Ged Carroll

Category: china | 中國 | 중국 | 中華

Ni hao – this category features any blog posts that relate to the People’s Republic of China, the Chinese communist party, Chinese citizens, consumer behaviour, business, and Chinese business abroad.

It is likely the post will also in other categories too.  For example a post about Tong Ren Tang might end up in the business section as well. Inevitably everything is inherently political in nature. At the moment, I don’t take suggestions for subject areas or comments on content for this category, it just isn’t worth the hassle.

Why have posts on China? I have been involved in projects there and had Chinese clients. China has some interesting things happening in art, advertising, architecture, design and manufacturing. I have managed to experience some great and not so great aspects of the country and its businesses.

Opinions have been managed by the omnipresent party and this has affected consumer behaviour. Lotte was boycotted and harassed out of the country. Toyota and Honda cars occasionally go through damage by consumer action during particularly high tensions with Japan.

I put stuff here to allow readers to make up their own  minds about the PRC. The size of the place makes things complicated and the only constants are change, death, taxes and the party. Things get even more complicated on the global stage.

The unique nature of the Chinese internet and sheltered business sectors means that interesting Galapagos syndrome type things happen.

I have separate sections for Taiwan and Hong Kong, for posts that are specific to them.

  • Internet of hacking

    IoT should be considered the Internet of Hacking (IoH).

    Mirai – is a bot network that is powered by a range of devices including infected home routers and remote camera systems. It took over these systems by using their default passwords. The network of compromised machines is then targeted to overload a target network or service. Last week the Dyn DNS service was targeted which restricted access to lots of other services for users on the east coast of the US.

    DNS is like a telephone directory of internet destinations, if no one knows where to go it becomes a lot harder to get in touch.

    DDoSing

    Mirai didn’t spring miraculously out of thin air. It finds its history in passionate gamers who used distributed denial of service (DDoS) attacks to slow down or even kick opponents off online gaming platforms. Eventually the gaming companies got hip to it and went after the cheaters, not to be outdone the cheaters went after the gaming companies.

    Taking a service offline using DDoS became a source of extortion against online banking and e-commerce services. Attacks can be used as a form of ‘digital hit’ to take out opponents or critics like online security commentator Brian Krebs.

    Computing

    Moore’s Law meant that computing power has become so small and plentiful that it is surprising what we often have in the palms of our hands. The first Cisco router was built on the circuit board of a Sun Microsystems workstation. Home routers now are basically small computers running Linux. A CCTV camera box or a DVR are both basic PCs complete with hard drives.

    Back in 2007, BlackBerry co-founder Mike Lazaridis described the iPhone as

    “They’ve put a Mac in this thing…”

    The implication being that the power of a sophisticated PC was essentially in the palm of one’s hand. The downside of this is that your thermostat is dependent on a good broadband connection and Google based cloud services and your television can get malware in a similar manner to your PC.

    Security

    For a range of Chinese products that have been acknowledged as part of the botnet; the manufacturer acknowledged that they were secured with a default admin password. They fixed the problem in a later version of the firmware on the device. Resetting the default password is now part of the original device set-up the first time you use it.

    The current best advice for internet of things security is protecting the network with a firewall at the edge. The reality is that most home networks have a firewall on the connected PCs if you were lucky. The average consumer doesn’t have a dedicated security appliance on the edge of the home network.

    Modern enterprises no longer rely on only security at the edge, they have a ‘depth in defence’ approach that takes a layered approach to security.

    That would be a range of technology including:

    • At least one firewall at the edge
    • Intrusion detection software as part of a network management suite
    • A firewall on each device
    • Profile based permissions across the system (if you work in HR, you have access to the HR systems, but not customer records
    • Decoy honey post systems
    • All file systems encrypted by default so if data is stolen it still can’t be read

    Processes:

    • Updating software as soon as it becomes available
    • Hard passwords
    • Two-factor authentication

    Depth in defence is complex in nature, which makes it hard to pull off for the average family. IoT products are usually made to a price point. These are products as appliances, so it is hard for manufacturers to have a security eco-system. The likelihood of anti-virus and firewall software for light bulbs or thermostats is probably small to non-existent.

    The Shenzhen eco-system

    Shenzhen, just across the border from Hong Kong has been the centre of assembly for consumer electronics over the past 20 years. Although this is changing, for instance Apple devices are now assembled across China. Shenzhen has expanded into design, development and engineering. A key part of this process has been a unique open source development process. Specifications and designs are shared informally under legally ambiguous conditions – this shares development costs across manufacturers and allows for iterative improvements. This doesn’t seem to improve product security, quite the opposite, hence the internet of hacking. 

    There is a thriving maker community that allows for blurring between hobbyists and engineers. A hobbyists passion can quickly become a prototype and then into production . Shenzhen manufacturers can go to market so fast that they harvest ideas from Kickstarter and can have them in market before the idea has been funded on the crowdsourcing platform.

    All of these factors would seem to favour the ability to get good security technologies engineered directly into the products by sharing the load.

    China

    The European Union were reported to be looking at regulating security into the IoT eco-system, to try and prevent the internet of hacking, but in the past regulation hasn’t improved the security of related products such as DSL routers. Regulation is only likely to be effective if it is driven out of China. China does have a strong incentive to do this. But it is unlikely to do anything to help prevent the internet of hacking.

    The government has a strong design to increase the value of Chinese manufacturing beyond low value assembly and have local products seen as being high quality. President Xi has expressed frustration that the way Chinese manufacturing appears to be sophisticated, yet cannot make a good ballpoint pen.

    Insecurity in IoT products is rather like that pain point of poor quality pens. It is a win-win for both customers, the Chinese manufacturing sector and by extension the Party. More security related content can be found here.

    More Information

    WSJ City – Massive Internet Attack Stemmed From Game Tactics
    Your brilliant Kickstarter idea could be on sale in China before you’ve even finished funding it | Quartz
    Asus lawsuit puts entire industry on notice over shoddy router security | Ars Technica
    Europe to Push New Security Rules Amid IoT Mess — Krebs on Security
    Why can’t China make a good ballpoint pen? | Marketplace.org

  • Toothbrush test + more news

    Toothbrush test

    Google Canceled the Launch of a Robotic Arm After it Failed the ‘Toothbrush Test’ – Bloomberg – executives at Google parent Alphabet Inc. nixed the plan because it failed Chief Executive Officer Larry Page’s “toothbrush test,” a requirement that the company only ship products used daily by billions of people, according to people familiar with the situation. – Surely this would nix Google‘s enterprise products as well? The toothbrush test poses a serious problem to Alphabet. The business can no longer go after most business opportunities, due to the tyranny of large numbers involved in their earnings. Secondly, they may not get lucky twice, the only benefit of the toothbrush test is preventing the kind of problem that Yahoo! had with the Broadcast.com acquisition. The toothbrush test sounds like an innovation killer

    Consumer behaviour

    More millennials switch off social media | FT – qualitative rather than quantitative data

    Economics

    Pound sterling could be worth less than a dollar within three years, investor Jim Rogers warns | The Independent – You’ve got a lot of debt, you’ve got a serious balance of trade problem which shows no signs of being corrected. I don’t see anything to make sterling go up – not terribly surprising conclusion. The only alternative would be massive cuts outside the South East including rural subsidies and infrastructure spending. The state pension would likely have to be means tested and cut. It would also make sense to up taxation on capital gains and death duty

    Marketing

    One on One – Edelman – Six of the top 10 PR firms did not grow or went backwards in 2015. This should be PR’s time, given the complexity of the environment (nationalism, populism, fear of pace of innovation) and the explosion of media options… I contended that the management of PR agencies has not sufficiently recognized the opportunity on the marketing side of the business. The emphasis on continued increase in profit margins has pushed our sector toward public affairs, crisis management and corporate reputation… – in addition PR is letting its top talent walk out the door, pay is below par for other disciplines and needs to get general managers that won’t have a rotating door on the new types of talent that they want to get in

    Media

    The Man Who Stood Up To Facebook : All Tech Considered : NPR – which all goes back to where Facebook deviated from the web 2.0 credo and used it to its own advantage – for instance hollowing out Yahoo!’s user base

    Tag Heuer’s adventure seeking leads to a Red Bull TV sponsorship | Luxury Daily – interesting wrinkle on brand content where other brands come in and sponsor the brand content

    Some Thoughts on Reuters, NY Times, and Yahoo – Lawfare  – Benjamin Wittes flags that much of the Yahoo story is unclear, including legal arguments and the objective of the search, and further reporting from Motherboard and the Intercept

    Online

    Analysis: Trump ‘rigged’ vote claim may leave lasting damage | AP News – I don’t think that you can pin this solely on Trump when you have thinkers like marketing professor Philip Kotler has written a book on how the current framework is broken to ‘repair’ US democracy.

    The Latest Celebrity Diet? Cyberbullying – The New York Times – which is going to legitimise the tactics in the minds of many people out there as ‘normal behaviour’

    Bronte Capital: Measuring how bad Twitter is – needs to fire two thirds of its staff

    Security

    What Surveillance Will Look Like in the Future – The Atlantic – of course this depends on not having Note 7-esque battery problems

    Europe to Push New Security Rules Amid IoT Mess — Krebs on Security – it is the right thing to do, but will be hard to police and won’t stop shoddy security on products coming out of the Shenzhen, Dongguan, Goungzhou silicon triangle in the Pearl River delta

    Software

    The Telegraph overhauls mobile app to focus on speed – Digiday – interesting focus on immediacy, goes against the ‘abundance of bandwidth’ assumption many developers use

    WTF is a container? | TechCrunch – really nice primer

    Huawei has formed a strategic partnership to develop AI – Business Insider – but could you trust it? Interesting that this hasn’t caused upset in the US body politic

    Daring Fireball: Walt Mossberg: ‘Why Does Siri Seem So Dumb?’ – John Gruber’s take is really good. I won’t even get into the fact that Siri just doesn’t understand my BBC northern English accent and so I just don’t bother using it

    Baidu Launches A Medical Chatbot That Acts As A Physician’s Assistant | IPG Media Lab – interesting application, IBM Watson has aspired to go in this direction. Maximises the 8 minutes a patient has in a doctors surgery

    Web of no web

    Most Drivers Who Own Cars With Built-in GPS Systems Use Phones For Directions – Mostly Out of Frustration – explains why TomTom and Garmin are still going

    Building a Smart Home With Apple’s HomeKit | Wirecutter – shows how immature the smart house still is. That is if you’re not concerned about your IoS (internet of shit) devices being compromised and turned into a bot net for hire

    Wireless

    Verizon just raised a big warning flag for Yahoo – The Washington Post – hacks had a material effect on the business

    The exploding Note 7 is no surprise – leaked Samsung doc highlights toxic internal culture • The Register – the Note 7 seems to have shone a light on the Samsung business

    iPhone 7 vs Leica M9-P: A Side-by-Side Photo Comparison | PetaPixel – to me these show the limits of the smartphone rather than how great it is

  • Return of Mao + more news

    Return of Mao

    The return of Mao: a new threat to China’s politics — FT.com – interesting how it has merged with folk religion. Return of Mao is a cargo cult for people who want to return to more egalitarian times, even if everyone was poorer. The return of Mao is probably not looking for the kind of bloodshed that the Chairman had previously wrought with 40 to 70 million Chinese killed. The biggest threat is that the return of Mao delegitimatises the Communist Party of China. The return of Mao might represent a kind of Chinese populism that views the modern party and princelings as just as much of a swamp as the government of Chiang Kai-shek and feudal landlord families of old

    Business

    WSJ City – Brexit Torpedoes UK’s RBS Plans – Brexit left 10 billion pound hole in valuation which was still less than the government pumped into the bank in the first place

    Consumer behaviour

    Deloitte Mobile Consumer 2016 – peak smartphone

    Economics

    Government forced to release ‘secret arguments’ for triggering Article 50 ahead of legal challenge against Brexit | The Independent – individuals can have fundamental rights conferred by acts of parliament stripped away if and when the executive withdraws from the treaties on which they are based – and if this doesn’t get Labour concerned about Brexit nothing will

    Five thoughts inspired by three days in Liverpool | CityMetric – all good points that explain that whilst I like Liverpool, I haven’t gone back to live there

    Innovation

    The web is past peak innovation: It’s all negative returns from here | The Register – so it probably won’t lift the world out of its economic funk

    Fakes, Pirates, and Shanzhai Culture | ChinaFile – great podcast on shanzhai

    This is the first Adidas shoe made almost entirely by robots – Recode  – More than 70 percent of Adidas’ sales comes from products less than one year old. Although this is only the beginning of the company’s robot shoemaking factories, the ability to make products on demand and as needed, as opposed to creating large stockpiles of inventory, could upend and decentralize current manufacturing processes

    Luxury

    The Luxury Dark Web Trade of Disneyland Tickets and Dinners for Two | Motherboard – makes a change from assassinations, drugs, firearms and child porn

    Auction houses lose Hong Kong watch department heads as sales collapse — FT.com – corruption crackdowns and move to vintage pieces

    LVMH’s Digital Drive Takes Time Despite Apple Hire | Business of Fashion – these things take time and Ian is smart enough to do it

    Media

    BBC to demand logins for iPlayer in early 2017 | The Register – pulling together data that would be handy for advertising?

    Snapchat’s Mysterious ‘Snap to Unlock’ Ads Start to Pop Up | Digital – AdAge – copied from LINE and WeChat with a hint of Microsoft Tag

    Mark Ritson: Facebook’s erroneous video metrics show no one has a clue about digital | Marketing Week – the shadowy box of turds and spiders that is programmatic to the increasingly complex and deluded world of digital views, the idea that digital marketing is more analytical and attributable than other media is clearly horseshit

    HK Magazine to close, SCMP blames ‘dire’ English language print market conditions – Mumbrella Asia – “In the past few years, HK Magazine has been subjected to very challenging market conditions, which were especially dire for English-language lifestyle print media. Furthermore, the volatile advertising landscape, diminishing profitability from display advertising and event business further thwarted the magazine’s sustainability in the foreseeable future.” – the contrarian editorial line probably hasn’t helped either. Good magazine sorry to see it go

    Online

    New Yorkers Can Now Get Unlimited Uber For $100 | Forbes – $200 for the full month. All rides must begin and end in Manhattan below 125th street. Interesting the way they are trying to move to a subscription model

    Security

    Yahoo hackers weren’t state-sponsored, a security firm says | PCWorld – this is important because it says a lot about the way that data will be used and makes Yahoo! look more culpable if true

    Software

    Messages on iOS 10: Better features, worse usability | Six Colors – pretty much my sentiment on it

    Project Springfield | Microsoft – cloud based testing for bugs, presumably with some sort of AI / machine learning behind it; for competitors would it be wise giving this Microsoft service sight of your code?

    Technology

    Microsoft’s Internet Business Gets a New Kind of Processor | WIRED – FPGA computing – interesting move

    Imagination 2.0 Update Ships | EE Times – interesting turnaround plans

    Web of no web

    Only Select Developers Can Publish Google Daydream Apps Until 2017 | Road to VR – how many Daydream handsets are there out there?

    Google Car: Sense and Money Impasse | MondayNote – ins and outs of autonimous driving

    Is this the creepiest use of facial recognition tech yet? | TechCrunch – feels like a law suit ready to happen

    Palmer Luckey’s politics were hiding in plain sight | Fusion – is it just me or does all feel a bit ‘Ready Player One’

    Wireless

    Why Samsung’s recall of Galaxy smartphones threatens its universe | SCMP – it marks cultural shift, less sure about it threatening Samsung in the smartphone business yet

  • The Yahoo Data Breach Post

    2014 brought us a Yahoo data breach only disclosed now; it formally declared the breach to consumers on September 22. This isn’t the first large data breach breach that Yahoo! has had over the past few years just the largest.

    In 2012, there was a breach of 450,000+ identities back in 2012. Millions of identity records were apparently being sold by hackers in August 2016 that the media initially linked to the 2012 breach. It would be speculative to assume that the records for sale in August was part of the 2014 raid.

    The facts so far:

    • 500 million records were stolen by the hackers. Based on the latest active email account numbers disclosed for Yahoo! many of these accounts are inactive or forgotten
    • Some of the data was stored unencrypted
    • Yahoo! believes that it was a state sponsored actor, but it has offered no evidence to support this hypothesis. It would be a bigger reputational issue if it was ‘normal’ hackers or an organised crime group
    • There are wider security implications because the data included personal security questions

    The questions

    Vermont senator asked the following questions in a letter to Yahoo!:

    • When and how did Yahoo first learn that its users’ information may have been compromised?
    • Please provide a timeline detailing the nature of the breach, when and how it was discovered, when Yahoo notified law enforcement or other government authorities about the breach, and when Yahoo notified its customers. Press reports indicate the breach first occurred in 2014, but was not discovered until August of this year. If this is accurate, how could such a large intrusion of Yahoo’s systems have gone undetected?
    • What Yahoo accounts, services, or sister sites have been affected?
    • How many total users are affected? How were these users notified? What protection is Yahoo providing the 500 million Yahoo customers whose identities and personal information are now compromised?
    • What steps can consumers take to best protect the information that may have been compromised in the Yahoo breach?
    • What is Yahoo doing to prevent another breach in the future?
    • Has Yahoo changed its security protocols, and in what manner?
    • Did anyone in the U.S. government warn Yahoo of a possible hacking attempt by state-sponsored hackers or other bad actors? When was this warning issued?

    Added to this, shareholders and Verizon are likely to want to know:

    • Chain of events / timing on the discovery on the hack?
    • Has Yahoo! declared what it knew at the appropriate time?
    • Could Yahoo! be found negligent in their security precautions?
    • How will this impact the ongoing attrition in Yahoo! user numbers?

    Additional questions:

    • How does Yahoo! know that it was a state sponsored actor?
    • Was there really Yahoo! web being sold on the dark web in August?
    • Was that data from the 2014 cache?
    • How did they get in?

    More Yahoo! related content here.

    More information
    An Important Message About Yahoo User Security | Yahoo – Yahoo!’s official announcement
    UK Man Involved in 2012 Yahoo Hack Sentenced to Prison | Security Week
    Congressional Leaders Demand Answers on Yahoo Breach | Threat Post

  • The Dark Forest by Cixin Liu

    The Dark Forest is the second book in Cixin Liu’s Three Body Problem trilogy. I reviewed the first book here. In the second book the tone changes from being a hard bitten conspiracy story to a fully-blown space opera.

    The Dark Forest of the title is a metaphor for a philosophical thought experiment. The universe is thought to be teaming with life. Each civilisation is like a hunter in a dark forest. Revealing oneself, leaves one open to being killed by another hunter. Since you don’t know a hunter’s intention it seems better to be quiet. Conversely if you become aware of another civilisation there is a strong incentive to get them before they get you.

    Unlike the first book, The Dark Forest takes place over centuries as the protagonist is put into cryogenic hibernation and then woken centuries later. Living in the future provides a warning for readers against the perils of having all parts of our life automated and connected – it delves into similar themes as Michael Crichton’s Runaway.

    Liu deals with complex arguments and grand societal change in a masterful way. I am waiting to read the last book in the trilogy Death’s End. More book reviews here.