Huawei, the Chinese technology giant whose devices are at the center of a far-reaching trade dispute between the U.S. and Chinese governments, is reducing orders for new phones, according to a report in The South China Morning Post.
According to unnamed sources, the Taiwanese technology manufacturer Foxconn has halted production lines for several Huawei phones after the Shenzhen-based company reduced orders. Foxconn also makes devices for most of the major smart phone vendors including Apple and Xiaomi (in addition to Huawei).
In the aftermath of President Donald Trump’s declaration of a “national emergency” to protect U.S. networks from foreign technologies, Huawei and several of its affiliates were barred from acquiring technologies from U.S. companies.
The blacklist has impacted multiple lines of Huawei’s business including it handset manufacturing capabilities given the company’s reliance on Google’s Android operating system for its smartphones.
In May, Google reportedly suspended business with Huawei, according to a Reuters report. Last year, Huawei shipped over 200 million handsets and the company had a stated goal to become the world’s largest vendor of smartphones by 2020.
These reports from The South China Morning Post are the clearest indication that the ramifications of the U.S. blacklisting are beginning to be felt across Huawei’s phone business outside of China.
Huawei was already under fire for security concerns, and will be forced to contend with more if it can no longer provide Android updates to global customers.
Contingency planning is already underway at Huawei. The company has built its own Android -based operating system, and can use the stripped down, open source version of Android that ships without Google Mobile Services. For now, its customers also still have access to Google’s app store. But if the company is forced to make developers sell their apps on a siloed Huawei-only store, it could face problems from users outside of China.
Huawei and the Chinese government are also retaliating against the U.S. efforts. The company has filed a legal motion to challenge the U.S. ban on its equipment, calling it “unconstitutional.” And Huawei has sent home its American employees deployed at R&D functions at its Shenzhen headquarters.
It has also asked its Chinese employees to limit conversations with overseas visitors, and cease any technical meetings with their U.S. contacts.
Still, any reduction in orders would seem to indicate that the U.S. efforts to stymie Huawei’s expansion (at least in its smartphone business) are having an impact.
A spokesperson for Huawei U.S. did not respond to a request for comment.
Want to know exactly what Twitter’s fleet of text-combing, dictionary-parsing bots defines as “mean”? Starting any day now, you’ll have instant access to that data—at least, whenever a stern auto-moderator says you’re not tweeting politely.
Earlier tests of this feature, unsurprisingly, had their share of issues. “The algorithms powering the [warning] prompts struggled to capture the nuance in many conversations and often didn’t differentiate between potentially offensive language, sarcasm, and friendly banter,” Twitter’s announcement states. The news post clarifies that Twitter’s systems now account for, among other things, how often two accounts interact with each other—meaning, I’ll likely get a flag for sending curse words and insults to a celebrity I never talk to on Twitter, but I would likely be in the clear sending those same sentences via Twitter to friends or Ars colleagues.
Additionally, Twitter admits that its systems previously needed updates to “account for situations in which language may be reclaimed by underrepresented communities and used in non-harmful ways.” We hope the data points used to make those determinations don’t go so far as to check a Twitter account’s profile photo, especially since troll accounts typically use fake or stolen images. (Twitter has yet to clarify how it makes determinations for these aforementioned “situations.”)
As of press time, Twitter isn’t providing a handy dictionary for users to peruse—or cleverly misspell their favorite insults and curses in order to mask them from Twitter’s auto-moderation tools.
So, two-thirds kept it real, then?
To sell this nag-notice news to users, Twitter pats itself on the back in the form of data, but it’s not entirely convincing.
During the kindness-notice testing phase, Twitter says one-third of users elected to either rephrase their flagged posts or delete them, while anyone who was flagged began posting 11 percent fewer “offensive” posts and replies, as averaged out. (Meaning, some users may have become kinder, while others could have become more resolute in their weaponized speech.) That all sounds like a massive majority of users remaining steadfast in their personal quest to tell it like it is.
Twitter’s weirdest data point is that anyone who received a flag was “less likely to receive offensive and harmful replies back.” It’s unclear what point Twitter is trying to make with that data: why should any onus of politeness land on those who receive nasty tweets?
This follows another nag-notice initiative by Twitter, launched in late 2020, to encourage users to “read” an article linked by another Twitter user before “re-tweeting” it. In other words: if you see a juicy headline and slap the RT button, you could unwittingly share something you may not agree with. Yet this change seems like an undersized bandage to a bigger Twitter problem: how the service incentivizes rampant, timely use of the service in a search for likes and interactions, honesty and civility be damned.
And no nag notice will likely fix Twitter’s struggles with how inauthentic actors and trolls continue to game the system and poison the site’s discourse. The biggest example remains an issue found when clicking through to heavily “liked” and replied posts, usually from high-profile or “verified” accounts. Twitter commonly bumps drive-by posts to the top of these threads’ replies, often from accounts with suspicious activity and lack of organic interactions.
Perhaps Twitter could take the lessons from this nag notice roll-out to heart, particularly about weighting interactions based on a confirmed back-and-forth relationship between accounts. Or the company could get rid of all algorithm-driven weighting of posts, especially those that drive nonfollowed content to a user’s feed and go back to the better days of purely chronological content—so that we can more easily shrug our shoulders at the BS.
Peloton is having a rough day. First, the company recalled two treadmill models following the death of a 6-year-old child who was pulled under one of the devices. Now comes word Peloton exposed sensitive user data, even after the company knew about the leak. No wonder the company’s stock price closed down 15 percent on Wednesday.
Peloton provides a line of network-connected stationary bikes and treadmills. The company also offers an online service that allows users to join classes, work with trainers, or do workouts with other users. In October, Peloton told investors it had a community of 3 million members. Members can set accounts to be public so friends can view details such as classes attended and workout stats, or users can choose for profiles to be private.
I know where you worked out last summer
Researchers at security consultancy Pen Test Partners on Wednesday reported that a flaw in Peloton’s online service was making data for all of its users available to anyone anywhere in the world, even when a profile was set to private. All that was required was a little knowledge of the faulty programming interfaces that Peloton uses to transmit data between devices and the company’s servers.
Data exposed included:
Gender and age
If they are in the studio or not
Ars agreed to withhold another piece of personal data exposed because Peloton is still working to secure it.
A blog post Pen Test Partners published on Wednesday said that the APIs required no authentication before providing the information. Company researchers said that they reported the exposure to Peloton in January and promptly received an acknowledgement. Then, Wednesday’s post said, Peloton went silent.
Slow response, botched fix
Two weeks later, the researchers said, the company silently provided a partial fix. Rather than providing the user data with no authentication required at all, the APIs made the data available only to those who had an account. The change was better than nothing, but it still let anyone who subscribed to the online service obtain private details of any other subscriber.
When Pen Test Partners informed Peloton of the inadequate fix, they say they got no response. Pen Text Partners researcher Ken Munro said he went as far as looking up company executives on LinkedIn. The researchers said the fix came only after TechCrunch reporter Zack Whittaker, who first reported the leak, inquired about it.
“I was pretty pissed by this point, but figured it was worth one last shot before dropping an 0-day on Peloton users,” Munro told me. “I asked Zack W to hit up their press office. That had a miraculous effect – within hours I had an email from their new CISO, who was new in post and had investigated, found their rather weak response and had a plan to fix the bugs.”
A Peloton representative declined to discuss the timeline on the record but did provide the following canned response:
It’s a priority for Peloton to keep our platform secure and we’re always looking to improve our approach and process for working with the external security community. Through our Coordinated Vulnerability Disclosure program, a security researcher informed us that he was able to access our API and see information that’s available on a Peloton profile. We took action and addressed the issues based on his initial submissions, but we were slow to update the researcher about our remediation efforts. Going forward, we will do better to work collaboratively with the security research community and respond more promptly when vulnerabilities are reported. We want to thank Ken Munro for submitting his reports through our CVD program and for being open to working with us to resolve these issues.
The incident is the latest reminder that data stored online is often free for the taking, even when companies say it isn’t. This puts people in a bind. On the one hand, sharing weight, workout stats, and other data can often help users get the most out of training sessions or group workouts. On the other… well, you know.
I generally try to falsify much of the data I provide. Most of the services I use that require a credit card will approve purchases just fine even when I supply a false name, address, and phone number. Not having those details attached to user names or other data can often minimize the sting of a data leak like this one.
SpaceX has received more than 500,000 orders for Starlink broadband service, the company said yesterday.
“‘To date, over half a million people have placed an order or put down a deposit for Starlink,’ SpaceX operations engineer Siva Bharadvaj said during the launch webcast of its 26th Starlink mission,” CNBC reported.
SpaceX opened preorders for Starlink satellite service in February and is serving at least 10,000 users in its beta in the US and overseas combined. The preorders required a $99 deposit for service that would be available in the second half of this year. The 500,000 total orders presumably include both US residents and people in other countries; we asked SpaceX for more details and will update this article if we get a response.
A preorder doesn’t guarantee that you’ll get service, and slots are limited in each geographic region because of capacity limits. Still, SpaceX CEO Elon Musk said he expects all of the preorderers to get service—but said that SpaceX will face a challenge if it gets millions of orders.
“Only limitation is high density of users in urban areas,” Musk tweeted yesterday. “Most likely, all of the initial 500k will receive service. More of a challenge when we get into the several million user range.”
The total cost for each Starlink user is $499 for hardware, $50 for shipping and handling, and $99 for monthly service, plus tax. Preorders are still open on the Starlink website.
SpaceX prepares for up to 5 million users in US
Despite Musk’s comment, SpaceX has been laying the groundwork to potentially serve up to 5 million subscribers in the US. SpaceX initially obtained a Federal Communications Commission license to deploy up to 1 million user terminals (i.e. satellite dishes) in the US and later asked the FCC to increase the authorized amount to 5 million terminals. The application is still pending.
“SpaceX Services requests this increase in authorized units due to the extraordinary demand for access to the Starlink non-geostationary orbit satellite system,” the company told the FCC in its license-change request on July 31, 2020. At that time, nearly 700,000 people in the US had registered interest on Starlink’s website, but that action didn’t require putting down any money. The 500,000 orders and deposits that Starlink has received even without saying exactly when the service will exit beta is a stronger indication of people’s interest in the satellite broadband system, though this number likely includes non-US residents.
Musk has said that Starlink will be available to “most of Earth” by the end of 2021 and the whole planet by next year. SpaceX is also planning a new version of the “Dishy McFlatface” satellite dish for large vehicles, aircraft, and ships. Musk has said that the original version of the dish “should be fully mobile later this year, so you can move it anywhere or use it on an RV or truck in motion.”