NC_2023_11_26
[0:00] Music.
[0:10] November 26, 2023, and this is show number 968.
Well we're down at Lindsay and Nolan's house, so we've got our special road set up with our road mics and things might not sound exactly the same, but we're going to get on with the show.
Checklist 353 - A Letter on Passkeys from Allison Sheridan
[0:25] This week, I got to be a guest on the Checklist podcast hosted by Mac OS Ken.
We talk about a survey that finds that young people are less likely to report that they've been victims of cybercrime and more likely to actually be victims than older people.
Then we talk about the open letter I wrote to help people explain to their friends and family that passkeys are a good thing and not scary.
Look for the checklist number 353 in your podcatcher of choice, or of course, there's a link in the show notes.
CCATP # 779 — Bart Busschots on PBS 156 of X — Extracting Data with jq
[0:53] After the last episode of Programming by Stealth where Bart gave us the intro to JQ and the problems it can solve, this week we start to get our feet wet by learning how to extract data from JSON files.
We learn how to descend into dictionaries and arrays and how to slice arrays.
We learn how JQ will output sarcasm about Bart Bouchotte's if you don't want to learn how to ask it for raw output. That's a little inside joke.
Anyway, we even learn how to extract data from multiple files at once and how to extract multiple values from our JSON files.
Finally, we learn how to explode arrays and how to suppress errors.
I got to tell you, I think I really love data manipulation because I love this episode. I think that JQ and working with JSON is really fun.
You can find Bart's fabulous tutorial show notes, of course, at pbs.bartifisser.net, and this episode of Chitchat Across the Pond is number 779.
Follow Up on eufy Cam
[1:46] I recently sang the virtues of eufy cams as an inexpensive replacement for Wyze cams that work with HomeKit Secure Video.
Right after I wrote the article, I received my 8th and 9th eufy cams.
I installed the 8th one without any issues, just like the first seven, but when I went to install the 9th one for the life of me, I could not get it into HomeKit Secure Video.
I started a chat session with Eufy and I got the expected bot.
But it was actually not bad. It asked me to test out a few different things, like trying to set it up from inside the same room with the router.
I ran through the tests, and I still couldn't get online. And the bot escalated me to a human who asked for a few more things.
After going through what they suggested, the human said, you know what, it looks like it's not working. How about we just send you another one and you don't have to send back the broken one.
Why, yes, that would be lovely. In a few days, I had the replacement camera and it immediately connected into HomeKit, unlike the other one.
I was delighted with the customer service.
But I gotta tell you, I felt like a real heel because a couple of days later, Yufie wrote back to me saying, well, did it work? Are you okay? Everything all right?
Man, I hadn't even said thank you and here they are checking up on me.
So I'm telling you this story because I think it's a signal of a good company.
Of course, we'd rather think everything works the first time, but knowing the company will be responsive when something goes wrong is nearly as good and it gives me confidence in continuing to recommend Eufy.
39th Annual Kilowatt Trivia Thanksgiving Extravaganza
[3:09] You all know that Steve and I are big fans of Bodhi Grimm, host of the Kilowatt podcast.
We always tell you that he's informative about the world of electric vehicles, but he's also one of the silliest people we know.
Turns out he's become friends with another friend of ours, Rob Dunwood of the SMR podcast and the Tech John.
Bodhi invited Rob, Steve, and me to join him in what he called the 39th Annual Kilowatt Trivia Thanksgiving Extravaganza.
There have, of course, not been 39, but anyway, he had a lot of fun with the title.
So, he asked us to come on and he asked us trivia questions across a broad set of topics from OG Star Trek to knitting, and he used a video board he created reminiscent of the Jeopardy game in order to ask us these questions.
To say that this was an orderly game where we played by strict rules with defined scoring would do injustice to the anarchy of the event.
Bodhi's released the video on YouTube, which is a lot of fun, but you can also find it in your podcatcher of choice if you subscribe to the Kilowatt Podcast. so look for the 39th annual Kilowatt Trivia Thanksgiving Extravaganza.
[4:13] Well, we've got some listener contributions this week that allowed me to have fun with my family over Thanksgiving, followed by a security bet, so let's get started.
OCR PDFs with Open Source Tools on Linux by George from Tulsa
[4:22] George from Tulsa here, responding to Allison's request for a show contribution to reduce her load this Thanksgiving week.
Years ago, we paid a bank service company to microfilm file cabinets full of irreplaceable paper, some now 120 years old.
The company then scanned the microfilm to image-only PDFs it delivered to us on optical disks.
[4:50] The working set of PDFs currently resides on our Synology NAS, where they're in a folder structure organized by an indexed table of contents.
I'm now engaged in a project to run the gigabytes of image-only PDFs through optical character recognition.
This will enable searching for documents across the network by searching for text within documents, searching within open documents, and copying and pasting text and data tables to new documents and spreadsheets.
Since I'm mostly using Linux, specifically Linux Mint Cinnamon, I'm going to briefly describe here how that works in Mint, and put the more difficult technical stuff and all my links at the bottom of today's show notes.
I'll also talk about Mac options for the same process. To begin, it's necessary to download two applications from the Mint Software Center.
[5:57] Tesseract is an OCR engine originally developed by Hewlett-Packard and maintained by Google since 2006.
Tesseract is really fast, taking advantage of all eight cores of my Ryzen 7 processor.
It's also surprisingly accurate, even on less than optimal scans of old paper.
Many languages are available, but I've only installed English.
Tesseract is NOT user-facing.
[6:31] It must be invoked by another program. For us, that's OCR MyPDF, which is started by commands in the Linux terminal.
Running terminal commands can be scary. No worry here, as all we're doing is duplicating the original PDF to a new file, with OCR, without making any changes to the original.
The command is one brief line you'll be able to copy and paste from these show notes, where you'll also find step-by-step instructions.
[7:08] Processing is so fast I'm using the Linux application PDF Arranger to merge related PDFs.
Think monthly financial statements consolidated into searchable annual documents hundreds of pages long.
That works great for what I'm doing.
PDF Arranger will also split long documents into shorter chunks if that works better for you.
What if you want to OCR a file with a lot of text that's saved as, for example, a JPG?
Simply print the JPG to PDF and you're good to go.
Ocular is a Linux file viewer that has some editing and annotation capabilities.
What I find invaluable is its table tool, which extracts tabular data that can be pasted into spreadsheets for analysis.
One other application to mention.
[8:10] GImageReader, available on Windows and Linux, uses the Tesseract engine for granular OCR and editing of blocks of text.
It does not embed the text within a PDF, but saves it as a separate text file.
Down in the show notes, there's a neat video link demonstrating it being used to simultaneously OCR text in Korean and English while the user interactively corrects errors.
[8:41] It's of course possible to OCR digital documents on a Mac.
For a small number of documents, if you have a ScanSnap which comes with the limited version of the ABI FineReader, the easiest solution is to print the PDF to paper, then re-scan with OCR enabled.
That won't work for me because of the gigabytes I need to process and the forest all that printing would kill.
If you're geeky and love playing with computers, you might be able to get Tesseract and OCR MyPDF to run on a Mac using Mac ports or Homebrew.
The full Mac versions of Abbey Findreader, a 69 annual subscription, and Adobe Acrobat Pro, $30 a month or $240 annually, do retroactive OCR.
I had the perpetual version of Adobe Acrobat Pro 8 and found its OCR results required significant manual correction.
Perhaps Acrobat is better now. Both offer free trials.
Amazon Software Downloads offers an apparently perpetual version of Abbey's 2015 version, but from reviews I suspect it isn't compatible with current versions of macOS.
[10:07] UPDF googled up as another Mac and iOS option.
Brief research revealed it's a product of the Chinese company SuperAce, and its privacy statement makes clear that if you're using its hallmark AI features, your content will be uploaded to SuperACE's servers.
[10:30] Speaking of privacy policies, Abbeys, Adobes, and UPDFs are all opaque and confusing, and I'm a lawyer.
I'm pretty sure all are at least monitoring when, where, how, and on what computer their software is used, do read and understand their settings, privacy policies, and end-user license agreements, especially if you're processing confidential documents.
Privacy is a reason you might want to try a Linux system of your own that can run open-source applications which don't phone home.
Cost is another reason. There's a new generation of nano-sized Linux systems, with useful specs that begin as low as $130.
Compare that cost to Acrobat or ABI Or the $99 a year virtualization application Parallels that will run Windows and Linux on Macs.
And boy, does Parallels phone home.
I'm wrapping up my audio here, but if you're interested in instructions and links, check out this episode's show notes at podfeet.com.
[11:47] Well thanks so much for that, George. This was fantastic. When we first talked, George sort of thought this is kind of a Linux topic, it's not really appropriate for your show.
But I was like, of course, Linux is appropriate for a show.
Plus, it's super nerdy. It's got command line stuff. And I've actually figured out how to do what George did on the Mac.
And I'll be talking about that probably in next week's show.
And it's a lot of fun. I really like what he's come up with here.
And it solved a real problem for me.
So thanks again, George, for coming on the show and teaching us how to OCR PDFs with open source tools.
Smart Light Strings from Hue and Twinkly — by Jill from the Northwoods
[12:19] Music.
[12:27] Everyone, this is Jill from the North Woods. I didn't have a Christmas tree for the last 16 years, primarily because of the cats.
But this year, someone gifted me a new Christmas tree because they replaced it with something else.
But here it was. I had no Christmas lights, at least none of them that ever worked.
So I knew I wanted to get some kind of a smart light, something controllable, something I could do interesting things with.
There are a lot of companies now coming out with string lights that are LED.
[12:57] Controlled by apps, and the two that came to my mind most were Twinkly, saw them on Amazon quite a bit, and of course Hue.
[13:06] Twinkly's been in the business I think four to five years, so they've had a lot of experience in making these string lights controllable.
But Hue just ran Pilots last year, and this year is the first year where they're selling them in mass.
There's all the hue string lights called Festivia that came out this year.
Boy, I remember when they announced this particular model of lights coming out, people signed up in waiting lists.
I know I was one of them. Very excited to get into this kind of a light.
But by some weird random chance, Woot one day, Woot is discount company owned by Amazon, they were offering Festivia lights 500 for a price that is about half the price of what you would pay for a 250 string. Boy I jumped all over that.
But when I got them it was only 250 lights and it turned out it was a mistake in the advertising.
They offered me a bigger discount, said unfortunately they couldn't give me the 500 lights, all I have was the 250 and the sale was sold out so they couldn't even offer me more lights.
But still, I got a Festivia 250 light for a really huge bargain.
I was excited about that. But still, the problem existed.
[14:28] I need about five to six hundred lights for my new Christmas tree.
I was going to have to do something else.
The one thing I was excited about Hue is that I have a lot of other hue bulbs.
I'm very invested in the system.
I know how it works. I have all sorts of scenes set up and using automations to turn on and turn off my hue lights. I really enjoy it.
I think the only time I actually have a real light bulb colored light going on in my house is when I'm reading.
Other times it is a full light fest in here.
I'm sure my neighbors wonder what the heck I'm doing, but I love the beautiful hue lights. So the Hue Festivia was a no-brainer for me. It fit into the rest of the module.
I saw now I was either gonna have to buy more Hue lights, which are kind of pricey when they're not on a Hue sale or a Woot sale for the lights.
And the other problem was I noticed when I got the Hue lights, they didn't have the ability to, to twinkle in standard Christmas colors. I want twinkly lights on my tree, not just any lights on my tree.
Boy, the bulbs are beautiful, the colors are beautiful, I really enjoy them.
It was really the final touch in my recording studio to make it just as cozy and comfy as I wanted it to be.
But then, what was I going to do for my tree? I still needed five to six hundred bulbs of LED lights for my tree.
[15:55] Since the Hue didn't twinkle the way I wanted it to twinkle, I decided to try the Twinkly Lights and got the 600 light bulb kit for my tree.
So now I have both systems. So I thought I would tell you all about it so that you could make a decision about which sets you would want to have.
So let's first start out by talking about Hue.
Hue is a more known brand. A lot of people have Hue bulbs.
It also has a hub that is nice because all your light bulbs attach to the hub and so then if you have to make changes in the network or you're worried about the load on your network the Hue hub is taking on all that extra work to make sure that the network stays proper that when you have to change your network settings it only changes in one location and it sends it out to all the bulbs and And adding and subtracting bulbs is very easy in the system.
I really enjoy having that Hue hub. Where it gets a little bit different for Hue is that they have scenes which are just combinations of lights.
So when I set the Aurora Borealis scene in my room, it all turns blue and green and purple and sort of fluctuates.
You can do all of those scenes with these bulbs too.
[17:10] You can either decide that you want the colors to stream through the various light settings or you can decide that you want it to have a scattered look which means every other bulb in five or three or whatever configurations you want will take on those Aurora colors.
[17:30] So you can set them up so they have all the colors like I said either as they go through them all or as they individually set as scattered lights.
But then again they can't twinkle. There is no twinkle setting in these string lights where I can make any color scheme I want, twinkle glow Some of them have these kind of pulsing colors to it can't do it But they do give you a couple of scenes that are specially made for the Festivia lights One of the special scenes is called prism and it is essentially the basic colors It looks like what you would expect out of a standard Christmas light set.
[18:09] And again, you can make them scattered so it looks like a standard Christmas light set, and so that's fine. Then there's another special scene called Candle.
And the candle is more of a golden color, and they glow on and off, almost like you do have a candle in front of you.
There's something called Sparkle, which is that same kind of golden color, it's a little bit more bright, and it doesn't twinkle or glow in that same kind of pattern.
There's something called Fireplace, which turns a very orangey red and will flicker a little bit as if it was a fireplace, and it gives you that nice warm feeling inside when you run it.
There is something called Glisten, which has a little bit of gold and white and the bulbs will sort of rotate in this twinkly lighter fashion, like it's glistening on a light.
And the last one then is called Opal. Opal is more pastels and they glow and twinkle just like you would expect a light string to do.
[19:09] So it will twinkle, but only when you're using one of these special scenes.
If you have the ability to do that effect, why can't you do it on any color string you want?
Now you may laugh, but I even contacted Hue Support on Twitter and asked them about Twinkly Christmas Lights and they said, it can't do it yet.
Maybe in the future. I told him in no uncertain terms that if you're gonna have a product that people are gonna use for their Christmas trees or Christmas lights, it has to be twinkling.
Okay, maybe I'm taking this all too far.
[19:42] But still, the lights are bright, they're beautiful, the colors are amazing, and the ability to customize the colors from anywhere from one to five different lights on the string really is nice.
You have the Hue app, which then will allow to schedule it, be hooked into a motion sensor trigger, and you can always use, of course, the Apple automations to turn them on, turn them off, and do different things with them.
Simple to use. There are some third-party apps that offer you some additional features, and one of the more popular ones is called iConnect Hue.
It gives you some abilities to increase or change the saturation.
You have a ability to get my lights to twinkle. That was the goal.
[20:30] The plug itself is nice. You plug the lights into a box and then the plug goes into a larger box.
I know there's a technical term for it. And then there's a cable running out of the larger box which plugs into the wall.
I don't enjoy plugging big clunky boxes into my wall.
I much prefer having a cable so that it's more flexible and I can bend it around things.
So I like how it plugs into the wall.
Of course, the strings themselves are not replaceable. If one of them were to get damaged, you couldn't do anything about it.
You couldn't replace a light like you put on an old string. That's what you're kind of set up with.
And Hue has, again, all the colors. You also can get pure white out of the bulbs themselves.
So you can make any kind of arrangement you want. The Hue lights are indoor-outdoor.
[21:21] They have water protection so you don't have to worry about that.
And they come with a 65-foot string with 250 bulbs, that's the one I have, and that runs about $219.
The 130-foot string, which is about 500 lights, runs at $359. So they are pricey.
That's pretty much why I jumped on that sale price when I saw it.
It's such a good deal, especially for a new product that hasn't been out for very long. There haven't been many discounts in the Hue string lights at all.
Now let's talk about the Twinkly lights. The Twinkly lights are very similar in a way.
You have your string of lights. It plugs into a box, but here's the thing that's a bit different.
That box actually plugs directly in the wall without a cable.
I again don't like that very much. I find that a bit clunky, but the other part is you get multicolored lights. You can get them in various quantities just like you can the Hue lights itself.
They're also controlled with an app and it's very simple to set up and get going.
So the lights I got are multi-colored 600 bulb lights. That runs at $168.
[22:34] But it says that I don't get white or warm white with my lights.
In order to do that, I would have to pay $198, which would be the multi-colored lights with warm white.
But when I was testing the lights themselves using the amp, they had some sort of red and white or blue and white patterns.
And it looks pretty white. Maybe it's not exactly white and maybe it's more like a very pale blue, but I couldn't even tell the difference. It looked white to me.
But I guess if you want that pure white, you'll have to spend a little bit more money and get the multicolored with white.
Since I was really interested in the colors, I didn't really care about the white and so the 168 600 bulb feature works great for me.
But you can see right there the price is considerably less than the Hue bulbs.
[23:23] The Twinkly app works with HomeKit, the A-Lady, Google, works with other automations too so you can set it up just like you can with the Hue bulbs and work with any system that you have.
What makes the Twinkly lights a little bit different than the Hue lights is that But this is something that you can set up in a very customized way.
When you load them up into your app, and maybe you're going to put them on your tree, or you're going to wrap them around your porch, whatever you're going to do with them, you then bring up the app, use the camera in the app, and it maps how you have the lights configured, whether it's on a tree or on some other object.
Now you can apply different effects like a fireworks effects where it goes up in the air and then in a big fireworks or it snakes around the tree and spins around or it has hearts that float around the outside of whatever object you're using.
You can use these very interesting effects and all you have to do is draw it out and the app will figure out on the mapping how to make it work with your lights. That's pretty cool.
[24:30] When I watch people do some more interesting effects, the one thing they said that makes those effects work better is density of lights.
So the general rule is 100 lights per foot of Christmas tree.
That's what you're putting it on.
You want to have enough density of those lights to make the patterns work.
If you buy too few lights for your tree, for whatever object you're putting them on, it won't be clear necessarily what that pattern is, because it won't have enough lights to complete the pattern.
You can even have them flashing, chasing each other, or again, even more subtle things.
And I even saw someone put a tree with this purple pulsing pattern that was going on. It was just beautiful and really neat.
So what you can do with twinkly lights is almost never ending.
You can draw your own patterns.
Some people lamented a bit that it only remembers 16 patterns.
I get it, because when you get set up with these lights and you're ready to really go for it and draw some amazing things with your lights, you want it to remember all your settings.
I imagine there's a little bit of work involved in making new patterns, so why be limited when you're spending all that time doing that?
[25:48] There's also some other configurations that almost look like artwork.
Like there's a starry night, an aurora borealis, a pumpkin, a heart.
You can even download some from what other people make from a library of patterns.
Some of them had smiley faces that will run around on the object that you put these lights on. It's pretty cool.
I noticed in general that these lights are a little bit brighter than the hue bulbs.
The hue bulbs are bright enough. There's nothing wrong with them.
But once I plugged in the twinkly lights, I could tell this was a whole other level of brightness.
It just went, vroom, when I turned them on. But the colors are vivid.
You can do all the other things like putting them on a schedule like you can with every other smart light, or motion detection or other things.
Both light systems connected to my Aero network very easily, both by using the app, telling it what network to connect to, and then connecting right up.
Again, Hue has the hub, but the Twinkly has the ability to also create some kind of a local network so it can talk to itself if you don't have Wi-Fi at your house.
So it even has a little bit of a workaround if you don't want to connect it up to your Wi-Fi.
So I'm excited to get my tree set up. I'm going to do that hopefully next week and be able to see what amazing patterns I can create with these lights.
[27:11] The interesting part about the 600 bulb kit is that you're actually getting two separate strings of 300 each.
So I could put 300 on my tree and then put 300 over my tree or around the room.
They all plug into the same box.
So that makes it a little bit more flexible too.
These are also indoor-outdoor, waterproof.
[27:32] I always worry about LED lights because critters like to chew on them more than they like to chew on the old-fashioned lights.
I think they don't sense the electrical pulse inside and so they more freely chew on them.
I wouldn't want something so expensive getting ruined like that.
So really the difference between the Hue setup and the Twinkly setup is that Hue is simple, easy to set up, easy to create scenes.
If you're invested in the Hue world you can turn your entire room into the same scene and the string lights and the Lights in your room will all work together to be on the same scale.
Very easy and pleasant to use.
But if you want customization, if you wanna be able to take multiple strings of Twinkly lights, wrap your house in them and have them all have a shared pattern, maybe where it makes your house look like a giant gift, or it looks like fireworks are going up, or you want lights to chase each other around the edges of your house.
[28:34] Twinkly can do it.
It has enough flexibility, enough capability to drive massive patterns, either on a small scale or across your entire house with multiple strings of lights.
Your imagination and your ability to think about things is endless.
I know for me, when my tree comes down, am I just going to box these lights up and use them a year later or hey, I'm going to try to think of something creative to do with these lights.
[29:05] I kind of had the thought that maybe I'd put them on my ceiling in a pattern, so I could have the whole Aurora Borealis glowing on my ceiling.
I don't know. We'll find out what I do later.
[29:16] But if you're looking for that kind of power to create whatever you're looking for, the Twinkly Lights will give it to you.
So I think in the end this isn't a debate between two competitors.
I think that these are a similar product with two different use cases and two different levels of investment.
[29:36] One is simple and easy and part of a big system and the other one is endlessly flexible so that you can do anything with it.
So again, this is Jill from the Northwoods. I hope you enjoyed this.
Please remember that you can always find me at Allison's Slack channel or you can email me at jill at start with small steps dot com.
I would love to hear from you and hear what you think about the different digital string lights that you have out there and which one makes the most sense to you?
I love this, Jill. My earliest memory of Twinkly Lights was when I was about 11 or 12 years old.
The people across the street had Twinkly Christmas lights and I used to just sit there and watch them as I went to sleep. So you brought back some great memories.
We also have the Twinkly Lights. Big fan of you, so nothing against you, but we also have the Twinkly Lights.
And there's one more thing it can do that I think you haven't discovered yet is you can set up patterns that react to noises.
And we love to do this with the grandchildren, because we'll bring them in and tell them to yell at the wall.
We do them up on him. Steve does. I pretend that I have anything to do with putting up Christmas.
Anyway, he puts up the Christmas lights on a wall in the house and makes a pattern, and then the kids run up and yell at it and watch it move.
And it's really fun to to turn on music and it reacts to the music, too.
So we're big fans of Twinkly, and I'm glad you did that review of both of them.
It sounds like they both have their own advantages.
De-teching – by Tom from Ontario
[30:55] Hello, Allison and fellow nocilla castaways. This is Tom from Ontario.
One issue which we all grapple with, often only in the back of our minds, is how to ensure our digital information is secure but can be accessed by those who need it when we are having a medical crisis and can't act for ourselves.
This piece deals with that same theme but from a hardware angle.
So what is the problem to be solved? In our case it started with a small problem.
My wife showed me her phone which had the message that her sent mailbox was full so she couldn't send any more emails.
In this case I needed to log on to our mail server and set the system to delete sent emails after a certain period.
But this was really a hint to a larger problem. Our emails revolved around our domain and our hosting service which only I could or at least was interested in accessing.
[31:54] So the small problem could have been much bigger for her if I had been traveling and away from home that week.
But this then highlighted the big problem. I was the only, and therefore the weakest link in the entire tech setup in our home.
So it was now time to confront the issue I had kept on the back burner for far too long.
I really enjoy playing with tech and have been doing the office IT and home IT for 45 years.
We had registered our own domains and used them for our websites and for mail addresses.
We had a basic internet configuration, which included a modem from the cable company and our own router, a large screen TV connected to a stereo system, cable box and Apple TV.
My wife really enjoys the benefits and entertainment our tech brings us but doesn't want to know how the sausage is made.
In fact she just wants it to work now.
And while I may look forward to the odd glitch which indicates a problem I can dive into and hopefully solve, there is no way my wife would be interested in learning how to connect to our domain registrar, manage our mail, hosting service, configure the router, or program the universal TV remote.
She has access to my computer and all my passwords, but not the knowledge of what would need to be done with them.
[33:20] Our kids live a long way away and wouldn't be able to help, at least in the short term.
[33:26] It has always been a risk that something would happen to me, or perhaps I would run off with Amy from the Genius Bar and leave my wife with no IT assistance.
But as I have now been collecting my government old-age pension for ten years, the odds of Amy wanting to run off with me are incredibly small, and the odds of some medical issue at some point interrupting or ending my ability to keep the tech running are getting much larger.
So the issue became how to continue to enjoy all of the tech we love, but ensure that minimal effort and technical knowledge is required to keep the mail flowing, the TVs working, and the internet available around the house.
We split the project into several steps. First was email, as this was the one which would take the longest to clear up.
We already each had a .me, .mac, or .icloud account, so it was a matter of contacting businesses and friends to change our email address from our personal domain email to our Apple mail account.
We also set up a Gmail account which we jointly use and which into which we receive household bills, or stuff which applies to both of us.
Previous articles on the Nosilla cast have dealt with the hassles of doing this.
We left the old email addresses online for about 18 months to be pretty sure we had everyone covered.
[34:54] Now, if there is an email problem, my wife can at least do a Google search and likely find an answer, as both Google and iCloud Mail are such mainstream products.
Or a tech-savvy neighbor could perhaps step in to help.
As the email switch was going on, we carried out with some of the other changes.
The wiring behind our entertainment unit was a real mess, with a myriad of expensive cables running between the inputs and outputs.
Also, at the time, we used a Logitech Harmony remote to control our TV's stereo cable setup, which had to be programmed, and occasionally reprogrammed.
And about 95% of the time it worked fine.
[35:38] But at times the on-off status of the devices would get out of sync.
Easy to fix, but annoying for a non-tech person.
Also, the replacement of any of the hardware pieces would require delving into the myriad of cables and often some reprogramming of the remote or the stereo receiver.
The fix for this was a smart TV. We eliminated the sound system and the Apple TV.
So now we have a single remote which controls our Sony Google TV.
But we don't lose any functionality. I can still screen mirror from my iPad or phone, we can use the Apple app on our TV, and coincidentally our cable company required us at the same time to replace our cable box with an app for the TV.
So now we just have the single TV and its dedicated remote, and it does it all.
The only cables now are an Ethernet cable and a power cable to the TV.
It was also a chance to play with Android.
[36:45] We have a few Amazon Echoes and a HomePod which are nice to have but aren't necessary.
We have a couple of Hue light bulbs which we can trigger by voice, but if they all stopped working there is still the light switch on the lamp or on the wall, so they don't need any support plan.
The last issue we dealt with was the router. We had had an Apple Airport Extreme which was set up with a guest network and some MAC address routing.
Again, this would be something my wife would not want to learn, so the solution was a router from our cable company.
I now don't have any control over it, but if the internet goes down, my wife only needs to call the cable company, who are very good in our area, and they can diagnose the problem and send a tech if needed.
[37:34] It has all been worth it, and it was basically a stress-free experience, I think primarily because we were acting proactively.
We haven't lost any functionality, and things just run.
The sound on the new TV is good enough that I don't miss the expensive audio system.
I was also finding that the front line of technology was getting further and further ahead of me, so just enjoying the benefits of the tech working is more fun than I thought.
I feel a little like the Maytag repairman in those classic commercials.
My feet up on the desk listening to podcasts while the hardware just keeps running.
Our costs are down with no domain registrations and hosting service to pay, and we have fewer hardware pieces which will need to be replaced at some point in the future.
[38:28] Thanks for listening to this. Hopefully, something in this article will resonate with a listener or two. Have a good week.
Well, thank you so much, Tom. This is fantastic. I don't think we've ever had a review from Tom before, and I think this is fantastic.
It gave me a lot of ideas to think about.
I've done a little bit of making sure people know how to use what I do in my house, but luckily, I'm surrounded by a lot more nerdery than most people, but I think you've made some real good points about simplifying life, and I definitely like your analogy of the Maytag repairman going forward.
I like it. I like it. I think it's a completely opposite thing to everything that we talk about here.
You know, we try to encourage you to get as much complexity in your life, adding home automation you don't need.
I mean, you heard me mentioning my ninth camera. Why do I need nine cameras?
I don't know. It's just a thing that we do here. So it's neat to think about how would you dial it back to make it consumable by a normal person if something were to happen to you, and it's definitely something we should all think about.
Be Kind to One Another
[39:30] Well, I took most of the week off thanks to George, Jill, Tom, and Bart, so I'm not going to ask for donations this week.
Instead, I'll only ask that you go out and be kind to one another.
[39:41] Music.
Security Bits — 26 November 2023
[39:51] Well, it's that time of the week again. It's time for Security Bits with Bart Buschotts. We just talked yesterday, so I already know you're doing fine, right, Bart?
That's it indeed. That's it indeed.
All right. We got a lot on our plate, so we should probably just get stuck in. What do you think?
Let's do that. So let us start with a little bit of follow up on some stuff we've been tracking for a while.
So this is now the third Security Bits in a row where I have to warn you that there are attackers successfully sneaking malicious ads into Google, and I can only imagine the Google engineers are working very hard to stop this, but it would appear that at the moment the baddies are winning the cat and mouse game.
So the latest, what they're doing is they're sticking in ads for common software so that when people search for the software, they get the malicious ads and that takes them to booby trapped versions of the software and then you end up hacking yourself.
It was the easiest way to hack someone is ask them to do it themselves.
When you said they were hacking into Google, I'm thinking, which Google product, but no, you mean Google.
Yeah, the one you typed, yeah, yeah, yeah, the original, the OG Google.
[41:00] So this time it was WinSCP was the software app being victimized, which is a very common free security FTP client for Windows.
Right, right. But again, the lesson is those Google ads, be very wary of them at the moment, the bodies are successfully getting stuff into those ads and that just shouldn't be possible.
Yeah, yeah. So by those ads, you mean ads for software?
[41:26] Well, I mean, at the moment they're doing software, but if they have this ability, why couldn't they do something else?
So, you know, the way Google marks the ads... So not those ads, all ads on Google. In Google, yeah.
Yeah. Wow. Yeah. Which is not good for their business model.
It's kind of slightly what they make their money from. And so, yeah.
Moving on to Action Alerts, the November Patch Tuesday has been undergone.
I'm quite busy in Microsoft land, a total of 58 patches covering five zero days.
So patchy, patchy, patch, patch.
And we get a timely reminder that if you're running a WordPress blog, you should really have that feature turned on that automatically updates your plugins, because one of a really popular plugin is called fastest cache.
And right now, it's installed on millions of sites, and right now there are 600,000 of them running an old version which has a nasty security bug in it.
Bart, would you believe before today I didn't know I could have automatic updates?
Because when you installed WordPress 20 years ago, you couldn't.
[42:37] Alright, so you keep going and I'm going to write a little reminder, turn on auto updates.
Because that's what I do. I go in and I see a two or a four and I go and I go click, click, click, click, click. And I say update.
So it's not like I spent a bunch of time reviewing it and deciding whether to use it.
Yeah, you need to go to each plugin and turn on the auto button because it's per plugin.
So if you have a plugin that's very brittle that you don't trust, you cannot turn on the auto there, but you can turn on the auto against the ones that are, you know, well maintained.
And I do it on them all because I figure I'd rather have a broken site than a hacked site.
But, you know, it's just you, it's just me, you know, and again, it's context, right?
It's my blog. It's just something for fun. Whereas if I was making my living selling stuff online, I'd probably think differently about these things.
So, you know, it's all about balancing risk. Everything's about balancing risk.
[43:30] Moving us into worthy warnings. I don't, you may have noticed I'm doing fewer stories about data breaches because they just happen like always and forever, but every now and then, one's... It's like saying it's raining in Ireland.
Yeah, pretty much, yeah. So every now and then, I sort of, one of them raises its head above the parapet and I go, yeah, that's actually worth mentioning.
So I am sorry to say it is United States listeners who need to perk their ears up on this one.
A very popular thing these days is software as a service, where someone writes a piece of software and instead of selling it to you to run yourself, they run it for you in their cloud and you just buy access to it.
It's like hosted WordPress or something. So, you know, very good feature to save work for your IT department.
But it means that one company can end up doing work for a lot of an industry like healthcare.
So there is a company called WellTalk who suffered a data breach and they leaked the health, social security numbers, insurance details and other personal details of 8.5 million American sick people.
[44:40] The bleeping computer story has more details. It's particular hospital groups in particular states.
But if you're in the States, you may want to have a read of that story.
So security bits is supposed to include what can we do about it?
You can't do anything about this, right?
You should know because the only way to be alert, so this is the kind of information it makes you very vulnerable to a spear phishing attack.
So if you don't know that the baddies know your, say, insurance number, then if someone emails you and quotes you your correct insurance number, you are going to believe that.
But if you know that that's leaked, then you're going to keep your spidey sense going when you get, you know, an unexpected communication that happens to know information that they shouldn't.
So I think it's important to know what's leaked so that you know what to not.
[45:28] You're actually on mute, Alison. Sorry, how do you know that you're in the breach?
They don't have a list on that link to all eight and a half million people, do they?
I would imagine you would need to talk to your health care provider or something, but I mean, to be honest, I can't look into it to that level.
I don't really understand your health care system.
Yeah, but I'm just saying when we give advice to say something people should do, I don't know. I mean, if we go read that, we're going to go, huh, eight and a half million U.S. patients.
And I still don't know whether I need to take any action.
Like, I don't know whether WellTalk is used by my insurance company. I don't know how to tell.
So I don't, I mean, I guess it's good to know. I don't either.
I mean, it just seemed big enough that it was worth warning our listeners about. Sure.
[46:15] Yeah. Like I say, the reason I don't do many of these is because you ask me these questions and I can't possibly know the answer.
The next level, yeah. Now, this one falls into the category of this is an example as opposed to the actual thing. So I don't want you to worry about the specific thing.
I want you to bear in mind that this is an example of something that happens every year. It's now holiday season.
What do we all do in holiday season? We buy things. So the probability that you are expecting a package from UPS or that you are expecting a package from DHL is way higher now than it is in the middle of summer.
So there is lots and lots of spam and malware pretending to be an email from DHL.
And you were, you know, a lot of people are going to be desperately waiting for a package. they're not going to be turned on because they're in a rush and you're going to fall for it.
So this is now what the baddies are doing.
They are sending out fake emails related to shipping because lots of people are waiting for those emails and they mightn't be paying attention.
[47:13] Similarly, you'll love this one. I thought of you when I put this in the show notes.
So you have said many times that one of the dumbest things to do is to find a USB stick in the parking lot and then to do that good Samaritan thing of plugging it into your computer to figure out who it might belong to so you can give them back their precious data.
We talked about this on the show like a decade ago, and I don't even think I'm exaggerating.
I genuinely think it was a decade ago. Oh, it's more than a decade because I was still working and I've been retired for more than a decade.
Yeah, there we go. We've been doing this a while, haven't we?
So if you think that that's somehow old news, you know, 2000s-y news, it's absolutely not.
Today, it is being used by Russian intelligence to try trick Ukrainians into infecting their core infrastructure with stuff.
There are dodgy USB sticks showing up in parking lots in Ukraine, which are almost certainly coming from the Russian intelligence.
So it's still a problem. You still don't pick up random USB sticks.
And again, it's not, you know, I'm not saying if you're in Ukraine, I'm saying no one anywhere ever should be picking up random USB sticks because this is still a thing.
[48:19] Still also on the category of still a thing, I like to say that if you are not proactively seeking out software and it comes seeking you, you're randomly browsing the web and all of a sudden something says, hey, why don't I update?
It used to be Flash. Why don't they update your flash for you?
The answer is always no, if you didn't go looking for it. And I kind of thought those days were over.
But no, there is a new strain of ransomware attacking Mac users, and it's offering you Safari updates as a pop-up while you're browsing on the web.
Which is not how Safari works at all. That would come through your software update mechanism.
So don't install updates to things that just randomly appear while you're browsing the web.
[49:03] Now in the past we've been lucky as a moderately sophisticated user, you can tell that's not what macOS stuff looks like.
Like it'll have an X in the corner instead of the red, yellow, green dots, that kind of thing.
But they keep getting better and better at this. So I suspect they'll do one that'll catch even somebody as sophisticated as an Ocilla Castaway.
Yeah, which is why I remind people of these things. And I tell the story quite often of one of my most.
The difference between someone who's prepared and someone who's not is not the inevitable fall for it, is that usually you'll realise you've fallen for it in time to stop the damage.
So I'd like to tell the story of how a string of expletives came across the office as our most senior sysadmin got phished, but he knew it within five seconds and the damage was contained. And that's the difference.
[49:52] And we can put Alison on the same list. And I've done it for the same scam twice.
Oops, I haven't done that.
[49:59] It was, what was it? I don't think it was a plugin. It was something I paid for in the past, was coming up saying, oh, you have to, your credit card's messed up on this, and I tried to log in, and luckily my login didn't work, because I had canceled that account, but I fell for it two years in a row.
Oh, two renewals. Again, as soon as I did it, I went, wait a minute.
They probably had a data breach so that they knew when your renewal was due.
Yeah, maybe. That's the kind of thing that they do with these data breaches, because you think, you know, what value is it to know when people's account expires? Well, actually...
[50:34] Anyway, we have finally two more timely reminders. I was in a very remindery mood today, wasn't I?
I keep on telling people that cryptocurrency and NFTs and all that stuff is a complete scam. At the very least, it's a security hellscape.
Just to remind everyone, this week an Ethereum feature was abused to steal 60 million US dollars from 99,000 victims.
[51:00] And a flaw has Yeah, it's basically if you accept a digital contract and that contract does something you didn't expect, that is implemented cryptographically.
You have lost your money. There is no undo.
And because of this feature, they can use a randomly generated wallet ID so that you don't, it could be the baddies, but they won't show up in a list of previously known baddies, even if it's the same previously known baddies.
Because this new feature lets you have different wallet IDs for all of these different things. and so basically all the old tricks of, oh no, this is a wallet with a poor reputation doesn't work if it's a brand new wallet.
So yeah, it's basically, yeah, bad. Bad design and these things are finally final.
And there was a flaw in Bitcoin back many years ago, between 2011 and 2015, which meant that the supposedly random cryptography at the heart of generating the key protecting your wallet that holds all of your Bitcoin was not actually properly random and therefore can be hacked.
So you may have a Bitcoin wallet that you made a decade and a half ago, no, nearly two decades ago, no, a decade ago.
[52:13] And it is now vulnerable to attack because you didn't, back then there was a bug.
So you need to re-key your wallet.
Oh, geez. Yeah. Anyway, it's a train wreck. I wonder if that would help anybody who actually forgot their password to their Bitcoin wallet.
Steve Gibson, famously missing a million dollars worth of Bitcoin.
Yeah, Leo has the one that's locked, because he's worse. Steve lost his completely, Leo just lost the key.
That's an interesting thought, actually. Yeah, Leo could be able to hack into his Bitcoin.
[52:48] Right, notable news. I thought I was going to have to tell people to steer away from a product from a company called Nothing that was promising people to magically integrate iMessage into a multi-platform communication mechanism.
[53:04] And Nothing, by the way, is a hardware manufacturer of Android phones.
Oh, I didn't notice that subtlety. Thank you. I didn't. I had never heard of you bought a nothing phone. You would get a message on it.
[53:16] Yeah, thankfully, what I'm telling you is they abandoned the service because it was a security train wreck. So problem solved.
Supposed to be having to tell you not to do it. Well, the thing that I looked at immediately on this is basically what they were doing, this company that they were contracting with, was having you log in to a Mac mini in a server farm with your Apple ID.
So we've talked about this before. Your Apple ID password is the single most important password you have, because if you use it as your primary email address, because that's where all the password resets go for your bank, for your health insurance, you know, obviously your photos and everything that you care about is basically tied to that email address.
That's the last password you should ever give to anybody.
Well maybe your last pass would be a little bit, but anyway, it's way up there.
Yeah, it's crown jewels. Yeah, it was a terrible, terrible, terrible, terrible, terrible idea. And I'm so happy it's just gone. So problem solved.
If you heard something about a cool new way, no, it wasn't cool and no.
So problem solved. You may also have heard about another bug in Intel CPUs called Reptar.
I keep on wanting to say Raptor because I think they're cool, but no, it's Reptar.
And for once, it's not speculative execution. Believe it or not, it was actually a bug in an Intel CPU that was not about speculative execution.
[54:38] Thankfully, though, it does have the same pattern as those speculative execution ones.
If you are running a massive cloud infrastructure, you need to patch your massive cloud infrastructure. If you're a home user, carry on.
So, for us, this is fine. For us, this is fine.
An interesting story that, depending on, it's sort of a Rorschach test of good news, bad news.
So Microsoft paid for a security audit of the hardware that is most commonly used to power Windows Hello.
So Windows Hello is kind of face ID like for Windows.
And it relies obviously on hardware to do either fingerprint scanning or face ID or whatever.
So in this case it was fingerprint scanners were being checked.
So I guess it's more like touch IDs and Face ID.
[55:24] So this is hardware implementation by people manufacturing laptops, for example.
Correct. So in specific, actually very cleverly, they wanted the most used ones audited.
So Microsoft Surfaces, Dell laptops, and Thinkpads.
So you know, very common, very good products. So the bad news is that the standard was secure.
The implementations were not.
So the hardware vendors managed to mess up, and some of them messed up badly enough that there was actually plain text information going from the scanner to the PC, which is completely insane.
[56:05] So there's actually proper protocols for doing that securely, which is why it's possible to have the Touch ID scanner on my Apple Extended keyboard connect over Bluetooth to my Mac and still securely use my fingerprint, right? We have protocols for this stuff.
So, there is a lot of very concrete advice being given by the researchers, telling vendors what they did wrong and what not to do in future.
So on the whole, this is going to make things better. But right now, today, these things can't be patched, because these are hardware problems.
So you need to know that Windows Hello is not as secure as you think.
Now there's another sort of silver lining on this. the attacks are really hard to pull off.
So, for regular home users, it is still better to have Windows Hello than to have your machine sitting there without any sort of password.
But if you're a CEO for a major tech company traveling to China, do not rely on Windows Hello to keep you safe.
Because there is someone there motivated enough to do the difficult attack.
[57:05] The irony here is that, so this is hardware implementation by the companies that make the fingerprint sensors that are actually in Microsoft's devices, Microsoft Surface devices, along with Dell and Lenovo.
Yeah, because obviously they buy the chip.
Yeah, right, because they have bought a chip from someone who's made them a chip, only they haven't done it right. Not following the spec.
Yeah. So anyway, it's kind of the good news is that we have a very sort of a recipe to solutions.
We have like a specific to-do list for the hardware vendors from the auditors.
That's kind of good. So, but yeah, like I say, bad news, good news, take your pick. It's kind of both.
So just, just choose the bits you want to focus on. And in related news, one of the scariest things that haunts my nightmares with my work hat on particularly, but frankly, with every hat on is what if there's a bug in antivirus software?
What if the software we install and give massive privileges, like auto root access in our computers, what if it's the thing with the vulnerability and what if it gets hacked? That would be terrifying.
So I am happy to say that if you're a security researcher, you can now earn yourself a $20,000 bug bounty if you find a problem in Microsoft Defender.
So responsibly disclose and get paid. Yeah, so good. That is what bug bounties are for. So I like this.
[58:32] Now, we don't talk a lot about ransomware on this show for exactly the reason you've mentioned where we'd like to tell people what they can do about it.
And unless we were a podcast specifically for CEOs, CTOs and CISOs, really ransomware is not the thing we should be talking about because the target these days isn't your average home user anymore.
That was the early days of ransomware. That's where they cut their teeth, was on us regular folk.
Now they've moved on to bigger targets like the giant big pipelines, the Irish healthcare system, those kind of things.
But every now and then it's worth talking about when they do something novel.
And this is not good novel.
So they used to extort you once by asking you to pay them, or you're never getting your data back.
And then they realized that people would say, yeah, whatever, we have backups.
So then they started extorting people twice. It was called a double extortion attack, where they would say, not only will we not give you your data back, but we will actually publish your data on the internet and expose your private email or whatever. So that was a double extortion.
Well, one of the ransomwares has now done the cheekiest ever triple extortion.
If you're in an industry where you are legally required to report data breaches and you haven't, They will threaten to expose you to the regulator, in this case, the US Securities and Exchange Commission, if you don't pay them the ransom.
[59:55] Oh my gosh. So we will tell on the Feds if you don't pay us.
Jesus, where are we going with this? It's at this great level.
Yeah, so anyway, I thought that was worth mentioning. That's quite the change.
Staying on your side of the pond, we have a letter from Senator Wyden which Wired obtained.
I have a funny feeling Senator Wyden may have BCC'd this because it's about a program which is classified but not a security risk.
So they've classified it because it would be inconvenient if people knew about this, not because it poses an actual security risk.
So he couldn't legally tell anyone about this. but somehow Wired got their hands on his letter.
[1:00:40] Anyway, a letter from Senator Wyden to the of your chief lawyer person.
Why has my brain just gone blank?
Attorney General. DOJ, you mean? Yeah, head of DOJ, Attorney General.
Basically, there is a classified programme that has been hoovering up all of the phone records of all American citizens and regular police departments can search you without really much in place to stop them at all.
And that's not supposed to be legal in the United States.
So Senator Wyden would like that looked into, please.
More details in Wired. So I hope he succeeds. Why does that sound suspicious to me?
I've been wrong before, but... Well, details are in the Wired story.
It's certainly not here.
It's a Wired story, so it's quality. So I will let you read and digest and you're a better place to read. I can screen myself past the ads.
Yeah, on almost all of the internet. Now we switch to the Good News column.
Wired is worse than all of them.
Wired is just a train wreck. A couple that are worse than Wired.
[1:01:45] Anyway, switching to the good news column now and staying on your side of the pond.
The US Federal Communications Commission, the FCC, have adopted new rules which require carriers to do stricter verification before making changes to the allocation of SIM cards from one account to another, etc.
In other words, SIM swapping and SIM porting have just become more difficult.
So when you are forced to use SMS-based two-factor authentication, you are less insecure.
[1:02:15] And I have chosen my word script for you there. I hesitate to use the word secure, right. Yeah, but that's good. So that's in the good news column.
And also a little, I sort of like to mention the fact that law enforcement are getting pretty darn good at tackling these major crimeware organizations.
And what's really interesting is very often it involves multinational cooperation, and they really are getting good at working together.
So the first story took place in Malaysia, but it was a collaboration between the Malaysians, the Australians, who have a very good cybersecurity team, and the FBI from your part of the woods.
And they have arrested all of the people and dismantled all of the infrastructure for a major adversary in the middle, as we're calling it these days, malware as a service that was doing the latest cutting edge token stealing that would allow you to bypass multifactor and two factor authentication.
It's called Bulletproof Link.
So it's basically phishing as a service, but not like any old phishing, the really scary phishing that steals your authentication tokens and gets you past multifactor authentication for a couple of hours until the token expires.
And these attacks are bad. But Malaysian police, Australian and American law enforcement worked together and dismantled this. That's fabulous.
Tuck it all apart. These feckers, if you'll excuse my Irish glocalism, have been doing cybercrime since 2015. And now, poof.
[1:03:45] Also, FBI have been busy again. They have also dismantled IPStorm, which is a botnet that was collecting together hacked devices on Random American's home network.
And why would random hacked routers be useful?
Well, one of the ways that a lot of... Basically, when you're trying to block a denial of service attack or something else, you can't block domestic IP addresses because they change all the time.
So if you block someone's Comcast address, it would be someone else's Comcast address tomorrow.
So the baddies love being able to hijack domestic IP addresses because everyone's loathe to block them because that's where the customers live.
And so this botnet was hacking people's routers and then selling access to it as crimeware as a service so that you could buy access to people's domestic IP addresses.
Poof, dismantled, well done FBI.
Buy access to an IP address. Yeah.
[1:04:42] What does it mean to have access to an IP address?
So you know the concept of a proxy server? You can configure, you know, you can use a proxy server to send web traffic through another computer.
So if you don't have direct access to something, you can go through another computer.
There's protocols for it. Like SOCKS5 is a proxy protocol.
So what these baddies did is they hacked routers all over America, installed malware that was a SOCKS5 proxy, and then sold access to that proxy as malware as a service.
So if you were a baddie trying to do some sort of a denial of service attack as an extortion, you would buy access to these IP addresses from these other cyber criminals.
This whole thing is like, it's a giant big marketplace. It's money all the way down. Software as a service, malware as a service.
[1:05:31] But what I'm trying to figure out is, so I'm I'm going to push out malware, I'm going to go through Alison's IP address because I bought access to it, and then it's going to look like it's Alison doing it so they can't catch me.
Okay, that's the piece I was trying to figure out. What's the purpose of using somebody's IP address? Got it.
So half the purpose is because it won't look like you, but the other half is if you steal someone's IP address in a server farm, those are static.
So if you're naughty as someone else, they just block the someone else.
But you can't easily block domestic IP addresses because that's where the customers of most of these companies are coming from.
And they change all the time, right? Every time you reboot your router, you get a new IP address. So they're very valuable to baddies.
[1:06:13] Interesting. Okay, I mean, we know this is going to be whack-a-mole, but you still like to see the mole get whacked.
Right, yeah, if you don't whack a mole, your lawn is ruined.
[1:06:24] You have to keep whacking those moles. And I'm going to say, stick a pin in this.
Google have announced, and I will believe it as I see it, but they have announced that 2024 will be the year that third-party cookies die in Chrome. And they say...
[1:06:43] Blog post, and they say they're going to start the process on the 1st of January with a trial with 1% of Chrome users.
And depending on how that goes, they will roll this out throughout 2024.
As they say, put a pin in it. Every norm will be unable to use Facebook on Chrome.
Well, no, because you can use Facebook without third-party cookies.
[1:07:09] How? Wow. Well, because is that different than third party trackers?
Yes, it is, because a mechanism that trackers use is third party cookies, but third party cookies are not required to use Facebook.
Facebook functions fine without them. OK, OK, so we shall, as I say, we shall see how this goes and we shall see whether they follow through because Google's business model rather depends on them succeeding in selling advertisements without third party cookies.
So I'm going to be very curious to watch this develop.
Huh. But anyway, they have promised and they say they'll start on the 1st of January, so put a pin in it. That'll be our story for 2024.
Same is is this the same as in Safari settings? Privacy prevents cross-site tracking.
Is that the same thing? Same concept. Yeah, same concept. Their implementation may differ.
Yeah, it'll just be built in, turned on always in Chrome. OK.
So, yeah, to some extent, Allison, in, Chrome will become as secure as Safari.
And Facebook works in Safari.
Yeah, yeah, that's why I was trying to double check what I was thinking, so I was confused. Got it.
Yeah. Wow. And Firefox has been doing this for ages, because Firefox don't have a conflict of interest in the same way that some others do.
[1:08:26] So that's, yeah, so that's our stick a pin in a story. Then an excellent explainer I thought I would link to.
This feature is A, not yet available, and B, not really for us, and C, really, really interesting and very important. People can't see the video, but I've just watched Alison have a slight hardware failure with her microphone.
So I'm going to keep vamping here while Alison puts her microphone back in her stand.
Beautifully muted, though, because I didn't hear a darn thing.
It was nicely done. They might have heard it as it started to fall, but I caught it.
[1:08:56] It was one of those moments like Leo and his ball vanishing out of shot.
Anyway, it's just sort of slid down slowly and fell out of the out of the mount here. Anyway, so like a lockdown mode is very important that we have it on iOS.
You and I don't need to worry about it because we're not journalists or freedom fighters or lawyers protecting dissidents or whatever, so we're not likely to need lockdown mode. But it's great that it exists.
And there is a new feature coming to iMessage where you're going to be able to prove that there is no third party eavesdropping on your iMessage conversations, because at the moment it's all end to end encrypted.
Encrypted, but Apple are managing the keys so hypothetically an extra key could get snuck into the conversation.
And then you would have end to end encryption between you, the person you think you're talking to, and somebody else.
There will now be a cryptographic way of proving to yourself without the need of an intermediary that it is only that you are talking to who you think you are and that there is no one else in the chain.
[1:10:02] And that won't be any kind of a default, but that will be if somebody can enable it.
It will be enabled in the sense that you will be able to access the various codes and things, but in order to actually do it would involve you, you know, basically you would need to have a phone conversation where you say, the number I'm seeing is 5321, what do you see?
And if they also see 5321, then you know, it's all good.
And then you... Okay, Telegram has that feature that you and I played with once where they, it actually gives you a bunch of little emoji.
And so you tell the other person, okay, this is what I'm seeing, what do you see? and yeah, I'm seeing the same thing. Okay, now we know that's end-to-end encrypted.
Not by default. Correct, and that is the same concept, the same cryptography is coming to iMessage.
[1:10:47] So it's very important for the people who it matters to.
It really matters to. Yeah, for us, not so much.
It might be fun, though. I'll probably end up doing it with you just to try it out, but it's not available yet.
It's in the beta at the moment, so it will be in the next release of iOS.
And that brings us on to some palate cleansing, and they're all mine this week because someone's been busy having turkey and family and all these things.
Apparently you do that once a year. Anyway, have fun.
So I have two tips for you. First off, iOS 17 had a little sneaker new feature I didn't know about, but the good people at Cultimac pointed to me. It pointed me to it.
I verified it. I put a video up on Mastodon. It genuinely works.
Are you as perplexed by many of the symbols inside your laundry as I am?
The one that says 30 degrees, I understand.
Wash this at 30 degrees. That I get.
All the other ones are mystery meat to me. And I have eventually learned the one that says don't tumble dry, because I've broken things by not knowing that, but I have no idea what the other ones mean.
If you take a photograph of the label, and you wait for a second, that little magic eye will appear underneath the photograph in the photos app, and when you click on it, it will tell you what the symbols mean.
[1:12:08] I played with this when this first came out. That's really, really cool.
It's spectacularly cool. So I now know that my luminous orange rainproof jacket shouldn't be bleached.
Not that I was tempted to stick a luminous orange, you know, safety glow orange jacket in bleach. But anyway, I now know I can't.
It's just a really useful feature. So that was cool.
And then I have... Yeah, it's kind of interesting that those symbols have been around so long and none of us know what 80% of them mean.
Yeah, we know the one about the temperature, because otherwise stuff shrinks.
[1:12:40] Yeah, yeah. I saw Bart post about this on Mastodon and you should follow him on Mastodon.
He's got a link to his Mastodon account in the show notes.
I do, yes. And actually there's a lot of really fun people following me on Mastodon.
A lot of them are in Silicastaways.
It continues to be a non-toxic place, despite the fact that we've been there for a year or two now, and it continues to be the lovely place that it was.
So yay. It's funny when nobody's pushing toxic at you, that toxic doesn't happen.
Yeah. Imagine if your business model doesn't depend on it. It doesn't happen. Yeah, I know that.
And finally, a lot of people have some time on their hands in the holiday season.
So if you're looking for, say, a podcast to listen to while you're driving, you know, long distance home from family or whatever, I have a two part episode of the Wonderful Malicious Life podcast to recommend to you.
It is one of the best explainers I have heard and telling the story of the NSO group, whom we have obviously heard so much about because of their infamous Pegasus software.
But it's a lot weirder than I had realised. A lot weirder.
It's kind of interesting that Malicious Life is done by an Israeli podcaster and the NSO group is in Israel.
So you get it in an Israeli accent, which is very appropriate, but he also has a lot of insight into the culture and everything that surrounds the NSO group because he's in the OPSEC community in Israel.
[1:14:03] Oh wow, that does sound interesting. I do find it hilarious that you have something called malicious life under palate cleanser.
Yeah, what do you know? We're a funny bunch of us podcasters.
There we go. I like it.
Well, this is good. I'm kind of relieved there isn't a deep dive because sometimes those are really bad news.
They often are, especially if they don't have a fire extinguisher logo.
But no, we had a few stories with a bit of mean on them, but nothing was worth the deep dive as such. So we just sort went through them in order, and it's been interesting two weeks worth of news.
But remember folks, the advice is always the same.
Stay patched, so you stay secure.
Well that's going to wind us up for this week. Did you know you can email me at allison at podfeet.com anytime you like?
If you have a question or a suggestion, just send it on over.
Heck, you can send in a review, like the reviews we got this week.
It was fantastic and I loved having that extra time with my family.
You can follow me on Mastodon at podfeet at Chaos.Social.
Remember, everything good starts with Podfeet.com. If you want to join in the conversation, you could join a Slack community at Podfeet.com slash Slack, where you can talk to me and all of the other lovely Nosilla Castaways.
And if you want to join in the fun of the live show, after you go outside and be nice to each other, you can join us by heading on over to Podfeet.com slash live on Sunday nights at 5 p.m.
Pacific time and join the friendly and enthusiastic Nosilla Castaways.
[1:15:24] Music.