NC_2024_07_07
Celebrating the 1,000th episode, updates, gratitude, and future goals were shared on the Mac Geek app and NoCillaCast podcast. Network streamlining and the importance of staying informed on internet security were emphasized.
Automatic Shownotes
Chapters
NC_2024_07_07
Advanced Notability Tutorial on ScreenCastsONLINE
Programming By Stealth 169 of X — Advanced YAML Topics
Steve on 1000 Shows
1000 Group 1 - Drunk Nick Nolte, DocTim, Big_in_Va, Claus, Norbert Frassa, Grumpy
1000 Group 2 - George from Tulsa, Jill from the Northwoods, Alan, NASANut, Physics Nerd Graeme, Bodie Grimm
Changes Coming to the Podcasts — All Good News!
1000 Group 3 - Sandy, Kirschen, Mr. Ed, Dave Hamilton, Slau, Knightwise
1000 Group 4 - Steven Goetz, Peter Boodts, Ian Prinssen, Thomas Mattock, Ron Burch
1000 Group 5 - Victor Cajiao, Listener Lynn, Trevor Drover, Joe Dugandzic, UseTheData, Steve Harris
1000 Group 6 - Allister, Steve Ewell, Noblesongster, Oliver, Pilot Pete
1000 Group 7 - Kelly Guimont and Mike Rose
Support the Show
Security Bits – 2024–07–07
Long Summary
In the 1,000th episode celebration of the Mac Geek app, the speaker shared updates on podcast feed changes and upcoming events like MacStock. They expressed gratitude towards their support team and highlighted their spouse Steve's contributions. Listener tributes were showcased, marking the milestone with congratulatory messages. Changes to the podcast structure were also addressed, focusing on streamlining the series into more distinct shows.
The speaker discussed streamlining the podcast network to enhance accessibility, particularly centralizing Programming by Stealth and merging Chit Chat Across the Pond into NoSillacast. A new segment with Adam Angst was introduced to provide engaging content consistently. The community's heartwarming messages on reaching 1,000 episodes reinforced the show's impact. Future goals include providing quality content while improving the listener experience.
During the 1,000th episode celebration of the NoCillaCast podcast, the speaker acknowledged listener support over the years and expressed gratitude for the community's participation. They recognized Bart and financial supporters for their contributions to the show's success. The commitment to delivering high-quality content to the loyal community was reiterated, marking a nod to the future.
Reflecting on a conversation with an extroverted friend who collaborated on a community podcast, the speaker appreciated the built community and their collaborative dynamic. They transitioned to discussing recent security news, shedding light on supply chain attacks, OpenSSH bugs, and the importance of choosing CDNs carefully. Insights on two-factor authentication, SMS-based authentication risks, ChatGPT's security flaw, and other tech-related security topics were shared, emphasizing the evolving internet security landscape. They concluded by recommending engaging content and articles by security experts to stay informed.
The speaker discussed streamlining the podcast network to enhance accessibility, particularly centralizing Programming by Stealth and merging Chit Chat Across the Pond into NoSillacast. A new segment with Adam Angst was introduced to provide engaging content consistently. The community's heartwarming messages on reaching 1,000 episodes reinforced the show's impact. Future goals include providing quality content while improving the listener experience.
During the 1,000th episode celebration of the NoCillaCast podcast, the speaker acknowledged listener support over the years and expressed gratitude for the community's participation. They recognized Bart and financial supporters for their contributions to the show's success. The commitment to delivering high-quality content to the loyal community was reiterated, marking a nod to the future.
Reflecting on a conversation with an extroverted friend who collaborated on a community podcast, the speaker appreciated the built community and their collaborative dynamic. They transitioned to discussing recent security news, shedding light on supply chain attacks, OpenSSH bugs, and the importance of choosing CDNs carefully. Insights on two-factor authentication, SMS-based authentication risks, ChatGPT's security flaw, and other tech-related security topics were shared, emphasizing the evolving internet security landscape. They concluded by recommending engaging content and articles by security experts to stay informed.
Brief Summary
In the 1,000th episode celebration of the Mac Geek app and NoCillaCast podcast, updates on podcast changes were shared, gratitude expressed towards supporters, and future goals discussed. The speaker also addressed streamlining the podcast network for accessibility and highlighted recent security news, emphasizing the importance of staying informed on evolving internet security topics.
Tags
1
1
000th episode
Mac Geek app
NoCillaCast podcast
updates
gratitude
supporters
future goals
podcast network
accessibility
security news
internet security topics
Transcript
[0:00]
NC_2024_07_07
[0:00]Music.
[0:14]Thousand! Well, you know, when Dave Hamilton hit a thousand with the Mac Geek app, he said, eh, we're not going to make a big deal out of it. Yeah, that's not how we're doing it here. This can be mostly a party show, but it will be me explaining some big changes I've just made to the podcast feeds, as well as security bits for the second half of the show. Before we get started, though, I wanted to let you know that next week we'll be going to MacStock, so the show will come out early on Wednesday, July 10th. Everybody say it now, what does that mean? There will be no live show next Sunday, the 14th of July.
[0:48]
Advanced Notability Tutorial on ScreenCastsONLINE
[0:48]Just a bit ago, I told you that my ScreenCastsOnline tutorial video on the foundations of using notability had been posted, and I teased that the advanced notability tutorial would be hot on its heels. Well, it's out, and in this advanced tutorial, I'll show you how you can take notes with pencil or with a keyboard while recording the audio you're hearing, and then go back and tap on a note and have the audio played back right where you were writing that note. It is crazy cool. I recorded the keynote for WWDC in Notability while I was taking my notes, while I was typing notes, and it came in really handy when Bart and I were debating when a certain piece happened, whether it was part of the Apple intelligence part or whether it was part of the core technologies. And I was able to go in and find out exactly where it was by tapping and then listening to exactly what they said and reading a transcript, all created in Notability. I teach you how to do that in this ScreenCastsOnline tutorial.
[1:41]I also do go through some more advanced tools like the Zoom box for where you're writing and precision drawing with the ruler. I'll walk you through how to organize your notes into subjects and dividers too. My favorite part of the tutorial is where I show you how you can handwrite math like equations and have it automatically be converted to beautiful type text notes in the language LaTeX. That's different than what Apple's going to be able to do. no shade on them what they're doing is really cool too but this is very different in what Notability can do. Now remember after you watch this teaser video that I embedded in the show notes if it sounds like fun to watch the full video you can head on over to screencastsonline.com sign up for the free seven-day trial where you can watch this video the foundations tutorial on Notability and all of the current back catalog.
[2:27]
Programming By Stealth 169 of X — Advanced YAML Topics
[2:27]In this week's Programming by Stealth, we have the second and final installment about YAML. Bart teaches us how to write multi-line strings and how to not write multi-line strings. He teaches us about string blocks, which is a bit head-bendy, at least it was for me, but this allows you to write human-readable strings and yet also tell YAML what to do with things like empty lines and whitespace. After that slightly heavy lift, we learn about how to write much simpler-looking sequences and mappings than the way we learned in our introduction to YAML and PBS168. It's really nifty how you can write them in compact, sensible forms and even easily combine separate YAML documents into the same sequence or mapping. Finally, we learned how to use the YQ language to query JSON, CSV, XML files, and more using a language that uses JQ syntax so you'll feel right at home because we just finished learning about JQ. You can subscribe to Programming by Stealth in your podcatcher of choice or follow the link to Bart's fabulous tutorial show notes.
[3:24]Now that we've got the business of the show taken care of, Steve would like to take over the microphone.
[3:30]
Steve on 1000 Shows
[3:30]Hi, Allison. This is husband Steve. I'd like to congratulate you on producing your 1,000th episode of the Nosilicast podcast. What an accomplishment. When you first picked up a microphone back in May of 2005, neither of us had any idea where this podcast adventure would take us. Since then, you've produced a podcast every week for 1,000 episodes without missing a beat, albeit with a little help from your friends Bart Bouchats, Alistair Jenks, Katie Floyd, and Chris Ashley. That's a rare feat in the podcasting community, and one of which you can be quite proud. As I look back, I think the most meaningful NocellaCast development over the past 1,000 episodes is the community that has grown up around you and the new group of friends we've come to know because of your podcast. Throughout this period, the NoCillaCast community has provided their support, content for your show, and a lot of good times. I'm a believer that the community that forms around a podcast reflects the personality of the podcast host, and I think that's why the folks in the NoCillaCast community are interesting, informed, and caring people. A reflection of you, Allison.
[4:42]You and I consider many of the NocillaCast community members as friends, even though we haven't met them in real life. We've also traveled across the U.S., the Atlantic, and the Pacific to meet and get to know some of these friends in person, like your co-host Bart, my wingman Kevin, and your wingwoman Sandy. I know you've thoroughly enjoyed each one of these meetups as much as I have, and I also know you look forward to many more wherever they may take us. I'm so pleased you started and stayed with the Nosilla cast, for without it, just think of the community and friendships we'd be missing.
[5:18]So again, Allison, congratulations on achieving 1,000 wonderful episodes of the Nosilla cast. I'm extremely proud of what you've accomplished, and I'm very pleased to see the Nosilla castaways evolve into the thriving, kind, and supportive community that surrounds us today.
[5:35]Well, I'll sign off for now, but you can rest assured that I will stay subscribed, at least for another 1,000 episodes. Steve, that was really great. I loved it. I do want to add to the list of people who made the show come out every single week. That was the MyMac guys. You remember, they took over the show one time too. Well, I got to tell you, the rest of you, one of the biggest surprises of doing the NoCillaCast has been how much Steve has gotten involved in the show. It used to be just me kind of doing my own thing, you know, but over time, he's taken over production of the live show, and of course, all the work he does in the video interviews that he produces for us. What you may not know is how much of our daily eerie chores Steve has taken over, especially since we've retired, leaving me a lot more time for the podcast. He does the grocery shopping, the cooking, he pays all the bills, he organizes all of our travel. But don't worry, I still wax his car. Now, to say he's the wind beneath my wings would sound trite, especially since it's really the wind above your wings that lifts you up. But I will say he's my partner in this endeavor, and I wouldn't be doing this show at all without his support. All right, well, looks like Steve wants the microphone back. Don't you love how he always introduces himself as Husband Steve, as though maybe I'll forget?
[6:50]This is Husband Steve again. A few weeks ago, I sent out a request to folks in the NocellaCast community to provide a brief audio recording to commemorate the 1,000th NocellaCast episode. I was pleased to see how many people responded, 35 in all. I'm pretty certain Allison will very much appreciate hearing all of your comments. Your feedback reminds me of how much I enjoy being part of the NosillaCast community. So what you and Allison are about to hear is the full collection of the audio inputs I received. I've grouped them in no particular order for Allison to play. I'll briefly introduce everyone in each group before their comments are played. So buckle up and settle in for several minutes of feedback from the NosillaCastaways.
[7:37]
1000 Group 1 - Drunk Nick Nolte, DocTim, Big_in_Va, Claus, Norbert Frassa, Grumpy
[7:37]First up, we have Marty Gentius, who we know as Drunk Nick Nolte in our NoCillaCast live show chat room, Tim Jenvik, a.k.a. Doc Tim, my wingman Kevin, who is big in Virginia, friend from Germany Klaus Wolf, local friend Norbert Fraza, and Mike Price, a.k.a. Grumpy. This is Marty Gentius, a.k.a. Drunk Nick Nolte of the Castaways, and from thepodtalk.net. I got a knock-knock joke for you. Knock-knock. Who's there? Nozilla. Nozilla who? Nozilla-brate 1,000 episodes with Alison Sheridan.
[8:18]Okay, I've finally risen to your level of humor. Congratulations on your 1,000th episode. Hi, this is Tim Jenvik. Congratulations to Alison Allison on her 1000th NoCillaCast podcast after more than 19 years. Although I came for the Apple content, my favorite podcasts are those where Allison interviews folks like Dr. Andrea Ghez on the Galaxy's Black Hole or Dr. Marianne Gary on issues of neuroscience and memory. While they are not at all Apple-related, these illustrate Allison's many interests despite her slight Apple bias. Here's to many more years of her podcasting.
[8:58]Well hello podfeet allison steve my wingman and all the noosilla castaways well you've reached a big mile marker 1 000 shows it's quite an achievement in the podcasting world and i'm very proud to have been a small part of the show for all the years that i've been around thank you for all the product reviews all the friendships that have been made and to allow me to enjoy what you put out it's cost me some money over the years to be sure but I'm not the only one it's cost money but there have been a lot of other people that have brought some joy and happiness to the show Bart with his security bits Sandy with her fun and stuff that she shared with us and always in the chat room and so so many others I don't want to forget anybody so I won't go into too much detail but I want to thank all my friends that I've made in the chat room over the years and truly truly appreciate everybody but a big congratulations to you allison it takes a lot to get there but i know the real power behind the show is steve, because he and i truly know what makes the show go, congratulations and keep up the great work and looking forward to the next thousand episodes.
[10:16]Herzlichen Glückwunsch zu eurer 1000. Podcast Ausgabe. 1000 episodes. What an amazing achievement. Thank you so much for your kindness, generosity, countless hours of entertainment, the immense knowledge you've shared, but most important of all, for the community you've started. You're amongst the most approachable podcasters I know, and I couldn't imagine a week without you.
[10:42]Congratulations, Allison, on 1,000 episodes. That's a major accomplishment, and I'm so happy that you decided to pick up a microphone so many years ago. When the Nasilla cast hits my podcaster player of choice, it always goes to the top of the list. Each episode never fails to either teach me something new, challenges me to use my tech in a different way, or sometimes just makes me laugh out loud. I feel like an extra lucky Nassila Castaway because we both live in Southern California, so it's only a hop, step, jump, and a quick drive down the 405 freeway to catch lunch together with you and Steve. It's always fun to catch up on our lives, plus roam the local Apple store like little kids trying out new toys. In addition, it's always fun to share new experiences with NewTek each year at CES. I will even tolerate you telling me what I should have for breakfast each morning in Vegas when we all get together at the pantry. Overall, I want you to know how much I appreciate you, Steve, and the Nasilla cast. Unfortunately, I did not start listening with episode one, but I look forward to listening to the next 1,000 episodes. I know I not only speak for me, but probably for a lot of my fellow Castaways, but thank you, thank you, thank you. Cheers to you, and again, congratulations.
[12:09]Hi, Allison. Mike Price or Grumpy here. I just wanted to call in to congratulate you on such a huge accomplishment of making 1,000 shows. Wow. And I wanted to thank you for the many years of entertainment and education that you've provided to all of us over the years and for making such a wonderful family at podfeet.com. I'm looking forward to many, many more shows, maybe even another 1,000. Take care. Bye-bye. All right. Well, I don't know if I'm going to do another thousand, but hey, there's nothing stopping me now, that's for sure. I'm just immediately overwhelmed with all the great things you people have said. But looking at the number of people we're going to hear from, I can't possibly address all of these wonderful comments. So I'm going to hold my overall thoughts until the end.
[12:59]
1000 Group 2 - George from Tulsa, Jill from the Northwoods, Alan, NASANut, Physics Nerd Graeme, Bodie Grimm
[12:59]Next, we have inputs from longtime contributor George from Tulsa, Jill from the Northwoods, host of the Start with Small Steps and the Buzz, Blossom, and Squeak podcasts, Alan, a.k.a. Zappery, in our chat room, John Ormsby, better known as NASA Nut, physics nerd Graham, and local friend Bodie Grimm, host of the Kilowatt podcast. George from Tulsa here to congratulate Allison, Steve, and all the castaways who've contributed content that keeps the Nosilla cast interested.
[13:35]I discovered the Nosilla cast when I was fleeing malware-infected windows for the Haven of Mac. The show was invaluable. Even more was the personal touch as Allison went above and beyond to respond to emailed questions and help my conversion.
[13:55]Allison's always been my queen of podcasting. With 1,000 episodes in the vault and a new millennium starting, I think she's due for a promotion. Long Rain Allison, the Empress of Podcasting. Congratulations on 1,000 episodes. I am stunned at all the hard work and amazing things you've done to accomplish this. I can't even begin to list the many ways you've made my life so much better, from listening to your podcast, but from knowing you too, and teaching me about podcasting and all the advice you gave me along the way. Thanks for everything. And thank you for the thousand episodes of work that you have put in. Still, my favorite memory is when you said hi to me when I joined your Slack channel. And I thought you were an automatic Slack response AI robot greeting me for joining this account. You ended up being a real person. Wow, I'm glad you were a real person. And I look forward to the future and all the amazing things you will tell us and the great stories about what technology failed you and how you found out how to fix it or the many ways I can spend my money.
[15:09]Hi, this is Alan and I just want to say congratulations on your adoption. Sure, whatever year it has been and I just want to keep social and sweet. Thank you.
[15:32]Allison, NASA Nut here. Congratulations on making it to 1,000 episodes of the NoCillaCast. I haven't been with you since the beginning, but I've been around for several years. I've especially enjoyed sitting in on the live shows, watching the sausage being made, and chatting with everyone that joins in. Although I've only met a few in person, they have become my digital family and you as our digital mom, and I consider myself honored to be a no-silly castaway. While I don't always agree with your opinion on certain subjects, spaces for example, I do value your input, as misguided as it may sometimes be. I also appreciate your thoroughness, such as mapping every one of the iOS settings.
[16:15]Not only have I made some new friends, I've learned many things while listening to your show and love the segments on security bits and tiny tips among others. Thanks again for the wonderful show and hope you have another 1,000 episodes in you. Since Allison appeared on Mac Power Users, I started listening to the Nozilla cast and settled into the community. It's so nice to have a friendly community around the wonderful tech that's just about enjoying ourselves and sharing and caring. So thanks for everything. With love from Graham. Hey everybody, I just wanted to take a real quick moment of your time and congratulate Allison and Steve on reaching an incredible milestone, a thousand episodes of NoCillaCast. It's my Monday morning go-to podcast. I realize they're recorded on Sunday, but I listen on Monday morning. I get so much value out of hearing Allison tackle all of the technical issues that she experiences and hearing from other NoCillaCastaways. And one of my favorite segments is Bart's security bits. So, congratulations, Allison and Steve. And on a personal note, I have known Steve and Allison for a few years now, and they've been incredibly kind and supportive and loyal friends. So, I feel truly blessed to know them.
[17:38]And I don't know how to end that without being weird. So, thank you both for being great friends. It means a lot. Was that too awkward? Oh my gosh. I know I said I was going to comment on any of them, but that is classic Bodhi right there.
[17:55]
Changes Coming to the Podcasts — All Good News!
[17:56]Now that we've cleared the 1,000 mark on the NoCillaCast, I'd like to tell you about some changes coming to the podcast. And I promise you, they're all good when the dust all settles. Well, of course, we've got to start with the problem, or problems, to be solved. In order to explain the problem, I have to wind back time and explain how we got where we are today.
[18:16]Back in 2005, I started the NoCillaCast. Okay, you probably remember that part. But one day, a gentleman named Bart Bouchat sent me a comment. And then a review. review, and then another review, and then somewhere along the way we decided to start chatting on the air. He whimsically named our conversations Chit Chat Across the Pond because he's across a very big pond from me over in Ireland. At the time, these chats were not a standalone show. They were part of the Nocilla cast. Bart would first give us security bits and then talk about whatever suited his fancy for Chit Chat Across the Pond. My shows had been much shorter back then, so having these little chats with Bart helped round the show out and everything was dandy.
[18:54]And then one day, Bart got sick, too sick to do Chit Chat Across the Pond with me. Rather than have the show disappear, I started having other guests on with me. It was great fun, but we all really missed Bart. When Bart finally recuperated after many months, he said he really liked hearing the other voices, and maybe it would be fun if he was only on Chit Chat Across the Pond maybe every other week. And everything was dandy. On April 14, 2013, Bart started the series Taming the Terminal. It was part of our Chit Chat Across the Pond series, but Chit Chat Across the Pond was part of the NoSilicast, and the NoSilicast included security bits before Chit Chat Across the Pond. Are you starting to see where things stop being dandy? Well, imagine you wanted to listen to, say, Taming the Terminal Part 33 about SSH bookmarks. You'd have to go to NoSilicast number 520, scroll through the audio from me, then the security bits audio, and only then could you find Taming the Terminal Part 33, and this was all before, I think it was before I had chapter marks.
[19:53]All right, when Taming the Terminal completed in October of 2015, after 406 episodes of the NocillaCast, I finally spun Chit Chat Across the Pond off as its own show. Now, this was a good time to cleave the content from the NocillaCast because Bart was ready to start programming by stealth. If you go back to that first episode, you'll notice it's Chit Chat Across the Pond number 407 because I had painstakingly gone back and counted all of the non-standalone segments of the Chit Chat Across the Pond inside the Nosilla cast. When we had completed Taming the Terminal, Bart and I re-recorded the intro of every single piece without the Chit Chat Across the Pond stuff at the front, and Steve painstakingly stitched that audio together and made a sensible feed for Taming the Terminal to be a standalone podcast. Since it was evergreen content, that worked out great.
[20:43]This madness continued, though, where the Chit Chat Across the Pond feed was super uneven. One week you'd have Dr. Gary on talking about how faulty our memories are and destroying our dreams, and the next week you'd hear Bart explaining how to use mustaches in JavaScript. At this point, we had the NoSilicast, Chit Chat Across the Pond, plus Taming the Terminal, so three podcasts. In March of 2017, I decided to cleave the shows yet again. I wrote a post called, Three Chit Chat Feeds Are Better Than One, where I explain the problem to be solved and announce three podcasts, Chit Chat Across the Pond, Chit Chat Across the Pond Light, and Programming by Stealth as their own shows. To make sure you're still following along, as of last week, we've still got the Nocilicast, Taming the Terminal, Chit Chat Across the Pond Light, Programming by Stealth, and then Chit Chat Across the Pond Light and Programming by Stealth both inside Chit Chat Across the Pond feed. Every time I have to explain this to someone, I really struggle to make it clear.
[21:38]Here's another thing that's been nagging at me about this mess that made sense as I built it piece by piece, but gets harder and harder to explain. Programming by Stealth has two homes. Every time we have an episode of Programming by Stealth, you'll hear me on the NoCillaCast telling you to go to podfeet.com to listen. But then I also tell you to go read Bart's fabulous tutorial show notes over at pbs.bartofister.net. But when you get to pbs.bartofister.net, you don't just get the fabulous tutorial show notes, you also get the audio embedded on the same page. And on that page, Bart points back to podfeed.com and the link I have to the podcast. To answer me this, why do I send people to podfeed.com at all for this show? What value does it bring to the listeners and readers of Programming by Stealth? Why not just have it be at pbs.bartofister.net? That would make more sense.
[22:30]Now, let's talk about Chitchat Across the Pond Lite. Over the years, it's become more and more obvious to me that there's one part of podcasting that I seriously dislike. It's the process of asking people to be on my show. I have to think up somebody to have on, and they have to think up the hook to have them on. You know, what are we going to talk about? What's their thing that makes them interesting? Let's say I've got a great guest idea, and I know what I'd like to talk with them about. But there's still a hurdle. What time and date will we chit-chat? What if there's a big time zone difference? What if they have a jobby job? What if I have to go back and forth 12 times to find a good time? After having Nobel Prize-winning astrophysicist Dr. Andrea Ghez on the show, followed immediately by climate scientist and geologist Dr. Jason Briner, I did those two shows back to back. I sort of did a mic drop on doing more interviews. I've done a few here and there, but they take monumental energy out of me. Just a thing I I really don't like having to do, and I procrastinate about asking people to be on the show. I don't have that kind of producer to book people for me, a booker, you know, that's probably what I would need. But don't worry, that's not where I'm going.
[23:35]All right, we're almost done going over the problems to be solved, but I have one more. On weeks when Bart is on the show with security bits, I find I have a lot more time to enjoy my life. Technically, I'm supposed to be retired, but on the off-Bart weeks, I have to work a lot of hours to keep up this pace. I keep looking for things to cut back on to give myself some actual free time. I mean, I still got to whack Steve's car, you know? I don't have that kind of time. I haven't power washed my driveway in months. It's terrible.
[24:03]All right, after a thousand words explaining what bothers me about this structure I created is all my fault, I'm finally ready to tell you the solutions I've come up with. I should mention that there's a handy-dandy diagram to explain all of these changes if you're more of a visual person. The first solution is the easiest to explain.
[24:20]Programming by Stealth will no longer be part of Chit Chat Across the Pond. If you've been subscribed to Chit Chat Across the Pond to get both the light content and the Propeller Beanie any Programming by Stealth content in one feed, you're going to have to subscribe directly to Programming by Stealth. When you're listening to Programming by Stealth, you will no longer first have to hear what chit-chat across the pond episode it is before hearing the Programming by Stealth title. That makes more sense too. All of the links in the podcast feed will go directly to the episode on pbs.barterfister.net, and there is no longer a standalone blog post on podfeed.com. I'll still tell you about the episode. You just heard me do it already during the Nocella cast. So no more bouncing around between sites to get the content. Now, Bart has made some changes to the way it looks. It now says it's a, it used to say a Bartificer creation. Now it says a Bartificer Podfeet co-creation. And there's a little about page that talks about the two of us. So it's our site. He manages it the way I manage the podcast. He manages all the text part of it. And so it's actually, it's great. We're both really happy we did this. Now, this makes my life mildly easier because I'll no longer have to double post the same audio content to two different feeds and scrape off the Chitchat Across the Pond name from the front of the title over on the Programming by Stealth feeds. Now, that was pretty easy. It wasn't too painful, and it makes a lot more sense, right?
[25:42]All right. One of the hardest things to explain after Programming by Stealth is why I have a show called Chitchat Across the Pond Light. How can learning about black holes be considered light anyway? Since programming by stealth won't be in the chitchat across the pond feed, now it can be the light version without having to use the name light. Now, Dr. Gary's wife has always complained about people who spell light L-I-T-E. It's like, really? G-H versus the T-E? You only saved one letter and you spelled it that way. She yelled at me for using it once. So she'll be very happy for that too. So I hope Mrs. Gary is happy with that.
[26:22]So no chitchat across the pond light feed, only a chitchat across the pond feed. Now, when I was rolling this idea around with Bart, he assured me that there was a relatively simple way to fold the light feed into the regular chitchat across the pond feed, so you wouldn't have to do anything different to keep getting your content. Now, Bart held my hand, and we actually followed the instructions at Apple's website. site. So this is a big, oh, is this sounded easy. And when I wrote up the show notes, I said it was easy and it worked, but there's more to the story. So it wasn't hard, but it's conceptually kind of a mind bender. The trick of this process is that for my files, my, the pod feed, the podcast feed to teach your podcatcher that the chit chat across the pond light feed moved. So if you look at your podcatcher today, you should see Chit Chat Across the Pond where you used to see Chit Chat Across the Pond Lite. In fact, if you were subscribed to both feeds, you probably see Chit Chat Across the Pond in there twice. Now, you can safely delete one. I'm not sure. I'll wait a little bit and see what happens because I might make one more change. In fact, I'm pretty sure I'm going to make one more change right after this show is done recording.
[27:37]You're also going to see a bunch of Programming by Stealth episodes since the last time I posted a Chitchat Across the Pond light was back in late April. So the top of the feed will look like it still has Programming by Stealth and maybe I'll go along and clean those up. But after today, you won't get any new Programming by Stealth episodes in Chitchat Across the Pond.
[27:57]So for the nerds amongst us, there were two steps to accomplishing this so far. I needed to add a 301 redirect to my web server's configuration file, telling the podcatcher that if they came looking for the light feed, here's the full chit-chat across the pond feed instead. This is essentially the same redirect process I use to redirect you to, say, like our Slack channel by going to podfeed.com slash slack. The reason everything good starts with podfeed.com is because I use these redirect thingies. The second step was weirder.
[28:27]And this is where things have actually gone pretty wrong. Anyway, you get the podcast in your podcatcher because of a small XML text feed, text file, I should say, which is also called the podcast feed. In that text file, if you're subscribed through something like Pocket Cast or Overcast, everything is dandy by that 301 redirect. However, Apple wants you to do something different. frame. In that text file, Apple told us that you need to add a tag that tells the iTunes directory that this is a new feed. So in the chitchat across the pond feed, I had to tell it, this is a new feed. So as your podcatcher looked for the podcast with the normal RSS feed, it would start there, but then it would get directed over this new feed and it tells iTunes, oh, just start using this one from now on. Don't use that old light feed. You're now on the new feed. Now, while this technically did work, it didn't work nearly as well as I thought. As I mentioned, if you're subscribed to Chitchat Across the Pond and to the Lite feed, you now have two copies of Chitchat Across the Pond. In Apple Podcasts Connect, which is where podcasters manage their shows in Apple's ecosystem, I also saw two copies of Chitchat Across the Pond. But it got weirder.
[29:45]So, I create my feed file using an application called Feeder from Steve Steve Harris of Reinvented Software. You're going to hear him complain in the recordings in a little bit about how much I annoy him, but you know, he deserves it. Anyway, I added that new little feed URL to the Chit Chat Across the Pond feed file manually to test it out and it worked like a champ. But then I needed to make sure Feeder didn't override that and remove the tag. Steve told me where to put it in the app, but it didn't actually work properly. It would eventually eventually disappear. It would be there, but then it would disappear. So when I pushed another episode, it would break it. So I had two Macs open that both push and pull from Feeder. And I thought maybe that's what was causing it. So I had the two Macs open. I was on my MacBook Pro and my MacBook Air at the same time. They both had the app up. I was refreshing, pulling, pushing, and I made the worst possible mistake I could have made. I put that new feed URL iTunes tag for Chit Chat Across the Pond in the NoSilicast feed.
[30:49]So then I pushed it to the web. Instantly, the NoCillaCast disappeared from iTunes, anything iTunes related, they call it iTunes still, but Podcast Connect, the NoCillaCast was gone. And in the podcast app, the NoCillaCast was gone. But guess what? There's now three copies of Chit Chat Across the Pond in the podcast app, and three copies of Chit Chat Across the Pond in the Podcast Connect app. So I did realize what I'd done very, very quickly, but undoing it was essentially impossible because this action erased the NoCillaCast from Apple's perspective, or at least I thought it did. I had to recreate the show in Apple Podcast Connect, which wasn't difficult. But now that feed says that the show started in 2024 instead of 2005. I mean, on the bright side, maybe I'll get promoted under top new podcasts, but I've also lost all of my ratings.
[31:45]So the first bad part of that is that every single person who subscribed to the NoCillaCast through Apple Podcasts now had to notice and resubscribe. Now, again, if you subscribe through any other podcatcher, you should be undisturbed because they simply look at the RSS feed file. So right before the show, and I'm winging this right now, it gets even weirder. I went back and looked at those three copies of Chit Chat Across the Pond, and one of them is the original Nosilicast. It has the right start date. It's got the right ID. It's a shorter number. It's only eight digits instead of 10 because the show's so old. It's got all of my ratings in it. And I realized I can edit that and change the feed to the Nosilicast feed and then delete this brand new one I just created yesterday. So I'm recording right now, but I see at least a 62% chance that when I post this, none of you are ever going to see it. Well, actually, if you're not on the podcast app, you're going to be fine. But this is really weird. So you can imagine what a bad day I had yesterday, and I'm still scared. But I think I'm going to do that. I've actually been chatting with Bart while I've been listening and we've decided what I'm going to do. I'm going to go edit that and I'm going to delete the brand new one. And so people who just got the message that they need to resubscribe will be unsubscribed. It's going to be a disaster, but I think that's where I want to end up.
[33:14]Let's turn to the really good news about the changes. One of the biggest things I did. It's all well and good that in theory, I'm going to have two new clean feeds, one for programming myself and one for Chit Chat Across the Pond. But what about content for Chit Chat Across the Pond? I don't want to be arranging people and people who are hard and I'm so resistant to doing that. How have I solved that problem? Here is the best news ever. Adam Angst has agreed to join the family and become a monthly guest on Chit Chat Across the Pond. Adam and I have a delightful time whenever we chat, and I'm sure you've picked up on it when you hear us talk about events like WWDC. He told me that he's been wanting to be a regular podcaster, but he knew that creating the shows was a lot of work. When I suggested to be on the show as a regular, he jumped at the chance, and he's really easy to communicate with. He gets back to me right I get back to him right away. We talk. It's great.
[34:07]Now, he loves writing more than anything, and that's what makes him the best guest. His terrific articles for tidbits will give us a constant source of content for the show. His job will be to look back at his previous month's worth of articles, choose one of them to have me read before we start recording, and then we can make that the topic of the show. We get along so well, we can just flip on the record and go to town on a topic that he's passionate about. And even if we wander off topic, that's okay too. We both love it. Adam being on Chit Chat Across the Pond doesn't preclude me having other guests on the show, but it takes the heat off me to feel like I'm letting you down by not booking guests all the time. Now, if I stopped right here with a solution, it would all make sense. Three actively recorded shows, no silicast, Chit Chat Across the Pond, programming by stealth. But you know, I'm not going to keep it that simple. One of the main things I wanted to do was to figure out a way to lower my workload. This may be a weird idea.
[35:02]I'm going to put Chitchat Across the Pond content back into the NoSilicast 2. So you'll actually be able to get Chitchat Across the Pond two ways. You just stick around in the NoSilicast, or you subscribe to Chitchat Across the Pond directly. Now the shows will be a bit more even in length. We'll have security bits two weeks of the month and Chitchat Across the Pond one week of the month with one normally solo show. Now I hope this arrangement makes sense to you and simplifies things. You still get Bart in Programming by Stealth with a more direct linkage to his tutorial show notes. Security Bits will stay as part of the NoCillaCast. You have these two ways to get chit-chat across the pond by subscribing directly or by listening to all of the NoCillaCast. And we get Adam Angst.
[35:44]
1000 Group 3 - Sandy, Kirschen, Mr. Ed, Dave Hamilton, Slau, Knightwise
[35:44]Our next group includes Allison's wingwoman, Sandy Foster. Longtime listener, Kirshen Sia. A longtime friend, Ed Tobias, aka Mr. Ed in our chat room. Longtime friend, Dave Hamilton, host of the MacGeekGab, Slough, producer and co-writer of If Every Day Were Christmas, and longtime friend from Belgium, Nightwise.
[36:09]Hi, this is Sandy Foster, and I want to congratulate Allison on her 1,000th episode. What an achievement! I've been listening to the Nosilla cast for many years and look forward to each week's live show. Allison has created a true community of listeners and is inspiring and generous with her knowledge. I'm so pleased to be able to say that Allison is not only an inspiration to me as to so many, but she's also a much cherished personal friend. Congratulations, Allison. Hi Allison, Kershwin here. Congratulations on your 1000th episode. Here's wishing you many more to come as you tell us about technology with that ever so slight Macintosh, I mean Apple, bias. All the best. Hi all, Ed Tobias here, also known as Nocilla Castaway Mr. Ed. I have known Steve and Allison since the early 1980s. I believe Bart was just being born then. Fortunately, we lost touch over the years and while searching a format podcast to listen to, I stumbled across one with a slight Apple bias. Through the podcast, we rekindled our friendship and discovered common infatuation with the Mac. Since then, we have shared dinners and peanut butter whiskey and quite a few tech playdates. I'm so happy I found the Podfeet podcast and that it led to a reconnection with some dear old friends. Here's to another thousand episodes. Hey, Allison and Steve and everybody out there in Podfeet Nozilla cast land.
[37:36]Happy 1000th episode it's dave hamilton from mac geekab and i know we hit our 1000th episode before you but you started doing this whole thing before us so i i think you still retain bragging rights to that so amazing it's been such a pleasure getting to listen to the show and really getting to call you and steve friends uh that means the world to me and i am so stoked to see you hit quadruple digits and beyond. So have fun and keep up that Macintosh bias. Keep up that Apple bias and don't get caught.
[38:31]Even though I subscribed to a ton of podcasts, I have an ever-so-slight bias toward yours. Congratulations. Hi, Allison. Hey, Steve. This is Nightwise calling to congratulate you on your millennial episode recording. I just want to take the time and thank you for your contributions to podcasting over the last years, delivering consistent and high-quality content shows, a thousand episodes in a row. From the dawn of podcasting, you have always been a consistent source of well-researched Apple content that was only ever so slightly biased. In my quest for the source of the Nosilla cast's success, I have often wondered just what it is that makes this show tick and rack up a thousand successful episodes.
[39:15]Is it the insightful, intelligent, and well-researched content? Is it the highly professional production quality? Is it the wide range of topics that somehow still stick around the central theme? Or is it the gracious, talented host with her unwavering sidekick? All of these elements have been crucial, I'm sure, but what makes it really special? I think I have found the secret element of the nocilla sauce that has boosted this show's listenership around the globe and even onto the communication consoles of many ships in the Imperial Klingon Defence Force. It is the intermittent edition of Belgians.
[39:56]Yes, throughout the community, the content and the travels of the Nosilla entourage, Belgium and its charmful inhabitants always seem to be present in some shape or form. Whether this be Bart's insightful work, Peter and Stefan's editions, the rantings of yours truly, or things like Stofli's chocolate and Stephen's gluck. The country whose national symbol is an underage naked boy taking a wee in front of hundreds of Chinese tourists has been a pivotal element to the Nocella cast's success. So in name of all my fellow countrymen inhabiting the nation that American thinks is an airport, court that has a cheese that is older than the American Constitution, and it hosts the greatest concentration of Nocilicast fans, I truly say, congratulations, Alison and Steve.
[40:48]
1000 Group 4 - Steven Goetz, Peter Boodts, Ian Prinssen, Thomas Mattock, Ron Burch
[40:49]In this group, we have inputs from Allison's tech advisor, Stephen Goetz, friend from Belgium, Peter Boots, long-time listener, Ian Prinson, frequent contributor, Thomas Matic, and good buddy, Ron Burch.
[41:05]1,000 episodes. I don't remember when I first started listening, but I'm sure it was double digits. The work you've put into making such a consistently good show filled with useful knowledge is much appreciated by the community that is built up around your show. I loved finally meeting you and Steve last year. I look forward to your shows and your community for many more years to come. This has been Stephen Goetz from Canada offering thanks and congratulations on 1,000 episodes. Hi, Alison. It is amazing. I still can't believe it. 1,000 NocillaCast episodes for us to listen to. Every episode filled with the new text of things to be solved and even dumb questions.
[41:47]I've been a listener for almost the beginning, I guess, and even was on the show once, long ago. In the past years, I got to learn about your children growing up, having grandchildren, a cute dog, and your car, of course. Wax on, wax off. We've met in person in Belgium, together with Joe and Saskia, not one, but two times. first in Antwerp, my hometown, and a few years later in Brussels to taste those famous waffles, amongst other things. I found out that you and Steven are as nice in person as you are in the virtual world. I don't know if I should wish you another thousand podcasts, but anyway, have fun with an ever so slight Apple bias. Greetings from Belgium.
[42:37]Hi Allison, long-time listener Ian Prinson here to wish you congratulations on hitting 1,000 episodes. It would have been great to say I've been here since the beginning, but I learned about the Nosilla cast in the teen episodes, back when I couldn't find anyone who knew what a podcast was. Each week I loaded you on my Rio MP3 player with 128 meg of space, along with Tim Burporton, Adam Christensen, and one or two others that went by the wayside. I've enjoyed being part of the Nosilla Castaways and appreciate how you welcomed and encouraged Daniel when he was just 11 years old. Of course, your encouragement of Daniel cost me two tickets and a hotel from Axtalk back in 2017, but we finally got to meet face-to-face after 11 years of email correspondence. It's amazing you and Steve have kept and grown this fun community for 1,000 episodes in 19 years. So today we're celebrating you for having the bravery to pick up a microphone for 1,000 times, for finding and sharing information and being the heart of a worldwide community that looks forward to getting our weekly dose of Apple Bias. Cheers and happy feet! Hello, Allison and everyone. This is Thomas calling you from New Hampshire.
[43:47]Just wanted to chime in on the momentous occasion of this episode and thank you to Steve for putting this all together. I appreciate Allison's willingness to talk about the blindness part of apps and testing out accessibility things and telling the app makers and website designers when they've possibly overlooked an accessibility, something or other and being willing to test it out for us and showing them how maybe to fix it. And it's greatly, greatly, greatly appreciated. You've all done good work.
[44:26]Hello everybody, this is Ron Burch coming to you live from SoFi Stadium in sunny Southern California where we've gathered over 50,000 fans to salute podcasting pioneer Alison Sheridan on the day of her 1,000th NoCillaCast. From the day she picked up her first microphone to today's incredible live shows, Allison has grown the NoCillaCast to become a global beacon of community, fun, and information, with just an ever-so-slight Apple bias. Congratulations, Allison, on your incredible 1,000-show run, as we look forward to NoCillaCast's future.
[45:16]
1000 Group 5 - Victor Cajiao, Listener Lynn, Trevor Drover, Joe Dugandzic, UseTheData, Steve Harris
[45:14]Back to you, Steve! Now for feedback from longtime friend Victor Cajiao, host of the Typical Mac User podcast, longtime friend and master dessert maker, listener Lynn, friend from Australia, Trevor Dover, fellow podcaster, Joe Duganzik, Bruce Wilson, aka Use the Data in our chat room, and Steve Harris, creator of Allison's Beloved Feeder and master of Snark. Hey, Allison, Victor Cajal, congratulations on a thousand shows. You are just an example of a person who is willing to give so much. Your thoroughness, your passion for getting things correct and teaching a wide variety of people with a wide variety of experience is just contagious. Thank you so much for everything you've done for the Mac community. Thank you for being a friend of mine. You and Steve are dear friends, and I hope that the next 1,000 shows are just as successful and insightful as the last 1,000. Congrats!
[46:22]Greetings from listener Lynn. I had the pleasure of getting to know Allison in real life well before she started podcasting. After we bought our first Mac in the 90s, we joined our company user group where we met Allison and Steve. After many years, Allison and I even worked in the same department and we have stayed in touch since retiring. If I remember correctly, engineer Allison wasn't so sure about STEM becoming STEAM, but I think her artistic side shows in all her her podcasts. She shares useful information, crazy stories, and has formed connections with a wide and supportive community. So congratulations on a thousand episodes and I look forward to many more. This is Trevor from the Australian Capital Territory. I've been with Alison for most of her 1,000 episode journey. I was intrigued by this interesting character that had a regular guest spot on Tim Verporten's podcast, so I subscribed and haven't missed an episode since. I had the opportunity to meet Alison and Steve when they visited Australia in 2012 and had a fabulous evening with them. Congratulations and thank you both for all that you do for those of us with an ever so slight Apple bias. Hey Alison, it's Joe Duganzik of, well, formerly of Smarter Home Life.
[47:44]1,000 shows? Well, number one, congratulations. That is a major, major accomplishment, and way more episodes and shows than I had ever done in my own podcasting career.
[47:58]Although I would say, and maybe this is cliche to say, Podfeet doesn't look a day over 100. But your podcasting skills, of course, certainly have been enhanced and refined over the years. But one thing I would say about your show and everything that you do is your level of detail, research is unmatched. It's stayed incredibly consistent and perhaps grown over the years. I think it's unmatched around the tech podcast world. So keep up the great work. And here's to your next 1,000 shows. Congratulations again. Hi, this is Bruce from East Tennessee, also known as Use the Data. Congratulations to Allison for reaching 1,000 episodes and for the community that you've built. What's the problem to be solved is now a regular part of my thought process. I've learned things about how to explain technology and better consider technology from the perspective of different backgrounds and abilities. I've made new friends and I've gotten to learn from their insights. And I've probably bought a few things I might not have otherwise. So thanks for all of that, and I look forward to the next 1,000 episodes. Peace, and may all continue to find beauty in the world around us.
[49:23]A thousand! You don't look a day over 999.
[49:28]Congratulations on meeting this tremendous milestone. That's persistence for you. Mind, we're still waiting for your mother's prediction to come true. Anyway, I know I speak on behalf of developers everywhere when I say, take a break. You deserve it. A few months, a few years, a single day. Just stop with emails, okay? Just for one day.
[49:53]Okay. I can't let that one go. I know I said it was going to hold my thoughts to the end, but anyway, you may be wondering what Steve was talking about when he said, we're still waiting for your mother's prediction to come true. This is a really deep pull. In 2013, my mother, affectionately referred to around these parts as the pod mom, came on the show to review an accessibility tool she was enjoying. It happened to be Mother's Day, and she ended the conversation with a level of snark that might even be higher than Steve Harris's. I'm going to play that for you right now. So I want to say hello to all of you, and I know you all have good mommies because you listen to Allison. And just continue to listen to her. Someday she's going to get it right.
[50:39]All right, Mom, I think on that note I'm going to just cut you off. Happy birthday. Oh, dear, you don't like my words of wisdom. Goodbye, sweetie. Love you all. Well mother thank you for the encouragement and support all right back to steve,
[50:55]
1000 Group 6 - Allister, Steve Ewell, Noblesongster, Oliver, Pilot Pete
[50:55]our next group includes friend from new zealand alistair jenks aka z carge in our chat room our ces buddy steve ewell head of the cta foundation bruce aka noble songster friend from germany and ceo of boink software oliver breidenbach and friend pilot pete co-host of the MacGeekGab. Hi, it's Alistair Jenks from New Zealand. When Steve made the call for submissions for the 1000th episode, he said of Alison, she has produced a Nocilicast podcast episode every week without missing a beat. Speaking as a person who has directed 1% of those episodes, I can attest that the total amount of effort Alison and Steve have invested in this community is simply enormous. We are lucky to share in something Something that is not so much a podcast with a community as a community with a podcast.
[51:51]Hey, Allison, it's Steve Ewell. Big congratulations to you and Steve on reaching a thousand episodes. That's a major milestone. I listen every week and look forward to seeing you each year at CES. And your slight Apple bias might be rubbing off on me. I just picked up my first Mac since System 7 way back in the 90s. So congrats again, and I look forward to listening to many, many more.
[52:20]Hi, Allison, Steve, and Bart. Thank you to each one of you for your effort, knowledge, and passion for this podcast and this entire community. Allison has led and turned a desire to share what she has learned by annoying her friends, co-workers, and family into a world-renowned media empire of doom, trademark Donald Burr, that we all benefit from and enjoy, even though it costs us money from time to time. We enjoy hearing about her endeavors to wrangle technology and her accounts of talking with, quote, my new little friend on the phone in a support role and how she winds her way through trying to solve a problem, even though sometimes there isn't one. Mac Pro with battery drain is an example. Allison, thank you for all that you have done and continue to do for all of us. It was very memorable and enjoyable meeting you here in Dallas, and I hope to be able to meet you in person again someday. Steve has been a mostly silent partner working behind the scenes, but his contribution is almost as significant as Allison's. From the editing of content, periodic reviews, and who can forget the yearly reading of The Night Before Christmas. I truly love that and look forward to it every year with a sad reminder that Honda Bob is no longer with us. Thank you, Steve, for all your hard work and contributions to this worthwhile endeavor.
[53:39]BART is the technical ocean of knowledge in this podcast. How can we get by without the weekly Security Bits and Programming by Stealth? Not counting his Let's Talk Apple and Let's Talk Photography podcast. Your depth, breadth, and deep understanding of so many technical topics is amazing. And this is coming from a guy with a BS degree in computer science and a 40-plus year career in IT. I wish Security Bits was at the end of every show every week because I get so much out of this part of the show. Thank you. I listen to quite a few podcasts, but this is one of my top two that are on the top of my list of most desired to listen to. The other one getting the top spot Monday through Friday being Ken Ray's Mac OS Ken. I'm sure we're all very grateful for everything you do and wish all of you the very best. Hi, Alison. Congratulations on 1,000 episodes of NocellaCast from me and the Boeing software team. It has been a pleasure to interact with you and Steve over what now must be decades since we first met. I hope the 1,000 episodes count for your step counter so that you stay healthy and fit for the next 1,000.
[54:57]Allison, Violet Pete here. Congratulations on the monumental milestone of 1,000 consecutive NoSilkGaft episodes without missing a beat or a week. Look, here's to 1,000 weeks of tech reviews sharper than a new Apple Pencil. Software tutorials clearer than a freshly clean screen and problem solving skills that make MacGyver look unprepared. Your dedication not only keeps the tech world spinning, but also ensures everyone can hop on for a ride no matter their ability. Thanks for making can't a word we only use when we run out of coffee. Look, here's to a thousand more fantastic episodes of Diggory. And the best part about this show is by listening to it, I got to meet you and I have a new friend. What could be better than that? God bless you. Keep it going.
[55:49]
1000 Group 7 - Kelly Guimont and Mike Rose
[55:49]Our final input is a bit longer, so I didn't group it with anyone else. This feedback is from Mike Rose and Kelly Goumont, hosts of the After Show podcast.
[55:59]Hey, everybody. I'm Mike Rose, and I'm joined by my podcasting partner in crime, Kelly Gamont and we are the after show and we're so thrilled to celebrate in a very small way the 1000th Nozilla cast that is my goodness insane insane I mean Kelly Kelly and I have been doing this more or less for since the after a fashion after a fashion since the late 2000-ish period. Yes, the late aughts. And we're nowhere near a thousand episodes. It's insane. I mean, to be fair, we are not literal weapons grade engineers who are trying to do this either. So, you know, we do not have that going for us, unlike some people. Unlike some people. Well, I just my I'll share my experience of Allison. She has always She always impressed me as someone who had her act together, and that was before I got to know her a little bit. So I was familiar with her work. I was familiar with the show back in the day, and then got to meet her at Macworld.
[57:11]And then got to hang out with her at MaxDoc. And in addition to being incredibly smart and incredibly capable and organized and compelling and informative, she also is an incredibly sweet and inclusive and funny person. And if she wasn't so nice, it would be terribly annoying. But she's delightful.
[57:34]She's just – and she goes the extra mile to help keep people included in her work. And I think that is magical. And so I am thrilled to celebrate this milestone. And KG, you've known Allison, I think, longer than I have. Have i think so um i think we became known associates at mac world um uh i still aspire to allison's level of i'm not sure this is a word poop in a groupedness um.
[58:05]Because i don't i don't think on my best day i've ever been as together as allison on her worst day and i am always in awe of that um i mean that's only a small fraction of why why uh we're hitting four digits worth of episodes here um allison uh is also the thing the other thing about allison is uh she has she definitely has a tendency toward mischief, uh not not evil um mischief occasionally can lead to hijinks possibly an escapade, if you play your cards right um so i've had uh several such events with allison from uh going on stage at max stock to help her hitch up her pants because the battery pack was dragging i remember i witnessed this i remember witnessing this i've been i i have like i have been live on the internet hitching up her pants uh like a pro i'd like to add um.
[59:04]And I think someone made a gif of it later. But also just in the inclusivity and the noting of, you know, I always felt like I got a lot of encouragement for not being your standard issue tech person, much like Allison is not your standard issue tech person. And uh we always have a good time together and she's always willing to be the she's she will always happily be the first person to say do you want to sit with us do you want to what do you think about the thing that we're talking about that you walked up on or you know we were walking and came by you and you are a person who will have opinions about this so i want to ask you about it and uh you know and it's really not honestly all that different from when you see live interviews with Alison when she's talking to other people. She's always super interested in other people and their deal and what they have to say, and is also interested in making sure that everyone.
[1:00:06]Can see or hear or experience whatever it is in whatever way is easiest for them, which is another thing that I always really appreciate about her. And she's helped me up my own accessibility game as a result of that so um i very much appreciate all of that i appreciate all of the uh beverages we have consumed together over time uh she's been in town a couple of times a couple of times to visit other people and um you know and i've ended up getting to meet up with her and we we always have a blast and i just really and i i love i love listening to the show and i very much appreciate.
[1:00:45]Everything that she does to not only put her own view out into the world, but to make sure that lots of other people get an avenue where maybe they didn't before. And she makes building the Podfeet community look effortless, which I also just am really impressed with, because I know how hard that is to do. And not only is it hard to do, it's hard to maintain. And then it's hard to make it look effortless and she just makes it look effortless i i i think that that's the that's the word we're looking for grace and and making it look effortless knowing that she's working incredibly hard to make all these things happen so allison we adore you congratulations on this milestone and thank you for everything you do for the mac community and the pod feed community you are the best congratulations on one thousand shows congrats.
[1:01:36]Well, that one really surprised me, and I'm just blushing here. I'm just, I have so many emotions and thoughts going in my head from all these wonderful contributions, from the serious to the silly, from the genuine to the snarky. I loved every single one of them. Now, the most prevalent thread seems to be the feeling of community. Starting the live show many years ago seems to have been kind of the catalyst for so many NoCellicast ways getting to know each other, not just getting to know me and Steve. The Slack community is also a very powerful way that we've been able to bring people together and new friendships are forming there. It's also interesting how many of those who contributed content to today's show, we've ended up meeting in person at some time along the line. Now, there's a few stragglers left, but I intend to meet you all eventually. I know Bruce used the data, almost made it to MaxDoc last year and got COVID on the plane on his way there. So he's going to be there this year. So we'll check another one off our list.
[1:02:31]Now, for the 99% of you out there who sit quietly and politely listening to the content we produce here, or possibly just yelling at their podcatchers, but I never get to hear from you, thank you for listening and subscribing too. I love that we heard from people who live in my own neighborhood, people all across the United States, and people from countries across the world. And these testimonials remind me that I have so many genuine friends because of the podcast, and we may not be able to get to go out for a refreshment together, but we talk nerdy tech, we have some laughs, and we take care of each other when things aren't going well. I can tell you, I feel very loved right now. If that was your goal, you achieved it with flying colors.
[1:03:11]
Support the Show
[1:03:12]Well, on this day of celebration, I want to just take a pause and thank all of the people who have supported the show financially over the years. Whether you still support the show now, or if you felt it best for you to drop off, that money went a long way towards helping to pay for for things like software, microphones, and database web servers. It's also gone a long way toward showing me your appreciation for the work we do here.
[1:03:33]
Security Bits – 2024–07–07
[1:03:34]Music.
[1:03:42]Thank you for watching. Well, it's that time of the week again. It's time for Security Bits with Bart Buschatz. But before we get started, I'm not going to let him get a word in edgewise. Because I want to take a moment to just recognize Bart for how absolutely integral he has been to the new Silicast, getting to a thousand episodes. I'm not sure if you guys realize, but it's not just that he does security bits and programming by stealth and taming the terminal and chit-chat across the pond. He's my constant source of inspiration to become the best nerd I can be. And he's there in so many crises for me, both of a technical nature and in my personal life. He's He's one of my very best friends in the world, and you absolutely would not be listening to No Select Cast today if it weren't for him. So thank you, Bart. You're welcome. And now I'm all blushing, but people can't see. So that's all good. Well, I mean, it's funny because I think it's a very, I think we're very simpatico with each other because you helped me be a better nerd because my tendency before I met you was to always blame the tech and never blame myself. And you have taught me that when you work at it the opposite way around, you may end up in the same place. The tech may actually be broken, but if If you start from the point of view of it's me, not it, at least when you do get cranky, you've earned it.
[1:05:00]Well, and you realize that it's kind of delightful when you find out you're the one who messed up because you're a lot easier to fix than convincing some developer to change their source code. That is also true. And I guess the other really big thing, you and I are kind of opposites because I'm very much an introvert and you're very much an extrovert. And so I could never run a community. community I tried I'm terrible at it it's it's it's just not my thing whereas you feed off a community so you have made this amazing community in the Nassau Castaways hello all of you listening like you guys absolutely rock and I just get to come along and enjoy the community and I I enjoy that oh so very very much and you know I don't know what I'd be doing without yourself and Steve and our work together but I know it'd be I'd be less that's great that's great I think you know, it's never, it's never like a pull for us to get together. You know, neither one of us is like, come on, come on, come on, let's record. Or can we talk about this? It's all whatever the other one wants to talk about. The other one's like, sure, that sounds great. If you're passionate about it, then I am. And I think that's why it's, it's lasted because there's never, I don't know, it's work, but it's not effort. Does that make sense? I was going to put it exactly the opposite way. There's effort involved, but it doesn't feel like work.
[1:06:21]I guess that's sort of the same thing. Yeah, it's not something you don't want to do. It's something you get pleasure out of doing the work. You know, it's good to do. I mean, I don't know what, I just can't imagine not trying to, you know, collate and pare down the security news or sharing whatever cool nerdy thing I want to talk about on Chit Chat Across the Ponder program myself. But I just can't imagine not being able to do that. I think I'd be really frustrated. I think I'd be really cranky if I didn't. I mean, you described that when you set up the podcast that you were annoying people by talking about nerdy stuff and then you set up a podcast. Well, you're my outlet for that too. So the people in the grocery store, thank you for having this outlet. Otherwise we'd be going, hey, look at this watch band I got. It's really neat. I think my husband probably more than anyone else.
[1:07:12]That's for sure. Sure, that's for sure. Well, this has certainly been a really fun show for me. We're winding up the Love Fest, but it couldn't go by without thanking you for your contribution. And several people have just described what they see in the show and the contributions you make. So thank you, Bart. Now depress us with some terrible security news. Remember palate cleansing. Remember palate cleansing is all I'll say. So we're going to start with a little follow-up to things we've talked about before. So the Snowflake supply chain attack continues to have fallout. Another big name has confirmed that, ah, yeah, that was kind of us as well. Neiman Marcus were caught up in it. Thankfully, the biggest danger seems to be targeted phishing because they have lost basically information about what you've bought from Neiman Marcus and your customer number and stuff, but not your passwords, your credit card number. So someone could convince you they are Neiman Marcus, but they couldn't steal your money directly. So bad, not terrible.
[1:08:17]And we also talked about how Meta pulled a fast one and changed their terms of service to say, yeah, we can just use your data to train our AI. And in America, there's no option to opt out. It's just, this is our terms of service now. You are on Facebook. That is that. And in Europe, I remember I quipped, I don't think this will fly. And then two weeks later, I came back on the show to say, yeah, so that didn't fly. Well, it's also lost its wings in Brazil, where Brazil's equivalent of the European Commission has just told Meta to stop there, too. So Brazilians, Europeans, and that seems to be it, are not having their data hoovered up for Meta's AI. But unfortunately, at the moment, everyone else is. So maybe others will follow suit and...
[1:09:02]Stop doing that. Or at least let people opt in or out, you know. So there we are. Now, I have a deep dive, which is one of those ones where there is a lesson to be learned here. And if it wasn't for the fact that we also do programming by stealth, I wouldn't have put it into security bits. But because it's kind of our audience, and I sort of feel slightly bad that I gave you good advice on programming by stealth all of those years ago, but I gave it quietly and I didn't make a big song and dance about why I was giving this advice. And with hindsight, I wish I'd shouted a bit more about this advice. Okay, I'm beating around the bush a bit here. So I'm going to jump to the TLD or if you make websites or web apps, be careful where you load your JavaScript libraries from. Because the place you load the library from, the content delivery network, you're trusting them. You're trusting them to basically not take over your website. Site you've invited essentially telling them inject this code into my site right right which means it runs inject yeah which means the code they send you runs as you and that isn't that isn't without risks and to prove the point we have a specific story which is the polyfill cdn fiasco i've called it oh and i've spelled polyfill wrong for the five millionth time and corrected at all but one of them. There's one L in polyfill, Alison. I will fix that. It's great.
[1:10:30]So I'm going to give you the summary of what happened. And I'm actually just going to quote Qolsys because their blog post broke the news and their write up is fantastic. And I was trying to rewrite it myself and I was like, yeah, but I'm no better than this. So I'm just going to steal from them. So the polyfill.js, which is a weird way of saying it anyway, the polyfill.js is a popular open source library that supports older browsers. Thousands of websites embed it using cdn.polyfill.io. In February, a Chinese company bought the domain and the GitHub account. The company has modified polyfill.js, so malicious code would be inserted into websites that embed scripts from cdn.polyfill.io. Any script adopted from cdn.polyfill.io would immediately download malicious code from the Chinese company's site. Some of the known outcomes are users would be redirected to a scam website, allows an attacker to steal sensitive data, potentially perform code execution. Given that modern browsers do not require Polyfill, the original Polyfill author recommends not using Polyfill at all. All websites should remove any reference to Polyfill.io. Recommend that alternative CDNs are Cloudflare and Fastly.
[1:11:56]For, well, let me back up and ask a question before I get to my secondary question because the last thing just blew my mind. This is a case of where I always ask you this question is how do you be careful? Polyfill.js was a good open source library. It did provide a good function. So being careful, you would have picked this. This would have been a reasonable thing to do. So it's not just be careful. It's somehow be careful five years into the future? It's be careful and stay current because the author of Polyfill archived the GitHub project in 2017 saying its time had passed. Move on. Don't use this anymore. But how would you know that?
[1:12:34]At the time, it made quite a bit of news that you should stop using Polyfill, but people didn't. It's a difficult one. So I would say... Right? Right. So when you're picking a CDN, they fall into two categories. You have CDNs for one specific thing, like polyfill.io, and you have CDNs for every one, like Cloudflare or jsdeliver. And the ones like Cloudflare are way more trustworthy than any specific, I only do this one thing, because when that one thing becomes unfinancially viable, the domain will be that lapse, and then anyone can whoop up the domain. So try as hard as you can not to use little CDNs or specific CDNs, maybe? Targeted CDNs, like narrow CDNs, or maybe not as good as a bigger one? That's the perfect way to say it. Yeah, don't go narrow. go with, really, in terms of CDNs, Cloudflare are hard to beat and Cloudflare have earned our trust. So I didn't even know that Cloudflare was a content delivery network. I mean, now it's starting to sound like they're the kitchen sink.
[1:13:40]Well, if it involves the internet, Cloudflare do it. Whether they're the world leaders in it or just one of the world leaders in it, it varies. But Cloudflare now do DNS. Their 1.1.1.1 is, I find, preferable to 8.8.8.8 which i used for decades right they do amazing web proxy yeah i mean yeah they are basically good internet citizens whose business model is based off a freemium model where regular folk get stuff for free and corporations pay for it and they don't make money by selling your privacy it is purely the big guys pay for the little guys and that is Luckily, we're little guys. Well, yeah, exactly. With my professional hat on, I'm not a little guy anymore. So I know who pays for Cloudflare. Because there are lots and lots of, like, universities all over the world pay for Cloudflare. They provide an amazing service at a fair price. But we do pay a price if you're at that level. Sure. Whereas you and I don't. And so I love the fact that when you follow the money, you end up with a place that's really healthy. When did they start becoming a content delivery network? Yeah. I honestly don't know. I honestly don't know.
[1:14:55]I do want to draw attention to what Bart has in the show notes, that they now provide an option to have their service automatically replace your polyfill.io links with their CDN, so you don't have to do any work. Just go over there, bing, you're good. Yeah, because basically their big, big, big feature is that they will proxy your website. So the public DNS of your website is their servers, and they then reach back to your server only every now and then to refresh the cache. So your server gets saved from like lots and lots and lots of work, which is great, but also they get to clean the data as it passes through so they can do virus scanning and all sorts of things and they can do a find and replace as the content comes through and basically strip out that polyfill and replace it with something else. They can polyfill the polyfill, which is amazing. So yeah, that's really cool. uh another interesting thing that happened after the news broke about polyfill which was a big deal because it affected hundreds of thousands of websites a second story broke that actually smaller single purpose very narrow cdns have been falling for the last year or so since 2023, and it appears it's all the same chinese crowd doing all of these so they were starting with small, very, very narrow CDNs and they finally bit off a big enough one to make the media when they did Polyfill.
[1:16:20]So that is interesting, which double underlines the point that, you know, and the great thing is when we were doing programming by stealth, we were using JS deliver for mustache and all of those kinds of imports. So we were doing the right thing, but I didn't, I said it was, well, these guys are reliable. They won't cause downtime. I didn't say, and they won't result in your site being hacked to pieces. I wish I had made a point of underlining. It's not just reliability, it's safety. And I think that's because I was too naive. I mean, we were doing the JavaScripts with, what, three, four years ago? I was a lot more naive back then. Yeah, I think this is one of those things where as the internet changes and morphs into a worse place, our naivete comes into play. I mean, we used to have four-letter passwords too, right? Right, right, right, right, exactly. So I also have then, so that's the what happened in a really quick summary. I also have the backstory here because I kind of think this is interesting as well. So we used to live in a world where browsers were a train wreck, right? You had to do different code for Internet Explorer and different code for Firefox and different code for Netscape. And you had, you know, when someone would make a cool new feature, it would take 50 million years for it to roll out to all the different browsers. And that leaves developers with two choices. Only use the stuff that's backwards compatible or work around it by simulating the missing features with features that do work everywhere.
[1:17:50]And developers don't like not using shiny new tools. They much rather the idea of simulating those new features so that they can write their code as if the new features existed. And this is where the technique we now call polyfill came from. So polyfill has become a thing because of how terrible web browsers were. And polyfill now exists in Python and PHP and other languages that have had a bit of a rocky history, like Python 2 to Python 3. That was a rocky upgrade. And so there were polyfills so that Python 2 code could do Python 3 things and that kind of stuff. And PHP is, oh, don't even go there. But anyway, so the Wikipedia article actually describes the idea of polyfill quite nicely. So in software development, a polyfill is code that implements a feature of the development environment that does not natively support the feature. Most often it refers to JavaScript code that implements HTML5 or CSS, either in an established standard or older browsers, blah, blah, blah.
[1:18:47]Polyfills are also used in PHP, Python, and so forth. Actually, in hindsight, they didn't say that very well at all. basically you write code in the new way and it works magically on the old stuff because you just include the polyfill that someone else wrote that's the big key because if you had to write the polyfill yeah be just as much work as not using the the new shiny code but someone else has written the polyfill and here's the thing so there was a genuine open source project called polyfill js that was never malicious but they never ran their own cdn polyfill.io was never never official. It was always an unofficial mirror. And it was done initially because it was just seen as, well, this is a good thing to do for the community. Polyfill is really important. So this is a great service to provide. But browsers don't need Polyfill anymore. So the need for the polyfill.io went away. And eventually the people stopped paying for it because it was providing no real use. And so it was snapped up in February by this Chinese crowd who didn't do anything immediately. What had happened, there was a lot of discomfort on the web and everyone watched them really carefully and they did nothing for a couple of months and then they struck two weeks ago.
[1:20:00]So the Polyfill that I owe was never official, which makes it that extra little bit nasty. And it's kind of like, well, there's just, there's no need for Polyfill anymore. So basically we have technical debt all over the web where someone wrote a website for a company a decade ago and Polyfill was a thing. and now it's baked into all of these websites. And the developers have moved on, the companies may have gone bankrupt, so you have all of these websites with this old stuff baked in, which is why Cloudflare's service to strip it out is so unbelievably important. Because if you have a legacy web infrastructure, you may not be able to go in and change, do a find and replace. You actually might not be able to, so you actually might need Cloudflare to do it for you. Oh, wow. Well, the key lesson to be learned is choose your CDNs with care and I really wish I had underlined that more in Programming by Stealth.
[1:20:52]Right. Action alerts. There is a theme, by the way, to today's show. So the snowflake was a supply chain attack. Polyfill.io is a supply chain attack. We have lots more supply chain attacks. So the first biggest piece of headline, because if you run WordPress, you need to listen very carefully to what I'm about to say. You may have some work to do.
[1:21:13]Some attackers managed to booby trap five, one, two, three, four, five plugins in the wordpress.org database. So if your website was set to automatically update these plugins from wordpress.org, those plugins were manipulated and wordpress.org distributed broken, hacked versions of these plugins. ins. So social warfare was hacked. I don't even want to guess what that does. I'm assuming it's something for making very aggressive Twitter buttons. I don't know what social warfare is. But anyway, if you have that installed, a thing called Blaze Widget, wrapper link element, contact form seven multi-step add-on. Now this is a plugin to a plugin. Contact form seven is really, really, really, really, really, really, really popular. Contact Form 7 was not hacked. But the plugin to the plugin called Multi-Step Add-On was hacked. With another hat on, that one caught me out because I thought, oh my God, everywhere we use Contact Form 7, we're in trouble. No, no, no, no, no, no. It's a plugin to the plugin. So phew. And something called Simply Show Hooks also had this problem.
[1:22:28]Four of the five have been patched. So if you have them installed, you now have a not broken version, but you have to check your WordPress site for a new administrator account you didn't make. Because if you're infected, that's what happened. There's now an extra administrator.
[1:22:47]Yeah. Oh, that's terrifying. Yes, it is. The final plugin, Simply Show Hooks, no fix yet. So that's when you delete from your WordPress site. Now, it's just when you delete and then you check for additional admin accounts. So, there we are. Okay, that's the scariest thing of the whole, that's the single scariest story for the whole thing. But again, supply chain attack. The next story, when I read the headline, I panicked because I thought, oh no, I'm going to have a terrible week in work. Because the headline is, Critical Remote Code Execution Bug Found in OpenSSH SSH Server.
[1:23:30]That is the SSH brain of just about every version of Linux, right? When you SSH to your Linux server, your SSH is into SSHD, which is Open SSH, SSH server. That's what SSHD stands for. There are some silver linings here, or whatever way you want to phrase this. The exploit is real, but it's not one of those ones that's easy to exploit. It's a timing attack. So the attacker has to try this hundreds of thousands of times. And every time they try, there's a timeout has to happen before it might break. And so in reality on a 32-bit system it takes about 10 hours to break in and on a 64-bit system it appears to take longer than the age of the universe so as things stand anyone who's on a 64-bit version of linux is actually fine so that's the first silver lining because most people who are not running some sort of an embedded system like if you're running a scada system or something you may have a much bigger problem that you need to firewall off your ssh or something but for For regular folk like us who just run a server to host our website, they're going to be 64-bit. So for us, this is not panic stations. As soon as I saw it does not affect 64-bit, I was like, okay, okay. Phew. Would you suspect that's most?
[1:24:47]Yes. Okay, good. Absolutely. Absolutely. There's another silver lining. So that's already one silver lining, which already made me very relieved. This was a so-called regression bug. this had existed 15 years ago this bug and it was patched and someone made a very very small mistake and the patch fell out of the production version of the code oh no so the bonus got dropped well the fix got dropped because someone accidentally commented that the wrong the wrong if statement oh no um and the good news is that means that the bug was reintroduced in one version of OpenSSH and then very quickly fixed in the next version of OpenSSH. So the window is tiny. And an awful lot of Linux operating systems that are in production use, they don't follow very closely the latest bleeding edge version of OpenSSH because it's so critical. So the problem was actually, it was broken and refixed before those versions of Linux ever upgraded to the broken version. So they get to step over the broken version. Oh, that's good. So, Red Hat 7 and 8, CentOS 7 and 8, never had the problem. It's only Red Hat 9 and CentOS 9. And in terms of the Debian stuff, I'm not well up enough to know, but basically...
[1:26:10]The chances are high that you're running 64-bit. The chances are high that your server was never affected anyway. And even if your server was affected, the patch is out. So if you want to be absolutely, absolutely sure, log into your server and A, make sure that automatic updates are on, which means that you don't have to worry about this at all because it's taking care of itself. And if you don't automatically update your server because you want to assert control, well, now's a good time to assert that control. Just update your SSH. And then you'll be like three shades of safe. That's a belt, a suspenders, and some breeches. That's, you know. So this is thankfully not a catastrophe. The headline initially had me believing this was going to be. Phew.
[1:26:55]Now, the worthy warning section. This is never a happy place to go. So two-factor authentication is a big deal. And adding two-factor authentication to legacy systems is hard. So you can buy two-factor authentication as a service. So you can pay another company to do the two-factor authentication for your stuff. For one of those? For your site, you mean? Yeah, so maybe for your internal office app or something, right? It's very heavily used in the corporate world where they have an intranet that was written in 1752. And there's no way to get any sort of a multi-factor auth. So they basically put a third-party multi-factor in front of their legacy web app. And one of the companies that sell two-factor as a service is Authy, who also make an app a lot of people use to manage their Google Authenticator codes.
[1:27:51]So if you're using Authy to manage Google Authenticator codes, you're fine, because you're using Google Authenticator code. But if you're using Authy to sit in front of your corporate website and your company has enabled the option in Authy to use SMS-based two-factor authentication, you have a problem. Because there was a mistake in Authy's API and attackers were able to download the user names that match, sorry, the phone numbers matching the user names of all of those users who are using SMS-based two-factor authentication through Authy. Oh, no way. This leaves you open to two attacks. You can, if you're valuable enough, someone can do a SIM swapping attack against you because they now know which phone number to SIM swap to steal whatever it is, is in your Authy account. That's more of a risk for high profile people. But the risk of really convincing spam is also very high because they have your phone number. That makes it easy to pretend to be Authy. So if you're an Authy user who uses SMS, be aware of this. I'm hoping most of our listeners only use Authy to manage their Google Authenticator, so I'm hoping for most people this is a few. But I think it's important to say that if you gave your cell phone number to Authy, read the link from Bleeping Computer.
[1:29:19]Okay. Right, we're still in the bad news section. ChatGPT released their Mac app, app. Proving why you want to use Apple intelligence rather than native chat GPT. Because I'm going to quote from Apple Insider because they said it well. When everything is working the way it should on a Mac, data should be siloed between apps so no single app can access another app's data without APIs or user permission. Chat GPT decided to ignore Apple's guidance and broke that structure by opting out of sandboxing. MacOS gives you app sandboxing. You have to proactively choose not to sandbox yourself. They chose not to sandbox themselves. And then they logged all of the conversations you have with ChatGPT in plain text in the unsandboxed storage. This is in the MacGPT that you can download. The Mac ChatGPT app that became available for download just a week or two ago. The one I've been keeping open all day long and asking questions of every day ever since I got it? That's the one? That one. Yeah. I'm sorry. Yeah, that one. Now, it has been patched, so it now actually encrypts your data. Oh, yes.
[1:30:37]The thing is, so the risk here is that if there was anything nasty on your machine, it could read all of your chat GPT history because chat GPT is, what's in one app shouldn't be readable by another app. Right. But because they left it outside the sandbox, any app on your Mac could read that data if it wanted to. So the risk is probably quite low. But what it says about the company's mindset is what terrifies me. That they just went, ah, sandboxing, sure, why would we do that? That's not good. That shows a cavalier attitude to security and privacy that worries me. Yeah, that's not quite what I would have been hoping for.
[1:31:23]Precisely. So anyway, it's not catastrophe, but yeesh, yeesh. And the advantage Apple will have with Apple intelligence is that when you use ChatGPT through Apple intelligence, It gets routed through something that is exactly the same as iCloud Private Relay, which means that Apple is handling the local stuff. So it's safely sandboxed and your IP address and everything is hidden because you've gone through the relay. So it's actually much more privacy aware when it becomes available. If you live in a place in the world where it will become available to use Apple intelligence rather than native chat GPT. So it's kind of I thought I thought it was interesting to underline the point of why we want this. That's funny. When I pictured all this, I pictured it all on the iPhone. I didn't think about the implications to the Mac.
[1:32:10]But it would be the same. So yay. We're going to have the same experience everywhere. Yeah, there's no reason. I'm not saying that was logical. Right, right. I think Apple focused more on the phone because the amount of iOS users on planet Earth is so high that when they have something cross-platform, they always demo it on iOS. Because otherwise people might think, oh, this is a Mac-only thing and turn off. Whereas if they demo it on iOS, everyone's like, oh, I have an iPhone, yay. Right.
[1:32:36]Right. Notable news then. So again, this is our usual pattern. We start with the bad news and then I've backloaded the good news. And from there on in, it's all good. So the European Commission have dropped two absolute clangers in terms of the Digital Markets Act. The first one I was going to not mention here, but given that there's a second one, I'm going to say the European Commission have issued a preliminary ruling that Apple is violating the Digital Markets Act. They are not violating it for privacy reasons, they're violating it for gatekeeper reasons. So this is not really a security and privacy concern, but just to say it's not only Meta who are getting dinged. Meta, however, are also getting dinged. They also have a preliminary ruling against them, and for them it is to do with privacy. So the European Commission are making the case that Meta's pay or consent, So either you have to give us your personal identifiable information or you have to pay us 10 euro a month. That apparently does not meet muster with the European Commission. So they have done a preliminary finding against Meta. Now, preliminary, sorry, preliminary ruling. This is a weird European approach to things.
[1:33:53]So in America, you're probably familiar with the, like in America, when you hear ruling, you think this is the end of the process, right? Something has happened, a judge has judged, and this is now final, right? When I say ruling, you think final, answer. A preliminary ruling is like an indictment. This is the European Commission officially saying that they think Apple and Meta have done something wrong. And this is the start of a process where the companies defend themselves. And then in March of 2025, a final ruling will be issued. So it sounds like an end and that this is a decision. This is effectively an indictment. So this is equivalent to an indictment, not equivalent to a judgment.
[1:34:39]So we may use the word indictment differently, but I don't want to belabor that too much. But one of the things I wanted to bring up, I don't think I've talked to you about this, is on the Accidental Tech podcast, One of the things that they complain about constantly is the opaque process of submitting an app to be in the app store. So you do all this work, you read all the documentation, you do your very best, and you submit it, and they go, no. And you go, yeah, no, why? Well, you disobeyed something. Can you give me a hint? Paragraph. Yeah, and they give you a paragraph. It's like, yeah, but what I did, how is that? And you basically just have to keep guessing what the right answer is. And they are laughing their heads off at Apple and the DMA because it's like, guess again. You thought you did the spirit of the law, but you didn't. You missed. What are you going to do now? And I don't think either system, I think I would prefer, would be a little bit more clear. But it is interesting to watch them enjoying Apple going through exactly what they go through as developers. I would prefer neither of those things happen. and I would prefer developers had an easier time of things and the European Commission worked a little bit more proactively with Apple and Co. to make this not such an icky process. But it is definitely funny that they're reaping their own reward and they're feeling what it's like to be the little guy. Little karma.
[1:36:02]Yeah, definitely. Okay, so that is the low point of the notable news section, which isn't so low as low points go. This one isn't too bad. The next story I thought was going to be a calamity. It isn't a calamity. It's not good news, but it's not bad news. Team viewer were attacked by an advanced persistent threat, probably Russia. And the attack did make some inroads into TeamViewer systems. But TeamViewer do things right. So TeamViewer have a layered, segmented network. So the different pieces of TeamViewer can't talk to each other. So the attackers were able to get into TeamViewer's corporate office and to basically read some email from TeamViewer employees to other TeamViewer employees. But because TeamViewer's actual service to share screens is completely and utterly separate from TeamViewer Corporate, the attackers were not able to actually abuse any TeamViewer users. Which, given the size of TeamViewer, that would have been a calamity.
[1:37:07]So, you know. And this is an attempted supply chain attack that didn't come off. This is an attempt to do SolarWinds again. But it didn't come off. Because TeamViewer have their ducks very well in a row. So this is actually a good news story because TeamViewer know they are a target and their system worked. The attackers were not discovered six months after they got in. They were discovered within hours. They were very quickly ejected and the segmentation meant that customers were safe. So that's a really good success story. It kind of is, even though the initial headlines are like, oh my God, TeamViewer is hacked. The nuance is very different. Very different.
[1:37:48]Yeah. So there was another very near miss that we have now discovered. So you may have heard breaking news that something called CocoaPods is leaving thousands of Mac and iOS apps exposed to being hacked. And when I first read the stories, okay, good, because the stories, the initial stories were wrong. They were in the present tense, and they made it sound like there is a problem. What actually happened was last September, security researchers found a problem in CocoaPods, which is like NPM, but for people who write Swift code and the old-fashioned Objective-C code. So it's a place where you get libraries for writing your Mac and your iOS apps. Back in September, researchers discovered that there was a flaw in how stuff gets validated as it's being pushed into this library of shared code.
[1:38:41]So attackers could poison the library, and then developers using that library, their real apps would end up with the poison. It would spread into the apps, a supply chain, like Polyfilm. But it was discovered in September that this was possible. It was responsibly disclosed to CocoaPods, who fixed the problem. And now, almost a year later, we are being told that it happened and that all is well. Oh, good. Okay. So there was a real risk. It could have ended very badly. It didn't.
[1:39:18]So anyone in the present tense about, oh, my God, there's Mac apps at risk. And I saw so many headlines in the present tense. They missed the important point that this is now being reported on what was done and finished months ago. Responsible disclosure working as it should. Right. And this also is a failed supply chain attack. This was an attempt to do what Polyfill did. But it failed, which is good. And now we end on some genuinely good news. If you are fed up of there being only two big options for doing real-time online editing together, which is basically Office 365 and the absolute masters of the art who really made it popular, Google Docs, Google Sheets, Google Drive, etc.
[1:40:04]If you're fed up with the fact that the only two players are those two giant big behemoths, good news, there is another player in the market. It, Proton have joined and they now have an alternative to Google Docs. Not yet an alternative to Google Sheets, but hey, step one, the document editor, because that is Google Docs is more popular than Google Sheets. Yeah, now tell people why we're excited about Proton being involved in this. Yeah, so Proton, well, okay, so Proton are famous for ProtonMail, which which is a privacy-first email service. And they are set up in Switzerland and they have now reconstituted themselves into a charitable foundation to make it absolutely clear that they have zero financial interest in exploiting users. So their entire business model is based on a freemium, sorry, yeah, a freemium model, which is run at a break-even. So there is no profit because this is a charitable foundation.
[1:41:10]And so they can offer you genuinely free stuff as long as you're not a big organization, in which case you have to pay a fair price for it. And their privacy guarantees are audited and the guarantees they make that are audited are extremely good. So this is a privacy-first company who have been doing amazing privacy-first email. I think they also do a VPN if memory serves. Proton VPN. That does sound right, doesn't it? It does. It rings a bell. And now we have ProtonDocs.
[1:41:44]So this is to me a big deal because, you know, I always say follow the money, right? Because money lays down incentives. So when you follow the money, you're going to find the business model is either freemium, a charitable foundation, or in this case, both.
[1:41:59]Or it's going to be some sort of, we give it for free now with the intention of selling this whole thing off to some angel investors later, in which case you suddenly be, you know, you do your stuff for free and then you're sold and your privacy goes away. Or it's just freebie upfront. front they just basically were always monetizing your privacy that was our business model from the start but if you follow the money you will know whether or not an app is likely to be a privacy nightmare and when i followed the money on this story i was very pleased this is what we want so i'm really happy that this exists i wish uh wish they had sheets but hey this is that they had no they had no documents at all until this week so you know give them time they they seem to they They seem to, they want to compete with Google stuff. So this is good. This is, this is really good. I then have some interesting insights and I realized I am half missing an interesting insight. There is another link from Troy Hunt that needs to follow because he wrote two amazing blog posts, State of Data Breaches and State of Data Breaches Part Two. Very exciting. But the first post, I think he wrote in desperation. operation, I think he was having a bad day and needed to vent about how hard it is to be in the data breach business. Because he is the person in the middle between the victims of cybercrime.
[1:43:20]Cybercriminals, and the other victims of cybercrime, which is the users whose data gets breached. So the companies who are breached are victims of crime. The criminals do the breaching. And then the victims are also the users whose data get caught up in all this. So you have all those those three people and then you have law enforcement in the mix as well who are working maybe on behalf of the people who are in the breach and maybe on behalf of the companies who've just been breached or maybe on behalf of regulators who want to punish the companies who've just been breached and they don't want to talk to each other because they're all afraid of each other and they're all lawyered up and the only people they all talk to is troy.
[1:43:55]And I think it was getting to the point where he was just pulling his hair out. And so he just laid it out. This is how all of this hangs together. And that was very interesting, but it wasn't a happy joy joy, but it was really good to read. And then he followed it up with a part two where he tried to basically say, OK, now that I've had my little rant, here are actually the problems to be solved. And here are the actual avenues for how we could solve these problems and make this a little bit less sucky. So part two is kind of I'm really glad part two followed part one. Because part one on its own was fascinating, but somewhat depressing. Part two, at least, is less depressing. But I would say that people in this audience will enjoy reading this, because it gives you an idea of what goes into, okay, and have I been pwned, have just posted another breach. There's a lot that happens before the data gets on to have I been pwned, and Troy shared it all. What actually goes on in his life to fill that database. Oh, how interesting.
[1:44:55]Yeah, so really good. I also recommended on our Slack at podv.com forward slash Slack, the longest article I have ever recommended ever. This is like, I think this could be a book. I think you could publish this as a small novella. It is by a security researcher who I have followed for many years. He used to do a podcast and then pod faded, which is really sad because he was very good. But he's had his eye on the Mac for years and years and years. It's called Rich Mogul, and he now writes for Tidbits. We love Tidbits. Hi, Adam, now that you're a member of the family. But we love all the people at Tidbits because Adam doesn't hire bad people, right? So everyone who writes for Tidbits is amazing. And Rich Mogul writes for Tidbits when there's security stuff. He has written a post entitled, How Apple Intelligence Sets a New Bar for AI Security, Privacy, and Safety.
[1:45:47]And basically he says, Because what was it that Apple had to achieve in order to make Apple intelligence a safe and private place like nothing else is? And how did they do it? And he starts off by saying, I rarely give an unconditional thumbs up to something. I am giving an unconditional thumbs up to this. Apple have done the best that it is possible to do with the current state of technology. Oh, really? So he starts off with a pretty high bar and then he backs it up. And if you want to understand exactly how and why Apple intelligence really is different, He goes through it in great detail. I was pretty sure I understood how it hangs together. Now I understand where all the bolts are. Like, I don't just know that the knee bone's attached to the hip bone. I know that it's attached with an M6 screw, right? It's all in there. It's a really good read. I didn't put it down as a palate cleanser because it's a bit on the nerdy side, but it is a genuinely good read. So I do have a genuine palate cleanser because it gives me another chance to share with you a podcast I really like. It's called The Naked Scientists, which is a British science podcast.
[1:47:01]And a few times a year, they do a little mini series called Titans of Science, where they interview scientists near the end of their long and storied career, to talk about the arc of their long and storied career. And they're always fascinating people. And they're always really good conversations because the guy, the folks, in this case, the interviewer is a guy, but they have really good staff of all genders. They're just really good. They know their stuff. So they have insightful conversations. They're really good. Anyway, the conversation. So I'm recommending the entire podcast. But the specific conversation linked to is from the Titans of Science series. And it's with a chap called Jeff Hinton, who may be triggering a little bell at the the back of your mind because last summer he made a lot of noise by retiring from google, and on his way out saying yeah i really think we need to regulate ai because this is really dangerous yeah yeah yeah well he's known as the godfather of ai because in the 1970s he invented neural networks and everyone laughed at him for decades because we all thought that expert systems were the answer and only 20 years later did people start to take seriously neural networks and And spoiler alert, neural networks are what ChatGPT is. So he was on the right path in the 1970s.
[1:48:26]So inventing neural networks, so it's not about the models? Because there's a woman who is considered the godmother of AI, and it's because of her work with the models, not with neural networks.
[1:48:41]So you can't make ChatGPT without neural nets. And you can't make ChatGPT without a bunch of other model, like, ways of representing data, which is what the models are. So there's quite a lot of geniuses needed to get you to ChatGPT. There's not one stroke of genius. But one of the foundational strokes of genius is just the concept that why don't we make computers think like people? Why don't we, instead of trying to make them think like logicians, make them think like humans, right?
[1:49:15]Which is, you know, a pretty big deal. He's a fascinating, he's an English gentleman, and he is so understated, it's wonderful. You know, you made a lot of news when you left Google. I was like, I don't understand, why? I mean, I'm just a guy who says some stuff. Why is everyone taking it so seriously? I was like, because you invented this field? Ah, yeah, but still, I mean, you know, I'm not that important. Okay. Anyway, it's a great conversation. It's only half an hour long, and that whole Titans of Science, is really fun. You keep calling it Titans of Science, but it's really called the Naked Scientist Podcast. Right. So the Naked Scientist Podcast is like the NocillaCast. And Titans of Science is like Security Bits. They do Titans of Science in groups of a bunch of them. Every couple of months, they'll release six of them. And then they do their normal shows. So, yeah. Got you. It's a series within a series.
[1:50:10]Anyway, that is my bit of palate cleansing. And I didn't pull the show notes before we recorded, it, so I don't know if you added one, but that's all I got. I did not. I did not. Well, this isn't our thousandth Security Bits, but it's probably, and it's not 500, but it's probably 300 or 400 at least. So thank you again for bringing this to us. I know I sometimes think about, should I spin off Security Bits? And I still worry people will only listen to that, not listen to my drivel up front, because I know so many people just get so much value of what you do here, Bart. Thank you again and again and again. But like I say, thank you for having me because it's been so fun to be able to be involved in this show. So it's yay. I'm glad we both like it. That means we'll keep doing it.
[1:50:58]All right. We'll talk to you again next time. Indeed. And until then, folks, remember to stay patched so you stay secure. Well, that is going to wind us up for this monumental week. I want to thank everybody for this. It's just been a great time for me. Don't forget, you can email me at alison at podfeet.com. Anytime you like, like all of these people you heard talking about us, they did that and they could talk to us, contributed and got involved. And that's why everybody's having such a good time. If you have questions or suggestions, just send it on over. Remember, everything good starts with podfeet.com. You can follow me on Mastodon at podfeet.com slash Mastodon. If you want to listen to the podcast on YouTube, you can go to podfeet.com slash YouTube. If you want to join the conversation, station, you can join our Slack community at podfeet.com slash slack, where you can talk to me and all of the other lovely NoCilla castaways. You can support the show by going to podfeet.com slash Patreon or with a one-time donation at podfeet.com slash PayPal. And if you want to join in the fun of the live show, you're going to have to wait until July 21st to head on over to podfeet.com slash live on Sunday nights at 5 p.m. Pacific time and join the friendly and enthusiastic NoCilla castaways.
[1:52:06]Music.