2021, Allison Sheridan
NosillaCast Apple Podcast

Edit Transcript Remove Highlighting Add Audio File
Export... ?


[0:00] Music.

[0:12] 2023 and this show is show number 932. Well, I'm excited to be back with the live audience.
I'm excited to have most of my voice back and it's the real me now. I love being on

Allison On Clockwise

[0:24] the Clockwise podcast and this week's episode was my favorite so far. I don't know what it was, but sometimes, you know, the chemistry just clicks. It was hosted by the usual suspects, Micah Sargent and Dan Morin, and had guest Lisa Schmeiser. She's been on loads of times, but I never got to meet her before, I was never on at the same time.
She was as delightful as I had hoped.
Now the format of Clockwise is always four guests, four topics.
Our topics this week were how we display and enjoy our photos, celebrating digital cleanup day, software we use begrudgingly, and our device replacement strategies.
Now that last one was actually from Jill from the Northwoods.
She came up with the question for the show.
Now before we recorded, Micah asked Lisa and me to add our Mastodon accounts to the show notes so they could tag us when they posted the show.
I thought it was interesting that they didn't ask for our Twitter accounts.
They actually already had them, but you know what, nobody batted an eye when they said, hey, give us your Mastodon accounts.
Things are hopping over at Mastodon.
Anyway, you can find this episode of Clockwise at slash clockwise and look for episode number 494.
And of course, there's a link in the show notes.

Ccatp #762 — Bart Busschots On Pbs #147 – Bash Arrays

[1:31] In this week's episode of Chit Chat Across the Pond, it's another episode of Programming by Stealth.
And Bart walks us through how to create, add to and extract from arrays using Bash.
It's a very light episode, which I managed to drag out longer by making him slow down and dig into the syntax used for arrays.
Now it's not just me being dense this time. There are squirrely brackets, square brackets, single quotes, double quotes, and the good old Octothorp thrown in for some extra fun.
So the syntax is pretty confusing, and I think by repetition, I may have gotten to the point where if I'm looking at his show notes, I could create Bash arrays and have a chance of getting all of that syntax correct.
By the way, it looks like we're probably gonna do another Programming by Stealth this coming weekend because of some scheduling problems.
And so you only have a week to get the challenge done before next week's show.
For this episode, as always, you can find a link in the show notes to Bart's fabulous tutorial show notes for programming by stealth.

Macstock Expo

[2:30] I am thrilled to tell you that my favorite conference of the year, MaxHawkExpo, is taking place July 22nd and 23rd this year in Woodstock, Illinois, as always, just north of Chicago, and I will be one of the speakers.
I haven't been in a few years for obvious reasons, so I'm super excited to get to go again. Weekend and single day passes are available now.
It's $299 for a weekend pass and $159 if you can only go for one day.
I highly recommend you go for if you're going to bother going, make it both days because the evenings hanging out with fellow Apple heads are just fabulous. You get lunch both days, a limited edition, MaxDock7 t-shirt and a free digital pass to rewatch the sessions.
Now, if you're flying out, don't book your flights just yet because Barry Fulka is going to come on the show to explain why you might want to fly in a day early.
You can learn more about the conference at
And of course, there's a link in the show notes.
So far, I think six or seven people in the live audience have already said that they are going to MacStack Expo. So if you want to meet the people that I'm always talking about in the live show, you should go yourself.

Csun Atc 2023: Goodmaps Indoor Navigation Aid

[3:39] This week, Steve and I made our annual short trek to the CSUN Assistive Tech Conference in Anaheim, California.
I think the first time we went to this was at the invitation of Donald Burr, and every year possible we've been attending.
March of 2020, it was the first thing we didn't do as the pandemic hit.
Missing three of these was very sad, so we were really happy to get to go back this year.
The conference is a week of in-depth sessions, but we actually just go on the last day and go to the exhibit halls.
It's not a huge show, but for a one-day experience, it's just right.
In a few hours, we got eight interviews and they were all gold.
Now, gold, for me, defines that the person knew what they were talking about, could explain it articulately, they were enthusiastic about what they were talking about, and the product seemed interesting to me. A couple of them aren't really accessible tech things, but they were still really good interviews. As usual, I'll be doling out these interviews over time, rather than inundating you with them all at once.
Keep in mind that while you'll be able to hear the audio in the show today, if you have the gift of sight, you can also follow the link in the show notes to Steve's video recording of the interview. I made sure before each interview I told the person, pretend I'm blind, in hopes that they would be able to describe everything they were showing to me so the audio is nearly as helpful as the video. Let's hear the first interview from the CSUN Assistive Tech Conference.

[5:02] We're at the CSUN Assistive Technology Conference in Anaheim, California, and I'm going to start out my interviews with Mike May from Good Maps. How are you doing today, Mike?
Doing fantastically. Having a great time because for the first time I can actually explore the exhibit hall, independently with outside assistance.
Ah, now let me guess, do you do that with Good Maps?
We do it with Good Maps, yes indeed. And the way it works is we come in and scan with the LiDAR scanner this building and the the whole hotel for that matter, and create a map, and then the accessible app is used on an iPhone or an Android in order to give me turn-by-turn directions.
I can either just use it in look-around mode to see what I'm passing as I go down the aisle, or I can actually set a destination and get turn-by-turn directions in the same way that you're used to with GPS outside.
Okay, so part of the trick of this is somebody has to do the scanning of the environment, and is that the revenue stream for the app? Is that how it gets built?

[6:02] Is people paid to do the scanning of their venue? Yeah, the venue pays for the scanning and we make sure that everybody knows this is for multiple purposes. It's for blind people.
There's a step-free mode for people in chairs or using strollers or carts.
It's a good visual interface so that sighted people can use it.
We don't want to leave them out.
And everybody has challenges when it comes to navigating in airports, convention centers and large buildings.
Actually, boy, you bring up airports. I've been lost quite a few times in an airport trying to find my gate.

[6:36] Yeah, exactly. And we there's alternative ways to do that. You can ask people for directions, sighted people can look for signs, but it amazes me a lot of times I ask a sighted person for directions.
Where's gate 10? And they say, oh, I don't know. I'm not from here. And I'm thinking, well, just look around.
You can probably see it, but they don't, you know, people are stressed out in airport situations.

[6:58] So what's the interface like for you? Describe, we're at a conference right now and it has been mapped out for you. What is it like? How do you use it?
Well, the look around mode is my favorite because then I just point the phone. I want to know who's down this aisle that we're standing in. We're in the middle of it. Amazon is next to it.
And if I point my phone in that direction, then it's telling me either through the phone or through my earpiece. I have these headphones that don't block my ears, so I can walk along and just actively hear what I'm passing. Or I can pick a business like Aira and make that my destination.
Then it tells me go down this aisle, go 300 feet, turn left, turn right, and then arrived at destination.
Does it tell you it's coming up on your right? Give you some indication you're getting close?
Hotter, warmer, warmer, colder, colder, warmer?
Yeah, there actually is a getting warmer mode, but a lot of times it's just turn by turn directions, how many feet to go. It says approaching turn, so you slow down, you don't miss the turn.
And much the same way as things happen with your GPS in the car.
That is really cool. Now what is the cost to the user of good maps?

[8:08] There's no cost to the user. The apps are free. It's just paid for by the venue. Of course, the big challenge is how many buildings are mapped. And right now, we're kind of where GPS was 25 years ago, where there's not a lot of maps, but that's something we're changing actively, in railway stations. First in English-speaking countries, but expanding to others as things go along. That sounds terrific. Can I ask you an airport like Los Angeles International Airport is that one mapped? LAX is not mapped. The two airports we've done so far are Portland, Oregon and Louisville, Kentucky with many more to come. So is there a way for people to encourage these airports or train stations or venues to get on board.

[8:52] Well, I think the importance of a conference like CSUN is that there are a lot of companies here. I talked to somebody from Hilton yesterday.
They have 35 people here.
There's banks, there's airports, there's the United Nations.
So all sorts of people are coming here to learn about things.
And so that's why we have a booth so they can come by and learn about this new technology and see how it fits in to their environment for not only navigation, but for facility management, once you have accurate maps, then they can be used for asset tracking and lots of other purposes.
That is really interesting. One of the things I always like to pitch to people is that if you want to increase your audience, whatever that audience is, make things more accessible.
Because by not including accessibility, you're basically excluding potential customers.
So why wouldn't you want to do this?
Yeah, exactly. We're customers. I hate malls, and so I would not do anything more than just destination shopping in a mall.
Now I've been into a mall, I can browse, I can window shop, I can go in, buy chocolate, buy gifts, and find out what's there, not just the place that I'm targeting.
That is a really good point. So that's back to potential customers, right?
It's more inclusive, gets more customers. That's all good. Well, how would people find out more about Good Maps?

[10:10] And by the way, I love the name Podfeet because, of course, we're a pedestrian-focused company for everybody, so Podfeet kind of fits into that. You can get more information by going to and you can download the app with Good Maps, which is one word, space, explore is the indoor map, and then we also have another app that focuses on outdoor navigation that's accessible. What's that one called?
That's called Good Maps Outdoors.
Very good, very good. Well, it was really nice talking to you, Mike. I wish you guys the best of luck. This sounds like a cool endeavor. Nice meeting you, Allison.
Thanks for stopping by.

[10:48] Well, after the interview, Mike told us that we should have come the day before because, Stevie Wonder was there.
Mike explained that he and Stevie go way back, so he was able to show him around, which was great fun for him.
I was chatting with Shelley Brisbane about the show afterwards, and she said, well, of course, Stevie Wonder always comes to CSUN.
How did I not know that? Anyway, I guess he likes being up to date on all the advances in assistive tech as much as the next person.

How To Have A Long (But Numeric) Passcode On Iphone/Ipad

[11:14] There's been a lot of very justified kerfuffle about a recent article by Joanna Stern in the Wall Street Journal regarding a relatively easy method for someone to shoulder surf to see your four-digit passcode on your phone and from there be able to steal your entire Apple ID.
By the way, it's important to note that Android users unfortunately have the same problem.
With the PIN, a bad actor with your phone can change your Google account password as well.
Now just in case you haven't heard about the issue, I'll briefly describe the method on on iOS and the repercussions.
That'll give you a solution that may be easier for you than some other solutions you might've heard about.
On iOS devices, you can use a passcode or password to unlock your phone, and additionally use biometrics with Touch ID or Face ID.
The passcode defaults to four digits, but you can also choose to make it six digits, or you can choose to use an alphanumeric password.
If you use a long password to protect your phone, it's unlikely that someone looking over your shoulder could determine what that password is.
But a short numerical code, especially four digits, is incredibly easy to ascertain.
Say someone learns your code and then subsequently steals your phone.
Now here's the discovery that Joanna Stern reported on. She said, if you open settings on your phone and then tap on your avatar at the top and go into Apple ID, iCloud Plus, Media and Purchases.
From there, go into Password and Security and at the top you'll see Change Password.

[12:41] On every system I have ever used in my entire life, the option to change password requires knowledge of the current password, but not on iOS. Instead of being prompted for the current password, you're only asked for the code to unlock the phone.
So think about that. You've gone to all this trouble to use a long, strong password to protect your Apple ID, but someone with knowledge of the simple code to unlock your iPhone or iPad now owns you. It's a reasonable assumption that your Apple ID is probably also your main email address. Guess what goes to your email address? Password resets on other services. So now, someone can change your Apple ID password, log into it on, go to your banking website and change your password there too because they get the password reset sent to them, not to you. If you use iCloud Keychain to store your passwords, they now have all of those without even bothering to change them. They literally will have stolen the crown jewels just by knowing the passcode to your phone.
Now I think often about the four-digit passcodes in other contexts.
Have you ever used the same code that you have on your phone to maybe disarm your house alarm?
Is it the same code as on your ATM?
Is it the same code on your gym locker? If any of these are the same, it's a pretty easy thing to steal even more than your Apple ID access.

[14:03] Alright, enough alarming talk. What's the best thing we can do to protect ourselves?
Well, the best thing you can do is change your phone's passcode to a long alphanumeric password.
The longer more complicated it is, the harder it is for someone to see what you're typing and remember it and be able to put it back in later after they steal your phone.
Now, while this is definitely the best thing to do, it may not be practical for you.
Or you may weigh the probability of this problem happening to you against how annoying that tiny keyboard is to type on accurately, and maybe choose not to use an alphanumeric password.

[14:38] Another option is to choose a six-digit passcode instead of the default of four digits.
While six digits is a little harder to watch and memorize than four, it's not that much harder.
The shoulder surfer can also see before you start typing that there are six dots to fill in, rather than four, so they can be ready to watch for all six.
Okay, the numeric passcode, too easy to spot. The alphanumeric passcode may be too hard to type, but there's actually a middle ground. Turns out you can create a passcode of indeterminate length. And yes, I heard it, Tom.
If you go into Settings and choose Face ID and Passcode, then use Change Passcode. You'll be asked to enter your current passcode slash password. Once you get past that prompt, it will offer you three options, custom alphanumeric code, custom numeric code, four-digit numeric code.
After that, you enter a numeric code of, after you choose custom numeric code, you choose a code of any length you choose, the longer, of course, being better.
The cool part about the indeterminate length of numeric code is how it changes the look of your lock screen.
Instead of showing four dots for a four-digit passcode or six dots for a six digit passcode, it just says, enter passcode with a text box under it.
No one but you knows how many digits you have in your code.

[16:00] Now clearly a long numeric code is not as good as an alphanumeric passcode, or password I should say.
The same reason it's hard to type on the alphanumeric keyboard is the reason it's hard for someone to figure out what you're typing. But for me, it's a good compromise because I find it incredibly difficult to type on that tiny alphanumeric keyboard, and as it turns out I'm not in a lot of environments where someone could shoulder surf me. The bottom line is that there's a vulnerability we didn't know about before in the way Apple and Google protect our our most precious password.
Evidently left open this easy method to reset your password because so many people forget their Apple ID passwords.
Maybe it was a lot of work for Apple to deal with people saddened by the loss of access to all of their data.
I wish those of us with a good password hygiene, such as using third party password managers, could turn this feature off. And I put feature in air quotes.
Remember iCloud keychain passwords are vulnerable if someone knows the passcode to your phone.
And that's why I say I want to be able to turn this off because I use a third-party password manager.
I hope that whatever you do, you do type your passcode or password into your phone in a way that no one can see what you're typing.

Adding Keyboard Maestro Macros To Quick Actions In Finder

[17:10] A few weeks ago, Bob Cassidy taught us some tips about how to get Keyboard Maestro to do our bidding.
He was helping me with a specific macro that needed to be triggered on a Finder item.
At the end of his explanation, he wrote this, I think the ideal way to trigger this macro would be by right-clicking on the file and choosing from the contextual menu.
In the back of my mind, I thought Keyboard Maestro had that function, but after investigation, I don't see a way to do it.
If anyone knows how to do that, I would appreciate knowing how.

[17:39] Well, I went on my own quest to see if I could figure out how to do it for him.
I got really close to solving the problem, and then with some help from a couple of people, I was able to figure it out, but also Bob came at it from a slightly different angle and we converged on a solution.
So I'm going to start with the path I went down, and then we'll veer on over into Bob's method and take us over the finish line for his side.
If you'd like to fast forward a bit, I've got the steps in an easy-to-read list at the end. But what's the fun in an easy-to-read list of steps?
Let's go the long way around to get to the solution.
Alright, so we've got a keyboard maestro macro that acts on a file or a folder in the, My particular macro acts on PNGs in the Finder.
Instead of having to remember a keystroke, or going all the way up to the Keyboard Maestro context menu in the menu bar, we want to just right-click on the file and choose the macro from the Quick Action menu.
Now before we get too far into the solution, I want to warn you that Apple uses a lot of different names for the exact same thing, for Quick Actions, and it's going to get really confusing.
I'm going to go out of my way to add to the confusion by pointing out all of the names each time they change.
That's going to be helpful, I figure.
Alright, inside Keyboard Maestro, if you select a Finder macro, one that operates in the Finder, you can select File, Export, and one of the options is Export as Finder Quick Action.
That sounds like exactly what we want.

[19:05] By the way, there is an export menu available if you just right-click on a macro, but I'd leave that. That export menu does not include the Export as Finder Quick Action option.
You have to do it from the File menu. So the Keyboard Maestro export option calls it a Quick Action, but you are immediately asked what do you want to name the saved service.
We now have two names for it, Quick Action and Service.
Once you have the service saved, you still have to add it to the Quick Action menu.
You get a pop-up that explains that to enable this Quick Finder action, you need to select Customize from the Quick Action menu.
To do this, we need to right-click on a file in the Finder, and in the menu that pops up, choose Quick Action.
You'll see a list of your Quick Actions, and at the bottom of the list it will say Customize.
This customized request launches system settings, or system preferences if you're in Preventura, to Privacy and Security, Extensions. Are they services? Are they quick actions?
Or are they extensions?

[20:11] Within the extensions menu, you'll see actions, but they're not quick. Ignore those.
Go to the bottom of the list and choose Finder. Within Finder, we get a section that says, Select quick actions to show in Finder.
In this list, you can finally see the Quick Actions you've already installed.
You'll also see the one you exported from Keyboard Maestro.
Check the box next to your Finder, Macro, Quick Action, Service, Extensions, Name, whatever you want to call it.
All right, now from the Finder, if you right-click on a file and choose Quick Action from the menu, you can choose your Keyboard Maestro macro. That's fantastic.
If this is the first time you've added a Keyboard Maestro macro to the Quick Action menu, you'll be asked to grant the finder permission to control Keyboard Maestro.
That makes a lot of sense because I'm really glad that apps can't just suddenly start running Keyboard Maestro macros without me knowing about it and the finder is sandboxed in the same way.
Once I had my macro in the Quick Action menu, I'd granted Finder permissions to run it, I figured I was golden.
I right-clicked on a PNG and chose my macro from the service's Quick Action menu.
And I was greeted with an error. It said, The action Run AppleScript encountered an error.
Keyboard Maestro Engine got an error.
DoScript found no macros with a matching name. must be enabled, and in macro groups that are enabled, and currently active.

[21:38] I knew that the macros were enabled, and that they were in groups that were enabled, but I didn't know what this active thing meant.
When I first wrote the blog post, right up to where I am in the story, it turns out the author of Keyboard Maestro, Peter Lewis, actually wrote a comment on the post, and he pointed me in the right direction to solve the error.
So if you saw this blog post, it is completely different after Peter Lewis helped me.
But before we get into that part of Today I Learned, what is this stuff about Apple Script and the error message?
I never wrote any Apple Script!
At the bottom of that error window, it had the option to show workflow, which opened Automator.

[22:17] I don't remember creating an Automator workflow, or did I? So show workflow was in that window, and it opens the Services menu inside my User Library folder with a workflow named after my Keyboard Maestro macro.
So my macro is a service, is an extension, is a quick action, is a workflow.
Got it! Okay. So opening this Automator workflow revealed an AppleScript that was trying to run my Keyboard Maestro macro.
I found it really ironic that Keyboard Maestro created an AppleScript for me.
Because I've been trying to use Keyboard Maestro instead of learning AppleScript, because I've been worried that AppleScript might go away sometime soon, as Apple seems to have lost interest as they're flirting around with shortcuts. And yet here Keyboard Maestro goes, creating an AppleScript for me.
Well, I'm looking at this AppleScript, and I haven't learned AppleScript yet, so I didn't know why the workflow AppleScriptServiceQuickAction was failing. I sent Bob everything I did to to get this point and I asked him if he knew what was wrong.

[23:20] Well, as it turns out, nothing was wrong with the Apple script.
Keyboard Maestro's developer, Peter, suggested I open the macro in question in Keyboard Maestro and run the Interactive Help option under the Help menu.
Well, learning about this Interactive Help menu made me really happy because I had a problem with this macro and knowing that I needed this Interactive Help menu was really cool because the tool is really cool.
Tool. If you select the macro that's giving you trouble, Interactive Help asks you what's, wrong. The two most interesting choices are something unexpected is happening or something expected is not happening. I chose the second option and it went through a series of tests on the macro. For the tests that succeed, you get a happy check. But for the ones that fail, you get a sad red X, which then takes you to another step to diagnose the problem.

[24:13] When I ran it on my macro, it failed one of the tests, and it pointed me to this active thing just like it said in the error message.
At the top of a macro, it turns out, you define the triggers that make it go.
And that's the active part.
What I didn't realize is these triggers, they're not options.
They are required to make the macro active.
I completely did not understand that. When I originally created the macro with Bob's guidance, I had the trigger set to the status menu is selected. So that's where you go up to the menu bar and click on Keyboard Maestro and you choose the status menu in order to get to your macro. That's the way I was doing it before. But if I'm trying to call the macro using a quick action, then the status menu is not selected, so the quick action simply cannot run. It's not active. It just can't go because it doesn't have that status menu selected.
Now, as I explain it, this kind of seems obvious, but I hadn't really given much thought to to the importance of the triggers until the interactive help menu guided me through the problem.
Once I fixed the trigger to make the action active for quick action to be allowed to run it, it worked.

[25:24] Now, before I received help from Peter on this, remember I said I sent Bob everything I did up to and including the error about the macro being active.
I'm not sure he actually read everything that I sent because I gave him all the steps and screenshots and everything because he came at this from a different angle and he arrived at essentially the same spot, but with a solution that was a bit more simple.

[25:46] The one interesting bit in the auto-generated AppleScript code that I got out of Keyboard Maestro was towards the end. It says very simply, and AppleScript is great because it's super readable, it says, tell application Keyboard Maestro engine do script big long ASCII set of characters with parameter r and then it says end tell. So it just says tell the application to run the script and then end telling it. So this part of the script actually kind of made sense, selling AppleScript to tell Keyboard Maestro to run my script, and I even knew what this big long ASCII set of characters was.
I don't know if you remember, but last week when I told you about Dan Thomas' awesome Keyboard Maestro macro that lets you do version control on your macros, I explained that the exported macros have your human readable name that you created for your macro, but then they have appended to that a big long ASCII set of characters that they explained was the UUID for the macro from Keyboard Maestro. I know that's a lot of info I'm asking you to keep track of in your head from last time and this time, but I was pretty sure that UUID is the only way you could access the macro from within AppleScript. I'm wrong about that, but at the time that's what I thought. When I was talking to Bob, I didn't understand what this parameter R was that was created, and Peter in his comment on the blog post explained it to me. So this says as do script and the BigASCII character code, with parameter r.

[27:11] He says with parameter value is replacing the trigger value token when the macro is executed.
That's how the file you have selected in the finder gets passed to the macro.

[27:22] So that's cool. One more thing from Peter, he explained that the UUID could be replaced by the macro's name.
So you could write it as do script quote macro name.
That's pretty cool. Would be a little more human readable later.
You wouldn't have to remember where that UUID came from.
So now let's switch over to Bob's method.
Bob's solution was to start from Automator, add a RunAppleScript action, and type in those same very simple lines that were in the auto-generated script, with the tellApplication, keyboard, maestro, engine, and doScript, blah blah blah.
His script worked as well.

[27:58] But I have a question. The auto-generated AppleScript knew which UUID called the right script only because I had exported it from the macro I wanted to run.
How did Bob know the UUID of the macro if he didn't go through that export step?
I knew it was a UUID because of the version control macro from Dan Thomas, but in Bob's explanation he didn't call it a UUID.
He referred to it as a Macroscript ID Number Designation Thingy, which I really liked.
Bob's explanation of how he knew the UUID taught me another new trick that makes this whole roundabout explanation worth all the time it's taken to explain.
Remember, I hadn't paid much attention to the trigger part of using keyboard maestro macros.
One of the reasons I haven't dug into triggers too far is because there are so many options on how to trigger them.
You can use a hotkey, you can have it run when a USB device is plugged in, you can have a macro trigger when your audio output changes, or when a volume is mounted.
The list goes on and on and on.
Bob explained that one of the many options is to trigger macros via a script.
If you choose the Script option, you can select AppleScript.

[29:09] This automatically creates an AppleScript for you that says, application keyboard maestro engine to do script and it shows you the UUID.
Remember, the UUID is also known as MacroScript ID Number Designation Thingy.
This is exactly the Apple script that you can export as a quick action as I described earlier.
Bob doesn't use the script itself, but he just used that script to find the UUID and then he put it in his very simple script.

[29:37] So I walked you down these two different paths, again to demonstrate how much I'm learning by working on silly scripts like checking the Alpha checkbox in the Save As dialog box for preview.
I learned from Bob, and now I learned from the developer himself. How cool is that? Peter rocks!
Now, the only problem with my storytelling is that you didn't have a concise step-by-step process to turn a keyboard maestro macro into a quick action, and I promised I would boil it down for you here at the end. Step 1. Write the keyboard maestro macro that works on a finder item. Step 2. Set a trigger that you know will be active. Step 3. With the macro selected, Select File, Export, Export as Finder Quick Action.
Open System Settings or System Preferences and navigate to Privacy & Security, Extensions, Finder and tick the checkbox next to your newly created Quick Action.
Save your service in Automator. And then to test, right-click on an appropriate file in the Finder and choose Quick Actions and select your macro, Quick Action.
If Finder asks for permission to run Keyboard Maestro, say yes.
If anything goes wrong, check out the fabulous Interactive Help in Keyboard Maestro's Help menu.

[30:47] Now, I promise not to talk about Keyboard Maestro every week, but I was so excited to learn even more about this amazing automation tool that I felt compelled to share.
Also, if I write about it, I can always find the solution online when I forget how to do this. I can't tell you how many times I have actually Googled for a solution and found the solution at

Support The Show

[31:10] One of the things I don't do is pay attention to who stops supporting the show through Patreon after a while.
I figure, you know, people have their reasons. And I don't want to feel bad about it and see somebody left.
And I don't want them to feel bad either because I noticed and maybe I'd feel compelled to say something and that'd be terrible.
So I just don't look at it.
You know, maybe they've hit hard times or maybe they've just moved on to other shows.
I know that's shocking to hear, but it can happen.
Even though I don't watch it, and I don't worry about it, I do know that if we don't get new patrons from time to time, the funding for the podcast does slow down.
And that's happening right now.
I can assure you that the cost of making the show doesn't slow down to go with it.
I seem to always be able to find a paid-for tool to make the sound better, to be able to supply enhancements to the feed, and to buy software and hardware to review for the show.
So if you've been thinking that everyone else is carrying the weight of supporting the show, consider the value you get out of the podcast, and if it's worth a buck or to you, head on over to slash patreon and become a patron of the fine arts.

Security Bits — 19 March 2023

[32:14] Music.

[32:21] Well, it's that time of the week again. It's time for Security Bits with Bart Bushats.
How are you doing today, Bart?
Hi, I'm doing good. It's a bit of a strange day because due to terrible rain here, imagine that, I did my cycle in the morning, so my timetable is all over the place. And then you guys have decided to do daylight savings time too early or something. So we're recording at a different time and I'm normally off the bike, but I'm not just off the bike. And there's daylight in my office while I'm talking to you. This is weird.
Yeah, I'm not used to seeing you without, you know, blue lighting making you look pale.
See, there's a window behind me. Look, there's an outside.
That's... Yeah, there is daylight. That's crazy. I would like the record to show that, the United States, by a vast majority, said, please get rid of daylight saving time altogether.
And the Europeans have a very similar point of view, but the politicians can't quite seem to get it done. And most annoyingly, Brexit is probably going to kill it for Ireland, because with Northern Ireland we need to get agreement with our friends across the water.
And I'm not sure we can agree the sky is blue at the moment.

[33:24] Well our problem is pretty interesting and I don't disagree with it.
How the sun reacts by the hour has to do with where you are within a time zone.
Yes. So if your state is on the western edge of a time zone, you would want it to stay one but if your state is mostly on the eastern side of a time zone, you would want it to go the other way.
So the states can't agree on which one to pick because we got to pick one, right?
You got to pick a time.
Yeah, I think we should do what India did and go on the half hour.
Oh yeah, that really works.
Well, no, all of India is on one time zone. They took the two time zones and they split it in half and said, so they are like, whatever it is, 10 and a half hours or 12 and a half hours away from us.
Yeah, but that just really messes with everything, the half hours. Then everybody's unhappy. It's perfect.
That is how we got UTC. It is an acronym that is meaningless in French and English because they couldn't decide whether to make it French or English, so they took the letters and put them in the order that worked for no one, and they called it UTC.

[34:28] Fine. We'll take your ball and go home. Yeah, pretty much. Anyway.
On the subject of security, the listeners will have just heard me in this show talking about about my idea of making a long, or at least of indeterminate length, numerical passcode on their phones as kind of a compromise between a four or six digit passcode versus an alphanumeric passcode.
And I just wondered if you had any commentary on that. Did that make you scream?
Or would that make you scream into your phone? No, because really it's a case of doing whatever works for you that's more than nothing.
So anything you do to raise the bar raises the bar. Now, raising it higher is better, but you do still have to be able to use your phone.
It's like, yeah, my phone is perfectly secure. It's encased in concrete at the bottom of a river. Yay.
And you're trying to make it so that you're the more difficult person to get in the crowd of people.
Because these attacks happen in crowded places.
So you just have to be not the easy target.
So anything you do to raise the bar raises the bar. Now, raising it higher is better, but you do still have to be able to use your phone.
The bottom of a river, yay.

[35:34] Yeah, the thing I thought about was it's all in balancing risk and convenience, right?
I actually don't go clubbing as often as you might think I do.
I barely leave my house, you know? So I'm not a high value, an easy target, I don't think, in general, but I mean, I could be sitting at Starbucks or something, you know, typing in my code, and I think about that, but I think it's a better balance for me.
Actually, Steve told me not to tell anybody I'm actually using that.
I'm not. I'm not. I got a really long alphanumeric passcode. There we go.
I know you had said you didn't want to talk about it in detail, but I do just sort of want to say that there are some talk about bypassing the extra passcode and, stuff. The only thing it has to buy you is time.
The screen time password. Code.
So my reaction to that is if someone can brute force it because there's like a backdoor, if you do the right things in the right order, anything that slows a bad guy down is enough. Because what you're going to be doing is, oh my God, my phone is gone, get me to another device to do the remote wipe. So if it buys you five minutes, enough.
You know, like that is all you're trying to do.

[36:42] So I think that's true of people like us who know about this. But for my father-in-law, if he were to use a smartphone, it wouldn't even occur to him that that's something that he needs to go do if his phone got stolen.
So it's not just get to them before they get to you. It can be, I don't even know I need to go do that.
That's a fair point, but I guess if the criticism is don't set a passcode because it's not perfect, my answer is it doesn't have to be perfect.
You're just trying to buy yourself time. Slow down.
Yeah. Yeah. I still don't understand why nobody's, none of the pundits are saying, Apple, you really need to change this.
Well, because most I've heard is they need to give us an opt out button because that's kind of what they do, because there's two risks here.
There's a risk of losing your Apple ID and not being able to access your stuff.
There's a risk of having someone take your phone.
So for like the risk for most people, to be honest, is that you're more likely to lock yourself out of your own iCloud and need to recover it than this is likely to protect you.
So it's a bit like that severe lockdown mode they offer to people in high risk environments.
A button. Just give us a button.
That's all I want. Yeah, I would like to have the option to opt out of this.
No, no, I'm going to be able to do this.

[38:01] But okay. All right, that wasn't on our agenda. What's on our agenda today, Bart? We've got a good deep dive, I think, here. We do have a deep dive. It's good in the sense that there's some meat to it, but it's not good news. The TLDR starts with the sentence, this is bad. There, is no fire extinguisher icon. Critical Android baseband vulnerabilities. In the plural, there are four of them. Project Zero is who discovered these, and Project Zero are very well known for have been extremely rigid about their 90 day policy.
They will go public. This is a Google, Google Project Zero, by the way.
Yes, they are a yeah, they're a part of Google somewhere in Google's.
I don't know where they whether they're Alphabet or Google, but they're somewhere in that hierarchy.

[38:44] Right. And they are infamous, famous, known for being very strict on the 90 day.
They have decided this is so bad.
So if they find something, if they find something, they give you 90 days to fix it and then they publish it whether you respond or not.
They publish. Exactly. Yes. They consider this to be so bad they're doing a halfway house.
They're telling us that the bugs exist.
They're telling us vaguely what the bugs do, but they are not releasing the details because this is so bad.
So that's some context. What is affected?
OK, so what is affected with this? What is the problem? Okay, so your phone has your normal processor that makes it be a computer in your pocket, but it actually has a second processor that makes it be a phone.
It's called the baseband processor. And that's the bit that does all of the engineering for talking over radio waves to the cellular network. And it actually has its own little CPU and its own little operating system in there.

[39:49] And that operating system is very tightly linked to your real operating system, to Android in this case.
And so if something gets in... I did not know any of this, Bart.
Oh, there you go. I did not know there was a separate computer for the, a separate processor for the telephone part.
That's interesting. Yeah. Okay.
So it's a computer, it's got an operating system. And that operating system is very, very tightly integrated with Android.
And that means that if anything gets into that operating system, when it gets to Android, it's not coming in as like low-level, unprivileged user.
It's coming in with system privileges because it's like really low-down brains of the phone, right?
Your phone being a phone is kind of important. And when you say coming in, so this processor for the radio is running a version of Android.
Which is running its own OS, actually, but it's talking to Android.
So Android is running on your phone's real processor.

[40:40] That's what I'm trying to get to is it's talking to Android on your real processor, the computer in your pocket part. Okay. All right.
And so when it's talking to that, it's talking to it at the kernel level. It's not just root, it's super root.
Deeper than root. Yeah, it's the deepest level. So there's kind of a fuzzy line between whose job it is to manage these things. But anyway, different manufacturers make different baseband chips, and they have different firmwares and different little mini operating systems.
And there is a bunch of chips made by Samsung.
Now, don't think that means it's only Samsung phones, right?
These are Samsung is a massive conglomerate. They make everything from ships to monitors.
Like one of the things they make is these little chips that are the little cellular brain for phones.

[41:26] And OK, so just like we might have a Qualcomm chip in an iPhone, there's chips in more than Samsung phones. Yes, yes. So that's a perfect analogy there, because the other big players would indeed be Qualcomm.
So Project Zero found four bugs in the firmware, the little mini operating system, on a bunch of these Samsung-made cellular chips.
And they allow a remote attacker who knows only your cell phone number, to execute arbitrary code with zero user interaction and zero, it's completely stealth.
You can't see that it happened And you don't have to do anything.
That is as bad as it gets. Do they have to have access to the phone?
No, they just need to know your cell phone number.

[42:12] Oh, jeez. This is why they're not releasing the details. Right. This is this is a five alarm fire.
Well, yeah. And there's reverse lookup for phone numbers.
Right. That exists. Right. So the TLDR is that as of today, the only phones we know for sure are safe that are Android are the Pixel phones, because Google's March patch fixes this for, Pixel devices who do use the Samsung chip.
So they were affected, but they've already fixed it?
Yes. And so every other manufacturer that has the appropriate chip needs to put the new firmware in their chip.
And you as the end user will get that through effectively an operating system update that comes via your device because in Android land, yeah, yeah, we're okay.
Sorry, Bart can see my face of horror right now when he says you have to get a software update.
From your hardware vendor.

[43:10] Oh, from the hardware vendor, not from the... So if I've got a Verizon Android phone, that's no longer getting OS updates.
No, no. So Verizon don't make phones. Verizon are a cell phone carrier. I mean...
I know. But Verizon is who controls what OS updates I get in the United States.
Or AT&T or T-Mobile. Okay, then it's even worse than I'd forgotten that extra layer of indirection.
So that means that if Verizon sold you the phone, and then Verizon are going to get the fix from whoever made the phone, and then Verizon have to give it to you. Say Motorola. They don't anymore, but yeah.
Yeah. So Motorola would have to fix it, give it to Verizon, and Verizon would have to give it to you.

[43:50] Which they probably won't. So because they don't.
The silver lining is there is a workaround. There is a way to stop your, basically to stop your device executing the problem code.
You need to turn off two features, Wi-Fi calling and something called Voice over LTE, which is often written as volt with a lowercase o and an e on the end.
So voLTE. Voice over LTE.

[44:18] So guess what? If you live in an area or say a house that doesn't get cellular coverage, your only way to make phone calls is with Wi-Fi calling.
Or Skype.
Sarah Lane was talking about how she has to drive 10 miles to get a cellular signal from her house.
And I was thinking about it in her context. In my context, AT&T just doesn't for some reason work indoors inside my house. I have to step outside of my house to use AT&T to call. If you have Verizon and you're sitting inside my house, you're fine. I don't understand it. When we had 2G radios, it was fine. 3G radios, it worked fine. As soon as they went to 4G, it was gone.
I have to wonder if there's some sort of metal structure in your house that's too close together for some frequencies to fit through or something. Your little Faraday cage.
Yeah, there's some wire mesh somewhere that at the right frequency doesn't work. So turning off of Wi-Fi calling is really impractical for a lot of people.
Yeah, that's swaths of the United States. I'm guessing vast swaths of places like Australia might not have cellular coverage, you know. And holy cow.
Yeah. So thankfully, the pixel phones are covered. We are expecting that the major vendors like your your Samsungs and stuff will also be good about fixing this.
So the chance are, if you have a high end Android phone, and you're probably going to get okay here.

[45:44] Oh good, rich people are fine. I know. This is what's wrong with Android.
Most Android phones across the globe are the cheap ones, right?
Are the ones you get for nothing with a cellular contract.
Yeah. And this is the problem with Android's model. So Google have worked around a lot of this by having a lot of the updates to the core operating system come through the Play Store.
So they've basically taken most of their operating system and pretend that it's part of the Play Store.
And so when they send Play Store updates, they're actually patching, say, 75% of Android.
I remember after you read that big report on things they'd done better, and you discovered that piece of it. But this isn't in that?
No, because this is way too low down, right? This is way, way, way too deep down in the stack for the Play Store to fix you here.
So we really are dependent on the hardware vendors, and whatever path is between the person who made your phone, and how you get software, which is gonna be different in different parts of the world.
So how do you even give advice to friends or family?

[46:49] Yeah, can you tell, is there any way to tell whether a phone has gotten the firmware update?
Only if your vendor says we're good. Only if someone, an authority, says we are covered for CVE, where's the number here, 2023. On this specific device.
Yes. But no, the manufacturer can't just say it, because I can have, you know, let's say Motorola, they don't do cell phones anymore, but let's say they did.
Motorola sold me the phone. Motorola says, yep, we fixed CVE 2023-24033. We're good.
Unless you have an unsupported phone, because it's too old, because it's a year and a half old.
— Well, they would probably say, if... The answer you would probably get would be, if your device is showing as firmware version blah blah blah, or later, then you're good. So that's usually the way these things work.
— So you can't see the firmware version?
— There's going to be a version number somewhere in the about...
In the about this phone screen. OK, that will tell you where you are, but they'll have to give you the details.

[47:52] OK, after we're done, I'm going to pull up, boot up my unsupported Android phone because it's two years old and find out what it what if I can find a firmware number or anything about that or even a software version, there will be like the about screen will be able to give you some sort of a version number on something. So the chances are, yeah, the chances are that will be how they would tell you whether or not you've got patched, on an older device, has it updated itself in the last year?
You know, this is the only devices we know to be patched today are the pixels.
So every patch is going to be newer than now.
So if it says last update a year ago, the answer is guaranteed 100 percent. Nope.
But of course, you may not have the relevant brand of chip. And there's no way to know unless you start to de-solder the bloody.

[48:40] Phone right so this is the extra big thing we don't even know.
We don't even know what we don't know right it's it's a mess is an absolute mess and it's down to this terrible model google picked for how to deal with android software updates apple is so right to disintermediate everyone.
And just you know apple made the OS got you got you i know yeah it's anyway it's a mess and you could have multiple manufacturers you don't have to be apple built it right android.
Google could have multiple manufacturers, but have negotiated in a way that they always control the operating system itself or the firmware.
And the proof of that is Windows, right? Driver updates come through Windows.
Yeah, yeah, yeah, right, right, right.
And yet, anybody can make them. Exactly, exactly. So it can be done.
And just in case I haven't scared you enough, if you're wondering, well, what would someone do with something like this?
The answer is this is exactly the kind of vulnerability the NSO group want for Pegasus, right?
Spyware that's designed to watch everything that happens on a phone.
That is what these kind of vulnerabilities enable.
Targeted spyware. Targeted. Joe Biden's phone number. Right. Now, what this also enables, because this is so this is such a trivial vulnerability, this would also just enable someone to just go, I just want Americans.
I'm just going to go every possible phone number that starts with the area code for Verizon.

[50:06] And then just look out for, you know, banking logins and just steal some credentials.

[50:12] I don't think Verizon owns entire area codes, but I see where you're going.
Every number that starts with 001. Groups of number.
Well, anything that starts with a plus one. That's what I mean, right?
Like, yeah, this is so it can be used both for really targeted stuff or just to just blanket everything.
And you only have to hit the all of these things are about numbers.
Right. Why does spam exist? I mean, almost no one clicks on it.
Yeah, but for them to make money, one in a million have to click.
Can't you do something? One in a million click.

[50:44] And the Centre of Economics comes into play here. There's a lot more than that.
Yes, actually. It's very, very profitable, unfortunately. So this is just...
Oh, that's nice. Thanks, Bart. I had heard about it, but I didn't realise how bad it was.
Yep. Now, stay tuned. There will be more details coming out about this right there.
We're going to hear from more manufacturers.
And I particularly hope we hear from Samsung very soon because they are one of the biggest manufacturers. So if we can at least get everyone's Samsung phones up to date, as well as the Pixels, we're in a better place.
So anyway. Well, the reason I keep bellyaching about Motorola in particular and keep saying they don't make phones anymore is that's who I bought my phone from.
Oh, so you bought one and then they went, you know something, we've had enough.

[51:28] And so I can't get any support from them. I can't get a... They just like, nope, not us.
Oh, lovely. Thanks. Absolutely lovely. Right, so with that little palate cleanser out, it's the inverse of a palate cleanser, right? So let's move on. It's all uphill from here, even if some of it's still bad news.
It has been Patch Tuesday. Microsoft were busy. 74 vulnerabilities fixed, including two zero days under active exploitation. So if your Microsoft product says, hi, I'd like an update, the answer is yes. Yes, you may have your update.
By the way, when I talk to friends and family, I just love it when they say, should I up—yes!
Is there a giant big red number one?
Or is it a number 20? Well, whatever it is, you know, it's a giant big red. Yeah, go!
Anyway. The number of people who asked me for tech support in Antarctica, and they handed me their phones and there was a big number on the OS, I was just like, you're killing me.
Early warnings then, there's one story here which probably would have been our main deep, dive had it not been for that little Android thing. if you have a Windows laptop.

[52:43] The chances are high you're going to get a firmware update soon.
Because one of the manufacturers of Trusted Platform Modules, or TPMs, used a... or they had in their documentation an example implementation, which had a nasty security bug in it.
And a whole bunch of hardware vendors just copied and pasted the sample and never actually took it any further than that.
So those laptop vendors are going to have to push out firmware updates to actually put secure firmware on their motherboards, etc.

[53:15] This will come to you via the appropriate Windows channels. Unless you are in a corporate environment, this is not a five alarm fire.
But, you know, so if you work in corporate IT and you have Windows devices and you're depending on FileVault, which is almost everyone in corporate IT, this is actually important.
And you need to check with your hardware vendor that you are getting these updates.
But for us regular Nostelicastaways, your Windows machine is very likely to get a firmware update in the next couple of months.
Yes, you do want that. So this is the example you were just talking about.
Bad firmware problem, Microsoft pushes it out, fixes it, done.
None of this bloody, sorry, carrier nonsense and whether or not you're allowed to have the latest OS to be supported.
Exactly. Now, you are still relying on the manufacturer of your device to continue to provide firmware, But there's literally no way around that. There is no distribution model that does not involve the person what wrote the firmware having to fix the firmware what they wrote.
Right, right. The question is how much is there between them and you, and you want as little as possible.
And that's where, you know, you can say many things about Windows, but they got that bit right.

[54:24] Actually, they managed to also secure it, because today on Windows 11 and indeed Windows 10, you're not in the Wild West anymore, right?
They now have moved to a model where all drivers are signed.

[54:35] And yet they've managed to slowly move to there without ever breaking everything.

[54:40] Because those people who are making those laptops and doing those forward updates, they now have to have digital signatures and everything on all of their drivers. But Microsoft managed to very slowly make that real by making it optional, and then desired, and then required. But we're now in a state where it's as secure as your updates from Apple, but they're coming from lots and lots of people. So it's actually a very good architecture that we snuck into. We sort of by stealth arrived at a good system, which is nice.

[55:06] Moving on then to notable news. I'm putting this in the security bits because I think this is kind of a security story.
So it is a known thing. It has a cool name, which is a dark pattern.
Dark patterns aren't magic.
They're tricks that fool human beings into doing what is against their will for the purpose of defrauding them in some way. We call it a dark pattern because it sounds cooler than dirty trick.
It's just dirty tricks. Epic Games have agreed to pay a fine of 245 million for tricking people into making purchases they didn't want in Fortnite using dark patterns. So good on them to get their comeuppance. Shame on a company so major to be up to this kind of shenanigans. That's just ridiculous.
And good news, if you are a Google 1 subscriber, you now have a free VPN at your disposal.
They have rolled their VPN service into their Google One.

[56:11] So I saw that, but I don't know what Google One is. Well, I don't pay any, I don't pay Google for anything, but apparently it's their like equivalent of Apple One, where if you buy Google stuff, you get all your Google stuff together. I'm guessing maybe it's your YouTube and your office, your whatever they're calling it, not office anymore.
Workspaces, they change the name every week.
Yeah, yeah. OK. So like maybe whatever Google Apps for Business was that got rolled in, rolled around and around and around.
Yeah. Whatever they're calling it today. If you're paying Google for stuff and you're a Google one subscriber, you'll know what it is, you now have a VPN.
So, yeah, that's very good. And then the last story here is from the United Kingdom.
It actually pinged on our Slack, forward slash Slack.
Signal have, sorry, WhatsApp have joined Signal in telling the UK government in no uncertain terms that if they go ahead with their online safety bill, which would basically end end to end encryption, they're sodding off out of the UK.

[57:08] And that seems to be the front everyone's putting up. This is another one of those examples of the politicians are absolutely certain that they can both have encryption and scanning for CSAM.
They're convinced it's possible. Right.
It's like, yes, reality, math, forget all of that. So I don't know how this is going to play out.
But anyway, that's another strong voice saying, no, this is stupid.
And, you know, WhatsApp does carry some weight.
Glad they're pushing back. Yeah. Hey, I need to back up on something I've been saying over and over and over again here, Motorola does sell the Moto G7 that I bought I'm pretty sure what happened was I bought it like through Google originally and it's Google who wouldn't support it But I've just done a little bit of research, I have my Moto G7 in front of me and I checked and Motorola is selling the Moto G7, right now on their website and And I just checked software update and it says, your software is up to date.
Security patch level, February 1st, 2021.

[58:12] Sometimes it goes back and it checks again but this is why i contacted them like a year or two ago and said hey how do i get the software update and they were like well i don't know.
That's terrible that's disgraceful.
Selling the phone they're selling it.
Oh actually no no hey hey i just scroll down it does say unavailable but i was able to find it on other websites where i could buy it i could buy it for hundred seventy nine dollars at walmart right now.
So that's not a used phone. Wow. Yeah.

[58:45] Terrible model. Those are the phones. I don't think they're going to get those little updates, Bart.
No, no, bad.
OK, I have annual rant about Android done. We're now climbing up towards palate cleansing.
On our way to palate cleansing, we're passing excellent explainers.
So one of the changes Apple is slowly making has been nudging these changes for a few years now.
Apple wants to get third party software vendors out of the kernel, because kernel code is very, very high privilege code. And what you want is to have the kernel as locked down as possible for the security of your OS.
And one of the last big players left in the kernel that is used by millions and millions of people are cloud sharing apps. So your Dropboxes and all of those.
And so Apple have created an alternative mechanism for those apps to integrate with the Finder that doesn't involve a custom kernel extension.
And that is called their file provider API.

[59:48] And so you may notice your apps are changing subtly, where they're moving from being under My Places to being under, I think it's Network or something. Like, they're moving around inside the Finder.
All of that's to do with the companies adopting this file provider API.
And if you're curious... They're under Locations. Thank you, yes, I see it right here.
OneDrive, Locations, yes. And they used to be under Favorites.
I see Google Drive, Keypit, and Dropbox. Actually, it was worse than that.
They were at the top level of your user account.
So under Allison, the first thing it said was drive. It's like, no, I don't want you there.
And I'd try to move it and it would go back, or it would stop working.
Yeah. Well, anyway, there's now a whole API around these things, and so these are all being standardized. So if you're curious as to what it means and how it works, there's a fantastic explainer that really goes into the most detail I've seen anywhere on shock, handle, or horror tidbits, of course.
So if you're curious what's going on, It's file provider forces Mac cloud storage changes and they go into all the details.
You know, the what, the why and the what are you going to see as a user?
What difference is this going to make?
And for most people, it's not going to make a difference. But for power users, there may be some crankitude, because you can't choose where the folders go.
They're going into your library folder inside a subfolder called, I think it's cloud files.
There are... this locking down has effects.

[1:01:16] But for most people, most of the time, it's actually going to be nicer because you're going to have this nice consistent thing where they all have that same green tick box if it's downloaded and the blue circly thing if it's syncing.
And they're going to get all of that is going to be consistent, whether using Drive or Dropbox or OneDrive.
So for most people, it's better. I was just delighted when I saw them move and I didn't know why, but it sure made me happy.
Yeah. So they're all coming through the standard API. So they're all going to be the same, which I love.
I love the consistency.
So anyway, details there. It's a very good post. Very detailed.
What's in brings us to pilot cleansing, which you brought us along, and it just made me laugh so much. It's just a... I love this so much.
Someone named Annie goes by SoyCotic on, looks like on Twitter.
She wrote, every time I have a programming question and I really need help, I post it on Reddit and then log into another account and I reply to it with an obscenely incorrect answer.
People don't care about helping others, but they love correcting others.
Works 100% of the time.
I think this is amazing. You're hacking the squishy organic bit.
It's genius. It's absolute genius.
And true. And true.

[1:02:31] In my experience, a lot of people do like helping other people, but I bet more people like correcting than like helping. So I think it's fantastic.
I think we double like it if we can help someone by correcting someone else.
That's like two endorphin hits, right? We're helping someone.
Bonus prize. And we're telling these people they're wrong. Win-win!
What is it comes to mind the oh shoot i can't remember the guy's name but there's a an account.
That is it basically it's a troll it's this person who post.
Just completely wrong answers to things. Like as though they're just incredibly dense, like they don't understand stuff. And then people engage with this account and start arguing with it, trying to figure out, like going, no, no, no, you don't understand this.
And they just say things that don't make any sense and it drives people bananas.
And it's hilarious when you know the joke, when you know why it's happening.
But it'll be stuff like, you know, the moon is 2000 miles away.
Well, no, it isn't. Why are you saying that? And they'll say, because of asteroids.
You know, it's just like, they don't make any sense. It's just one of, now I can't remember the name of it.
Anyway, I love it. This reminds me of the famous XKCD, you know, are you coming to bed, dear? No, I can't, why?
There's someone on the internet, and they're wrong.

[1:03:51] Oh, I'm such that person. I am such that person. I just found out yesterday that the B in IMDB is lowercase.
I just noticed it. And I tooted out, why has nobody ever pointed this out to me and said I'm an idiot? How could that happen? How could I be this many years old?
And I had somebody check. They said it's been since like 1990, it's been lowercase.
Never noticed. Never, never, ever noticed.

[1:04:20] I noticed for the simple reason that I am forever trying to figure out whether it's database, capital D, capital B, or whether it's database all in one word.
Because that will determine whether or not should capitalise the B in DB. I think it's database. I think it's DB, capital D, capital B. So I think they're wrong. Therefore, I remember. But it's argued.
Wait a minute. So you're saying whether or not in the title of the thing they did it all caps?
Right. Internet Movie Database, IMDB. So if I'm writing about a DB this and a DB that, it's capital D, capital B. So if I'm going to put it inside Internet Movie Database, it's IMDB. But you have other people say, but the word is database. It's one word. And I was like, no, it's hyphenated. It's like, no Bart, it isn't hyphenated. And I was like, it should be. But you know me in hyphens. So anyway, it's a whole thing.
Oh yeah. Hang on. I got Steve to tell me. It's Ken M. And he puts them up on Reddit and it's hysterical. So if you go to slash r slash Ken M, that's where they're collected. It is one of the funniest things you've ever seen. It's just wonderful.
Excellent. I'm going to add it to the show notes. Yeah, please. I'll put it from Steve.
Oh, yes. All right, so like I say, it's been a strangely quiet two weeks, so that's all I got.

[1:05:37] All right. Well, I'm glad there was only one truly horrible long thing.
Yeah. Yeah. Anyway, remember, if you can, and as much as you can, stay patched so you stay secure.
All right. That's going to wind us up for this week. It's good to be back in the saddle. Did you know that you can email me at alison at anytime you like. If you have a question or a suggestion, just send it on over. You can follow me on Mastodon at podfeet at
Remember, everything good starts with
If you want to join in the fun of the conversation, you can join our Slack community, at slash slack, where you can talk to me and all of the other lovely NoSilicast toys, even Bart. You can support the show at slash Patreon. Remember, we really do need some new patrons. Or a one-time donation at slash PayPal.
And if you want to join in the fun of the live show, head on over to slash live on Sunday nights at 5 p.m. Nocillicast Standard Time, and join the friendly and and enthusiastic no solar castaways.

[1:06:36] Music.