NC_2024_04_28
Tech episode: weather apps, CSUN Conference, ViewSonic review, cybersecurity. Social media: misinformation, Google Meet encryption, net neutrality. Charles Edge remembered, WhatsApp passkeys, security practices.
Automatic Shownotes
Chapters
Long Summary
Today's episode is packed with insightful discussions on various tech-related topics. Steve is absent as he's in Washington D.C. advocating for space exploration, but Lindsay, the host’s daughter, is filling in. The show kicks off with a segment on weather apps by guest Bart Bouchats, where a pricing correction is highlighted. Moving on, an interview from the CSUN Assistive Tech Conference features Touch Graphics showcasing tactile maps. Allison then delves into her experience with the ViewSonic VX1655 4K OLED USB-C display, emphasizing its unique features like the magnetic cover that doubles as a stable surface, resolution flexibility, and headphone jack for improved sound quality. She also provides handy tips on converting tables to markdown for enhanced accessibility.
Transitioning to cybersecurity matters, the discussion delves into prevalent issues such as phishing campaigns, strict email regulations by tech giants like Google and Microsoft, and sanctions against spyware companies. The recent Kaiser Permanente data breach underscores the importance of avoiding password reuse, while the court ruling on law enforcement unlocking phones via biometrics raises privacy concerns. The team also explores the TikTok ban in the US and ByteDance's response to potential app store restrictions. The episode wraps up with a reminder on bolstering cybersecurity defenses through practices like employing password managers and activating multi-factor authentication.
In a more introspective segment, the speaker reflects on the darker side of TikTok and social media platforms, spotlighting worries about misinformation dissemination and electoral manipulation. The delay in third-party cookie deprecation by Google, along with encryption updates for Google Meet, are also touched upon. Passkeys on WhatsApp, net neutrality restoration, and the maintenance of undersea cables are further discussed. A tribute is paid to Charles Edge, a respected figure in the podcasting realm, with recommendations on resources covering large language models and Y2K. Listeners are encouraged to share content suggestions for upcoming episodes, underscoring the ongoing need for vigilance in maintaining digital security.
Transitioning to cybersecurity matters, the discussion delves into prevalent issues such as phishing campaigns, strict email regulations by tech giants like Google and Microsoft, and sanctions against spyware companies. The recent Kaiser Permanente data breach underscores the importance of avoiding password reuse, while the court ruling on law enforcement unlocking phones via biometrics raises privacy concerns. The team also explores the TikTok ban in the US and ByteDance's response to potential app store restrictions. The episode wraps up with a reminder on bolstering cybersecurity defenses through practices like employing password managers and activating multi-factor authentication.
In a more introspective segment, the speaker reflects on the darker side of TikTok and social media platforms, spotlighting worries about misinformation dissemination and electoral manipulation. The delay in third-party cookie deprecation by Google, along with encryption updates for Google Meet, are also touched upon. Passkeys on WhatsApp, net neutrality restoration, and the maintenance of undersea cables are further discussed. A tribute is paid to Charles Edge, a respected figure in the podcasting realm, with recommendations on resources covering large language models and Y2K. Listeners are encouraged to share content suggestions for upcoming episodes, underscoring the ongoing need for vigilance in maintaining digital security.
Brief Summary
Join us for a tech-filled episode featuring discussions on weather apps with Bart Bouchats, highlights from the CSUN Assistive Tech Conference with Touch Graphics, and a review of the ViewSonic VX1655 4K OLED USB-C display by Allison. We also delve into cybersecurity topics, including phishing campaigns, data breaches, and the TikTok ban in the US. Reflecting on social media concerns, we touch on misinformation, encryption updates for Google Meet, and net neutrality restoration. Remembering Charles Edge, we explore topics such as passkeys on WhatsApp and undersea cable maintenance, emphasizing the importance of digital security practices.
Tags
tech-filled
weather apps
CSUN Assistive Tech Conference
Touch Graphics
ViewSonic VX1655 4K OLED USB-C display
cybersecurity
phishing campaigns
data breaches
TikTok ban
social media concerns
misinformation
encryption updates
Google Meet
net neutrality restoration
Charles Edge
passkeys
WhatsApp
undersea cable maintenance
digital security practices
Transcript
[0:00]
NC_2024_04_28
[0:10]
April 28th, 2024, and this is show number 990. Well, we're flying without Steve tonight. Steve is actually in Washington, D.C., lobbying Congress critters on behalf of the Planetary Society on how money should be spent on space exploration. So he's standing in for Steve in the live show right now is my daughter, Lindsay. So she's been running the show. She's running the board, if you will. She got to hit the go live button. She said she feels very powerful. It has also been noted, I think it was Mike noted, that it took two people to replace Steve, because Joel from the Northwoods is going to be putting in the images into the show notes as we do the live show, which is something fun you get to see when you come to the live show. In any case, let's kick in.
[1:01]
CCATP #792 – Bart Busschots on Rethinking Weather Apps for Privacy and Functionality
[1:01]
In this week's episode of Chit Chat Across the Pond Light, Bart Bouchats joins us to talk about weather apps. He is a serious weather nerd by necessity, living in Ireland and being an avid bike rider. As he walks through the apps for us, he'll explain which ones fall down on privacy and which ones have good apps for everything from the watch to iOS to the Mac. He'll even go through how he uses different widgets to help him decide how much rain gear to wear. Now, I want to give you one caveat to our conversation. At the very end, I sprang the question of price on Bart, and he answered to the best of his memory, but he didn't have any of that written in the show notes. It turns out his memory was a little bit rosier than reality. You'll hear him say that none are more than 20 euro per year, but I looked up Weather Up, the one I was most interested in, and in the U.S. it's $40 per year. Now this might still be worth it to you, but I wanted to make that slight correction. But I do want to say this is my bad because I didn't give him a heads up that I'd be asking about price. In any case, go check it out in your podcatcher of choice under Chit Chat Across the Pond Lite or the full Chit Chat Across the Pond feed.
[2:04]
CSUN 2024: Touch Graphics Interactive Tactile Displays
[2:04]
All right, let's get started. with another interview from the CSUN Assistive Tech Conference.
[2:09]
I am back in the Touch Graphics booth again this year, again talking to my friend Lindsay Yazalino, and she's going to tell us what advances they've made since we talked last year. How are you doing today, Lindsay? I'm doing great, just enjoying the beginning of the conference. Yeah, everybody's fresh now. I know. All right. Coffee in hand. So your company is all about literally touch graphics, things to allow people without vision to be able to experience. Experience things tactilely. So tell us what you've got out in front of us today. Yeah, okay, great. So right now I'm standing in front of our new product. It's called the T3, and it's a tablet that you can put different overlays on, tactile overlays, and it turns it into an interactive experience. So you can do things like, oh, You can do things like read tactile maps and get more information by just listening to the feedback. We have games. Actually, right now we have a tactile game that we're showing. So what I'm seeing on top of the tablet is a large square with some airplanes at an airport. It's kind of showing the layout of an airport. But this is a physical thing that I can touch with my fingers, and it's on a tablet. So this is a game. This is a game, and I love this one because I love flying. So, this is a game to build tactile skills. So, in this case, it's to be able to trace your way through an airport journey.
[3:35]
So, actually, do you want me to quickly kind of give an idea, show you how it works? Yeah, so I'm going to be doing some tricky maneuvering. You're talking, I'm talking, and I'm going to move the mic down to the tablet talking. Yeah, okay, great. Yeah, that works. All right, so, hold on. So, she's just lifted up the game and put it back down, this little piece of paper. Right? So I'm putting this overlay sheet on the tablet. It's going to start up.
[4:03]
Okay, so it's downloading free games. Sheet 35, catching a flight. T3 Airlines is now boarding. Can you navigate the airport to catch your flight? Okay, so it's giving us instructions, right? Yep. You can also explore objects that are off the path at any time by pressing on them. Yes, so it's giving instructions on how to play. worth nine points. Explore the graphic with both hands. Press on any shape with one finger to hear its description. Swipe to the right to play. Okay so I'm gonna play. Well okay so let me touch stuff. I'm gonna touch with two hands. I'm touching this. It's a it's a vacuum form sheet that's like in like like you said is an airport map. So I'm gonna like touch a thing with one finger. Okay.
[4:49]
Coffee shop. Ooh, coffee shop. My favorite. Okay, so now I'm going to play the game. I'm going to swipe right. Step 1. Let's find the entrance to the airport. Across the bottom of the sheet, you'll find a gravelly street full of cars and, above it, a rough concrete sidewalk. Move your finger from left to right over the sidewalk until you find a circle with a dot in it.
[5:10]
A circle. Okay, so I'm feeling this. Oh, hey, bumpy sidewalk. Okay, touching, touching, touching. Oh, okay, I see a dotted line.
[5:22]
And let's see. Oh, there we go. There's a circle with a bump. Oh, ding, ding. You've successfully reached the airport. In a few hours, you'll be flying to visit a friend in another country. Okay, I think we see how this works. That's such an interesting design. So I can see obviously colors and shapes and things, but you can feel those same colors and shapes to play the game to train yourself? Yeah. So the idea is to help people build tactile skills because a lot of times either people who have gone blind or who have gone blind later in life or any point in their life may, or even people who've been blind from an early age may not have had training on how to use tactile graphics. And so you can give someone a tactile graphic, but it's really important for people to know how to actually interpret them and how to make sense of all that tactile information. So we're building this to provide a gamified way of teaching people how to interpret. So as a blind user, would I buy this whole tablet system with these graphical overlays? So, yeah, so you would buy the tablet, and then we sell each set of materials separately. So this game book binder, you would buy separately. And how much is the tablet? It's $750.
[6:49]
That's actually not bad. That's Steve Landau jumping in from Touch Graphics. So this is very large. This is what, like 22 inches maybe? Exactly right. 22 inch diagonal. You can tell I'm a nerd. I knew how big the display was. I know. That's good. That's very good. It's an Android, generic Android tablet. That they make in the millions for digital signage at McDonald's and other... That's why it's so inexpensive. Right. So all we do is import these devices and add a couple of accessories, like a mirror under here, which allows the camera that's part of the tablet to take a picture of a QR code, and that's how it knows which sheet the user has placed onto the tablet. So how does it know that she was pressing the correct red button and that she had found the Gravelly Road. So the way it works is it's designed so that when you explore with multiple fingers... I mean, technically, how did the tablet know where you pressed? I mean, it's a lot like your iPhone or any other tablet where it senses, you know, it's capacitive, so you feel the... it senses where your finger is. Hang on. So it's a touch-sensitive display? Yeah, it's a touch screen. It's a regular old touch screen, just like you go to McDonald's, I want the Big Mac meal.
[8:09]
This works better than the one at McDonald's. Yeah, or like your phone. It's like your phone. Okay, so when you're touching these red dots, it's actually transferring the capacitive touch through the paper to the tablet. Okay. Is there anything else we should see on the table here? Sure. You know, so the same concept of using low-cost commodity tablets, but in larger size, can now be used to provide fixed maps in public places so that anybody can come up to it and learn about an environment. So what we're looking at here is it looks like a map to me, but I can tell it's got it's got Little little dots and like the gravelly walkway again here, and I've got buttons I can press and some bail Braille. Oh as I just tapped over. I'm touching Irwin school Irwin school transition center.
[9:09]
I'll show you how This requires a kind of a special Touch to use it properly because we we found out through research that visually impaired, Users like to explore with two hands in silence. They don't want any interruption When they're trying to figure out what in the world this thing is, but as soon as you find something that you do want to know you need to be able to basically ask, what is that? And the way you ask is you just keep your touching finger in contact with that thing, and you simply lift your other fingers.
[9:53]
Okay, so I was doing it wrong as a sighted person. I was looking for things and touching them, but if I was blind, I would be using both hands, finding, and I'd go, okay, I want to know what this building is, and now I can lift everything but that one finger, and that's when it spoke to you. That turns out to be the best gesture for this kind of interaction because you don't have to lift your finger and tap. Lifting your finger loses that tactile connection to the surface. You lose your place. You lose your place and you have to find it again. It's hard to tap directly on the same spot again. Sometimes your finger moves a little. So this method, which we developed over a long period of research and testing, turns out to be the most effective way. So you're saying you actually designed it by having people involved who were blind? That's crazy talk. Who does that? What a concept, right? This whole thing started 25 years ago when I met a blind professor in New York City and she recruited me to work on these problems and I quit my other job and haven't looked back. So, it really is a product of a close collaboration between developers and users and artists and teachers. Well, very cool. You know, we're going to cut you off here, but the company is Touch Graphics. What is the website?
[11:21]
Touchgraphics.com. All right. That would be a good place to find it. Thank you so much, Lindsay and Steve. Good luck to you. This sounds great.
[11:29]
Viewsonic VX1655–4K OLED Portable USB-C Display Wins My Heart
[11:29]
Hi. Hi, my name is Allison, and I have a portable USB-C display problem. Today I'm going to tell you about the sixth one I've acquired in three and a half years. I'll be talking about the $500 ViewSonic VX1655 4K OLED that Steve just gave me for my birthday. But before we start, let's just do a quick recap. The problem portable USB-C displays solve is to give you more screen real estate when you're somewhere a permanent desk with a big display just doesn't work. Maybe you're a road warrior, or maybe you live in a small apartment where a big permanent setup is not an option. The display needs to be light and compact so it's easy to carry around, and it needs to be stable on surfaces from hotel desks to couches while lounging. Ideally, it would be bright, have rich colors with high resolution, and have good cable management. And of course, there's always a price consideration. I went through all of my previous articles about USB-C displays, and I put all of the models I've tested into a little table that shows the evolution of the products over time. The table shows the six displays comparing screen size, resolution, weight, thickness, whether they have a kickstand, and the all-important price.
[12:42]
By the way, I did something interesting here. I made the table in Numbers, because Numbers makes pretty tables, and then I took a screenshot of it and I put it in the show notes. And then I realized by doing it that way, I have now made it where I have to write a really long alt tag for the blind because they're not going to know what anything in that table says. So I thought, well, wait a minute, I've got it in a table in a spreadsheet. I wonder if there's an easy way to make it a markdown table and embed that into the show notes so everybody can read what I had to say. So I found a site called tabletomarkdown.com. and it's as easy as you can imagine. You copy the cells, you paste in there, like no formatting, no worrying. Am I in Excel or am I in Google Sheets or my numbers? And I just pasted it in and it wrote the markdown. I copied it. I pasted in the show notes and it looked perfect. I did a little bit to the table, like to make things center justified, but it was like four things I had to add. Anyway, I just want to tell people, I just figured that out because I paste in tables all the time. This is a much better way to do it. So there's a link in the show notes to tabletomarkdown.com. But that's an aside. So now I've got these six different devices that I've tested. The LaPow, the YoYo, the Cocoa Par, the KYY, the Ricoh, and now the ViewSonic.
[13:59]
In my most recent review in February, I told you about the Ricoh OLED 150 display that was very impressive. The Ricoh 150 was the first OLED screen I'd ever reviewed, which gave it three advantages over my recent favorite, the KYY4K. The Ricoh 150 OLED is a gorgeous display that made me realize what a game-changer OLED is in the richness and brightness of colors.
[14:23]
OLED displays are also impossibly thin. The Ricoh 150 is only 0.19 inches thick at its thinnest point. Being thin also makes it much lighter than standard LCD displays. The Ricoh 150 weighs 1.23 pounds versus the KYY at 1.7 pounds. It's still really, really light, but it's even lighter. But the real glory was that the Ricoh 150 had a kickstand. I know that sounds silly, but I will not buy another portable display without a kickstand. Those floopy cover case things are a little bit rough. The Ricoh 150 had a big downside compared to the KYY, other than costing twice as much. It's only 1080p, where the KYY is 4K. I have a lot of friends in my age group, and even younger than me, who don't seem to mind lower resolution screens, but ever since my cataract surgery, I can sure tell the difference. Looking at jaggy text truly bothers me. The beautiful OLED screen on the Ricoh 150 took some of the edge off, but I still wasn't quite happy. At the end of my Ricoh display conversation, I said that I was still looking for the perfect portable USB-C display. I explained that Dave Hamilton of the MacGeekGab was tempting me by telling me about the ViewSonic VX1655 4K OLED, which he said was the best of all worlds. That's the display that Steve just gave me for my birthday.
[15:47]
As the name suggests, the VX1655 4K OLED is the best of both worlds. It's OLED, like the Ricoh, but it's 4K, like the KYY. I can have my cake and eat it too. The display is just as brilliant and rich and gorgeous as the Ricoh, but at 4K, text and graphics on it are super crisp. The ViewSonic's VX1655 4K OLED has a static contrast ratio of 100,000 to 1 and a brightness of 400 candelabra per meter squared, which is a fancy way of saying 400 nits. I know that doesn't match the 1600 nits, say, of the XDR display on the MacBook Pros, but in macOS display settings, I discovered that you can actually enable high dynamic range on the ViewSonic, and it looks amazing.
[16:37]
I gotta come up with a shorter way to save ViewSonic VX1655 4K OLED for this review, but I don't want to leave out 4K or OLED or ViewSonic. So how about I just call it the ViewSonic for the rest of the review, and you all are in charge of remembering it's 4K and OLED. The ViewSonic is very thin, 0.16 inches for the display itself.
[16:59]
The electronics are in a small 5.5 by 4.5 inch box on the back, which doubles as the kickstand, and that little box is 0.4 inches thick. While the kickstand slash electronics box doesn't go all the way across like the kickstand for the Ricoh, which I do like a little bit better, I find it's very stable even sitting it on a bed. The kickstand can articulate continuously from 15 degrees to 43 degrees, which is bound to give you a comfortable viewing angle.
[17:27]
One of the problems with most of the USB-C displays I've tested, and Dave Hamilton and I've had a lot of conversations about that is that the USB-C cables stick out of the side of the display, which makes it very hard to place that display right up against your laptop. In a small space where these displays are most useful, the last thing you want is to have the display, say, four inches farther away because of these cables banging into each other. The ViewSonic has two USB-C ports on the left side of that 5x4 inch electronics box, and they're flat against the display itself. Whether you put the display on your right or your left, the cables get out of the way. As I was working with the new display, I again bemoaned the fact that the MacBook Air only has ports on the left side. No matter how well placed the ports are on an external display, that cable sticking out of the left side of the MacBook Air makes it problematic to have the display on the left. And then it hit me. I can solve this problem. And no, it's not just by putting it on the right. I can buy a right-angled USB-C cable for use with portable displays. I can't believe I never thought of this before. I just placed an order for a pair of Ugreen 3-meter right-angle USB-C cables for $13 through Amazon.
[18:42]
Now, I mentioned that the ViewSonic has two USB-C ports, and that's really common on these types of displays, but it's important to note why there are two. The second one is to provide pass-through power for the display and your laptop. You're probably going to want to use external power when possible while using the ViewSonic display because it drains the battery of the laptop at an alarming rate. I'm talking 20% in just 45 minutes, and that's before I discovered the ViewSonic can do HDR. are. The ViewSonic comes with a magnetic screen cover. You place it on the display, and there's a little flap that kind of flips over the top and magnetically attaches to the back. It's very secure, and in fact, it's a little bit difficult to pull it off without fingernails. You'll still want to get a laptop-style padded bag for this display, as it feels quite fragile to me, even with the screen surface protected, you know, if you're traveling. The Amazon ad for the ViewSonic said, fits in backpacks and purses. But okay, how big is your purse? It's 13.9 inches by 8.7 inches. I'm sorry, 8.8 inches. In comparison, a 14-inch MacBook Pro is 12 by 9, so it's even bigger than that. Even a 15-inch laptop sleeve could be too small since this display and all the ones I've tested have a 16 by 9 aspect ratio, so they're too long. Be sure to measure and size any bag you plan on to be sure it'll fit.
[20:09]
The magnetic cover has a little fold line in it, and I was kind of curious what that would be for. In the manual, they show that you can use the cover as a surface on which to set your display with the kickstand. I guess if you needed to put the display like on sand or maybe a super lumpy bed, you might rather have a flat surface for it to sit on. I won't likely use that, since it creates one of the main problems I had with the KYY's cover stand. It puts a big flap in front of the display, making it take up more space. Now, I got this far into writing the review of the ViewSonic before I looked at what resolutions were available on the display.
[20:46]
Turns out, the default resolution is 1920x1080, and that's what I'd been viewing. It's super crisp because it has so many pixels, but I wasn't getting nearly as much on screen as I might be able to still read with my bionic eyes. I changed it to the full 4K resolution at 3840 by 2160. And while that allowed me to have a lot more windows open and visible, and technically I could still read things on screen, dang, that text was wee tiny. Now 2K resolution is also available at 2560 by 1440, and that might be what's practical for me. The text is still small, but when I'm doing the live show on the road, simply being able to see every window I need to see is critical. With lower resolutions, I have so little room on screen that I feel like I'm in the middle seat of a five-person row on an airplane trying to eat my dinner with a spork. It's important to note that this display looks crystal clear at every resolution I tried. For those who actually want the biggest text possible on a crisp display, I found that all the way down to 1280x720, it still looked fantastic. I imagine now I'll just choose the best resolution for the job at hand with the ViewSonic display, and that is so freeing.
[21:59]
ViewSonic has the same kind of on-screen controls that they've been using since the dawn of time. I'm sure you know what I'm talking about. You bring up these controls with this unwieldy little nubbin button on the back of the kickstand electronics box. Reaching around the display to wiggle this nubbin and push in on it is an exercise in dexterity that I have not yet mastered. ViewSonic calls this little nubbin the joy key, but it gives me anything but joy. I went into the menus with the joy key to increase the volume of the speakers for a test. As I suspected, do not even bother using the speakers. They are as awful and tinny as you would expect. Now, if it would give you some kind of happiness, there is a headphone jack next to the USB-C ports on the back, so you could use that if you don't want to subject anyone around to you to the sound coming out of those tinny speakers.
[22:49]
The only thing I'm having trouble with on the ViewSonic is that I can't adjust the brightness. There's a control for it in the on-screen display menu, but it's grayed out. I studied the user manual and it says that certain view modes lock brightness and contrast to specific levels. The manual says just change the view mode, but the view modes menu is also grayed out. I even watched a video where two pretty funny technical writers from ViewSonic read user complaint comments just as the way they were written. It was pretty funny. and then they explained the answers to the problems encountered. The comments were things like, doesn't work as a touchscreen on Mac. Well, duh, Mac OS isn't a touchscreen OS, right? But anyway, they were pretty funny, but they addressed the fact that the screen will go into low power mode, which locks the display brightness at 15 and the contrast ratio at 70. The remedy is to connect an external power supply.
[23:44]
That's helpful info, but I can't control the brightness even when it's connected to a power supply. I even tested using their included HDMI to mini HDMI cable for data and their USB-C to USB-C cable connected to their power supply just to make sure I didn't have some dodgy cable or power supply messing things up, but I still couldn't adjust the brightness. It's pretty darn bright, but I like things really bright. I figured out how to set the display back to factory settings, but I was still unable to control brightness and contrast. The display still looks good, like I said, but I like brightness set as high as possible. I do this even on my Pro Display XDR, which some folks have suggested will burn your eyes out. I'm looking at you, John Syracuse. With the brightness set to maximum, if you find that comfortable, and I know some don't, your pupils will contract, which creates a longer depth of field, hence increasing the depth of field into which your eyes can focus, and that's why I do it.
[24:39]
I'll be shooting a note off to ViewSonic to see if there's something I'm missing to allow me to control brightness. The bottom line is that the ViewSonic VX1655 4K OLED USB-C display is still the best portable display I've ever used. The OLED panel provides vivid colors and the 4K pixels give super crisp text at all resolutions. It's really light, but not quite as light or as thin as the Ricoh, but at 1.5 pounds and between 0.16 and 0.55 inches thick, it's delightfully easy to tote around. I like the magnetic screen cover, and I love the kickstand and the location of the cables. At $500, it's not cheap. It's the same price as the Ricoh that's not 4K, though. The KYY display at half the price isn't OLED, weighs more, and does have that terrible floopy cover coverstand, but it's 4K. In any case, I'm happy with this because the ViewSonic VX1655 4K OLED USB-C display is truly the best of both worlds.
[25:40]
Support the Show
[25:40]
Here's a hot tip. Did you know that if you pledge to support the show financially through Patreon, you get an ad-free show? Yeah, it's true. The same show that you've come to know and love over almost 19 years every single week without fail is is available to you without interruption by ads. Okay, to be fair, you do get the same thing without paying, but doesn't it sound better to be a patron of the Podfeet podcast? If it does sound good to you, head on over to podfeet.com slash Patreon and join the heroes who support the show.
[26:13]
Security Bits — 28 April 2024
[26:14]
Music.
[26:22]
Well, it's that time of the week again. It's time for Security Bits with Bart Boosh Shots. How bad are things this week, Bart? I didn't do an average score, but I don't think it's too bad.
[26:34]
A couple of some homework for people, though. There is one piece of homework for people. There is one, actually, yeah, we might as well just jump there now and just get out of the way. There is one action alert, which is a critical update to Putty, which is a fantastic free app for doing SSH and similar stuff. On windows but it doesn't it's a very simple app which is great but it doesn't have an auto updater or anything because it's a very simple app so you tend to download it and never think about it ever again which means if you look at the version number you're likely to be a long way from 78 which is the current version you're likely to be like 60 something i've seen 50 some things Anyway, they had a bug in how they started to do some of the more modern private keys, the elliptic curve cryptography stuff.
[27:24]
And if a baddie can trick you into connecting to their SSH server 60 times, they can get your private key and then they can become you on other servers you have access to. So the attack scenario is most realistic against some sort of automated process. If you have something happening automatically, say, you know, some sort of backup over SFTP or something and you're running on Windows and you have it automated, that's kind of the biggest risk. But either way, you should update your putty because I found that a lot of putties I discovered on, I won't say where I discovered them, were so old they weren't vulnerable to this bug.
[28:07]
Oh, that's so sad. Yeah, but I still told everyone to update their putties regardless. And Putty being an open source client, its brain is in other places too. So WSFTP and FileZilla actually use Putty's brain. So if you use those two apps on Windows, you need to update as well. Okay. I haven't used Windows in a thousand years, but I remember installing PuTTY on my Windows machine at work during those three years of agony. But yeah, it was delightful.
[28:38]
Yeah. I'm a huge fan of PuTTY. I missed it so much when I came to the Mac. I briefly ran a version of PuTTY in X11 that was using Windows emulation. So I had a Mac running a Linux UI and Windows emulation just to get PuTTY. And then I stopped. Anyway.
[28:53]
So with that out of the way, I think that's probably the scariest. So we have a whole bunch of follow-up on things we've talked about recently. So last time, so two weeks ago, we talked about Google having just launched their Find My device, not to be confused with Apple's Find My network, and we said that they were basically the same. And that is not wrong. They are basically the same. But Glenn Fleischman dug into the detail of the heavy lifting being done by the word basically. They're not identical. And so where are the differences? And there's three distinct differences and two and a half of them actually make the Google infrastructure a tiny bit more privacy preserving. It backs off a little bit more. So if there's only one Android device near you. What do you mean by backs off? As in it doesn't report the location data as much because it thralls itself from sending position notifications a little bit more. So if there's only one Android phone nearby, it assumes you're probably not in a public place. So you're probably at home or something. So it shouldn't start beaconing locations. So unless there are two or more phones, it doesn't beacon. Right.
[30:09]
I don't like that at all. Doesn't that mean it's harder to find your phone when you've lost it in the seat cushions or forgotten that it's on the table directly in front of you and you can't find it? Well, no, because at that stage you're using Bluetooth. So you're not relying on the Find My Network at all. At that stage you're using your own Bluetooth. Right? You're using the Bluetooth low BTLE. So on my phone and my watch, it's using the ultra-wideband antenna to discuss. Is it? It's an adjacent protocol. Okay. Effectively, yes. Yeah.
[30:45]
Okay, the point is it's not using the Find My Network. Not the Find My Network. Yes, yeah, that is the point. Okay. Okay, all right. It also doesn't beacon when you're at home. And this is where the sting in the tail comes. In order to use Google's network at all, you must tell Google your home address. You cannot enable the service without filling in your home address on your Google profile. and Google have literally been fined. Well, I would say it's bad because it means that Google have been trying to get people to put... have been trying to infer that location and ended up being fined for doing it without proper consent and now they've found a way to make you do it. So I think of all... This is the only thing that I found that was like, that's a bit skeevy. And then there was a third very subtle thing that I don't remember off the top of my head, but basically it's effectively the same, but they really do need to know your home address to let you join the network, which is...
[31:37]
Maybe from the Google ecosystem you really don't care because Google's ecosystem is as all-encompassing as Apple's ecosystem. If you have committed to Google to get the full value, then they kind of know everything about you anyway. So you're probably not going to care about this as much as I would. And I would care about it a lot, but then I would never use a Google product because I care about it a lot. So maybe the whole point is academic anyway. Anyway, if they're going to not use the Find My network when you're at home, don't they need to know when you're at home? I mean. Well, Apple inferred that. Google make you tell them.
[32:16]
So Apple doesn't use Find My as well when you're in your home network? I only understood you to say that about Google. Indirectly. Indirectly because Apple doesn't use the Find My network if one of your devices is nearby. Buy well one of my devices is always nearby i've always got my ipad my mac my iphone you for example yeah i've always correct i've always got two devices correct which means that your tokens are not beaconing until you lose them and then you're not nearby anymore and then they are beaconing because if they're nearby found or beaconing to be part of the find my network, Beaconing to be part of the network. Other people are not anonymous. So if I've got my watch on and my phone in my pocket, I'm not helping the network at all. Is that what you're saying? No. No, no. You're only helping other people's trackers. So I am beaconing. But no, no, no. No, no. Your air tags are shutting up when you're nearby.
[33:15]
You're only talking about air tags. You're not talking about all the other Find My stuff. No, they all work the same. Same. We're getting lost in words here. Okay, so forget AirTags for a minute. If I've got my phone and my watch with me, then I'm not beaconing to find my stuff or to help the network. Is that what you're saying? If you're nearby your own stuff, it's not using the Find My Network to send anonymized location information because your stuff is in contact with itself directly over local protocols.
[33:50]
So and the answer to my question is then i don't understand your question okay so beaconing you said has two purposes one is to be found and one is to help the network so other people can find their stuff to be part of that mesh okay okay then beacon we're using beaconing differently because to me beaconing no i asked you what it meant and you said that that's okay let's back up What do you mean by beaconing? So beaconing is a token proactively shouting, Oi, share my location. So in order for your phone to help someone else's device be found, someone else's device must be beaconing, basically shouting out, saying, Hello, hello. And then your phone goes, Ah, I hear you. I shall relay your signal. Okay. Okay. Okay. So beaconing is, is the, uh, I'm available to be found. What is it called when you're helping the network? Is that, that's not beaconing? That's, that's just, no, you're just, it's your phone being your phone. Yeah. Okay. Yeah. It's just taking part.
[34:56]
Yeah. It's just taking part. So you've passive devices and active devices and the passive of devices are beaconing because they can't they can't do anything without help and all of your phones are just helping okay okay so back to where was my point um i had a point a while ago when when we were talking about inferring the location home location it's not really home location that apple works on it's your stuff's together you don't need to be uh wasting energy beaconing saying hello find me because if you just use the bluetooth or the the ultra wide band and the protocols they're in to to find themselves yes and it sort of infers places you tend to be and gives those kind of special importance for other parts of apple stuff but they don't make you tell them yeah okay okay i got you now i understand why google's insisting on your home address would be a thing. Yeah. I can say, to be honest, they're so similar. Glenn had to work hard to find differences. But I thought it was interesting. And given that he's such a good writer and that he knows this stuff really well, I read this article. I figured others might too. Did he get more into the parts where Apple needs to connect up with Google to be able to make this be all one big happy network together? Because I understood that Apple was supposed to do that, and they haven't done it yet? Only in terms of the anti-stalker stuff, not in terms of this being a more accurate findy network.
[36:24]
Okay. Okay.
[36:27]
We got through bullet one. Yeah, okay. So I have been warning that attackers seem to be focused on developers at the moment. That is a trend I have noticed in the last, say, six months' worth of news, is that the baddies are really going after developers. We've had all sorts of watering hole attacks tax-training developers and stuff trying to poison various package repositories with lookalike packages that are full of malware. Well, there's a new twist in that sordid tale that I have noticed once or twice in the last couple of months, and it happened again this week, and I just think we should warn our listeners. If you are a developer applying for jobs, there is now a thing happening, where fake job offers are being used to host fake interviews where you get asked to do a coding challenge, which involves downloading something from NPM as part of the coding challenge to test you on the interview, which is actually installing malware onto your own device.
[37:28]
And letting the baddies in. So this is just another technique for getting onto developers' computers, is to have fake interviews with malware distributed as part of the interview. So I thought, yay, just another thing to be aware of. And the attackers have also found a unique and interesting way to... It's a technique, I don't know if you're familiar with the phrase, living off the land. This is a real trend in malware these days. So one of the ways we used to find that something bad had happened was that there would be a weird file sitting on our computer. And so the antivirus software would go around looking for the weird file. You know, oh yeah, if you have blahdyblah.dll, then you have blahdyblahvirus. Well, attackers know that's how they get discovered. So they have been trying to abuse legitimate tools for illegitimate purposes, and that's called living off the land. And this concept of living off the land has now gone into the cloud. So can we trick legitimate websites into taking part in our malicious activity? And they're very clever. And so they have discovered a very interesting GitHub trick to have GitHub act as a CDN for malware and to make the malware look like it belongs to an extremely legitimate company, the example being Microsoft.
[38:55]
So you go to the Git repository belonging to the company you'd like to impersonate. You start typing, say, an issue on their issue tracker or maybe a comment on an open issue. And you click the attach button and you attach your malware to the comment you're posting. And then you walk away. You never hit submit.
[39:17]
But the file has been uploaded because you're in the middle of composing your comment. Yeah, yeah, yeah. In the preview window, you right-click and you save the URL and you just start using that URL. And the URL will start with the name of the repository, which will be forward slash github.com forward slash Microsoft forward slash PowerShell version 4.6 forward slash issue 324 forward slash file. Da-da-da-da-da. You haven't done it. So it looks fully legit. It looks fully legit. And what's even worse is the owners of the repository never see your comments, so they don't know the file's there. How would they? Oh, yeah, yeah, yeah. Because you never even hit submit. It seems to me that that could be changed in GitHub where the file is not uploaded until you submit. But one of the nice things about the way it works is if you upload an image to be embedded, it does upload it, and then you can preview and say, okay, now it looks the way I want it to, and now hit submit. It's a nice feature, but if this is going to be abused, I guess they would have to stop that? No, there's another way around it. You could simply say that every hour, every file that belongs to a post that was never completed gets deleted.
[40:27]
So you could have a cleanup job that goes up in four. Well, that means it's bad for an hour. But that's not, these attacks tend to involve, okay, so you now have this URL, so now you start a phishing campaign. So if you can, even if you cleaned house once a day. It's a longer game. Yeah, exactly. Even if you cleaned house once a day, you could do a lot of good, but you could probably clean a house every hour, really. I mean, how long is a login session? How long do you consider a post valid while it's in draft? If you had an hour. Is it common slash necessary to upload executable files to GitHub comments?
[41:03]
No, the attackers wouldn't necessarily be uploading a traditionally executable file.
[41:09]
They could upload a bunch of code that's just plain text, which is then loaded by the malware from somewhere else. And therefore, when it shows up on the corporate firewall, it's not something downloading from weirdowebsite.com. It's oh it's github and microsoft that's going to pass every spam filter because it's very legitimate right right you're basically stealing reputation yeah and it was very clever nice things yeah it was very clever and i thought that's cool i wonder how many other websites are have the same problem no one's thought of well the answer is the open source clone of github called gitlab has exactly the same problem so people who self-host git git lab or who use the corporate git lab they have exactly the same problem so uh yeah well i guess whatever fix is put in place for one the other can copy and like i say a cleanup task is all that's really needed um last time we talked about google making big changes in how they deal with spam basically becoming a lot stricter in the emails they accept as being legitimate and Microsoft are joining the same fight but in a different way Microsoft are cranking down the quotas you're allowed to send and what this protects from is someone let's say that you are an outlook.com user and you get hacked then at.
[42:37]
The moment the attackers can send 10 000 emails as you to all of your friends and family and they will appear to to be legitimate and then then you will get throttled for going over your quotas well the quota is going to drop to 2500 wait we you can send 2000 or you can send 10 000 messages in a single day you can send 10 000 messages with exchange you can send 10 000 messages, in any rolling 24-hour window why is it even a tenth of that i can talk i can talk to you about that offline but even that even that 10 000 is considered too low for some people, And this is going to cause a lot. This dropping it down to a quarter is going to make people very, very cranky. And I'm just happy Microsoft are doing it anyway, even though I promise you it's going to make people cranky because I've already heard some of the crankitude. Yeah, that's where you go use an email service like MailChimp or something. You are not wrong. You are not wrong in the slightest, but it's much easier to do a mail merge with Microsoft Word and Microsoft Outlook. And Microsoft Excel than it is to go use MailChimp for some people. They shouldn't be, but I've been doing it that way since 1982.
[44:04]
I got to say, I enjoy me a good mail merge. I mean, I'm not going to lie. I did my Christmas cards that way, Christmas letters that way for years, but no more. There you go. There you go. So anyway, it's good to see the fight against spam continuing. Another good fight I'm happy to see continuing is the U.S. government continues to be very hard on these sort of grey hat, in the middle spyware companies like the NSO group. They're arguably legitimate corporations and they're selling really nasty stuff. And 13 more people involved in that industry are now sanctioned by the United States. So yay. I believe this time it was mostly in Italy. Anyway, it's all good. And also, I'm happy to see fighting the good fight, is the US Federal Trade Commission, the FTC. They have levied another fine against another company abusing our American privacy. I can't say ours because I don't live over there, but you can. Anyway, the mental health startup Cerebral has been fined $7 million over privacy violations by the Federal Trade Commission. So, yay. And in related news, the FTC has sent out 117,044...
[45:18]
PayPal transactions which I thought was very strange that it was being done through PayPal to the American users of the Ring Video Doorbell whose videos were improperly accessed by Amazon staff and their contractors and basically there was a 5.6 million dollar settlement reached about a year ago I think and 117,000 people and 44 are getting their share.
[45:42]
Now somehow I don't think you take 5.6 million and divide by 117 44 i think you divide by two you divide by two and give half of it to the lawyers and then you divide the remainder by 117 044 but that's still not nothing it's more than the token 10 cent you usually hear people getting so okay makes you kind of wish your video private videos had been illegally accessed right as long as they were were boring yeah yeah and then i have a deep dive which on the surface sounds like this is a terrible story because the headline is that kaiser permanente reported a data breach affecting 13.4 million patients and my initial reaction was eep not another one so i knew i recognized the name kaiser permanente as being something to do with health somewhere in america so i did a little bit more reading and it turns out that they have been around since the 50s they are a not-for-profit and they are one of your biggest health care providers and the more i read about them the more i like them and the more i think if i lived in america i quite liked it to be one of their customers and like i was even more interesting they're very interesting in one way they're metrics driven they've got math that says for example it costs more if we take three months to get back to somebody on something.
[47:04]
So they've got, the doctors don't like it, but they've got metrics they've got to meet that you've got to answer this person within a day or you've got to, you know, they're incredibly efficient. The speed at which they do things is refreshing.
[47:16]
I like that. Well, they reported this data breach and I'm going to use all of the air quotes in the world because what actually happened was that their webmasters used the standard tracking tools every major website on planet Earth uses and that invasion of privacy by using the normal tools everyone else uses all over the internet is considered a data breach by Kaiser Permanente. Business as usual on the internet of 2024 is this data breach. And they have stripped all of that cruft from their website, told everyone that they had been reporting stuff to Meta and Google in the normal way like every other website on planet Earth almost. And they are treating it like a data breach. And the takeaway from me is that we have now ended up in a world where business as usual really should be considered a data breach when you think about it.
[48:09]
Really it actually is a data breach right because data about you is leaking without your knowledge to other websites yeah and so i i just that just blew my mind i was like i need to talk i need to get this into the show somehow and so i did it up as a deep dive and i sort of went and i thought about it like we think of some websites as being these bastions of liberal and or these terrible places of woke nonsense it doesn't really matter because when you look at them they're doing all all this tracking stuff too. So technically speaking, the New York Times is a data breach a day. So I went and checked. Want to go play Sudoku? Safari stopped six trackers on the Sudoku page. Sudoku! It's not even free anymore. Actually, I've heard that the games like the New York Times puzzle and Wordle are like the two biggest sticky things for the New York Times. It's not reading articles. It's those two games. It's Wordle!
[49:08]
It was a good purchase on their part. It's been huge. It was very clever of them. Very clever of them. Yeah. Yeah. So anyway, I just wanted to get the guys. I wanted to basically let people know if you are a customer, don't panic. I mean, you hear there were data breach affecting millions of people. It's just the normal Internet tracking. And that made my head explode. And so I just wanted to get it into the show notes in some form. So there we are. We've already done the putty story. So now we have the jump to where the warnings. warnings so there are a lot of people who need to interact with people who speak chinese and so you may even though you might not think you are be being spied on by the chinese government because the fantastic researchers at citizens lab in canada have discovered that just about every one of the commonly used um.
[49:59]
Pin what is it called pinning uh keyboards that you can get as a special keyboard extension app on ios or android they phone home with your keystrokes to china oh and so you might think well the chinese government's buying on chinese people right that's you know dog bites man but an awful awful awful awful lot of companies do business with china and therefore they will there are an awful awful lot of things being typed into chinese character keywords not by Chinese citizens, but by all sorts of people that may not realize it. And it's all funneling straight back to the Chinese government. Well, and also everybody who's emigrated to the United States from China, everybody that has done that uses a Chinese keyboard. I based that on my entire sample set of one, but I'm sure of it. Many of you probably do, right? Oh, it seems realistic, doesn't it? It really does. Yeah, so the details are on the Citizens Lab story linked in the show notes. they are also a fantastic organization. They're the people who have uncovered a lot of the Pegasus stuff as well over the years. They're an excellent organization. So did you say it was a specific keyboard or all of these, lots of these Chinese keyboards? Every one they tested.
[51:15]
Wow. Yeah. Rampant, basically. Absolutely rampant. So if you need to type Chinese, either use the built-in iOS keyboard, not a third-party one, which is probably nicer to use. I'm sure there's a reason these third-party apps exist. They must be reusable. Oh, so there is a built-in Chinese keyboard. I understand that there is, yes. Yes, I understand that there is because it turns your keyboard into a little drawing place and you draw the symbols and then hopefully, unlike the graffiti thing from years ago, it works. I don't know how well it works, though. But in theory, you can indeed enter Chinese characters on an out-of-the-box iPhone today. Today. That wasn't true when they launched, but it's true now.
[52:01]
Now, we have talked a few times recently about how if your device is too old to be patched, it goes in the bin, and if it's not too old to be patched, you patch it. Well, this is another example. Multiple botnets exploiting one-year-old TP-Link flaw to hack routers. If you have a router, A, patchy, patchy, patch, patch. B, go into the settings, find the bit that says automatic updates, click the little click box and then leave because you're not going to remember so don't put the onus on you let the device look after itself, and if it doesn't let you do updates that's where you go looking for the closest bin I would a responsible recycling bin, correct electronic waste I probably would in my younger years I would set a calendar reminder while money was tighter and these days I would just It would be a black mark, especially for a router. It's such an important device. So for me, yeah, it would be a black mark. But anyway, there we are.
[53:04]
LastPass are also warning that there is a phishing campaign going on, where people are pretending to be LastPass customer support to help people and asking them for their Vault password as proof that they are who they say they are. Don't fall for it. there's all sorts of contexting and stuff before they get to that ask and they string you along for quite a bit and build up quite a bit of you know they don't start the call by saying give me your last pass password but that is where you end up and the reason they're doing it is because they're after cryptocurrency.
[53:37]
Oh. So be aware. Or don't be a LastPass user because, hey, remember LastPass?
[53:46]
Anyway. Yeah, not quite what we're looking for these days. Indeed. And so the headline is noteworthy in itself. Roku leaks 576,000 accounts in its second data breach of 2024. That is noteworthy in one way. but that headline is in my opinion a little bit misleading because Roku haven't really leaked them, Roku was the victim of what's called a password stuffing attack you take passwords stolen from other websites and try them elsewhere and someone tried a lot of them against Roku and succeeded now Roku's monitoring should have stopped this and nipped it in the bud straight away way. Now, after having this happen twice, Roku have decided to force MFA, or 2FA, multi-factor, two-factor auth. They should have done that after the first attack. So, I can see... Or maybe before the first attack. Or before the first attack, yes, but definitely after, right? You know, how many warnings do you need?
[54:52]
So, this to me is a really good reminder of why we do not reuse passwords, therefore why we need a password manager, and why we always enable multi-factor, two-factor auth authentication whenever we can so there we are moving on to notable news um this is definitely not a good story but it could be worse and the headline from ars technica sort of says it all cops can force suspects to unlock phone with thumbprint u.s court rules so the judgment was that forcing someone to put their thumb on Touch ID is not testimony because it is a thoughtless act equivalent to a fingerprint or taking blood.
[55:41]
That's really a stretch. Like you don't have to think to move your hand over and put your thumb on it. Well, I believe the law enforcement officer took the person's thumb and shoved their phone against it. So, yeah, they literally could have been unconscious. I bet they were thinking. How about, how does that work with face ID? Unclear. The judges seemed to be quite careful to rule on the case before them, and they didn't seem to want any more trouble. I think they may have felt they were in trouble enough as it was and so they gave a narrow ruling, this has resulted in some people advising that you stop using Touch ID this is not good advice this makes you way less secure and also it's just not good advice because it's a much simpler thing we should all learn whether we have Face ID or Touch ID we should all learn this if you squeeze and hold on any iPhone the lock button and either one of the volume buttons for two and a half, three seconds-ish, you will feel a haptic feedback. When you do that, your phone is locked as if you had just powered it on. Neither Face ID nor Touch ID will be sufficient. Your passcode will be required. We know entering a passcode is a violation of your Fifth Amendment rights.
[56:58]
Therefore, that is the answer. You should know that gesture. And I do in airports or anywhere where I encounter law enforcement, i subtly stick my hand in my pocket i never even take my phone out i squeeze those two buttons i feel the little haptic and i'm done and then i have the minor inconvenience of having to type in my passcode like an animal once when i'm through security but uh you know that is so i was going to say this will certainly be appealed but i looked and it was the ninth uh circuit appellate court that just judged on this so it will have to go to the supreme court if they're They're going to get that changed. It will. And they're busy right now. They are a little busy right now, but it seems to be inevitable that one of these Fifth Amendment cases is going to make its way up because it's such a question. I mean, it's such a question. Different appellate courts are coming to different opinions. And if different appellate courts come to different opinions, there's only one thing that can happen. The Supreme Court have to judge. So it's when, not if. And yeah, and I have no idea how those overall arguments would go. We'll, you know, that bridge when we get there. It's so hard not to say anything about the Supreme Court right now. I'm glad you're finding it difficult. I'm glad you're finding it difficult, too, because I'm being... We can talk offline. My poor tongue is so sore from being bitten.
[58:20]
Oh, dear. I need more practice. I'm going to stick to the facts here, and then I will leave it to you to guide the conversation after I impart the facts. So it is definitely true that there are turbulent times for TikTok in the United States. A bill has passed which was 90% about funding Ukraine and funding Israel. And because that was a must-pass bill, that seemed like the perfect opportunity to throw in the long, long, long, long, long talked about TikTok ban. And I use the word ban very loosely because it doesn't actually ban TikTok. TikTok what it says is if nine months after the law is signed into law and it has been signed into law so the clock is ticking ByteDance are still the owners of TikTok then all of the app stores belonging to American companies must stop offering the app in their American app stores which effectively kind of bans TikTok but it is a law targeting the app stores rather than targeting TikTok, but it does say that ByteDance need to sell it to stop this happening.
[59:33]
Simultaneously, there was some news, not reported, I was going to say leaked, no, reported by Fortune, from former TikTok employees saying that absolutely, the Chinese-based parent company, of course they can get at the data, and I'm not entirely sure that surprises anyone. Can get at the data you said can yeah and i don't think and the data is in the united states it is in the united states in a data center run by oracle as something called project texas.
[1:00:06]
Which is interesting. And then the other thing is there were some rumours briefly that, oh yeah, yeah, they're already in negotiations to sell TikTok. And that was stumped on extremely quickly by a social media post from ByteDance saying, nope, nope, nope, nope, nope, nope. We have zero interest whatsoever in selling TikTok. And shock and or horror, they are going to court to challenge the legality of the law. They say that this is a law targeting them and there's literally something in the constitution i believe it's called a bill of attainder you're not allowed to pass a law that says allison can't do something you can only pass general laws for everyone not targeted laws against people you don't like so they say this is a law of attainder if i'm correct i think they played that same card in relation to, was it a Montana ban against TikTok and they won? Sounds plausible. I can't verify that, but it sounds very plausible to me.
[1:01:10]
So they're the news stories as they are. And I don't know if you wish to make any comment on them. I have. Yes, I do. One thing, I've just added a link to the show notes. Tom Merritt did a really good episode of Know a Little More where he explained ByteDance. It's a really good understanding of the company and the different influences on it. So that's worth looking at. I told Bart, one of the things I keep swearing I'm not going to do to Bart, even though I did it on Friday, is not spring a question on him that he hadn't already been able to research.
[1:01:44]
And so I asked him ahead of time, I said, fair warning, I'm going to ask you to explain what is actually nefarious about TikTok in particular. Like, I know it's owned by a Chinese company. Okay. So if that's the only thing and that's big, scary thing, okay, whatever. But I have this faith that is probably misplaced that if all of the Republicans, all of the Democrats and the president all agree on something, it's probably not a bad idea to do because they never agree on anything. And so I asked Bart, what is it about TikTok? I mean, I also know that Chinese companies, Chinese-owned companies can be told at the drop of a hat to do something by the government and they have no choice. I heard an interview of a guy who owned a, it's like a food truck or an ice cream truck or something like that. And he was really successful and he had hundreds of trucks. And one day the Chinese government said, yeah, we own that now.
[1:02:43]
And that was when I realized, I mean, it doesn't have to be something super valuable. This guy had food trucks. That's all, you know, not to discount food trucks, but, you know. Right. So the question is, since you understand the security of these things, what is this huge alarming threat about TikTok in particular that's different from all of the other social networks that we allow to spy on our data?
[1:03:07]
For the most part, there isn't anything dramatically different because when you listen to Tom, you'll know that ByteDance isn't particularly Chinese owned at all, like I mean yes there are connections to China but there doesn't seem to be a particularly clear path where the Chinese government can do like your example of the guy with the successful business just being taken over when you're in China with a Chinese registered company that is easy but ByteDance isn't that ByteDance is was it in Hong Kong or somewhere else.
[1:03:37]
It's not even that straightforward and I'm sure they could assert some sort of subtle influence but that's not really the big danger that is facing us all from social media the problem is that it's extremely easy for carefully targeted small misinformation campaigns to have massively outsized impacts because of the subtleties of well every election system has their subtleties and in the american system there's one or two districts can swing one or two states which which can swing the entire election. So basically, an election, you could have tens of electoral votes swung by thousands of human beings, which is, you know, for a country of millions and millions of people, that's not a lot of human beings you need to convince if you choose your human beings really, really, really carefully. And this is where all of social media is the problem. Not TikTok, but all of it, because you can go to any of these social media companies with these really detailed profiles and you can buy.
[1:04:42]
An advertisement that no one will know you've bought that says a whole bunch of lies that you have very carefully chosen and target them at people who you know need to be convinced and how to convince them because you have a detailed profile of them that's the danger and if i had my eyes closed when you were describing that i would have immediately thought you were talking about facebook i am they like they are by far the biggest danger with x and so forth coming in a close second end but and yeah TikTok is part of that you can buy ads and stuff and I'm sure they do plenty of ad targeting and stuff but that's the danger that's the actual five alarm fire and that's difficult it's really hard to deal with that that is a difficult problem to solve and it's not politically popular to actually start regulating Facebook difficult to do it will be slow it would take a decade. That is how, like, Europe has recently passed a bunch of stringent regulations, but that didn't happen in a fortnight. That took a decade of work. The start of the Digital Services Act is at least a decade ago, and it just went into effect. It's really hard work. So the incentive, I'm a big believer in incentives, and the incentive on a politician in a utopia would be to do good.
[1:06:06]
But the actual incentive in actual planet Earth, in every country where we have democracy, is to look like you're doing good. That is a subtle difference. Looking like you're doing good versus actually doing good are very different things. This bill is extremely dramatic. And until you stop and think and analyze deeply, it looks like it's doing good. Problem solved. We haven't had to deal with the really, really difficult actual problem. we have achieved what it is we are incentivized to achieve to look like we're doing something.
[1:06:42]
I'm very cynical i know but i no no it's it's a it's a terrible state of affairs that i was really wishing you would describe some incredibly nefarious clever evil technical way they were We're doing something awful to us. So this is actually a worse answer to me. I'm sorry. And I really wish I could say, well, actually, they're doing blah, blah, blah. This solves everything. This solves nothing. This doesn't achieve anything. They couldn't be doing a GitHub poisoning attack of comments with code. No. But would any of that be solved by getting ByteDance to sell TikTok? No.
[1:07:26]
That's the problem. The solution isn't a solution. Well, oh, because then they would just be under US control, which doesn't solve anything. Yeah, exactly. Yeah. I just don't see how it solves anything. Anyway. I wish I hadn't asked. Can we move on? We can. So we have mixed news from Google, and I've done it with a smiley face, with two smiley faces, and I'm going to do the sad face first. So Google have postponed the deprecation of third-party cookies, which is, that makes me sad. But actually, maybe this isn't a bad thing. So the reason they postponed it is because the UK's privacy regulators are scrutinizing Google's privacy sandbox to make sure it isn't leaky. So Google are replacing third-party cookies with their privacy sandbox, and the UK regulators want to be sure the privacy sandbox is actually a privacy sandbox. And the noises are actually quite positive because Google say that they're in an active, constructive engagement. So it sounds like there actually might be some useful tweaks to come out of this. Wait. Wait. So, I reserve judgment. However, what I do know is good news, is that if you... Do we know how long they're delaying, by the way? Until early 2025. So, it was meant to happen end of 2024, now it's 2025.
[1:08:52]
If you join other people on Google Meet calls, so if you have a meeting with someone who's a Google customer, they can invite you into their meeting, their hosting, without you being a Google Meet customer yourself. And up until now, that meant that encryption would not envelop you. You couldn't be end-to-end encrypted as a guest. Well, because browsers are amazing things these days, and JavaScript can do quite impressive stuff, it's technologically possible, and now it's actually feature possible. Google have expanded their treatment of guests to envelop them in end-to-end encryption for the guests as well as the hosts. So, yay. That's just a good thing. That is good news. You know, what's funny is I've heard of Google Meet, but my tendency is, well, I'm not going to try that because it'll be gone by the time I get attached to it, right? And I actually thought it was gone by now. I just kind of assumed it would have been deprecated because that's what they do. Or at least renamed.
[1:09:58]
Yes. I heard somebody complaining. I want to say it was on the Accidental Tech podcast about Apple never renaming things when they don't make sense anymore. But the alternative is worse, right? It absolutely, absolutely is. And if you think Google are good at renaming things, you should try their friends over in Redmond. We have arguments in the office about what product we use. Is it Defender XT or Defender 365? Defender for Cloud, Defender for Office, Microsoft Defender. What is it we actually buy? I don't know. Check our bill. It'll be different next month. Anyway, anyway. Also in the Mostly Good News column, it's being reported in the present tense, which isn't fair. It is coming soon. Meta have announced passkeys are on their way to WhatsApp for iOS. They're not there yet, but they are going into beta. I read the headline which said WhatsApp finally rolls out passkeys. I thought, yay! So I went to the settings app and I couldn't find it and then I read the detail of the article and they went, they have announced that it's coming. It's like, well then don't put the present tense in your headline. So, coming soon. I think good news. The Federal Communications Commission have restored net neutrality in the United States and Colorado... I would say that's good too.
[1:11:22]
Colorado have expanded their already quite impressive privacy law, which protects biometrics, to clarify that brainwave data is biometric data. So corporations can't hoover up your brainwaves without getting your very explicit consent. So that's good. That's interesting. Colorado specifically.
[1:11:43]
It's state rather than federal, right? They have passed a bill. Yeah, that's kind of interesting. that's thinking ahead of the game right as we're watching things with brain implants and stuff you know yeah yeah yeah better to do it now than when oh yeah we already have five years worth of data what you want us to delete it that's a way harder ask how do you know it even happened now i am very sorry and i think it's really important that i talk about the next story so it's in top tips because it is a tip it's a very important tip and it's a tip that you will remember from when Tim Verporten passed away. So this week, a podcasting acquaintance who I would have loved to be able to call a friend because every time I met him digitally, I loved him to bits and I wish our paths had crossed more often. But Charles Edge did a lot of work for Tidbits. He wrote a lot of Take Control books and he was a podcaster on Maxis Admins. I was a guest on his show. He was a regular guest with Chuck Joyner. I met him on Chuck Joyner's show. Wonderful person. Unfortunately, one of those random medical things that just one minute you're here, then you're not. He's not here anymore.
[1:12:56]
Utterly unexpected. He was younger than me. And the folks over in Tidbits obviously posted tributes and so forth. And I want to echo them completely. Every time I worked with Charles, I loved it. I always knew, oh, Charles is a guest. this will be fun. And it was every time. But really good advice over on tidbits, preparing for the unthinkable, a brief guide to digital legacy planning. And if you folk did everything Alison recommended, what, a decade ago when Tim passed? It might even be 15 years by now. Maybe, yeah. Well, a lot has changed in the world since then. A lot of it actually for the better, Apple now have actual mechanisms for specifying next of kin and so forth. Facebook, all of these places, they have actual mechanisms in place. So if you did all of this a decade ago, when we got our reminder in our direct community.
[1:13:53]
Maybe look at it again. Maybe just update and take some small amount of, you know, good isn't quite the right word, but take something that isn't awful, out of some pretty bad news. I was pretty shook up actually when I heard the news. I'm sure, yeah. I opened my, I opened my newsreader just before I went to bed, which is a terrible idea. Don't, don't open these things before you go to bed. And half an hour later, I was numbly staring at tributes on the tidbits website because I couldn't think of what else to do. And then I was late for work so ironically three days before Charles died he posted about creating a digital legacy contact, I know isn't it weird he also just got a book deal and it looked like it would have been an amazing book.
[1:14:41]
So anyway I didn't want to bring people down but it's so important I couldn't not post it and I do yeah and I wanted to take an opportunity to say that I'm going to miss Charles I really liked really liked him, okay now we really need we do need our palate cleansers can I start with the first one you can and I'm going to before you say it I'm going to say that I could only think of one other human being on this planet to share this with which is my better half and I sent I forwarded your message, and the doors were closed between our offices and I heard a literal laugh out loud a genuine laugh out loud so I did He did. So now, there you go.
[1:15:25]
So you're giving me credit for this, but it was actually Steve Matten on our Slack at podfeet.com slash slack who posted an article by Nate Dixon, which is referring to talking about Douglas Adams from XKCD fame and JavaScript. And I think this is going to be one of those that doesn't work if I read it out loud. But it is the greatest, nerdiest connection of Douglas Adams and JavaScript. It is just delightful. delightful i'll uh i'll just say that has to do with not a number it's it's just it's superb it's oh i said i said douglas adams douglas adams of um the hitchhiker's guide to the galaxy, yes that stopped everybody yelling at their phones i was about to very subtly correct you because one of my favorite things about douglas adams that i think sums him up wonderfully he wrote a book in five parts which he called the hitchhiker's guide to the galaxy a trilogy in five parts.
[1:16:24]
That was required reading when I was in college for one of my classes. Fabulous. I love that. I love that set of books. Anyway, it's a great one. Go read. It's very short. It's two or three paragraphs, but it's just delightful. Yes. Yes, it is. I sent it to Kaylee immediately and she just loved it. Yay. Now, if you're looking for a long read, This has been on my to read list for three weeks and I figured it was probably a palate cleanser but I did want to read it before recommending it and it took me I went for what should have been a half hour walk and an hour and a half later I came home and I had finally finished reading this article, It is from The Verge It is the story of the amazing people who keep the entire internet going by maintaining the undersea cables, This is a community of... I still can't believe we did that. Right. As humans. Right. That's bananas that that exists. Yeah. So the story starts and ends with the tale of a Japanese captain of one of these ships who was out at sea when he felt an earthquake and then Fukushima happened.
[1:17:34]
And it tells... It starts and ends with the story of repairing the undersea cables that earthquake destroyed and dealing with radiation suits because in front of the Fukushima nuclear power plant is a giant big choke point of undersea cables so they had to put on radiation suits with Geiger characters and things to fix the internet in front of a nuclear disaster while their families were at home and no one knew if they were alive or not it's a harrowing story but using that as a jumping off point we end up all the way back in the 1800s on the first ever transatlantic cable and everything in between and the challenges for the future and how it works how do you repair a cable that is lying miles and miles under the seabed the answer is you have to pull it up cut it in half you have to cut it in half pull up one half tie it to a buoy have it float there go find the other half pull it up it will be miles away right miles away you then attach miles of cable between the two and then you lay it on the ground in a giant big loop so that the entire course of the cable has been extended by the distance of the depth of the water times two.
[1:18:48]
And you actually use a physical anchor to drag up the cable. You wander around the sea floor trying to snag it and you're watching a pressure gauge and you can tell the difference between a rock and a cable because of how they react to pressure. And it's absolutely fascinating and there's there's a person whose job it is to use lasers to melt fiber optics together on a ship that's bobbing up and down to a tolerance of microns, wow wow amazing if that doesn't blow your head enough or if you prefer to watch a video instead of do a lot of reading um bertrand surlay if you're if you're thinking that name is vaguely familiar. Redmond, start your photocopiers! He was at one of the early WWDCs. He was Apple's VP for Engineering before Craig Federighi took that job. And he put up giant big banners at one of the WWDCs saying Redmond, start your photocopiers when they announced one of the new versions of macOS. And in his French accent it was a wonderful, wonderful call from the stage. Anyway, he moved on from Apple since. He's now retired. But he has a lovely YouTube video explaining why Why large language models work.
[1:20:02]
So, yes, he does tell you how, but he takes it way further than that and takes into account, actually, well, why does this actually solve our problems? Why is this actually helpful? Like, here's how the tool works. Now, why does that help us? It was actually very, very interesting. And I last learned about this. So, not how, but why? Both. Both. But we don't understand why. How?
[1:20:24]
We know how in the sense of how to build them. Yes. We don't know how they're doing what they're doing. That is true. Although you'll know a lot more about it after you've watched this. I thought it was fascinating. So I last looked at this when I was an undergraduate in 2001, and it was really nice to get caught up on the field since then. And it's always nice to have a friend, Jack, and tell you cool things. It just helps. It just helps. And then lastly, I could not have a podcast recommendation. It just wouldn't be me if I wasn't recommending ending some listening to you. If you would like to make me cranky, tell me that Y2K is an example of overreacting and my head will explode. Because very rarely on planet Earth do we human beings succeed in seeing a problem, addressing the problem before it happens, and succeeding so well that no one believes there ever was a problem. That is the story of Y2K. We did it so well, people think we did it terribly.
[1:21:24]
So I'm going to make an observation that's going to really bother you, Bart. There are people who could be listening who might be under 24 years old.
[1:21:33]
Who also, so that would assume they knew about it at zero. So let's let them be, what, 20 years old. So people under 44 years old may not even know what we mean when we talk about Y2K. Just in case that is the case, Y2K is the year 2000. a lot of computer systems use two digits to describe the date. So it went up to 99, and then it would flip over to zero instead of to 2000. So 1999 would go to zero instead of 2000. And there was a massive effort to drag old COBOL engineers out of the retirement homes and get them to fix all of this ancient code that was in terrible shape. And I don't know if anybody ever underestimated how much it cost to do it, but it's good to know that we did it. Yeah. And we succeeded. So anyway, two-part episode from Malicious Life tells the whole story, and it's told really well. It's a good story, and I think it's really important for us to remember that we actually can fix problems we see coming. We're not destined to get hit by the train we can see coming at us. We actually can do it sometimes. And don't take away our win. Don't denigrate the one time we did it right. We did. Right. We should be proud. That is something to celebrate, Bert. I like that as a way to end. That's fantastic. Fantastic.
[1:22:54]
Excellent. Well, until next time, folks, remember the most important thing of all, stay patched so you stay secure. Well, that is going to wind us up for this week. And I want to thank Lindsay again for standing in for Steve while he's off on his big adventure to Washington, D.C. She did a great job doing production of the show. Steve actually came in partway through the show and started micromanaging her, which was awesome. But also to Jill for pasting in the screenshots as people are watching in the live stream. You can see it in the chat room and that's kind of a way to keep everybody engaged in what I'm blathering about. So I appreciate both of you for doing this extra work for us. Anyway, did you know you can email me anytime you like at alisonatpodfeed.com. We're going to be having some time coming up here where I'm going to be taking some long vacations and Bart and Jill and Alistair will be running the show and they are going to need content from you. So I'm giving you lots of warning. It's not going to be until I'm going to to need a little help in June, and they're going to need help in, boy, I should have memorized the dates, later than June. But we're going to need a lot of content, so start thinking ahead about what you want to record. You can send me an email at alisonpodfeet.com with those recordings. If you have a question or suggestion, just send it on over. Remember, everything good starts with podfeet.com. You can follow me on Mastodon at podfeet.com slash Mastodon. If you want to listen to the podcast on YouTube, you can go to podfeet.com slash YouTube. If you want to join in the conversation, you can join our Slack community at podfee.com slash slack.
[1:24:22]
It's a great place to go where you can talk to me and all of the other lovely NoCilla castaways. You can support the show at podfee.com slash Patreon or with a one-time donation at podfee.com slash PayPal. And if you want to join in the fun of the live show like we did this week, head on over to podfee.com slash live on Sunday nights at 5 p.m pacific time and join the friendly and enthusiastic.
[1:24:43]
Music.