 Coming up on D T N S Toyota wants to charge you a subscription for your car key. What actually happened with the AWS outage last week and why takedown notices are now causing problems with vintage clothing sellers. This is the Daily Tech News for Monday, December 13th, Monday, the 13th, 2021 in Los Angeles. I'm Tom Merritt. I'm lovely Cleveland, Ohio. I'm rich, Truffalino. I'm Roger Chang, the show's producer joining us from in gadget senior editor Nicole Lee. Welcome back. Hello, I am here from Chile, San Francisco. It's good to have you here. We were just talking about brachyated species and other things on our longer version of the show. Often we we dive into ancillary topics, deeper dives into the current topics. It's called Good Day Internet available at patreon.com slash D T N S. Big thanks to our top patrons who make that possible, including Kevin, Paul Teeson and Ali Sanjabi. Let's start with a few tech things you should know. Shannon Morris explained the log for shell vulnerability for us on the show on Friday. We got a few updates since then. Researchers at Cisco and Cloudflare report the first attacks were actually observed back on December 1st, though mass exploitation wasn't seen until the vulnerability was publicly disclosed last week. So it's been out there. Log for Shell has so far been used by crypto mining and DDoS botnets as well as to deploy cobalt strike backdoors and Kronos, one of the largest payroll providers in the world, has experienced an outage. It says it's due to ransomware, but it has also posted a banner on its site discussing log for Shell, though the company is not clarified if those two are in any way related. Log for Shell has been patched. So patch, patch, patch server admins and we thank you for your service. Sony acquired the developer Valkyrie Entertainment, a studio that's worked on games like God of War, Halo Infinite and Valorant. This is Sony's fifth studio acquisition in the past 12 months. For comparison, if that seems like a lot, the company acquired just two studios between 2010 and 2020. A new US executive order directs 17 government agencies to modernize the way critical services are delivered to people in the United States, including bringing more services online. That order focuses on agencies that have the most interaction with individuals, outlining 30 updates to make, including things like online passport renewal for disaster victims, submitting photos of property damaged by mobile phone. The order provides no new funding. The agencies are expected to use existing technical resources and the White House's United States Digital Service in order to meet the new requirements. The UK's Competition and Market Authority will investigate Microsoft's plan, 16 billion dollar acquisition of the AI and speech technology company Nuance to determine if the deal will lessen the competition in the UK. Microsoft has received regulatory approval on the deal in the US and Australia. And Apple released Tracker Detect for Android. This will flag any nearby air tags or find my compatible trackers that have been separated from their owner and label them an unknown air tag. If the air tag follows you for 10 minutes, you can then use the app to make it play a sound so you can find it and learn how to disable it once you locate it. You don't need an Apple account to use this app. This is used to keep people from unknowingly putting trackers on you. All right, let's talk about Toyota. Toyota confirmed a report from the drive that if a 2018 or later Toyota vehicle is equipped with the company's remote connect functions, it must be enrolled in a valid subscription service from Toyota in order to use the remote vehicle start option on the key fob. Now, this is not like your app where it has to use the internet. This is a standard proximity based RF radio frequency remote start system. In other words, the internet isn't involved. It's sending the signal from the fob to the car, except now the internet is involved because the car will have to check if you have a valid subscription before it honors that radio frequency and starts the car. New Toyota models come with a free trial of remote connect features. So a lot of people won't notice this. That free trial usually includes emergency assistance, hotspot connectivity, app-based services for remote vehicle unlocking and starting. And some models have longer trials than other. If you have an audio package, it might be three years, could be up to 10 years. Depends on the car, depends on the package. After trials are over, however long they are, remote connect will cost you eight bucks a month or $80 a year. Now, one hopeful note about this is 3G service is being wound down. And Toyota announced that it will not require a subscription for the key fob's remote start function in vehicles built before November 12, 2018. Those cars have no LTE service, just 3G or older. And Toyota has no plans to offer upgrades to them. They are upgrading some cars to LTE or 5G, but not those. So they won't cut off the ability to do the RF remote. But man, this is just annoying. Isn't it, Nicole? Like a company that's taking something that doesn't need the internet and saying, oh, but we're going to disable it because it's now part of our internet connected system. You know what it reminds me of? It reminds me of buying one of those Fitbit watches that has all the features in it, but you have to subscribe to the Fitbit service in order to have the full functionality of the Fitbit. It's kind of like that, right? You buy this car, you have all the features. Accepted in about a year, you know, trial run out and you might not get like some features, you know? It's kind of exactly like, you know, like a Fitbit or like one of those, like a computer on appliance you buy that free trial for a year. And then afterwards, it'll upsell you. That's just ridiculous. Well, it's even more ridiculous given the extended like life that these cars have, because really where this is going to bite people that you're not going to realize. I mean, we didn't know about this or wasn't reported on for three, four years now, because or three years, I guess now, because they're all within these free trial periods, seemingly at this point. But where it comes in as the used car market, you know, if you buy that, you have that 10 year, you know, free trial, quote, unquote, and then all of a sudden you have a 10 year old car, you know, it reminds that reminds me of kind of the used game market where, you know, you buy the new game and it came with all the codes for all the DLC, you know, the free DLC, but then if you buy that game used, you know, then you have to pay to actually unlock all of like the what should be like the core functionality of that game, just on a larger scale, not, you know, eight bucks a month for emergency services and like a bundle of things like is that gouging? I don't think that's terrible, but to include remote starting, it seems, it just seems silly given that there seems to be seemingly a lot of value for a car owner should just use that anyway. And seemingly third, I would imagine there's some way to defeat this third party. I would imagine. Yeah, you might be able to work around it somehow with a little hack and void your warranty, etc. But, you know, like like enabling that disabled cell in your chip that they disabled and want you to unlock. I I think as someone who has never had a key that could remotely start my car, I I've only ever owned cars that I I like a caveman have to stick the thing in a slot and turn it. I can't even just leave it in the car. I look at this and I'm like, you know, this is 70% agree being greedy and 30% stopping confusion because we, the listeners and perpetrators of DTS understand the difference between the RF start and the app start. But a lot of people would wonder like, well, why can I remote started with the key fob, but not with the app? That doesn't make any sense. This actually saves the money on support with people calling in with that question to say like remote start, no matter how you do it, that's part of the package. I kind of get that. On the other hand, it is RF. Like there really isn't any like mechanical basis for this. Come on. Yeah, I wonder if the driver and other publication is going to look into other automakers because I feel like I mean the automakers like they all know what each other do it, right? Like if there's if there's a revenue stream to be had that's recurring in this in this article, they talk about other attempts to try to like force things into subscription. They always fail because they get bad press and everybody shines a light on them, etc. So I don't know. I'm guessing that might happen here. We'll see. All right. Well, it was a good weekend for companies to thumb their noses at the death of Moore's law, Gordon Moore's prediction that the number of transistors on an integrated circuit would double about every two years. It's been assumed that since he made that prediction way back in 1965 that it would not hold up forever, but companies keep finding ways to meet it, even if not quite literally at least spiritual, I guess, with a doubling of processing power. At the IEEE International Electron Devices Meeting, kudos on the naming folks. Intel showed work on how it's going to continue Moore's law post 2025. This includes using a hybrid bonding interconnect to provide up to 10x interconnect density improvements for 3D stacked chips, as well as improved stacking of multiple transistors to achieve 30 to 50 percent more logical scaling of transistors per square millimeter. This is all part of their previously announced Fovio's direct production approach, which uses sub 10 micron bump pitches for 3D stacking of chips. And this is something Intel has been doing for a while now. It's kind of their roadmap for like, Hey, here's how we're going to build density. We're going to stack these guys not to be left out at some at the same event. IBM and Samsung have built a new design for vertical transport field effect transistors or VTFET, which opens the door for stacking transistors vertically on a chip rather than laying the transistors flat on a silicone surface. So they guess they would be standing on their ends. This design would bypass many of the performance limitations to extend Moore's law beyond IBM's current technological roadmap and would lead to less wasted energy. The companies claim VTFET would allow for processors that are twice as fast or use 85 percent less power than FinFET transistors, which are basically what we're using now. It's not clear, however, when IBM or Samsung will commercialize the design. So this is, you know, this is the proof of concept before we're coming in. But Roger, you know, kind of before the show, we were talking a little bit about this and kind of how this all fits into, you know, how we keep adding density and performance to these chips, even as we're getting down to close to one nanometer. Yeah, I mean, what's fascinating is they're taking, you know, the outlook is the same as a property developer. At some point, you run out of space or inexpensive space that you can buy to expand your shopping mall or your apartment complex. And the only way to build is up, and this is essentially what they're doing, is that at some point you scale out of building in a two-dimensional plane and you need to start stacking things upwards. And what's fascinating about Intel's work with hybrid bonding is that they're already at the limit with the micron bump pitches, which is also known as solder balls. If you ever see a chip and they have the little solder balls when they put them, that's how they interconnect various layers. But as you get smaller and smaller transistors, the density, there isn't enough density there for you to accomplish the stacking. And so that's where the hybrid bonding comes in, where it's a different technique, where you essentially use a metal within the dielectric insulator and you put a stack on top of each other, use some heat, certain metals will shrink and they will bond and connect, allowing you that improvement. And then with IBM and Samsung, the vertical transport field effector transistor is just a part of a long, proud storied lineage of everyone trying to figure out new ways to build transistors, they get maximizes the amount of efficiency you can get for the given space. Yeah, man. I remember reading about three-dimensional, oh, sorry, sorry, Rich, just real quickly, I remember reading about three dimensional advantages to chips in Scientific America like 20 years ago. So it's really cool to see it like finally coming into its own and becoming like a very common thing with tangible benefits. And I mean, really, there's a lot of it. Oh, sorry, go ahead. Obviously, there's a lot of incentive for these companies to keep adding performance at this point. It should be noted, though, that, you know, what kind of question on this IBM and Samsung are not saying that these kind of designs are designed to scale down past or to the one nanometer level. That's kind of that's kind of one of the next, you know, places where we're thinking there is going to be some very physical limitations about what we can do when it comes to processor design. So they're not saying this is a solve for that necessarily. There's always going to be these kind of jumps and like you said, at least in terms of doubling processor performance, these companies have a lot of incentive to figure out how to do that. And it's not going to stop any time soon. And I'll add one quick note real quick is that we're at a precipice of an entirely new generation of manufacturing chip fagging technology, chip fagging technology. Any company or group of companies can get on that first will be in the clearly a good lead. Nicole, did you get affected by that AWS outage last Tuesday? Yes. I think we all did. Like like all of us who did, a lot of us have wondered like, so how does that even happen? Well, Amazon posted some details on what caused the outage. Here's what they say happened. Basically, it was one tiny little part of the system meant to stop outages that did something that nobody thought it would. AWS runs an internal network that is separate from the main AWS network precisely to avoid certain kinds of outages. So all the cloud services that have your data and such, that happens in the main network. That's where you think the threat is probably going to come from. There's a separate internal network that handles things like monitoring, internal DNS, authorization, etc. That way, if something bad does happen out there on the dirty public cloud, it doesn't affect these essential services. That's smart. This network uses multiple geographically isolated networking devices again. So if one goes down, it doesn't take them all down. But this internal network does need to talk to the main network because it's doing these functions that the main network needs to run. So to make sure the internal network doesn't get swamped by a bunch of traffic from the main network, there is a system to scale capacity up when it's needed. Things like additional routing or network address translation, stuff like that. To make that efficient, there's an automated system that can do the scaling. And yes, that is where the problem started. At 7 30 a.m. Pacific December 7th, the automatic scaling exhibited quote unexpected behavior, which they have a detailed exactly from inside the internal network. Basically, it started DDoSing itself from being able to connect to the main AWS network. And of course, when delays happen, what happens to the devices that can't get in? They keep sending the request, which causes more traffic, which increases delays and so on. This happened on the eternal network, which contains the monitoring tools, remember, so that the monitoring tools don't get cut off by a surge of traffic on the main network, except the surge was coming from the internal network, which made the monitoring tools unavailable. So you couldn't use the monitoring tools to tell where the problem was. That meant the admins had to go look at logs, which was slower and didn't give them as much information. And what they could tell initially from the logs was that there were internal DNS errors. So about two hours after the problem started, they tweaked things to reduce the DNS traffic on the internal network. And that helped a lot. Some AWS stuff started to come back on the web, but that's why you saw it kind of intermittent. Some stuff would start working and others didn't, because it didn't solve all the problems and monitoring, crucially, was still swamped. So it was slow going on trying to figure out what the rest of the problems were. The solution ended up being to identify the top sources of all the rest of the traffic on that internal network and then disable some of the heavy network traffic services while adding capacity. Now, they couldn't do that fast, because, first of all, they couldn't use the monitoring tool to help quickly identify where the problems were. But also, the deployment systems for doing all of that are in the internal network. And of course, they were running slow because, you know, they're inside the swamped internal network. They also moved very carefully doing all of this because they wanted to make sure that they kept what was working working. They didn't want to make the problem worse. So they moved slowly, got everything back to normal by 2.22 p.m. Pacific, just less than seven hours from the advent of the problem. So you may ask, well, why didn't they have a system to back off when the traffic started flooding? Something automatically reduced those network requests. They did, but it didn't work as well as it should have because of the previously unobserved behavior. In other words, something happened that nobody predicted. But now that they know it can happen, they have a fix for it and they've added some additional smarts into the network devices to help them identify congestion themselves. AWS has also stopped the automatic scaling for now. They think the systems adequately scaled at the moment and will be so long enough for them to fix the scaling system. In summary, the best laid schemes of mice and men getting off to glee, as Robert Burns wrote, you can't predict everything and when you're running at the scale of AWS almost half the internet running on you, it's stunning that this doesn't happen more often. Does that make you feel any better, Nicole? You know, it's no. I mean, it's good that it's good that they had, I guess, the internal processes, but the fact that that was the one that was the problem and I it's it's just they couldn't have known, right? I mean, I guess we don't know the details, but I know that can happen. We're like, man, I never expected it to do that. That's weird. Well, and having this like separate, you know, having this whole separate control network or, you know, path for all this stuff, like when you first hear about you're like, oh, man, AWS is just dogfooding too much of its own stuff. It's living too much, you know, on its own. But like that wasn't the case in this instance. In some ways, it reminds me the other big average story that we had this year, where with with all of Meta's services kind of going down all at once where it was like, you know, the failsafe didn't operate as possible. So this led to this cascade of failures, which was noticeable because all of these services are tied in and all of these these backend problems are having. Now, obviously, the like kind of completely different sounded like it was a much worse day for all of the Meta people than it was for Amazon. Still not a great day if you're an AWS employee on the 7th. But, you know, still getting to those questions, I guess, of of scale of, yes, you are. We've learned a lot from this so that these kind of things can't happen again. And we can and we can, you know, there's only so many things that we can know through simulation or what's possible of happening. You know, I guess some of the larger questions I've seen are of of terms of, you know, having any single point, even with AWS with all multiple regions with all of its multiple, you know, failbacks and stuff like that, is that ever, is it ever a question of a single point that that's my that that's what I took away is like, no, no, they had lots of redundancies. It just did a thing that no one expected it would do, right. And and it's a reminder that we haven't been doing this very long at this scale. Right. This isn't electricity. This isn't even broadcast television. This is this is still new and we're still occasionally going to run into something where you're like, whoa, never thought it would do that. OK. How do we make sure it doesn't do that again? This is where I sensation to say, Tom, you're arguing that AWS should be regulated like utility. And I know that's not what you're saying. Well, folks, if you think AWS should be regulated by like a utility or not, you could have that conversation in our discord, which you can join by linking to a Patreon account at patreon.com slash D T N S. All right. Well, over the summer, we talked about the one point six billion dollar acquisition of deep D pop by Etsy about the exploding size of the pre-owned apparel market. I know I've downloaded the depop checked it out. You can get lost in there. Boston Consulting Group valued the market worth over $40 billion this year and global data expects that to grow in the U.S. at least to seventy six point four billion dollars by twenty twenty five resale platforms like D pop, Vestier, trade Z, Poshmark and Vinted make up most of the market with major clothing brands even launching their own secondhand sections to get in on that action. The resale market is all perfectly legal. Thanks to the first sale doctrine, this says that after an original owner sells a product, you don't need the permission to resell it. However, Mia Sato at the verge wrote a wrote a piece looking into sellers receiving takedown requests for trademark and copyright infringements on listings, particularly for listings from large fashion companies. These notices generally are not questioning the right of reselling rather are targeting items perceived to be either counterfeit from unauthorized sellers of new stock. A lot of what happens with copyright infringement notices on a lot like what happens with copyright infringement on YouTube sellers are often in the right, but don't have the resources to risk having shops taken offline even temporarily and paying an attorney to fight a claim. Getting products re-listed to platforms can be laborious, requiring sellers to reach out to unresponsive brands to convince them a product is used and authentic. Proposed legislation to fight counterfeit goods might also make things harder for smaller sellers. The proposed Shop Safe Act would open platforms to lawsuits unless they take steps to prevent counterfeits, but it could make it too burdensome for smaller sellers to operate. I mean, Nicole, have you checked out any of these kind of resell shops and your travails of cyberspace? Yeah, so this is super interesting to me because I buy a lot of things from Etsy, like I buy clothing, I buy jewelry from Etsy. And there's a whole part of Etsy that has always made me wonder if it's like legal for them to do certain things. For example, there's a seller that sells Disney things like Disney shirts, Disney, you know, apparel. I'm like, is that OK? Does Disney know about this? And I have no idea. I have no idea. And this kind of makes me think like, you know, this must be common. This must be like a common thing that they resell things that other people have. So I'm not really sure about the Disney thing, to be fair. I'm not sure if that's like authentic thing or just like they resold it. That's still like a question mark in my mind. But this is super interesting because I do think the resale market is kind of like a weird it's legal, but like I understand what they're saying about how you can't really prove it. You need permission sometimes. So yeah, I don't know. Well, that that's a perfect example of the problem here, right? You're looking at something online and going, well, it's got Mickey Mouse on it. Just to make it simple, right? Is it reselling something they bought at a Disney store, which would be perfectly legal? There's nothing illegal about that. There's no question or did somebody print it up themselves, which without authorization from Disney, which Disney wouldn't give is entirely illegal. There's no question about that. And like YouTube with copyright, like like like MP3 trading before us, the presumption is because the big companies have the influence to say like, well, you're not going to be able to catch everything for sure. So err on the side of its counterfeit, but that causes a lot of damage to small businesses who are like, yeah, I'm my entire business is in your margin of error on that algorithm. And you've just eliminated me from being able to do business. It's the continuing thing we see. We see this with social media moderation. We see it with copyright takedown notices where the scale of the Internet is not yet manageable. We have not yet figured how to operate at the scale we're in. It's it's to me, it's that classic. I don't know if anybody remembers this commercial from like the early 2000s where somebody was like, way, we got an order on our e-commerce site. And then they get another order and then another order. And then they start getting hundreds of thousands of orders and the 10 people in the company look at each other like, oh, crap, we didn't plan for this. Like that's the Internet entirely right now. Like nobody planned for this many people to be using it. Well, and the one thing I will say is one counterfeit goods are a huge problem on like a lot of e-commerce, like not to diminish like that as something. Sure, it's a real problem. Yeah, yeah, e-commerce problems have to worry about. But also these these platforms, you know, Depop and the others also have a vested interest. You know, they're making commissions on all of these sales. They have a vested interest in figuring out a way to, you know, to not make this at least so bad that it's, you know, these sites get a reputation for just being this hellscape of takedown notices and stuff like that. I feel like there has to be some sort of middle ground. Obviously, I don't know how you do that without, you know, you'd have to, I don't even know if you'd have to work with the brands, how that would actually work. But like at least they, I feel like they have a vested interest in at least making this process less laborious. Contrast that to Amazon, which has a huge counterfeit problem, like this massive counterfeit from Amazon. I think Amazon probably has maybe less incentive because, you know, you can't really tell what's real or what's not. Whereas I think these these smaller at CDPOP, all of those things, they do probably have a little bit more of a vested interest in like proving that their sellers are authentic. Yeah, I would have to say you've got when you've got Louis Vuitton coming in and saying, yeah, I'm going to open a used Louis Vuitton shop on Etsy. You'll make this many zeros in dollars Etsy. But here's what we need you to do. Like suddenly those smaller sellers, they don't they don't add up to as much influence as they used to, right? Yeah, you make me sad. I'm sorry. Well, one thing that shouldn't make anyone sad is space. Because it's the final frontier for good eyesight, evidently, being an astronaut requires 2020 vision. But more than 50% of NASA astronauts that went to the International Space Station for more than six months developed vision problems with astronaut John Phillips having his 2020 vision reduced to 2100 after 2005 stint. This is tied to a disorder called Space Flight Associated Neuroocular Syndrome or SANS, not a storage attached network just for clarification. Basically when you sleep, fluids accumulate in your head on earth, gravity will just pull these back down when you sit up when you wake up in space. However, it stays put and applies pressure that causes vision issues over time kind of flattens your eye. But researchers at UT Southwestern Medical Center work with outdoor manufacturer REI to develop a sleeping bag to help with this issue. It encloses the lower body and uses a suction device to draw fluid toward the feet. Now that I am reading that, it sounds a lot like the machine from the Princess Bride. So I'm worried that this will save your eyesight. Yeah, it keeps your soul in your feet. Hopefully. Wow. Yeah, you know, you're right. I just realized that that sleeping in space now sucks in a good way. Is it keep keeps your eyesight better? This is a real problem. I mean, if and for those of you are like, I don't care about going into space. I'm not going to the moon or Mars. I think it's a waste of time, whatever. You don't care. But for those who are like, yeah, I would love to have space tourism happen. This is an issue because you don't want to be like, Yes, I would love to go on a space vacation. No, I don't want to come back having to wear glasses that I didn't need before or strengthen my existing prescription, you know, you want to be able to solve these little problems. There's going to be hundreds of these kinds of things. All right, let's check out the mailbag. Shall we listen to the proposed rules on who the EU wishes to consider an employee writes in Matt Schultz and said, it sounded to me like the EU is on the right track in distinguishing an employee from a contractor. One fly in the ointment popped out at me. What happens if a company is required by a different piece of legislation to take actions that would then make the contractors classified as employees? For example, maybe Uber would be required to force contractors to accept fares regardless of where in the city people live because of the law. It seems like sound legislation to prohibit drivers from avoiding some economically depressed parts of time. However, if the legislation requires Uber to enforce the rule, this then violates one of the criteria for an employee you mentioned on the show or for someone to be not an employee seems like a catch 22 to create a definition of who's an employee and then with other legislation require that companies meet those definitions. I wrote back to Matt on this. Often in those situations, most laws will include a clause that says except we're otherwise required by law. So they they say like if you're being forced to do this because the law then this law won't apply in that particular instance, or they may say, look, if we're requiring you to do this, then you're obviously not a platform that that could be another another tactic that the EU takes as well. But yeah, it's a it's a fair question, Matt. Yeah, any more great questions like that? Send them in feedback at daily tech news show dot com. Of course, we want to thank our brand new bosses, Jessica Kurtiman, Amanda R and Mohammed Ilias, who just started backing us on Patreon. Thanks, Jessica, Amanda and Mohammed. And of course, oh, yes, we need the round of applause and keep it going. Of course, for Nicole Lee, Nicole, thank you so much for being on the show today. This was awesome. Where can people find more of your great stuff if they're so inclined? You can just go on to my Twitter right post most things twitter.com slash Nicole. And of course, you can go to Engadget to see all my writings and so on and so forth. All right, we are live Monday through Friday at 4 30 p.m. Eastern 21 30 UTC. Find out more daily tech news show dot com slash live will be back tomorrow with Rob Dunwood. See you then. This show is part of the Frog Pants Network. Get more at frogpants.com.