NBC News reports that the Chinese spy balloon that flew across the U.S. in February "used an American internet service provider to communicate, according to two current and one former U.S. official familiar with the assessment."

it used the American ISP connection "to send and receive communications from China, primarily related to its navigation." Officials familiar with the assessment said it found that the connection allowed the balloon to send burst transmissions, or high-bandwidth collections of data over short periods of time.

The Biden administration sought a highly secretive court order from the federal Foreign Intelligence Surveillance Court to collect intelligence about it while it was over the U.S., according to multiple current and former U.S. officials. How the court ruled has not been disclosed. Such a court order would have allowed U.S. intelligence agencies to conduct electronic surveillance on the balloon as it flew over the U.S. and as it sent and received messages to and from China, the officials said, including communications sent via the American internet service provider...

The previously unreported U.S. effort to monitor the balloon's communications could be one reason Biden administration officials have insisted that they got more intelligence out of the device than it got as it flew over the U.S. Senior administration officials have said the U.S. was able to protect sensitive sites on the ground because they closely tracked the balloon's projected flight path. The U.S. military moved or obscured sensitive equipment so the balloon could not collect images or video while it was overhead.
NBC News is not naming the internet service provider, but says it denied that the Chinese balloon had used its network, "a determination it said was based on its own investigation and discussions it had with U.S. officials." The balloon contained "multiple antennas, including an array most likely able to collect and geolocate communications," according to reports from a U.S. State Depratment official cited by NBC News in February. "It was also powered by enormous solar panels that generated enough power to operate intelligence collection sensors, the official said.

Reached for comment this week, a spokesperson for the Chinese Embassy in Washington told NBC News that the balloon was just a weather balloon that had accidentally drifted into American airspace.

Deliveries of the world's first mass-produced electric vehicle equipped with a sodium-ion battery will begin in January 2024. According to CarNewsChina, they're being produced by JAC Motors, a Volkswagen-backed Chinese automaker, through its new Yiwei EV brand. From the report: The Yiwei EV hatchback will have a cylindrical sodium-ion pack from Beijing-based HiNa Battery and adopt JAC's UE (Unitized Encapsulation) module technology. UE is also known as a honeycomb design because of its appearance. It is another battery structure concept like CATL's CTP (cell-to-pack) or BYD's Blade battery. Yiwei is a new EV brand under Anhui Jianghuai Automobile (JAC), established in 2023. JAC's parent company, Anhui Jianghuai Automobile Group Holdings (JAG), is 50% state-owned, and 50% belongs to Volkswagen Group. The German automotive giant acquired its stake in 2020 in an unprecedented move to invest in China's state-owned car maker.

[...] In February 2023, JAC announced they were the first automaker to put the lithium-free sodium-ion battery on an electric vehicle. That EV was a Sehol E10X hatchback, and the Na+ battery had the following specifications: 25 kWh capacity, 120 Wh/kg energy density (single cell 140 Wh/kg), 3C to 4C charging (10% - 80% in 20 minutes), 252 km (157 miles) range for E10X, and HiNa NaCR32140 cell. Sehol was a brand under Volkswagen Anhui JV, which VW transferred to JAC in 2021. When the Yiwei brand was launched in May 2023, JAC announced that it would ditch the Sehol brand, and all vehicles are being rebadged to JAC or Yiwei. The pictures JAC released today tell us that the new sodium-ion-powered EV is the Sehol E10X. JAC hasn't yet confirmed the name of the new car under the Yiwei brand; it could be Yiwei E10X, but we have to wait for JAC's confirmation.

JAC recently pushed a lot into sodium-ion batteries R&D. During the Shanghai Auto Show in April 2023, the company showcased its first car under the Yiwei brand called Yiwei 3, which was equipped with a sodium-ion battery. However, the EV launched later in June, only with a classic LFP lithium battery, and promised the Na+ variant would come later. The Yiwei 3 is a compact hatchback that competes with Wuling Bingo, BYD Seagull, or ORA Funky Cat. It has two power train options, both front-wheel drive: 70 kW and 100 kW motor. The maximum cruising range is 505 km CLTC with a 51.5 kWh battery.

After falsified records for spare aircraft parts set off a frantic global search for suspect pieces, the aviation industry now faces another daunting task: adapting the archaic paperwork for 100 million components to the digital age. From a report: Since the middle of the year, maintenance shops and aerospace manufacturers have found thousands of engine parts with falsified records linked to a distributor called AOG Technics. Airlines from China to the US and Europe have had to pull planes from service and extract the dubious components, leaving jets grounded and racking up millions of dollars in costs.

The episode has prodded carriers and maintenance shops to bolster scrutiny of their vendors and the parts they receive. And it's given fresh weight to an ongoing push to digitize the paper-based records still prevalent in the industry to document the lifespan of every piece of an aircraft from the time that it's made to when it lands in a scrap heap. But any structural reforms to thwart would-be copycats of the scheme of which AOG is suspected are likely years away. The industry is accustomed to following standardized methods and only making fundamental changes after a detailed and often lengthy examination of potential safety risks -- and costs.

The EU's competition and digital chief has defended the bloc's landmark law on AI, saying the move would create "legal certainty" for tech start-ups building the technology, even as it comes under fire from critics including French President Emmanuel Macron. From a report: Margrethe Vestager told the Financial Times that the EU's proposed AI Act would "not harm innovation and research, but actually enhance it." That is because the legislation, for the first time, provides a clear set of rules for those building so-called foundation models -- the technology that underpins generative AI products such as OpenAI's ChatGPT, which can churn out humanlike text, images and code in seconds.

"[The AI Act] creates predictability and legal certainty in the market when things are put to use," said Vestager, the commission's executive vice-president who oversees competition and the EU's strategy dubbed "Europe fit for the digital age." She added: "If you do foundational models, but also if you want to apply foundational models, you know exactly what you are going to look for once it is put into use. It is important that you do not have any regulatory over-reach, that innovation and research is promoted again." Her defence of the AI Act comes after Macron argued the legislation risks leaving European tech companies lagging behind those based in the US and China.

Following policy adjustments by the U.S. Citizenship and Immigration Services (USCIS) in January, more foreign-born workers in science, technology, engineering, and math (STEM) fields are able to live and work permanently in the United States. "The jump comes after USCIS in January 2022 tweaked its guidance criteria relating to two visa categories available to STEM workers," reports Science Magazine. "One is the O-1A, a temporary visa for 'aliens of extraordinary ability' that often paves the way to a green card. The second, which bestows a green card on those with advanced STEM degrees, governs a subset of an EB-2 (employment-based) visa." From the report: The USCIS data, reported exclusively by ScienceInsider, show that the number of O-1A visas awarded in the first year of the revised guidance jumped by almost 30%, to 4570, and held steady in fiscal year 2023, which ended on 30 September. Similarly, the number of STEM EB-2 visas approved in 2022 after a "national interest" waiver shot up by 55% over 2021, to 70,240, and stayed at that level this year. "I'm seeing more aspiring and early-stage startup founders believe there's a way forward for them," says Silicon Valley immigration attorney Sophie Alcorn. She predicts the policy changes will result in "new technology startups that would not have otherwise been created."

President Joe Biden has long sought to make it easier for foreign-born STEM workers to remain in the country and use their talent to spur the U.S. economy. But under the terms of a 1990 law, only 140,000 employment-based green cards may be issued annually, and no more than 7% of those can go to citizens of any one country. The ceiling is well below the demand. And the country quotas have created decades-long queues for scientists and high-tech entrepreneurs born in India and China. The 2022 guidance doesn't alter those limits on employment-based green cards but clarifies the visa process for foreign-born scientists pending any significant changes to the 1990 law. The O-1A work visa, which can be renewed indefinitely, was designed to accelerate the path to a green card for foreign-born high-tech entrepreneurs.

Although there is no cap on the number of O-1A visas awarded, foreign-born scientists have largely ignored this option because it wasn't clear what metrics USCIS would use to assess their application. The 2022 guidance on O-1As removed that uncertainty by listing eight criteria -- including awards, peer-reviewed publications, and reviewing the work of other scientistsâ"and stipulating that applicants need to satisfy at least three of them. The second visa policy change affects those with advanced STEM degrees seeking the national interest waiver for an EB-2. Under the normal process of obtaining such a visa, the Department of Labor requires employers to first satisfy rules meant to protect U.S. workers from foreign competition, for example, by showing that the company has failed to find a qualified domestic worker and that the job will pay the prevailing wage. That time-consuming exercise can be waived if visa applicants can prove they are doing "exceptional" work of "substantial merit and national importance." But once again, the standard for determining whether the labor-force requirements can be waived was vague, so relatively few STEM workers chose that route. The 2022 USCIS guidance not only specifies criteria, which closely track those for the nonimmigrant, O-1A visa, but also allows scientists to sponsor themselves.

Nvidia has throttled the performance of its GeForce RTX 4090 GPU by roughly 11%, allowing it to comply with U.S. sanctions and be sold in China. The Register reports: Dubbed the RTX 4090D, the device appeared on Nvidia's Chinese-market website Thursday and boasts performance roughly 10.94 percent lower than the model Nvidia announced in late 2022. This shows up in the form of lower core count, 14,592 CUDA cores versus 16,384 on versions sold outside of China. Nvidia also told The Register today the card's tensor core count has also been been cut down by a similar margin from 512 to 456 on the 4090D variant. Beyond this the card is largely unchanged, with peak clock speeds rated at 2.52 GHz, 24 GB of GDDR6x memory, and a fat 384-bit memory bus.

As we reported at the time, the RTX 4090 was the only consumer graphics card barred from sale in the Middle Kingdom following the October publication of the Biden Administration's most restrictive set of export controls. The problem was the card narrowly exceeded the performance limits on consumer cards with a total processing performance (TPP) of more than 4,800. That number is calculated by doubling the max number of dense tera-operations per second -- floating point or integer -- and multiplying by the bit length of the operation.

The original 4090 clocked a TPP of 5,285 performance, which meant Nvidia needed a US government-issued license to sell the popular gaming card in China. Note, consumer cards aren't subject to the performance density metric that restricts the sale of much less powerful datacenter cards like the Nvidia L4. As it happens, cutting performance by 10.94 percent is enough to bring the card under the metrics that trigger the requirement for the USA's Bureau of Industry and Security (BIS) to consider an export license. Nvidia notes that the 4090D can be overclocked by end users, effectively allowing customers to recover some performance lost by the lower core count. "In 4K gaming with ray tracing and deep-learning super sampling (DLSS), the GeForce RTX 4090D is about five percent slower than the GeForce RTX 4090 and it operates like every other GeForce GPU, which can be overclocked by end users," an Nvidia spokesperson said in an email.

Chinese smartphone giant Xiaomi has revealed its first electric car, a sharp-looking sedan called the SU7. Slated to roll out in China next year, it's another entry into an increasingly crowded market for EVs. It's also another attempt in this software-obsessed world to match up the technology people find in their phones to what goes on inside their car. From a report: Xiaomi might have a shot. That's because the car will run Xiaomi's "HyperOS," a new architecture the company has been working on for more than six years that's supposed to be dynamic enough to power everything including phones, smart home systems and cars. The goal is a more seamless experience, one where your apps and preferences are ready to go no matter where you are.

[...] As for the specs, they look impressive on paper. The company is claiming as much range on a full charge as 800 km, or just shy of 500 miles, though that's on China's rosy test cycle. That is on the higher-end model, which is built atop a 101kWh battery pack from Chinese giant CATL. A base model with just 73.6kWh of capacity will allegedly get closer to 668 km, or 415 miles, on a charge. They will charge fast (220 km in five minutes) and will be fast (0-100 km/h in just 2.78 seconds). Pricing will come at a later date.

Baidu's ChatGPT-like Ernie Bot has garnered more than 100 million users, chief technology officer of the Chinese internet company Wang Haifeng said on Thursday. From a report: The user base milestone comes after Baidu opened Ernie Bot to the public in August. This was preceded by a partial unveiling and more than five-month trial period where select users could test the chatbot's capabilities. Analysts said that while the partial unveiling in March was underwhelming, it still gave the company a valuable first-mover advantage in a market that has since become crowded with dozens of players, as Chinese tech companies, large and small, look to develop their own chatbots powered by generative AI.

Agence France-Press reports: The world of Chinese chess is in uproar over rumors of cheating and a bad behavior scandal that saw the national champion stripped of his title on Monday after a victory celebration ended with him defecating in a hotel bathtub. Xiangqi, or Chinese chess, has been hugely popular for hundreds of years across Asia -- and 48-year-old Yan Chenglong beat dozens of contenders last week to win the title of "Xiangqi King" at a national tournament hosted by the Chinese Xiangqi Association. But his joy was short-lived, with the CXA on Monday announcing that Yan would have his title revoked and prize money confiscated after had been caught "disrupting public order" and displaying "extremely bad character."

The association was also forced to address rumors circulating online that Yan had cheated during the competition by using anal beads equipped with wireless transmitters to send and receive signals. Yan allegedly clenched and unclenched rhythmically to communicate information about the chess board via code to a computer, which then sent back instructions on what moves to make in the form of vibrations, according to reports circulating on the Chinese social site Weibo. "Based on our understanding of the situation, it is currently impossible to prove that Yan engaged in cheating via 'anal beads' as speculated on social media," the CXA said. But he was still stripped of his title and banned from playing for a year after his celebrations went wayward.

"Yan consumed alcohol with others in his room on the night of the 17th, and then he defecated in the bathtub of the room he was staying in on the 18th, in an act that damaged hotel property, violated public order and good morals, had a negative impact on the competition and the event of Xiangqi, and was of extremely bad character," the association said. The association did not disclose the amount of prize money Yan was forfeiting, but Xiangqi tournaments often promise winners tens of thousands of yuan (thousands of dollars).

An anonymous reader quotes a report from The Register: Bruce Perens, one of the founders of the Open Source movement, is ready for what comes next: the Post-Open Source movement. "I've written papers about it, and I've tried to put together a prototype license," Perens explains in an interview with The Register. "Obviously, I need help from a lawyer. And then the next step is to go for grant money." Perens says there are several pressing problems that the open source community needs to address. "First of all, our licenses aren't working anymore," he said. "We've had enough time that businesses have found all of the loopholes and thus we need to do something new. The GPL is not acting the way the GPL should have done when one-third of all paid-for Linux systems are sold with a GPL circumvention. That's RHEL." RHEL stands for Red Hat Enterprise Linux, which in June, under IBM's ownership, stopped making its source code available as required under the GPL. Perens recently returned from a trip to China, where he was the keynote speaker at the Bench 2023 conference. In anticipation of his conversation with El Reg, he wrote up some thoughts on his visit and on the state of the open source software community. One of the matters that came to mind was Red Hat.

"They aren't really Red Hat any longer, they're IBM," Perens writes in the note he shared with The Register. "And of course they stopped distributing CentOS, and for a long time they've done something that I feel violates the GPL, and my defamation case was about another company doing the exact same thing: They tell you that if you are a RHEL customer, you can't disclose the GPL source for security patches that RHEL makes, because they won't allow you to be a customer any longer. IBM employees assert that they are still feeding patches to the upstream open source project, but of course they aren't required to do so. This has gone on for a long time, and only the fact that Red Hat made a public distribution of CentOS (essentially an unbranded version of RHEL) made it tolerable. Now IBM isn't doing that any longer. So I feel that IBM has gotten everything it wants from the open source developer community now, and we've received something of a middle finger from them. Obviously CentOS was important to companies as well, and they are running for the wings in adopting Rocky Linux. I could wish they went to a Debian derivative, but OK. But we have a number of straws on the Open Source camel's back. Will one break it?"

Another straw burdening the Open Source camel, Perens writes, "is that Open Source has completely failed to serve the common person. For the most part, if they use us at all they do so through a proprietary software company's systems, like Apple iOS or Google Android, both of which use Open Source for infrastructure but the apps are mostly proprietary. The common person doesn't know about Open Source, they don't know about the freedoms we promote which are increasingly in their interest. Indeed, Open Source is used today to surveil and even oppress them." Free Software, Perens explains, is now 50 years old and the first announcement of Open Source occurred 30 years ago. "Isn't it time for us to take a look at what we've been doing, and see if we can do better? Well, yes, but we need to preserve Open Source at the same time. Open Source will continue to exist and provide the same rules and paradigm, and the thing that comes after Open Source should be called something else and should never try to pass itself off as Open Source. So far, I call it Post-Open." Post-Open, as he describes it, is a bit more involved than Open Source. It would define the corporate relationship with developers to ensure companies paid a fair amount for the benefits they receive. It would remain free for individuals and non-profit, and would entail just one license. He imagines a simple yearly compliance process that gets companies all the rights they need to use Post-Open software. And they'd fund developers who would be encouraged to write software that's usable by the common person, as opposed to technical experts.

Pointing to popular applications from Apple, Google, and Microsoft, Perens says: "A lot of the software is oriented toward the customer being the product -- they're certainly surveilled a great deal, and in some cases are actually abused. So it's a good time for open source to actually do stuff for normal people." The reason that doesn't often happen today, says Perens, is that open source developers tend to write code for themselves and those who are similarly adept with technology. The way to avoid that, he argues, is to pay developers, so they have support to take the time to make user-friendly applications. Companies, he suggests, would foot the bill, which could be apportioned to contributing developers using the sort of software that instruments GitHub and shows who contributes what to which products. Merico, he says, is a company that provides such software. Perens acknowledges that a lot of stumbling blocks need to be overcome, like finding an acceptable entity to handle the measurements and distribution of funds. What's more, the financial arrangements have to appeal to enough developers. "And all of this has to be transparent and adjustable enough that it doesn't fork 100 different ways," he muses. "So, you know, that's one of my big questions. Can this really happen?" Perens believes that the General Public License (GPL) is insufficient for today's needs and advocates for enforceable contract terms. He also criticizes non-Open Source licenses, particularly the Commons Clause, for misrepresenting and abusing the open-source brand.

As for AI, Perens views it as inherently plagiaristic and raises ethical concerns about compensating original content creators. He also weighs in on U.S.-China relations, calling for a more civil and cooperative approach to sharing technology.

You can read the full, wide-ranging interview here.

U.S. officials are worried about hacking and insider theft of AI secrets, which China has denied. From a report: On a July day in 2018, Xiaolang Zhang headed to the San Jose, Calif., airport to board a flight to Beijing. He had passed the checkpoint at Terminal B when his journey was abruptly cut short by federal agents. After a tipoff by Apple's security team, the former Apple employee was arrested and charged with stealing trade secrets related to the company's autonomous-driving program. It was a skirmish in a continuing shadow war between the U.S. and China for supremacy in artificial intelligence. The two rivals are seeking any advantage to jump ahead in mastering a technology with the potential to reshape economies, geopolitics and war.

Artificial intelligence has been on the Federal Bureau of Investigation's list of critical U.S. technologies to protect, just as China placed it on a list of technologies it wanted its scientists to achieve breakthroughs on by 2025. China's AI capabilities are already believed to be formidable, but U.S. intelligence authorities have lately made new warnings beyond the threat of intellectual-property theft. Instead of just stealing trade secrets, the FBI and other agencies believe China could use AI to gather and stockpile data on Americans at a scale that was never before possible. China has been linked to a number of significant thefts of personal data over the years, and artificial intelligence could be used as an "amplifier" to support further hacking operations, FBI Director Christopher Wray said, speaking at a press conference in Silicon Valley earlier this year.

The Biden administration has spent much of the last two years bracing key U.S. networks and infrastructure against crippling cyberattacks from Russia, Iran and China. But it is following a different playbook as it ramps up its efforts to thwart digital threats from North Korea: Follow the crypto -- and stop it. From a report: Convinced North Korea primarily sees hacking as a way to funnel money back to the cash-strapped Kim Jong Un regime, the White House has focused on blocking the country's ability to launder the cryptocurrency it steals through its cyberattacks. In the last year, the administration has unveiled a flurry of sanctions against North Korean hacking groups, front companies and IT workers, and blacklisted multiple cryptocurrency services they use to launder stolen funds. Earlier this month, national security adviser Jake Sullivan announced a new partnership with Japan and South Korea aimed at cracking down on Pyongyang's crypto bonanza -- thereby choking off money to its nuclear and conventional weapons programs.

"In countering North Korean cyber operations, our first priority has been focusing on their crypto heists," Anne Neuberger, the National Security Council's top cybersecurity official, said in an interview. The stepped-up effort to blunt North Korea's cyber operations is fueled by growing alarm about where the fruits of those attacks are going, Neuberger said. Hacking, she argued, has enabled North Korea to "either evade sanctions or evade the steps the international community has taken to target their weapons proliferation ... their missile regime, and the growth in the number of launches we've seen."

With everyone worrying about climate change, CNN shares a list of reasons to feel positive: The year 2023 is on track to see the biggest increase in renewable energy capacity to date, according to the International Energy Agency. China, the world's biggest climate polluter, has made lightning advances in renewables, with the country set to shatter its wind and solar target five years early. A report published in June found that China's solar capacity is now greater than the rest of the world's nations combined, in a surge described by the report's author, Global Energy Monitor, as "jaw-dropping...."

The popularity of electric vehicles has surged this year, with American sales at an all-time high. People in China and Europe are snapping up EVs in large numbers as well... Americans purchased 1 million fully electric vehicles in 2023, an annual record, according to a report from Bloomberg New Energy Finance. Electric vehicles accounted for about 8% of all new vehicles sales in the US during the first half of 2023, according to the report. In China, EVs accounted for 19% of all vehicle sales, and worldwide, they made up 15% of new passenger vehicle sales. EV sales in Europe were up 47% in the first nine months of 2023, according to data from the European Automobile Manufacturers Association (EAMA)
Other positive developments from the article:

• "For more than six days straight, between October 31 to November 6, the nation of more than 10 million people relied solely on renewable energy sources — setting an exciting example for the rest of the world."

• "Deforestation in Brazil fell by 22.3% in the 12 months through July, according to data from the national government, as President Luiz Ignácio Lula da Silva started to make progress on his pledge to rein in the rampant forest destruction that occurred under his predecessor..."

• "The Earth's ozone layer is on track to recover completely within decades, a UN-backed panel of experts announced in January, as ozone-depleting chemicals are phased out across the world."

An anonymous reader shared this report from Fast Company: Providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions, the National Security Council tells Fast Company, pointing to recent Iran-linked attacks on U.S. water utilities that exploited basic security lapses [earlier this month]. The security council tells Fast Company it's also aware of recent intrusions by hackers linked to China's military at American infrastructure entities that include water and energy utilities in multiple states.

Neither the Iran-linked or China-linked attacks affected critical systems or caused disruptions, according to reports.

"We're seeing companies and critical services facing increased cyber threats from malicious criminals and countries," Anne Neuberger, the deputy national security advisor for cyber and emerging tech, tells Fast Company. The White House had been urging infrastructure providers to upgrade their cyber defenses before these recent hacks, but "clearly, by the most recent success of the criminal cyberattacks, more work needs to be done," she says... The attacks hit at least 11 different entities using Unitronics devices across the United States, which included six local water facilities, a pharmacy, an aquatics center, and a brewery...

Some of the compromised devices had been connected to the open internet with a default password of "1111," federal authorities say, making it easy for hackers to find them and gain access. Fixing that "doesn't cost any money," Neuberger says, "and those are the kinds of basic things that we really want companies urgently to do." But cybersecurity experts say these attacks point to a larger issue: the general vulnerability of the technology that powers physical infrastructure. Much of the hardware was developed before the internet and, though they were retrofitted with digital capabilities, still "have insufficient security controls," says Gary Perkins, chief information security officer at cybersecurity firm CISO Global. Additionally, many infrastructure facilities prioritize "operational ease of use rather than security," since many vendors often need to access the same equipment, says Andy Thompson, an offensive cybersecurity expert at CyberArk. But that can make the systems equally easy for attackers to exploit: freely available web tools allow anyone to generate lists of hardware connected to the public internet, like the Unitronics devices used by water companies.

"Not making critical infrastructure easily accessible via the internet should be standard practice," Thompson says.

An anonymous reader shared this report from Reuters: In February, a Canadian cybersecurity firm delivered an ominous forecast to the U.S. Department of Defense. America's secrets — actually, everybody's secrets — are now at risk of exposure, warned the team from Quantum Defen5e (QD5). QD5's executive vice president, Tilo Kunz, told officials from the Defense Information Systems Agency that possibly as soon as 2025, the world would arrive at what has been dubbed "Q-day," the day when quantum computers make current encryption methods useless. Machines vastly more powerful than today's fastest supercomputers would be capable of cracking the codes that protect virtually all modern communication, he told the agency, which is tasked with safeguarding the U.S. military's communications.

In the meantime, Kunz told the panel, a global effort to plunder data is underway so that intercepted messages can be decoded after Q-day in what he described as "harvest now, decrypt later" attacks, according to a recording of the session the agency later made public. Militaries would see their long-term plans and intelligence gathering exposed to enemies. Businesses could have their intellectual property swiped. People's health records would be laid bare... One challenge for the keepers of digital secrets is that whenever Q-day comes, quantum codebreakers are unlikely to announce their breakthrough. Instead, they're likely to keep quiet, so they can exploit the advantage as long as possible.
The article adds that "a scramble is on to protect critical data. Washington and its allies are working on new encryption standards known as post-quantum cryptography... Beijing is trying to pioneer quantum communications networks, a technology theoretically impossible to hack, according to researchers...

"In a quantum communications network, users exchange a secret key or code on subatomic particles called photons, allowing them to encrypt and decrypt data. This is called quantum key distribution, or QKD."

Beijing is moving to curb excessive spending on video games across the country, according to a new draft regulation, dealing another blow to the world's largest video gaming market that is still recovering from the government's previous industry crackdown. From a report: Online games must not offer rewards that entice people to excessively play and spend, including those for daily logins and topping up accounts with additional funds, according to draft rules published on Friday by industry regulator the National Press and Publication Administration (NPPA). All video games must put a cap on how much players can top up their accounts and alert users about "irrational consumption behaviour" via a pop-up window, according to the NPPA.

An anonymous reader quotes a report from the Los Angeles Times: It was the late 1980s when Gary Mund felt his pinky tremble. At first it seemed like a random occurrence, but pretty quickly he realized something was seriously wrong. Within two years, Mund -- a crew worker with the Eastern Municipal Water District in Riverside County -- was diagnosed with Parkinson's disease. The illness would eventually consume much of his life, clouding his speech, zapping most of his motor skills and taking away his ability to work and drive. "It sucks," said Mund, 69. He speaks tersely, because every word is a hard-won battle. "I was told the herbicide wouldn't hurt you."

The herbicide is paraquat, an extremely powerful weed killer that Mund sprayed on vegetation as part of his job from about 1980 to 1985. Mund contends the product is responsible for his disease, but the manufacturer denies there is a causal link between the chemical and Parkinson's. Paraquat is manufactured by Syngenta, a Swiss-based company owned by the Chinese government. The chemical is banned in at least 58 countries -- including China and Switzerland -- due to its toxicity, yet it continues to be a popular herbicide in California and other parts of the United States. But research suggests the chemical may cross the blood-brain barrier in a manner that triggers Parkinson's disease, a progressive, neurodegenerative disorder that affects movement. Now, Mund is among thousands of workers suing Syngenta seeking damages and hoping to see the chemical banned.

Since 2017, more than 3,600 lawsuits have been filed in state and federal courts seeking damages from exposure to paraquat products, according to Syngenta's 2022 financial report (PDF). [...] Paraquat is 28 times more toxic than another controversial herbicide, Roundup, according to a report from the Pesticide Action Network. (Roundup has been banned in several parts of California, including a 2019 moratorium by the Los Angeles County Board of Supervisors forbidding its use by county departments.) Paraquat also has other known health effects. It is listed as "highly toxic" on the U.S. Environmental Protection Agency's website, which says that "one small sip can be fatal and there is no antidote." The EPA is currently reviewing paraquat's approval status. However, both the EPA and Syngenta cited a 2020 U.S. government Agricultural Health Study that found there is no clear link between paraquat exposure and Parkinson's disease. A 2021 review of reviews similarly found that there is no causal relationship.

Artificial rain has been used in an attempt to lower pollution levels in Lahore, Pakistan. From a report: The capital city of the eastern province of Punjab, near the Indian border, has some of the worst air quality in the world and has become extremely polluted because of a growing population of more than 13 million people. By early December, the air quality in the city had grown so bad that schools, markets and parks were closed for four days. By last weekend, the city's air quality index (AQI) had reached levels considered extremely hazardous to health.

To try to reduce them, on Saturday the Punjab government used cloud seeding to create rain in 10 locations around the city using a small Cessna plane. To create the clouds, there needs to be enough moisture already present in the clouds in the lower atmosphere. In summer, common table salt mixed with water is sprayed over the cloud patches from planes. After a few hours, the mist integrates with the clouds and produces rain. In winter, the clouds are seeded using flakes of silver iodide, which can be fired from a vehicle or a plane. The practice, also known as "blueskying," has been used to induce precipitation in several countries in the Middle East, as well as China and India.

In a notice on Monday, Xfinity notified customers of a "data security incident" that resulted in the theft of customer information, including usernames, passwords, contact information, and more. The Verge reports: Xfinity traces the breach to a security vulnerability disclosed by cloud computing company Citrix, which began alerting customers of a flaw in software Xfinity and other companies use on October 10th. While Xfinity says it patched the security hole, it later uncovered suspicious activity on its internal systems "that was concluded to be a result of this vulnerability."

The hack resulted in the theft of customer usernames and hashed passwords, according to Xfinity's notice. Meanwhile, "some customers" may have had their names, contact information, last four digits of their social security numbers, dates of birth, and / or secret questions and answers exposed. Xfinity has notified federal law enforcement about the incident and says "data analysis is continuing."

We still don't know how many users were affected by the breach. Xfinity will automatically ask customers to change their passwords the next time they log in to their accounts, and it's also encouraging users to turn on two-factor authentication. You can find the full notice, including contact information for the company's incident response team, on Xfinity's website (PDF). UPDATE 12/19/23: According to TechCrunch, almost 36 million Xfinity customers had their sensitive information accessed by hackers via a vulnerability known as "CitrixBleed." The vulnerability is "found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August," the report says. "Citrix made patches available in early October, but many organizations did not patch in time. Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China and international law firm Allen & Overy."

"In a filing with Maine's attorney general, Comcast confirmed that almost 35.8 million customers are affected by the breach. Comcast's latest earnings report shows the company has more than 32 million broadband customers, suggesting this breach has impacted most, if not all Xfinity customers."

Forbes recently published this article by author/speaker Nina Xiang, who reports that Huawei is pushing forward with "an amibitious plan to dethrone Android." Hundreds of technical experts from many of China's biggest state-owned and private companies, including the Industrial and Commercial Bank of China (ICBC), China Telecom, Meituan, and Baidu, all gathered in Beijing last month. The purpose behind the meeting was for their staff to receive training so they could be certified as developers on Huawei's Harmony Operation System (OS).

While most observers were looking the other way, Huawei has been quietly building an independent Chinese operating system that isn't subject to U.S. sanctions. In the four years after the telecom giant was banned from using Google apps, the Shenzhen-based company has been making significant strides toward achieving its long-term goal: To dethrone Android and make its HarmonyOS the default operating system in China.

Looking at the data for smartphone sales in China shows that HarmonyOS had the third-largest share with 10% in the second quarter of 2023, thanks to a strong resurgence in sales of Huawei smartphones. Although it's still well below Android's dominant 72%, it's not far from iOS's 17%... Huawei already says more than 700 million devices (including phones, smart devices, computers, and others) were equipped with HarmonyOS as of August this year, with over 2.2 million developers actively building within the ecosystem...

A key moment will come next year, when Huawei says HarmonyOS will no longer be compatible with Android apps.