2021, Allison Sheridan
NosillaCast Apple Podcast

Edit Transcript Remove Highlighting Add Audio File
Export... ?


[0:00] Music.

[0:11] 16th, 2023, and this is show number 936. Well, I'd asked you all last week what you think about having an intro at the beginning, telling you what I'm gonna tell you about.
And I've gotten a bunch of votes from people. A lot of people on Slack have talked to me.
Pat Dangler cornered me in real life to tell me your answer, and the vote is 100% split.
Half the people say, no, I can't stand it when podcasts do that.
I know what I'm gonna hear. It's in the title.
I don't need to know that. And the other half go, yeah, that'd be really great if you told us up front.
I'm not sure what I'm gonna do. I may still do it from time to time, but I'll tell you one reason not for me to do it.
A lot of times during the live show, I underestimate how long the show is gonna be, and I look and it's gonna be really long, and so I cut something from the show after I've already recorded the intro.
So that's one of the reasons I actually never do it. So by the time you see the title of an episode, that's what's actually in it. But when I'm at the beginning of the show, you might never know. So I'm probably not gonna make that change.

CCATP #764 — Adam Engst on Mac Cloud Storage Changes

[1:08] After a completely unexplained and I don't even know why hiatus from doing chit chat across the pond light, we have a chit chat across the pond light.
Adam Angst of Tidbits joins me this week to talk about the changes Apple made recently to the file provider extension.
And I had actually never heard of the file provider extension until he came on the show to tell me about it.
But these changes had a fairly significant effect on how cloud storage providers like Dropbox, Google Drive, OneDrive and Box work with macOS.
Whether you realize it or not, you've very likely been upgraded and transitioned to new versions of these services.
While the new file provider extension improves several things about our interface with these cloud storage providers, there are also some serious gotchas that may affect you.
For example, before talking to Adam, I didn't realize that the change caused us to have local copies of our entire Google Drive and anything added there isn't necessarily being synced to the cloud.
Being Adam, he's written an extremely well-researched a well-explained article over on
And of course, there's a link in the show notes to that. So you can follow along with our conversation and learn all about this from the great Adam Angst.

CCATP #765 — Bart Busschots on PBS 149 of X — Better Arguments with POSIX Special Variables and Options

[2:19] Well, this week we actually have two chit-chats across the pond because we have a programming by stealth by Bart Bouchats.
In this rather mind-bending episode of programming by stealth, Bart takes us into the weird world of POSIX's special variables and options.
He refers to some of them as being like handling nuclear power, at one point he suggests mind-altering drugs must have been involved in the design, and he even compares one of our newly learned tools to a chainsaw.
He powered us through amidst my many interruptions with questions to where we can now write shell scripts that take flags and optional arguments using getops.

[2:56] The final form of the syntax is very readable, but knowing the reasons behind each bit is crucially important, and that's of course Bart's strength.
You can find Bart's fabulous tutorial show notes to go along with this episode in the links of course in these show notes to Hey there.

Clean Up Background Noise with Hush for macOS — by Terry Austin

[3:14] I'm talking over here. Hush. Gosh.
Hi there fellow castaways, this is Terry from Texas with another long overdue review.
First, the problem to be solved. As an online professor, I record videos for my students.
As previously mentioned, I live in Texas where it gets hot.
To solve the hot problem, we use an air conditioner.
Air conditioners make noise.
Up in my videos.
I also live very near Fort Cavazos. You might know that better by the old name of Fort Hood.
My house is right in the middle of the training flight path for both cargo and attack helicopters.

[3:52] They don't respect my recording sessions at all, so often helicopters fly right over in the middle of my recordings. Again, noise ends up in my videos. We all know what makes a good video is clean, well-done audio. So, noise in the audio? Yeah, that's a problem. A problem we need to solve. Or, at least a problem I need to solve. That brings me to the app of concern, Hush.

[4:17] Yes, just Hush. Hush uses state-of-the-art artificial intelligence, AI, to suppress background sounds and room reflections. Hush is available on the Mac App Store or from the developer Ian Samson's website at where you can try it for free. As the website states Hush will mute all the noise, make every room anechoic, debark, dechirp, dehonk, automate your workflow, stay cool with Apple Silicon, and own it for life. The developer Has Hush app priced for a one-time purchase of $49.99 rather than the subscription model?
I actually prefer that type of purchase for this app. I'll use it all the time and I don't mind paying for an app that will actually do its job.
I listened to the sample that Ian has on his website and immediately bought the app.
It's been less than a week and I've already cleaned up all my new videos and I've even started going back through my old library of videos that are previously done for my students.
The way this works is you make some audio, or you make a video and render out just the audio file.
Open the Hush app, set some very basic parameters, pick a folder for the cleaned audio to end up, and then drag your raw audio onto the app's target window.

[5:39] Reach into the folder where you told Hush to scene your clean audio, and now you've got a clean audio file.
If you're working on a video like I am, drag the clean audio track in to replace the original noisy track and then render your video.
If you record audio or video, you just might wanna check out Hush.
Now that you've listened to me talk about Hush, you might want to hear how well it works for yourself.
So I will ask Allison to play you a short audio clip.
First, you'll hear a bit of audio I recorded with two fans and a TV running in the background.
Then you'll hear a clap as an audible separator.
Finally, you'll hear the exact same bit of audio after a quick trip through Hush. Allison, hit it.
This is an attempt to check and see how well Hush does at silencing a very noisy background.
Let's give it a shot.

[6:34] This is an attempt to check and see how well Hush does at silencing a very noisy background.
Let's give it a shot.
Wow, that is incredible, isn't it? Well, I tell you, I often get teased by listeners that I cost them a lot of money with my reviews.
I now know how you feel.
When Terry sent me this review of Hush, before I read it and listened to it, he bet me that Steve and I would both want this app.
Without even knowing the price, I was dubious that I needed it.
I have a very controlled environment for my recordings with lots of sound absorption, a really good microphone, and a clean audio interface.
But what I don't have control over is the recordings from listeners.
Most of them are really good quality, but even the best ones often have room echo or fan noise or air conditioning.
Heck, Terry himself sent in a recording once where the refrigerator was running in the background and it was highly distracting. After hearing Terry's review, I decided to download the free 21-day trial of Hush.
21 days is a very generous trial period for developer Ian Sampson to offer.
Later in the show you'll be hearing a quick review from the lovely Sandy Foster.
She's worked really hard to create a good environment for recording, no more fan noise, and she's got a big girl microphone, so her recordings are very clean.

[7:53] When I listened to Sandy's recording for this week's show, my very picky ears heard a very slight room noise. It's kind of hard to describe. Room noise is not like a fan or anything like that. It's just kind of the room itself reverberating at a low frequency. Now 98% of you would have never noticed the room noise on Sandy's recording, but I thought I'd just give Hush a try. I downloaded the free trial, like I said, from and I'm gonna walk you through exactly what the configuration is. Terry referred to it a little bit, but I'm gonna get into some more details. When it first opens, it tells you that the trial is 21 days. Yay again!
As soon as you click the Start Trial button, you'll see the very simple configuration options for removing noise from your audio. In the upper left, there's a slider from 0 to 100% labeled Mix. Now there's no explanation of what Mix means, so I asked the developer, Ian Sampson. He explained that it simply blends the processed output with the original output.
He said that if the AI inside Hush completely erased a dog bark and you set the slider to 50%, it'd be about half as loud as the original.
The reason you might want to set the mix to anything other than 100% would be if the resulting clean recording sounded maybe artificially clean.

[9:08] For example, we've got another interview from the CSUN Assistive Tech Conference this week, and since I'm sure you've noticed in previous recordings, there's a fair amount of ambient noise in the exhibit hall while we're doing these recordings. I ran the latest recording through Hush three times. I did it once at 100%, then at 50%, and I finally settled on 75% feeling pretty good.

[9:30] At 100%, it sounded like the interview was conducted in a super quiet but large room.
At 50%, the noise level was still a little more than I wanted, but at 75%, it sounds natural. You can still tell I'm in an exhibit hall, but it's not distracting at all.
Now, Steve and I were talking about how the CSUN environment wasn't super loud, but if we ever get to go back to CES, Hush will definitely be set to 100% for those interviews.
Now, Hush has just a couple more settings to play with. It asks you to tell it where to put the resulting denoised file, like Terry mentioned, and it gives the option to add a prefix or suffix to the resultant file.
I like that, so you keep your original and you can have a prefix or suffix to be able to tell which one's the clean one.
Finally, you can set the sample rate and file format of the output to WAV, AIFF, or FLAC, which are all uncompressed formats.
Or you can choose to, there's a toggle switch there, you can set to the same as the original file, which is what I choose. After setting up Hush, you simply drag your audio file onto the main area on the right and Hush immediately gets to work as soon as you let go.

[10:34] Now speaking of drag and drop, I tested Hush for accessibility.
The mix slider, file info fields, and formatting controls all worked really well.
There's graphics next to each one of these settings, and they're not quite labeled as well as they could be, so I let Ian know that he might need to do some cleanup on them.
A bigger issue, though, is that drag and drop is problematic for those who use voiceover.
I thought that might be the case, but I wanted to be sure, so I sent out a toot on Mastodon, asking if maybe there was some trick they knew that I didn't know about and it wasn't a problem.
Kevin wrote back, Most screen readers have a way to drag and drop, but they're often not as efficient.
You can do it, but it's really annoying.
Or sometimes you can select a file in something like LaunchBar or Alfred and then send it to the app that only has drag and drop.
Most of the time, drag and drop with a screen reaser is not enjoyable, as it seems to be for sighted people. Allison Molloy wrote, In my experience, this would make it functionally inaccessible.
On the Mac, for example, drag and drop is possible with voiceover, but it rarely behaves the way I would expect it to.

[11:38] Well, armed with that feedback, I passed that along to Ian, and man, is this guy responsive.
I had asked him, you remember, about what mix meant, and he got back to me in like 20 minutes, and on the accessibility question, I told him the things I thought needed to be improved, like these buttons being labeled weird, or these icons being labeled weird, I should say, and the drag and drop problem. He wrote back, and he says, I have a list of things I'm going to work on. I'm glad you gave me this list, and the top of my list already is to fix the drag and drop problem for voiceover users. And he does have some people who are helping him test, so that is fantastic. I love that.

[12:13] Now one final point I wanted to make, Hush really does want an uncompressed file to work, with. I tested running an MP3 file through it, and it took a really long time, and it actually spun up my fans, which I'm not sure I've ever heard before, because I have an M1. And even though I told it to save it as my original format, it doesn't have a way to save as mp3, so it saved it as an AIFF. I also tried it with an AAC M4A file, which is a lossless format, but it is a compressed format. Hush did save it with the .m4a extension, but the file was triple the original size, so I think it was probably exported as an ALAC, that's Apple Lossless Audio Codec, which also has M4A at the end. So it wasn't an AAC, I think.

[12:58] Now I'm getting into the nitpicky details of audio codecs here, which is pretty much the road to madness so I'm gonna stop. On, Ian says that when you buy Hush, you own it for life. Terry mentioned that too. Ian says, neural networks with this much power usually require a server, along with a hefty usage or subscription fee. Instead, Hush runs entirely on your Mac, your data stays private, and the app is yours forever.
So while $50 is a lot for an app, Hush is in the Mac App Store, which means I can still share it with Steve for his videos and that made it a little more palatable for me. I like owning software, the software does something really complex and specialized, so I think it's really great. The fact that on the first day I tested Hush, even though I had 21 days to play with it, I found two good uses for it tells me Hush will be a tool that will live in the top drawer of my toolbox for a long time. I'm very cross with Terry for costing me $50, but you'll all be the beneficiaries. You'll be able to hear it in the recordings even in this episode. I bet a lot of you are grinning knowing how much I've cost you over the years, so you're happy with what Terry did to me.

CSUN ATC 2023: WonderPax Reusable Warm/Cool Gel Packs

[14:08] All right, let's jump into another interview from the CSUN Assistive Tech Conference. And this is the interview that now has a 75% mix on top of it with the great app Hush fixing the audio so you don't hear a lot of background noise.
I'm not entirely sure what this has to do with accessibility, but I'm talking to.

[14:29] Mark Wavius at Wonder Packs, and he handed me something delightful which we are going to reproduce for the video audience.

[14:36] But he's handing me a Small let's see you describe. It's a reusable ice or heat pack so you can put it in the fridge and use it for ice First however, there's a little metal coin on the inside and then you just click it from there will begin to heat up to 130 degrees and it's a moist heat. So this is going to increase blood flow and circulation and then you can use it for spot therapy as well. And it's an expanding like crystal type structure it looks like that came out when he when he squeezed this little metal disc inside. Yes so anytime that you do click it it begins to crystallize itself and heat up but.

[15:09] When it cools off you can reuse it with just boiling water. So you boil it back into a liquid and then you click it again when it gets back to room temperature. That's so interesting. So it's hot now, but when it cools down, then I boil it. That makes it just be the little metal disc again floating around in a clear liquid. But I squeeze it again and then this gooey stuff comes out. That is something that I've never seen before. It's WonderPax PAX, right? Now what he's handed me is like the size of the palm of my hand, which I will just want to hold on to because this is wonderful. My hands get cold, but you have other things here. Yeah, so we do have bigger ones too. I'll show you one really quick. This is our top seller. Okay, so this is for your neck and shoulders here. Could I borrow your shoulders really quick? You can, but describe it to the audience what it looks like. Gotcha. So pretty much this is going to form to your neck and shoulders. It has shoulder ridges and they have built-in pressure points on the inside too. So with the built-in pressure points you're going to be able to use it for a massage. Not electronically but manually. And even with the... So this thing is maybe the length of his arm and I don't know.

[16:13] Maybe six inches wide and he's gonna you're gonna you're gonna put this on me? Yes. All right, let's let's give this a try. So with the packs you just pretty much let them sit and rest like so wherever you're hurting. So this one goes over the shoulders here and then you can use the pressure points for a massage if you ever need to. Oh yeah that's I know keep going keep going don't stop while you're talking. I got you and then even with it resting too it's more of a moist heat so it's going to to penetrate a lot deeper and faster into the muscles without burning you. Also, these are safe to sleep with, non-toxic, and they can't burn your skin at all as well. And each time that you use it, it's hot for up to two hours or it can even be cold for an hour and a half. Wow, and how hot did you say it gets? I guess up to 130 degrees. That's crazy. Now, you put it on all all the way on my back before.
We need to demonstrate that on my shoulders here.

[17:03] There you go. So this is another way that you can wear it where it gets both the neck and the shoulders, and the little pressure points here. You can always use it for massage anywhere that you place it on your upper back. Oh man he stopped. Oh oh now it's oh it's got that that flap that's gone up my neck.
Or you can even use it on the shoulder individually too. And anywhere that you place this on your body you can use it for massage on the upper body. We have a lower body one too.

[17:29] All right am I gonna am I gonna lay down on the ground for this one? What are we doing here?
So this is just for your back, but the back is very versatile so it works well for any muscles or joints.
You can use it for knees, hips, lower back, ankles, pretty much anywhere that you need to. And then... This is a lot better than trying to microwave something and have me go, I don't know if it's hot enough or what.
Of course, of course. And then we even have this one for your feet.
So for the feet... Oh, it's a foot shape. How cute is that?
They help with plantar fasciitis, diabetes, gout, neuropathy, as well as even cold or sore feet. So any general foot pains really. And then you can pretty much wear them like sandals.
Oh yeah, so it's got a strap that goes up and around over the arch of your foot, over the top of your foot.
So you can do either the top or it's a Velcro, so you can even use it on the bottom of your foot too as well.
That is really cool. So I'm sold, I want all of these. Where would one go to buy Wonder Packs, is that right?
Yes. So you can pretty much buy them at any shows that we're at, like this one here, or you can buy them online individually.
So online they do retail pricing, so it's 150 a piece, but here we do bundles.
So we sell them in a set where you can get a discount on the price overall. $150 for a set?
Well, no, online they're 150 a piece, no matter like- $150 a piece?
Yeah, so here we do show specials. So it's a lot different here.
So for example, you can get the neck, the back, the feet here for just 240 instead, and then that's 119 a piece for the first two.
And everything else after that is free.

[18:52] All right, well, that's really interesting. Thank you very much.
Is there a website people can go to? So you can go to
Great. Thank you very much.

Keep Your Phone Secure in Your Hand with Anker Magnetic Phone Grip – by Sandy Foster

[19:03] All right, next up we have Sandy Foster and I want you to listen to how pristine and perfect her audio is because of Hush. But actually listen to what she's talking about, that's more important.
Hi, this is Sandy Foster with a short review. We all like to take photos with our iPhones, but I have on occasion been a bit nervous about leaning out somewhere to take a photo, maybe on a ship or somewhere like that. The most readily available method of holding onto a phone is a pop socket. I've never been a fan of pop sockets, though, since they're more or less permanent or, if removed, not reusable. Even worse, they mess up Qi or MagSafe charging.

[19:42] However, I've found a solution and couldn't be more pleased. It's called the Anker Magnetic Phone Grip and it comes in several colors. I chose a very pretty lilac. The cool thing about it is that it's, as its name says, magnetic, gripping the MagSafe ring quite firmly while still being easy to remove for charging or when it simply isn't needed. The ring through which your finger goes also works as a handy prop when needed for video or similar. The description on the Anker site says that the magnetic phone grip is for iPhone models 12 and 13, but I can't see why it wouldn't also work on the 14. The price is very reasonable too at around $16, though there's currently a 15% discount code available directly on the product page.
Well after Sandy made this recording for the show, she learned that PopSocket does now have a MagSafe version, but the anchor magnetic phone grip is quite a bit different from a PopSocket. It has this lilac flat ring. You could get it in other colors, but why would you? Anyway, this lilac flat ring connects to the magnets on the phone, and then instead Instead of a little pop-out thingy of a pop socket, there's a steel ring that flips out from the center of that lilac ring.
This means your finger is 100% captive to the phone grip and it would be incredibly difficult to drop it.
I think this looks terrific and I asked for it for my birthday.
Of course, in lilac.
For $16, it sure looks like a useful accessory to me.

Support the Show

[21:11] Well, I hope you're enjoying all of the content created this week.
You've got a chitchat across the pond light, a programming by self, and the nocillic cast.
All of this is brought to you by our fine patrons of the Podfeed podcast.
Whether they donate via Patreon or make a one-time donation using PayPal, they all make this happen.
If you'd like to help make these shows happen yourself and help pay for things like Hush, even though it was totally Terry's fault, I still spent $50, if you want to help make these shows happen and could spare a dollar or two, please go to and push one of the big buttons near the bottom to find out the best way for you to support the show.

Security Bits — 16 April 2023

[21:49] Music.

[21:57] Well, it's that time of the week again. It's time for Security Bits with Bart Bouchat.
How dismal are things this week, Bart?

[22:03] They're grand, actually. There's not that much news. So I actually did two sort of deep divey security mediumy sort of stories instead, really.
Oh, good. Which is fine. And I think I was thinking, actually, so last time we talked about, you know, why are there less stories than there used to be? And I think it's because, most of our security is automatic now. We spent all of our time in the past telling people to manually go do things. Whereas now, if you take a computer and do everything by default and turn your back, it's updated. So why did the blogs have to keep telling you, update your Firefox? I mean, how often was it update Firefox?
Oh right, you open it and it's just always done its update.
Exactly. And the operating systems default to, yes, I'll update automatically. So I think actually the answer is because security has been automated for Muggles. And that's good.
Yeah, yeah. Maybe it's still, if you're using an old device, throw it in the bin. Maybe you still get to save that one because it's not getting all these auto-updates.
That is true. Yeah, so I guess it's aging out. The problem is aging out. But I think that's honestly the reason there's so much less mundane stuff in the feed every week because we're getting better at just having it happen automagically. So I think that's why we're left with fewer meaty stories, which I prefer. It's much more fun having these kind of shows.
Yeah, so I get to have small, less nice things per episode instead of having my show notes full of little, little fiddly bits.

[23:30] So our first deep dive is, as you probably call this one, a medium.
To be honest, it was a story that could have gone as a bullet point in a story, but I scratched the surface of it and decided I wanted to go a little deeper.
So Opera had a big media announcement to say that their VPN service is now available for free in their iOS app.
It's like, well, that set off two alarm bells for me.
One, free commercial company, VPN. Those words, they're not good together.
So that means you follow the money.
Secondly, VPN by toggling a button in the browser on iOS, which is completely locked down, that's not technically possible as far as I know.
So how are they doing it or are they not actually doing what they say they're doing?
What is it actually? What is it actually, and how is this fiscally saying that it can genuinely not be selling all of your data?
Because they do very explicitly say that they're running all of this stuff in those RAM-only VM-style things like NordVPN and stuff do, so that it really isn't logging and it really is properly private.

[24:39] So that was a bit, hmm. So I went looking and I started reading the articles, and I immediately recognised something.
Every article was saying the same thing in very slightly different words, because all they had done was copy and paste the bloody press release and tweak the wording so it's in the style of their publication.
There was no actual meat in any of these stories, which really made me very cranky.
And I found myself saying, well, these people deserve to be replaced by ChatGPT.
If all you're doing is summarising a press release, ChatGPT is better at it than you.

[25:12] I hate it when people do that, when they're just getting juiced by linking to some hard work somebody else did?
Yeah. And in this case, it's actually worse, because the press release is PR.
So if I read a press release on Opera's page, my brain is switched to, this is a PR person, I need to apply the appropriate filter.
If I read the same sentence on, no, not tidbits, because they don't do this.

[25:38] Macrumors. One of the random Apple Insider macrumors, whatever.
If I'm reading the same verbiage, but it's got a byline of some Mac guy, and it's in the context of an Apple news site, I'm assuming that's informed opinion.
But if all they've done is copied and pasted the press release, what they've done is basically given the... They've converted PR into unearned... Yeah, unearned juice.
So I wanted the answer to my two questions, and I actually had to go and do a bloody search, for other articles from other sources to actually find the answer. And I'm happy to say I did find the answer to both questions. So TechCrunch gave me the answer to the question about following the money. So I'll just quote from the TechCrunch article. The company is able to offer free tools to end users because it generates revenue through other channels, including search and ad revenues, as well as technology licensing fees. It's projecting $370 million to $390 million in revenues for 2023 from its current sources of revenue.
So that's how they can afford to basically spice up their numbers by having a free.

[26:43] Add-on to their browser. Because it's actually hard to get people to do a non-standard browser.
So basically, giving this out for free is like a marketing feature to get people using their product, which they then monetize in other ways. So, okay, I'll buy it. I'll buy it.
TechCrunch actually took it a little further. So they actually went into the whole fact that that the Opera was actually bought by a Chinese company a few years ago.
And so the question is, if TikTok is a problem.
Yeah, so they've actually rejiggered their financing because everyone was suddenly so suspicious of China.
So there is still Chinese shareholders, but they don't have a majority share anymore and the company is in Oslo and it is GDPR compliant.
So I think actually that issue has been resolved by changing their management structure again.
They basically bought back a bunch of shares. But it was nice of TechCrunch to go into that stuff.
And given TechCrunch's origin as basically all about tech startups and stuff, I guess it's not surprising they had the money angle covered. They didn't have anything of use for me on the technical angle though. So I had to do more Googling. It wasn't Googling, it was DuckDuckGoing, but that's That's a terrible verb.

[27:50] So I. Yes. So I eventually ended up on and they actually dug into it and actually did their homework.
And no, it's not a VPN.
Like at a technological level, this is not a VPN. It does not use the VPN protocols.
In tech jargon, VPN has a specific meaning, it's a virtual private network, it is a virtual network adapter at the operating system level that encrypts all the packet sends through that pretend network interface.
It shows up in your routing table. It has a meaning.
In pure speak, if you just pretend they're English words and have no actual meaning, you can spin anything you like into a VPN, and that's what they're doing here.

[28:31] All they're doing is creating a- That quote needs to be pulled out.
If you want to pretend these words have no meaning, you can put them in a different order and mean something completely different.
Right, but that's what they're doing here. It's like, well, in English, these words don't have a specific meaning, so we just ignore the technical meaning for this technical thing we're selling and use these PR words instead.
So what they're actually doing is they're creating a TLS, which is basically the same protocol that runs HTTPS, a connection from the browser to their servers, and all of your browser stuff is going through that connection.
So there's nothing happening at the operating system. That isn't a bad thing.
That's an interesting, possibly good thing, but you should call it what it is.
Correct. And they're saying that they're better than Apple because they're giving a VPN, which makes me really cranky because I'm sorry, what Apple are doing with their safe browsing thing. Yeah, the private really. Thank you.
That's the buzzword I was looking for, is the same functionality delivered in a more anonymous way. So what Apple is doing is better.
They're just calling it a VPN. It is not a VPN. It is not using tail scale.
It is not using WireGuard.
It is not using any VPN protocol. It is not a VPN.
Not using a VPN protocol. So it's not a bad service, right?
It's actually taking all of the browser traffic.
But when you call it a VPN, you're giving people this feeling that if I use this thing, I can safely send email, I can safely do all sorts of stuff, and it's protected by a VPN.
No, it isn't.

[30:01] It's just what you do in Opera. Doesn't protect your location or anything like that.
No, it does from what you do in opera.

[30:10] Right, but if I'm doing something in a game, it has nothing to do with this.
No effect whatsoever.
Precisely, because it's not at the operating system level. It's within the browser.
That makes me really dislike Opera right now. Yeah, my basic conclusion is, yeah, not going there. Not recommending these guys. I was already pretty suspicious of the idea of a for-profit browser company in this day and age.
To be honest, I don't think there's a business model there unless you're being icky.
So, yeah, I'm just cranky. But anyway, I dug deep, I found the answers, followed the money fine.
Tech wheeze. Maybe we got to start paying attention. It's T-E-C-H-W-E-E-Z. Yeah.
So that's my first semi deep dive. I guess we call it a medium on reflection.
And then I take requests, apparently.
So you sent me a telegram message about a week and a half ago, I think it was.
It was not this week, but it was after we last recorded, saying, there's this new thing from Apple called Rapid Security Response. Can we talk about that, please?" I'm like, okay, your wish is my command.

[31:12] So last summer, Apple announced this thing we're going to talk about now, Rapid Security Response, in WWDC. But it was one of those features with that elastrix and XFIT that says, coming later. So when they launched iOS 13 and iOS, sorry, Mac OS 13 and iOS 16, it wasn't there yet, but it was on the way later.
And I don't like to talk about things on this segment with you that aren't real.
I intentionally keep my powder dry until it's actually available.
And so I have been...
This has been in the back of my mind for ages, since last summer.
When this finally rolls out, I want to talk about it.
And I never did because I didn't think it had rolled out. But it has.
So I went and did a bit of digging. it rolled out with Mac OS 13.2 and iOS 16.2 in January.
But I went through the news archives. No one mentioned it because that was the release that brought us advanced protection for iCloud.

[32:10] Everyone talked about advanced. Which one is advanced protection?
Is that the one that you only use if you're possibly targeted?
Certainly what I would say is where you have true end-to-end encryption, where Apple can't get you back in if you forget your stuff.
But some people are turning numbers. You didn't recommend it for normal people, right?
We absolutely did not recommend it for normal people, because it's a feature, not a bug, that if a normal person messes up, Apple can help.
Right. Okay.
But that got all the headlines because that was a big deal. And it was also with the hardware tokens were able to be used as a second factor authentication, which is which is useful for everyone who has a hardware token.
By the way, that's not one for only special people.
So for people who have hardware tokens.
So that was way more newsworthy than this small little feature, and therefore I checked it just wasn't mentioned in the news.
So it snuck in and I never noticed and I wasn't alone in not noticing most of the Internet didn't notice.
So it's actually been live since January.
So, what is it? Well...

[33:10] Let's say the name again, Rapid Security Response. Which is a very good name.
Which is a very good name, because it actually does do what it says on the tin.
So, before I can say why this is better, let's have a look at how things were in December of 2022.
And in all versions of iOS and macOS before 13 and 16, by the way, because Apple are not backporting this, right? This is only for people who stay current.
If you're continuing to take security updates on iOS 15, 15, you're secure, but you're not getting new shiny.
You're only getting to keep what you had before. So the way Apple have handled their updates is that...

[33:44] Each update contains three distinct things. New features, possibly.
Bug fixes in terms of functionality problems. And security fixes.
So those three get lumped together into iOS 16.1, iOS 16.1.1.
They're all mushed together.
And you notice this all the time, that I will tell you there's a new version of iOS out, and you will tell me, but my phone hasn't updated yet.
And we now know why that is, because Craig, is it Craig? I think it was Craig who actually said it on the talk show with John Gruber.
You know the way they do an interview every year at WWDC? He actually explained it to John and therefore the entire audience.
They intentionally only actively push it on the first day to a very small, I think he said 1% of users.
And they wait to see if the internet explodes with people shouting at them.
And then over the next month, they throttle up.
So after a week, a whole bunch more people get it. And then after two weeks, a whole bunch more.
But it takes a month until everyone gets it.
But if you proactively... I thought they did a slow roll, but I didn't know it was that slow.
Up to a month. That explains it.
OK. Now, he did also say that if you open the settings app and go to software update, that jumps you to the top of the queue and you will just get it immediately.
So everyone who looks, it's always ready.
But if you don't look, it could be up to a month until you get it, which is fine for new features.
OK for bug fixes? not okay for security.

[35:12] Right? Sorry. The fact that they're automatic is good, better than it was two or three years ago, but it's not a good fix. And Apple knows it's not a good fix, which is why there's a new feature.
So what they're now doing is security fixes are being pulled out of those regular...
Okay, there may still be some security stuff that isn't critical in the regular stuff, but the AUGA, AUGA, this is...
There's active exploits. This is a really big problem.
The serious security stuff is now being separated out into a separate process.
And that process has a daily check with immediate rollout.
So there's no waiting, there's no queuing. It's just rapid, right? Rapid security response.
So your machine checks in every day and it will take what it's given straight away.
And everyone's offered it straight away.
Has it happened since January? I don't believe so. I don't believe so.
Okay. But we might see one day where it's like, hey, I don't remember asking for that or doing anything manually.
You wouldn't even notice it because what they're doing is, so their individual security fix is being packaged as a single, It's like it does one thing and does it well.
So because they're small and targeted, they're much, much less likely to need a reboot.
They're also... But would they change the OS level? Yes. A little bracket and a letter will appear after the numbers.
Oh, okay. That's good. So letters never existed before. Yeah, letters never existed before.
It was always number dot number dot number. Well, now if you see bracket letter, then you have a rapid response.

[36:40] Ooh. We got everybody pay attention looking for it now. Yeah, look for the little bracket and the bracket. in iOS and macOS.
Yes, they basically... I think the operating systems share a brain now.
So I think for these kind of things, we can expect them to always come in sync with each other.
So because these are focused on security and they're fixing a specific problem, they're tiny.
Like, they're not hundreds of megabytes, because generally speaking, a security problem is an if statement with the wrong value or something.
It's generally speaking, teeny-weeny tiny. It just has a big effect.
So these are tiny little updates, so they don't need to wait for you to be on good internet.
They're only... They're surgical strikes, they're not carpet bombing, so they're much, much, much less likely to need a reboot. They're not promising never to make you reboot, but they're telling you they're going to go out of their way to avoid it.

[37:31] Are they, if you don't have automatic updates on, do you still get these?
So it, that depends. Okay. The default is yes, you do, but they are a separate checkbox.
So you know the way when you go into automatic updates, it's expandable.
Even now it's already been expandable where you can have different options like download only and all those kinds of things.
Well, if you go to the show me more detail of the software updates, there should be a a new checkbox in there for rapid security response.
Let's see. Oh, OK. So I see check for updates. I see download new updates when available.
Unchecked, I have install macOS updates. Unchecked, I have install application updates from the App Store.
But checked, automatically without me having notice, is install security responses and system files.

[38:19] Yeah. So that is... So don't uncheck that. Don't uncheck that. Precisely. Precisely.
And so that gives Apple a fast-track way of pushing the stuff straight away without changing their process for the giant big updates.
And also, these are all reversible. So if you have one installed, there's an interface right there to pull out the specific, take away the B or take away the A or whatever.
So they can be backed out quickly as well, should it ever be needed.
But because they're small surgical strikes, the probability of them doing something bad is way lower because you're not changing thousands of lines of code.
You're changing like five or six lines of code because there's a specific bug to be fixed.
So I do see letters, I do see characters, I should say, after the version number.
It says Mac OS Ventura 13.3.1, parentheses 22E261.
I think E261 is a build. I don't think that is...

[39:15] I wonder what it'll look like, because it's parentheses. I haven't seen it.
I'm only going by what was in the article linked in the show notes.
So I'm regurgitating on the people's work, because I don't believe Apple have actually pushed one yet. So iGeek blog have a nice explainer, which is linked in the show notes.
So that's what it is. That's what it does. And it's a really good idea.
I'm glad I brilliantly asked for that. I'm laughing because Bart said he was going to talk about it today. And I said, really, I asked for that? My memory is just I can tell you that like the middle name of somebody I knew in high school and I can't tell you what I talked about last week.
I was a little hilarious that your entire chit chat across the pond was about a blog post you hadn't heard of that I told you about that you said at the time.
Oh, I must read that. That sounds important for me.

[40:01] I laughed. I could probably count on one hand the number of things I remember to go back and read after we talk about them.
It was a great chat about the past. Not with ill intention. Absolutely.
It was a great episode and I'm delighted that you had Adam on because he did a way better job explaining it than me saying, go read this post. It was a really good discussion.
Yeah, if you read the post, it is really good, but you have to read the post.
It's not spoon-fed, do you? Like having Adam on to tell you about it.
Precisely. And it's much easier to do that while cycling than reading a blog post while cycling.
I haven't tried the former or the latter, but I don't plan to.

[40:34] Right. So with that out of the way, let us jump into our action alerts. Auga, Auga.
So Apple have released a bunch and they didn't use these through rapid response, actually, which is a bit weird. They released iOS 16.4.1, iPadOS 16.4.1 and MacOS 13.3.1.
And I don't know why they went with that route, because these were actually nasty zero day fixes and they rolled out one week after 10.16.4.
So I'm not entirely convinced. Wait, 10.4? Sorry, 16.4 and 13.3.
So they just did point releases like literally just a week or two ago.
And now the point one is almost immediately out. And it's because there were some zero days and they haven't been very explicit about it.
But the credited people are the, oh, those Canadian crowd who discovered Pegasus. Citizen Lab.
And they involve kernel level zero days, which could be used to install spyware.

[41:35] And they came from Citizen Lab. And Apple said they were being exploited in the wild.
So I think there was another case of someone discovered some spyware being used in a very targeted fashion.
JG Did this one roll backwards to older machines, or older OSes?
MG Yes, they did. So basically... JG So maybe that's why it didn't end up in rapid response.
That's a very good point.
Because they did within... So on the Friday, we got the update for iPadOS 16 and MacOS 13.
And by Monday, we had the updates for iOS 15 and Monterey.
And I think it was by Wednesday, we got the HomePod and tvOS.
So I think there was a two day gap between the three rounds of it.
But very quickly, all three rounds rolled out.
Okay. And there's also a Safari 16.4.1 for the really old operating systems.
So they really went full court press on this one.

[42:35] So good. And I normally put security patch Tuesday first because normally that's the biggest security news. But to be honest, Apple's one is bigger. So patchy, patchy, patch, patch. And now just to say it was patch Tuesday. Microsoft also fixed some zero days. But to be honest, they're not in the kind of things most people have turned on for regular home users. Like we don't use Microsoft's DHCP server. That's what our router does. We definitely don't use the enterprise message management queue. That's an optional extra on Windows Server that isn't even turned on by default. We don't do that at home. So those two zero days are not scary to us. And home users tend not to be the world's biggest users of Apple or of Microsoft's corporate disk encryption features. So the fact that there was a bypass for some of the secure boot stuff, isn't an issue for home users either. So patchy, patchy, patchy, patch, but this is not hair on fire stuff, whereas Apple's one seems really serious.
So patchy, patchy, patchy, patch. Now, worthy warnings, this is not a happy section of the show ever, but this this one seems, I don't know, seems a little bit worse this week.

[43:43] So the first thing we have is a story from TechCrunch telling us that those Twitter circle tweets.
So remember, Twitter were like, oh, if you're oversharing too much and you don't want to get shared as much online, we have this way of you sending a tweet to only a few trusted people. It's like a DM, but it's a little bit broader.
You know, a nice and private way to have a conversation with just your friends.
Yeah, it turns out they broke the security on that. So they're actually public tweets by mistake.
So always careful or somebody had to do it.
If you know it won't show up in your timeline, it won't be pushed at people.

[44:16] But they're available, which means that if someone discovers one and wants to make your life miserable, they can share the link that will work and bypass the restrictions.
So here's it. Can I give you some comedy in here? Oh go for it. I think I think it's circle tweets I believe you can be invited to circle tweets where you have to pay to be in the circle and, And Elon Musk is charging four dollars a person to get people to listen to him in these actually know it was it was spaces That's what it was basis So where he's gonna talk four dollars a month the richest man in the world is charging four dollars a person for people to listen to him, But he's very keen that Twitter's cash flow is about to go positive.
He said so.
I heard him say it and don't believe a word of it, but anyway.
So my advice is if you're typing it into Twitter, whether it's a DM or whether it's a circle, assume it's a public tweet.
Because if it isn't, it probably will be.
There's somebody there to fix it. Exactly. So just treat Twitter as dangerous. All of it.
Okay. No privacy. Next up, this actually is so bad that the US Cybersecurity and Infrastructure Security Agency, CISA, actually issued a notice warning people.
There is a company called NEX, N-E-X-X, who make, they're described as an IOT vendor, but they make garage door openers and home alarm systems.

[45:40] Their security is catastrophically flawed. You can send replay attacks.
So if you capture the packet that says open the garage door, you can just replay it and the garage door will open again.
They are using the IDs of things as a security token, which is absolutely not the right thing to do. It's like saying if you know the MAC address, the computer will do whatever you tell it.
So you can basically, if you know the ID of someone's garage, you can just make it open.

[46:06] That's utterly insecure. And there was something else they were doing that was catastrophically bad.
Frankly, if you have a next product, assume that anyone can open your garage door because frankly anyone can open your garage door.
Disconnect it, buy something else would be my advice. Wow.

[46:27] Wow. Well, there we go. Toss it in the bin. Toss it in the bin. Yeah.
Which is a bit difficult for a garage door opener unless you have a very big bin.
But yes, that is my advice here. And like I say, even CISA went as far as to issue a notice on it.
This is not good. Similar category. I actually almost deleted this from the show notes because you don't let me do bad news. But then I realized that actually there is something listeners need to do if they were affected by this.
So there is an officially sanctioned way of filing your taxes online in the United States called e-file over at
And they're fully accredited from the IRS.
They were serving out Windows malware for weeks in the lead up to tax day.
So if you're a Windows user who uses E-File, get yourself an up-to-date virus scanner and do a full scan of your machine.
Because while it was the kind of malware that is a Trojan rather than a run automatically.

[47:24] If you click the wrong button or if you're not sure if one of your family members may or may not have clicked the wrong button basically if you're an e-file user just just check will you, because they were actually serving actual malware on this official site sanctioned by the government, bad bad bad bad that's terrible i'm afraid to ask my windows friends i'm gonna put my head in the That's fine, we've said it on the show.
Yeah, there you go.
Now, if you're a gamer, there is a very good chance you use products from MSI because they make really good motherboards and things. If you're the kind of build your own PC person, MSI motherboards are king of the heap.
I know this because there's one just a few meters that away. Not mine.
They have had a breach.
They haven't really been all that clear about exactly what was taken.
The bad guys say they have the private keys of the which means if the bad guys are telling the truth, right, so we're believing.
So MSI have not said one way or another whether or not they've lost their private keys, possibly because they don't want to make an affirmative, they don't want to make a definitive statement until they have the facts they're probably investigating.
But right now, the baddies say we have your private key and the goodies are saying nothing.
Private keys to what?

[48:44] Okay, so private keys are used to sign things. So drivers have to be digitally signed these days.
Drivers. There we go. Okay.
I'm picturing a piece of hardware and trying to figure out where the private key is.
I've got a motherboard. It's the drivers. It's the drivers.
So the big thing gamers want to do is get the most performance out of their hardware.
So they're very picky on their hardware and they're very, very picky on their drivers because the drivers make the same hardware go better.
So it's very, very common for gamers to be getting all sorts of hardware, all sorts of firmware updates and everything. They're very, very quick to install them.
And normally digital signatures would have your back. So it doesn't matter where you download the driver.
If it's digitally signed, that should be fine. so you can get it on a gaming forum.

[49:25] And if it's signed by MSI, it's fine. Well, MSI have probably lost their private key.
So that means you cannot trust an MSI driver that you yourself did not get from MSI's own website.
That is... Oh, if you got it from MSI's website, you're OK? Yes, because MSI have explicitly said that they are in control of the website.
The stuff on the website is known good.
So that is the one thing MSI have said. We have been hacked.
We are investigating. do not get drivers anywhere but here.
Which implies to me they know they've lost their private key, but they're not quite prepared to own up to it just yet.
But the attackers say they have the private key.

[50:04] Let's say you have an MSI motherboard and you downloaded the driver for the graphics card that's on it or whatever, and you got it from a gaming website. Can you now go to MSI and download the new one and you're okay? Yes.
Is that how that works? Okay. Hmm, is that how it works? You definitely want to do that.
Yeah, then it sort of depends on your risk profile, because the danger with a low level driver is a rootkit, which means it gets to have... And if it already did it?
Yes, yes, that's it exactly, right? If it gets in first, can you really be sure you've cleaned up?
Yeah, yeah. So if you're just a home user, it's probably fine. But if I were the tech guy for my CEO whose laptop had had a driver installed of dubious origin, I would be doing a wipe it install on the CEO's laptop because that's a high risk person. If I were a journalist, if I were the techie person in the New York Times, I know what I would be doing, wiping all the MSI drivers. But the chances of your typical New York Times journalist going around installing firmware from goodness knows where is very slim, right? They're going to get their firmware from software update or whatever, so it's fine. But yes, that is a thing that happens.
Do about it probably. Under any condition, you should do it.

[51:21] Yes, exactly. And just basically, if you're an MSI person, be very careful not to just grab stuff from a forum anymore. That's not safe anymore.
Those keys have probably leaked. And in a similar, please hold, news story, Western Digital have said, we have been compromised.
We don't know how bad it is yet. We have turned off our cloud services as a precaution until we figure out what happened.
So basically, we don't know if customer data is safe. So if you're a Western Digital customer, he uses what they call My Cloud, your service is currently broken.
It's not because something's wrong with your stuff, they've turned it off.
And you need to watch Western Digital's website for updates.
They will, I'm sure they will communicate when they're ready to.
Explicitly said we are investigating, please stand by. So okay, this is a flag for me saying if this affects you, stand by.

[52:22] And this may or may not make the news again, so I may or may not tell you again. I'm telling you now if this affects you, it's your...over to you. You go pay attention.
You go pay attention. I have no flag yet.
Can I read you a security announcement that it's not in the notice here, because there's an email that came to me that I think was probably the best written, holy crap we just got hacked email I've ever seen. It was from Affinity who make Affinity photo.
And it's from Serif actually, but the Affinity team.
It says, unfortunately, we have become aware that personal data relating to users of the Affinity forums may have been accessed from outside the company following a cyber attack on 6 April.
It appears that an administrator's account was compromised, allowing access to our forum's members list.
What data was accessed? The data which may have been accessed is what's on your public forum profile, username, post count, reputation, joining data, et cetera.
But it additionally includes your, and in bold, email address and last used IP address, which would ordinarily be private.
Thankfully, we can be sure it would not have been possible to access your form account password, so that has, bold, definitely not, been compromised in this breach.
I mean, I don't think I've ever seen anything more clear than that.
Good, yeah, I agree. Here's what happened, here's when it happened, here's what got lost, here's what didn't get lost.

[53:39] That's what we always want. It goes on, but it was just like, yeah, that's what you want.
There was no PR person watering that down. Or a really good one did it.
Or a really good one, actually doing their job.
Jason Snell said, in talking about PR for Matt Poli, he said, the thing you need to remember is that a PR person's job is to sell more of the product.
Yes. And I thought that was really interesting. If you look at it that way, this would sell more of the product, even though their first instinct might be to hide it and sweep it under the rug.
It doesn't sell more product. See, last pass.
Yeah. I think that comment was actually, the context of that comment was very good as well, because a lot of people didn't like Katie Cotton, who unfortunately recently passed away, but she was a long-time Apple PR person. And a lot of journalists didn't like her because she wasn't on their side. But that wasn't her job. Her job was...
It was so insightful hearing him talk about that, wasn't it?
Yes. Because he saw that. He said, I was terrified of her, but this was her job, was to sell more Apple products. But every PR person's job actually is that.

[54:46] Yeah, it's to have the best interest of their company and to put their company's best foot forward. So you know that they're not on your side as a journalist, and they shouldn't be.
You're supposed to be in an adversarial relationship. That's your job.
Well, and it gets back to how people are always complaining about, oh, I got blacklisted by Apple, I'll never get invited again because I said something mean.
Well, yeah.
Maybe you deserved it. Well, no, not deserved.
Just it is in my company's best interest to not let you have access if you're going to talk poorly about us.
Don't feed the trolls. Yeah, you don't have a right to it, right?
It's not that you're being entitled to it. Anyway.
Right. Notable news then. Just two stories, nothing to… Well, okay, I won't say that about the first one.
So this news story here is from Citizen Lab, and they have released their findings highlighting highlighting the fact that the NSO group were not a one-of-a-kind group. There is another grey hat security company in Israel selling a software that is a lot like Pegasus. This case is called Regan, and the company is...
I think that's Rain.
Rain. That's how that's pronounced. R-E-I-G-N.
Rain by Quadream or Q-U-A-D-R-E-A-M.

[56:05] Oh good. Yeah, there is more of this than just the NSO group.
So it is actually a thing to be aware of that.
And Apple are doing a lot. That is why Apple are putting so much effort into stuff like the advanced protection for iCloud and stuff.
It's because they're going against these kind of things.
Yeah, I guess. Yeah.
Just don't think the problem is solved because NSO group is basically going bust.
And then the last thing is you may have noticed this, but I certainly noticed that all of a sudden my news feed was full of warnings about juice jacking.

[56:36] Just out of the blue, and everyone was talking about it.
I was getting there. So juice jacking is where if you plug a USB style lead from your phone into a plug that isn't yours, there could be all sorts of malware lurking in that plug.
It is really dangerous to plug your device into someone else's socket. Just don't do that.
And it's called juice jacking when you hack someone's phone that way, because it's, you know, you're juicing up your phone, but actually you're getting it hacked. So it's getting hijacked by juicing it up. And I was afraid that... So it is true that the US government put out a PSA warning people against juice jacking. And my fear was, oh my God, something has happened, that's why they're pimping the juice jacking. But no, they just have a thing where every two years they just revamp their PSAs because they're going stale. So they just revamped their PSA.
And for some reason that no one could understand, all the media sites suddenly went, oh, great, let's talk about that." And it just went viral across the internet, and everyone, I think, was assuming there was a reason for it, but it was just some PR person who went, oh, it's been two years. Copy, paste.

[57:42] JG Well, that's good, though. MP It is good.
JG It's a reminder. Because I've started looking at those and going, oh man, I'd really kind of, oh yeah, that's right. That was a bad idea. Thank you to Jill McKinley for posting this first in, the first time I saw it was in our Slack at slash Slack, because that's how I saw that it had been updated or that it was in there again. I kind of assumed it was the same thing, but she said, I've heard this for years, but a good reminder. So it was in the right context. But it is a good reminder to go, no, no, no, no, it didn't get safer.
Just because time passed. It's the exact same thing. Probably not better than it was, but that's good.
Yeah. Well, you know, Schreider's second law, attacks only get better. If it used to be dangerous, it's dangerouser now. It's not going to get less dangerous. Right. Anyway, That brings us on to some palate cleansing. I only have one and it may not be your cup with T. Allison but I thought this was fascinating. So mathematicians.

[58:37] Spend their leisure time nerding out with the same level of geekery as you and I do in the terminal and playing around with stuff, but they do it on different things because they're mathematicians.
And one of the things they're fascinated by is what's called tiling, which is literally covering a surface with a shape. And the aim has been to find a so-called Einstein tiling, which is a one stone. So Einstein has a pun on one stone. It's only a joke that it rhymes It has nothing to do with Albert. It's a joke that it is Albert.
It's one stone. Einstein means one stone?
Oh, OK. It does actually, right? And so what they wanted to do is, is it possible to find one shape that you can use to cover the plane, so in other words, the entire universe, so it never repeats? In other words, a tile like pi. So pi never repeats itself, but it goes on forever.
What doesn't, what isn't going to repeat in this? You're repeating the tile.
On the floor. Right. But the pattern the tile makes will never repeat. So you can cover your floor with this tile. Oh, OK. So it's like a fractal or the opposite of a fractal almost.

[59:40] Yeah. So if you have like even the fanciest tiling seems like I have a tile. My kitchen tiles I chose because they're really cool because they come in four different shapes and the pattern they make is really complicated and it only repeats itself once in the entire size of my kitchen because it's a really complicated pattern. But it does repeat itself eventually.
Einstein tiling uses one shape and to infinity will not repeat itself. And they finally found it and someone made a cookie cutter. So you can bake a shape that you can make an infinite tiling with. I mean, it's a weird shape, but it's not, you know, it's pretty principle.
They named it too. Yeah.
Yeah. It's... it.

[1:00:24] Triskidecagon. Triskidecagon? It is a Triskidecahedron, because that's how many sides it has.
It doesn't say hedron. I think hedron is the three-dimensional.
Oh, a gun. Sorry, yeah. A gun. So a 13-sided figure that's... So there are other...
13-sided figures.

[1:00:43] ...decagons that aren't the hat. This one's called... Correct.
The hat, that's easier to describe.
Yeah. And so there it is. That is the shape. Oh, this is fabulous.
And so it answers the question of, can you tile the plane with one shape and have it never repeat? So this basically is like hardware pi.
Like pi doesn't repeat, this shape will not repeat. I just thought it was cool.
You had me at mathematician. Why did you think this wouldn't blow my dress up?
This is exactly what I love.
No, you don't like arithmetic. What are you talking about? No, no, I don't like arithmetic.
Please do not say I don't like math. No, I just corrected myself.
I got there one millisecond before you.

[1:01:17] Oh, by the way, since I've been talking endlessly for the last, coming up on 18 years about the fact that I can't do arithmetic, Helma sent me a little game for my phone to practice my arithmetic.
And it's not helping, but it's adorable. It's called Duolingo Math.
And it's just got these little problems where it's like, here, you know, do these fractions and stuff like that.
But I still, the other day I needed to subtract 1987 from 2023, and I simply just sat there with no idea how to do it. I mean, I could sit there and go, okay, 83, let's see, plus a 7 would get me to 90, plus 10, 17, okay, 17 gets me to year 2000. I mean, that's how I have to do it. Can't see it, can't feel it, can't breathe it. It isn't in my head.
But I'm having fun playing Duolingo math. I played it lunchtime every day.
What an interesting idea to take their learnings from teaching language and flip it to teaching rhythm check.
Yeah, well, maybe it'll get hard enough. I'm still up only to like the sixes. So it's the eights that always throw me. Those are always tough. But anyway, I thought it was funny that you sent me that. And I'm doing it. Well, this is very cool. That is, that's a fabulous palate cleanser. I love it.
Excellent. Excellent. Then my job is done. And with that, I will remind everyone that they should stay patched so they stay secure.

[1:02:38] Well that is going to wind us up for this week. Did you know you can email me anytime you like at Allison at and I will probably answer you. If you have a question or a suggestion, just send it on over. You can follow me on Mastodon at Podfeet at
And remember, everything good starts with If you want to join in the conversation, I highly recommend joining our Slack community at slash Slack, where you can talk to me and all of the other lovely Nosilla castaways. Even Bart is known to dip in and out with conversations here and there. You can support the show and help pay for Hush If you go to slash Patreon, or do a one-time donation at slash, And if you want to join in the fun of the live show like Michael King did after having been gone for a long time, simply head on over to slash live on Sunday nights at 5 p.m. Pacific time.
Join the friendly and enthusiastic Nocella Castaways.

[1:03:30] Music.