 Kai up on DTNS. Amazon wants to make non-Amazon stores cashier-less, early signs of device shortages from COVID-19 effects, and best practices for staying secure if you have to work from home. This is the Daily Tech News for Monday, March 9th, 2020 in Los Angeles, I'm Tom Merritt. And from Studio Redwood, I'm Sarah Lane. From Oakland, California, I'm Justin Robert Young. And I'm Roger Chang, the show's producer. We were just talking about Saturday Night Live. We were talking about what's been going on in the wider world out there. Stock markets and otherwise. If you want that wider conversation, you got to get good day internet. Become a member at patreon.com slash DTNS. Let's start with a few tech things you should know. Norway's Civil Aviation Authority published a report calling for all civil domestic aviation in the country to be electric by 2040. The report sets a goal of completing its first fully electric domestic flight by 2030, and hopes to cut greenhouse gas emission in the industry by 80% compared to 2020 levels. The only known surviving Nintendo PlayStation prototype console sold at auction for $360,000 to Greg Macklemore, founder of pets.com and toys.com. Macklemore says he plans on using the console to create a permanent gaming museum. That's kind of a rich way of a Macklemore popping some tags. I thought the same thing. I'm glad you did. That's why we're friends. Well, that's hot. Facebook announced it temporarily banned all ads in marketplace listings that list surgical face masks for sale and eBay notified sellers that it was banning new listings in the US for hand sanitizer, disinfecting wipes and surgical masks. Both those policies are meant to prevent price gouging. SoulCycle released details of an at home version of its cycling class. This is pretty similar to what Peloton already offers. SoulCycle's bike comes with a 21.5 inch HD screen. It can support riders up to 350 pounds. The riders being 350 pounds. The bike cost $2,500 including installation and cleats although not shoes, just the cleats. Buyers have to commit to a one year subscription to classes from SoulCycle's parent Equinox Group which in addition to the SoulCycle classes also includes running and yoga and more. And this is not at all coincidental timing, I'm sure. Nine to five Mac reports code in iPadOS 14 references new mouse cursors implying that there might be more mainstream support for mouse on iPad, not just the accessibility support. The build also references two new smart keyboard models as well. All right, let's talk about those cashierless stores, Justin. Yeah, buddy. Amazon told Reuters it will begin selling its technology behind cashierless stores and other retailers as a new line of business. Amazon calls the just walkout technology with several customers, apparently airport stores among them have already signed up. Amazon will publish a website on March 9th to let other retailers inquire about the service according to Amazon VP of physical retail, Dilip Kumar. The implementation will let customers insert a credit card at a turnstile before entering the store which will then be charged with all of the items that the customer leaves with. Amazon will install the technology for the system only the turnstiles will have just walkout technology by Amazon on them, so you know who made it. Yeah, so they're not trying to rebrand the stores what that's about. They're like, yeah, we want a little logo on the turnstile so you know who made that, but the rest of the store can still say Hugo Boss at LAX or whatever. This is interesting because this is what Amazon does, right? They've done it to great success with AWS. They're also doing it with their warehouse automation. That may be lesser known out there, but they are taking, they take the technology that they make for themselves and then they turn it into a business. In fact, in this case, Amazon's cashierless stores are barely out of the prototype stage, right? The Amazon Go stores aren't everywhere. They're not even a success, but they've shown that the technology works. So I think they're jumping right over to saying like, look, we might make some amount of money at physical locations on our own, but the big money will be on selling this technology to existing retail outlets. Yeah, although I am slightly surprised that they have not decided to roll them out wider at let's say Whole Foods, which is owned by Amazon. They haven't done it in other retail plays that they have an involvement at before doing this, but you're right. This is a very Amazon, Amazonian move to look at it and say, hey, what's actually making money at these Go stores? I think Amazon rolling this out at something like Whole Foods is more dangerous. This is a way for Amazon to be like, does this work? Let's open a store. Okay, people seem to be able to understand how it works. Let's open a larger grocery store. Let's think about places where time is of the essence more than ever at an airport, for example, perfect situation. I don't remember what airport it was. It was, I think it was Houston, because Houston is like a futuristic airport these days, at least the United Terminal is. And there was, I was getting a bottle of water or something, kind of a grocery kiosk. It wasn't even really a place. And kind of looking around for the cashier and we realized, oh, it's like a self-pay kind of thing. And I kind of look and I see the security camera, so I'm like, okay, well, you can't just walk away with this stuff. But it was sort of halfway there and it was super convenient. So yeah, I can see situations where Amazon is like, okay, this doesn't have to always be us, but there are going to be retailers that can really benefit from this. Yeah, the Amazon's like, we don't want to have to operate on an entire retail operation just to make use of this technology. Let's monetize it by selling it to other people. There are a couple other systems out there, like you mentioned, Grabango and iFi, AIFI that are the self-checkout. But Amazon's is the most advanced. It works in the real world. I'll be interested to see who wants to partner up. I think the technology itself won't be the problem. It will be, how much do we have to give control to Amazon of the data? Because everybody knows, at least in the United States, that their grocery store wants their data. They want you to sign up for that card, that loyalty card. And Amazon has said, look, all you need is a credit card to get in and out of these stores. We're just providing the technology. The relationship with the customer is between the store and the customer. But I imagine a lot of companies will be skeptical on that point and want to make really, really sure of that before they come on board. Apple is starting to feel the impact of COVID-19 on its supply chain and shipments. Last week, we discussed the replacement iPhones and components were in short supply. That was a Bloomberg report. Now the New York Post reports that, according to employees at AT&T and Verizon, stores in New York City are experiencing iPhone 11 and 11 Pro shortages. Apparently it kind of varies by store, but it does look like there are shortages in the city. In China, Apple has seen iPhone shipment shrink with government data showing Apple shipped 494,000 devices in February. That's down from 1.27 million the February a year ago and roughly 2 million a month ago. Overall, the Chinese Academy of Information and Communications Technology Mobile Device Sales were down 54.7% in February in China to 6.34 million. The analysts IDC and panelists have both estimated that overall smart phone shipments will drop 40% in Q1. Yeah, what I always look for here is not fears, not estimates, but real life problems, getting stuff. And when I looked up the Apple stock of the iPhone 11 Pro base model in New York, I was surprised to see half the stores didn't have it, but half the stores did. It felt like it was close to launch day, right? It felt like what you see when an iPhone is less than a week old and it's like, nah, not all the stores have them, but if I go to this one, I can. One would assume this far away from launch, you wouldn't be seeing that. So I'm guessing that it does have to do with a reduced number of units coming into the country. Look, we have a major supply chain issue and this was clear to anybody that was watching this months ago and now we are starting to see some of that poison fruit be bared. China is the economic engine of the world and it appears that they have taken a sick day and we don't know exactly how long that is going to last. I would expect a lot more stories like this in the next month and a half. Now on the upside, this is not really an upside, but the other thing to consider is that the manufacturing is ramping back up and the demand in China has gone down. So I don't know what impact that has on the supply chain. In fact, Big Jim, I know you're listening. Let us know what the consensus is on where the real pain points are because there are some self balancing mechanisms in there that could help make it not as bad as it seems, but I think it's significant that we're starting to see the first glimmers of actual real world effect of what we all expected would be coming. China's Hanvan announced it developed a facial recognition system that works even if individuals are wearing masks. A lot of people in China right now wearing the surgical mask even if they don't necessarily help prevent the spread of the virus. It's just something that's happening and development started in January on this kind of system in response to that, trained on a data set of 6 million unmasked faces with a smaller masked data set. Vice President Wang Lei claimed the system can achieve a recognition rate of 95% on masked individuals. Compare that to 99.5% on the unmasked. That's quite a significant difference. The system struggles to identify people wearing both a mask and sunglasses. It does a lot better if it's just the mask. The company has more than 200 clients in Beijing, including China's Ministry of Public Security. And so yes, facial recognition, yes, China, lots of reasons if you wanna just throw your hands up and freak out here. But interesting to see the ability to create facial recognition from a more limited view of the face, which under the right settings could be a huge advance. Yeah, hopefully this is something that continues to grow. If there is some ingenuity that comes out of this fiasco, then that would be a bonus. I mean, if someone's wearing a mask and it's the sort of typical mask that's the lower two thirds of your face, right? So your eyes are still exposed. I wonder, and this is me going super sci-fi into the future, does this turn into something where if you're wearing dark glasses and also a mask, that's going to be a problem? Now, of course, this is not an issue right now. But the cool thing about this is, okay, well, whether or not you think that this is a good idea for privacy and security of the human race, the technology itself is very cool. Okay, most of your face is obfuscated, but we can still tell who somebody is by their eyes. It's not necessarily great for overall surveillance, but it is still cool technology. Yeah, I mean, if you wanted some non-nefarious uses, because the mind always jumps to the nefarious ones first, but think about when you got the gloves that allowed you to use your touchscreen devices without taking off the gloves and you're like, oh, thank goodness. Like imagine people who have to wear masks in construction situations, surgical situations, and need facial recognition for logging in, let's say, a second factor, or even facial recognition from some assistive AI that's helping them with their job in an augmented reality type of situation. You don't want to have to take off your mask, in fact, in a surgical situation, it might be inadvisable to take off the mask, and those kinds of technologies could still work in those situations because of this. I think we are living in a world now where not having to touch things is very treasured. Having more people can unlock any device or interact with any device, pass a security check with just a glance is a worthwhile achievement. Stop touching your face. Stop touching. A new paper from security researcher at Graz University of Technology in Austria claims that all AMD processors made from 2011 to 2019 are vulnerable to a side channel attack that could leak otherwise protected information. The researchers, reverse engineers, AMD's L1D cache way predictor resulting in two types of attacks, a collide plus probe, which can monitor the victim's memory access on a time shared logical core, and load plus reload, which can obtain highly accurate memory access traces on a physical core. The researchers were able to run the exploit in JavaScript, run on Chrome and Firefox browsers and gain access to the AES encryption keys, compared to similar architectural vulnerabilities like Spectre and Meltdown. The ones disclosed only leak a few bits of metadata rather than provide full access. The researchers notified AMD of their findings on August 23rd, 2019, and AMD said it believed that these were not new speculation-based attacks, end quote, and the issue was covered by the existing side channel attack mitigations. The researchers, on the other hand, don't agree. Yeah, in the security community it's less common for the companies may not begrudgingly admit of a vulnerability sometimes, but they rarely disagree like this outright, especially a company like AMD. So there must be some legitimate grounds for difference on the interpretation here, and I'm curious to find out what those are. But as for now, this is probably mostly a problem for people who run data centers and clouds. This is not gonna be a problem on your AMD device, it's a very sophisticated attack. It is disturbing that the researchers were able to get it to run with JavaScript, which means it could be run in the wild, but still not exfiltrating a ton of data here, and it would probably be only worth it if you're going after a very highly valued prize. So if you're working in an extremely valuable or sensitive situation or you're running a data center, would be the biggest targets for this, but a story to keep looking for more information on because if the researchers are right, then AMD needs to fix this. If AMD's right, then it's probably just one of those side channel attacks that's taking advantage of that way of doing predictive processing, which is on the outs. I mean, Intel's been dealing with these for years now, and AMD is no stranger to them either. The South China Morning Post reports that the University of Science and Technology of China and the China Earthquake Administration are testing an earthquake detection system. It's described generically as using AI, not a whole lot of detail about how, but the system is designed to process huge amounts of seismic data to provide a prediction within two seconds based on established source parameters. So existing systems use human researchers to manually calculate certain earthquake parameters like the epicenter, the magnitude, the time, the depth based on seismic wave signals. The new system has already shown superior accuracy in 446 earthquake assessment results and is currently in the middle of a one-year trial in the Yunnan and Sichuan provinces in Southwest China. I mean, two seconds isn't a lot. It's not something you can really prepare for, but it is building on these alert systems when we have them in California, which try to tell you, yes, an earthquake is happening, particularly good for dealing with aftershocks at the moment. Yes, two seconds is a lot for the initial, but once you know that's coming, you are getting more advanced notice of potential aftershocks that might become if you know what the magnitude's gonna be. Yeah, I mean, look, literally every second counts. So even if it's not a tremendous tick forward, it does provide a better world for us to know these things as they're coming, but you're right, look, I mean, otherwise the best way that we know that an earthquake happened is earthquake Twitter. Yes, this is now three seconds faster than earthquake Twitter. Yeah, and there's some automated systems that could use this if it's accurate enough for some mitigations in a power plant or something to go in place automatically. There are applications to this. This is all from a test in China. We still need to see some replication of this elsewhere, but it's promising. I would also like to add to the AMD story. I was remiss in not adding this before we moved on earlier. Those researchers from Gross University of Technology do receive part of their funding from Intel. A lot of people are making a big deal out of that. They have previously identified vulnerabilities in Intel chips despite that. So your mileage may vary on what you make of that, but it doesn't seem like the researchers are in the pay of Intel to say bad things about AMD. They've certainly said some things that were not convenient for Intel in the past too. Hey folks, if you wanna get all the tech headlines each day in about five minutes, be sure to subscribe to dailytechheadlines.com. I'm worse, Joseph Keller has a good article on securing devices when working from home. A lot more people are having to work from home because of the virus situation. Imagine a lot of you already follow good security policies anyway, but with more people working from home right now, it seemed like a good time to refresh everyone's memory about some of the best practices. Maybe even if you knew they were right, remind you like, oh yeah, I need to turn on two factor authentication on that one thing. And you can pass this episode along to others, snip out this part if you want and say, hey, this is some important stuff to realize if you're working from home. First of all, off the top, follow your employment policy. A lot of companies will have equipment and software and policies in place to keep you safe while you're working from home. So follow those, use your work devices. If you can just stick to the work devices, it's a lot easier to stay secure if you have a good IT department, and don't let people borrow your work devices. That's the sure way to introduce some kind of vulnerabilities to hand it to somebody who doesn't work for your company. So a lot of these other things have to do with like, well, if your company doesn't already do this or if you're working on your own machine, and the first one is passwords. All your devices should have them. When I say devices, I mean your laptop, your phone. If you don't have a password set up, most of them will make you set them up this time, but make sure you have ideally an alphanumeric code at the very least six digits and use password managers for your accounts. So those passwords can be long and complex. If you don't want to use a password manager, you probably have your own system, but for most people, a password manager is the best way to make sure that they have long secure passwords for their accounts and encrypt, if for some reason you don't have a drive encrypted, do that. Also encrypt data in your emails if you're sending an attachment, encrypt that file before you send it in a way, of course, that the person on the other end can decrypt it and add two-factor authentication to anything you consider at all important. But basically if the company offers two-factor authentication, use it and check because more companies are adding two-factor authentication all the time. Ideally, you're gonna use a key that you put in the USB port, something like ones from Yuba key. Secondarily, if you can't do that, an app like Authy, which can securely sync across devices so you don't get locked out or at the very least, if it's all a service offers, SMS, but even an SMS second factor is more secure than just a password. You guys all follow all of these, right? I do and it's funny because I'm not using any work, I mean, everything that I use at home is currently all mine. Yeah, it's my work computers that I purchased myself, they don't belong to anybody else. Every so often, lazy Sarah will be like, why do I even have a password on this? I'm the only one that uses it and it never leaves the house. And then I go, stop that, stupid Sarah. And the little devil on my shoulder goes away. But yes, these all make complete sense to me. Encrypting drives I think is a really good reminder as well because some folks haven't really thought about that or it's something that IT admin either would have done or not done. But when you're working from home it's a whole different ball game. Let me also just do my PSA that I stayed away from password managers for a while because they were cumbersome and annoying and copying and pasting things was very frustrating to me. In a world where the iPhone, where iOS now does such deep in operating system, checks for last pass and various other password managers and you can unlock it just by looking at the screen. You don't have to type anything. You don't have to put your fingerprint down anytime. It is a totally different game changing world. I would highly recommend if you are like me and you're like, man, that's why I don't have a password manager because I'm lazy and stupid. Trust me, the better world awaits if you have a phone like this, there's no excuse these days between browser extensions and being able to unlock with your face that you shouldn't have this extra layer of security. Yeah, and same goes for Android. I know Justin just said iOS, but the same goes for Android. The integration is really, really good. Also, make sure you've got a secure browser, Firefox and Safari, prioritize security and privacy. Chrome prioritizes preventing you from doing something dumb. It doesn't get as highly rated at securing your privacy. It does an okay job at that, but make sure that you're using the browser that fits your security profile the best. And browser extensions, before you start working on any sensitive work matter, if you haven't done this already, strip down your extensions, get rid of all your extensions, except the ones that you absolutely need are certain you can trust or actually protect your security. I don't run a lot of extensions in either of my, well, I have like six browsers, but in any of my browsers, because the only ones I want to run are ones that are going to increase my security and extensions too often, even unintentionally, are security holes. So be really strict with the extensions you run. And consider a virtual private network. This hides your IP address, protects you from having people sniffing your traffic. It may not be entirely necessary at home unless you share your network with people you don't trust, but some workplaces require you to use VPN even on your home network. Working from home sometimes means heading to the coffee shop and using their Wi-Fi. And you should definitely use a VPN there unless you're gonna tether your phone to your own phone or tether your connection to your own phone or use a personal hotspot. Those are even better than VPN in a coffee shop situation. Ideally, you've got a VPN from your workplace, but if you don't use one, pay for one, don't get a free one, and pay for one that has a strict no logging policy. I use ExpressVPN. It's one of the highest rated for security. NordVPN is another good one. There's a bunch of good ones out there. Another alternative is an encrypted remote connection into a remote desktop. If you're comfortable with that, that's a really good way to go. And don't take Wi-Fi from your neighbor. I know one of you out there does this. You don't know what they might take as a result or at least use a VPN, but really don't steal the Wi-Fi from your neighbor. And use charge only cables. If you're out at that coffee shop and you wanna plug in your phone to the USB charger that they provide you for free, you don't know what's been done to that. So make sure you get a cable that doesn't carry data if you wanna charge your phone on those. Here's another PSA. The plans for charging or connecting your phone for data have at least on AT&T relaxed over the past few years. When I am on the road, I almost exclusively use my 5G hotspot off the phone to do my laptop for all the PX3 stuff. For uploading and downloading audio, it is, they throttle it at a certain point, but man, it is easier to do now and it's cheaper to do now than it has been in a few years. So I would personally recommend that. And then a few obvious ones that you're like, yeah, I know, but just in case, just for completeness, we're gonna mention them. Lock your doors. If you've got your valuable work devices at home, don't leave the doors to your house unlocked. You may think, well, that's silly, but just be extra sure. Don't leave devices in your car. Even if you're just gonna run in for a second, don't do it. Turn on the find my device feature in whatever devices have that kind of feature. Don't use thumb drives that you don't know where they've been. Even if they've been in a sales person's hand, don't plug in a thumb drive in anything unless you're certain it has nothing on it. And good old fashioned, keep your software up to date. It's always gonna help. Yeah, I mean, sure, that stuff is obvious. Lock your doors. Hey, I live on a property where it's kind of gated and off the beaten path, but still, I have to be like, don't even, not even for a minute, not even for that short walk, lock everything up, lock your car. I also, I was mentioning before the show, I'm doing this whole kind of like deep clean of my office boxes and various cables, even though I just moved, I still have way too much of that stuff. You know how many thumb drives I found? Over the course of the weekend. And it's like, I remember having this. I wonder what's on it. And I'm like, I'm not even, it's too late. It's too late, I don't care. I don't need whatever's on there because this is a box I haven't opened in 10 years. And so yeah, that kind of stuff is, it's easy to dismiss as almost too obvious, but it is important. Totally agreed. Well, good. We are in accord. Stay safe, buddy. If you'd like to talk about USB keys and all sorts of other things, join in our conversation in our Discord, which you can join by linking to a Patreon account at patreon.com slash DTNS. Yeah, there's some people sharing good tips in there right now. Shout out to patrons at our master and our grandmaster levels, including Michael Aikens, Chris Allen, and Degrasia A. Daniels. Also thanks to Justin Robert Young, joining us on a Monday. What's up is down. What's right is wrong. What's wrong is right, I suppose. Justin, what's going on with you this week? If this is wrong, I don't want to be right. Well, not only will we have obviously all the results of the big primary day tomorrow, but also if you are a fan of my politics, politics, politics podcast, then you're gonna get some live content from my home state of Florida flying back there for what may be a pivotal, pivotal primary the next Tuesday. Yeah, I went to get the RSS feed from the Patreon to get the extra episodes, which I'd been missing. I'd only been getting the public feed. Only horror to find out that we had not backed politics, politics, politics. I fixed that right away. And now I'm getting those extra episodes and I have to say pretty good stuff. I'm glad I did it. Go check it out, folks. Take politicsseriously.com. Also, don't forget, we have new Patreon reward merchandise and it's shipping out. We already saw pictures of people who got their DTNS six-year anniversary sticker on Twitter. So they are arriving. Look for it if you've been backing us for three months. And if you're like, wait, how do I get that? I want that Len Peralta art. Well, go to patreon.com slash DTNS slash merch to find out. Our email address is feedback at dailytechnewshow.com and we love your feedback, so keep it coming. We're also live Monday through Friday at 4 30 p.m. Eastern 2030 UTC. And you can find out more at dailytechnewshow.com slash live. Back tomorrow with Patrick Beja. Talk to you then. This show is part of the Frog Pants Network. Get more at frogpants.com. Diamond Club hopes you have enjoyed this program.