NC_2024_01_21
[0:00] Music.
[0:12] Four, and this is show number 976. This week's episode of Chit Chat Across the
CCATP #784 — Bart Busschots on PBS 159 of X - jq: Building Data Structures
[0:19] Pond is a very meaty episode of Programming by Stealth.
Barbu Shots teaches us how to build data structures using JQ with JSON files.
We're not just querying existing data now, we're rebuilding the data the way we want to see it.
We learn how to build strings with interpolation, which I still find a very odd word to describe that process, but it's really more like concatenation in Excel. I don't know, maybe it's just me that has trouble with that wording, but that's how I remember what string interpolation is.
We also build arrays using JQ and even convert between strings and arrays with the split and join commands.
We build dictionaries in a syntax that is just simple and elegant.
We also build dictionaries from strings using Capture with regular expressions.
We learned how to do string formatting and escaping using the at symbol followed by other stuff.
For example, at CSV can automatically create comma separated values data for us and at URI can escape characters for us in a URL we build using JQ.
[1:18] Like I said, it's a meaty episode, but Bart and I both really enjoyed this lesson quite a bit.
You can find Bart's fabulous tutorial show notes at pbs.bartofisser.net.
And just in case I forgot to mention it earlier, remember that we now have transcripts with chapter breaks.
This means you can pretty much jump easily to a topic to reread exactly how Bart explains something, something beyond what's in the show notes.
Steve and I read along with the transcript and listened to the show for a little bit, and it was really, really accurate.
It did misspell his name. He's Bart Bouchard in the show notes, in the transcripts, I should say.
But overall, it's a pretty good way to skim the text and maybe get to a portion of the audio where you you want to re-hear it for clarification.
[2:01] This is all thanks to the magic of Auphonic. Okay, it's not magic, but it feels like magic. And you know, it's AI under the hood.
And of course, you can find Programming by Stealth in your podcatcher of choice.
All right, let's get started with some interviews from CES. Now, I do my best during these interviews to make sure the person I'm talking to knows this is for an audio podcast, but that there will also be an audience audience watching the video.
The first interview is about an electric outboard motor, and it's really something cool to see.
So if you're just listening, it might be fun to also click the link in the show notes to watch the video.
CES 2024: KAHE Multi-Purpose Electric Outboard Motor
[2:37] We see a lot of things with electric motors but what I haven't seen before is an electric motor for a powerboat.
So we're in the Cahay booth here with Christian Allier to talk about the first multi-function electric outboard motor and that's a crazy concept.
We're going to describe this but tell us first what are you building here?
First of all we wanted We wanted something pure and electric, it was the first idea.
We wanted to participate to the decarbonization.
So we created, we designed and created an electric motor for boats, 100% electric, 100% with a new generation of battery.
It's an eco-friendly battery. It means, I changed my words.
Yeah, that's good. Let me describe this for the audience while we're talking.
This looks like a little white torpedo.
It's really cool looking. He's taken the nose cone off of it.
Go ahead and pull it out. Yeah.
[3:40] The best shape is a torpedo. Yeah, of course. Of course. It's aerodynamic.
And when I talk about electric, it's no odor, no carbon reject.
And our battery is a new generation one.
It means you can repair it and you can recycle it. Oh, good, good.
For example, this prototype uses absolutely second life cells, only second life cells.
Okay. Which is very important for the recyclability. Oh, gotcha.
And we spoke about multi-function, because we first started by a boat motor, you can switch immediately in a few seconds in a snorkeling underwater scooter so as let me describe this so he's got a what looks like a more traditional it's a torpedo with a propeller on the end and then it's the same unit but now it's got handles on it and a gopro mount so you can be snorkeling and uh and with this kind of accessories pulling you forward now immediately, underwater scooter and you can do the same with this one all right you hold this here i'm going going to pick up the third one.
So this is the same unit. I'm holding another torpedo.
It's pretty heavy, but it's got a mount on it. What is that?
What is that for? 9.9 pounds. I'm just really weak.
[5:08] So what's this mount? So we have the the traditional motor for the boat, electric motor, the scooter.
And what is the third use? For stand-up paddle and kayak.
Okay. I might be able to stay up on some if it was actually moving forward with a motor on it yeah that might work okay so he's gonna actually turn it on for the video audience here yeah let's turn it on oh oh wow that's pretty quiet yeah that's quite no order that's right no gas that's awesome yeah it's cool all right it's getting heavy christian i gotta set this down and turn it off there okay make it stop Make it stop!
Make it stop! Oh, there we go.
Oh, he turned it back on again.
[5:52] There, I got the audio in the right place.
Okay, so this is really cool. So the single unit can do this.
How far can you go or how long can you go on a motorboat with the electric motor?
Yeah, it depends on the use and on the craft.
For example, on a classic boat, you can use it for one hour.
We prefer saying one hour.
It's one hour and a half, but one hour with a classic boat, three hours.
Three hours as a snorkeling scooter. It's nothing knocking scooter and six hours more with tender puddle and kayak Oh, very very cool.
So when is this going to be available in the United States?
May May 24 Oh May 2024 and what's your price point on this?
1500 boxes dollars. That's not that's actually not bad for this.
This is really cool I mean you could get a couple of those on a powerboat, right?
Could you do two of these to the electric motors to yeah? Yeah, for sure.
Add up to go faster. All right. Faster and longer.
All right. And what is the website to find the Kahé?
Kahénautic.com. Kahénautic.com. We will definitely write this down and have it in the notes below.
Thank you so much. Really appreciate it. You're welcome. Thank you very much.
Thank you so much. Thank you.
[7:13] Well, I want to add two more things to that. Grumpy in the chat room pointed out, why do I keep calling it a torpedo when I'm talking about boats?
Probably shouldn't have called it that, but that was the shape of it. That's all I meant.
The other thing is Steve checked the Cahenotic.com website, and it's on sale for $1,000 right now.
I don't know whether it's going to go back up to $1,500, but it was kind of interesting that it's only $1,000.
So if you want a portable scooter for your snorkeling adventures, it's a lot less than buying an Apple Vision Pro.
[7:47] The next bit of content you're going to hear is from a company that had no one authorized to talk to me for an interview.
We did meet a lovely gentleman who fed me some information beforehand, and you'll hear me explain what I learned. It's quite short, but it's pretty cool stuff.
CES 2024: TIER IV Level 4 Self-Driving Software for EVs
[8:02] A company called Tier4 has developed self-driving software that then they gave as an open source donation to the Autoware Foundation, where now other companies are developing full self-driving with that software.
They've taken it to level 4 driving which means a driver assist so there's a safety driver there but not necessarily having to do any driving and that's done in Japan right now not in the US and they partner with companies that build electric vehicles electric buses and when I'm standing in front of an example here that's got a six-seater configuration it looks like a little conference room and you can sit facing each other and this is going to be full self-driving.
It's an interesting concept and I like the idea that this is open source software that can be developed by other companies.
And the company again is Tier 4 and hopefully the Kilowatt audience will enjoy learning about this as well as the Nocelicast audience.
CES 2024: Ricoh Portable Monitors
[8:59] A lot of people are fans of the ScanSnap scanners, and they were from Fujitsu, but I'm standing in a PFU Ricoh company booth, and Scott Francis is going to explain to me what I just said.
Yes, Allison. Well, thanks for stopping by.
So the former Fujitsu company that has made Fujitsu scanners for over 30 years was acquired by Ricoh.
Ricoh now owns a majority, 80% of our company. So, now we've gone from the Fujitsu logo to Ricoh.
Okay, that's good. But Ricoh is a household name. We're good with that.
Ricoh is an excellent name. They make great products. So, we really found ourselves right at home under the Ricoh badge.
Yeah, that sure sounds like it. So, you've got a couple of things here.
What I'm really excited about is portable displays.
I think portable USB-C displays have just revolutionized my life. I think they're cool.
So, you've got an offering here. I think it's one of the best new products that most people didn't even know existed. Didn't know they even needed.
[10:00] That's right. But when you get one in your hands, you'll know right away that you want one and you won't want to give it back.
That's for sure. I bought one. I gave my daughter one. And then now she's basically like a salesperson at her office for them.
So what is the offering from Ricoh? So this is our new portable monitor 150.
150 we also have the 150 BW which is a battery and wireless model so what to choose from that's right wireless okay don't don't get me too excited we'll come up on the wireless one let's do this one first yeah let's talk about the basic specifications that both models share first it's a 15.6 inch OLED display OLED okay right so you're going to get great brightness amazing image quality.
We have twin speakers on the side to complement your presentation.
This has tempered glass so it's a very durable design as well.
That's important in a portable display.
And full HD resolution as well.
[11:00] Yeah, oh yeah, so what is the resolution? The resolution is Full HD 1920 by 1080.
Okay, okay. And then it looks like it might have a kickstand on the back, does it? Great point, Allison.
So we can see it from the side. It has an integrated kickstand.
This is unique to our model.
It's unique because you can have it in different orientations.
Let's say I'm a graphics artist and I want to do some digital art.
I can have it in any orientation that works.
This is a 10-point touch screen display.
So for Windows users at least? Windows users, Mac users, even iOS and Android.
Oh, that's interesting. So the way he's got it set on the table, it's at an angle like it would be very comfortable to draw on it with Procreate or something like that.
Exactly. But you wouldn't be drawing right on it.
You could draw right on this using the stylus. You can use a standard stylus.
We also sell a stylus for about $100 that has over 4,000 levels of sensitivity and two function buttons.
So if you're using Adobe Photoshop, you can bring out all those extra features.
[12:11] But macOS is not a touch operating system, but I guess it's like having a Wacom tablet in the old days?
Yeah, I think for driving it with the display itself, it would actually be Windows or Android.
Okay, that makes sense. For Mac, you can actually duplicate your display, but to your point, you're not actively driving the session.
Okay. That makes more sense. But it can also stand up as a regular stand for using it as a computer device as an extended display, correct?
Yes, or sizes in between.
So that's the best part about it. Very nice. Very nice. The thing I like about an integrated kickstand is it doesn't take up a lot of room on the.
[12:47] It's perfect for all those home remote workers that don't have a lot of space.
Or road warriors. And in road warriors, you can take it right on the road.
If you're an outside salesperson, let your customer see the presentation while you drive it from the other side.
This is a much better experience than having everyone huddle around a laptop.
Right, right, right. Okay, so now I want to hear about this wireless version because that just sounds like sorcery to me. So we're going to walk down here.
[13:18] Now, with both models, I can go USB-C with either model, and it can be powered with USB-C as well for our battery model.
So the battery model has a three-hour battery, and it can charge in about two and a half hours.
Is this the one I've got in my hand right here? Yes. So this is the BW.
Okay. I'm lifting this thing, and this thing weighs nothing.
This is a three and a half hour battery? It weighs 25 ounces.
It's amazing. That's amazing. One hand. Maybe even two fingers.
I'm telling you, Steve's manning the camera, but you've got to lift this.
You've got to see how light this is.
That is astonishing. That's so light. Now, it's tethered right now to cable.
If you're going to travel around with a portable display, you want the 150 because it is super lightweight, but it's solid design.
[14:05] But that's got a battery in it. It's got a battery in it, a three-hour battery that can recharge in about two and a half hours.
It's amazing. And you can use it while it's charging.
That's fantastic. So this is the 150 and the 150BW.
Yes. And BW stands for? It's just our part number suffix to connotate that we have a battery and wireless.
Okay. Battery, wireless. Okay, I got that. So what's your price point on these two devices? Street price is $700 for the wireless and battery model.
$550 is the street price for the USB-C only. So, if you're looking at cheesy USB-C displays and going, well, wait a minute, that's a ridiculous price.
These are OLED. That is a huge difference.
Yes. You could spend $200 on a portable display, but it's going to be heavy.
It's not going to have a battery. It's not going to operate well.
These have a reduction of blue light emissions to make it great.
You can even use it in lower light settings.
If you're going to use something all of the time, spend a little more and get a lot more value.
Very good. This is fantastic. So if people want to find out more about the 150 and the 150 BW portable displays, where would they go?
They can go to ricodocumentscanners.com, and that will take you to our Ricoh site where we have all of our products here, including our document scanners.
All right. Very good. Thank you very much, Scott. This is fantastic. Thank you, Allison.
CES 2024: Tandem Insulin Pumps
[15:33] I got an assignment from MacLurker, Dorothy, asking if I would go to the Tandem booth.
And I'm here with Ben Marr to talk about their diabetes pumps.
And we're going to learn a little bit about how these work and maybe answer a couple of Dorothy's questions.
I've got them up on my phone. So welcome to the show, Ben. Thank you very much for having me.
All right. So first of all, what is an insulin pump? What does that do?
An insulin pump is essentially, as added, delivers insulin to those who need it, those with diabetes. diabetes.
Okay, so you've got a tiny little unit in your hand. Let's hold it up for Steve.
He's got a little unit in his hand. It's got a display on it.
[16:10] It's smaller, like half the size of a deck of cards, I'd say, maybe, and it's got a display showing insulin levels and a bunch of other great metrics, I assume?
Yeah, correct. It's actually monitoring your insulin, your continuous glucose monitors, your blood sugars, and it's showing you the history of that, and it's showing you the history of the adjustments that the pump's been making over time to your insulin to keep you in range.
So from my limited understanding, I've been taught by Dorothy, a continuous glucose monitor is something that you stick to your arm, for example, a little patch.
I can show you one right here. This is called the Freestyle Libre 2 Plus Continuous Glucose Monitor by Abbott.
It basically looks like an air tag stuck to his arm. Yeah, correct.
But it's a lot more than that. It actually has a sensor just underneath your skin, and it measures the sugar levels in your blood.
And it measures that every one minute to see how your insulin levels need to be.
This was a huge advantage over pricking your finger years ago.
Not that long ago. Like a few minutes ago. Not that long ago, and many people still do that today.
And that's unfortunately, you'd have to prick your finger sometimes up to 20 times a day to check your blood sugar levels and give yourself insulin accordingly.
[17:25] What Dorothy's taught me is that it's not just how high your blood sugar goes, but maintaining an even keel is what you need.
And so we're going to call it a CGM, continuous glucose monitor.
Having that is really important.
But now what's important about Tandem is that you work with, you guys don't make CGMs, but you work with other manufacturers?
Yeah, correct. And today we just announced, as I said, the Abbott integration, which is the first integration with the Freestyle Libre sensor, but we actually are the first pump to be able to connect to up to three different CGMs, as we call them, meaning that you can use our pump and no matter what.
[18:01] Different cgm you use as well oh okay that's a big advantage so what the product in your hand what is that what's the the name of that this is the t slim x2 insulin pump okay and now you've got a smaller device here can you show us that on screen it's now this looks like boy i don't even know that's like smaller than a cigarette lighter but it's got an interesting looking little plastic probe sticking out of the top what is that that's actually the cartridge on there so this is tandem Mobi, our insulin pump that we're just in the process of releasing.
And this is actually the cartridge that you see. So you actually have the insulin in there, and that connects to an infusion set, which connects to your body, which actually delivers insulin into your body every five minutes based on your CGM readings.
Oh, so that's much, much smaller than the one you've got in your hand.
So is that in development right now?
No, that's actually just recently been cleared by the FDA and we're in the process of actually releasing that to the public starting this year.
Very good, very good. Now Dorothy asked me to ask you, will you be able to update the firmware on the Mobi?
Yes, absolutely. So that's one of the unique things about tandem pumps is you can actually update the software.
So today as I mentioned you update your software and you can get you can start to use the Abbott sensor.
[19:15] Both of our pumps will be completely software updatable and the unique thing about this one is there's no ports on there So it's completely wirelessly updated via the compatible mobile app.
Oh, okay. So that's why it doesn't have a display on it or anything.
Correct. That's why we can make it so small because it's controlled by a mobile app. Okay. Wireless, but it's still connected to you.
It's still connected to you when you need it for the insulin.
Until they can magically transport the insulin into you. I guess that's going to be the case.
So the other question she asked was with the continuous glucose monitors, you have to replace those every three days. So it's a big advantage you're not putting.
[19:55] Pricking your finger i'll get this right pricking your finger 20 times a day but now every three days that's still annoying is it gonna is there any progress on making those last longer yeah for sure absolutely so yeah i think i think the the great thing about insulin pumps is it saves you about over 2 000 injections of insulin you'd have to do in a year i forgot about that part yeah that's a lot that's a lot but we are absolutely working on longer what we call longer wear time so moving from three days ultimately up to seven days as well that that that that means you you essentially halve the amount of times you have to change your insulin slide.
I would assume that has to do with infection and things like that, leaving it in too long?
Yeah, there's a lot of technology to make sure, because your body essentially doesn't want you to be opening up your skin every few days.
So it actually tries to resolve that. So we're working on the technology, which means that it doesn't get as irritated.
[20:46] All right, and she said the final question is, when will we get an artificial pancreas so you don't have to do any of this?
It's all done in a full closed-loop system. Yeah, well, essentially, that's the holy grail of what we're working on with insulin pumps.
I'm very, very hopeful that we'll be able to come out with that soon and hopefully for your friend. Someday.
Yeah, yeah, yeah. So is this just for type 1 diabetes or is it type 2 diabetes?
So type 1 diabetes is not your behavior caused this. You're just born with that or you get this, right?
Yep. Right now, our algorithm, our automated delivery system is indicated for type 1 only, but we are actually working on making that available with a regulatory body for type 2 diabetes as well.
Very good. Well, I thank you for your work at keeping my friend Dorothy alive and healthy all these years.
Best wishes to Dorothy. Thank you very much.
Support the Show
[21:40] I don't know if you've noticed this, but the PodFeed podcasts don't have any ads.
When you think about how happy that makes you, I'd like you to consider how the costs of creating this fabulous content are covered.
They're covered by the generosity of listeners who choose to either pledge a monthly amount via podfee.com slash patreon or single time donations via podfee.com slash paypal i'm tired of ads aren't you please consider becoming one of the heroes of the show and supporting this work with your hard-earned dollars or yen or euro.
[22:14] Music.
Security Bits — 21 January 2024 - Podfeet Podcasts
[22:21] Well, it's that time of the week again. It's time for Security Bits with Bart Buschatz. How are you today, Bart?
I am good. I got out on my bike and on my walk before the worst of storm Aisha.
So, yeah, I'm good. I'm all exercised.
I won't say I stayed dry. That would be a lie in the extreme.
But compared to what's happening out there right now, I did good.
Hey, well, Tessa and I went for a walk in the rain yesterday.
It rained nearly a tenth of an inch while I was out there. A half an inch in a day.
Oh, wow. Did I tell you that Carrot Weather gives you an annual statistic page?
But mid-January it sends you a push notification. I had 76 centimetres of rain.
Let's see, what is that in freedom units? 76 centimetres. 30 inches.
And my hottest temperature was 28 Celsius, which is probably you on a fairly average summer day.
Let's see, that's, wait. 28. 82.
Well, no, we're really in the high 70s here. That'd be a smidge high.
A smidge high, yeah, but it's not 100.
Like, it's not the kind of temperatures I hear when Americans talk.
Like, Bodhi gets way more than that, right?
[23:37] Oh, yeah, well, he does live in the desert, so. True. And my coldest was only minus four, which isn't too bad, actually. But that's definitely colder than you. Yeah.
You don't go minus. All right. Well, this isn't weather bits we should get stuck in.
Indeed. So I have two follow-ups of stories we have been following.
So a couple of weeks ago, we had a whole bunch of security mediums where it was one of those, you should be aware that it's possible to blah, blah, blah, and you can't protect yourself yet. But if you ever can, I'll let you know.
And one of those flaws was that it was possible to become an attacker in the middle between an Apple Bluetooth keyboard and your Mac, and therefore the attackers could see everything you typed or, worse still, inject keystrokes of their own, which is obviously dangerous.
And at the time, there was no patch.
Well, I am happy to say you may now patchy, patchy, patch, patch.
If you update to the latest versions of the Mac operating system, your keyboards will be fine.
So do the hot diggity dog.
In other good news related to pegasus these are not words i often put together but the people in kaspersky are obviously very interested given that they have literally been attacked by some of these kind of things they're they're always quite keen to try find better ways of finding this kind of spyware and they discovered that your iphone has a log file that it writes every single running process to disk on shutdown.
[25:06] And one of the things you should do if you're afraid you're being targeted is repeatedly reboot your iPhone because nothing can survive a reboot because of Secure Boot.
And so this technique allows them to see what was happening in RAM as they shut their phone down.
And then when the phone reboots, they can read everything in that log file and they have published scripts that anyone can run against their logs.
And it will tell you whether or not there is something that looks like a suspicious process running on the device at the point of shutdown it's a cool feature this should make it easier for citizen lab and all those other people who are finding all of these things that the spyware is up to to find the spyware so i think that's good and we have two deep dives and they're both of the category of this isn't good but it's It's not catastrophic, either.
The first one actually is more a case of explaining what everyone was talking about.
So there has been a thing I have not been telling you about for about four months because it's never quite been a solid enough story that I could speak to it with any sort of, anything short of massive amounts of hand waving.
[26:20] So there have been cyber criminals offering for sale a version of encryption malware that they claim can resurrect people's Google sessions even after they change their password.
So the attackers are selling his ability to get back into someone's Google account after they change their password because you were in there already.
And that's certainly a good big claim, but there was no wood behind the arrow to explain how that might be possible or if it was even true.
It was just, it has been reported that this is for sale on the dark web, but no one had enough actual information for me to put it in the show notes without you being cranky at me.
But literally the day after myself and Jill recorded we finally got the detail I was very cranky with myself because I again passed it over it was in my RSS reader and I said no again and then Tom Merritt explained it all because he had read a news article I hadn't read yet um over on RS Technica no bleeping computer it was over on bleeping computer we finally got the details so now I can tell you that yes it is true but there's lots of caveats and I can explain it.
[27:38] So if you use the desktop version of google chrome you can log into the browser right you can log into google chrome and it will then synchronize your settings with all of your other google chromes and it will act as a single sign-on to all of google services you may be running on your device like whether if you're you know if you're using maps or if you're using google drive it's all sort of the one login you log in once and you're into all the google magic and to do that they have a token that is put on your machine and if attackers steal that token they can use that token to re-log you into things because what's you're not actually permanently logged in what you have is a token that lets you re-log in without needing to do any work so behind the scenes the token is sent off to an api and the answer from the api is here's a fresh session token token and then you appear always to be logged in so as a user it feels single sign-on it feels so if you if you quit chrome and go back in or you're still that's still enabled and reboot the computer still enabled so the token has a lifetime of a couple of weeks and as long as that token's alive you're magically logged into all of the google stuff on that computer which is fine unless your computer is riddled with malware and the malware steals the token so that's how it was was working, they were, if you are hacked.
[29:04] Then they can start to resurrect your Google sessions.
[29:09] And when you change a password on any modern site with multi-factor authentication.
[29:15] Or not multi-factor, in fact, if you have any site where when you have a client, you don't enter your username and password, the client bounces you to the web, you log in on the web, and then you get bounced back to the client. That's called OAuth.
So Twitter, Twitter slash X, Mastodon, they all do this little dance through the browser and back.
What that's actually doing is letting the app log in without your username and password.
The app never sees your username and password, so the app can't lose your username and password.
But it means that there's a connection between your account and that app and so when you log into your account on these services you can list all of the apps that are authenticated.
[29:51] And so if you log into your Apple ID you'll see all of your devices if you log into your Google ID you'll see all of your devices if you change your password it doesn't affect those connections to those devices so you may think I have locked everyone out of my account but if you haven't deactivated all of those connections their token is still valid and the token being stolen is one of those tokens okay so the actual lesson is not because it was initially reported as google have a major bug it's not it's everything is working as designed if you have an account that allows you to connect devices whether it be a login with facebook a apple id anything that allows you to do that kind of a login through the browser to multiple apps, if you change your password, you have to go in and disconnect all of the other apps and things.
Otherwise, you haven't really changed all of the keys.
[30:49] That makes sense. It does make sense, but you have to think about it.
So actually, this is a perfect excuse to remind us that changing your password may not be doing everything you think it's doing if you're using modern applications that use OAuth.
[31:08] This maybe i'm being i'm missing a big point here but it seems obvious that you would have to log out of i guess it's a fact that that token exists in the first place that is the the new information i mean it's not even new information basically you think it's obvious because you're used to having this idea of connected devices but i think a lot of people would assume that if i change my facebook password then everything i logged into facebook everything i use login with facebook it would also be fixed, but it isn't. So that's the reminder.
If you do a login as with anything, whether it be Google, Microsoft, Facebook, XTwitter, your Apple ID, changing your password doesn't lock all of those things out.
[31:52] Okay. Okay. Anyway, so it's really, it's not a, you know, it's not a bad news story.
It's just, bear this in mind. And again, don't get hacked.
How do I protect myself from this malware that's being sold?
Don't get hacked. Then they can't use this tool against you.
Deep dive number two then is less happy happy. We did include some instructions on how to log out of all your devices in one fell swoop. It's a real simple process.
Apple has a support article on it. Google sorry Google yes and thank you Alison because you actually deserve the credit for digging up that link because I basically went I don't have a Google account so I don't know and you were like yeah Bart you could Google how to do Google oh yeah.
[32:38] It was it was real hard it took me a split second yeah but it was time I spent de-ickifying the iMac I'm giving away to a good friend of the show anyway.
[32:50] Deep dive number two then there are caveats this is not the end of the world but this is not a happy happy joy joy story and again this one started off very fuzzy so and a chinese organization associated with the chinese government said that they had developed the ability to de-anonymize airdrop and that immediately makes me suspicious because it's very much in their interest to say that because airdrop is being used to share information without using the internet and these kind of easily policeable channels and so they want people to be terrified of using airdrop because they can't control airdrop.
So there is a... this may not have been true.
However, it appears it is true-ish.
So there's a couple of facts we now know.
[33:47] Because it is possible with AirDrop to say only allow connections from my contacts, there is a mechanism for sharing who is and who isn't your contact.
But the intention is that that should be anonymous.
But that means you have a need for some sort of hashing.
And it can't be a salted hash because then the hash will be different every time, which defeats the purpose of detecting whether or not it's one of your contacts.
So they're just plain old hashes and they have to be.
And security researchers have been poking at these hashes for a couple of years because if you listen in over Bluetooth at the point in time when there's an airdrop happening, you can see the traffic flying over and back and you can see these hashes.
And so security researchers have been looking at these hashes for years and they have had critiques.
[34:42] Basically, it is not infeasible if you are a nation state to throw enough resources at it to start breaking these hashes.
And so researchers have even gone so far as to suggest to Apple better algorithms they could be using for this.
But the researchers have sort of said that would probably break backwards compatibility.
And so Apple would need to take the bull by the horns and basically say that unless you're running the very latest version version of iOS slash macOS, no more airdrop for you, which they may be forced to do at some stage anyway, because this protocol is getting old.
But the hashes are not cryptographically as good as they could be.
[35:20] But even at that, that shouldn't make it possible to do what the Chinese government say they can do. So there's another piece to this puzzle.
And that is, so we know that a hash is easy to go from plain text to hash, but hard to go from hash to plain text without spending half the universe calculating it.
But of course, an attack that's been used for years against hashes is a so-called rainbow table.
You start with every possible input, you do the forward calculation, and you save all of your results in a giant big lookup table.
And so a forward rainbow table of all eight character passwords is not that big because you have eight times seven times you know the amount of permutations is not astronomical but the amount of possible apple ids in existence is astronomical because they could be really short or really long like there are so many possibilities so no computer could store a rainbow table of every possible apple id and no computer could calculate the hashes of every possible Apple ID.
So it is physically impossible that the Chinese government have such a rainbow table because it wouldn't fit on the computer and they could never have made it.
[36:34] But they know what phone numbers exist in China.
[36:39] So they didn't have to calculate every possible hash. They just needed to hash every Chinese cell phone number.
Wait a minute, wait a minute. How's the Apple ID related to the phone number?
Well, when you use AirDrop without being signed into Apple ID, you're doing it on your phone number, or you can do it based...
No, sorry, let me back that up.
But if you're doing it based on your Apple ID... No, no, no, I'm wrong, I'm wrong. No, stop, I'm talking wrong. I'm wrong.
So let me back up before I go any further down the wrong hole.
So how does it know you and me are contacts? It checks our phone numbers in my address book and the email addresses in my address book.
No, you can do it without a phone number. You can just have somebody's Apple ID.
I talk to people all the time that I don't have their phone numbers.
You need one or the other.
So if I have in my address card for you both a phone number and an email address, then the hashes for both your phone number and your email address are going to be involved here because that's how we're detecting each other.
There okay but if i only have your email address then the chinese government wouldn't be able to find this no but if you're using but most people you probably have both yeah you would have both exactly so they know every phone number that exists in china because all of the all of the cell phone companies work closely with the government so give me a list of your subscribers is a very easy ask for the chinese government so forward hashing all the phone numbers that that actually exists is a way simpler task than every possible Apple ID on planet Earth.
[38:07] Now, they also claim they have done email addresses, so they can't have done every email address on planet Earth.
They can't have done every possible email address on planet Earth.
So my theory is that they have either only hashed forward the email addresses of people already on their list of suspects.
So of people that have come to the Chinese government's attention for some other reason, and they're like, hmm, don't like you, you're on the naughty list, so we'll hash the naughty list.
Or the Great Firewall of China is seeing email addresses fly through the air and keeping a master list of all the email addresses actually in use by actual Chinese people, in which case they forward hash that list, or disturbingly even more than that, the Chinese government forced Apple to partner with a Chinese company to host the servers for iCloud.
Now, the actual encryption keys are safe, But the names of the accounts and stuff is not going to be covered in that encryption because you need to have a way of connecting, you know, the encrypted blob to a person.
So they may have been able to get a list of the actual Apple IDs for China.
[39:13] Anyway, I don't think this affects your typical De Silla Castaway.
Because in order to actually get these logs, the Chinese government either have to be sitting there listening to your Bluetooth Bluetooth, or they need to get your phone off you, get you to unlock your phone so they can get the log file so they have the hash.
So if I was politically active in China, I would be very worried about this because if they get my phone and force me to unlock it, then they could know who I was airdropping with.
But for the rest of us, this isn't as big of a deal.
But I do think that at some stage, Apple are going to have to reinvent their hashing algorithm here.
And so so we all may suffer, airdrop becoming unreliable.
That's never happened before.
[40:01] So, yeah, that's kind of all I can think of to say about that.
So I don't know if you want me to dig into any other aspects of that, or if that makes sense.
No, no, that does make sense. Cool. Action alerts, then. Just two.
Patch Tuesday, beat and gone. 49 flaws, 12 remote code execution bugs.
So patchy patchy patch patch and Google have had the first zero day of the year on their Chrome browser so patchy patchy patch patch which for Chrome means turn it off and turn it on again.
Do you know whether that's Chromium or Chrome?
Since it affects a lot of other devices. I do not off the top of my head.
That's a really good point. I should have thought to dig into that.
Okay, well, we can check the... He's got a link to the Bleeping Computer article about it. Yes.
All of your browsers, frankly, it's a good idea to turn them off regularly.
I hate doing it because I'm Mr. 20 Kabillion Tabs, but it is actually good practice.
Now that you've got an M-series processor, you're going to got to get over that. I mean, I just like...
My camera was looking weird yesterday. It's like, man, just reboot.
[41:11] True. It's like 35 seconds, you know. In fact, you can have it reopen stuff.
Oh, sure. Absolutely. It's just, yeah, yeah. Yeah, you're right.
You're right. You're right. But yeah, I'm still in the habit of, oh, no, my precious browser. I should not restart it. Look at all these tabs.
But yeah, it'll be fine. Okay, in December of 2014, according to SFGate, Microsoft refused to hand over data on emails from Irish emails because they were stored in Microsoft's Dublin data center.
Absolutely. I do not disagree with that in the slightest. Microsoft has servers everywhere.
They do not have to use an Irish company to host their Irish servers.
Oh, I never said an Irish company. I never said that.
That's put words in my mouth. I said that they insisted that they have servers in country.
Maybe that's why we had a disagreement. Well, no, they didn't insist they have servers in country. They have servers in country.
They weren't forced to. They chose to. Let's move on then. Yeah.
There's an important legal distinction.
[42:18] Right. All right, what's next? Worthy warnings. Warnings. There is a website called Halara, which apparently sells something called, oh, it was active fashion, basically.
So I think that means fashionable tracksuits and things. I, fashion, it's beyond me.
They have leaked the details of almost a million people, and they don't seem particularly keen on figuring out what's going on.
So when Bleeping Computer contacted them, they were very, yeah, we're looking into it, thinking about it so bleeping computer decided to take the data breach and check if the data is real and in their random sampling it is real so it appears that the harlara people have not informed the victims which is annoying because that's become my new rule here for whether or not stuff goes into the show notes if the victims have been notified i don't bother telling people because if If it affects you, you have an email.
But in this case, they haven't. And there is enough information in here not to steal your credit card and stuff because it thankfully isn't financial data, but it is way more than enough for very convincing phishing, smishing, or vishing emails because it has...
[43:34] It even has basically SMS, so cell phone numbers and stuff, so they could do SMS-based phishing or even voice-based phishing with the information they've lost.
So if you shop at this place, be aware. It's only 950,000 people, Bart.
[43:51] Yes, in the post-Yahoo breach days, it's tiny. You're right, yeah, tiny. What are we talking about?
[43:59] An interesting warning from Bleeping Computer.
Computer it is january and one of the things that happens in january is a lot of companies give their employees updates on their 401ks and things like that and so security companies have observed scams pretending to be your company's hr department telling you about changes to your 401k and asking you to log in to verify something only the login page is a fake and they're trying to steal your work credentials because sometimes it's about a pay rise and sometimes about a 401k but they're basically trying to use the start of the year to trick you into going to a page that isn't really your company to do with your salary or your pension so beware, That's kind of an interesting scam, because they'd have to know where your 401k was.
I mean, there's some big players like Fidelity, for example, but they'd have to know.
Actually, they don't have to know. They only have to be right some of the time.
Yeah, there you go. That's the magic sauce, right? Yes. Right. Yeah.
[45:11] So, yeah, and it's cheap to send emails, so you can be wrong a lot of the time and still make a profit. of it.
Another worthy warning, Bleeping Computer, again, doing some original reporting here, which is kind of nice to see them doing that.
They are warning that there are Instagram profiles, which are duplicates of real Instagram profiles, and they are being used to try to do romance scams.
They are being reported to Meta, and Meta are not acting. So there are...
What? Yeah. I'm shocked, Bart.
Again, it's so obvious. There's two profiles, both on meta. One of them is up to fraud and one of them isn't.
[45:54] Anyway, just a reminder. You're going to tell me that Twitter isn't blocking bots. Yeah.
Put a pin in that for a minute because we do get to talk about those charming people shortly.
And just because I am perpetually amazed at what ransomware crew get up to, There is another new technique.
So myself and Jill talked about a different new technique, triple extortion.
Well, they've now started to do something else, which is slightly clever.
They're starting to send fake emails offering hackback services to the victims, saying, don't pay the ransom, pay us, and we'll hack them back and delete your data for you.
But they're fake too. Yeah.
Oh my god it just you know fakery all the way down so anyway this is all right trickery trickery trickery moving on to notable news these first two stories i'm slightly nervous about because i don't have the world's best answers on them but i do think we should mention it um there is another uefi vulnerability it's called pixie fail if you're wondering what uefi is again, So UEFI is the follow-on to ye olde BIOS.
It is the firmware that is the very first thing your motherboard does when you hit the power button on a PC.
And Apple are using EFI, which is actually less advanced than UEFI.
[47:23] But yeah, it's the firmware of your computer. And UEFI is now the standard in the PC industry.
So this has nothing to do with the operating system. This is there when you boot up.
Very very early in the process yes its job is to load your operating system before you boot up i should say yeah it's there to find your operating system and start it and there is a thing called pxe boot you may or may not have heard of your your computer even before it has an operating system installed can boot over the network and that's how you can do things like clone a computer across the network so if you're working in corporate it you can send an image at a whole office full of PCs.
Well the way you do that is by using the UEFI to actually talk straight over the network to some sort of server that hosts a copy of the operating system you want to stamp everywhere and that's called PXE.
So pixie fail is because UEFI needs to have a network stack to talk over the network.
The network stack they decided to implement is riddled with bugs bugs which means that over the network you can trip up a lot of UEFI motherboards to run arbitrary code before your operating system is booted so that's rootkit territory here because it's happening before the operating system and that's bad.
[48:45] The good news is patches are being rolled out by vendors one by one by one so an awful lot of PC users are going to have firmware updates for the motherboard.
If you have one apply it because you may well be getting this fix for UEFI.
[49:01] Thankfully a small silver lining here is that the attacker needs to be on your LAN to attack you. So in a local area network.
So in a family environment unless your kids are out to get you, you're probably fine and maybe it's a good reason to have a separate guest wi-fi network so they're not all sitting there looking at your computers but that's kind of the best we can do there so keep an eye out for motherboard updates there's an important reason you want one along with the other UEFI problem with the logo being a way to hack your computer that we talked about a few weeks ago slightly similar vein leftover locals is a bug in a whole bunch of GPUs and one of the things we use GPUs for these days is AI, machine learning and large language models.
[49:49] And AMD, Apple and Qualcomm have GPUs that all make the same whoopsie.
They don't clean up after themselves.
So you run some machine learning or you do a large language model and it leaves the answers lying about in the chip and other people sharing your GPU can read what you've been up to with AI.
So that immediately puts us, it's not speculative execution, but it's awfully similar because with speculative execution, if someone else is sharing your CPU, they can steal data.
Well, in this case, if someone is sharing your GPU, they can steal data.
So for us home users, is we can stop panicking, even though this has a fancy-pants name, because this is a problem for cloud providers, because you can rent GPU space in the cloud because you use GPUs to do AI.
So most GPUs today don't do any graphics ever.
Most of the GPUs on planet Earth are now powering GPT and the like, which is kind of weird, but that's the new reality.
The other good news for us is that Apple have patched their A17 series of chips and they're M3 series of chips.
It doesn't affect the older A series chips.
It does affect the M2, and they have not patched the M2.
[51:10] So maybe they have not... It doesn't affect the older ones.
So your M1 is fine because it's too old, but the M2 is not fine. Even though it's older.
Even though it's older than the M3, that's still affected. Yeah, so the M2 is old enough to be affected, but hasn't been patched.
The M3 was affected, but has been patched.
So they haven't gone back in time far enough yet. AMD have also patched many of their motherboards, but not all of their motherboards.
Sorry, GPUs. And Intel, NVIDIA, and ARM are unaffected. So if your PC is running an Intel GPU, not your issue. If you're running an NVIDIA, not your issue.
And if you have a phone running an ARM GPU, you're also fine.
So on the whole... GPU in the ARM M2 chips, that's not an ARM GPU?
It's not an ARM GPU because Apple do their own.
[52:10] Even though it's an ARM chip.
Do you remember that the absolutely fantastic friend of the show, I know a little more.
Why is my brain always going, as soon as I turn the credits over, my brain goes blank. Tom Merritt. Thank you.
It's funny, out of all of them, you picked to know a little more.
Yeah, he did a thing on ARM.
Yeah, it's complicated. What it means to be an ARM chip is complicated in the extreme.
Apple are on the area where they license a bunch of ARM's tech, but they also do a bunch of their own stuff.
So an Apple ARM chip is as much applesauce, ooh, that's a cool pun, as it is ARM sauce.
[52:49] Okay, so what you really mean in the show notes is discrete ARM GPUs.
That works. That would make it more specific. Okay, but backing up a little bit, oh, I know what I was going to say.
My first thought here was, I don't know why we even need to talk about Apple, because who would use Apple in a server farm? But I happened to see a video yesterday of Christine Warren, who is an advocate or something rather for GitHub at Microsoft.
And she was going through their server farm that they've built of Apple M series Mac minis in these giant racks and how they take them apart and put them back together into these giant racks.
So if they're doing that, they're probably sharing resources, I would think.
That seems reasonable and I know Maccolo also give you giant big server farms full of Apple stuff yeah did they do shared if they offer virtualization of some sort then they would.
[53:49] I don't know to be honest once I've seen you just this one is yours you're paying for one to exist a dedicated server but I don't see why they couldn't, yeah because Apple do support virtualization so you could have a VM if you had an Apple VM then that would be an issue you anyway yeah for us home users you may have heard a lot about this and it does mention apple which always makes it prone to clickbait but for us home users i wouldn't i wouldn't stress about this one something that's really weird to me because this just kept happening in the news in the last two weeks major twitter accounts were getting hacked like the securities and exchange commission in the united states is not a small thing and mandiant are one of the biggest security companies out there if you get hacked you want to employ Mandiant to figure out how you got hacked and how to fix it and yet the SEC's Twitter account was taken over to push some fake Bitcoin stuff which drove up the price of Bitcoin so I think someone succeeded and Mandiant's account was also taken over.
[54:47] You say in the show notes it announced a fake Bitcoin ETF approval, but I thought there was a Bitcoin ETF approval.
I thought that actually happened. I know that there were rumors it was going to happen. I don't know if it ever did happen.
And I know that definitely before anything actually happened, if it actually happened, and I'm not sure it did, this was fake news.
Okay, I'm telling you that it did. Okay, cool.
Yeah, I'll be honest, I don't really follow Bitcoin that much.
Unless all I saw was spread rumor from that one thing, which I find hard to believe because I wasn't following anything on Twitter anymore.
That seems reasonable. There were rumors that an ETF announcement was imminent.
So I don't know if that got misreported as this is happening instead of this is rumored to be happening. That happens a lot in media.
But anyway, either way, it doesn't matter. The bit that worries me is that major X accounts are being successfully taken over, including by major security vendors.
It seems to me something isn't working on X's end.
Mandiant say their account was brute forced. Now, X accounts are online.
You shouldn't be able to brute force an online account. It should rate limit you.
[55:59] So there's something not quite right on the X end at the moment.
Well, I don't know. Something happens when you've fired 85% of your staff.
Yeah, okay, fair point. So the real takeaway here for us in the Silicastaways is be careful of everything you read on X because there's a lot of fake stuff on X at the moment because major accounts are being successfully hacked.
You should probably be careful of what's on X anyway, to be honest, but yeah.
Right, so now we get to flip towards the good news column here.
So Google settled a $5 billion lawsuit, which isn't really the good news.
The reason for the lawsuit was because people were saying incognito mode was being deceptively described because it was promising more privacy than it offers.
Google have a solution, which is the good news. The description for incognito mode is being updated to make it clear that Google still track you when you're in incognito mode.
And many websites can also successfully track you in incognito mode because actually what incognito mode is doing is stopping your computer from keeping a log on your computer of what you are are doing so that your family don't know what you bought them for Christmas.
That's all incognito mode is doing. And so the description will now reflect that reality.
[57:12] So pause. Okay. They're saying that...
Google still track users while incognito mode is enabled. In what way do they do that? What is it?
All the standard tracking built into Chrome. Okay, so incognito mode stops your computer saving a local history so that people you share the computer with can't see what you were doing. That's all incognito mode is for.
Okay, so if I'm searching for buying a Windows laptop, I can do it in incognito mode and Steve will never find out that I was straying.
Exactly. Or if you're buying an anniversary present.
Exactly. It's about your computer. It's not about what you're doing online.
So the far side doesn't know or care about incognito mode because it's not a far side thing. It's a local logging thing.
And so... Would that be true of Apple? Yes, and.
So what Apple do is they do all of that stuff too.
So if you go into private browsing mode, it's not keeping a local log, and that is true. But what they also do is they turn on the privacy protections that are likely to break websites.
So their blocking of third-party cookies is even stricter.
[58:26] Yeah, I mean separate from the third-party cookies. The third-party cookies is a different issue, especially since Google is starting to disable those.
I'm talking about your second sentence. You're saying Google still track users while incognito mode is enabled.
And many websites do too. I'm talking about part one.
[58:43] What are they there google is is tracking you separately from these third-party cookies is what you're saying yes so this is chrome so if you're using chrome it has a whole bunch of tracking stuff built straight into the browser that is not disabled by turning on incognito mode, and do we know whether that's true or false with apple with safari is what i was safari doesn't track using safari does not track you with apple apple like safari doesn't have a built-in spying.
[59:13] Okay so it can't be disabled i know they i know they've also disabled things like being able to identify uh exactly your browser window size and things like that uh that they disabled a few years ago right yeah so apple and firefox both turn on every single technology they can think of to protect your privacy when you go into private browsing mode and they do it in private browsing mode because if you break something in there it's not as bad as breaking it in the main browser so they tend to use their private browser mode as a place to experiment with their more, heavy-handed aggressive thank you yes that's a good word uh privacy protections because if they break something it's not the end of the world and they then tend to roll them from a private mode into their main mode after it's proved to be safe so in the non-chrome browsers private browsing is is more meaningful because they're using it to test their privacy tools. Okay.
[1:00:14] So, yeah, like I say, it's a difficult question to answer. Yeah.
You thought it was an easy question. Not an easy question.
[1:00:22] Where am I in my show notes? Ah, yes. A whopping 71 million new usernames and passwords have gone into Have I Been Pwned?
This is the result of a collection of databases from password-sealing malwares having been leaked.
So lots of different malware was collecting lots of different usernames and passwords, and they were making a master list of their malicious stuff.
And that master list ended up leaking and then ended up in have I been pwned in the end.
So, yeah, it's not a single breach, it's lots of breaches.
The reason I mention it is because these reporting mechanisms always bother me.
We have the protections because of the 78th time we've been hacked in some way that our data, not a hack, that our data has been leaked by somebody or other.
We basically will have coverage infinitely because there's always going to be somebody losing our data.
And it's always sending me messages going, your address is in this list. Uh-huh.
[1:01:27] I can't do anything about that. Allisonandpodfeed.com doesn't tell me where, doesn't tell me what password it thinks it has.
It just goes alison at podfeet.com I say, uh-huh, okay, thanks so this would tell me having it in have I been pwned this would tell me that my email address is in that list but it doesn't tell me, which one what password it does tell you what password this is a list with password so this case you would be able to know which password it was so something consuming the have I been pwned API like watchtower should be able to tell you that the specific password has been leaked in which case watchtower Watchtower can give you way more accurate information to tell you which ones to fix.
Yeah, so that's an important distinction, is that Watchtower in 1Password, and I don't know whether any of the other services, password managers have that, but because it has Watchtower, it's telling you, no, it's this one right here that's in the list.
And that's very useful information. If you go to have I been pwned, it goes, uh-huh.
You're in it. It doesn't provide that extra bit of information, I think. It depends on the exact breach.
A lot of them in Have I Been Pwned will tell you it's this specific website where you've been breached, which then allows you to use your own password manager to know if you reused the password there.
[1:02:43] Because I don't know about you, but when I switched to 1Password, I had a lot of password reuse on day one because I had many years of baggage.
So actually, most of the Have I Been Pwned has a specific site associated with it, as well as an email address.
So most of the notifications are useful.
[1:03:03] Again, going to Have I Been Pwned doesn't help you. It really doesn't.
Watchtower helps you a lot. For example, right now it says, I've been pwned in 31 data breaches.
Is 500px tracks plus eight tracks plus boy that that's way back that doesn't help me at all because it doesn't let me know any information but i don't know but it told you the services so if you use the same password on 500px anywhere else then you have to change it everywhere including at 500px so that is very valuable i don't think you're following me again so, i'm trying to understand but it's telling you which website and which username so that is it's valuable, isn't it?
[1:03:44] No, it's, well, if you go into 1Password and you go into Watchtower, it's going to expose it and say, this password has been reused on this site and this site. This doesn't tell me that.
This only tells me that 500px was compromised.
But that also could be compromised so long ago that that's not the address, the password I'm using anymore.
Because every time I go in here, this list just gets longer and longer.
Anyway. Absolutely true. No, you're absolutely right. Watchtower is more useful, definitely, but this is not valueless.
So I was going to recommend that people sign up to Have I Been Pwned and make use of the free alerting service, is what I was going to recommend.
But I guess you disagree.
It's just... it doesn't give you enough information to take action. That's all I'm saying.
[1:04:34] In my experience, it's proven very useful. Yeah, okay, perfect.
Yes, yes, yes, yes. There we go. That is, you're absolutely right.
Yes, that is the way to summarize it.
[1:04:44] Then we have some good news. So it has never happened before that the Federal Trade Commission in the United States has taken action against data brokers.
And now they've done it twice in the space of two weeks. Two data brokers have been banned for inappropriately selling Americans' location data.
So the first company, they were called X-Mode Social, are now called Outlogic, and they were selling location data without removing sensitive locations like healthcare facilities, religious institutions.
And also they were ignoring opt-outs by users who had explicitly opted out.
They were selling their data anyway, even though they explicitly opted out.
So they have been stopped from selling all location data and they've been told they have to wipe all other databases.
Basis and another company then a few days later called in market was given a similar ban because they had been sharing data without consent and they had been using sensitive categories which is not allowed they were selling access to things like christian churchgoers wealthy and not healthy.
[1:05:51] And parents of preschoolers you could buy those categories of location data so they have been been shut down. Yeah, great. Yeah.
But great. They're shut down. So I'm really happy to see enforcement taking up a notch from zero to two in just a few weeks.
Yeah. I, I was hoping that that title was, uh, it says, uh, uh, U S federal trade commission is, has banned data broker.
I want that to be has banned data brokers. I know. Stop.
[1:06:23] Yeah. I was rather hoping for a a plural on the headline too.
But hey, it's a start. It's a start.
Another piece of strange good news that just went utterly under the radar.
Last fall, when Apple released all of their new OSs, they doubled the amount of find my items we can have and no one noticed until now.
Because Apple updated a sport article. I found my Apple TV remote the other day with it.
Excellent. Excellent. Which I didn't realize I could do. I just wanted to find it. I went, wait a minute, of, what is that doing there?
I mean, I actually knew where it was because I keep a little rubber suit on mine so it gets stuck in the cushions instead of falling through.
[1:07:02] I want to give a big plug for Find My. When we were at CES, you can imagine when you're in the middle of, you know, the North Hall of the Consumer Electronics Show with 180,000 people that there's maybe some electronic signals flying around.
There's a little bit of EMI, you know, there's possibly a Wi-Fi, you know, cellular service and even GPS can't get through. You literally, you can't use GPS.
But you know what I could use to find Steve? I could use Find My with the Ultra Wideband.
So because we both have iPhone 15 Pros, the new Ultra Wideband 2 chip, I believe it is, it now gives you that Find My capability where you get the little kind of sprinkly dots and a closer, closer, farther, farther, you know, hotter, colder kind of a thing.
And it shows me that, no, he's over to my right diagonally and I can walk towards him and I can see it go from, you know 100 feet to 38 feet um there was a point where we were in a cafeteria and it was this huge area of seating and this and all these different places you could get food from and i was charged with trying to find a table which was quite difficult and he was charged with trying to get food which was also difficult and we got separated and i couldn't see him but i was able to keep watching when he was started to get closer and then i could look towards him and start waving my arm so he could find me that's really cool and of uh ultra wide band too that is really cool and And I have regularly used it to find things.
Stuffed between the seat cushions, actually. And it does work really well.
There's one small thing I want for Ultra Wideband 3. I want a Z-axis.
[1:08:31] Because I was one room above where my thing was.
And I was like, I can't get any closer than this. But it still says it's three meters away. And then my brain was like, oh, that's about the height of a story.
So I went downstairs. I did an article on that on the No Silicast.
That was exactly what I had happen where we were looking for something, and couldn't find it, and all of a sudden I went, wait a minute, what's directly above us if something had fallen in the closet above us? So...
So I had the opposite problem. Yeah. Anyway, it works and I love it to bits.
And then the last thing is that the FTC, goodness me, they've gotten a lot of mentions today.
They are offering a prize of $25,000 to incentivize research into detecting AI voice cloning, which is now a major mechanism for fraud where people phone you with a fake of your relative's voice saying that they're arrested and they need help or something like that or they're traveling and they need help or something like that oh that's so mean it is so mean but offering a price for research to detect this stuff is the opposite of mean so thank you ftc because this is a major fraud thing that's happening so i'm really happy about that two top tips then um facebook announced a new feature which they offer to you as a way to never forget the cool links you you follow on Facebook.
[1:09:52] So every link you click on in your feed gets logged into this log if you don't disable it.
And then they tell you in the terms of service and we use it to target you with ads.
So if you'd like to opt out of this new feature, instructions linked in show notes.
[1:10:08] And then they do, they do ask you, let me put it this way.
It is opt out, but they do ask you, do you want to be in this? You're in it by default.
So there is a pop-up that does ask you first.
That's a strange mix. That's almost opt-in, right?
Almost opt-in. Missing the spirit of opt-in, but smelling a little bit like opt-in. Yeah.
And then the last one I have is just a recommendation for checklist episode number 358.
Ken Ray basically gives you three very useful pieces of advice.
Device, how to safely dispose of an old device, how to safely set up a new device, and some New Year's resolutions that might help you with your information security.
[1:10:56] Oh, I like it. I like it. Ken raised the bomb. I love Ken. He is absolutely good people.
And then in terms of palate cleansing, I failed. I did not find any palate cleansing, but thankfully you had a bumper week and you have two.
I do. The first one is an XKCD cartoon that it's one of those ones that takes a heartbeat to get, but it's a group of people sitting at dinner.
And the one person says, we don't have house guests often, but we once had six astronauts over for dinner. The other person says, oh, wow.
And then the first person says, for seven and a half milliseconds in mid-August 2012.
The caption says, if you spend enough time looking at orbital records and property lines, you can make this claim in a lot of places.
Yeah. We're talking about the International Space Station. They were over for dinner.
Yeah, well, the Huffer text was something to do with they didn't bring wine or something.
[1:11:49] I like it. And Bart was just mad that he can't instantaneously get that information of who's over his house, which astronauts are they, right?
Yeah, I wish I could go to a website, punch in my address, and have it tell me that in 2012, you were visited by boobity-boo or whoever.
It'd just be cool. Then I could make my own cartoon. But yeah, it's fun. It's such a cool idea. I have a second one, too.
Basic Apple guy is a great person to follow on Mastodon, and they had a post that is an image, and it says, how many Apple Vision Pro batteries would it take to watch the following films?
And this is hilarious. Saving Private Ryan is is 2.49 hours, so it would take one battery.
Killers of the Flower Moon, being at 3.43 hours, is 1.4 batteries.
It goes on and on and on. It goes through Lord of the Rings, Extended Editions, Harry Potter, Star Wars, Walker Saga, and The Winter.
All 10 of the Fast and Furious movies would take 9.4 Apple Vision Pro batteries.
How are there 10 Fast and Furious movies?
I did really enjoy the first one, but I can say it tapered off after that.
I didn't know they got to 10. Yeah, it did a little bit. It did a little bit.
But I mean, the fact that Killers of the Flower Moon would take 1.4 batteries...
Your movie's too long, Martin. Come on. Or your battery's too short, Apple.
[1:13:07] Either way, it's an interesting metric. Martin Scorsese was mad for, I think it was Scorsese, right?
Yes. He was mad because some of the theatres were putting an intermission in the movie.
Like they used to do. Bio.
There's reasons you need to have an intermission. A, biology, and B, that was the norm when I was young.
It was always an intermission. I think they had to change the film reel or something.
Thing. I'm sure there was a reason for it, but that was normal to have an intermission.
It was a good opportunity to sell things in the cinema.
Not that they're short of selling things in cinemas, but anyway.
Yeah, I need a pee too. So yeah, definitely. How dare you tell them not to have an intermission?
Anyway, that's all I got in me show notes.
So I think what that means is I need to tell everyone yet again, because it's been three weeks I've realized.
Remember folks, stay patched so you stay secure.
Well, that's going to wind us up for this week. Did you know you can email me at allison at podfeet.com.
Anytime you like, just send a question or a suggestion on over.
You can follow me on Mastodon at podfeet at chaos.social.
Remember, everything good starts with podfeet.com. If you want to join in the fun of the conversation, you can join our Slack community at podfeet.com slash slack, where you can talk to me and all of the other lovely new Scylla castaways.
You can support the show at podfeet.com slash Patreon, or with a one-time donation at podfeet.com slash PayPal.
And if you want to join in the fun of the live show, It was hopping tonight.
Head on over to podfeed.com slash live on Sunday nights at 5 p.m.
Pacific time and join the friendly and enthusiastic Nozilla Castaways. Thanks for.
[1:14:35] Music.