NC_2023_11_12
[0:00] Music.
[0:11] 2023, and this is show number 966. Well, this is gonna be a nice big beefy show, but a lot of it was produced in a little bit of a different way.
I've got an article by me, but Jill and I did a little conversation where we talked through something rather than her doing a monologue about it, and that's a really great segment.
And Bart's got security bits, but it's a solo security bits, because this week my grandkids, a whole bunch of them came into town.
I was missing two, but we had Kyle and Nikki and Teddy and Lindsey and Nolan and Forbes and Sienna here and Had a big play weekend And so I needed a lot of help and so we got there in the end and I think you're gonna like it It's gonna be a lot of fun.
So let's get started last week I forgot to tell
Cordkillers 478 - Intermi-should (w/ Allison Sheridan)
[0:53] you that I was on cord killers again with Tom Merritt and Brian Brushwood This is a great podcast that I really love It's all about TV and movies and they really try to emphasize watching what you want When you want to watch it and how you want to watch it So they talk about what technologies to use or what kind of channels to get to be able to watch the things you want, but how to make sure you get the content that you want. And it's really, really fun.
We talked about recent surveys of teens and young adults that found they would like less sex and romance in their content and more friendships and platonic relationships. That was pretty interesting discussion.
[1:27] We also talked about whether Martin Scorsese's insistence that people sit through his three -hour and 26 minute movie without an intermission is reasonable and why directed David Fincher might not want to make a sequel to the social network.
It was great fun and I really felt like I had a lot to contribute in this episode.
I'm kind of intimidated by these guys because they watch everything and they know all these details about who's making the movies and who's in the movies and how they were made and they know so much more than I do, but I felt like I held my own this time.
Anyway, you can find Cord Killers in your podcatcher of choice, of course, but you can also look for episode 478 or search for my name in the title.
And of course, I've made it easy for you by making the chapter title in the show notes, a direct link to this episode.
Migrating from DVDpedia to Under My Roof
[2:08] In 2009, on episode 195 of the Nocillicast, listener Scott Patz suggested I take a look at an app called DVDpedia from Burgi to catalog and organize my DVD library.
I tested it out, and I reviewed it for the show, and I loved it.
And I've been using it for the past 14 years.
Now you may wonder why we catalog our DVDs, now Blu -ray and UHD discs, and it's the same reason I catalog our expensive belongings in our house using the awesome under -my -roof software from binary formations.
If you have a fire, flood, earthquake, or theft from your home, the insurance company is far more likely to reimburse you for your belongings if you have some kind of proof of what you owned, and not just a paper receipt.
If you have a small collection of physical media, this wouldn't be a concern, but we have over $10 ,000 worth of discs in our collection, so it's worth a little bit of effort to scan them in when we buy new ones.
Steve also rips our physical media to our Plex server, and we use a customized field in the DVDpedia database to mark which items have been ripped.
In my mind map of doom, trademarked Donald Burr, for my nuke and pave process, DVDpedia isn't a mission critical or even a high priority app because I came along for a while without it, but it always has maintained a position of importance to be installed before I consider the pave complete.
[3:27] As you know, when I do my true paves, I install every single app from scratch.
DVDpedia is listed in my mind map as being in the Mac App Store, but imagine my surprise this time when I went to install it and I did not find it there.
I went to Brugie's website and I used the download button there, but then I noticed a very sad word. It said, sun setting, next to it.
Just a week or two before I went to download DVDpedia, developer Connor had announced that he was stepping back from programming and was going to prioritize spending time with his family, and therefore would be sunsetting all of the Pedia apps, including DVDpedia.
I can't say that I was super surprised about this, as development seemed to have stalled many years ago.
While it still functioned as well as it did on day one, there hadn't been any new functionality or even a new coat of paint in a very long time.
[4:15] Even though DVDpedia continues to function, I knew it was time to move on.
In fact, the sunsetting of DVDpedia gave me the push to do something I'd been contemplating but was too lazy to start, and that's moving all of my DVD collection into Under My Roof.
I've been thinking about it ever since I did a ScreenCastsOnline tutorial about Under My Roof, and I scanned in our Star Trek discs to demonstrate how to create a collection.
I'm not sure this will be a story that helps you in your own life, but the transition between these two apps showed me that both sets of developers had made a significant effort to ensure data portability.
DVDpedia made it easy for me to export the data, and with a smidge of hand -holding, Under my roof made it easy for me to import the data.
It was kind of a fun exercise, so I thought I'd tell you about it.
The DVDpedia main window is filled with useful information.
There's a table containing all of your DVDs and it has columns that you can drag around, hide, reveal, and even create to make sure you have all the information you like to see at your fingertips.
At the bottom you can see the details of the selected DVD including album artwork and on the left you have any groups you've created.
Across the top is a typical set of menu icons to add, delete, and edit your database, but the one that was delightfully obvious was a nice big export button.
[5:31] DVDpedia has so many export options, it's crazy. I really shouldn't dwell on how cool DVDpedia was, but you could even export to HTML and it would build these beautiful web pages with images and descriptions of the movies.
Anyway, one of the options is to export to text, and you can set it to export to CSV, which stands for comma separated values.
On my first export to CSV, it seemed to be missing a lot of the information I was hoping to get. I was bummed, especially knowing that support emails would not be returned.
But then I went back to the export window and I actually read what he had written.
It says, the tab and CSV exports are based on the columns shown in the list view.
[6:10] Okay, I went back to the main menu, main window I should say, and sure enough, I didn't have the columns visible that I was looking for, couldn't figure out why they weren't showing.
It was simple enough to turn them on and do a new export and I had a good CSV file with all of the details I wanted.
You probably remember that I'm a huge fan of Under My Roof as my inventory for everything in my home and everything about my home.
My latest article about all of the awesome capabilities was just this year in April.
I figured that as well -written as this app is, it was bound to have an import function for my CSV file.
But for the life of me, I could not find it.
I wrote to Diane, my contact at Binary Formations who does all of the spectacular documentation By the way, her husband is the developer.
And I asked Diane, where do I find an import button? I was really hoping to find one in here.
Well, it turns out, under my roof is all in one window, and it has left sidebar navigation for how you want to view your stuff.
It has tabs across the top, depending on what you're viewing.
It's got separate columns for information and plus buttons in different corners, and even a three -dot menu in a circle.
But none of these revealed anything about importing data.
When I wrote to Diane, she got back to me very quickly, and she patiently pointed me to the hamburger menu in the upper left, which takes you to the Options pane, where there's an Import button that allows import from CSV.
[7:29] I don't know what it is about this hamburger menu that reveals the options pane, but I never think of looking there.
There's a whole lot of stuff in there. Remember, I did a video all about using this tool, but I don't think to look there.
There's something about it. My brain is blind to the information that's hidden in there, so I never think to do it.
But anyway, I'm also glad I wrote to her first because she made a suggestion that was invaluable in what I was trying to do.
Since I have a lot of data in my under -my -roof database, importing nearly 400 new records could be quite messy to clean up if I made any mistakes.
She suggested that I create a new home, which of course I called Delete Me Home, and import the DVDs into that home first.
That way if anything got messed up, I could just select all, delete, and try again.
Now I said earlier that you probably wouldn't learn anything from this story, but I lied.
That's a really good thing to put in the back of your brain if you ever need to import data into an existing database. database.
I'm guessing a lot of the Ocillocastaways have had to do that, and I'm guessing all of them learned this the hard way, and they probably have great horror stories that they should tell me.
Well, anyway, Diane pointed out to me that Under My Roof comes with a category for DVD Blu -ray discs that has a custom field layout that includes fields like Director, Actor, Studio, all those great fields.
She told me how to edit the field layout to customize it to make sure I had all the fields I'd need that would be incoming from my database.
[8:51] Importing the CSV brought up a window to map the fields that Diane had told me to make sure I had available.
I went back and forth a bit until I had it all lined up beautifully, with title matching to title, genres matching up, and directors, and more.
While I had it all lined up beautifully, it failed to import with an error that said, you must have a field that the items name in order to import items from this CSV file.
[9:16] And I read that over and over and over again. You must have a field that the items name in order to import items from the CSV file.
Well, I wrote to Diane and I said, I'm pretty sure that's not a sentence, and I don't know what you mean. So I had to bother her.
And, you know, she really should stop being so helpful because it's easier to ask her than bang my head against the wall trying to figure it out myself.
[9:40] The one thing I don't like about all the databases I've dealt with, and I get caught up on this every time, is the first field is always like a sacred field.
It means something to be the first field.
All the other fields, you can rearrange them, do whatever you want, but that first field, it's sacred.
As Diane patiently explained, the title of the movie had to be called Name, not Title.
Well, it was quick work to change the CSV file, just change that top word from Title to Name, and then it would match what Under My Roof wanted, and then it imported beautifully.
And I think she's also gonna fix the grammar. She's really good at being precise on grammar, so I think she appreciated that tiny little help from me.
Anyway, Diane had also explained to me earlier that the images from DVDpedia would not import, since CSV files can't contain images.
So the CSV file came in fine, but I didn't have the images.
[10:30] After I moved all of my DVDs from my Delete Me home to my real home in the DVD category, it was time for the incredibly tedious and not fun but terribly boring part of this project.
One of the many export options in DVDpedia is a .dvdpedia file.
A quick right -click to show package contents reveals an XML file of all of the data and a folder of all of the cover images.
Now a backup export can also give you the same thing, but the images are a little bit more buried.
Now, here's the sad part. The DVD cover images are labeled 1 .jpg, 2 .jpg, 3 .jpg. So that would be okay if the cover images happen to be alphabetically sorted but just had numerical names.
Sadly, they're numerically in the order of when I added the DVDs to my database in DVDpedia.
[11:22] So they're not in order at all. Now, the import process as a result was quite painful.
I put DVDpedia at the top of my screen with Under My Roof below it.
I selected the DVDs category in Under My Roof and I selected the tab for photos so it'd be ready to drag in those images.
Now to the right, I opened the Finder window to the right, on the right -hand side in List View, and I set the view options in Finder to make the larger icons so I could sort of see the images.
I would then select an image file, hit the spacebar to bring it up in QuickLook.
Now I could see clearly that 1 .jpg was whatever movie, Lion King, let's say.
And now, in the Under My Roof window, with the DVD showing, I could use the search window to type in the fewest number of characters I could think of to quickly find that movie.
My right wrist had been hurting over the course of that week.
It's better now, but it was hurting, and so just typing a couple of characters was making me crazy and especially having to do it over and over and over again.
So I wanted to type the fewest number of characters.
Now, once I got the fewest number of characters to get that movie to pop up and under my roof, I could drag the JPEG from the Finder window into the Photos tab for the Lion King DVD.
Okay, that's one done.
[12:36] I had 378 movies to do. Anyway, so since I'm still in the Finder window, I can use my arrow key to go down the next DVD and the Quick Look image will change automatically.
No need to spacebar in and out of Quick Look.
Well that worked most of the time. Every once in a while the image would be super high resolution so it'd fill up my whole screen so I'd actually have to spacebar out of Quick Look to see the images to drag them into Under My Roof.
Now back to the Under My Roof window, I have to select the area, the text area in search and do another search.
[13:08] So I can't just start typing. I can't like Command F and start typing.
I have to actually go into the text area and select the text.
There is a little X to remove the previous search, but it doesn't auto -select the text, so it was easier to select it every time. Again, tedious.
Actually, I did this so long, I moved my trackpad to my left hand because my right hand was getting so sore.
Anyway, you might be wondering why I had DVDpedia open at the same time with Under My Roof and all these images.
When a handful of cases I found either mistakes or missing information or duplications of media that I needed to cross -check, so I was sure glad DVDpedia was still working for me.
In the show notes, I made a little silent movie showing the tedium so you could feel my pain.
And I want you to note in the video you can see that we have these 378 items in our collection so I repeated this process that you're going to see in the little movie 378 times.
I really want you to feel my pain. It was terrible.
I also put a screenshot in the show notes of how the DVDs were displayed in DVDpedia and how nice they look in Under My Roof.
[14:08] Now, talking bottom line here, you may all think I'm nuts for going through all this work to track physical media when everything's available on streaming, but we really like our physical media and we also really like being able to look up which movie we're looking for to see if we really own it.
Like I was going through this and for some reason we only own Toy Story 3 and Toy Story 4. What happened to Toy Story 1 and 2?
I think I need to add them to my Christmas list. That's what I need to do.
Well anyway, it only took me a few sessions to do all of this and now I'm very happy that everything under my roof is in Under My Roof.
I'd also like to thank Connor for 14 years of support for DVDpedia and for making it so easy for me to export my data.
Jill from the Northwoods Talks Focus Modes for Emergencies (no blog post)
[14:48] Music.
[14:56] Well, I was chatting, as I often do, with my good friend Jill from the Northwoods over on telegram and she started telling me a story about an interesting problem that happened when the father of a friend of hers ran into an emergency situation and wasn't able to get a hold of his own child and ended up getting a hold of Jill.
And she wanted to explain why this happened and what these people could have done to have allowed this person to get a hold of them in an emergency.
So welcome to the show, Jill.
[15:25] Hi there. It's good to see you again. Yeah, we thought you could do this as a standalone thing, but I have a lot of questions.
So I wanted to be in the middle instead of writing to her afterwards and going, but what about this? What about this? What about this?
So I'm going to just interrupt you as you explain the whole story. How's that sound?
That sounds great. All right. Well, it happened about a month ago and my phone starts ringing in the middle of the night and I use the focus mode of sleep so that I don't hear anything happen.
And so I was caught a little bit off guard, like, what is that?
Pick up my phone, and it was my friend's father.
Now they are older, and his wife, my friend's mother, has not been feeling very well lately and has had some urgent care kind of events.
Calls me, and he's in tears, and he says, well, I've tried to call my children, and none of them are answering me, and so I live a block away.
So get dressed, I head over there, and I check in and see what we can do.
And so I realized, how come nobody else was answering my phone?
So when my friends woke up, I said, I am with your parents and she is sick and, you know, where are you?
Why didn't you answer my phone? She goes, well, Recently, they just got rid of their landline, and so now they're total iPhone users.
[16:44] And they put it in the other room. They put their phones in the other room.
And not only that, they turn them off because they don't want the phones ringing and blinking and doing all these things.
And I said, well, you are new to not having a landline.
That's not acceptable. We have to get you set up so that people can reach you when they need to in an emergency.
[17:04] So that's That's how it started. This is going to start getting into a combination of the regular old do not disturb and what's now called focus modes, right?
Right. We're going to say up front here, Jill is not proclaiming to be an expert in focus modes.
Right. This is like a whole field of automation you can create where like when you're podcasting something happens or whatever, but this is more of a practical, what can regular people do for regular situations that might arise like this to help them out?
Yeah, absolutely. and I started talking to people at work and starting to ask them, do you have your phone set up so that if someone were having an emergency, they could reach you? Oh, no, no, I turned my phone off.
Or, okay, nobody knows this. Nobody has any idea that you can use focus modes and other methods to break in in case someone has to get ahold of you.
And so that's what we thought we'd talk about today. Yeah, so what's the simplest form of what you're talking about that somebody could set up to make sure that they can be contacted in an emergency?
Right, the simplest and most bulldozer -y way of doing this is what's called emergency bypass.
And you can find that by going into the contacts app, selecting a contact, clicking edit in the upper right hand corner of that contact, and just a little bit farther down there's a setting called ringtone.
And when you select the ringtone, the very top part of that screen says Emergency Bypass.
[18:31] And it will still respect the haptic selection. It will still respect the ringtone decision, if you've picked a special ringtone for the people close to you.
But what it will mean is that sound will come in through any focus mode, through any silencing method.
It is a bulldozer. It will just come in.
[18:52] And so it is. This is, let's start by complaining about Apple hiding emergency bypass under ringtone.
Right. I don't set ringtones for people because by and large, my phone doesn't ring anyway.
And I don't need a separate ringtone for separate people.
But I would have never in a million years thought to look under here.
So I'm reading, oh, by the way, this is on the phone. This doesn't work on your Mac, even though your Mac may respect this setting.
There's no ringtone setting on the Mac in contact.
So on your phone, I wonder if it's on the iPad. I don't have an iPad close by.
But going into edit on the ringtone, then the first thing is this toggle that says emergency bypass, and I'm going to read it out loud.
Emergency bypass allows sounds and vibration from this person even when the ring switch is set to silent or when a focus is on.
[19:42] So if I've got the ring switch set to silent, it'll come through with a haptic instead of the ringtone?
That part I don't know. I think that I don't see ringtone none.
So I assume it'll do both Okay Yeah, it'll ringtone on your phone and haptic on your watch.
So this is specific. Okay, maybe that's it So this is specifically someone makes a phone call.
This has nothing to do with they send you a text message This is just about a phone call.
I think I believe so. Yes Okay, so that's the bulldozer II Maybe this is one person that one always allowed to get through like right like this person's father or mother That might be a if you've got an elderly parents, that might be a great one to put in.
[20:30] Child away at school They're never gonna use the phone unless it's an emergency right because they don't use the phone, right? All right.
So is there a more nuanced thing we can do next?
So my friend then said well, they call me all the time and I don't want them to just get through you know, sometimes I'm speaking, sometimes I'm on a Zoom call.
And so, isn't there a more nuanced way of doing this?" And I said, there is.
And this is the way I do it, but you can set up your focus modes.
And focus modes are setting that exist in the entire Apple, Landscape it's on the mac it's on the phones it's on the ipads and you can even set them up so they all share the same focus mode at the same time so if you're going to sleep maybe all your devices then respect that sleep sighting.
[21:18] I love this one of my favorite things is that if i on my apple watch if i use the side button and then i tap on the do not disturb and type.
Well, I have to tap 28 times now because these silly focus modes everybody's so excited about, but then it stops my phone from doing anything in my Mac.
So I can do all three very quickly right from the watch or whichever one's easiest for you.
Right. And so it can do things, like I said, a lot of productivity people set their wallpapers and do exciting things with it so that they can focus, which is the idea of the focus.
But now we're talking about emergency settings, someone trying to get through.
I said, there is another way and this is how I do it. At that time, I didn't have anyone as an emergency person, so I now set up a focus mode, which is sleep.
That is the one I go to bed with, and it's scheduled, so it goes to bed at a certain time, and it turns on and turns off in the morning.
The focus modes are nice. You can have as many of them as you want to have, but this is more nuanced, because you'll be able to set who you wanna break through, what apps you want to break through, and then also schedule the focus modes, or have the focus modes come on like when you're at a location, maybe I'm at the office or I want a special focus mode when I'm at church compared to when I'm at home compared to when I'm at work and it can set it all up and do it automatically. So they're very nice that way.
[22:36] Okay, so I'm looking at do not disturb as which is the default one.
And let's let's just say we stick with that. Let's do something simple.
When I go into it, it says allow notifications or notifications from selected people and apps will be allowed.
All others will be silenced. So then it says allowed people and that's where you would select specific people to be allowed through?
That would be. And that would be as far as I can tell, anything that uses that contact.
So that's going to be messages and that's going to be phone calls.
So it's not going to be Telegram or it's not going to be other apps that use their own contact list.
Oh, that explains something. I know I've been in Do Not Disturb and Steve telegrams me and they do get through, but I always thought it was because he was in a loud people, but it sounds like it probably would be anyway.
Yeah, as far as I know, it can't distinguish you on telegram versus you, you know, it only knows its contact.
Sure. You know, it's realm. That makes sense, right? Yeah.
So the focus mode, then you can set up a focus mode. And so you could say, this person is allowed to call me and in this focus mode, I get their notifications, which in the end is why I got my friends' parents' phone call.
I was using that. I set up people to be in that group, and they were in that group.
Oh, that was lucky, as it turns out.
[23:56] One of the other things you could do is silence some people.
It's like, hey, when I'm podcasting, God, Jill is always bothering me.
I want to just silence Jill.
The rest of the world is a lot to bother me, just not Jill. I like that one. Right.
You could absolutely do it that way, too. You can silence certain people, you can allow certain people, or you can actually do groups of people.
So people who are my contacts could get through, or people who are my favorite contacts could get through. Oh, yeah, look at that.
Yeah, so it is... Just any of the groups you have in contacts could be set.
You could create your own group, and these are people who are neither my favorites nor all, and they can always reach me as well.
Oh, that's kind of nice. So you don't have to pick, pick, pick, pick, pick. You could say, okay, this is family, and these people are allowed through. Right.
So that's nice and it's nice because then you can do it and you'll have to set that up for each of the focus modes you use.
So if you do not just if you use do not disturb during the day and sleep at night you'll have to set it up in both places.
I'm embarrassed to point out that I was looking at the sleep one and my sleep one had no notifications allowed from anybody and I realized it's because I use do not disturb for sleep.
[25:05] Oh yeah. I'm old school. I have not embraced any of the focus modes.
But what I find interesting in here, and this explains something that happened to me, and in fact, we talked about it when this experience that you had, the last section in there says allow repeated calls.
It says a second call from the same person within three minutes will not be silenced.
And this explains why Apple was able to call me at 630 in the morning because they call you twice.
And they know that that's how their focus mode works, probably.
I was about to say a non -Girl Scout safe word to describe them. That's insidious.
Yeah. So the idea is that if Jill calls my friend at 7 in the morning and she's sleeping, no big deal. But Jill calls twice, maybe that's a big deal.
And maybe that's an important reason to get through.
So that's the, it makes sense. But yeah, they know that. And they called you.
6 .30. Jeez. And they knew what time zone I was in. They claimed they didn't.
I say, no, no, you knew. We've had this conversation before.
[26:12] Okay, so at the very least, being able to do this nuanced approach for just a couple of people is probably a good way to go.
I like that. What other advice do you have?
Well, the other advice I have, too, is to set up the focus modes fully and start removing, making sure the apps you don't want to bug you.
So I asked other people, I said, well, did you set focus modes?
How do your parents get a hold of you if they need to?
[26:36] And, oh, I just let my phone have notifications on all night and it blinds me every time a text message.
And so I said, okay, now you're going the other way. You have no focus mode set up.
The phone is just blinding you all night long, ringing every app that rings through the day.
So I think dedicating yourself to some time, saying which apps should get through and which ones should not get through, so that your phone neither keeps you up nor prevents your loved ones from getting a hold of you when they're having their emergency situation.
It really benefits you to dedicate yourself to doing this sometime. So I use Do Not Disturb.
For daily when i'm doing something and maybe i'm speaking at a conference or i'm doing something i'm presenting a meeting i have a work one.
Where all my games and all the silly stuff on my phone can contact me but the serious stuff can text messages and telegram and things i have.
Sleep mode set up and then i have one called recording just like you so that nothing can make a beep or a boop or a bop while i'm trying to get a good recording out so. Okay, that reminds me, I need to turn on Do Not Disturb right now.
[27:47] Well, it used to be, because I wear headphones, that anytime someone on Telegram would message me while I was recording, it would come loud, and then I would jump out of my seat, and you know, so.
But spending your time and getting these set up correctly will ensure that when you're getting sleep at night, because not everything's bugging you, but then also the people you love and you want to hear from will be able to contact you too.
I just thought of something. I often send my daughter, Lindsay, a text message when I know she's asleep, but I figure I'm just going to send it now because I'm thinking about it and she'll see it when she wakes up.
But if she set me up as an emergency contact who could break through, I'd be annoying the snot out of her.
It'd be, yeah. I should think about that. That's interesting.
In fact, I called someone last week that I never talked to before and I rang and rang and rang and it didn't answer and I thought, oh boy, she has a focus mode against people she doesn't know.
You know, like she only lets through. So did you call again really quickly? So break through maybe?
Yes, I did. Yeah. Is that the default, by the way?
Is default for Do Not Disturb is set to a double call? Can change it?
[28:49] You can change it, but I believe that on the Ones, there's four of them that come with Apple.
I think there's four of them. I know Do Not Disturb, Personal, Sleep, and Work come with your iPhone.
I'll increase that up, and I believe the ring through on the double call is set for all of them.
Okay. Well, that would make sense because they're trying to show you how that works. So, I'm looking at Do Not Disturb on the Mac, and we already talked about loud notifications, loud people, loud apps.
Oh, actually, loud apps. We didn't really discuss what that is.
You can hit plus to say certain apps are loud.
And oh, did you already mention this? Time -sensitive notifications?
[29:27] No, I didn't. But that's a good point. So, time -sensitive notifications could be something that maybe you want to come through.
But a lot of those tend to be someone tried to log into your bank account.
Maybe you do want to be notified at any time when that happens.
But I also have time -sensitive notifications that have breaking news on Apple News, and I don't necessarily want those coming in.
So, that's a mixed bag, to be honest. I'm not sure that I want— Yeah, how does it decide what is time -sensitive?
[29:55] It has that preset. You'll notice every once in a while, like I said, some of the news stories will say it.
Someone saying two -factor authentication is a time -sensitive notification.
So somehow Apple classifies that as, we need to hear from you shortly.
And so I feel like it's, again, a mixed bag. So you're right, it does have app settings that you could say is allowed to get through.
I think my thing... something to allow, I might do that.
I just turned it on and I noticed it brought back in a banner notification that I'm late giving Tessa her flea medication.
That's from my reminders and it showed that because it's saying, you know, you were supposed to do this yesterday and you still haven't done it.
But it might be good to have that on, especially in a work setting, if you've got another meeting coming up and you forget, you're not paying attention, you wouldn't want to be a do not disturb and not get that time -sensitive notification that, hey, you got another call you're supposed to be on.
Right. No, there are some methods for sure, but you can also allow an app.
So you could say, well, all of Outlook could get through or all of Apple calendars can get through.
And that way you could just permit your own calendar from coming through.
And then the last one, which again, goes a little bit more on the productivity side is there is the focus filters.
[31:12] Applications who build applications for iPhones and Macs can allow filter focus modes like Fantastical does this too.
So I can say that during the workday, I want it to show my work calendar.
But as soon as this time crosses and I go into a different focus mode, don't show me my work mail, don't show me my work calendars, and I can close that out.
So it's not an emergency type of setting, but you can with the focus filter say, during this focus mode, I want to see this part of your application, but not that other part of the application.
Whoops, I was on mute there. That's interesting. I can see in the regular calendar it has it too.
If I tap into app filters, then calendar, and then I look at calendars, I get to choose which calendars would be coming through.
So maybe I don't care about my work one when I'm podcasting, but vice versa.
[32:08] That's really interesting. So you can get into these with just, like you say, a little more nuance without being whole hog automation, shortcuts running that this happens and that happens and the lights come on and all that just because of a focus mode change because you pressed a button.
Right. You can't do it. And the other nice thing is I set my focus mode for sleeping time, so it doesn't show me my work application on my iPhone desktop.
So I don't see my work emails, I don't see...
So those are removed and only things that I use at night, maybe Headspace.
[32:45] The alarm clock, you know, are showing to me at nighttime when I have do not disturb on and it's not showing me the full array of all my phones.
Not only that, on that focus filter you could say I only want to see text messages from the people I care about so only my friends can text me while I'm sleeping and if I get spam, if I get other types of text messages like what's my balance on my credit card which is just the thing you want to see when you're trying to get to sleep, I can shut that off, I don't even see it, I only see my friends.
[33:16] It's kind of ironic, you and I have talked before about sleep tracking.
One of my favorite things Jill ever wrote was, I did a post called, Sleep Tracking is Stupid.
She immediately came back with a post called, Sleep Tracking Isn't Stupid.
That's one of my favorite responses I've ever had. And you gave some really good examples of how it's helped you, but it's ironic that as we're all trying to figure out better ways to get sleep, and then we've got bank notifications coming on in the middle of the night.
Yeah, you want to think about your credit card balance when you're trying to get to sleep, right? That's really restful and helpful.
Right, right. So there are a lot of things focus modes can do, and it's really impressive what Apple has provided to us for focus modes.
But again, I think it helps us at that nighttime situation when we're having a crisis, someone else is trying to reach us, and we want to be that person who helps them.
What I said to my friend is, I said, you know, all those times where I imagined that if anything helped, if anything happened to me overnight, I could immediately call you and you would come help me. I realized now was never true and hasn't been true since you bought iPhones.
So now I feel more comforted knowing that I, too, could call them in the middle of night in case I had a crisis.
[34:26] That's great. That's great. I love it. Well, this has been great.
That's exactly what I was hoping we would do, is I'd be able to ask you questions and understand this better than just getting one of your delightful little recordings.
So again, if people want to follow you anywhere, the best place is...
Start with SmallSteps .com. It's probably the best place and your slack channel.
Those are the two places. I hang out I talked over that a little bit so i'm gonna say it again start with small steps .com her fabulous podcast You should subscribe to them all the podcasting empire of joe mckinley Right.
All right. Talk to you soon.
Yes. Thank you If things are tight financially for you, I do not want you to
Support the Show
[35:04] even consider supporting the podcast financially, Every once in a while someone does that when they do it, they really shouldn't I feel super guilty about it I like having the show not cost me money to produce, and I consider it a labor of love to create this content for you.
If you can afford to support the show, it would be swell if you did to cover the folks who can't afford it.
I'd be happiest if we had lots and lots of tiny donations.
A dollar a month from enough people is enough money, right?
Anyway, consider going to podfeet .com slash patreon and showing your support for the Podfeet Podcast.
Security Bits — 12 November 2023
[35:38] Music.
[35:46] Hi folks, Bart here with a solo Security Bits. Please forgive me as I don't quite do a good job of channeling my inner Alison to challenge myself when needed.
But I'm going to do my best.
As I say, I always miss Alison when she's not around to keep me on track in these security bits.
So let us get stuck in with some follow up on some stuff we talked about before.
We talked last time about attackers running a bunch of campaigns to succeed in getting malicious ads for software into Google Ads.
And that continues. There's now a different app that has successfully gotten malicious ads into the Google Ad Network.
This time it's CPU -Z, which is apparently a popular app for profiling your CPU performance.
You know, gamers like these kind of things. Again, it shouldn't be possible to get malicious stuff into Google Ads. So not a good development.
[36:45] The SolarWinds saga has taken an interesting little twist.
The Securities and Exchange Commission in the United States, they're the people responsible for regulating the stock market and stuff.
Believe it or not, they're involved because they are suing SolarWinds basically for misleading investors by telling everyone everything was absolutely hunky -dory fine in the lead -up to the hack and they say that actually no.
SolarWinds had reason to believe everything wasn't absolutely hunky -dory fine and they shouldn't have told the investors that and then when it all went pear -shaped the investors lost money and therefore that is a, well, I'm not sure if it's a crime but it's certainly an issue.
[37:29] Just to remind us that the likes of the NSO groups Pegasus continue to cause problems We don't know specifically which of these.
[37:40] Greyware Spying apps is in use Apple didn't give that information out But we do know that Apple sent a proactive notification to opposition politicians in India to say that there is a state -level actor, attempting to attack them and to be on the lookout for that.
So they should be using lockdown mode.
It's kind of embarrassing here because Apple are simultaneously courting the Indian government and well who's most likely to be spying on Indian opposition leaders other than the Indian government? It's a little awkward but anyway there we are.
Moving on to action alerts. I believe there are quite a few NASA castaways who run QNAP NASes.
I know we have a lot of people who like the other big NAS provider whose name misgives me right now.
But I also believe we have some QNAP users. Either way, two very dangerous flaws were patched recently in QNAP.
So patchy, patchy, patch, patch.
And if, despite all of Alison's warnings, you continue to use Wwise cameras, specifically the Wwise 3.
Be absolutely positively sure you are patchy patchy patched patched because there was a proof of concept released for an exploit and Wwise released a patch for that exploit on the 22nd of October.
[39:04] Moving on to some worthy warnings then.
It's getting ever more difficult to decide which of the many breaches are worthy of telling people about and which aren't.
But it sort of struck me that a breach at a single hotel, now, granted, it's one of the most famous hotels in the entire world.
If you click on the story in the show notes, you will see a photograph of it.
And you immediately recognise it's these three tall skyscrapers that have like a sort of a slab that links the three skyscrapers together, almost like, you know, cricket stump or something. It's the Marina Bay Sands.
Huge, huge hotel.
They have a loyalty programme for people who are able to come back regularly to this very large hotel.
[39:54] I guess the scale of the hotel becomes clear when you realise that the breach affected over half a million customers.
Six hundred and sixty five thousand customers were breached from that single hotel suffering a breach.
The breach, in fact, was in their loyalty programme. And no pay, no passwords, no payment cards.
So really, the danger here is targeted phishing. And the other potential danger for these kind of things with big hotels is that it's of interest to hostile governments.
So to remember where this hotel is in Asia.
I should have checked this before starting to record. So let me vamp a little while I open up.
It is in Singapore. So that is in a part of the world where the Chinese government may be interested in who their citizens are meeting and stuff.
So potentially there's another danger there. if you're some sort of an activist or opposition politician in that neck of the woods for people to know that you are in the Marina Bay at the same time as someone else who you want to talk to without everyone knowing you're talking to them, potentially.
[41:04] Also a timely reminder that whenever anything is in the news, the baddies will try to make quick book of it.
So this week we had, or a week ago actually, we had a new AI chat bot being released by X, XAI.
And there is no official app for Apple or Google, but there are apps in the App Store.
So as always, these are fake apps and so don't download them.
And it just I just don't have to jump on my soapbox here for a moment.
So Apple review all the apps for the App Store and malware and stuff gets taken out.
But something Apple explicitly don't do in the review process is check trademarks.
[41:52] And you could argue that Apple couldn't possibly check all trademarks. Fair enough.
Basically, it's up to the owner of the trademark to contact Apple, complain about the Apple and Apple will look into it and maybe take the app down.
But when something is impersonating a major new product, that's not about protecting X, that's about protecting users from an obvious fraud, an obvious fake, an obvious counterfeit.
And so I think Apple should be dealing with egregious trademark violations, not to protect the owner of the official trademark, but to protect us, the user.
So, Apple, you have some homework to do here. I do not like your policy.
I say that quite often at the App Store. Anyway.
[42:36] Moving on to some notable news. There is an important group called FIRST, which is the Forum of Incident Response and Security Teams.
Basically, it's a place where all the people who run security operations centers get together and search and all those kind of places.
And for many years now, they have had a specification, a scoring system, in fact, for giving numeric numbers to vulnerabilities based on a detailed algorithm.
So it's an objective scoring system for vulnerabilities, like a game of 20 questions.
And then depending on the answers to each question, you get a score.
And you've probably seen CVSS. That's the Common Vulnerability Scoring System, which is what First produce.
You tend to see CVSS ratings like, oh, that bug was a nine point eight.
That's the CVSS. That's what these first people do. And you also probably hear words like critical and those kind of things.
And those words actually come from the CVSS system.
Specifically, a bug is critical if it has a CVSS score of nine point zero or greater.
And if you're wondering, it's a scale from zero to ten where zero is not a bug, not a vulnerability and ten is a hooga hooga hooga.
[43:58] So we have for a long time now been on version three of that specification.
But at the moment, a shortcoming of version 3, actually 3 .1 if we're going to be really pernickety, but version 3 and 3 .1.
[44:12] As the threats have changed, the game of 20 questions has been failing to provide a nice spread of results.
And so the reason for the CVSS score is to triage bugs so that security professionals can focus their attention on the worst problems first, because that's the best way to get a bang for your buck.
Right. No organization has a security team big enough to do everything. thing.
So you're constantly and continuously triaging in the security industry.
With my new job and work, I say new, it's been a year now, a significant thing I have to do is figure out what's worse than what.
Because there's finite resources, infinite problem, you have to triage.
And at the moment, what's happening is far too many bugs are clustering together at the 9 .8, sort of, you know, too big of a clustering on the same number.
So how do you choose how to allocate your work if everything's getting the same score?
So basically the Game of 20 Questions, the questions need to be adapted for the modern realities of the threats we face today.
So, all of this is a really long way of saying that version 4 of the CVSS scores have been released.
So there's a new Game of 20 Questions with extra questions added.
[45:31] And so the hope now is that we'll have a nicer spread, particularly between nine and ten, where our bugs will be, you know, a little bit more fanned out so that we can prioritise them a little bit more easily.
And, you know, so you may see CVSS four scores starting to be seen all over the place.
A link in the show notes to the Bleeping Computer article described me.
It's kind of interesting.
You know, whenever you hear people talk about a critical bug, it's not a word they're pulling out of the air.
It actually matches to an actual number and that number comes from the CVSS and that's when I got into version 4.
[46:04] Now, I need to channel my inner Alison very strongly for this story.
[46:10] Because this story very nearly, not very nearly, it actually didn't make it in initially because I threw my sceptical hat on very hard.
So Microsoft have launched a new company wide security drive which they have dubbed their security future initiative.
And I know Alison, if she were here would say, oh Bart, stop being such a fan boy.
But it wasn't originally in the show notes because my pure cow poop detector went to 11. Yeah right.
Out of the show notes this isn't a story worthy of including.
[46:45] I know they're doing it and if I see them actually do some actual changes THEN I will consider talking about it on the show. And that was about a week ago.
But it's in the show. Well that would be because they actually he had a whole bunch of proactive, genuine actions ready to go.
So while there obviously is PR spin in calling it the Secure Future Initiative, I'm surprised it doesn't have a TM stuck on the end of it.
So there obviously is some PR spin going off here and they want to get some kudos for doing cool stuff security wise. Great.
There does actually seem to be some wood behind the arrow here.
So I actually am going to talk about it now. I am going to channel my inner Alison again and say that I have seen some critiques of at least one of the initial announcements.
[47:42] Microsoft are making it out as being, we're doing this really future, you know, this really big thing to make things better in the future, whereas most of the security industry's actual analysis of the facts behind the spin is, oh, finally, so not, yay, well done, this is forward thinking, oh, finally, you should have done this years ago.
So, we talked last time about the fact that in response to a bunch of US government departments getting hacked in Office 365, Microsoft changed the retention period that everyone gets for free on their audit log to 180 days.
It had been 90 days, now it's 180 days. That was changed for free for everyone, which is nice of them.
Well, that same hack, it was kind of there's a model of security we think of it as Swiss cheese.
So Microsoft had about five or six layers of protection on the encryption keys that were securing these logins.
[48:42] And by sheer dumb luck, all the holes in the Swiss cheese lined up and you can kind of make a point and say, well, you know, they really did have a lot of protections in place.
And yet because of this flow lining up with this flow lining up with this flow, the security keys leaked through a bug tracking system.
I mean, it was a very convoluted way the keys leaked.
And so you could make the argument of, well, Microsoft tried really hard, they got very unlucky.
But a valid criticism when Microsoft released their detailed analysis was, well, hang on a second.
[49:14] The key was in RAM. Ultimately, you had 5 or 6 protections in place to stop the key in RAM being leaked.
But the root cause was that the key was in RAM.
Why was the key in RAM? We have hardware for keeping keys safe so that they are never in RAM.
On our iPhones, we call it the secure enclave. There are equivalents of it on our Android devices.
And you can buy equivalents for server farms.
They're called hardware security modules, or HSMs. And so signing cryptographic signing keys should be in a HSM.
Now, it's easy to do for one server. It's difficult to do for a giant big server farm.
Difficult, but not impossible and not something a major provider should be failing to do.
So a giant big announcement as part of this new secure security future, sorry, secure future initiative is that they're going to use HSMs for the encryption keys for Office 365.
[50:11] Okay, good, you should be using HSMs. But you don't deserve a pat on the back for that. You deserve an oh finally.
So, oh finally, that's been done. Okay, now, are they doing anything more than just PR spin and oh finally? Actually, yes they are.
So we do have three pieces of concrete change that I think is positive and it's been one week.
So in the one week, we have these three genuine pieces of concrete change.
So the tyranny of the defaults is a big deal.
And a lot of stuff gets hacked in the cloud because the default policies are open.
The amount of data breaches caused by it in a poorly secured cloud database or a poorly secured Amazon AWS bucket is immense.
And And that just comes from bad defaults.
So, Microsoft are starting to add into Office 365 tenancies, so, let me jargon bust for a second.
[51:15] If you sign up to Office 365 as an individual, you just have an account.
But if you sign up to Office 365 as an organisation, you get like a super account.
It's an account that contains accounts, and it's an account that contains settings.
Everything to do with your organization's Office 365 is in that super account.
And to avoid horrible confusion, they don't call them super accounts.
They call them tenancies.
So a tenancy is just your little piece of Office 365 where you get to rule the roost.
And one of the most important things you get to do in there is set your various security policies.
And so different organizations have different needs, right?
If I'm running a university, I need it to be much more open.
Than if I'm running a government contractor or a defense contractor.
So if I'm running a defense contractor, I might have it be that if the AI in Office 365 has a low confidence that an account is hacked, it should lock the account anyway as a precaution.
Better to lock someone out for an hour than to have an attacker sneak in.
Whereas if I'm running a university, that's a terrible idea, right? Because for a start, my users are going to be doing more risky things because they're out and about in the world in a way that someone in a defence contract would never be.
So I need to switch that same dial to a very different setting.
I probably don't want an account blocked.
[52:38] Definitely not at low, maybe not at medium. And yeah, okay, if it's a high -confidence account that's compromised, then go ahead and block it.
So those policies really change how the specific company's Office 365 works and at the moment it's up to you to configure it yourself.
You're kind of thrown to the wolves a bit.
Well Microsoft are changing that by adding a default secure by default baseline that for new tenancies is just going to be on.
So when you walk into your tenancy instead of walking into an empty room that's up to you to secure you're walking into a secured room, that's up to you to tweak the security on.
If you find that, oh, actually, this is a bit too secure, it's limiting us, well, then you dial the dial now back to being a bit more permissive.
And if you find it's not permissive enough, you dial it forward.
But by having this baseline, you've just gotten rid of a whole bunch of misconfigured stuff.
And so these policies are going to exist and you can turn them on or off, but they will be provided for you out of the box.
So these baseline policies, and they're just going to be added into everyone's tenancy.
[53:44] And if you don't do anything in a few months' time, those default policies will activate and everyone will become secure by default.
And all of us got emails to say, this is going to happen. You now have 90 days to decide whether or not you want to twiddle the knobs or whether you're happy to take the baseline policy.
But that's just clever.
It's just a really good design.
Basically, it's default firewall rules that you can turn off if you want to.
But if you don't do anything, things are set up well.
It's also, though these policies will be so -called Microsoft managed.
So over time, when reality changes, the baseline can be changed.
So not only are you secure by default, but you stay secure by default.
And so any company that doesn't have the resources to keep proactively reading all the news and figuring out the latest, greatest best practices, you don't do that anymore.
Best practices are for free. They're just there for you to just opt into.
In fact, it's better than that. You have to opt out of the best practices.
Right way to do things. So I liked that. The other concrete thing I liked is that Microsoft were having another go at preventing abuse of multi -factor authentication.
[54:55] So this time last year the biggest threat to multi -factor authentication was MFA fatigue, where an attacker would just hammer out an account causing lots and lots and lots and lots and lots of push notifications to the authenticator app. app.
And back then the default behaviour on the authenticator app was that you just had to click, OK, it's me.
So if I spam you with 100 messages, you, you know, you as a listener of the Silcast made and realised that you absolutely positively should keep saying no, no, no, no, no, no, no, no, no.
But a lot of human beings will eventually go, oh, go away and just click fine.
Yes, whatever. Just stop haranguing me.
And that was actually a way that multi -factor authentication is being bypassed.
So I say MFA fatigue attacks.
And so the solution to the fatigue attack was number matching.
So in order to log in, the person trying to log in was shown a two digit number.
And then the authenticator app needed you to enter that same two digit number to say, yes, it's me.
So you couldn't just say, yes, it's me to make the notifications go away.
[55:56] But that didn't stop the flood of notifications. So now you're in a position where you couldn't because you couldn't see the number because it wasn't you.
So you couldn't allow the attacker in.
But there was still a denial of service going on. An attacker could still distract vast swathes of your workforce while they went and hacked you some other way while you were busy being distracted by this flood of notifications.
Right. So it was still a useful technique. It wasn't getting them past multi -factor, but it was helping them distract people while they did something else.
Not to mention making a lot of people very, very cranky because it's a flood of notifications you can't deal with.
[56:36] So now Microsoft have added a little bit of AI that if they're even a little bit suspicious that the push notification isn't real, they won't send the push.
What they will do instead is on the interface, the person who may or may not be an attacker, but probably is an attacker, is trying to log in, it will say no push notification sent And if this really is you, open the app yourself.
[57:00] So if it really is you and the AI got it wrong, you have the minor inconvenience of manually opening the app.
If it's an actual attack.
[57:10] You're left in peace. No bombardment by notification after notification after notification.
I just see that as a very clever use of AI. I really like it.
So I like that. Well, that's, you know, great for corporate people.
Not that much use for your average home in a sort of castaway.
So the other thing that they are doing in the next release of Windows 11, so it's already in the preview builds and it's going to come into the real build, build is that Windows 11, when you turn on file and print sharing, is going to stop doing the legacy Samba version 1 stuff.
So if you ever do firewalls and you have Windows file and print sharing, you'll notice it's four ports you have to open up for full Windows file and print sharing.
137, 138, 139 and 445.
Well, 137, 138 and 139 are the legacy ports and 445 is actually the modern port.
Well, for Windows 11, from the next version on 137, 138, 139, confined to the dustbin of history.
Gone. Only 445. So the old Samba1 protocol will just not enable by default unless you manually go in and turn it on.
Which you still can if you need to, if you have some sort of old system that absolutely has to talk in secure Samba1.
OK, fine, you can do that, but normal people won't get it by default.
So the default behaviour is modern, much more secure Samba on 445, and no more of the legacy stuff on 1 .37, 1 .38 and 1 .39.
[58:35] And maybe this one deserves an O finally too. But either way, it's still a good development.
So stronger MFA, less haranguing from push notifications and more secure Windows file and print sharing for everyone.
OK, that seems concrete. Let's hope there is much, much, much more to come from the Secure Future initiative.
[58:53] OK, so I said nice things about Microsoft. So let me now say some nice things about Google.
Google Chrome is going to, so this is a feature that was in preview.
For a while and is now coming into the general Chrome browser for everyone, Google Chrome will automatically upgrade HTTP connections which are insecure to HTTPS connections which are secure and it will only fall back to HTTP when the HTTPS fails.
So if you tell it you want to go to podfee .com, it will try HTTPS://podfee .com first, which will succeed because Allison's website is secure, and they will never attempt the HTTP.
Only on a website where HTTPS fails will it try HTTP.
Secure by default. It's a big deal because the old behaviour was you try insecure first and then the website would redirect you from insecure to secure.
But your first connection was insecure. So if you have an attacker sharing your coffee, you know, your coffee stall with you or whatever, your hotel with you, coffee shop, that's a word my brain wasn't finding.
If you have someone sharing your coffee shop with you, then they can intercept the first insecure message and prevent the redirect and continue to attack you and you won't end up on the secure page if you're not paying attention.
So the secure by default is a really big deal. So I am delighted to see that rolling into the full fledged Google Chrome and I hope every other browser on the planet copies that.
[1:00:20] Google Play then is making it a little bit easier to tell the difference between spam VPN app number 5 million and 77 that's out to steal all of your privacy in order to give you a free VPN service or a cheap VPN service and make it easier for you to find trustable or at least trust VPN apps you have a reason to trust.
And that reason is a standard type of audit called the MASA or the Mobile App Security Assessment which is a standard.
And basically a VPN app in the Android store that has been audited against the MASA standard and passed by an independent auditor can get a badge to the effect that this VPN app is in fact audited.
And it's not just audited by any old sod, it's audited by independent auditors, against the MASA standard.
So there's actually some there there. And that is just good.
Might be better to require that all VPN apps pass the standard.
But anyway, it's just a good development makes it easier for everyone to check their app.
[1:01:35] Okay, so... Meta, god bless them, have been trying to avoid...
Complying with the GDPR. Since the moment the GDPR came on, I had told Alison when we talked about the GDPR first that exactly what the GDPR means is going to be determined not on the day the GDPR launches, but very slowly over many years in many European courts, because at the time I would have said Facebook, now I have to say Meta, are going to push at every boundary and only do what they are forced to do.
And they are going to try to get the courts to adopt the most permissive possible interpretations of the language in the GDPR.
And that, I don't think that was a particularly insightful prediction, but it was a true prediction.
And one of the things the GDPR requires is informed consent.
[1:02:27] Okay, it's not strictly true. If you process data, you have to justify that processing, and there are many possible justifications.
And so, if you are legally required to process some data, that is a justification under the GDPR, and there are seven of them in total.
And the seventh, the fallback justification, is informed consent.
If you don't have a legal requirement and you don't have one of the other requirements, like it's not written into the contract or whatever, like I said, it gets a bit legalese, but basically, if If you don't have a very concrete reason to collect the data that falls under the GDPR, then you have to fall back to informed consent.
[1:03:09] And Meta really don't want informed consent because their business model is based on technically telling you everything you're doing in the terms of service, but knowing no one reads the terms of service and therefore they rely on uninformed consent.
Their entire business model is built on uninformed consent.
The GDPR requires informed consent and so MedAdmin trying to avoid this problem by claiming that oh no no we fall under the contract justification for processing all of this data and, That didn't hold water with the Norwegian Data Protection Commissioners who ruled against Facebook in July and Facebook appealed that higher up and that has now gone to the European Data Protection Board who have upheld the Norwegian Data Protection Commissioners findings, and the Data Protection Board have instructed the Data Protection Commissioner who regulates Meta, i .e.
The one in Meta's home country in Europe, i .e.
The one here in little old Ireland, to order Meta to stop using targeted ads on Facebook and Instagram in Europe until they get actual informed consent.
Because right now it has been ruled that they are breaching GDPR.
Probably not unrelated.
[1:04:35] Meta have launched a paid, ad -free subscription service in Europe.
So yeah, that's one way to get around the problem, is if you offer people a paid, ad -free service then it's easier to say that, well actually our justification for the normal service is that users have proactively chosen ads versus no ads.
It's an easier, it's a more defensible position, it's more informed consent.
So, you know, definitely not 100 % related stories, but there's definitely a connection between the two here.
[1:05:09] Google are also trying to use European law against others.
So with the upcoming Digital Services Act, gatekeepers have extra responsibilities and if you're determined to be a gatekeeper messenger service, you need to interoperate with others.
You need to allow others to interoperate with you, in fact, is what the law says.
And so initially.
Sort of attempt one at figuring out who is and who isn't a gatekeeper.
The European Commission ruled that iMessage is not a gatekeeper because in Europe, Apple actually does not have a big share of the messaging market at all.
WhatsApp absolutely kicks iMessage's everything here in Europe and frankly, so does plain old SMS.
So in America, I know that iMessage is darn dominant.
And if European law were in America, iMessage would be a gatekeeper, no question asked. But in Europe, iMessage is actually quite unpopular.
[1:06:08] So initially, iMessage was not marked as a gatekeeper and Apple were happy with that.
Google were not, because Google really want all the world to use RCS.
And there are many flaws with that idea, which I'm not going to go into now.
So they have banded together with some European cell phone carriers and they are asking the European Commission to reconsider and to make iMessage a gatekeeper.
After all, Apple say they are looking forward to defending the current status quo with the European Commission. So we shall see.
And then finally, another related story to European regulation is that in a filing to the Securities and Exchange Commission of all things, a 10k form I believe it was, Apple have basically said that a big risk facing them in the future is that they will be forced to implement third party app stores in Europe. Europe.
[1:06:59] So they're saying in regulatory filings that there are going to be changes in their business practices because they're almost certain to be forced into making these kind of changes in Europe.
So that is to some extent, you know, well yeah of course, but nonetheless it's interesting to see Apple accepting that reality rather than doing a meta and being sued into doing everything.
So anyway, that's just an interesting related piece of news.
Moving on then, in our news section, the US Federal Trade Commission is ordering non -bank financial firms to report breaches within 30 days.
So at the moment, if you are a company that do finance -y things but aren't technically a bank, you don't actually have to report breaches immediately.
Well, now, even if you are not actually a bank, but you do financial stuff in the United States, you still have to report your breaches.
So that should make things a lot safer for Americans' money.
So if you're wondering, well, who counts as a non -bank financial services?
Mortgage brokers, motor vehicle dealers, payday lenders, investment firms, insurance companies, peer -to -peer lenders and asset management firms.
[1:08:16] So they now have to proactively tell you when there are breaches in the same way that traditional financial institutions do, which is a very good thing.
Everything to do with your organization is in its own little super account.
And finally, in the news section, WhatsApp are adding a new privacy feature that will protect your IP addresses during calls.
So if you're instead of your call making a direct peer -to -peer connection to the person you're calling, your voice calls will get routed through Meta's servers.
But because there's actual end to an encryption, that's a safe thing to do.
So that means that the IP address of the person you're talking to won't be visible, which is potentially a pretty substantial security win if you are someone in a sensitive position.
[1:09:01] Moving on to top tips, just the one, but I think it's a good one to know about.
So one of the changes that has come with the latest version of Safari is that you can now enable the same kind of advanced tracking protection that is always on in, private browsing mode, bring that protection with you into regular browsing mode, and there's a setting hidden away under advanced settings.
So the link in the show notes is to a Mac Observer article telling you how to do it on iOS. And so it walks you through the various steps in iOS. iOS.
The same feature is available in Safari on Mac OS Sonoma.
In fact, I think it's all Safari 17, because I think I found that on my non -Sonoma Mac as well, now that I think about it.
Anyway, in the Mac, it's a little easier to get to because there isn't a separate settings app that covers all apps.
You just go into the settings pane within the current app. So in Safari, you go to settings and you go to the advanced tab and there's a drop down in there where you can change it, basically.
So link in the show notes with the screenshots for iOS and the same naming, the same verbiage is available to you in Safari.
On the Mac it's just under settings advanced.
No excellent explainers, no interesting insights, no just because it's cool, straight to palette cleansing.
I believe Tom Merritt sometimes listens to this show. Hi Tom.
[1:10:24] But I, nonetheless, I'm going to make him blush because I have really, really, I've always enjoyed his show, no little more, but I've been double extra enjoying it in recent weeks and months because is he's done a whole series of shows pinging off what's known as the mother of all demos.
It's Engelbart's demo of basically modern computing like decades ago.
It's astonishing how correct the Engelbart or how prescient the Engelbart demo was.
Like when Engelbart was doing his demo of collaborative editing across the network and email and all this stuff, like the first Mac hadn't been invented yet.
Xerox PARC hadn't really gotten going yet. It's just amazing how early that demo was and how amazingly prescient it was.
But, you know, there's lots and lots and lots and lots of technologies underlying that demo, and one of those technologies is something called AlohaNet.
And AlohaNet was invented out of absolute necessity in Hawaii.
And it is the precursor of the Ethernet protocol, which is ubiquitous in modern networking.
And one of the things... So we know Ethernet mainly through cables, because we call the copper cables that carry our home networks, we call them Ethernet cables, so we think Ethernet came from copper.
[1:11:50] And people are often surprised when I tell them that the Ethernet protocol works on Wi -Fi.
People find that very, very weird because they're so used to calling them Ethernet cables that the thought that Ethernet goes through the air is weird.
But actually, Ethernet's origins are in the air.
AlohaNet was a radio -based network, and that's where Ethernet, actually the key inventions that made Ethernet, Ethernet came from AlohaNet, or a lot of them did.
And so the latest episode of the Know A Little More podcast is on the story of AlohaNet, and it's a fascinating story.
Part of it I had heard in Networking 101 back when I was doing my computer science degree because the concepts are pretty darn important.
But it was nice to get some human interest on the story. So I really, really enjoyed the episode.
I'm recommending that episode because it's about Ethernet effectively, but also all the other episodes in the recent series, starting with the first one that explains what the of all demos was and every episode between that episode and now has been pinged off something in that demo.
Anyway, recommend them all. Saw really good stuff. Know a little more. Great podcast.
Right, Alison, I hope I have done an OK job without you.
And remember, listeners, until next time, stay patched so you stay secure.
[1:13:10] Well, thank you so much for doing that, Bart. I think it's so funny that you say you don't do a good job without me, but you do a wonderful job without me.
And I think that's part of the beauty of our relationship between Bart and me, is I feel like I'm kind of superfluous, I'm just that person interrupting him and he thinks I'm critical to it.
So that's why we both love doing it together, because we both think we fit perfectly together.
Anyway, that is going to wind us up for this week. Did you know you can email me at allison at podfeed .com anytime you like. If you have questions or suggestions, just send it on over.
You can follow me on Mastodon at podfeet at chaos .social.
And remember, everything good starts with podfeet .com. If you want to join in the fun of the conversation, you can join our Slack community at podfeet .com slash slack.
And in fact, that's where you should go to tell me the stories of all the times you didn't put the right name field in the first sacred slot in a database transfer.
Anyway, you can also talk to me and all of the other lovely nocellic castaways in there. You can support the show at podfee .com, Patreon, or with a one -time donation at podfee .com, PayPal.
And if you want to join in the fun of the live show, head on over to podfee .com live on Sunday nights at 5pm Pacific time and join the friendly and enthusiastic Nocilla Castaways.
[1:14:22] Music.