NC_2023_07_09
[0:00] Music.
[0:10] Today is Sunday, July 9th, 2023, and this is show number 948.
Well, it's that time of year again, it's time for me to ask you to step up and help create content so I can take a couple of little trips with Steve.
This coming week is our grandson Forbes' birthday, and I've also got a video due to dawn tomorrow, which means it's going to be super tight to get content together for this coming week.
So any early submissions in the next couple of days will most likely make the next show if you can help me out.
[0:38] Then two weeks from now is Max Talk, so a week from this coming weekend.
We're going to be out of town from July 20th to 24th, so I'm pretty sure I'm not going to be able to pull off the show that week before Sunday because I'd have to get it done like on Wednesday, which means I'd have like Tuesday to get it done.
Anyway, I'm going to need a lot of help from folks for that week's show.
I'm quite likely to have to slip the show till Tuesday and shove a mic in people's faces during Max Talk to get content, but that might be fun as well.
Then we're going to Mammoth Lakes for a week with Lindsay and her family, August 6th to, 12th. So if you have something right quick for me, I can use it.
If you have something in a week, I can use it. If you have something the week after that, I can use it.
So dust off those microphones, look around at all the gadgets and software you have on your desk, and please do a review. Let's keep this 18-year streak alive.
You can send them to me at allison at podfeed.com.
CCATP #773 — Bart Busschots on PBS 152B — Bash: xargs & Easier Arithmetic
[1:33] This week's episode of Chit Chat Across the Pond is another installment of Programming by stealth. Now, if you've been following along, in installment 152A, Bart and I decided to hold off on the middle of the lesson that he'd written up. That middle bit where he said, put a pin in it, was about the use of Exargs. I am so glad we did skip it in the last installment, because it's a pretty useful concept and it deserved a lot more attention than we would have given it if we tried to cram it into the middle of that episode. The, other good news is that Bart learned a bit more about how Exargs does its magic, so he, was better able to explain it, and he updated the show notes with a lot more detail and a great worked example.
[2:12] As a teaser, the big problem XARGs was designed to solve is that there's times when we want the data from the standard input stream, stdin, to be passed to another command as one or more arguments.
In any case, you can find Bart's fabulous tutorial show notes at pbs.bartificer.net.
Are You SURE You Want to Put That Beta on Your Production Device?
[2:30] Well, happy OS beta season to all of my Apple friends! As you may know, back in June during WWDC, Apple announced that developer betas would be available right away for macOS Sonoma, iOS 17, iPadOS 17, and WatchOS 10.
They also said that public betas of all the OSes would be available in July for the masses.
But then they did something unusual. They did not put restrictions on who could download the developer betas.
As nobody does FOMO—fear of missing out—better than Apple people, I've seen a lot of normally self-restrained folks loading up these developer betas on their devices.
If you have a spare iPhone, iPad, Mac, or Apple Watch, that's a fun and probably harmless exercise.
And while public betas are still betas, they do tend to be a bit more stable than developer betas.
But obviously, if you depend on your device to get work done or communicate with friends and family, you would never, ever put a developer or public beta on your primary device.
You know that, but you're still tempted, aren't you?
[3:33] Now explain two weeks ago how to create a separate volume on your Mac with APFS, the latest file system, and explain that you can install a beta OS on that volume and not put your primary machine at risk.
Kind of the best of both worlds.
Sadly, those instructions came a little too late for Mr. Ed, as he'd already given into Temptation and installed macOS Sonoma developer beta 2 on his primary machine, a MacBook Air.
Now to be fair, he also has an iMac as a backup, so it wasn't the silliest thing to do.
[4:05] Now I got a hint that he'd put the beta on his Mac when he texted me with the question, are you on Sonoma? From there he went on to explain that he had a tiny smidge of a problem and he was wondering if I could help. He was unable to type on his keyboard. Okay, well, While technically he could type, but no text appeared, he only heard clicking sounds when he typed.
He reported that the mouse worked just fine.
As a diagnostic kind of fixed step, he tried rebooting with the shift key held down, which, had it been an Intel Mac, would have booted up into safe mode.
But his MacBook Air is an Apple Silicon-based Mac.
For future reference, to boot into safe mode if you have an Apple Silicon Mac, hold down the power button until you're shown the disk from which you can boot.
To volume and only then hold down the shift key and click continue to boot into safe mode.
[4:54] I suggested he try an external keyboard, and I'm not sure if he tried that or not. But, right around the time I suggested that step, he mentioned that clicking on the TailScale menu item didn't do anything. You may remember that TailScale is an interesting networking tool that I recommended back in November. It allows you to put all of your devices on on a virtual private network while they also are still on your normal network.
TailScale runs as a menu bar item.
I didn't get as far as asking whether any other menu bar items were misbehaving, but I dashed over to the Googles and I searched for macOS Sonoma keyboard problems.
I was quickly rewarded with a Reddit post about the same keyboard issue on Sonoma Developer Beta 2.
The poster explained that their keyboard worked in Alfred, but nowhere else. So that was curious.
Two people said they had the same loss of keyboard access, and they traced it back to Little Snitch.
[5:48] Another person posted that Postgres Menu Helper was the problem.
Yet another person posted that it was Parallels Toolbox that was causing it.
Yet another person said it was Western Digital Discovery. And finally, someone said that quitting Tailscale fixed the problem for them.
The one thing I see that all of these things had and all of these different apps had in common was that they were all menu bar items.
I got back in contact with Ed and we discussed how he could force quit Tailscale to see if it would release his keyboard.
Menu bar items don't show up in the normal force quit menu, but I knew a way to do it for any process.
I suggested to use his mouse to open Applications and then Utilities and then double click on Activity Monitor within there.
Once he had Activity Monitor open, he could sort alphabetically and scroll till he found Tail Scale.
[6:37] On the left top side of the toolbar for Activity Monitor, there's a tiny icon of an X inside a circle.
If you hover over it, the tooltip says, stop.
With the suspect app in focus, hitting the X icon offers to quit the app or you can choose to force quit.
And when I'm annoyed at a menu bar item or any other app, I don't wait around to see if regular quit works, I just jump right to force quit.
[7:02] So Ed followed my instructions and as soon as he force-quit tail scale, his keyboard became functional again. And while it was really fun to be the hero saving a good friend in a time of crisis, I tell you this is a cautionary tale. Do not ever, ever, ever put a beta operating system on a device you need to reliably use. Unless, you know, you just can't stand to be left out of all the fun, of course. I'm not blind, but ever since I was nine years old, I've been
How I Test Apps for Accessibility with VoiceOver
[7:31] fascinated by assistive tech for the blind. When I was nine, I read a book called Follow My Leader by James Garfield, in which a young boy named Jimmy is blinded by fireworks. I, also don't like fireworks. Anyway, in the book, Jimmy learns how to deal with his loss of sight, including learning braille. As a little girl, I got a piece of cardboard and a punch from my dad's shop, and I made dents in the cardboard to simulate the braille dots of the alphabet on the flip side of that piece of cardboard. I taught myself the alphabet sitting on the floor of my bedroom.
[8:02] When I was in high school, my mom began to lose her vision to macular degeneration.
She faced it with courage and strength and never once complained about it.
The pod mom was pretty amazing.
When her vision was getting pretty bad, she had a salesman from VTech come to the house carrying a giant machine to demonstrate to her.
The basic idea of the VTech device is still in use today. It has a flat area where you place a piece of paper that you want to read.
Above that is a large display, at the time it was a CRT, and it has a camera underneath that points down at the paper.
The VTech had controls for zoom level, contrast, and colors.
My mother was enchanted with the VTech, and my father, who was devoted to her, wouldn't even let the salesman leave with the demo model.
He bought it on the spot and told him, You're leaving it here.
[8:49] This began my mother's love of assistive tech. She even did a review for the Nosilicast about a digital book reader that she was wild about.
If you'd like to hear her back in 2010 telling us about it, there's a link in the show notes to Nosilicast number 259, and her appearance is right near the very beginning of the show.
It's an intelligent assessment of the book reader, and she makes fun of me, kind of a lot, so you'd probably enjoy it.
Now, I enjoyed learning along with the Podmom about assistive tech for the blind.
Eventually I started getting interested in the built-in screen reader software on all Apple products called VoiceOver. I doodled around with it here and there, trying to figure out how it worked. I was starting to get the hang of it, and then I got a crazy idea. Maybe I could force myself to learn how to use VoiceOver if I committed to doing a tech talk at Macworld while blindfolded.
I was just as nutty of an idea as it sounds, but I didn't learn VoiceOver without help.
A lot of blind folks love podcasts because, guess what, they like everything that sightlings like.
So I started leaning on my blind friends I'd made through the podcast to help me learn.
Learning to use VoiceOver on the iPhone was pretty easy because everything's kind of in a nice grid, controls and applications are predictable places, and most buttons are labeled.
My understanding is that Apple provide a very structured API that makes it easier to automatically design applications for accessibility with little effort.
[10:10] VoiceOver on the Mac is a lot harder to learn and to use. Every app is completely different and don't even get me started with the variability in website design. I was eventually able to come up with a very narrow set of tasks that I could mostly reliably perform with my eyes closed for my presentation. It went well, but definitely not flawlessly. There's a link in the show notes. It's kind of hard to watch, actually. Well, for me.
Anyway, I'm glad that I forced myself to learn voiceover in such a sink or swim way.
I didn't get to a point where I would ever call myself proficient in voiceover, but I, gained just enough skills that I think I can test apps on the Mac to figure out if they might be accessible to the blind.
I can definitely tell if an app is totally unusable with voiceover, but I wouldn't ever be able to say an app was completely accessible.
I thought it might be interesting if I taught you a few of the things I use to test apps for accessibility.
[11:06] Now I'm going to repeat it again, I am not an expert in voiceover.
I'm like maybe a high level novice.
If you're familiar with how ski slopes are rated, I am not a black diamond skier, but I can pretty much stay upright most of the time on the bunny slope.
So my goal here is to help you learn how to identify navigation problems in accessible fields and unlabeled elements.
Now, when I first tried out VoiceOver, I couldn't understand how real VoiceOver users got anything done because it was so inefficient to wait for the voice to speak everything out.
My real VoiceOver users and friends explained that they speed the voice way up. It's incredible how fast they can listen and understand VoiceOver.
But for those of us just learning, it might be helpful to look at the settings for VoiceOver to get a speed and voice you're comfortable with.
In Applications, Utilities, there's an app called VoiceOver Utility.
There's a ton of controls in here, but I'm going to focus on just a couple of them.
On the General tab, you'll see keys to use for the VoiceOver modifier.
Now, the modifier is the key combination you're going to be using to trigger moving around on the screen.
[12:16] By the way, blind folks I know refer to this key combination as the VO key.
So, for example, rather than continually saying Control Option Right Arrow, I'll say VO Right Arrow, because that's the way they talk.
The modifier can be set to Control Option like I just mentioned, or Caps Lock, or both at the same time. Now, I use Caps Lock as nature intended, so I choose Control Option as my voiceover modifier key. Next up in the Verbosity tab, you can change the default of how detailed voiceover is in its descriptions. Another way those who are accomplished voiceover users become efficient is to set the verbosity to low. But while learning, I suggest you set the verbosity to high because it's going to explain everything to you.
As much as I experiment with voiceover for evaluating the accessibility of apps, I still forget how to do things and I appreciate voiceover telling me things like, you are currently on a table. To enter this table, press CTRL, OPT, SHIFT, down arrow. I can imagine that level of explanation for a real voiceover user would be as annoying as heck. I mean, All they need to know is, I'm on a table. Okay, got it.
That's all they need. But I need that extra reminder.
Now the last thing to look at is the speech tab. Here you get to choose the voice and language for voiceover.
I'm not sure if it's the default, but Samantha in American English is very clear and understandable.
[13:38] Next to the voice dropdown, you'll see a number. This is the rate of speech.
That is how fast voiceover is going to speak to you.
You can set it anywhere from 1 to 100. I've got mine set at 45.
Experiment with the speeds and the voice until you hear something that's easy for you to understand.
Now, since this is a tutorial for sightlings, here's a little tip.
Whatever VoiceOver says to you will also be typed out on the screen as well in a little black box.
Sometimes I mute VoiceOver and I just read the text out because it helps me concentrate better on learning how well an app is working.
Now, it's interesting to poke around in the VoiceOver utility, but those are the essential things I wanted you to know.
Let's move on to actually using VoiceOver. Let's try to read the VoiceOver utility itself using VoiceOver.
All right, on any Mac, you can launch VoiceOver by holding down Command F5.
Since it's for the blind, you'll hear an explanation of what VoiceOver does and you get two buttons to choose from, Use VoiceOver and Turn Off VoiceOver.
At any time, you'll be able to turn VoiceOver off using that same keystroke, Command F5.
You can choose to not have this window shown in the future, but I keep it on as an indicator to me that I've remembered the right keystroke to launch VoiceOver. I sit there going, you know, Control F5, Shift F5, Shift 5, I can't remember, and finally I remember it's Command F5. I get the window, I know I'm in.
[15:00] Now, remembering how to turn VoiceOver off is crucial to you enjoying this experiment, because it can get pretty overwhelming to be hearing everything on screen being read out loud.
Since I'm not actually using VoiceOver to navigate my Mac, I toggle listening to it during my experiments by simply muting my Mac. So I can keep it going, but I can just mute and unmute so it's not bothering me. With the VoiceOver utility in focus, you should hear VoiceOver begin telling you where you are in the application.
Most of the app interfaces seem to be considered tables, or something like a table, and knowing how to navigate around in tables will give you an indication of whether the app is well design. You should hear, you are currently on a table. To enter this table, press Ctrl Option Shift Down Arrow, the verbose example I gave earlier.
You won't always hear the interface referred to as a table. Audio Hijack, for example, calls its table of available elements a group. Text Expander calls its main window web content.
Now, these probably mean different things, but navigating all of these things is identical to tables.
Now, actual web content is often navigated in the same way. For all of these, VoiceOver will tell you to use V-O, shift down arrow to interact.
[16:24] The VoiceOver utility will have the left column of tabs selected with a black border.
The selected tab in the left column will still be highlighted in blue.
In this case, we don't need to go down into this column. We want to move up and down in the column and then move over to the right column in order to interact with the controls.
So we'll use the normal up-down arrows until you hear the Speech tab being read out.
Now to navigate to the right side pane, you use the right arrow, but you have to add the modifier keys, so VO, right arrow. Focus will jump to the Voices tab.
[16:59] Now, VoiceOver will tell you the name of the tab, in this case it's Voices, but it'll also tell you you're currently on a selected tab, one of two. For obvious reasons, it's useful to know how many tabs there are. Using VO, right arrow will highlight the second tab, Pronunciation. But how How do you select the pronunciation tab?
In VoiceOver, you use the space bar with the VO modifier keys to select a button, a tab, or a menu item.
So we'll use VO space to switch to pronunciation.
Since we set verbosity to high, you don't have to remember VO space because if you give VoiceOver a minute, it'll remind you that's how to interact.
Let's left arrow back to the Voices tab and VO space to select it.
Let's say we want to change the voice from Samantha to another voice.
Use VO right arrow repeatedly and it'll go past pronunciation, mute speech, and then you'll hear customized language list table.
We know what to do with tables, VO shift down arrow to dive into the table.
[17:59] Interestingly, Apple have chosen not to read out the column labels, so VO skips ahead and says language default.
VO right arrow will read out your default language, which in my case is English.
Another VO right arrow will take us to the chosen voice, in my case, Samantha.
VO VoiceOver now tells you that you're on a pop-up button. Just like selecting the tab earlier, we can use VO Space to open a pop-up.
We'll still be on the original selected voice, but we can use VO and the up-down arrows to move up and down in the list of options.
If we get to an option with submenus, we can use VO Right Arrow to move into the submenu and continue our navigation. Once you land on an option you like, hit the spacebar to select it and pop back up into the table.
Let's use VO right arrow to move over to change the rate. You'll hear VoiceOver tell you the value for the rate, and it'll tell you that you're on a stepper, which is a common name for those little up-down arrows to change a value in small steps.
[18:55] This stepper is basically another table because it has two elements that are connected.
It's got a typed value and a set of up-down arrows.
Once on that rate stepper, we need to use VO shift down arrow to dive into the table.
This takes us to where we can type a number.
VO down arrow to get to the stepper first, and then we need to interact with this like another table. We'll dive down with the VO shift down arrow. Only then can we use VO with the up down arrows to change the value. Now if you're given the choice of typing a number I'd certainly pick that, but it's good to know how to test steppers to see if they work with voiceover. We're now down a lot of layers deep into these so-called tables.
We use VO shift arrow to get out of the stepper, up again to get out of the pair of stepper controls and a final time to get out of the customized language list table.
This sounds difficult, but it's really not that bad once you get to this idea of diving down and popping back up out of tables.
If we use VOW right arrow a couple more times, we'll hear the add or remove language buttons and finally the help button.
If we hit VOW right arrow again, we'll hear a little bonk sound telling us we've reached the end.
Recognizing this bonk sound is crucial to understanding if you've reached the limits of an app or a table within an app. To get back to the left column to maybe explore another set of options in the VoiceOver utility, we have to VO left arrow repeatedly until we hear VoiceOver tell us we're back in the table with speech selected.
[20:22] Before we move on, I want to add just another disclaimer to what I just taught you. Sometimes when I say to use VO right arrow or left arrow, you can actually use just the right or left arrow. And sometimes using VO with the arrow keys doesn't work at all. I just sort of to flail about trying both until it does what I want.
Now, I suspect that's not how people are good with voiceover do it, and that there's an actual pattern to recognize here, but I haven't yet found it.
Now armed with just this very basic understanding I've given you of how to navigate an app with voiceover, let's do a test run on an app to see if it's accessible. I wanted to come up with a third-party app that most people would have or at least is useful and free for you to test along with me. I chose an app I love and I've been using for ages, MacTracker from MacTracker.ca.
This app will let you look up any Mac, iPhone, iPad, or any other device Apple have ever sold.
You can check to see things like what is the maximum RAM it can take, what's the resolution of the screen, when did it go out of support. It's a really terrific resource for Apple folks.
It runs on Mac and iOS and it's donationware. You can download it for free, but every year or two, I send the developer $20 because I use it all the time.
[21:35] Now the design of MacTracker is a left column with little chevrons to open categories, things like say desktops versus notebooks. Within a category, you'll see the family of products such as Mac Mini. When selected, the right pane shows you all of the models of Mac Mini with their dates of creation, and below each one it shows the month and year they were created and discontinued. When you find a model of Mac Mini you want to learn about, a double-click will open it in a new window. This window has a series of tabs across the top for general, software, memory and graphics, and more. The top of the window is a picture of the device you've selected.
So with VoiceOver turned on, the first thing we hear it telling us is that we're in MacTracker and we're in a toolbar. We get the familiar-by-now suggestion to use VOShift-down-arrow to interact with the toolbar. Fair enough. Let's dive into the toolbar. We hear it say, 4 items, add remove, group. Well, it looks like we can dive down another level. Visually, I can see that this group is a plus and minus button to add or remove items. There's only two things to choose from, though. I'm not quite sure why it says four. When I move to the plus button, it keeps saying add slash remove. When I go to the minus button, it says spacer dimmed button.
Now unlabeled buttons are at the top of the list of the most annoying things for voiceover users.
[22:53] Incorrectly labeled buttons, I don't know, I don't know if that's worse or better than no label at all because it's not a spacer dimmed button, it's a minus button. Anyway, we'll shift V-O up arrow to get out of that group and then V-O right arrow to move to the second set of buttons.
We learn that there are two radio buttons, Categories and My Models.
I can select My Models and it's suggesting I use the plus button above to add models I've owned. Okay.
I can navigate back to the plus button in the toolbar and then V-O space to press the button.
This launches a window to add a model and information about it, which for the most part is accessible to VoiceOver.
The window contains date fields, which don't allow data entry with voiceover though.
So I give MacTracker kind of a B minus for this menu.
[23:41] If I close this window and continue navigating the toolbar, one more VO right arrow and I'm in the search field, but it only tells me it's a text field. It's a minor problem, I suppose, but they could have just told me it's a search field. I get a bonk if I try to go any more to the right, so I know I've reached the end of the toolbar. I'll pop back up out of the toolbar with, Shift VO up arrow. Now VO right arrow takes us to the heading for whatever happened to be selected in the left sidebar. In my case, I heard it say Mac Mini. All right, now let's try another VO right arrow. This should take us over to the to the right column where we can see all the list of different kinds of Mac Minis, but instead it reads out the number of models in the list.
That happens to be 18 for the Mac Mini and it's at the bottom. It's below the list of all the Mac Minis. I hit one more VO right arrow and you'll hear the bonk, meaning we're at the end of the road. But wait a minute, what about that column of Mac Mini models listed right there? Nope.
If you don't have functioning eyeballs, you do not get to know what those 18 models are.
[24:46] You also can't access the entire left column to change models or categories. There's literally nothing else available in MacTracker for the blind. I'm afraid that my beloved MacTracker for the Mac is a 100% fail for accessibility. Now, the good news is the developer does have that iOS version I mentioned for Mac Tracker and it's about 99% accessible in my testing.
The only thing I could find with VoiceOver on iOS is that the little image of the device selected, is unlabeled. It just says button when you slide your finger over it. Now that's not a crucial part of using the tool, but realize the VoiceOver user can't know that it's a non-critical part of the tool. Now to be fair, while it is a button, if you press it nothing happens, so I think it's it's just entirely mislabeled.
Now my understanding is that Apple has created those really good APIs for iOS development and they automatically make things accessible without much work and that's why MacTracker on iOS is so much more accessible than it is on the Mac.
I very rarely find an app in iOS that isn't at least like functional in some way, And that's why I'm not teaching you how to test in iOS.
[25:57] There's one more step in my process for testing apps. I write a politely worded email to the developer explaining my findings and suggesting that they could increase the reach of their app if they fix the navigation problems for screen reader users.
Not every developer reacts well to my emails. Some of them say.
[26:15] Yeah, we'll add it to our list of things to work on, and they just really don't send back the vibe that this is a high-priority task. Some of them ignore me entirely. A very select few have even said, this app isn't for the blind. They get a not-so-politely worded email from me in return. However, you'd be surprised how often I get emails back saying things like, oh my gosh, I never thought to test for that, thank you, I'll look into improving this. Some have even asked me whether I know people who could help test the app after they fix it, and I send them a list.
Here's my favorite recent example of a response I got from a developer to one of my politely worded emails.
Ian Sampson develops an amazing tool called Hush, which is an app to remove background noise in audio files.
Terry Austin actually reviewed it for us here.
In order to add a file for Hush to process, though, you had to drag and drop the file onto the Hush window.
That's not something that can be done easily or reliably if you're using a screen reader.
I wrote to Ian about it on April 15th.
He responded back immediately that he'd work on a better solution.
On May 9th, he apologized for how long it took to fix it, but announced to me that the new version was released with alternate methods.
It had been only three and a half weeks, and he was apologizing for how long it took.
[27:37] Anyway, after writing up this article that you've just heard, I shot off an email to Ian of MacTracker—not the same Ian—and hopefully he has a positive reaction to my my suggestions for improvement.
I did a screencast online video about MacTracker eight years ago.
Maybe he remembers me and he'll be open-minded.
I hope that you enjoyed what you learned about testing the Mac apps for voiceover accessibility.
I enjoyed doing it and I hope I didn't muck up the instructions too much.
I suspect my blind friends will gently correct me if I did.
If you'd like to test the gold standard for accessibility with voiceover, test any of the apps developed by Rogue Amoeba, such as Audio Hijack, Loopback, and SoundSource.
They built these apps from the ground up with accessibility in mind.
Audio Hijack is especially amazing because it's a very visual tool with little blocks you move around on a canvas and connect lines between them to represent the audio flow and yet it's fully accessible to voiceover. Whenever I hear whining by developers about how either it's too hard or no blind person would want to do it, I point them at Rogue Amoeba. If you'd like to learn more about using voiceover on the Mac, I included a link to Apple's support article over at Apple support. It's called VoiceOver User Guide for Mac.
Support the Show
[28:51] We have two heroes of the podcast this week. Max and Adam just became our newest patrons.
These two lovely people, who clearly have awesome taste in podcasts, went over to podfee.com slash Patreon and they chose a dollar amount that showed the value they get out of the shows.
You know, we do a lot of work here each week and I really appreciate the support. It means so much to me that people are willing to support the show in this way. Max and Adam, you absolutely positively rock.
Security Bits — 9 July 2023
[29:20] Music.
[29:28] Well it's that time of the week again. It's time for Security Bits with Bart Bouchats.
How are you doing today, Bart?
I am doing good. I am pleased at having successfully dodged the thunderstorms this afternoon.
If anyone follows me on Mastodon, they'll know I did not succeed in the morning on my my walk because I can't out walk a thunderstorm, but I can out cycle them, I have proven this afternoon.
I'll have to go back and check Mastodon to see what happened to you.
Well, let's just say it was so heavy that the rain was, you know, the way when rain bounces, it gets little crowns.
Yeah, those crowns were three inches tall.
They were taller, they came above my ankle, the crowns came above my ankle.
I had Gore-Tex shoes on and I got soaked because it ran down my leg into the top of the shoe.
Like, nothing can stop that.
Oh my God. No amount of hiking shoe can stop that.
That was amazing. It's like, OK, weather, you do you. Never let you win.
Yeah. Whereas this afternoon I was on the bike. So thanks to the magic of modern weather apps, I could just dodge them.
I'm just like.
Plan the route and dodge them. It was great. And I was watching the thunderstorms. You should be five kilometres to my right. There you are. Five kilometres to my right. It's perfect.
So yeah. Anyway, good days. Good days.
[30:45] Security, eh? Let us start with a few follow-ups of stuff we've talked about before. I think it was the last time we recorded we or maybe two might be two ago. Either way, we talked about Apple's check-in feature coming in iOS 17, which is like a smarter, temporary version of location sharing that respects your privacy and solves the problem of, I'm leaving this party and I'd like you to know I get home safe.
I'd like to do so with the least effort for you, for me, and the least privacy invasion.
And we now know more because the betas are out.
And so once the betas are out, people get to test it. So there's a lovely article from the Mac Observer where they show you all the different screenshots.
And the feature is at least as clever as I thought it was, and slightly cleverer, because there's actually different granularities of sharing.
So if you're doing it with close family, you can let them track you in real time.
And if it's someone you don't trust as much, they'll only get your location when Apple thinks something's amiss.
Oh, okay. Okay. Like you stopped moving and you aren't home yet.
You aren't making progress, I believe is the phrasing they use.
You're failing to make expected progress.
Or your, I think the other thing was your phone stops reporting to the internet.
Like, if your battery died, that would trigger that alert, I think.
[32:07] Yes, and in fact, one of the things that is included, regardless of how you share, is things like the last time we saw you on the cellular network, where were you, what was your battery level?
Those kind of things, so that you can make sense of, oh, okay, their battery was running low, okay, I'm not as panicked as I thought.
Basically, the screenshots are nice, and it gives you a good idea, actually, of how this isn't something we sort of half thought through.
This is very clever and it's nice to see.
[32:32] Something else we've talked about a lot, and I promise you 2024 will be lots of discussion of the DMA, the Digital Markets Act, which is one of the terrible twosome or the digital duo of European Union's big new laws, you have the DMA and the DSA, the Digital Services and Digital Markets Act.
Right.
So this is the Digital Markets Act, so it's for people, for companies who run app stores and things like that. In other words, this one is Amazon is on the firing line here, as well as our friends like Apple and Microsoft and so forth. So under the law, some companies are under extra scrutiny because they're really, really big, and they're called gatekeepers under the law, and they have to go above and beyond because they have this position of power.
And we were pretty sure we knew who would fall under that category.
But companies are supposed to self-report.
And we now know that the following six companies have said that, yep, we are under this umbrella.
Apple, Alphabet, i.e. Google, Amazon, Meta, i.e. Facebook, Microsoft and ByteDance, i.e. TikTok.
So these are the ones, these are the companies that have to do things like offer interoperability?
[33:50] Yes. And they're not allowed, like if they do a merger, they come under extra scrutiny because they're in a position of power.
Therefore, the dangers of abuse of that power are greater.
And they're not allowed to self-preference. I don't remember.
I didn't think we hated the Digital Markets Act.
I don't. Oh, OK. You said the darker. The way you said that duo was that they were doomsday scenarios.
Oh, did the industry hate him?
Oh, OK, not us. OK, I thought we kind of like this.
No, I especially the DMA, the DSA is a little grayer, but I'm not against it, actually, but there are more people with more criticisms of the DSA.
But we might be against this next one.
We might be. So we have known for some time, because we've talked about it a few times, Meta slash Facebook recently joined the chorus. Head of the pack in terms of complaining were people like the EFF and Signal, people who run the Signal app. Basically, the UK are in the final stages of putting together a very large bill called the Online Safety Bill, not the Online Safely Bill. That's an interesting typo. It didn't go, it didn't get an underline because safely is a word, just not the right one.
And one of the things this bill does is very, very, very, very, very misguided.
It is the classic old, well, put in the back door, but only for the good guys.
[35:18] So effectively banning. Is this to becoming law?
It's the final stages of going it's in committee stage, I believe.
So it's in it's on its way to the Parliament floor soon. Is anyone in the UK government understand how math works or no?
Clearly not the minister, who is continuing to doggedly push this bill as it is.
Whether or not enough members of parliament understand these things, I do not know.
And in the UK, the government isn't quite stable at the moment.
I don't know how much of that makes its way across the pond, but they've had a few prime ministers in the last 12 months.
We do see that. The last one didn't last as long as A Head of Lettuce, as I recall.
That was it, yeah. Theresa May and A Head of Lettuce. That was quite funny.
In a Schadenfreude sort of way. That was hilarious. Yeah.
So, as I recall, didn't Signal say that they're just going to go, yep, we're out?
[36:13] Signal were very strong they're basically said we're not doing that we're starting off none of the government people that work say i don't know national security will be able to have encrypted communications.
[36:26] If memory serves there are even security agencies against this bill.
I'm trying to remember exactly who criticised it. Yeah, it's at the very least, it's retired former heads of security agencies.
I'm not sure if they're retired and therefore speaking freely or if they're current, therefore under the thumb of the government.
I don't remember exactly, but I know they're like people who know what they're talking about.
Yeah.
Anyway, it is not a fact. There is still time to shout loudly and Apple have joined the shouty chorus.
Okay, good. And that brings us on to two deep dives.
Neither of them are that deep, but there's very little news.
So I figured we should- But medium dive doesn't have the ring to it.
It doesn't. So the internet got very, very, very cranky because Firefox did something that I think is very, very sensible.
And I tried to put it as a one sentence in the show notes under main stories, and I was like, no, let's give myself the breathing room here.
So Firefox do this thing called ESR, which is Extended Service Release I think, or Security Release.
Basically, it's equivalent to the long-term support you see on versions of Linux and stuff.
And so this is a version of Firefox that they promise to keep security patched in the long term, but on which they will make no more functionality improvements.
[37:55] So Firefox 115 ESR is going to keep being kept secure, but whatever shiny comes in Firefox 116 is never coming to 115 ESR, and so on and so forth.
Okay, by the way, it is extended support release. I just double-checked it.
Support, yeah, okay, that makes sense.
And this is the kind of stuff that if you're running, like, if you're making some sort of device with an embedded browser, like a kiosk, a kiosk, you should always use the ESR because you can't update those easily, those kiosks. So you use the ESR version and that makes it safe.
And a lot of Linux distros designed for old devices will use the ESR because it's got a future. Right.
But it's getting no new shiny.
And what Mozilla are doing is they have said that everyone who is currently on Firefox one, one, four on Windows seven, Windows eight, Mac OS 10.12 Sierra, 10.13 High Sierra and 10.14. Oh, sugar, you told me how to pronounce this.
Mojave? No, Mojave's right.
Yes. Right. So these are all being auto migrated. So you're on 10.14, you're getting all the new shinies and without you doing anything, you're now going to 10 to 1.15 ESR.
OK.
You are now paused in terms of features. You get one more shiny, which is this one's shiny.
And from now on you're getting no more shiny from Mozilla.
But you are still getting security updates.
[39:23] And the internet lost its ever-loving mind because these people on these older operating systems are not getting any more new shiny. And I'm like, hang on a second, that's really generous.
[39:39] Because Microsoft stopped supporting Windows 7 and Windows 8 this January. So the fact that Mozilla are promising security updates is actually them going above and beyond the call of duty.
So they're providing the security updates to operating systems that the vendor themselves don't even support anymore.
Exactly. Okay. That's going above and beyond. Why are people cranky at Mozilla for going above and beyond is what I'm saying, but the, Internet does that. And in Mac land, Apple don't support Catalina anymore.
It's still on the old numbering system. It's 10.5 Catalina, it's not even 11.
So Catalina users also keep getting security updates. So do High Sierra.
Like Sierra, for goodness sake.
That's ancient. And they're still getting security updates from Mozilla.
Apple abandoned those ages ago.
I just sold a computer to a woman who was trying to get, she wanted a backup to her current computer, and her current computer was running Sierra.
And I said, I'm not downgrading this to Sierra for you. You just stop that.
That thing off the internet and that old, that other one becomes the backup in an absolute emergency, but you got to use this new one." And she tried it out and she went, oh, this is great. I like this. It's like, phew.
[40:58] Yeah. So anyway, if you hear people complaining that Mozilla are being evil, no.
They're just not giving them shiny on operating systems that have been deprecated by the vendors.
But they are supporting them for security. Good on them. Okay.
For security. So I see this as good news. You know, the internet need to complain.
Right. Well, now the next one sounds like a crazy situation and we should be outraged about it. When I mentioned it to you, you said, well, hang on a minute. So what are we talking about?
Nuanced, right? This one is nuanced. This is not a, Oh, this is, this is definitely great, right? This is not definitely great, but this is being reported as the sky is falling.
George Orwell has become real.
In fact, I have learned a new law. If you want to know the value of a security story, the more shouty the mention of George Orwell, the less value the piece has.
Hmm. OK, like, right. The more people compare people to Hitler, the wronger they probably are.
So you'll have seen a lot of reporting that France has become George Orwell's 1984.
And that's not fair or useful. They are doing stuff that I don't like.
[42:11] But there's nuance here. So what was the announcement? What was the big headline?
Yeah, so let's pull back. So like the British are in the process of making a big bill to help cybersecurity and they're making a terrible mistake where they're going to accidentally as one of the things the bill does outlaw encryption. The French are also working on a big bill and most of it is quite sensible and isn't getting people, you know, cranky, But one piece of it has gotten a lot of attention.
And what they are doing is they are giving law enforcement the right to go to court to, get approval to effectively deploy malware against suspects.
So they're getting the right to enable the GPS tracker and or microphone and or camera on a connected device, and that explicitly includes laptops, computers, phones, tablets, cars, basically a thingy that has a GPS, a camera, or a mic, and the internet, is really what it boils down to. And so there's a legal structure here where the police get the right, to somehow turn these things on.
Now, the law doesn't mandate that this is possible.
[43:31] It says that law enforcement have the right to, which means that law enforcement can't social engineer people.
[43:37] Law enforcement could use some sort of hacking, or they could buy Pegasus or similar software from the NSO group to do this for them.
Can I stop you for a second? They have the right to ask to be allowed to do it, not just do it. Yes.
So, like in United States terminology, they could request a subpoena to be allowed to do this, or not a subpoena. I believe the analogy is a warrant.
A warrant. It's a warrant. Yeah.
Yeah. So, like a warrant to search, they need to be able to do this in order to search, but it's a narrow, not a dragnet sort of a thing. They can't just go, I'm going to turn on all of the cameras in downtown London, or actually it's France, downtown Paris. Yeah.
And so that is true of all of these provisions, but there's actually two layers to this.
So to just get the location data, but not the video, not basically the camera or the microphone, the bar is lower.
The bar is the crime in question must have a minimum sentence of five years in prison to be even eligible to be asked for.
Oh, it's just got to be a serious crime.
OK. Yeah.
And at that point in time, they have to get approval from a judge and then they can go ahead and do it.
And that will probably be easy enough to get like you can get a wiretap warrant or whatever.
I don't think there's going to be a massive bar on that. But again, it has to be five years worth of jeopardy.
[45:05] The turn on the microphone is under stricter control and the camera.
So those two, because they're so scary, they're under a stricter control.
So as part of the, and this is why it's good to have a bit of controversy.
So as part of the controversy, the bill has been amended to beef up the wording, to strengthen the wording, to make it clearer.
So the government said, well, this is only for serious crimes.
And people went, well, then why doesn't the law say that?
And the government went, ah, I know how to fix that. So they've added wording that says, when justified by the nature and seriousness of the crime, and for strictly proportional duration.
[45:43] So not a dragnet. And oh, not indefinite. And not indefinite.
And no matter how proportional, never longer than six months.
So this is after the fact, though.
Let's say there was a murder, and now I'm looking at the GPS of the car of the suspect suspect that may not have the suspect in it, but I look at the GPS of it and I'm watching it drive around. What's that got to do with the murder that happened three months ago?
Okay, but that's solving a murder is probably not where this comes in useful.
Okay, this is the problem in South of the police.
But imagine that you are you have a terrorist cell, you believe that there's a terrorist attack being planned. This is obviously serious.
You will then go to a judge and say, here's our evidence. I think they're planning an attack in Paris next week.
And the judge goes, okay, yes, you have permission to enable their mic, enable their video and enable the GPS.
Okay. So it's stopping a crime from happening. It's not after the fact.
[46:42] Or it might be a case that we believe that these are the people who've been responsible for the last 20 years worth of some sort of a scam. People have successfully defrauded 400,000 French people out of a billion francs, euros.
Yeah, they're probably driving around to do that one. What about a drug ring where they think somebody's a drug mule driving back and forth or something like that? Maybe that kind of thing.
Yeah. Yeah. So there has to be a crime involved with at least five years, and that's for the GPS.
And then for the mic, it has to be a really serious crime.
And the other thing is they have explicitly exempted certain people from being eligible at all.
This law can never be used against doctors, journalists, lawyers, judges, or members of parliament.
[47:27] So a lot of our crime and now I'm not going to go to. But so, yeah, I know who everyone is worried about the NSO group being used against, right, particularly journalists.
Right. You have concerns about people's health data. So doctors are right.
You have concerns about unfair influence on the justice system. So judges are right.
And you have concerns about spying on opposition politicians, which is certainly how Pegasus has been abused in countries that are not really democracies so members of parliament are explicitly out. So the worst abuses of the NSO group's Pegasus software that we know about from all that reporting they're explicitly exempted from this law.
[48:10] So in the abstract I don't like the idea that the government have the right to go and hack people. That doesn't feel good I don't like that. But the fact that the law does not mandate tech companies to do this for the government is a very very silver lining here. Very, very, very silver lining here. But I'm going to throw one.
What's the opposite of a silver lining? Dark cloud. Tarnish. A bit of tarnish in the cloud.
This does set up a perverse incentive, which is we've seen in action before. So do you remember this thing just about 15 years ago, there was a leak of a whole bunch of hacking tools that belonged to the CIA that were all leaked onto the internet. And they ended up with a whole bunch of people being compromised with zero days because the NSA felt that they shouldn't tell Microsoft or Apple about these zero days because they were using them to spy on people.
Right. Well, the incentive here is that if law enforcement find vulnerabilities to make it possible to make use of the permission they have to hack people, why would they tell Microsoft about a vulnerability they're using to hack people?
[49:17] I think one of the things you said to me when I first asked you about this was this is out in the open with a light shined on it with structure and visibility that they were probably kind of doing anyway. Right.
So that gets to my last point. So everything I've said so far is uncontroversial, fact-based, and not my opinion.
It's just, this is the thing.
I'm now switching a little bit towards opinion, and I'm not going to tell you what to think, but I'm going to suggest a way to think about this and then come to your own conclusion.
[49:49] So the first thing I would say is we know for a fact there are lots of governments doing this already, right? I don't know the detail in every country and it is kind of down to resourcing because if you're a small country like Ireland I don't think you can afford to be doing a lot of this stuff. Whether you want to or not doesn't really matter. Our minister for justice can want all he wants but he can't do any of this because he doesn't have the money. But large nations most certainly can. We know they can because the NSA's tools have been leaked. So we know they were doing this because we got their hacking to them. We also know that it's perfectly legal in the United States to get what's called a national security order, where law enforcement can go to a judge in secret to have a secret hearing where they get an order to a company that the company is legally forbidden to say they've received and that they have to follow. So we, literally do not know what happens under those national security letters because it's illegal for us to know. So I do not know what's going on in the States and neither does anyone else, who doesn't have a really high clearance. So there might be people who know, but they can't tell us.
[50:52] But we do also know, because we've had a couple of hacks of people like the NSO Group, there was an Italian company. We know the list of customers of these kinds of hacking tools, and they include major democracy. And we know that companies like the NSO Group turn a tidy profit.
So clearly this is happening.
But then the question's a bit different. Do I feel less? Do I feel happier that it's happening in secret and that I don't know about it?
And I can go la la la la la la la and pretend it's not happening?
[51:21] Or do I feel better if the process is open, transparent and that there are clear guardrails like cannot be used to target journalists, lawyers, judges? Yeah, that last part really makes me feel, better and it coming from the United States doctors.
Yeah, this is important. So, yeah, my first gut reaction was it, it, it, it, it.
Then I went, OK, they're not mandating tech companies break their own technology.
OK, that's a thing.
And then I was like, but this is happening anyway, so maybe some guardrails is a good thing, so I've come around, taken me a while, but I've come around to seeing this as well, actually, I think this is the less what's the joke?
The thing Winston Churchill said, Democracy is the worst form of government, apart from all the others.
This is the worst way to do surveillance, apart from everything else I can think of.
[52:14] I'm not happy about it. I'm not happy about it, but it's probably for the best.
So anyway, there we are. That was quite deep, actually. That one deserves this title of a deep dive.
I struggled to find notable news. I found two items. They're not particularly happy. Well, one of them is.
So first off, a US federal district judge has issued what is widely described as a controversial ruling that places an injunction on the federal government from talking about moderation to social media companies. It's not just that they can't ask for a specific thing to be taken down, and they can't raise the topic.
[52:54] Now, a federal district judge is nowhere near the top of the pile, so the chances to me seem very, very high that a judge closer to the top of the pile is going to be asked for a second opinion on this.
So I imagine this is going to a circuit court, and then depending on what happens at the circuit court, this is probably going to the one above that, which is the Supreme Court.
So stay tuned, is what I would say on that one.
There was a good coverage of this on the Sisters-in-Law podcast, and it was an interesting swap of free speech of the First Amendment for free speech rights that they don't want the government leaning on the social media companies, which the government says they're not, who knows?
But then what they've done is eliminated some free speech from the people who work for the government.
So it's sort of like, you can't have both, maybe. So yeah, that one, I'm not gonna lose a lot of sleep on this one.
[53:51] No, as long as it's a district court ruling, it's basically, oh look, some lawyers are going to have some fun in front of a circuit court judge. And then probably the Supreme Court get to have a go, probably.
And then in the world of, well, every silver cloud, or every cloud has a silver lining.
So we had a wee bit of a coup in Russia a few weeks ago.
And the Russians insist it wasn't a coup.
Is it a coup if it doesn't succeed? I believe it's called a coup attempt, which I think is what I say in the show notes.
So Prygorin and his Wagner group had a wee charge towards Moscow and then didn't quite go all the way.
And he's not very popular at the moment in Russia. And as a side effect, he was doing a lot of things, including running the most, effective troll farm in the misinformation, disinformation war.
Oh, I saw this. Yeah, disinformation.
Had the information group notorious.
[54:51] They were Purgosians crowd and so they have now shut down as part of all of this fallout.
I'm sure someone will replace them, but for now, yay.
Yeah, yeah, that's nice.
The more chaos there is over there, the better. As long as there's not enough chaos to cause them to drop a nuke on someone.
Chaos good.
Anyway, on that happy note, palette cleansing.
Good.
This is a half palette cleanser. It's in the show notes section called Just Because It's Cool.
[55:18] You and I, I think, often joke offline that I am particularly fond of emoji and I really do consider them a language.
And I think a lot of people lost their ever-loving mind when the Oxford English Dictionary started putting definitions of emoji into the dictionary as if they were words.
And I was like, well, of course they are, because that's how people use them.
These have become a language.
I now have a second piece of evidence to bolster my argument that they are language.
In Canada, a court has ruled that a thumbs-up emoji is a cent.
It is basically, yes, I agree with this.
[55:52] So... It's a nice one. So, on the Daily Tech News show, they went into this in depth, and I think this one was important because the person who gave the thumbs-up emoji in agreeing to a contract had previously answered the same kind of request for the same kind of contract with things like yup.
So, you know, if Yap is agreeing to a contract, why would Thumbs Up not be?
That seems like it's fairly covers them, I would think.
From my point of view, right, putting my direct personal hat on, I can tell you now that in my when I have my work hat on and I need to get permission to do something because there's something urgent happening, I work in cybersecurity.
Is it okay if I block dot dot dot?
If my manager gives me a thumbs up, I consider that to be a yes bar to go ahead and protect us.
I'm pretty darn, and I want to be pretty darn sure that if I get shouted at by someone who's Above my boss's head.
I won't be the one to get shouted at because I will have obeyed the thumbs up.
And I'm pretty sure that that will be seen as, yes, Bart was OK.
Who posted a thumbs up? You. Why did you give a thumbs up? I think maybe you should bookmark this story just in case.
I may have done so.
[57:10] It's a legal contract. Look, it says so. Exactly. So I do have a true palate cleanser ish. Well, I know this is a palate cleanser.
I really enjoyed this episode.
So Malicious Life is a podcast I really like because they tend to go back in history and sort of when all the dust has settled and there's no unknowns anymore and there's no hand-waving.
[57:31] They tell us the story of something important to do with computer security.
And one of their episodes that I recently listened to and thoroughly enjoyed was the full detail of Sony's Rootkit fiasco. This is at the very early days of the music industry.
I remember this one. We certainly had a lot of trouble for sticking malware on audio CDs, back when music came on CDs.
And we had a place in our computer to put the CD, because I'm looking at my Mac here going I couldn't stick a CD into this thing. There is no slot.
Anyway, it's a fascinating story now that we know all the detail, and Ran Levy is the host and he's just a good storyteller.
That does sound like a fun story, because that was huge when that happened.
I remember people just losing their minds, rightfully so. Rightly so. Yeah.
Yeah, it was really good. And as I say, he's Israeli.
So it's always fun to hear a story in a foreign accent.
Yeah, it just makes it better. So he's a good storyteller anyway.
But the Israeli accent really helps. I just get so sucked into the malicious life.
The perfect road trip.
Like if you have like a one hour drive somewhere, hop on a malicious life and enjoy the heck out of it.
[58:44] Sounds good. Well, this was it. This was a real up-and-down episode some ick some non-ick some stop thinking And I'll see you in the next video.
[58:51] This is it. This is actually okay. I, Was very balanced part. I appreciate your perspective on this, especially on the the French story about the ability to turn on cameras and stuff Because I was right there at 11 in alarmist when I read it and you said well, hang on think about it this way And, you know, here's some more facts behind it so that I really appreciate the in-depth coverage on that.
Yeah, and no one should feel bad about jumping straight to 11 because I did too.
It's just, I think, I just, we need to train ourselves that if we jump to 11, we need to ask ourselves, well, hang on a second, are we being a bit hasty?
Which is hard. It's so much fun to be at 11. Well, we've exercised that muscle, man.
We're good at that. Fair, very fair.
A very simple message to end the show, as always, remember folks, if you want to stay safe, stay patched, so you stay secure.
[59:46] Well that is going to wind us up for this week. Did you know you can email me those reviews and recordings that you're going to do for me at alison at podfeet.com? You can do this any time you like. If you have a question or a suggestion, you can also send those on over as well. You can follow me on mastodon at podfeet at chaos.social. And remember, Everything good starts with podfee.com.
If you want to join the fun of the conversation, you can join our Slack community at podfee.com slash slack, where you can talk to me and all of the other lovely Nocilla castaways.
You can support the show at podfee.com slash Patreon, like Max and Adam, or with a one-time donation at podfee.com slash PayPal.
And if you want to join in the fun of the live show, head on over to podfee.com slash Live on Sunday nights at 5 p.m. Pacific time and join the friendly.
[1:00:30] Music.