huge security vulnerability, right if a hacker targets and Azure ad log in and they have a user name and they're just submitting passwords, and those failed passwords aren't getting logged, So no system administrators are aware of this because there's no you know, notification popping up saying hey, so and so has submitted five seven eighty three incorrect guesses for their password. Maybe you need to look into this. Then you could just keep on attacking until you got a hit and managed to get into the system. If you would like to learn more about what scenarios this would work in and what you need to be on the lookout for, I really recommend reading As Sharma's post on Ours Technica. It is titled new Azure Active Directory password brute forcing flaw has no fix. That headline kind of as it all. All right, We've got some more news stories to cover, but before we get to that, let's take a quick break. If you are in the United States, you might remember that a couple of years ago, the Chinese telecommunications company Huawei fell under a lot of scrutiny here in America, and in part this was because then President Trump had engaged in a trade war with China, and so at least some of that motivation for the pressure on Huawei was political trade pressure, but there was also a growing concern that a Chinese company, one that presumably has important and tight connections with China's communist government, might not be the best fit when it comes to building out telecommunications infrastructure. So, in other words, if you're worried about potential Chinese spies. Maybe it's better not to hire a Chinese communications company to install critical infrastructure components within your own communications network. It's like opening the door for potential spies. In other words, so the US moved to push American communications companies to scuttle Huawei systems and to replace them with other systems. Now, the Federal Communications Commission, or FCC, says it has created a nearly two billion dollar program to reimburse telecom carriers that are going through the process of removing and replacing Huawei network hardware from their systems. These telecom companies are largely in rural areas in the United States, and I'm sure that that relief is a literal relief to them. These are not necessarily your gigantic coast to coast companies. In other words, video game company Activision Blizzard has entered into a settlement agreement with the US Equal Employment Opportunity Commission. This was in response to a lawsuit that the EOC brought against the company following multiple allegations of issues ranging from a hostile work environment to sexual harassment, to pay disparity and discrimination. As part of the settlement, activision. Blizzard will create a fund that will compensate employees who claim damages. So it Plays will submit a claim, it will be evaluated and then determined whether or not that employee merits getting money from this fund, and the total amount in that fund is in the neighborhood of eighteen million dollars. Any unclaimed funds after a certain period of time end up going to nonprofit organizations dedicated to attracting more women to enter into the video game development industry. Bobby Kodik, the CEO of the company, says that he and the executive team are dedicated to putting an end too the toxic work environment, which I really hope is a sincere statement. I mean, the cynical part of me says, well, of course you want to bring an end to that, because it's costing you money. As long as it wasn't costing you money, there was no real incentive. But the hopeful part of me says, we're trying to get better, and people genuinely want to make workplaces a more positive environment. So the optimist will continue to hope and the cynic will continue to mistrust. A researcher at the Ethereum Foundation named Virgil Griffith has pled guilty to charges that he helped the country of North Korea get around US sanctions that aimed to prevent North Korea from using blockchain technology. And that needs some explanation. So, first of all, Ethereum is a type of cryptocurrency, and when we talk about cryptocurrency, a lot of people just think Bitcoin, or maybe if they're in it for the means, they might think dogecoin. Ethereum is another big popular cryptocurrency that is currently trying to switch from a proof of work approach, which is what Bitcoin uses. That's where you're using very fast computers to try and solve a very hard computer problem before anyone else can, and it's the reason why these systems end up consuming so much energy and as a result, contribute to things like carbon emissions and energy spikes and all that kind of stuff. Ethereum is trying to move to a proof of stake approach, which does not require that kind of computational processing power in order to mine new coins. However, it does mean that you have to have a sufficient stake in ethereum in order to earn interest more ethereum. And so some people point out that that approach means that you already have to be wealthy in order to even enjoy that potential payout, so upside and downsides anyway, Like bitcoin, Ethereum uses blockchain to track transactions and to prevent people from spending the same ethereum unit twice. You know, if you have something that's digital, then arguably you could just copy it a billion times, so now instead of having one dollar bill, you have a billion dollar bills. Block Chain prevents that kind of stuff from happening. Well. Back in twenty nineteen, Virgil Griffith attended a blockchain conference in Pyongyang, and the US government alleges that Griffith's presentation at the conference was in effect an instruction manual for how North Korea could make use of blockchain technologies, despite US sanctions meant to prevent that very thing from happening. Griffith was arrested upon returning from the conference, and his trial was set to begin next week, but he decided to plead guilty to the charges, which could mean he could face up to twenty years in prison. We'll have to follow up on this as we learn more. No once we get to sentencing, Tesla has started to open up its full self driving or FSD program to a larger number of Tesla drivers, prompting them with a request feature that appears on the dashboard touchscreen, so you select it and then you can put in your request to be part of the program. So now if you have a Tesla that's capable of supporting FSD, you can ask to have that feature enabled on your Tesla. Except there is a catch. The company will run a safety check on each driver, checking their driving against five criteria to be certain that the drivers are responsible and safe. Those criteria include instances in which the driver prompted a forced autopilot disengagement. So autopilot is a driver assist feature that some Tesla owners have famously abused by treating it more as like a fully autonomous vehicle mode. And this particular feature asks drivers that they keep their hands on the wheel and they maintain their attention on the road, and if a driver does not do this, then the mode is supposed to alert the driver and disengage and thus force the driver to take over manual control of the car. So if that had happened, that would be a strike against you, would that would knock points off your safety score, but other criteria include stuff like how frequently the car had to engage features like a forward collision warning, which might indicate that you're following too closely or not paying enough attention, or how frequently the driver had to use hard breaking. Again, maybe you were traveling too fast or you break too late when you're coming up two stops. So you have to accrue a sufficient safety score before you will be given access to subscribe to FSD, But Tesla is not actually saying what that score threshold is. Only the drivers will be judged out of a total possible one hundred points, and most folks will land somewhere around eighty points. The FSD product requires a monthly subscription of one hundred ninety nine dollars a month, which is a princely sum. Tesla also offered a version where you could just buy it outright for the life of the car for ten thousand dollars. And I've got a lot of thoughts about this, and one of those is that the name of it full self driving is just as misleading as the name autopilot is, because it's really just more features that augment autopilot, so it can do stuff like in at least some cases have a car navigate out of a parking space on its own, so you can have it pull out of a space and then you get into the car. You don't have to squeeze by and that kind of stuff. But it doesn't always work in every situation, and it can also do things like obey traffic signals and stop signs, so it can travel on surface streets in this mode, and not just on highways. It can navigate from one highway to another. But it is not true self driving, or at least it's not truly fully self driving. It can't autonomously operate the car in all situations and scenarios, and many critics, including myself, have argued that the name doesn't reflect what the product actually does. Also, I find it somewhat telling that the company refers to the system as full self driving, but it is requiring drivers who are applying for this to pass a safety test before they get access to the features, because if it were really a full self driving feature, you would want bad drivers to get that, right, I mean, if the vehicle is capable of driving itself, which I argue full self driving at least heavily implies, presumably it will do so safely without the risk of an accident, and it makes more sense to give bad drivers that service and thus remove their human error from the road. But the fact that Tesla requires drivers to meet a minimum safety requirement tells me that that's not really what FSD does, right, Like, if it really did that, then you wouldn't need the safety check. If you need a safety check, you need to make sure that the person who's driving the car is going to be responsible, which tells you that FSD is not really FSD. It's an augmentation system, not a truly autonomous system. And I've got a lot of really critical thoughts about Tesla doing this kind of stuff because I feel that they set an unrealistic expectation in their customer base, and then people have an overreliance on technology that is not able to measure up to what the people are putting it to, Like they're putting way too much responsibility on the tech, and the tech just isn't up to the challenge, and part of that is fueled by the way Tesla markets it's technology. So yeah, I think it's reprehensible. If I'm being you know, blunt, all right, I'm gonna I'm gonna take a break and I'm gonna find a way down off this high horse. But we'll be back with some more news in just a second. Okay, we're back now. By the time you hear this episode, Amazon will have held a hardware event and revealed some new products, potentially a bunch of new ones. The event was invitation only. I did not get an invite. It's hurtful, so I have no idea what it is that they revealed. In fact, as I record this, the event has not yet happened, but it will within like twenty five minutes of me saying the sentence. The Verge has made some guesses as to what could be revealed, so I thought I would share with you what the Verge is guessing, and then you can compare and see if the Verge got it right. And I hope they did because I really, actually, I really like that site a lot. Anyway, the Verge predicts that Amazon will likely have a wall mounted echo device, so you know, another smart speaker screen device that you could actually mount on your wall. They also are predicting that there's probably going to be a sound bar system with Alexa integration in it. I mean We're already seeing sound bars that have Alexa integration incorporated into them, but this would be an official, like Echo soundbar type thing. There's also the possibility that the company will have a dash cam for cars that has Alexa integration built into it. That seems to be, you know, a pretty safe bet. But one thing that the Verge says we probably will not see is more information about a robot that Amazon has had in development for several years. It's a home assistant robot that was called Vesta, but apparently there have been some concerns within the company that there might not be sufficient demand for Vesta and that if Amazon released it as a product, it could just be a total flop, and that they would end up costing the company more because not enough people would buy it. So it's possible that the company is actually backing away from that project. We will have to wait and see what it is, they said, or you won't have to wait and see, because, like I said, by the time you hear this, they've already had that event. Anyway. Amazon is also facing some opposition in the state of California, and it's not the only one. Governor Knewsome signed a bill into law last week that will require companies that employ more than one thousand warehouse workers that they will have to disclose how they judge worker productivity, including how they set productivity quotas. Amazon and other companies that meet that criteria will then have thirty days after the bill becomes an actual law, which will happen on January first, twenty twenty two. At that point, they will have to disclose how they measure productivity and how they collect that information. And this law gives employees the right to sue their employers for unsafe quotas. So if a company is like working people beyond reason, if the quotas are so stringent and so restrictive that people can't you go to the bathroom, or they can't take a reasonable number of breaks, or they run the risk of injuring themselves because they have to work so hard in order to meet very high quotas. Well, now those employees could potentially sue their employers, and the employers would be held accountable for that in a court of law, at least in California. Now it will take quite a bit of effort on the part of workers in this process. It's not like a worker can just step forward and say I don't like working here and I'm going to sue the company. The law will demand that workers who assert that the company they work for has unsafe quotas, they will be required to provide ninety days so three months worth of documentation on productivity quotas that they have to meet in order to be considered you know, successful or failing at their job. In addition, California regulators will also be authorized to investigate work sites that have an injury rate that is one and a half times or greater than the industry average. If you remember from a previous Tech News episode, I talked about how Amazon delivery centers have an unusually high injury rate compared to other Amazon facilities and others within the delivery and warehouse industries. That might be a case where a state regulator would have the authorization to go in and conduct a full investigation to get to the bottom of why is that happening and to hold the company accountable for it down UNDA in Australia, and I apologize for that. I know I can never do an Australian accent. Australian and Scottish are two that I will never ever ever be able to do anyway down in Australia, citizens can rest assured that nature, which as I understand it is eighty percent more deadly in Australia, is prepared to fight the robot uprising. Now I say that because the drone company Wing, which is part of Google's parent company Alphabet, so this is like Google and Weymo, part of the Alphabet family, Wing has put its delivery service, which uses drones to deliver packages, on pause following a few cases of bird attacks on their drones. Google has been conduct tests of home delivery via drone in Canberra, Australia, which has been particularly useful during the pandemic where a lot of Australia is on lockdown and there are very stiff restrictions on when, if at all, people are allowed to leave their homes. But ravens have taken to attacking the drones, presumably out of concern that the drones are a predator. It is nesting season and so there's a fear from these ravens apparently that the drones are predators. Not predator drones, those are different. That's kind of a pun. So the ravens are just sort of protecting their nests. In other words, at least one of the attacks has downed a drone. So I'm very glad to hear this news because I would worry that the drones could potentially cause harm to the birds. And obviously I also worry that the birds could cause some packages to go undelivered, and if those packages are like critical, like maybe it's medication or something, that could be a really bad thing. And also, I bet it's weird to fill out a port saying you never got your package because birds were roughing up the delivery person. Anyway, Wing is studying ways to work around this issue, including learning more about bird behavior and any measures that the company could take to make certain their drones cause no environmental harm. And finally, on Monday, TikTok said it had passed the one billion monthly user mark that would be active users. The installed base is actually quite a bit larger than that. Of course, some people have TikTok installed on more than one of their own devices, so it's not apples to apples thing. TikTok launched in August twenty eighteen, so it took a little more than three years to reach one billion monthly users. Let's Compare that to Facebook, the king of social network platforms, reached one billion users eight years after the company launched. TikTok did it in less than half that time. TikTok is really a true beast of a player in the social networking space. Its parent company byte Dance reported it's revenue doubled in size from twenty nineteen to twenty twenty thanks largely to TikTok. Now I'm behind the times on TikTok. I am thankful that the app reminded me of that great Mika song Grace Kelly. You know, it's the one where everyone's going to I could be Brown, I could be blue, I could be Violet Sky. Great song, great album. Actually went out and bought that album on vinyl after being reminded of that song that I hadn't thought about in years. So thank you TikTok. I appreciate it. As for myself, I have only ever done one TikTok video. It is terrible. That's all I have to say about that. But you know, I'm also old, so there are other old people who are way better at TikTok than I am. I just don't think I'm ever gonna get there. Maybe I'll give it another try at some point. Anyway, that's it. That's the tech news that I have for you on Tuesday, September twenty eight, twenty twenty one. I hope you are all well. If you have anything you would like to share with me, maybe a topic you would like me to cover on tech Stuff, then reach out to me on Twitter. The handle for the show is tech stuff HSW and I'll talk to you again and really soon. Tech Stuff is an iHeartRadio production. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever you listen to your favorite shows