NC_2023_09_17
[0:00] Music.
[0:07] With an ever so slight Apple bias. Today is Sunday, September 17th, 2023, and this is show number 958.
Well, I'm pretty proud of being at 958, but I would like to give a shout out to the wonderful people over at the Mac Geek Lab.
Dave Hamilton and John F. Brown over the many years, and now Pilot Pete, because they're publishing tonight, or maybe it's tomorrow morning, their 1000th episode of the Mac Geek Lab.
And I know what the work is involved in trying to do what they do, and it's a pretty amazing accomplishment. I'm very proud of them.
I'm a little jealous I didn't get to 1,000 first, but many congrats go out to the staff of the MacGeekGab.
Well, Steve and I had a delightful time meeting our new grandson, Teddy, this week, and playing with his sister, Kennedy, and brother, Parker.
We're back in town, but just for a few days before we jet off again with Lindsey to my nephew's wedding up in the Finger Lakes of New York.
Now, you care about that because this trip won't get us back until Monday night.
That means there will definitely not be a live show on Sunday, the 24th of September.
I haven't figured out yet when I'm gonna publish the show.
Might be way early this coming Wednesday, or it might be way late the following Tuesday, or if I can get Joe from the Northwoods to teach me how to publish it automatically while I'm gone, it's possible it might come out right on time.
But enough of that future stuff, Let's get into this week's show.
I’m Finally Sold on Yoink Because of Stage Manager
[1:28] Way back in 2017, in an episode of Chitchat Across the Pond where Bart walked us through some interesting apps he uses, he explained how valuable the app Yoink from Eternal Storm Software is to him. The elevator speech for Yoink is it's like a little shelf where you can drag things in on your Mac, switch apps, and then drag these items into the new app.
It's a clipboard manager with a different flair. I'm a sucker for a fun and interesting app, so I gave it a try back in 2017, but it didn't really seem to solve any kind of problem for me.
Four years later, I discovered that Yoink was available for iPad, and I did a review-slash-tutorial for you about it.
Reading back through my article, though, it seems that trying to use any kind of clipboard manager on an iPad is where the phrase, faffing about, was invented.
Good gracious, it took me a long time in that article to even explain how to set up Yoink and one app into Slideover, Split Screen, and then even longer to describe how to drag things in and.
[2:25] Out. Yoink never made it into my workflow, but not because of anything wrong with Yoink.
It's because iOS and iPadOS make it really hard to use a clipboard manager.
When I looked back on comments Bart made about using Yoink, I realized why it worked for him all along and it didn't seem to solve a problem for me. You might remember that Bart is an avid Spaces user, and I am not. In 2021, I wrote an article about why I don't use Spaces, which prompted Bart to immediately respond with an article evangelizing Spaces. The fun thing is that both of our points of view are valid, and that shows how we just think differently.
[3:00] Now, why am I bringing up Yoink again, and what the heck does Spaces have to do with it?
Well, in Spaces, you only see a few apps at a time, or maybe even one, and you switch Spaces to change to different contexts.
If you need to move something from an app in one space to an app in a different space, having a little shelf on the side of the screen into which you can drag the item while switching occurs is super handy. Since I didn't use spaces, my apps were always visible in my one screen, diminishing the value of Yoink. But with the advent of Stage Manager, I now only have a few apps open in my line of vision at a time, and switching apps moves all of them out of the way.
It's sort of like Spaces, except my entire screen isn't sliding back and forth, and, I can see which pile contains the app I want to use.
While I love Stage Manager, there are certain operations that become very clumsy as a result.
[3:51] Before I get into the clumsy operations, I do want to explain that I remain an avid user of the Clipboard Manager CopyM.
I copy several things to my clipboard from one app, I then flip to the app where I need that info, and I paste one after another from the CopyM window.
But sometimes, you really just want to drag and drop something.
Copy and paste isn't really an option.
For example, my three-year-old granddaughter Sienna recently took an outstanding, artsy-fartsy picture of her brother Forbes.
I wanted to send it to her other grandmother, Terry.
[4:22] Now if I had photos and messages up on screen at the time, I could drag directly from photos to messages. But with Stage Manager, messages and photos weren't both visible. I have to switch to the stack with messages, make sure messages is in the forefront, then switch back to the stack with photos, and then only then drag messages onto the screen with photos, and finally I could drag and drop from one to the other. But with Yoink, I don't have to do all that flipping back and forth. I was able to drag Sienna's amazing photo out of Apple Photos towards the right side of my screen, and the Yoink shelf magically appeared on the right side of the screen inviting me to drop the photo onto the shelf. I Command Tab to Messages, and then drag the photo from the Yoink shelf into a message to Terry and I hit Send. I know I could have used the Share Sheet, but I still find that clumsy as well. It annoys me.
In another photo-related example, Steve took a live photo of the gondolas going to the summit of Mammoth Mountain at 11,053 feet. He was kind of just goofing around with the built-in effects and photos on iOS, where you can change the live photo to bounce, loop, or long exposure. He selected loop for his gondola photo, and it made a really spooky effect where the gondolas actually look like they're disappearing. They just kind of fade out. I wanted to post the image on Mastodon, giving him credit, of course.
Using my Mac, I drag the little animation into the Yoink shelf, and macOS automatically made it into an animated GIF.
[5:49] I command-tab to Mona, my preferred Mastodon client, and I drag the GIF in and send it along to the entertainment of my followers.
[5:57] Now, I was careful just now to say that it was macOS doing the GIF conversion, because you can create them from loop or bounce photos without Yoink, but you have to drag them to the Finder first, and then remember to delete them after you upload them wherever you want to put them.
Yoink eliminates that extra step.
[6:13] Now the reason Yoink is so powerful with Stage Manager is that it often eliminates the need to move one application or say the finder from a pile and into the current apps view in order to easily transfer items.
Yoink removes the one friction point I had with Stage Manager.
I have to admit that the primary thing I use Yoink for is image movement, but you can move files with Yoink, add in web pages and more.
[6:38] Before we dig a little deeper into Yoink, I want to point out that it did not pass my accessibility test with VoiceOver.
One of the things VoiceOver doesn't do well is help those with visual problems drag and drop.
For that reason, I'm not surprised that an app whose design language is entirely dragging and dropping is not accessible.
Now let's talk a little bit about the Yoink interface. If you just want to use the shelf to drag things in and then drag them out, Yoink gets out of your way to do just that.
When you drag an item out, by default the item disappears automatically from the Yoink shelf and the shelf disappears. But what if you want to drag the same image into two different places?
Maybe you want to post something to Mastodon and to Slack. If you hover over the image after you drag it in, you'll see three little controls on the shelf. The first is an X, which will remove the item you just dragged in. The second is an eyeball that will use Quick Look to embiggen your image. If it's text you've dragged in, you normally only see a plain paper with the corner folded over, so hitting the eyeball brings up a text window showing you the text that you copied in.
[7:43] Finally, there's an open lock icon. If you click the lock, it will change to show that it's now locked, and then you can drag the same image out to multiple locations and it will never disappear.
Now, I love the attention to tiny details that developer Matthias added to this tiny interface to make it more user-friendly. If you lock an item and then you try to exit away to delete it, the tiny lock icon will jiggle to draw your attention to the fact that it's locked, so you need to unlock it before you want to delete it.
Now, I often forget when I drag an item out of the shelf that, oh man, I want to use it a second place and now it's gone. Luckily, from the menu bar item for Yoink, you can select Bring Back Last Removed Files.
Below on the right in the shelf is a little archive-looking icon with an X on it. This, icon will empty all of the unlocked items from the shelf. Remember, you can pull a lot of things into Yoink, and until you drag them out, they sit there all together.
[8:41] Now I do like the default that when I drag items out, they disappear and so does the shelf. But if you find that you almost always want to move things to more than one location, you can change this behavior. Pop open the preferences, either from the menu bar item or the teeny tiny little gear in the bottom left of the shelf, and on the Advanced tab, uncheck the box to remove items when dragged out.
Now, while we're on the Advanced tab, you can choose whether to have multiple files dragged in at the same time to be combined into a stack. You can disable the quick look previews and just the icons of tiny thumbnails. If you drag in a web page, you can choose whether whether or not to show the website's favicon, you know, that tiny little symbol like the pod feed on my site when you go to the website.
There are more options about aliases and allowing image apps to have more data about the type of image that has been exported.
And finally, you can reduce motion if that bothers you.
[9:33] On the Behavior tab, you can choose whether to have Yoink magically appear when you start to drag an item. You can also choose to have the shelf appear right where your cursor is instead of attached to the side of your screen.
I tested that out and it minimizes how far you need to drag, which is nice, but it may, also be in your way if you're trying to do a normal non-Yoink-based drag and drop.
Finally, you can have Yoink appear when you drag to the edge of the screen.
For all of these options, if you hold down the Function key when dragging, you will not see Yoink at all. It seems that Matthias has thought of all the ways you might love or be annoyed by Yoink, depending on your personal preferences, to make it work for you.
I'm glad I started writing up Yoink because I discovered a feature I didn't even know existed in the Yoink behavior preferences. You can assign a hotkey, or use the default F5, that when long-pressed will restore previously removed files to Yoink. No more going to the menus for me when I forget that I wanted to drag something to two places. If you double-press the hotkey, it will automatically save the clipboard contents to Yoink, so that's cool too.
[10:39] Finally, if there are apps for which you never want to use Yoink, you can edit a list of ignored applications. When selected, Yoink will provide you with some suggested apps. I'm not quite sure how it chooses which apps to include, but in my case, it included 42 apps out of the 181 that that are resident on my Mac.
Not quite sure what those suggested apps mean. Yoink supports several options for using force touch on Magic Keyboard.
The default is that a force click will select all files in Yoink, but you can change it to reveal the file in Finder, pin the file in Yoink, or quick look, split up the stack, depending on the file type you were force clicking on.
The option to reveal the file in Finder alerted me to the fact that Yoink is at least temporarily saving your files to the Finder.
They're buried pretty deep, but they reside in your user library containers in a Yoink data folder.
I wasn't able to find any preferences to delete saved items after a certain length of time, and I found items a couple of weeks old.
I'm not actually sure what happens over time if this folder starts to really fill up your disk.
Something to look into and keep an eye on.
On the same Force Touch tab, there's an option to provide haptic feedback when dragging into Yoink, but it didn't actually do anything for me.
[11:53] Finally, there's an Extensions tab in Yoink with some interesting options.
Yoink can be used as a limited clipboard manager by enabling Clipboard History.
You can choose to have it remember from 6 to 36 copied items, oddly, in increments of 6.
[12:08] So, you can't do like 5, you have to do 6, and 12, and 18. It's kind of an odd little thing, but that's what it is.
Now, it's not super easy to use Yoink as a clipboard manager because you have to launch the preferences, switch to the extensions tab, and then select Organize Clipboard History.
But if you open widgets on macOS, you can add a widget for Yoink that shows you that clipboard history.
I'm not quite sure how to use the widget to paste items from the clipboard manager, though.
Seems to grab the whole widget to move it, and clicking while in a receiving application doesn't seem to do anything. I'm sure there's a way to use this, because I don't think Matthias would have put it in there if it wasn't functional, but I wasn't able to figure it out.
Now I have a confession to make. I had never before enabled a widget on macOS until I went looking for what the heck this Yoink widget thing was about. At this point you'd think I was done explaining Yoink on macOS, but I found a link on the Eternal Storms website entitled Mac Tips, where Matthias walks through a ton more cool things you could do with Yoink on the Mac.
You could run Yoink from the terminal, you can copy or move files, you can add keyboard shortcuts to add selected files to Yoink, you can add PDFs directly to Yoink upon creation, and much, much more.
And I put a link in the show notes to those Mac tips that he's written up.
[13:26] I mentioned at the beginning of this article that I did a review of the iOS version of Yoink a while back and that it didn't blow my dress up. I've started testing Yoink in iOS again and it's filled with capabilities. But rather than doing a poor job of explaining it because I haven't learned it very well yet, I'm going to cut this review off here. If I find that Yoink is a good tool for me on iOS, after I actually learn it well, I'll come back and give you a new review.
Now the bottom line is that Yoink on macOS makes me feel more productive and I enjoy Stage Manager even more than I already did.
For $9 on macOS, or you can get it via Setapp, I think it's a valuable tool to have in your arsenal on the Mac.
I hope to find time to dig into all of the tips Matthias has provided so I can really up my game with Yoink.
I'd like to close this out by giving you his privacy policy because it made me smile.
He wrote, hi, my name is Matthias Ganz-Riegler. I'm the developer of Yoink.
Here's my privacy policy in a nutshell.
Your internet connection is used solely to optionally communicate with iCloud for creating icon previews, for allowing you to download URLs, and view web links within Yoink.
Yoink does not collect or transmit any data to me or third parties.
All I want to do is craft useful apps, and I'm not interested in anybody's data.", And he ended it with a smiley face.
Shure MV88+ A Microphone for Everything by Jill from the Northwoods
[14:47] Last week, Jill from the Northwoods did a rundown of some microphones she uses, and she's back with one more.
She's going to talk about the Shure MV88, but she really means the MV88+.
I'm making this distinction because the MV88 is discontinued.
It was the one that plugged into the lightning jack, and this one that she's talking about, the MV88+, is connected via USB cable, so you can have the other end be whatever you want, which is good because now we're gonna have USB-C on the new iPhones 15, and I presume that this microphone also works with Android where they've been allowed to have USB-C for a long time.
All right, with that preamble, let's listen to Jill.
I did a review of all the microphones I use. I forgot, I bought a fourth microphone.
This is the Shure MV88.
[15:39] I primarily bought this because I have this vision or this dream that I'm going to record while I'm on the road. Again, my friend and I are going to do a nature podcast and wouldn't it be great for us to either create videos or podcast episodes while we're outside looking for birds, checking out the weather, having this kind of nature aura going around us. The noises, the sounds, all the different parts of nature that I love to hear. Thinking about sitting in my tent.
[16:11] Recording podcasts. I want to have that full nature scenario. When I looked at the reviews for this particular microphone, it got great reviews. It sounded good. People said it sounded amazing for what such a tiny little microphone is. It's about the size of my thumb with the pop filter then on top of it. And when you buy it, it comes with a little tripod, with a mic stand, there are some available wind filters on it, which is pretty important when you're going out and filming nature, and it plugs directly in through a USB interface. There's no XLR at all. And like the other microphones, you can plug it directly into your Mac using USB, your iPhone using USB. Whichever way you want to go, it is portable and does everything that you need it to do. People say it's also great for live music performances, that's not my thing, but they say it just hands-down does such a great job. As with the other Shure microphones, it's managed through the app either on Mac or on iOS.
You can update the firmware, but then there's also some settings you can set with it. Some things to keep in mind, this is a condenser mic, not a dynamic mic.
[17:27] Which means that it is very sensitive. I notice I'm peaking a lot when I use this mic, so I had to back it up quite a bit. It also is omnidirectional, which means it's not going to do that thing that the dynamic mics do, where it tries to focus the sound just directly in front of you and it falls off as you back away or as you go side to side. This is going in every direction. That's not great for a lot of situations, even including podcasting, but for me, again, I want to get that ambient noise when I'm out in nature. This is perfect for that. And it.
[18:03] Also needs power, which means it's going to be using power directly from whatever device it's plugged into.
It also has the 3.5 headphone jack on the back so you can plug in a monitoring headphone just like the other microphones that you have. That's important as you're recording podcasts to hear, what it hears and so that you're doing a better job of recording. So the previous recording was done on the mic itself and it does okay with voice for sure. It picks up a lot of extra noise and I noticed the microphone is very sensitive to every noise. That's what a condenser mic is supposed to be. It's picking up everything. And it's omnidirectional so it's picking it up from every direction. I thought I'd give it a test run to show you what it sounds like when you're outside in nature. Again, that's the goal of it for me. A lot of people do different things with this mic when they need something different than a dynamic mic used just for voice. So this is what it sounds like when we're having a nature podcast and going for a hike and we're walking along in in the woods.
[19:17] So I thought it did a really good job of picking up all the ambient noise, the birds and the bees and the grasshoppers and everything that I was hoping to catch on some kind of a nature podcast.
And if you have uses for a microphone that aren't strictly for voice, strictly for podcasting, maybe a band, maybe something else, this is a really good mic. Again, it comes with a lot of materials that I can use to connect to my iPhone, cables, mounts, and so you're all set for using it for whatever purposes you have. The mount that comes with it that clasps onto an iPhone, makes it very easy for you to take that iPhone, hook it up to a tripod, and use it as a video and microphone setup.
[20:05] That's not my thing, at least not right now. Maybe it will be in the future. But again, so versatile in almost everything you want to do. And again, if you have any questions about this mic, if you want me to try testing something out for you, let me know. You can find me on Allison's Slack channel. Or you can email me at jill at start with small steps dot com. Thanks very much.
[20:28] Thanks so much for that, Jill. It really does pick up the nature sounds well.
Now, I'm recording the show right now and I'm not entirely sure what Afonica is going to do with leveling the audio for the birds chirping and the bees and stuff.
I hope it still sounds good when you guys hear the podcast.
Also, Jo refers to the tripod and phone clip and other things that came with it.
That's because she bought the full video kit for $250.
You can also get the mic standalone without these accessories for $200.
And those links are in the show notes.
Now, another thing about this microphone, if you'd like to watch a video interview that Steve and I did at CES with the Shure rep a few years ago all about the MV88 plus mic to see it in action, there's a link to that in the show notes.
And I'm going to give you one more thing. After Jill recorded this review, she was on one of her nature walks and a tree fell right in front of her.
Let's listen to the audio.
[21:39] Isn't that crazy? She sent a picture and you can see that tree is right in front of her in the walkway. The only thing I don't understand is why we don't hear her scream when that happens.
You can't hear her breath get a little bit louder as I'm sure she was anxious from what had happened, but I think that's a pretty good ad for the Shure MV88 Plus microphone.
Support the Show
[21:59] I listen to a lot of podcasts and some of them go on for minutes at a time up front doing an ad, then they break for a bunch of ads in the middle of the show. I know everyone needs to make money for the work they do, but some shows are getting close to 30% ads. Because I don't take ad money, I just panhandle for donations through podfeet.com slash patreon and podfeet.com slash paypal.
And I try to keep these to less than a minute and on often at least a one hour show.
If you can afford to help support the show, I hope you'll consider rewarding me for not running ads during the nocillicast or chitchat across the pond light or programming by Stealth.
Security Bits — 17 September 2023
[22:38] Music.
[22:46] Well, it's that time of the week again. It's time for Security Bits with Bart Bruce Schatz.
How are you on this wet day in Ireland, Bart?
I'm wet and cranky about it. I don't normally mind getting rained on because normally what happens here is the wind comes up from the Atlantic and, you know, we get wet for an hour and then it sods off. Just before work finished on Thursday, a rain system settled in.
It's still here. Oh, jeez. It hasn't gone anywhere. Apparently it'll be gone by morning.
I bloody well hope so because I'm at the end of my tether.
I had floodwaters up to the axles of my bike on my cycle this afternoon.
Really? So that was nice. Really? Yeah.
Luckily they weren't long, so I was able to coast through with my feet in the air.
Like a little kid. So I didn't get wet feet. Yeah, like a little kid.
But yeah, if they were any longer, I would have had a bit of a problem.
But I got away with it. Just two.
[23:38] But yeah, that was that was interesting. I won't mention the fact that it sprinkled on me then.
Almost got my glasses wet.
I'm sure it was terrible. Oh, no. Anyway, I'm sure I'll be fine.
Right now, this minute, having just literally got in and dried off, I'm mildly cranky, but I'll get over it. All right.
Oh, hey, security news. We have been tracking for a while the fact that the UK would like a unicorn.
Or specifically speaking, they would like to have a law that says that you have to break without lying, that they have not removed a single word from the bill, which means that they're still pounding their chests about being really hard on media companies and tech companies. But what they did was they added a clause, to the bill that says that the US government has not removed a single word from the bill. And that's a lie.
It's a lie.
So the US government has not removed a single word from the bill.
Media companies and tech companies. But what they did was they added a clause into the bill that says that assuming technology can be found which has been verified by a trusted independent arbiter as guaranteeing the security and safety dot dot dot dot dot, then they must break encryption.
So if the unicorn is ever discovered.
[25:00] Then they must use it i heard you talking about the sun let's talk apple by the way everybody should subscribe to let's talk apple where bird breaks down the month's news in a calm and retrospective way end up when i heard you talking about this i was like oh bart's just got it gotta be so happy with this that i was i was concerned about that to be honest i was i was trepidatious about what would happen if they I mean, the companies like Telegram and Signal and just about everybody said, yeah, we'll we'll leave then because we can't.
Yeah. Yeah. They were playing a game of chicken. And I, I having watched them do Brexit, which is also a game of chicken.
I sort of thought they were going to not blink and go splat.
But they blank or blunked or whatever.
[25:45] Thank goodness. Indeed. That's one bit of feedback and follow up, which brings me into a deep dive I found, or actually you found, we found, everyone found, because we've all been following the LastPass breach for quite some time. So deep dive on what's happening with those vaults that have been available for the baddies to poke at for the last, near on a year now at this stage. It was the autumn.
Give a brief description of what happened.
[26:15] Yes, so attackers broke into the backups of people's encrypted vaults on LastPass and they got away with two things, and it's very important for what we're going to talk about today that we know that they got two things.
They got the encrypted vaults and they got the metadata about those vaults.
And the metadata proves to be quite important here. So those vaults were encrypted in a way that's not really cloud safe.
So they were encrypted as if they were being stored on your old hard drive, and they were, at all points in time, the defaults were sensible. But the defaults are sensitive to speedups of CPUs.
So what was sensible a decade ago is not sensible now. And what should happen is that the values are upgraded over time.
So your vault is re-encrypted with higher standards as CPUs get faster.
So more cycles through or whatever the metric is?
Cycles. Basically, every password guess needs to be more costly. That's basically what it boils down to. So that the amount of time needed remains constant, i.e. longer than multiple thousands of years.
So like we're looking forward at quantum computing, we know we're going to have to do better on encryption to keep up with how much faster quantum computing could be.
[27:35] Yes, exactly. Quantum computing is a slightly different kettle of fish because we actually need to change the type of math we do into a type of math quantum computers don't like.
They like the math we have now and there's other math they don't like, so we just need to change our math.
But the principle is exactly the same. It has to...
It's okay for it to take one second to verify your password is correct.
And you'll notice if you use something like 1Password, when you enter your correct password, The vault doesn't unlock straight away.
[28:03] That's true. And that's because the key inflation takes so much CPU power to do a guess.
And that's why it takes the age of the universe to break in. If your unlock was instant, then the baddies could do instant guesses. So that length of time it takes your vault to unlock is how long it takes to do one guess. Oh.
Even on your shiny new M3 Mac or M2 Mac. Okay.
Yeah. So that's it in action, right? And so what LastPass did was they started updating their defaults. What they didn't do was retroactively fix them, right?
Yeah. So they changed the default for new customers, but they didn't go back to anyone's existing vault and re-encrypt it. So the people who signed up a year ago had way, way better security than the people who signed up three years ago had way, way better than the people who signed up five years ago. So kind of ironically, the more loyal the customer you were, the worse you were.
Right, right. Which is pretty...
[29:02] And the metadata contains, A, how many rounds of its password-based key derivation.
So PBKDF is the algorithm used, it doesn't really matter.
There's a certain amount of rounds you have to do to make it appropriately CPU-hard.
And that number keeps going up, but we're now way, way, way higher than we were.
And that's in the metadata?
That's in the metadata. So if they got a table... You can't guess the password.
So if they got a table of all of the vaults that they got, then they could sort it by the ones with the worst encryption.
Yes, they could.
And that's bad. It gets worse. The metadata also contains customer information, like your email address and your name and stuff.
[29:41] So they know where to try it. Yeah, exactly.
And those two things have come together in a new story that Brian Krebs did the best job of explaining.
He didn't do most of the original reporting on this, but he did gather together the pieces and tell a good tale.
So the link in the show notes is to Brian Krebs is pulling together of the threads, but he didn't do most of the legwork.
So there have been a bunch of spectacularly high value cryptocurrency thefts over the past couple of months.
We're talking six figure sums people have lost from their crypto.
I think it was 35 million total of all of the people in this pile that they studied.
And some of them lost only 10,000 and some of them lost multiple millions.
And others lost hundreds of thousands of dollars. I mean, this is serious stuff here.
And these are not people who take security lightly because they have large amounts of cryptocurrency.
So they were all using password vaults and they're all using password vaults with strong passwords.
Unfortunately, the people who are affected these breaches were also using LastPass.
And they had been for a long time, because they take security seriously.
So they ended up in a strange category where they had strong passwords, but weak encryption.
So it wasn't the worst possible scenario, which would be a bad password and bad encryption.
Each guess would be quick and you wouldn't need many guesses.
[31:11] Each guess is quick, but the attacker still needed many guesses.
So, these people's vaults were not going to be financially cheap to crack.
Because I don't know how many listeners realise this, but when you scale up CPU cycles, they always cost money.
Doing computation at scale always costs money. You can spend that money by buying a computer, shoving it under your desk and paying your money to the electricity company and or to Dell.
You can spend that money by giving it to Amazon for AWS or Google for G Cloud or Microsoft for Azure, or Linode or take your pick, right?
Give it to a cloud provider to use their computers.
Or you can give it to cyber criminals to use a botnet and to steal other people's bandwidth, but you're going to pay for access to the botnet.
So it doesn't really matter how you do it. To guess millions of passwords will cost you money.
So it again, it always comes down to follow the money because cybercriminals, they're interested in one thing and one thing only profit.
So these vaults are interesting because...
[32:21] They're not on paper the easiest vaults to crack. And so if there were no personal information linked to these vaults, these would never have been attacked or would be unlikely to be attacked because they're all got strong passwords. So they would have taken longer to crack than they would have been economically worthwhile.
But because there's also data about who these people are, the attackers looked at it from the other way around.
They went, right, well, these are all people who are active in the community, tweeting and so forth. These are crypto people, and they're in the last pass breach. Therefore, the probability that I will get something really valuable if I spend $10,000, $20,000 breaking in, is very high. They also went after people whose email address belonged to a company that is crypto. I have two questions. One is, how could they tell from the data that they had that someone someone had a long password or a strong password.
They couldn't.
So how did they know that these were expensive people to go after?
[33:25] Okay, so imagine you're in a world with no information. So imagine that you don't know the human beings that match the vaults.
The way you would do it then is that you would basically set a budget and you would say, I will try the most popular 1000 passwords against all of these vaults, and if they crack, they crack, and if they don't, I move on.
So in the absence of the metadata, these vaults could well have been attacked because they had a low number of rounds, but they wouldn't have been successfully attacked because wherever the threshold the attackers would have set, they would have, we'll try 10,000, we failed, we'll move on.
Okay, so to be clear, they didn't know that these people had strong passwords.
They started with the metadata of the email addresses and figured out, somehow found...
[34:13] Amongst this giant pile of data, which ones had crypto wallets? Yes, exactly.
So you start with the people who are either influencers in the crypto world and you try to find if they have in the crypto world or yes, or people who have email addresses from companies that work in the crypto industry.
OK, OK. Then you're also going to be an industry insider. So you'd look for Brian at Krebs dot com.
Yeah, only he's a crypto skeptic, So you wouldn't look at him, but you know, Bob at Cryptolovers.com or whatever.
Right. OK.
[34:48] And so you basically, because you have the metadata, you can find the people and then you do a different economics calculation, because now even if it costs you hundreds, sorry, even if it costs you tens of thousands of dollars to crack the vault, the probability of a big payoff goes right up.
You know, there's money at the end of the rainbow.
Precisely. So even if it costs you ten grand of Amazon Compute, which is a lot of compute. And if you do that to 10 volts and only one of them cracks open.
And if you know that if it cracks open, you get a million bucks.
Well, then you've made nine hundred thousand profit. Well, you don't know that it has a million dollars.
You've got a good bet that there's real money at the end.
Just how big it is. You're going to make an educated guess. Yeah, you're going to make an educated guess.
And the economics are such that even if you're out by a little bit, it doesn't matter.
You could be out by an order of magnitude and still make a profit.
Interesting. So on the one hand, this is bad news for anyone who is famous or internet famous or known to be a technician at a company with technology that might be of value to the Chinese government because they may pay someone to break into the vault.
But there is a silver lining here.
If you're just me or you, then our vaults are less likely to get picked on.
If we had any, I don't. are less likely to get picked on because the metadata means that they can do targeting.
[36:11] So the plebs win out because it's easier to focus in on the high value targets.
So that's the silver lining I was able to find. But it is kind of fascinating that a year ago we were saying that these vaults will begin to fall. And here they are, beginning to fall, and unsurprisingly the attackers have taken this massive ocean of possible vaults to attack, and they found the most interesting vaults to attack, and that's where they've gone.
That is interesting. Yeah, I thought the whole process that Brian described, too, of how they started noticing that the...
[36:53] They started noticing a pattern of the people who were losing money, and they started noticing, they started putting the pieces together going, wait a minute, all of these people are really good at security.
They're highly motivated and active in doing the security correctly, and then put together the pieces of what did they have in common and it turned out to be LastPass.
Wow. So these people must all be using a password vault. Oh sugar, they are all using a password vault. The wrong password vault. Yeah. So what to add one more piece of flavor to this, what they determined was that it's the, what do they call it? The key phrase, I think it's called? Yes.
For the crypto wallet is what was in there and caused them to be able to be hacked. So if they they had known if they had changed their key phrase?
[37:47] They would have had to get new wallets and basically transfer all the money from their old wallet to their new wallet. Yeah, because the wallet is a private key.
The private key basically is the wallet.
OK, so they would have had to move.
You just make a new one, right? Right. Yeah, but that's not difficult.
It would involve a tiny bit of work, but not much.
So, yeah, they could have protected themselves. And I would argue that they're not quite as security savvy as they thought they were because they didn't take that extra step.
Yes, they had a password manager.
Yes, they had a strong password.
But the moment LastWass was breached, if I had, if I had even two thousand dollars worth of cryptocurrency, I would have been moving it to a fresh wallet, let alone if I had one hundred thousand or a million. Right. Right.
You know who my hero is? The person who took this the most seriously was Rod Simmons.
Rod moved to one password and changed one hundred percent of his passwords.
He went through every single one and, you know, he had a lot, but he did it good on him.
I imagine he also ended up closing a bunch of legacy accounts and stuff.
So it was probably a really good digital screen. Close legacy accounts, though, like it's hard to make things go away to say delete my account.
That's not something that's easy to do.
Last time I tried, you can semi close them. Yeah, no, I had to do it when my grandfather passed away because I really wanted his accounts closed so that no one could take them over.
And it is a lot of faffing about, particularly on social media companies.
[39:12] But the other thing you can do is set a stupidly long password and then just run away.
Yeah, I think that's usually what people end up doing. Very, very interesting story.
Eventually they will go stale and be deleted.
Yeah. It really is, and I thought you'd appreciate going in and turning it into a deep dive.
Definitely, definitely. Some action alerts.
Really just the one, actually. Apple have issued patches for all of their major operating systems because the NSO Group is still being the NSO Group and the most recent versions of Pegasus were using a zero-click exploit.
That was in Apple's most recent operating systems until last week.
And now Apple have been told about it, Apple have patched, and so the cat is now in the lead again, and the mouse is going to go away, or we're not sure who's the cat or the mouse. But either way, patchy, patchy, patch, patch. And it was a zero-click exploit, which is the worst kind.
It means you don't need user interaction.
I'm sitting in a terrible situation, Bart. I'm halfway through creating a video for Don where I can't reboot or the screens could potentially move?
[40:18] I mean, I couldn't stress over it and I could put I wouldn't stress over I could put a transition in if it wrecked it, but I'm holding off, but it'll be a couple of weeks before I can finish.
Yeah, there's a caveat on these these kind of high value exploits these are used against high value targets so.
The probability of any of us getting caught up in this in the next couple of weeks is about zero.
Give it six months or so when everyone discovers, because no one's said how these exploits work, right?
So at the moment, they're only known by the likes of the NSO group.
Give it a couple of weeks and someone will reverse engineer them and then it'll become a problem for everyone. But right now, I wouldn't stress about it because you're not likely to have a state level actor trying to get at your video for done.
OK, well, no, I mean, my whole laptop is what I... Or yourself.
I know, I know, I know. I was being a bit facetious there, but you're still not likely to have a state level actor go after you. So you're good. Another little silver lining to pick out of this story is that lockdown mode did its thing.
[41:18] So the whole point of lockdown mode is it minimizes the attack surface by disabling lots of features. Well, the features that had the vulnerabilities were not core central features of the basic functioning of the device. So lockdown mode, with its inconveniences, provided protection. So if you were a high value target who had enabled lockdown mode, even though there was a zero-click exploit, you were safe.
So if you're a high value target, you should enable lockdown mode because it worked.
Also in the category of things working as they should, Apple were able to detect, now that they know the signature of what the vulnerability was, they could go back in time and look at their logs and find out who was doing the thing to who.
And they have now found evidence that Russian journalists were being targeted, probably by the Russian government, let's be honest.
So Apple have been able to reach out to the journalists who were targeted and say, oi.
[42:10] Was at you. So that is, again, a good thing to be able to provide that warning to the journalists in question. So patchy, patchy, patch, patch. But like I said, do it. But you probably have, realistically, you have a week or so before it's reverse engineered and everyone has these exploits.
Because it will get reverse engineered. Because once you have the patch, you basically take the current version and the previous version and you start to look for the differences. And that will will usually let you figure out the vulnerability. And then you can reverse engineer an attack.
But that takes time, which is why all of us have a few days here to get patched before we, you know.
Unless you're the ambassador to China or something, you're probably okay.
Okay.
[42:53] Moving on then to worthy warnings, the first one is just a reminder that there is definitely You.
[43:02] An interest in going after Mac users, and Malwarebytes issued a warning that there was a fairly successful campaign that was leveraging malicious Google ads to target Mac users and trick people into installing the Atomic Stealer malware that was first noticed by antivirus companies a few months ago.
The key point here is this is social engineering attacks to trick you into hacking yourself.
So ever-present vigilance is a very good protection against this kind of attack.
And they will take out an ad and it will be seen by hundreds of thousands of people.
They know they're only going to get like 0.1% success rate, but that's again value for money there because it doesn't cost much to run an ad.
So just try not to be the 0.1% by just don't install stuff just because the ad tells you to.
So are malicious Google ads a thing? I mean, is that a?
[43:59] I didn't expect Google ads to be malicious. I was hoping not.
Well, they're not. OK, so they're not. The ad themself isn't malicious, but they buy ads on a search term and then take you you to a fake solution to whatever it is you're searching.
Oh, OK. Got you. Got you.
OK. Which would be. So you might say I'm offering a.
For Google to keep to zero.
Exactly, exactly. And again, you don't have to last for long.
You're only trying to get a point one percent return on these things.
So if you can keep your ad up for a day and you know that ten thousand people click on it and one of those ten thousand is all you need to make a profit, well, chances are pretty good.
Yeah. Don't be that one. follow the money. Yeah, don't be the one, basically. So ever-present vigilance is really what it boils down to. And then we had a tip from Nosilla Castaway Grumpy.
Also known as Mike Price.
[44:54] Thank you. Actually, was it? Maybe I have the wrong nickname, but the Macedon handle had Grumpy something in it. If I have the wrongness of the castaway, I apologize.
Okay. Grumpy is Mike Price in the live chat room and in Slack. So I just assumed that's where you got it from. But okay. Anyway.
It was via Macedon. And someone, yeah, sorry, apologies. Yeah, it's aliases. Anyway, Anyway, there is a social network that might someday take off called Blue Sky. It is by the guy who founded Twitter. He's having a second go. It's an attempt to be a federated network, so sort of trying to be mastodon only instead of it being open source. It's for profit, so probably not going to go as far. Anyway, that exists and a researcher found a bunch of the relatively minor security issues and tried to report them and isn't getting anywhere. So he published the experts on GitHub.
[45:53] Oh, wow. So you should be aware that on BlueSky, at the moment, based on these two vulnerabilities that are published on GitHub, you can make a link go somewhere different to what it looks like it goes to. So that is useful for social engineering. But again, ever-present vigilance.
If you're in the habit of always checking the URL you have arrived at and never assuming it's the URL you clicked on, you will be fine. And I would say to people, always check where you arrive, because that's not necessarily where you think you arrived. So that is the warning links on blue sky may not be real.
[46:31] Beware. Notable news then. This is not a happy story. Mozilla have done a thing for quite a few years where they have looked at various technologies and given them an evaluation for their privacy and they've been expanding. It's sort of almost like a consumer reports, but for privacy. And they started off with apps, I think browsers and mail clients, and they've been expanding into, you know, home automation devices. They've sort of been bit expanding and expanding and expanding. And they expanded it out to include cars.
And I am very sorry to say that zero of the 25 auto manufacturers they checked are doing even what Mozilla considers to be their baseline on privacy. The lowest acceptable on privacy.
All of them gather more information than they need, none of them gives you control over that information, they all sell it to third parties and there's an awful lot of ambiguity about what's actually collected.
It's probably the case that they're asking for rights for more than they're actually collecting.
But one of the manufacturers gives themselves the right to collect information on your sexual activity.
[47:51] Yeah, it was Hyundai or Kia, one of those foreign ones. That is actually in the thing that they have the right to collect that information. It's in their terms and conditions. One assumes that was a lawyer, so we're doing a little bit too much CYA, but maybe it's...
Come on! Well, think about it. I know some of the cars, I think Tesla has this, that they have an internal camera that they could turn on and collect that data from the camera and they might see things going on in the front seat that included that.
Yeah, but the privacy policy should say that they'll delete that, as opposed to saying they have a right to keep it.
Oh yeah, I'm not arguing that half of it, I'm just saying where that could have come from.
[48:37] So really what's happening here is that no one has shone a light in this corner yet.
Mozilla have just shone the first light.
Now all the pressure is on the car companies to not be so bad at this.
So I would imagine that next year's report will be less bad and the year after this report will be less bad.
And, you know, the cockroaches are scurrying away from the light as we speak.
But this first report was terrifying reading.
It was so terrifying that Mozilla broke it into two pieces. So there's a report on what they found and a separate report on how the data is collected by the different car.
How how it is that a car company can collect all the data they describe being collected, because that's actually a different question, right? What you're collecting, what you're doing with it versus how you're doing it are different questions.
So there's two links in the show notes to the two different reports from Mozilla on the what and the how.
They're fascinating. I did read all of them. I read both of them end to end.
There was no smiling done as I did any of the reading. I was looking...
Some of it's got some fun snark. I was just scanning through and I don't see, at least in the link that I expected to, that it would say by vehicle manufacturer what they're doing.
The actual website will break it down by dings, which is what they call it.
Okay, so starting with a ding tells you which company's got that ding, as opposed to start with this company, what dings did they get?
[50:05] Well, you can do both. So there is actually a database. It's their website has a whole section on all of their ratings of all of the technology and the car companies are now in that database. So there is a master site, which I guess I should have linked to as well.
But these two articles are just explaining the research for how they populated the database with this new category. 84% share or sell your data. 92% give drivers little to no control over their personal data.
Nice!
And was there any information... And the two companies that do give people... Go ahead.
[50:40] I was going to say, the two companies that do give you an off switch are both in Europe, and the assumption is that GDPR is requiring it. Well, that's kind of what I was wondering.
That was going to be my second question, was whether GDPR gets into this at all.
Actually, it's interesting. It gets mentioned along with the California Consumer Privacy Act, CCPA?
Yeah, CCPA.
Because the reason that they know enough to know how bad it is, is because they have to to tell us what they're doing because of the CCPA and the GDPR.
So without those, it would be even more opaque than it is now.
Oh, Tesla wins. It's only the second product we've ever reviewed to receive all of our privacy dings.
[51:24] Clean sweep, sweep the board. Yeah, that didn't make me happy when I scrolled down to 25, waiting for the Tesla logo, going, I'm still scrolling, I'm still scrolling, I'm still scrolling.
It's a pity Renault don't make decent EVs, because they're at the top of the list for the least bad. What company?
But they make terrible, terrible EVs. Renault.
Renault. That's what we would call it. Okay, got it. Oh, well.
Having a light shined on it, cockroaches and all, that's the answer, right?
[51:57] It is absolutely the answer. This is step one of this will get better. But there is a lot of room for improvement here. Arguably a lot of low-hanging fruit, so maybe this will improve dramatically, quickly. The other big notable news story is that it is now official. We have the list of gatekeepers for the European Digital Markets Act, or DMA. And on the one hand, it's very much what you expect. The companies involved are alphabet... Explain gatekeeper again. Wait, explain what a what a gatekeeper is one more time.
Okay, so within the Digital Markets Act lays rules of the road for digital marketplaces of all kinds, and there's two sets of rules.
There's the baseline rules that everyone has to obey, which are not, I mean, they're not bad owners, certainly compared to GDPR, they're not all that dramatic.
But if you're in a position of sort of power over the market what in America you might call a monopolistic like position, you have to follow extra rules.
You have to follow stricter rules because you're in this position of control over an entire market.
And the phraseology the European Commission used to describe these companies with extra power are gatekeeper, which is probably a nicer word than monopolist.
[53:14] Right. Gatekeeper is kind of more descriptive of what these companies do.
Yeah, because without going through their gate, you can't have access to.
Precisely. OK. The markets.
Yeah, exactly. So it's not a bad word.
So on the one hand, I don't think anyone is surprised that the gatekeepers are Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft. But that's missing something important that I hadn't quite registered.
The European Commission don't define gatekeeper at the company level.
They define them at the service level. So it's not that all of Google is a gatekeeper or all of Alphabet or all of Apple is that Apple are gatekeepers in specific things.
And Microsoft in specific things. So when you break it down, it's actually more interesting.
So for your social networks, we have TikTok, Facebook, Instagram, and LinkedIn are the only four social networks that meet the grade.
Microsoft lobbied really hard to have LinkedIn removed, and they failed at that lobbying attempt.
[54:19] The one that's really interesting is the Messenger apps, because there's only two of them, WhatsApp and Facebook Messenger.
The graphic that you have says N-I-I-C-S. That's French for messenger.
Yeah, I can't figure it out. It's messaging apps, I cannot figure out the acronym.
So Apple succeeded in not getting the iMessage in there, because I know they were lobbying about that.
They were, and that's a big deal, because that means that the interoperability requirement is only on gatekeepers.
Right, so Apple doesn't have to open up iMessage.
Correct. That is a big deal. Video sharing. There is only one gatekeeper. It's YouTube.
Search. One gatekeeper. Google search. Browsers. Very interesting. Microsoft are not on the list. Which a decade ago, you know, or two decades ago, that would have been hilarious that Internet Explorer would not have been a gatekeeper. But there are only two gatekeepers.
Chrome for basically everything that's not iOS. And iOS because on iOS, the Safari engine is required. So even Firefox on iOS is actually Safari with a different skin. So Apple are absolutely gatekeepers there.
So I have a question. The interoperability was what we were just talking about with messaging How is there not, I don't understand interoperability when it comes to a browser?
[55:40] It doesn't exist when it comes to browser. The interoperability clause only applies to messaging apps.
Okay, so what is the browser clause? How are you... I thought this was all about interoperability. Apparently not.
No, no, no. It's about not abusing your monopoly position. So each of these categories is addressed in the law, and there are rules for operating systems, and there are rules for ads, and there are rules for browsers, and there are rules for messengers. And the messenger rules say you must be interoperable.
Okay, okay, I got you. That's kind of sad for the Bing team, though. I wonder if they're like, aww. I'm not Bing, sorry. The Edge team is what I meant. Yeah, just like, aww.
The Edge team. Yeah, we're not big players anymore. In terms of operating systems, obviously Windows PC OS, iOS, and Android.
[56:28] Makes sense. Anyway, it's an interesting list. And Apple get to be named as gatekeeper three times, the App Store, Safari and iOS.
That's surprising. Under ads, Google, Amazon and Meta.
That's surprising. Yeah, that's kind of what you expect, right?
So it's interesting. The big news to me is the blue bubble, green bubble is not going to be forced out of existence by Europe.
America could force it out of existence with all the various things being considered in Congress, but right now everyone's hope was on Europe and Europe have not done it this time.
Yeah, I... So, there we are. I have a lot of big feels about this as we talk about with toddlers, big feels.
You know, on the one hand, kind of be nice if that was just solved, if we just had interoperability across the board, but if they made iMessage stupid, like all of the other protocols, or the non-WhatsApp, non-messenger protocols, then that would be terrible.
Yeah. If it's done well, it could be fantastic for everyone.
And if it's done badly, it will be awful for everyone.
So be careful what you wish for is kind of where I'm going on some of this stuff sometimes. Yeah. So anyway, without a doubt, this is the biggest security news or privacy.
This is the biggest privacy news since last we spoke.
And this is definitely the most important story.
[57:50] A story that I'm going to say, stick a pin in this. So the Department of Justice in the United States has a large antitrust case against Google, and it made a few headlines because their court, their physical presence in court started.
The case has started.
It is in the courtroom.
And so opening arguments have been delivered. The US government accused Google of knowingly doing anti-competitive things.
And you might be tempted to think, oh, great, it's almost over, right?
This case has come to court.
If it goes to schedule, It will be a month and a half until they finish arguments.
[58:27] If it goes to schedule. So I'm just saying to people what we're seeing now, the few headlines you may have seen, this is just the start of it.
I haven't heard what specific illegal things are they accused of this time.
Oh, it's a long laundry list. It includes the deals to make Google the default.
[58:50] Like the billions of dollars they paid Apple and so forth to make Google the default as part of of the case. Another part of it is that Google rigged the ad system in such a way that it was so they were running the ad trading system and selling the ads and representing the advertisers.
They were representing everyone in the transaction.
And the way they had that done, there was some really nasty shenanigans.
I don't remember the technical detail off the top of my head. Yeah.
But I remember it being very complicated. I remember it being a hang on a second.
How could you play every side of this? And they were.
And that's also a part of the case. Did you ever see the I Love Lucy where they go to some little town, I forget, maybe they get a ticket or something like that, and the police officer that gives them the ticket, and then they have to go to court, and it's the same guy, and then they check into a hotel, and it's the same guy, and he just keeps like changing his hat throughout it.
That's sort of the picture with Google. It's also interesting in the context of Apple that a massive percentage of their services income, I think it is, is from Google for the Google Google search payments they get.
I don't know if it's in services, but it's in one of the piles.
[1:00:02] Certainly about five years ago, a very large percentage of services revenue was that, but Apple have been sort of trying to back that off, which is why you have stuff like the Apple one subscription.
So Apple is changing the the shape of the pie chart to make that Google payment take a smaller chunk of the pie.
But it used to be said to have the pie Percentage-wise, they've just increased their other revenue.
They haven't reduced how much they're taking for Apple.
Yes, precisely. So they're changing. So I guess in terms of how exposed the business is, they have been reducing their exposure.
But in raw dollar amounts, they're still taking giant wadges of cash.
It's just they're taking even bigger wadges of cash from other services they're, selling, like all the Apple TV stuff, you know, they're doing a lot in services.
[1:00:49] So that's also like I say, that's that one is still brewing.
That will be a big story at some stage. But right now it's just brewing.
And a story that is notable for people who care about these things.
Apple have released their latest report on law enforcement requests.
To be honest, I struggle to find a headline other than the numbers look exactly the same as last time. It hasn't gone up.
It hasn't gone down. It's still what it was.
So Lincoln show notes, dig in deeper if you'd like. But that's, you know, that's sort of all really I could think to say about that.
Which brings us to some palate cleansing. And I have a double one because you were away doing fun stuff.
So you didn't have time to make palate cleansers.
You were having fun. So I have a double one.
So if you're in the British Isles, I'm afraid to say half of this is not all that much news to you because you are aware of the sci fi comedy series called Red Dwarf because it is a British stalwart, the absolute treasure of the British Isles.
Very rare to have a comedy sci fi series, by the way.
But you're going to enjoy the podcast episode anyway, because it's an interview with one of the main writers of the show. So even if you love Red Dwarf, you'll love the interview linked in the podcast episode. So there's one for the British people.
American people. The premise of this podcast episode is that the writer's strike means there is going to be a drying up of new television. So what are you going to watch? Well, Imaginary worlds is a podcast about basically fantasy and sci-fi.
[1:02:18] And the host had the previous episode of this one was asking listeners what they would recommend of stuff from the past to watch while we wait for new stuff.
This episode is his recommendation.
And that's why he was able to get the interview with the writer and stuff.
So basically, he spends this episode talking to the people behind Red Dwarf, explaining Red Dwarf to people not on the British Isles because it's it's a wonderfully weird show.
And selling it to you, basically. So it's a really fun podcast episode.
It's a really fun sci-fi show. It's a great interview with the writer.
And the actual podcast series, Imaginary Worlds, is a great podcast series.
So even if you know about Red Dwarf and even if you already know who the author is and you don't want to listen to it again, the podcast itself is a good recommendation, too.
So maybe it's three tips in one.
But anyway, there you go. It's an important podcast to listen to.
To get it cleared, Imaginary Worlds is the podcast recommendation, the Red Dwarf is the TV show, the British Isles TV show we should be looking for, and the interview with the writers of Red Dwarf on Imaginary Worlds is the specific podcast episode you're recommending.
[1:03:29] Precisely. The link goes to that episode of that podcast about that show.
Very cool. Yeah, definitely set that out. Yeah, we're getting a little worried. Luckily, we're busy watching old TV anyway. We're over finishing up West Wing and we're watching Family Ties. Steve is watching Sopranos for the first time, so we're good.
[1:03:50] I envy people who are watching the West Wing for the first time. It's so good.
Steve is watching the West Wing Weekly, or listening to the West Wing Weekly, which is a podcast with a lot of people who are on the show and writers and things like that, and he's really enjoying listening to that along with it.
And he's doing the same thing with The Sopranos, so yeah, that's a good time.
Yeah.
[1:04:11] There we go. Okay. Well, that's what I got for you. All right.
Well, that was good. I like the deep dive, not too much horror going on this week, and I think probably the The most interesting thing you told us about was how the DMA gatekeepers thing fleshed out. That graphic you inserted is fantastic.
Excellent. Well, until, I think, I think we're on a normal schedule two weeks from now.
So until then, folks, whenever it is, because goodness only knows what Allison's travel plans, but whenever we're next talking to each other, until then, remember, stay patched so you stay secure.
[1:04:45] Now, if you're an avid and alert reader of Bart's Security Bits articles, you may have noticed that his emoji, for the most part, are no longer showing in his show notes. We, know why, but we haven't figured out the right path to fix it just yet. Turns out it's a database encoding problem that's causing them to disappear.
Now here's the weird thing. Bart's Let's Talk website, which is also on WordPress, is having the exact same problem. Now, we think we can fix it with some jiggery-pokery in MySQL, but we don't know what caused it, so we're still on kind of an investigative path. What What would have caused this encoding to change?
We know the date.
It was between July 9th and July 30th that this problem started, but not knowing why really bothers us.
We did want to apologize for any distress this may cause you, but do know that it bothers BART more than anyone else.
Well, that's going to wind us up for this week. Remember, there is no live show next week.
Don't forget, no live show on, what is it, September 24th. In the meantime, though, did you know you can email me at alison at podfeed.com anytime you like? If you have a question or a suggestion, just send it on over. I do need a couple of more articles. I've got like two or three more trips, little trips coming up, and I could use a little bit more help. We're going to to be going to an annular eclipse pretty soon in less than a month, I think, so I need a little bit more help that weekend, too.
So if you can email those to allison at podfeet.com, your reviews, that would be fantastic.
[1:06:12] You can follow me on Mastodon at podfeet at chaos.social, and remember, everything good starts with podfeet.com. If you want to join in the fun of the conversation, you can join our Slack community.
We're at podfeet.com slash slack. You can talk to me and all of the other lovely Nocellic castaways there.
You can support the show at podfeet.com slash patreon, or with a one-time donation at podfeet.com slash paypal, and be happy that there aren't ads in the no-solo cast or any of the shows I produce.
And if you want to join in the fun of the live show, head on over to podfeet.com slash us live on Sunday nights at 5 PM Pacific time, except not next week.
[1:06:45] Music.