China’s elevated bus test site has been abandoned for months

Remember China’s wacky Transit Elevated Bus aka TEB which promised to carry passengers over traffic? Well, we have some bad news for you. China News reported that the 22-meter-long prototype unveiled in early August had been collecting dust in its hangar for well over two months, according to the two old men who were guarding the vacated test site in Qinhuangdao. One of them added that he could no longer contact his employer. A quick look at the project’s still-functioning website is just as worrying, with its latest post dating back to September 15th.

Following China News’ report last week, The Paper reached out to an unnamed senior staffer at TEB Technology Limited and learned that the company has indeed been facing some “significant” financial issues since mid-November, and its sole investor — a Beijing wealth management company called Huayingkailai — refused to provide further funding. In fact, Huayingkailai landed in hot water recently with accusations of illegal fundraising plus fake credit rating. The Paper tried to call the numbers listed on that company’s website but none were answered; I did the same and had no luck, either.

This is bad news for Suzhou-based design firm Autek, who is still owed some 45 million yuan or about $6.5 million, according to The Paper. Song You Zhou, the so-called inventor of the TEB, acknowledged that his company has yet to settle Autek’s invoice, but he defended by claiming that it’s already been paid 60 percent of the outstanding fee instead of just the rumored 20 percent. As for TEB Technology itself, a former employee revealed that its team of over 100 engineers weren’t actually under said company, but were mainly sent in from Autek and two local universities. With a few more employees gone recently, it apparently doesn’t cost TEB Technology much to keep itself barely alive, especially in its current idle state.

The Paper also received confirmation from the district authority that the TEB project’s management and operations teams have already moved out of the city, which leaves us wondering who will be going back to pack things up. After all, even at just 300m long, the test track has become a nuisance for the locals as it takes up half a side of a functioning road, thus forcing cars on one side to squeeze into one of the three lanes on the opposite side.

According to the original agreement between TEB Technology and the district, the company was supposed to have dismantled the temporary test site by August 31st, unless they were to negotiate an extension for the trial period. Song insisted that the site was still being inspected each week, which contradicts the statements from the district authority and the guards there. Similarly, there’s no update regarding the progress of the second test site which is supposed to feature a 3km track in Zhoukou.

No matter how this company spins it, things aren’t looking good for the crazy straddling bus project. Even if it really has secured a new investor from Beijing as claimed by Song, his team has yet to convince us all that this concept works safely over real-life traffic. With such severe financial, technical and reputation issues, the TEB is just as good as dead.

Source: China News, The Paper, Sina Finance, Beijing Youth Daily

Apple single sign-on: What is it and how does it work?

Apple has finally launched its long-awaited “single sign-on” feature.

But there are a few things you need to know about it before you can jump right in. For instance, it’s only available in one country right now, and it only works with a handful of cable providers and apps at launch. Confused? Allow us to explain. Here’s everything you need to know about the new single sign-on feature for Apple TV (fourth-generation) and iOS devices, including what it is and how to set it up.

• Apple says these were the best apps and games in 2016
• Apple iCloud Calendar spam: What’s going on and is there a fix?
• Apple iPhone 6 Plus ‘touch disease’ flaw: Here’s how to get it fixed

What is Apple single sign-on?

The days of having to enter your cable account login details into every individual TV-streaming app on your Apple TV, iPhone, and iPad are numbered. It just depends on where you live and your cable provider. On 6 December 2016, after a couple months of teasing, Apple rolled out its single sign-on feature, which allows you to enter your cable account’s username and password just once and then automatically be signed into all the other apps on your device that also require those login credentials for viewing.

Here’s Apple’s support page that explains the feature.

Which providers support Apple single sign-on?

The following cable providers and subscription-based services in the US support Apple single sign-on (so, if you’re a customer of one these, Apple will accept your login credentials when you set up single sign-on):

• CenturyLink Prism (part of CenturyLink’s fiber optic arm)
• DirecTV (satellite TV provider owned by AT&T)
• Dish Network (satellite TV provider)
• GTA (cable provider only available in Guam)
• GVTC (broadband provider only available in Texas)
• Hawaiian Telcom (provider only available in Hawaii)
• Hotwire (fiber optic cable TV provider)
• MetroCast (provider only available in nine states)
• Sling TV (digital subscription service for cord-cutters)

Which apps support Apple single sign-on?

With Apple single sign-on, you should only need to enter your login credentials for your cable provider once, as apps supporting the feature will then have automatic access to those credentials, eliminating the need for you to manually sign in again on every single app. Now, just because your cable provider supports Apple single sign-on doesn’t mean all your apps and streaming services will automatically log in for you.

Apps need to add support for the feature, at which point they’ll then require you to update them. Also, supported apps might differ between your Apple TV (fourth-gen) and iOS device, and also based on which TV provider you use. Yeah. Not exactly simple, right? Sill, here’s a list of supported apps that currently offer Apple single sign-on (on certain devices anyway).

Note: Apple TV (fourth-generation) runs tvOS.

• ABC (iOS and tvOS)
• A&E (iOS only)
• Bravo Now (tvOS only)
• Disney Channel (iOS and tvOS)
• Disney Junior (iOS and tvOS)
• Disney XD (iOS and tvOS)
• E! Now (tvOS only)
• Freeform (iOS)
• FXNOW (tvOS)
• Hallmark Channel Everywhere (iOS and tvOS)
• History (iOS only)
• Lifetime (iOS only)
• NBC (tvOS only)
• Syfy Now (tvOS only)
• Telemundo Now (tvOS only)
• USA NOW (tvOS only)
• Watch HGTV (iOS and tvOS)
• Watch Food Network (iOS and tvOS)
• Watch Cooking Channel (iOS and tvOS)
• Watch DIY (iOS and tvOS)
• Watch Travel Channel (iOS and tvOS)

You will need to authorise every app you plan to use with single-sign on. Once you’ve setup the feature, that’s as simple as opening the app and selecting OK to authorise the sharing of your subscription data. You’ll only have to do that once. To find even more apps that support single sign on-in the future, go to the Settings app on your Apple TV, then Accounts > TV Provider, and select Find More Apps. That’s it.

How do you enable Apple single sign-on?

Apple TV (fourth-generation)

Go to Settings > Accounts > TV Provider
Choose your TV provider
Sign in with your TV-provider account credentials (username/password)

iOS device

Make sure that your device is running iOS 10 or later
Go to Settings > TV Provider
choose your TV provider
Sign in with your TV-provider account credentials (username/password)

If you sign in from an iOS device that uses iCloud with the same Apple ID as your other devices, then all those devices will already be signed in to your TV provider. If you’d like to disable Apple single sign-on, all you have to do is open the Settings app, go to Accounts > TV Provider, and select Sign Out. 
After you sign out, apps will revert to individual authentication options.

Where is Apple single sign-on available?

Apple single sign-on is currently only available in the US.

Obama’s got a new cybersecurity plan, but what’s the point?

There’s been a lot of hot air blown across headlines this week about the big cybersecurity plan proposed by the White House’s Commission on Enhancing National Cybersecurity (PDF).

The plan for a commission to create long-term recommendations on beefing up America’s cybersecurity was first hatched in April. It’s a roadmap that should’ve been plotted many years ago, and is now being re-gifted to the next administration. Which may or may not use it for toilet paper.

The report, which identified six key issues for improving the cybersecurity of the US as a whole, is meaningless without the buy-in of the next administration. “The Commission considers this report a direct memo to the next President,” it states. “It is critical that the next President and his Administration and Congress begin immediately to tackle each one of the issues raised.”

Seeing the report put in motion by the next administration and Congress would be a good thing, if it happens in some form or another. That’s because the report nails it when identifying problems, like securing Internet of Things (IoT) products ASAP. The report finally policy-izes fixing things people like me have been raising the alarm about for years. Namely, that the tech industry rushes things to market before securing them, that organizations no longer have control over people, devices, and data, and that attackers are cashing in on our security fatigue.

Sounds good, right? It also includes a generous amount of attention to consumer rights, even suggesting a security “nutritional label” to help citizens assess the risks of products before they buy. Instead of telling us how many calories are in bran flakes, they want us to look at tech products and see “a rating system of understandable, impartial, third-party assessment that consumers will intuitively trust and understand.”

There is a fair amount of hate in the report for the traditional username/password system everything runs on for login security. This translated into the Commission’s hardcore fanboying of the FIDO Alliance, whose emphasis is on getting rid of the traditional password model in favor of multifactor, biometrics, and items like YubiKey.

I’ll even give the report bonus points for mentioning the Mirai attack in its intro — the concerns presented are up to date. Most reports and the cyber plans of would-be presidents are basically, “internet is dangerous because Target got hacked in 2013.” I’m not joking.

However, most of the news this week omitted the fact that the 100-page report, based on nine months of study, has a few spots of rot under its shine.

The Commission behind the report was comprised of 12 members that included corporate interests like the President and CEO of MasterCard, the corporate VP from Microsoft Research, the Chief Security Officer of Uber (Joe Sullivan, formerly Facebook counsel), and former NSA head General Keith Alexander. Some of you may remember Alexander as the NSA’s “collect it all” guy, and who was forced to admit that the number of terrorist plots foiled by blanket surveillance were wildly and inaccurately overstated.

While I agree with the report’s call to have the private sector and government collaborate on a cyber roadmap, and for that map to espouse citizens’ rights, if their idea of private sector means Uber, there’s a problem. You know, the same Uber that just decided to track its iOS users even when the app is turned off, bypassing the iPhone’s consumer-protecting anti-tracking settings.

The Commission’s twelve “subject matter experts” didn’t come from the sprawling cybersecurity industry itself, who are out there in the trenches, over which this policy will govern. Instead, the Commission tapped NIST, DHS, DoJ, DoD and GSA — to ensure the apple doesn’t fall too far from the tree, we must suppose. I mean, yay NIST. But seriously: where was the actual public sector when these guys were in the pillow fort writing fanfic about making passwords go away?

Some sections seem a little less on the level in terms of fighting the good fight for us little people.

There’s quite a bit about protecting companies from being responsible for anything if they cooperate with the government on information sharing. Because I guess CISA just wasn’t enough. Action item 1.2.3 is about public-private sharing of “risk management practices” (like the actions of an organization’s security team, etc) under the banner of security. This would explicitly protect companies from FOIA, discovery in litigation, use in regulatory enforcement, use as evidence, etc… Hey, maybe that’s one of the recommendations we can thank Uber for.

Another curious section talks about working with the international community on “harmonizing” standards and policies, all in an envelope of securing the digital economy. A sagacious person implementing this might explore how it plays out with repressive regimes who could do a lot of damage under the guise of “incident response.” Like when China and Russia made moves in 2012 to pass an international treaty that would allow UN member states to cut off and potentially intercept communications under vague wordings for cases that, “appear dangerous to the security of the State […] or to public order or decency.”

Ultimately, the report’s results are a range of recommendations as action items that direct the next president to create initiatives, carve out budgets, make Executive Orders, and collaborate extensively with the public sector. It states that within the first 180 days of the next administration, “the President should appoint an Ambassador for Cybersecurity to lead U.S. engagement with the international community on cybersecurity strategies, standards, and practices.”

The report urgently expresses the need for funds to get federal organizations like the old hacked-to-the-gills OPM up to speed with security. “The next President should formally announce his intention to increase investment in modernizing federal IT,” the Commission wrote. Based on a calamitous shortage of cyber-workers, the report urges the next President to “initiate a national cybersecurity workforce program to train 100,000 new cybersecurity practitioners by 2020.”

President Obama has made it crystal clear that it’s up to the next administration to implement this. The new guys would be handling all of its extensive recommendations for collaboration with private sector (joint public-private action). The report has its problems, yet this is likely its biggest one.

But for now, all our qualms with the report are conundrums for a quieter moment. We are on the precipice of chaos. Hucksters are selling mainly cyber solutions but also fear and uncertainty, the attackers crowd the space as they jockey to sell stolen creds for a few bucks, privacy violations heave consumers into apathy, and companies play the blame game now harder than ever. It’s a perfect storm for the selfish to advance their own interests over everyone who doesn’t get a seat at the table.

I guess that’s why the positive parts of this advisory report feel like a bitter punch. It feels slow, and it feels late. Now more than ever it feels like we’re being set up for more apathy, or worse, exploitation. It mostly feels like we should keep working on covering our own cyber-asses.

But if it makes the incoming administration think about cybersecurity a tiny bit, or as more than a tool to advance careers and screw those they disike, then I guess that little bit was worth it.

You might be warned if your next flight allows WiFi calling

Between screaming babies, flatulent passengers and that guy ahead of you who insists on leaning all the way back, air travel can be pretty miserable. And that’s before you think about the possibility of someone loudly making a call over WiFi during your flight. The Department of Transportation wants to address that last bit, though.

Soon, it could be a requirement that if said calls are allowed on a flight, you’d know as soon as possible in an effort to find alternate travel options. This would probably mean there would be a notification when you’re booking. “DOT believes that allowing voice calls, without providing adequate notice, would be an unfair and deceptive practice,” the regulating body said in a statement.

“The Department believes that consumers would be unfairly surprised and harmed if they learned only after the purchase of a ticket (or, worse, after boarding the aircraft) that the carrier permits voice calls on its flights.”

According to the Associated Press, a vast majority of the carriers will defer to their customers and flight attendants when it comes to making a decision on this — not government law. And so far, their responses (perhaps unsurprisingly) have been against the idea. The exceptions were American Airlines and JetBlue; the former shoved any questions off on the DOT and the latter didn’t respond to for comment.

Flight attendants are worried that allowing calls could cause fights between passengers who are forced to listen against their will. By extension, this might also endanger the flight crew. The head of the Association of Flight Attendants-CWA called anything other than a ban “reckless,” for instance.

There’s a 60 day window for comment on the initiative, so it’s possible that this proposal could die on the vine. If not, and you choose to make a WiFi call from 30,000 feet in the air, remember to watch what you say because the NSA is probably listening. The easiest way around that? Don’t make a call on an airplane. Please.

Via: Associated Press

Source: Department of Transportation