NC_2024_07_21
The episode delves into tech discussions, Mackstock insights, Overcast app review, cybersecurity updates like Kaspersky's exit, cyberattacks, and data breaches. Recommendations are given for improving online security measures.
Automatic Shownotes
Chapters
NC_2024_07_21
Clockwise #563: Peripherally Curious - Relay FM
PBS Tidbit 7: jq to Analyze macOS Installed Apps with Helma van der Linden
The Flavor of Macstock 2024
CSUN 2024: ReBokeh iOS App for People with Vision Impairment
Overcast – New and Improved! – Another Walkthrough
Support the Show
Security Bits – 21 July 2024
Long Summary
In episode 1002, I begin by recounting my participation in Clockwise with Micah Sargent and Lex Friedman, covering topics such as text entry, user groups, iPhone dock apps, and ApplePay. Additionally, a Programming by Stealth segment by Helma Vanderlinden showcases using JQ to analyze installed applications on a Mac before migrating to Apple Silicon Mac.
Reflecting on Mackstock, I highlight the venue change to the Crystal Lake Holiday Inn, positive experiences, and the incorporation of workshop days. During the event, I conducted a Mac Tiny Tips workshop, stressing the value of learning to enhance brain plasticity. Engaging presentations on troubleshooting, journaling, and leveraging AI for peak productivity were also featured.
The lively atmosphere at Mackstock was further enriched by interactive sessions, karaoke, and the Maxstock Film Festival. Noteworthy moments include Bill's inspiring transition from Windows to Mac at 80 and the diverse age demographic present. Additionally, a discussion on a zoom app for visually impaired users during a CSUN interview underscores the camaraderie and learning opportunities at Macstock, inviting all to participate in the future.
Transitioning to a review of the Overcast podcasting app, I delve into the recent redesign by Marco Arment, emphasizing improvements in interface and functionality. Costs associated with the app, including a free version with ads and a premium subscription at $10 yearly for an ad-free experience and extra features, are discussed. The conversation explores the revamped interface, accessibility enhancements, playlist customization, and sharing features, providing practical tips on maximizing Overcast's capabilities.
Shifting gears, the discussion covers Kaspersky's exit from the US and their offer of free software before leaving. Malicious ads on Google and Facebook are highlighted, drawing attention to the risks involved. The dialogue extends to evolving cyberattack trends targeting middle-aged individuals for monetary gain, cautioning against security vulnerabilities in platforms like jQuery and Nougat.
Further, the hosts elaborate on the concurrent outages at Microsoft Azure and CloudStrike, impacting global services. They stress the importance of server snapshots for quick recovery post-faulty updates and underline the need for resilient IT infrastructure across industries. The conversation touches on remote safe mode booting, IT challenges during system failures, Azure service implications, CloudStrike's role in cybersecurity incidents, and the necessity of risk management and testing in IT setups.
Wrapping up the episode, a comprehensive overview of recent data breaches, including incidents involving AT&T, Rite Aid, Trello, Life360, and Zotac, underscores the significance of caution in handling emails and phishing attempts. Recommendations for additional content on the Clear and Vivid podcast featuring an astrophysicist's insights and a historical Steve Jobs Archive video are shared, along with a call for maintaining security through timely updates and vigilance, especially for Netgear router users.
Reflecting on Mackstock, I highlight the venue change to the Crystal Lake Holiday Inn, positive experiences, and the incorporation of workshop days. During the event, I conducted a Mac Tiny Tips workshop, stressing the value of learning to enhance brain plasticity. Engaging presentations on troubleshooting, journaling, and leveraging AI for peak productivity were also featured.
The lively atmosphere at Mackstock was further enriched by interactive sessions, karaoke, and the Maxstock Film Festival. Noteworthy moments include Bill's inspiring transition from Windows to Mac at 80 and the diverse age demographic present. Additionally, a discussion on a zoom app for visually impaired users during a CSUN interview underscores the camaraderie and learning opportunities at Macstock, inviting all to participate in the future.
Transitioning to a review of the Overcast podcasting app, I delve into the recent redesign by Marco Arment, emphasizing improvements in interface and functionality. Costs associated with the app, including a free version with ads and a premium subscription at $10 yearly for an ad-free experience and extra features, are discussed. The conversation explores the revamped interface, accessibility enhancements, playlist customization, and sharing features, providing practical tips on maximizing Overcast's capabilities.
Shifting gears, the discussion covers Kaspersky's exit from the US and their offer of free software before leaving. Malicious ads on Google and Facebook are highlighted, drawing attention to the risks involved. The dialogue extends to evolving cyberattack trends targeting middle-aged individuals for monetary gain, cautioning against security vulnerabilities in platforms like jQuery and Nougat.
Further, the hosts elaborate on the concurrent outages at Microsoft Azure and CloudStrike, impacting global services. They stress the importance of server snapshots for quick recovery post-faulty updates and underline the need for resilient IT infrastructure across industries. The conversation touches on remote safe mode booting, IT challenges during system failures, Azure service implications, CloudStrike's role in cybersecurity incidents, and the necessity of risk management and testing in IT setups.
Wrapping up the episode, a comprehensive overview of recent data breaches, including incidents involving AT&T, Rite Aid, Trello, Life360, and Zotac, underscores the significance of caution in handling emails and phishing attempts. Recommendations for additional content on the Clear and Vivid podcast featuring an astrophysicist's insights and a historical Steve Jobs Archive video are shared, along with a call for maintaining security through timely updates and vigilance, especially for Netgear router users.
Brief Summary
In episode 1002, I discuss my participation in various tech-related discussions, including Clockwise and Programming by Stealth segments. I share insights from Mackstock, a tech event, which featured workshops, presentations, and interactive sessions. I also review the Overcast podcasting app and touch on cybersecurity topics such as Kaspersky's exit from the US, malicious ads, cyberattacks, and IT infrastructure challenges. The episode concludes with a discussion on recent data breaches and recommendations for enhancing online security.
Tags
episode 1002
tech-related discussions
Clockwise
Programming by Stealth
Mackstock
tech event
workshops
presentations
interactive sessions
Overcast podcasting app
cybersecurity
Kaspersky's exit
malicious ads
cyberattacks
IT infrastructure challenges
data breaches
online security
Transcript
[0:00]
NC_2024_07_21
[0:00]Music.
[0:06]To Geek Podcast with an ever-so-slight Apple bias. Today is Sunday, July 21st, 2024, and this is show number 1002.
[0:15]
Clockwise #563: Peripherally Curious - Relay FM
[0:16]Well, this week I had the fun of being on Clockwise again. It was number 563, and this time it was Micah Sargent and Lex Friedman rather than Dan Morin, so that was kind of fun. And the other guest was Paul Kafasis, a name you might know as the CEO of Rogamiba, who make things like Audio Hijack and Fission and SoundSource and all the other great apps there. Anyway, we had a lot of fun. One of the topics was we talked about how do we primarily use our text entry, like smartphone, tablet, or computer, how much is where. Our involvement with user groups, either as a speaker or as an attendee, that was my idea. The apps we keep in our iPhone dock and why, which caused me to move one of the apps out of my iPhone dock, and how we use Apple ApplePay. It's a lot of fun, and you can find it at the link in the show notes or over at relay.fm.
[1:05]
PBS Tidbit 7: jq to Analyze macOS Installed Apps with Helma van der Linden
[1:05]This week's Programming by Stealth was a very special tidbit installment where the most lovely Helma Vanderlinden joined me, without Bart, to walk through how she solved a real-world problem using the language JQ that Bart just finished teaching us. The problem to be solved was a need to analyze the installed applications on her Intel-based Mac before migrating to her new Apple Silicon Mac. The way she did this was she used a built-in terminal command to access system information on her Mac, and that allowed her to create a JSON file, and then she was able to use a series of JQ filters to remove data she didn't need and format what she kept in a more human readable form. Helma walked us through every step of the way as she built up her JQ script script to massage the data to her needs. At the end, I explained how I was able to take Helma's final CSV output and analyze the data in a spreadsheet using a pivot table. I had a blast, and so did Helma. Now, this is a great show for nerds, of course, but if you just want that script, you can actually download it and run it. Actually, not even download it, you just copy it off the website. You can copy it and run it yourself, and you don't have to understand all the nitty-gritty. But you can find Helma's fabulous tutorial show notes at pbs.barterfister.net under Tidbits 7, and you can find Programming by Stealth in your podcatcher of choice.
[2:26]
The Flavor of Macstock 2024
[2:27]Every year after the Mackstock Conference, I like to talk about what I learned and what the experience was like. This year, the 10th anniversary event was even more amazing than ever. As Dave Hamilton said on the Mack Geek Ab, Mackstock is like camp for nerds. Mike Potter continues to run a fantastic event, and he took things up a notch this year with a great new venue. Last year, we were in the very quaint town of Woodstock, Illinois, which is where Mackstock got its name, and the theater we were in had a lot of charm. But that charm came at the sacrifice of the size of the venue. Because it was so small, Mike actually had to turn people away, and it made me very sad that there were people who wanted to attend and could not come. This year, he moved the conference to Crystal Lake, Illinois, which is a smidge closer to Chicago, making it only about 45 minutes from the airport. He held the conference at an IHG-owned Holiday Inn, which is also the conference center. That meant that all of the attendees were able to stay at the same hotel, go to the conference without driving back and forth, and there were a ton of restaurants nearby. The result was that we had around 100 attendees this year, which was great.
[3:29]The other big change Mike made was that he added an extra day. The conference still ran on Saturday and Sunday, but for an extra fee, you could come in a day early and on Friday go to workshops to learn specific things. I was lucky enough to be chosen to do one of the workshops, and I chose to do my Mac Tiny Tips. I couldn't go through anywhere near as many as I've written, of course, but I got a good chunk done, and I was able to give them a QR code to go learn all of the others. It was nice to be able to tell them they didn't have to take notes, because every single one of those has all been documented. Now, if you'd like to watch the session, Steve recorded it, and he posted it for all to enjoy, and of course, there's a link in the show notes.
[4:07]We also had Mike Schmitz teaching his workflow for journaling that he uses for his path to personal growth. It wasn't so much about the tools, but how to use them to get the most out of journaling. Our very own Marty Gentius, also known as Drunk Nick Nolte in the live chat room, did a really well-received presentation on how to use AI for peak productivity. He gave us specific techniques on how to achieve different goals. And I know there was a lot of buzz about it afterwards of people playing with it and doing different things that they hadn't thought of to use it for before. Finally, Mike Potter taught how to get started with Ecamm Live to stream a really slick looking video. Now, while all of the workshops were great, had really good content, the room lighting was a real challenge. The rooms are lit more like a ballroom with overhead lighting and those lights reflected off the screen. This was oddly more problematic if the information being projected was in dark mode. But oddly, it was still hard to see the live demos like my Mac Tiny Tips and Mike's instructions on Ecamm. Hopefully that's something to have improved for next year. We didn't want to pull down the overhead lights because then the speaker would have been in the dark, but I bet we have people there who could figure out how to light the speaker and then bring the lights down.
[5:20]Now, one thing happened during the workshops that I will never forget. Picture this. I'm up there doing my Mac tiny tips, and people are asking questions and offering new solutions to the same problems that I had already set up. And I love that. I love an interactive class. That's way more fun for me than just standing up there going, do this, do this, do this, you know, lecturing. That's not fun. I want people to talk back to me. Now, I know most of the people who attend MacStock, more than half probably, and I definitely know the ones who speak up a lot. So I'm calling on people by name. I'm saying, hey, Ron, Steve, Sally, you know, I'm calling everybody by name. But there's one woman in the back of the room I don't know. So while I'm calling on her as she contributes, I didn't know her name. Finally, while repeating her question so the folks watching the recording later would be able to hear the question, I asked for her name. I'll let you hear what happened next. Yes. It has to be like download an open source app, but there's also a great open source versatility, you probably know about. No.
[6:20]Okay. Let me repeat what you're saying before we get too far. The person in the back of the room there has, what's your name? Kaylee. Oh my God. You are kidding me. That's who I thought it was. This is Kaylee. I've never met Kaylee in real life and we've been friends for a year. Oh my gosh. I thought I recognized your voice, but I didn't want to guess. Oh, sorry. That was a big moment for me. We've been friends forever, never met in real life. She's from Japan for crying out loud. All right. So do you see, you could definitely hear the excitement in my voice, but for those of you who haven't been listening maybe for 19 years and know every single story about the show, Kaylee was a huge contributor to the podcast for many years. She came to the live show. She did recordings for us. She was on Chit Chat Across the Pond with me, and she had her own podcast that I was an avid listener of. But as happens with podcasting, she drifted away and we lost touch for several years, actually. She popped back up in a text chat with me fairly recently, and we rekindled our friendship. What I did not know was that she had moved back to the United States from Japan, and that's how she was able to come to MacStock and surprise us. Steve and I spent a lot of time with Kaylee. We introduced her to everyone, and we all just had a complete blast together. As I said, realizing she was there in person was a great moment. And I will remember that forever.
[7:40]Now, speaking of the Nocella Castaways, we took a family photo that included most of the folks attending that were Nocella Castaways. That was fun, but what we did next was even more fun. We had all of the Nocella Castaways yell something at once. Let me play it for you right now.
[7:57]Hi, Mark! Did you catch that? Let me play it again. Hi, Mark! It was great fun to do, and it only took us like, I don't know, four or five tries to get it right and to get somebody to record it properly, but it was really fun to do, and Bartscher got a kick out of it. Now, Saturday was filled with some terrific presentations with the theme of level up. One of my favorites was from Jill of the Northwoods, I'm sorry, Jill from the Northwoods, teaching organizational bliss with Notion. She's been teaching me a lot about Notion over the last couple of years, but she showed off her mad skills at the conference. She's a very engaging presenter, as you can imagine, and she has her own style that's just awesome. Now, on Saturday night, Kelly Guimont hosted a karaoke event that was a lot of fun. The big surprise for me was when Jeff Gamet and Kelly got up to the mic as they were handed a song to sing written by No Silicast Way John Ormsby, aka NASA Nut, in the live chat room. The song is called No Silicast Island, sung to the theme of Gilligan's Island. Now, Steve is worried we'll get a takedown notice on our YouTube channel if we embed them singing the song, because when they were singing it, they had the background music of the real Gilligan's Island. Instead, let me present to you my attempt to sing an a cappella version of No Silicast Island by John Ormsby.
[9:16]Just log right in and you hear a tale, a tale with an apple bias that started with a single show that now is loved by us. The mate was a handy video man, the skipper nerdy and brash. The castaways sit in Sundays for a one-hour bash. A one-hour bash The sausage started getting ground The tiny show was tossed If not for the courage of the fearless crew The episode could be lost The episode could be lost The show set sail many years ago From the shores of a western state With Stephen, the skipper too A rechargeable dog and two cats That's Lindsay and Bart, the professor named Marianne, here on Osillocast Isle. Now this is the tale of Al's castaway, it's been around for a long, long time. They'll have to make the best of it, cause it's a sausage grind. The first mate, Steve, and the skipper, too, will do their very best to make sure you learn new things and always feel the guest. IPhone, iPads, no Apple cars, but other technologies.
[10:33]Programming by stealth, it's geeky as can be. So join us here each week, my friends, and you're sure to learn in style. From coast to coast and across the net, here on Osillocast Isle. Okay, maybe I shouldn't give up my podcasting career to go into singing, but I had fun trying to sing it. And thank you, John. That was very clever and a lot of fun. The lyrics are in the show notes. Now, we might have stayed up a little bit later than we should have on Saturday night doing karaoke, especially because I was the first one up on stage on Sunday morning. I wasn't really sure, wasn't super confident my topic would really resonate with people, but I got a lot of positive feedback on it. Maybe they were just being nice because I actually told them, please be nice. Anyway, the message I wanted to send for the conference theme of Level Up was to encourage the audience to learn new things with their Macs, especially if it's hard for them. Dr. Mary Ann Gary has talked to us in the past about how learning new things that are hard for you can help you maintain your current brain plasticity. Now, if you'd like to watch this talk, Steve recorded it, and he posted that one online as well. And of course, there's a link in the show notes.
[11:42]Now, I want to call out Marty again for his interesting and interactive talk on how to guide others to do troubleshooting. After giving us ideas on how to help others figure out how to figure out their own solutions, he put up a chart that had two stories on it, one for the left side of the room to read and one for the right side. Now, we had quiet time, not enough quiet time. I had to keep telling him to be quiet so I could read. Anyway, we had this his quiet time to read our case, and then we were supposed to holler out which of his solutions might help the person he described in that case study. It was a really great way to learn what he was trying to teach us. And one of the things I enjoyed about this exercise was that Kaylee and I disagreed on the solutions. The case study on our side of the room was about a woman who was hesitant to do upgrades because one time she had lost data when she did an upgrade. Kaylee thought it would be helpful to have her turn off automatic upgrades until she was more confident, but I I disagreed, quite loudly, that this was exactly the kind of person who needs to have auto-updates turned on. We continued to debate this topic throughout the weekend, and it was great fun.
[12:43]Now, the same thing happened quite a few times during the conference, and it got me to thinking that maybe a super fun segment for the NoCillaCast would be, Kaylee and Allison disagree. I'm still working on convincing her to do it with me. Now, Kelly Guimont did a very unusual talk because, well, Kelly. She started by explaining that studies have shown that we can pay attention better if we can do some sort of fiddly motion with our hands while we're trying to listen. and fidget spinners and doodling are great examples of those tools. But she suggested that crocheting would be a productive thing to do that would also help you to pay attention.
[13:18]So then she passed out a ball of yarn and a crochet hook to every attendee and taught the entire class how to crochet. Now, I happen to be an avid crocheter, so I was enlisted to be a roving helper, getting people unstuck as they tried to figure out how to crochet. When you're first starting, you're you're convinced that you need at least one more hand to be able to do it. Now, my favorite new crocheter in the group is a man named Bill, who was so absolutely proud of his single chain of crocheting that I took a picture of him that I've put in the show notes. I found him delightful for another reason. I'll get to that in just a minute. Every year, Wally Czerwinski hosts the Maxstock Film Festival, where he solicits short videos from attendees. Unfortunately, he and Wendy had had to pull out of the conference at the last minute, so instead Chuck Joyner did the introductions. Steve contributed a terrific video about our trip to Antarctica as seen through the eyes of Rico the penguin from the movie Madagascar. Now our friend Ron is Rico's valet and he allowed us to bring Rico to meet his brothers and sisters in Antarctica. You can watch Steve's video at the link in the show notes and it's delightful.
[14:24]Speaking of delightful, let's get back to the delightful bill and why I'm really in love with this guy. He got up on stage with Chuck and he explained that when he turned 80, he decided he needed to force himself to learn new things, exactly like what I talked about in my presentation. But get this, one of the things he did to stretch his brain was to switch from Windows to the Mac at 80 years old. Now I understand why he was so excited during my Mac Tiny Tips workshop. Now he went on to explain to Chuck that when he heard about the film festival, he decided to learn how to make a slideshow movie, how to do transitions, how to add music, and how to add titles to the movie. I'm telling you, I totally want to be Bill when I grow up. Now, while Bill held up his end of the age spectrum, one of the things I was really pleased to see was how many young people were there. The age demographic definitely moved younger this year, and you really need that for a movement to keep going.
[15:20]On Saturday night, Dave Hamilton, Pilot Pete, and Adam Christensen did a live Mac Geek app with a Stump the Geek session, and it was awesome as they always are. We got to be the ones asking the questions. I gotta say, there's so many stories and things that happen and things I learned that I can't possibly hope to encapsulate all of them in one little article, and so many great people. I don't want to call anybody else out by name. I kind of restricted it to the NoCilla castaways here that presented, I should say. But I got to tell you, we were all very sad when it was over, and we all started making our plans for attending again next year. If there's any way you can get to the Chicago area next July, I highly encourage you to attend MacStock. You will not meet a more welcoming and inclusive group of people, all hoping to learn and make new friends. All right, let's listen to another CSUN interview.
[16:11]
CSUN 2024: ReBokeh iOS App for People with Vision Impairment
[16:37]It's a... was it originally a device and now it's an iOS device? No, just an app. Just an app. Okay, great. So she's going to demonstrate it to us. And we have a lot of blind listeners, as you might imagine, and people who are just listening on podcasts. So describe every little bit of what it is you're doing. Yeah. So there's a lot of features. The main feature is zoom. You can pause your images, save those images. The zoom is a really great feature because it can zoom in better than the iPhone camera can. Okay. Let's do this. Turn around this way. We've got our backs to the the camera now. So she has the app up and she's going to start zooming in. Yes. And there's also video stabilization. So even if you have a little bit of a shaky hand, the camera will stay zoomed in for you and you'll be able to hold your video very, very still. Okay. So I'm going to bring up the plane magnifier on my phone at the same time, and I'm going to try to replicate what she's doing and hold it as still as she is. So where are you? Okay. We're on the word people and I'm trying to zoom in here, whoa, okay, I am all over the map, she is dead steady, and I'm at the limit of the zoom, and she's now all the way into the O. It's definitely digital pixelization, but it still looks really good. Yes, and then you can also adjust the contrast, there's a lot of invert features, black on yellow, yellow on black, yellow on blue.
[17:56]Now, I can do a couple of things here, some of that, but it's not as easy to get to as what you're doing there. And then we can also pause the images. You can move around. You can zoom in on the images that you did pause as well. So pausing doesn't save a bunch of images into your photos library, right? Yep, not automatically. You can just click the upload button, and it will download right to your camera roll so you don't have millions of photos every time that you pause and unpause. Okay, and then what else did we get down on the left-hand side? Okay, so you were showing, oh, not just the filters, but you've also got contrast. Yep, contrast. You can adjust brightness. You can also do custom filters. You can change any color combo that you need to see better. She's got some really hideous combos going here. That's great with reds and greens and stuff. Any color you need. And then what's the folder icon in the bottom right do for us? It's saving your preset. So if you have a specific color and version that you like, you can save it to your presets. You can edit them. You can name it. So I'll do preset one.
[19:00]You can just change that. Okay. Yep. And then this is our preset one that I keep at all times. You can come back to. So people without vision loss may not know. I knew from my mom losing her vision that there were certain color combinations she could see. She could see yellow on blue or blue on yellow. I forget which it was. And this is exactly what that's designed to give you, right? Exactly. Customization is key. All right. So what do you charge for Reboca? There's the Reboca free. It's free to download on the iOS store. We also have a pro version that gets you all those extra color combos. So you get the generic invert color for free, and then you can download to get more complex inversions. And what do you charge for pro? Pro is, I want to say, $3.99 a month. Okay. All right. Very good. And the company is Reboca, R-E-B-O-K-E-H. Would we find that at Reboca.com? Yes, you can. That's a terrific name. I love it. Thank you.
[19:54]
Overcast – New and Improved! – Another Walkthrough
[19:54]At the end of May this year, so less than two months ago, I decided to learn every single nuance of the podcasting app Overcast, write it up as an article, and talk to you about it on the podcast. I've gotten a lot of traction on that post, especially from longtime users of Overcast who also found the interface a bit opaque and difficult to master. On July 16th, the 10th anniversary of the initial launch of Overcast, Marco Arment released a brand new version of Overcast, which dramatically changed the interface I just finished explaining to you. The changes address some of the opaqueness of the interface while still giving us nearly all of the functionality we had before. Marco also did a lot of work on the backend to modernize the code which he says makes Overcast even faster than it was before.
[20:42]Now, I decided leaving that two-month-old post up with entirely incorrect instructions and screenshots would be a bad thing. So, we're going to do it again because it's that different. At first, I thought this would be a minor rewrite, maybe throw up some new screenshots, but just about every element of Overcast has changed.
[21:04]One important thing to keep in mind as you learn how to use this new version is that Marco's architectural redesign allows him to make changes much more rapidly before, which means functionality and appearance will change over time. Since he really wanted this redesign to ship on the 10th anniversary, some functionality didn't make the deadline, but will be added soon. So I'm hoping this walkthrough has value longer than two months though. Before I get into the details of how to navigate the new and improved interface, I want to make a moment to address accessibility. Accessibility the previous version was quite navigable via voiceover and marco made a point on the accidental tech podcast of asking screen reader users to give him feedback on how he's done in this area on the redesign now as of the time that i was writing this i had found a couple of places where something was inaccessible i sent uh an email to marco telling him hey i found this thing that's not accessible and he wrote back to me in i think it was like an hour and 10 minutes and he said, yeah, I've got it fixed. Download the new version. And it was fixed. So if you read the blog post, you're actually going to see strikethrough on some of this because by the time I hit publish, he had already fixed it. So he's really on this and is very serious about getting the accessibility right.
[22:18]All right, let's talk about cost. Overcast is free with very unobtrusive ads. But if you want to remove those ads and support the developer, it's only $10 a year. With a premium subscription, you also get the option to upload audio to a feed you create. If you are already a premium user in the old version of Overcast, you might be surprised to see an add an Overcast in the new version. Turns out you'll have to open up settings and toggle off banner ads manually. Marco already apologized at Mastodon for missing that flag. It should have been off after the migration. I've also talked to a few people who haven't seen the new version offered to them on my, Yeah, so you might need to delete it and re-add it, and there'll be some time that it's going to mess around getting all your subscription back together. But all the podcasts you're subscribed to back together, I should say. So let's talk about the main interface, because this is where things are so changed.
[23:15]You've got a set of tool buttons across the top that I'll explain in just a minute. Next, you'll see a double row of cards for the most recent 10 episodes of podcasts that you've either listened to partially or are new from your podcast subscriptions. The cards are very pretty, showing you a small version of the podcast artwork, the name of the episode, and how much time is left on the episode. There will always be 10 of these little cards, two rows of five, so if you listen to a new episode or start listening to a new episode, the 10th one will fall off on the right. If you're a voiceover user, you won't hear these little cards from the main interface. You'll hear one button called Recents. When selected, it gives you a much more accessible list of recent episodes.
[23:55]Below Recents, you'll find Playlists, and below that, all of your subscribed to podcasts. Across the very bottom, you'll see the album artwork for your currently playing podcast, podcast title, date, and time left, along with a play-pause button. Now let's go through that top row of tools. You'll find a gear on the left that takes you to Settings, but we'll get to settings a little bit later. Next is a downward arrow that opens a window called Downloads. Oddly, upon opening Downloads, at least for me, it says Not Downloaded, and it has a list of episodes and shows that I follow with wee tiny album art, which makes it a little bit hard to tell which show is which. If you select one of the Not Downloaded shows, it will download, or you can tap the download all button on the upper right. I'm wondering whether this menu really means waiting to download. I'm not quite sure.
[24:48]Now, there's a magnifying glass in the upper right, which allows you to search for new podcasts. In the previous version, this was a big plus button. It also lets you search your current downloads for a specific show. When the magnifying glass is selected, you'll see a new screen ready to search by title in podcasts or my episodes. When looking for a new podcast, you also get a list of podcast categories if you want to browse for something new to listen to. This is not an exhaustive list of available podcasts within each category by any means, but rather a list of the most popular shows in those categories.
[25:21]If you know the URL for the feed for the show you want to subscribe to, you can use the Add URL button in the upper right. You may not have used this feature before, but it's common as a way to subscribe to a premium version of a podcast. If you want to experiment with adding a podcast by URL, you can go to podfeet.com and click on the big blue button that says Subscribe. This will take you to a page where you'll see all of the PodFeed podcasts listed with links to subscribe in three different podcatchers, but also a link to the RSS feed. If you right-click and copy that URL, you can use that URL to subscribe in Overcast. By the way, I do want to give another shout out to Kaylee because she complained that it was so hard to find the links to subscribe to the podcast at podfeed.com. So live sitting there next to her, I got rid of one of the buttons and I put a new button in that says subscribe and it's blue and it looks different from all the other ones. I can't believe I didn't think to do that before. Oh, and it still has a link to subscribe to Chit Chat Lite. I need to go in and delete that one. That's one more remnant that's left.
[26:26]Alright, after you've subscribed to one show, obviously, it'll be the NoCillaCast, and then you've selected it, the design of the episode list is much cleaner and easier to understand than it was before. The new screen opens with a small version of the album art, a big button that says Following because you just subscribed to it, but you can press that to unfollow, and you get a prominent three-dot menu. Below that is a quick summary of the podcast and a list of the episodes. The first option under the three-dot menu on the podcast-specific page takes you to settings for that podcast. You'll get toggles to follow new episodes. You can pin the show to the top of your podcast list. And, you know, I use that pin feature to make sure I don't miss my must-listen-to shows. You can set the sort order and whether to download automatically versus manually. Now, this setting is pretty important in the new version of Overcast because the one key feature Marco removed and will not be putting back is the ability to stream episodes. He explains in the onboarding for the new version that dynamic ad insertion in podcasts causes all kinds of bugs and problems for streaming playback because the download actually gets broken during the stream. If you want to hear more about how streaming caused those problems, listen to him explaining in excruciating detail on the Accidental Tech Podcast episode 596.
[27:46]So being able to have this download automatically versus manually would allow you to make sure you download at home and you don't want them all coming in at once. However you used to do streaming, you could kind of dodge it that way by using download manually.
[27:59]Still in the podcast settings screen, you can delete when completed manually or 24 hours after completion. I like that you can set an episode limit for shows you like to follow, but maybe don't have your heart set on listening to every episode. If you find that some of your shows have long intros that you always skip, you can set an automatic skip time at the front, and you can even add an automatic skip time on the outro.
[28:23]Now back on the three-dot menu, you can go directly to the podcast website, which is also handy. In the old version of Overcast, you used to see the frequency of release for a podcast in the settings menu, but it appears to have been removed or not added back yet. It was pretty cool. Like for the Nosilla cast, it said Sunday evenings. And Let's Talk Apple by Bart Bouchat said monthly. This may be a feature that just didn't make the release date. It might come back. I don't know. Marco also reveals in this three-dot menu how you may be being tracked through the podcast to which you subscribe, and he does this in a privacy section. For example, with my podcast under privacy, you'll see Blueberry.com. Overcast explains that the known capabilities for Blueberry.com are stats and hosting. Personally, I use it only for stats. It also shows Libsyn.com for my shows and explains that this service can do dynamic ad insertion, stats, and hosting. Well, Libsyn is where I host the files for my shows, and I also get stats there. But as you know, I don't do any dynamic ad insertion. I'm giving you these examples because I think it's cool that you can see what a podcaster might be doing, but it's good to know that it doesn't mean that they are using everything that that service might provide.
[29:39]Now, perhaps my two favorite options under the three-dot menu are mark all as played and delete all episodes for the selected podcast. I have a terrible habit of listening to most of a show and then leave it sitting there in my podcatcher. Now when I notice I've left a mess on my hands, I can delete them all right from this button. If you're tired of a show, you can delete the entire podcast as well. Now if we get out of this three-dot menu, you can see the episodes listed and a toggle between current and all. The distinction there is that all is every episode in the feed, whether you've listened to it or not, and current are the shows you've downloaded. loaded. I find I go into all more often than I would have thought, both to go back and forth or back and look for old shows, but also to double check that I didn't accidentally mark an episode as already played that I still want to listen to. Now, if you're not new to Overcast, you'll remember that there used to be a third option here called archived. This section held podcasts you're not following and have no added episodes or seem to be inactive. This feature is no longer there.
[30:42]On this page showing the podcast episodes, you now have a magnifying glass that lets you search just this podcast. I love this new feature. With Chitchat Across the Pond selected, I can type in Gez and instantly find the episode where I interviewed the Nobel Prize-winning astrophysicist on Chitchat Across the Pond. It even searches inside the show notes of the podcast, not just the title. If you tap on an episode of a podcast, it will reveal a horizontal highlighted bar with with five buttons, share, a three-dot menu, play-pause, mark as played, unplayed, and delete. The same information was there before, but it's much prettier in this colored, rounded rectangle.
[31:22]Now, the first icon is all about sharing, and sharing is nice. You can share a link to the episode with a friend, but you can do even cooler things with sharing. Let's say the podcaster's just said something terribly clever, maybe at 22 minutes and 12 seconds into the show. You know, I don't know, perhaps they were explaining how gyroscopes work. If you pause the show at that time, you can share a link at the current time. This is a killer feature of Overcast that I've never seen anywhere else. You can also share a clip, or you just isolate a short segment of the show. It's a little bit tricky to edit just the little clip, but when you post it, the viewer will see the podcast album art with a little waveform of the audio as it plays. It's very cool. Finally, you can export the entire audio file. I've been known to use that function to export an audio file and then take a screenshot of the waveform to show the podcaster that they really need to level their audio. I put little arrows on the screenshot going, okay, this is one person talking, this is the other person talking. Look how different these audio levels are. Fix it. I used to do that to the SMR podcast all the time.
[32:23]All right, the episode-specific three-dot menu has two options. One says add to, and the other one says move to, and both options show all of your playlists. This is a quick way to manage specific episodes into playlists. Now, right now, or well, I haven't tested this on the latest version Marco came out with today, but it was a little bit buggy when I was first testing it. The first day I tested it, I couldn't get add to to work, but then the next day that did work, but move to didn't seem to work. To be fair, like I said, I'm writing this up in the first week after a massive update, so I'm sure it'll be resolved probably by the time you read or hear this. Now, one of the things I found tedious in the previous version of Overcast was that it took so many steps to add a podcast to a playlist. When you choose a playlist from the list under move to or add to, that choice gets added to a little row of three playlists that don't require the extra tap. This row of top playlists will stay there until you select a fourth one, and then the oldest one drops off. At least for me, with very few playlists, this could speed up the process of adding to them. You can also star an episode, which will cause it to show up in the built-in playlist called Starred. Oddly, you can delete the download from this three-dot menu. It seems kind of unnecessary since there's a trash can and write in that highlighted lozenge of tools I told you about. But there's two ways to do it.
[33:45]Now, with an episode selected, you also get a little info button on the right. This opens up a new page that packs in a lot of information. It's got the title, the date, and the length of the episode, and it has that bar with the same five buttons I just described. Now, this one was the one that wasn't accessible with a voiceover, but it was fixed by the time I published the show notes. Below that, you can see the summary, if there is one, and the show notes. It looks great for Jill from the Northwood's Buzz, Blossom, and Squeak podcast. However, this layout revealed that I need to change something in the way I produce my show notes. Somewhere along the line, like a year ago, I was led to understand that Apple Podcasts couldn't deal with HTML links in show notes, and the proposed solution was to put the same text that you see in the normal show notes into the episode summary, but with typed-out links. Now, my bulleted list summary is rendered as a giant paragraph with no line feeds in the summary in Overcast. I made the decision to stop putting that second set of show notes into the summary, but let me know if that causes you problems in Apple Podcasts. Below that, you'll see the number of chapters and a little transparent pill button. I'm going to come back to how to use chapters in a moment because it's a little bit tricky. Finally, on this episode-specific page, you can still see the currently playing show across the bottom.
[35:06]Now let's talk about playlists. I find that playlists are a lot easier to understand, at least for me, in the new version of Overcast. Playlists are cute little round icons in a horizontal sliding row below Recents. If you haven't added any playlists, you should see the default one named simply Queue, which I use all the time. It's just a simple list where you drop episodes in and order them to your own desires. To the right on the sliding row of icons are three more automatic playlists, Downloaded, In Progress, and Starred, which I mentioned earlier. I think all of these are brilliant and useful. Finally, you have a nice big plus button inviting you to create a new playlist. To create a new playlist, tap the plus button with the lines next to it at the bottom of the main screen. Your choices will be custom playlist, all episodes, or most recent. I think it's weird to have a playlist that's all episodes. That must be the way somebody likes it. Depending on the breadth of topics you like, most recent could be quite an eclectic playlist.
[36:02]Now, I think custom playlists are where the action is. We can name our custom playlist, give it an icon, and change the color. The icons are the SF Symbols library, if you know what that is, but they're just not terribly interesting in my opinion. But there is one that looks like John Travolta in his Stayin' Alive pose from the movie Saturday Night Fever in 1977, so that's of course what I picked. Sort order is rarely an interesting topic, but in Overcast you can sort by oldest to newest and newest to oldest, but also oldest to newest and newest to oldest by podcast. If you followed all that. Now selecting which podcast will be included in this playlist is interesting. You'll see two dropdowns. One says include and is defaulted to all matching episodes and the second one says from and is defaulted to all podcasts. I'm pretty sure this would be all episodes. If we change include to only selected episodes, the from dropdown disappears and we're left to a button with a button to choose which included episodes.
[37:01]Now, Included Episodes shows you a list of all the shows you subscribe to, and you can go into each one and pick and choose which episodes to add. While this path makes sense, I think I'd probably just start at the podcast listing on the main screen, peruse episodes from there, and use the little Add To button we talked about earlier to add to a playlist. But this might be easier for you. If we go back to Include and choose All Matching Episodes and From to Only Selected Podcasts, then we can choose entire podcast to add to the playlist. Now, let's all be honest with ourselves. We have high-priority podcasts, you know, like the NoCillaCast, and we have low-priority podcasts. Even though you're handpicking the podcast to be included, Overcast lets you or allows you to set podcasts to high or low priority, and then you can set priority mode to ranked or grouped. I was a bit confused by ranked versus grouped, so I asked the question out on Mastodon, and Mike Mills on Don Mastodon suggested the following. He said, it sounds to me like Ranked lets you pick the order of podcasts in the high and low groups. And he said, think like an array, where grouped is a set of high, unordered, and low podcasts. Well, you know, an array made sense to me, so I think he's probably right.
[38:14]Now, as if that wasn't enough flexibility in custom playlists, you can add additional episodes and excluded episodes. That doesn't completely make sense to me, but, you know, just keep playing with it. Now, as an experiment, I set up a playlist for Apple Podcasts and I dropped in my favorite shows. When I did, it illustrated one of the pain points for me with Overcast. I'm not entirely sure this is Overcast's fault. In fact, it probably is, and it's probably just me, but let me elaborate and you can decide. When I created this playlist of Apple Podcasts, one of them was Mac OS Ken, and it showed 23 episodes of Ken Ray's show. Now, remember I explained how you can change how many episodes to keep. I have Mac OS X set to save only two, but if you listen closely, the setting is for the number of unplayed episodes. If I go back to my Apple playlist, I can see the shows that have four minutes left, a minute 50 left, and seven minutes and 40 seconds left. It means I started them, but I didn't finish them, so they sit there forever. Now, in the previous version of Overcast, one of my complaints was that it was harder than it should be to convince Overcast that you're done with an episode. Like, I actually had one of these Ken Ray episodes said 0 colon 00 left, so I thought I was at the end, but apparently I wasn't. The problem was, hitting fast forward a bunch of times to get to the end of the show would always leave a few seconds unplayed, like I think 10 seconds would be left no matter what you did. But in the new version of Overcast, if you hit fast forward enough times, it goes all the way to 0.
[39:43]But that doesn't solve the problem of me stopping partway through a show and thinking I'll get back to it someday. In the old version of Overcast, from within a playlist, you can use the three-dot menu in the upper right to choose Edit Episodes, and it will give you little selection circles next to them. This allowed you to go tap, tap, tap to select and hit delete just one time for all of those. Better yet, you could use the trick that works in a lot of iOS apps. When you're in a select menu, just use two fingers to drag along the list, and I was able to select every episode as I dragged across. I was very happy about that. Sadly, in the new version, the selection circles have turned into red circles with a minus sign on them. This means you have to tap the red circle, tap the red trash can, tap the red circle, tap the red trash can. Two taps for every single episode you want to delete. Sad face emoji. All right, I mentioned that there's a way to clear partially listened to episodes or even not listened at all to episodes, but it's another confusing one. We have a checkmark and a trash can to delete. And hitting the checkmark makes an episode disappear. So what's going on here? What is the checkmark versus the delete trash can? Well, Stephen Goetz is a heavy Overcast user, so I asked him what the difference was between the delete and checkmark. He explained that the checkmark simply means you're saying, I've completed this.
[41:01]So, okay, what happens to a completed episode? Stephen pointed out that in the global settings, you can decide what happens to a completed episode. The default behavior appears to delete completed episodes, so it's literally the same thing as deleting if you don't change that default. But your other options for the checkmark include making you manually delete completed episodes or have them deleted after 24 hours.
[41:26]All right, can we finally play an episode already, Allison? One of my biggest complaints about the previous version of Overcast was the secret hidden cards to the left and right of the main screen when you were playing a podcast episode. I never found those on my own. Steven Getz had to tell me they were there. And once you realized they were there, probably after someone told you, it worked well, but I didn't know they were there for a very long time. The new version of Overcast completely removes the hidden cards, and instead, you have buttons to bring up the same information. To the left of the progress bar in the old and new version of Overcast, if the podcast you're listening to has chapters, chapters you'll see a circle with a bulleted list inside it that will bring them up. This is the same list of chapters that we got to before. Now if you don't see that chapter button it means the button the podcast has no chapters. As you're playing the podcast you can see a progress bar within the playing chapter. To jump to a chapter tap on the time on the right hand side. If you tap on the chapter name and it's a link it won't jump to that chapter. It'll open the link in your browser. It's very cool to have both options right there, but you do have to pay attention to where you tap. So tap on the time if you want to get to the time, but tap on the name if you want to follow the link. Now, if there's no link, it's okay to tap on just the name.
[42:43]All right, the bottom of the playback screen used to have five buttons, but that's been narrowed down to only three. You'll still have the AirPlay symbol in the center, and you'll still have the little eye in a circle that brings up the show notes. But the left symbol looks like a waveform inside a circle, and that button brings up controls that many people hail as the reason they use Overcast as their podcatcher of choice. This gives you the toggle for smart speed, which shortens silences. This is a terrific way to tighten up a podcast that has long pauses.
[43:12]I have a show where one of the hosts would leave these frustratingly long pauses, and SmartSpeed was why I still liked the show. I'll give you a warning, though. Some speakers use pauses for a reason. A while back, I was listening to Bart's Let's Talk Photography podcast, and he was explaining something really complex. I was having a really hard time, though, following him because he wasn't giving the listener any time to absorb what he was saying. I was halfway through writing an angry email to him about it when it occurred to me to maybe check my settings. That's when I discovered SmartSpeed had been enabled on Let's Talk Photography. I disabled it, and there was that perfect explainer back in my ears. Now, one of the reasons that happened is that I never seemed to remember to use the very obvious custom for this podcast toggle. I have a habit of changing it and then setting custom for this podcast, and that's doing out of order. So I'll turn on SmartSpeed for a different podcast and not toggle the custom option beforehand, and suddenly all of my podcasts have this enabled. So be smarter than me and pay attention to that toggle. Now, another custom or global option is to turn on voice boost. This is a great feature to add to podcasts that don't level their audio properly, or maybe their overall volume is too low. You can also set the speed of the podcast playback, but watch that custom toggle. You don't want to hear Jill from the Northwoods at 2x when you meant to set it to 2x, say, for MacBreak Weekly.
[44:36]You know how with YouTube you can change the playback speed, and as you bump it up a notch, it'll say 1.25x, 1.5x, 1.75x, and 2x. It also has numbers for slowing down, 0.75, 0.5, and 0.25. But with Overcast, Marcos made it a little weird. While there are big tick marks for 1x, 2x, and 3x in Overcast, it's harder to tell what speeds you're picking between those values. The little tick marks between 1x and 2x, there's five tick marks, which means there's six increments. So those values would be 1.17, 1.34, 1.51, and up. Also, there's only one tick mark between 2x and 3x. At least we could assume that's 2.5x. My favorite one, though, is the small tick mark below 1x. Is that 0.5x? 0.1x? 0.05x? I don't know. Now, Steven Getz pointed out that if you you have smart speed enabled, Overcast shows you how fast you're listening. If you haven't changed the speed from 1x, as the show progresses, you'll see the speed above smart speed changing to more than 1x. If you then slide up on these smaller tick marks between 1x and 2x, the number above smart speed gets even bigger. I realize it doesn't make a darn bit of difference what those tick marks represent. We all just adjust till it sounds right for a particular show, but it still bugs me that they're in 1-6 increments. Now, if you use podcasts to go to sleep, there's a timer to let the player stop at a lapse time at the end of the episode or to end the current chapter.
[46:05]Before I close out here, let's take a look at settings, which you get to from the main screen using the gear icon in the upper left. If you'd like to listen to podcasts on more than one device, you can create a login to sync your playlists and even progress through shows across devices. Overcast not only runs on iOS, but iPadOS. If you have an Apple Silicon Mac, you can run the iPad version of Overcast. Next, you'll see premium settings, if you've chosen to support the developer by coughing up the princely sum of $10 a year. This is where you can disable banner ads for podcasts. Also in premium settings, you can enable file uploads. This is a feature that allows you to download a recording to your Mac and then through the web interface at overcast.fm, you can upload the file and you'll be able to play this audio like a normal podcast episode on your iPhone or the web. Finally, in premium settings, you can choose between a grand total of two app icons. Now, Overcast used to show you how much total storage your podcasts are taking up. and if you tapped into that menu, you could see all of your podcasts sorted by storage. I don't see that feature in settings now. Back then, you could even see how much cellular data you would use by downloading and streaming podcasts, but that's also no longer available. Remember, though, this feature might just not have made the deadline Marco set for himself and could be added back later. I just don't know.
[47:24]Under download settings, you do get a toggle for whether to globally allow cellular data for downloads. Since streaming is no longer an option, the important section switch is whether to download new episodes automatically or manually, like I mentioned earlier. Keeping this set to manually globally would mean you can always be in control of how your cellular data is used. Additionally, for every podcast, you can override that main setting and change it to download automatically or manually. Hopefully these changes, along with the work Marco did on the backend, end to completely redesign his database and how data is accessed will make downloading almost as good as streaming used to be for quick startup.
[48:01]Now, you'd think that delete would be a pretty obvious thing, but here again, Marco gives us some options. You can keep delete as a manual option where you have to hit the delete button to make an episode go away, but you can also set episodes to delete when they're completed. If you don't feel right having them go away that quickly, you can set them to delete 24 hours after they're completed. Now, I'm fascinated that this 24-hour delay exists because I never think of a podcast episode is precious, unless it's one I created myself, of course. But people must like this feature or you wouldn't have designed it in. As if this wasn't enough control, you can set this method of deletion on a per-podcast basis. You can always get them back. They're still in the feed, right? Oh well. Every podcatcher has a seek back and seek forward button, and with Overcast, you can change how many seconds it goes. I very often want to go back to hear what someone said, so I set my seek back to 15 seconds. But I also like to skip ads, so I set my seek forward to 60 seconds. By making one a multiple of the other, I can go forward 60 seconds once, and if I hear the show is resumed, I can jump back by 15 seconds, and I know that if I hit it four times to go back, I'm back where I started. This can be useful if you've done, say, 120 seconds and you want to go back, back, back, back, back. Now, speaking of seek, Marco added a wicked cool feature to Overcast.
[49:22]Undo Seek. This feature is most useful if you accidentally hit the progress bar and the podcast jumps to an unknown location. For a few seconds, you'll see a Go Back button on screen. I wrote in the show notes that I guarantee I'll be using it. I used it today. Go Back is available when you jump chapters, too. Now, still in settings, you can change the theme to always be dark or choose from 15 different colors for light and dark themes. I chose a nice purple, as you can see in my screenshots, but you do you. I talked at the beginning about how you have these little cards for recent episodes, but if you don't find that useful, you can just toggle them off under Customize Home Screen. If you don't use Playlists, you can toggle those off too.
[50:03]One of the useful but oddly named sections of settings at the very end is called nitpicky details. By default, Overcast will auto-play the next episode in a playlist or in a podcast with more than one episode, but you can set it to stop after each episode if you'd rather do that.
[50:19]Overcast has a smart resume feature that rewinds slightly after pausing and even slightly adjusts the seat to fall between words. That's a lot of math going on there. I love this feature, especially if I'm running Apple Navigation because she keeps stopping my podcast to tell me where to go and with Smart Resume I don't miss anything. She backs it up enough that I can hear it. If you don't favor Smart Resume though you can toggle it off. And we talked about the seek settings a moment ago where I recommended you set your seek forward to be an obvious multiple of your seek forward time so you can get back to exactly where you were. A while back I noticed it wasn't always going back to where I started. That's because of a feature in settings called Seek Acceleration. When this is turned on, it will increase the interval when repeatedly seeking to skip time more quickly. It's a cool feature now that I know what was causing it, and you can toggle it off if you don't favor it. My engineering brain cannot live with this on. I had to toggle it off. Now imagine you have a playlist that has specific podcasts at the top that you want to listen to first. Now you've gone down to a lower priority show. When that one is done, Overcast will move on to the next one down. But you can override that in nitpicky details with the PlayTop Episodes Next toggle, so if a new one has showed up, it'll jump back up to that one. Guess some of these are really nitpicky.
[51:39]Overcast has its own built-in browser for opening links from podcasts, but you can change the behavior to have them open in your system browser, which is a very nice way to be. This control used to be labeled Open in Safari, so it's cool it recognizes people may have changed their default browser.
[51:55]I've never noticed Overcast using haptics, but evidently they're there because you can reduce them. There's a toggle for icon badge number, and in just delightful snark, Marco says, show the number of unfinished episodes on Overcast's icon to add stress to your life. I love that. Now, this toggle won't do anything unless you go into your device's settings, notification, find Overcast, and then toggle on badges. When I did it, I had 85 unfinished finished episodes. I definitely turned that one back off. At the very bottom of nitpicky details, there's an interesting graphic explaining the remote episode skip toggle. It shows almost like a Morse code level explanation of how your headphones allow you to click once to play pause, twice to fast forward by your chosen amount, triple click to seek backwards, but then there's a click and hold for next podcast and a double click and hold to go to the previous podcast.
[52:49]I find using my Beats Fit Pro headphones to click and double-click is pretty easy, but triple-click to go back is pretty hard. I don't go to the next or previous podcast often enough to remember the sequence, but if you're that good, you'll be glad it's there. I promise, we're in the homestretch here, folks, but there are just a few more things in the main settings area to go through. You can send feedback from right within the app settings, and there's a link to head straight to Rating Overcast in the App Store. In the previous version of Overcast, you could import an opml file of podcasts exported from another podcatcher. As of the time in this writing, he has not yet implemented this feature, so if you're looking to switch from another app, it's not quite time for you. Again, I don't know he's going to put it in, but this seems like a pretty big important feature. I imagine he is. Now, you could just declare podcast bankruptcy and start over and jump into Overcast. Now, the final thing you'll see in settings is how much smart speed has saved you beyond speed adjustments alone. I've saved 95 hours so far, and I was really proud of that number until other Nosilla Castaways started piping up with numbers five times or even more saved than I had been saving.
[53:58]Now, if you're an iPad user, you'll be delighted with the layout and design you now have with the new version of Overcast. I'm not going to go through the layout and how it's different from the iPhone, but I did want to mention that it's much more iPad-friendly now. Additionally, remember that the iPad app will run on your Apple Silicon Mac. And I did notice I had to delete Overcast and re-download it from the App Store to get it to run on my Apple Silicon Mac, and I think that's because I'm running an iPad app and I'm actually in the App Store store for the iPad app, and it's a little janky, and that might be why I had to download the new version after deleting it.
[54:33]Okay, the bottom line is that Overcast is a terrific podcatcher, even if you have simple needs to subscribe and play back shows, but it really shines for the power podcast listener. If you want to listen more efficiently and with better audio, SmartSpeed and VoiceBoost are great features. The redesigned address is a lot of the confusion, and I think it makes it much more intuitive now. If you want to customize your experience, Overcast is there for you, but if you want to use it as it comes out of the box, it's great for that too. You can use it for free with ads or throw the developer a measly 10 bucks a year. And one more thing I like about Overcast, which you might appreciate. When I'm ready to post my shows, I hit publish in feeder, which publishes the new RSS file to my feeder, my server, I should say. I immediately pick up my iPhone, I open Overcast, open my show's feed, and I pull down to refresh. If I've done my job correctly, the show instantly begins to download an Overcast. I do not know how Overcast can do it so quickly. In contrast, Apple Podcasts can take tens of minutes to be ready to download, and that was before they started adding automatic transcripts. One more reason that I love Overcast.
[55:40]
Support the Show
[55:40]I'd like to give a big shout out to Kenneth Kleinman for yet another generous donation to the podcast. He went to podfee.com slash PayPal and chose a dollar amount that demonstrates the value he gets out of the show. Thank you so much, Kenneth, for your continued support.
[55:55]
Security Bits – 21 July 2024
[55:56]Music.
[56:04]Well, it's that time of the week again. It's time for Security Bits with Bart Boosh. How are you doing today, Bart? I am doing fine. No news this week, right? Nothing to talk about? I don't think so. I don't remember anything big. Yeah, antivirus didn't take out half the planet or anything. No, okay, good. I don't think it's going to be a buy your sysadmin a coffee week. It's going to be buy her a bottle of bourbon week.
[56:30]And not just the sysadmins. user support actually more than the sysadmin system. But we'll get to all that. We have a lot of stuff in the feedback and follow-up section. So these are long-running stories we've talked about before that have had some developments. We talked recently enough that Kaspersky were basically being given no choice but to leave the United States because of... I can't remember which of the US government departments, but anyway, they were basically told, no, you can't do business in the United States. And surprising no one, Kaspersky... They're Russian? Yes, they are. They are Russian. Okay. And they, like antivirus by its nature is rather invasive. So it's kind of a big trust. So I'm, you know, I'm not sure they've broken that trust, but I can see why you might be nervous about it. So anyway, it's official. They are leaving. They have started the process. But as a little goodbye present, you can get six months for free of their software, which is an interesting way to keep your fingers in everyone's operating systems for six months after you've been banned from selling it. So I'm not sure how I feel about that. Are they allowed in the EU? At the moment. Okay. But I wouldn't, I wouldn't, yeah, I'm not sure that America's lead will not be followed. Okay. Seems likely.
[57:50]Google are not the only company having a difficult time keeping their advertisements free of malicious stuff. Facebook ads are the latest to be hit. Offering users Windows desktop themes, which are actually info-stealing malware. So make your Windows desktop pretty. Oh, yeah, we have all of your data. Oopsie. So are these like phishing sort of malware? Well, no. So it's a Facebook ad for some sort of app that promises to make your desktop pretty in some sort of a way. Okay, so you download the app and it does. Okay. Yeah, it will make your desktop pretty. And that's all. I heard something I haven't seen an absolute source for, but that said that the phishing attacks used to be primarily an elderly issue, but now the predominant amount of money is coming from people who are middle-aged.
[58:44]I don't know how it is in terms of attacking regular folk, but I know that in a corporate IT setting, it's very, very much starting to hone in towards what they call business email compromise, where you steal someone's details and you don't attack them. You use them to monitor inbox for a while, see what's going on in the company, and then inject yourself into a real conversation with some not so real things like, oh, yeah, we just had a thing from that vendor. or we need to change the bank details urgently. And you know the bail is due on the 4th Thursday. And you know all those names. All the names, you know the cadence, you know absolutely everything about it. You know the way your boss signs their email because they love smiley faces or they detest smiley faces and they always use formal titles. Whatever quirk your boss has, they know it all. And it comes from you. Oh, geez. Oh, yeah, it's nasty stuff. So that is certainly a trend because, strangely enough, it's very lucrative.
[59:42]Follow the money we have also talked a lot about developers being targeted in watering hole attacks which is basically rather than trying to find the people you're attacking the baddies hang about in places the people are interested in will tend to congregate anyway like bison will come to a watering hole and one of the big places is package repositories and so I'm probably going to stop talking about these on the show now because this is just background noise. So to finish up, this will be the last time we talk about it probably and something stupendous happens. But jQuery is something we in Programming by Stealth have used. And I have said, you go to the jQuery website and you copy and paste the instructions from there and then you will get the right package from NPM or JS Deliver or whatever you're using. And that's a really good advice now, double, triple so, because typo-based fake versions are all over the place and they're full of Trojans because you are installing them. So be careful. NPM, GitHub, JS Deliver all delivering Trojanized versions of jQuery sitting on little typos. So careful, careful. If you're in the Windows universe and you're writing PowerShell or .NET code you will be very familiar with a wonderful place called Nougat which I guess is supposed to make it sound like that charming dessert.
[1:01:06]And 60 malicious packages found in there that were trying to be snuck in. Again, lookalike packages. I think it was AWS modules that were similar to Amazon's official packages, only not.
[1:01:19]So as I say, this is now a thing. So I'm now counting it as background noise and I'm going to stop doing it every week. But just know that this is not going away. This is now a new reality. So be very careful when you're getting code from other people because it may not be who you think. And what I like is here is you said the way to be careful is go to the source. Yeah. Yeah, which is advice I've given a lot in lots of contexts, actually, isn't it? Yeah. We're fishing. Go to the source. Is this from my bank? I don't know. Go to your bank, log in and see if they really want you. Go to your phone, use the phone number you have, right? Go to the source. It's the answer to a lot of things.
[1:01:56]We have said many times that when your internet connected devices reach the end of their support from their vendor, they go in the bin. Just to underline the point APT40 so APT is Advanced Persistent Threat basically hackers who are the Chinese government are using vulnerable routers tend to be the ones used in small office home office setups to launch all sorts of malicious activity so that is now they've been caught in the real world using these vulnerable routers to do their evil stuff so if you don't want to be used to attack your government or democracy or whatnot not don't run a vulnerable router they may not be attacking you but do you really want them using your stuff to to be nasty to people no and they could attack you too for for that matter um and then um a warning from the mac observer that there seems to be an uptick in uh targeting apple users.
[1:02:55]With uh wait sorry wrong story uh that's coming later um what we have here is the cat and mouse game between Apple and the grey hat hackers like Celebrite who you can buy a little box to break into older iPhones we've suspected for some time. There's been another little data leak where a manual has leaked online and it would appear that if your device is running a version of iOS newer than 17.4 they are locked out at the moment. So yay. Yeah these guys are known they're the ones that were able to the break into the phone of the guy that murdered the guy at the Trump rally. And he's, but his phone was an Android phone. Oh, okay. So, yeah. So he probably couldn't update it. Probably couldn't update it. Depending on which Android phone. Yeah, really good chance. Yeah. Interesting. I hadn't heard that particular angle of that. Lovely story. Okay. So that brings us to our deep dive, which I have called the Confused CloudStrike CloudStrike and Microsoft kerfuffles.
[1:04:05]Because the media... Best understatement of all time, kerfuffle. Well, the grand scheme of things, that's what it'll end up being. But right, you know, on the morning, it certainly seemed pretty bad, and the media got very confused. And it's not really the media's fault, because two mostly disconnected outages.
[1:04:22]Happened overnight the same night. And I say mostly disconnected, because just to add a little bit of confusion, they meet again at the very, very end.
[1:04:30]So I'm going to just go through what happened in the order it happened, and then we can talk about what it means. So the first thing to happen is that Microsoft made a configuration change to one of the regions of their cloud service, which they call Azure. It just happened to be the region that serves most of the continental United States of America, i.e. Their central US region, if you use Azure at all. And their change caused virtual machines to respond overly aggressively to a temporary blip in their connection to their storage because when you're living in a cloud universe you have giant big server racks full of hard disks and giant big server racks full of CPUs and they're not the same one so when you have a virtual machine its actual storage could be 500 hundred miles away from the CPU. So there's obviously a network connection between the virtual machine and its actual disk storage and that can get interrupted briefly. And what's supposed to happen is the machine is supposed to pause itself for a while and only after it's been paused for a while does it give up and do some sort of a reboot to try a different storage or whatever. But they made a configuration change and the end result was something went wrong and the virtual machines got really really pernickety and started rebooting at the drop of a hat. The tiniest little blip in their connection to their hard disk and they just reboot it.
[1:05:54]So the end result is that the compute resource fell off a cliff. The amount of available CPUs at any moment in time fell off a cliff because half of them were in the process of rebooting for no really good reason. Which put a lot of strain on the remaining virtual machines. So that had two effects. A whole bunch of Microsoft's first party services just became overloaded because there there were not enough virtual machines in the background to make them work. So Teams and Xbox Live were the ones that seemed to get the most press, but they became laggy and glitchy and icky because there just weren't enough machines because they were busy rebooting for no reason. And the other thing that happened is the services Microsoft sell to corporations, your software as a service, that also became overloaded because there weren't enough virtual machines to power these services. And the one that really seems to have gotten hammered was something with a weird name that doesn't tell you anything, the Power Platform. Power sounds good. But what it actually is, is business logic in the cloud. So if you have business logic, nowadays you don't even have to have a server. You can have serverless business logic. You write a function that says what you want to do, and you just put the function in the cloud, and the Power Our platform will execute the function. In reality, it's happening on a virtual machine, but you're not worrying about it. You've just written the logic and the cloud takes care of it. But when there aren't enough CPUs, your business logic stops.
[1:07:24]I don't know what business logic is. Is that a term I should know? It is the generic term for a front-end or a back-end system does something and it changes something. So business logic is I've clicked checkout on a shopping cart. That's business logic. A user paid an invoice, therefore I need to mark them as paid. That's business logic. It's the most generic term. Super generic term. Gotcha. Yeah. The thing that makes my business a business is business logic. And so you can have it all just existing as standalone functions that just magically happen in the cloud but if there ain't no cpus way happening so i want to book a flight oh the cpus have all gone can't book a flight now i want a list of all available flights well that's business that you can't get those i want to pay this invoice can't do that so a whole bunch of businesses would have had their their back end evaporate so whatever it is they do they're not doing it now So that's not great. It's really cool tech, by the way. The Power Platform is really quite impressive. But if it ain't got CPUs, it's not doing very much.
[1:08:34]So Microsoft dealt with their first-party stuff by redistributing the customers who normally would use Central US to other data centers. And that has the effect of overloading those other centers so things get a bit slower, and they're physically further away. Way so the latency goes right up so yeah we may have managed to find some resources in mexico which will help you in north carolina to do your team stuff but actually you're now dealing with a one or two second latency as we go down to mexico to do the work we used to do right next door to you and i don't know where i don't know where the physical u.s central data centers were but the whole region was messed up so that would have degraded services by the time i woke up in the morning and I heard on the news a Microsoft outage I immediately went to the health page on the Microsoft back-end tools and I was afraid to see lots of reds everywhere and what I actually saw was mostly greens and just some oranges and the biggest orange left was the power platform the teams and stuff had gone back to green so by the time I woke up the biggest panic was over and And the power platform was still on orange, which meant degraded, but it's up. Stumbling along under the weight. Yeah, and the thing is...
[1:09:49]Microsoft don't do things any differently to Amazon. So Amazon, Microsoft, Google, they all break their service into regions. And when you buy software as a service, you can choose how much resilience you want. And you might think, oh, we just take full resilience. But that choice has literally a price tag, a rather substantial price tag. So the cheapest resilience is none. The most expensive resilience is geo-redundancy. So your whatever it is exists simultaneously in two completely different parts of the world, and you have one second failover between those two. That costs you a lot. So most people opt for the middle ground, which is resiliency. So you can choose, but like if you're a hospital, you might choose full redundancy. But if you're, you know, selling widgets on Etsy, you might not.
[1:10:43]In fact, not only do you get to choose per organization, you get to choose per specific thing. So you might have a dev system where you pay for zero redundancy and a production database holding up your patient systems where you pay for the world's biggest redundancy. So you get to choose very granularly. And a lot of people choose the middle ground, which is redundancy in the data center level. So U.S. Central will consist of five or six physical data centers, which are spread across the central part of the U.S., but they're part of U.S. Central. So when you buy the middle tier of redundancy, any one data center can go down within US Central and you'll be fine. But if the whole of US Central goes down because the whole of US Central got a dodgy update right at the same time, you're not paying for geo redundancy. So downsy daisies. Maybe they shouldn't do updates to a whole region at the same time. But they have to. That's why the regions exist, right? You have to break your world cloud into pieces of a certain size. There are certain operations that have to happen. So you have redundancy within the region so certain changes you can only make within the region that sort of, There are some changes big enough they have to happen at that scale. That's why they sell you these different sizes of redundancy. It's an engineering problem.
[1:11:55]Yeah, anyway. The point being, it is a perfectly reasonable business choice to take the risk of a region going down in exchange for not having as much expense. But the price you pay is you have taken on a risk. And I think a lot of companies assume the risk is hypothetical, which is a silly assumption to make because we've had Amazon regions go down we've had Google regions go down why wouldn't Microsoft regions go down? And then you realise who is and who isn't making the choice. Anyway, so that wasn't too big. But none of this, this is just a small problem. This is a small problem. Relative to what actually, to what else happened. Yeah, it wouldn't have made that much news. It would have been a, I would have known about it maybe Bleeping Computer would have made a few headlines but that would have been it. It wouldn't have been a drama because Amazon has had bigger outages, Google have had bigger outages, it wouldn't have been a huge thing. But at the same time, on the other side of the world, the Australians and the New Zealanders were waking up and going into the office. And some of them had a really horrible surprise when they arrived at the office. Not only were their desktop PCs on a blue screen of death, so were their servers if they were running Windows. So imagine losing Windows desktops on servers simultaneously.
[1:13:11]For a lot of organizations, they can just go skateboard for the day or go surf or something because they're not doing any business. My mother always used the phrase, everybody goes when the whistle blows. Right. So initially there was a lot of confusion because it wasn't every company. It was just some companies where everything was gone. And eventually someone joined the dots and were like, oh.
[1:13:38]This is customers of CloudStrike, who are an AV company that home users probably never heard of because they don't care about you. They sell very advanced AV to people with really deep pockets. You don't mind a couple of zeros on the end of the bill. We've been talking about CloudStrike for quite a while, right? Have we? Is this? Oh, okay. Then I'm thinking of a different company. Nevermind. Keep going. I don't think we've talked about them on this show together because the product they make is very niche. Cool. Okay. It's very niche. And it tends to be targeted at really, really big companies. So when they have a problem, the effect, the selection effect means you end up with media organizations who really don't want downtime, airlines who really don't want downtime. So you have media companies, Sky News was off the air here in Europe. That was, that was quite dramatic. And British Airways. So travel disruption makes news. And the media love talking about about problems that affect the media, because who doesn't? Like, I like things that affect IT. If you work making widgets, you're going to be really focused on things that are affecting widgets. So when something happens to media companies, the media really focus in on it. And when something happens to travel, the media focus in on it. Airlines, media companies, and hospitals were the biggest victims. Yeah, it was big news.
[1:14:52]Bart, no, the biggest news was we were not able to order ahead on our Starbucks. We didn't know why. We had to go into the store to order for Starbucks. Yeah, I know, right? Were the coffee machines working? Yes, yeah. It could have been worse. Could have been worse. But that is literally the first thing we noticed. We're like, why can't we order ahead?
[1:15:16]So what we eventually discovered is that an update was pushed to CloudStrike's FalconStrike product. Okay. And it caused Windows to have a blue screen of death, at which point it would try to reboot, load Falcon Strike, have a blue screen of death, try to reboot, load Falcon Strike, have a blue screen of death. Yada, yada, yada. I wonder if you'll be able to see the energy impact if you had a graph of all energy usage across the globe and you see this blip as everything's going reboot, reboot, reboot, reboot. That's got to use a lot of energy. That's true, actually. Yeah. Yeah, because I thought you were going to suggest a drop because all the computers were broke. But no, it's the opposite because they're all too busy rebooting, cycling themselves. Yeah. So it didn't take CrowdStrike long to stop pushing the bad update. So they stopped making the problem worse quite quickly.
[1:16:10]But it's actually a really difficult problem to fix. So in my show notes, I go about this the opposite way that I'm going to say it in English. But for servers, this probably isn't actually that big of a problem because nowadays most servers are virtual and most virtualization platforms have a feature called snapshotting. And unless you love risk, you'll probably have daily snapshots, if not hourly snapshots. So for a Windows server, you can probably just roll back the clock. But you have to do it one at a time, don't you?
[1:16:41]Well, on a virtual machine platform, you could probably do a select all. Like if I was doing this with my work hat on, I know exactly what interface I go to. I could type a search string that says where operating system equals Windows, I could do it in about five minutes. They would all take, I mean, it would take some time for the physical snapshotting to take place because there will be physical hard disks, which will be limited in capacity. But I could trigger the process in about five minutes. And then depending on the disk read-write speed, it would take an amount of time. But it would be not that big of a deal. The desktops are the problem. But again, you could be Azure or something. Oh, really? Really? Because you can't push out an update because they're busy rebooting. Right. There's no management platform. So in corporate IT, you would do something over PowerShell or you would do something over a group policy object or something, right? You'd use your Active Directory domain to do something. But all of your tools are broken until the machine boots. None of these machines will boot. The fix is you boot into safe mode and you delete one file. So you might think, well, okay. That's on a per PC basis physically, isn't it? It is. So you might think, well...
[1:17:54]Give instructions, right? Can you remotely boot into safe mode? Or do you have to be at the keyboard? You have to be at the keyboard, but not only do you have to be at the keyboard, you have to have local administrator access to your PC. Which users don't have anymore in businesses. Bing, bing, bing. The more likely the business is to need CrowdStrike, the less likely it is that they have local admin access. In fact, I would say the set of people who pay for CrowdStrike and who have local admin access is zero because you won't get cyber insurance if you allow local admin access. That is on the questionnaire. In that really long lesson you gave us about the Microsoft products and how they can give you privileges for a certain amount of time at a certain day because based on your source code that tells you you're in finance, you're allowed to access this server, could they push out something that said, okay, everybody has admin rights for the next 20 minutes? And then over the loudspeaker go, everybody reboot.
[1:18:54]Unfortunately, in order for that push to be received, you could push it. But for the push to be received, the machine has to boot far enough to phone home and ask, what instructions have I been sent? The boot, the error was too early in the boot process for any of the management tools to fire up. So there are people from IT, they've probably recruited people from every department they can find, given them a quick training session. To scamper around? Yeah. Holy cow. It's, oh my God, right? What a mess. What a mess. Well, there's got to be a lot of machines not working yet. We're recording about 24 hours after, maybe 36 hours after this happened. Absolutely. People are expecting that the less important machines may not be back for days. Yes.
[1:19:43]You're going to go after the really important stuff? So I talked to somebody who has employees who work off-site who have company-issued laptops. And they couldn't get into the company-issued laptops. And one of them she talked to, she said, okay, well, you're going to have to come in. Well, this person actually drives in from Mexico to San Diego. Yeah. But she couldn't get through border control because of CloudStrike.
[1:20:10]It was a it was like a six hour wait to cross the border they were probably doing it by hand with a pencil yeah and but uh this person said every employee she talked to like this one all right i'm going to the beach talk to you later yeah i mean they had to take vacation days because it was a privilege to work from home though oh god that's okay that's really the worst of all worlds here geez well no no no but they were all happy about it nobody complained everybody went went, all right, I'll take some PTO. I'm good. Okay. The first thing I heard in the morning was the radio presenters very good humoredly saying, it's a good thing this is radio and you folks can't see around us because it is a mess of post-it notes and scrolls of paper. And we're really flying by the seat of our pants this morning because all of our digital systems are gone, but we're on the air. So they didn't have any heads up displays with their script or whatever Whatever you call that. Yeah. Every now and then you can hear the rustle of actual paper being picked up by a stray microphone somewhere. But they were really good natured about it.
[1:21:13]Yeah. I wonder how the TV news did. Well, Sky News was off the air. And Sky News is one of our biggest. That would be like CNN being down in the States. Sky News is one of the biggest ones. People show up in the background. We've got recordings from yesterday. I may go back and look at what was the news doing at 7 a.m. yesterday. Yeah. So it was quite the thing. Anyway, so I said there was a final twist back that connects all this back to Microsoft to add a little frisson of extra confusion. Frisson. Another service you can purchase from Microsoft is what they call Windows 365, which is virtual PCs in the cloud. And then what you give your employees is dumb terminals, which is very retro in many ways. But instead of it being dumb terminals to a giant mainframe in the basement, it's dumb terminals to the cloud. And so you can have an iPad where you just have a window into your PC and you're working away on your PC and your iPad and then you put the iPad down and you pick up your laptop and you work on the same PC from your laptop because all you have is a dumb portal. You can do that as a normal human too. You can rent that as a service. You can, but I looked at the price and I decided I'm not. Yeah. I thought it'd be fun to try, but it was like, nah, you're charging too much for that. Yeah. So there is definitely bulk discounts. And there is also a very different price in terms of how much maintenance and hardware. so at a corporate level it's actually quite a sensible product but for I briefly gave consideration to what if I had a Windows PC this way and I stopped using Parallels and stuff and I went yeah no no no no.
[1:22:42]But anyway, if you use that service, then all of those virtual PCs will be onboarded to your corporate management infrastructure. So if you're a corporation who buys CloudStrike and you buy virtual PCs in the cloud, those virtual PCs will be onboarded into all of your AV just like your physical PCs. So all of your virtual PCs were virtually rebooting all morning. And so they were just as messed up as your physical PCs.
[1:23:10]So that also said, oh, Microsoft 365 is down. No, the people using CloudStrike on Windows 365 are down because they were using CloudStrike. So that was one excellent result of confusion. So this brings us to, okay, Bart, lessons. Can we learn any lessons? I'm going to start with... Wait, you skipped over the sting in the tail. Oh, I did, yeah. Yeah, so when there's a hurricane or a war, the first thing that happens is all the naughty people on the internet start trying to fish people in some way or con people in some way. It's already happened with CloudStrike. There are fake emails arriving into corporate inboxes that look like they're from CloudStrike offering a fix for Falcon Strike that is not a fix for Falcon Strike, that is proper malware. So, yeah, this happens every time it's happening already. ready. Don't be surprised.
[1:24:03]Right. Shock, shocking news. This just in. Bad guys do bad things. Sorry, bad actors do bad things. Yeah. News in, water is wet. Yeah. Okay, now we're allowed to have lessons learned. Yeah, so I'm going to start with the easy lesson. What can we learn from Microsoft's outage on the Azure region for US? We can learn that when you choose to trade off risk for money, the risk can come to pass. Be careful trading off risk for money. It's not a hypothetical in a drop-down. That drop-down has actual physical real-world meaning. It means that your data is physically in different parts of planet Earth depending on the drop-down. And your bank account has different amounts of money depending on your drop-down. So it's a very important drop-down. Think about it. Put real intention into it. Large businesses will do this automatically. A lot of small companies are moving to the cloud to save money and may be making that choice unthinkingly. Don't make the choice unthinkingly. It is perfectly legitimate to choose to accept a risk, but you are choosing to accept a risk. Right, I'll bring this to the much harder question. What about CloudStrike? Like, I am sure there are people right now declaiming loudly on the internet that clearly they're already wrong. They started with the word clearly.
[1:25:21]Clearly, this is CloudStrike are idiots and you should just stop buying CloudStrike. The whole thing is clearly down to some idiot doing something spectacularly stupid. It's way more subtle than that. Way more subtle. There's a couple of things going on. So the first obvious thing is we don't like having all of our eggs in one basket. That is why you have a dropdown to choose to have your stuff duplicated over multiple geographically separated regions. That is why you can buy products that take one piece of code and put half of it on Google's cloud and half of it on Amazon, or a bit of it on Amazon, Microsoft, and Google. You can actually separate your app across multiple people's cloud, which is even better than separating it across different geographic regions within the one cloud. It's uber-resilience. What are the chances that AWS Central US goes down at the same time as Microsoft Central US? So you can throw money at these things and do really cool stuff by not having your eggs in one basket. So you might think, well, antivirus is catastrophically important. Why don't I mix and match?
[1:26:24]The problem is it stops being effective antivirus when you mix and match. Because to have any chance of an effective, responsive antivirus, actually functional cyber security operation in your company you need a single pane of glass you need to have a platform that works as one so the these are eggs that just need to be in the one basket otherwise you have no eggs so you can either have the risk of a really really bad thing happening very seldomly and when it does happen everyone else is suffering too so no one's going going to blame you. They're going to blame the vendor. Or you can have a terrible cybersecurity infrastructure all day, every day, meaning you're going to be in the news as a data breach person, promise you.
[1:27:11]So let me ask one question. Let's say I've got a big fat company, I'm paying CloudStrike. Do I have any way of testing their updates before I receive them? No, because this is why CloudStrike's product is fascinating. And it's the second trade-off. So our first trade-off is either I put all of my eggs in one basket or I have a terrible cybersecurity infrastructure. So that's an easy trade-off. You put your eggs in one basket. CloudStrike's product does a different trade-off. And it's directly related to testing. It's directly related to this question. So, if you're a, the bigger you are as a company, the more valuable you are as a target. And so when a new flow is discovered, it's a valuable resource, right? A bug Microsoft don't know about yet is really valuable. So it will be used against the big fish.
[1:28:08]If you're a big fish, your biggest risk isn't the vulnerability we discovered a month ago. It's the thing we don't know yet. And so CloudStrike's product is tailored to people who are likely to be first targeted. So their product is mostly in the cloud with a very, very thin agent on the device that is constantly phoning home with telemetry about what's going on. And they have stupendous AI resources looking at everything going on. And they can detect an attack we don't know about yet in close to real time.
[1:28:42]Develop a fix and push it down to all of their clients in close to real time. If they did zero testing, they could push it down in real time. That would be really dangerous. So they have a massive bank of automated test suites that delays the response. But that's a trade-off. How much testing do we do? because every minute we're not deploying this response, our customers are at risk. But if we rush the testing, our customers are at risk. So that's not an easy dial to twiddle. It's a really difficult dial to twiddle. And that's the beauty and the problem with CloudStrike's solution. I don't know of any other way to protect against emerging threats than a real-time solution where updates happen very, very quickly and very, very often. It still doesn't mean that they won't get their pants suit off.
[1:29:38]I mean, think of the lost money for the airlines, I mean, for businesses. I mean, I see a class action lawsuit, don't you? I certainly see a lawsuit being attempted, but I don't see one succeeding.
[1:29:51]So this is something that was discussed on, so there's a business podcast I've never recommended here because it's so focused on business and most people don't care. But they actually did a detailed dive into this. And generally speaking, the contracts will be written in such a way that unless there is negligence by CloudStrike, they're not going to have a case. You buy insurance against risk that is not caused by negligence. All of these companies are insured against this. They will get their money back, but it won't be from CloudStrike. It'll be from their insurance provider.
[1:30:22]Unless, upon investigation... Actually, we should just make a little bet on that, that we have to remember to check in on 12 years from now. And then we win on negligence. Well, that's the question, right? Just because somebody doesn't understand. There is going to be, we don't know, there is a lot we don't know right now. So all we know is the effect of what happened. Something snuck through the cracks on testing. But did it sneak through the cracks? Because these things tend to follow what we call the power law. So small whoopsies happen very, very, very often. And big whoopsies are very, very rare. But they're not 0% chance. The other thing that follows the power law is asteroids. Lots of small rocks hit the earth every day. Every couple of million years, we get hit by one big enough to kill the dinosaurs. Cloudstrike may have gotten unlucky and got hit by the dinosaurs. Or there's a fundamental flaw in their system and they really, really, really deserve to be sued out of existence. Or something in between. And until there is, there's going to have to be a third-party run investigation and I cannot see how the company can exist, can continue to exist, if they don't publish it.
[1:31:36]Because how else can they get new customers? Right, right. So I think we're going to see one of the big, well-trusted outside companies doing a detailed investigation and we will get, at the very least, a business, you know, an executive summary of that report. And their paying customers will probably get a spectacularly detailed report. I've seen some of these after incident reports for other things. They can be mind numbing. But they will be detailed. I promise you that. All right. I just want to make sure anybody who finds out about the class action lawsuit, I do want to join it because of the issue with the Starbucks ordering. So, all right, we can move along now. I'll stop making jokes. Right. So one other little detail that you pointed me to is that this is not the first time something has snuck through testing. Earlier this year, they also broke. They?
[1:32:34]CrowdStrike. CloudStrike, yes, sorry, just to be clear. CloudStrike also broke, not at the same time, but separately, two distinct flavors of Linux. So that's a much more small-grain problem because it's not just that they take out all of Linux. It wasn't even all of Linux. It was just Debian on one occasion and just, oh, was it the new Cloud Linux? Rocky Linux. Rocky Linux, that was the one, yeah. So that was a much smaller whoopsie, but it was still a significant whoopsie. So we don't know if those warning signs meant that right now there is a solution 85% engineered because they got the message three or four months ago and have been working really hard to remedy their problem and they got double unlucky. Or if they were blasé about it and ignored the problem because the media didn't shout. Both of those could be true. Sorry, either of those could be true. But I thought this was an important point just because our instinct to be snarky and go, well, that could never happen to the Mac. You know, well, if it happened to the Linux, it could happen to the Mac, so of course it could. Of course it could. Absolutely it could. The time for that snarkiness is over. I still have a problem with a monolithic culture of technology that is one of the root causes of this. I mean, if...
[1:33:56]If they had been, you know, half Macs and half Windows and half Linux and half Windows servers, then it would make the day-to-day IT job much harder, but everybody wouldn't have gone when the same whistle blew. And you're right. So I have a point in the show notes where I finally come down and there is something we can take away here that's practical other than it's trade-offs all the way down. So if you take it as a given that you have to have one AV provider because otherwise you don't have a robust cybersecurity infrastructure, structure. That doesn't mean you have to have one desktop OS and one server OS. It means that you need to give your users a choice of desktop that is supported by your choice of AV. In the real world nowadays, that means Windows, Linux, or Mac, which seems like all of them. And in terms of servers, server AV will happily run on Windows, Linux, or Mac. So actually, you can't choose to pick lots of AV vendors, but you can still hedge your risk by having a heterogeneous environment in terms of your server and desktop architecture. So that would be my takeaway. I remember having this argument with our CIO 15 years ago.
[1:35:05]She didn't buy it. It's an argument I see all the time, Alison, because you're right. There's risks to being monolithic and there's value to being monolithic. And that means it's a management choice. And management may not have the same priorities as the techies do right right so it's more expensive nope right yeah well actually zoom out a bit and the catastrophe of going down like this is actually more more expensive so depending on where you put the zoom level your choice may actually be quite different yeah i could see you'd still end up with like finance went down because they're all windows Windows, but your HR and comms, they're all up because they were all on a Mac. And then engineering's still up because they're on Linux or something like that. It could still get weird. It could still get weird. Look, it won't be a good day, but it'll be a less bad day if you're a bit more heterogeneous. Yeah. Definitely. Yeah. All right. One of the things people might have said was, these CloudStrike people, are they some sort of fly-by-night operation? I decided to nail my colors of the mask, and I went and looked at the Gartner review view of CloudStrike. If you work in corporate IT and you don't want to be fired for a choice, find a Gartner quadrant that agrees with you. And management can never be cranky at you. It's the old, you know, no one ever got fired for buying IBM. No one ever got fired for following a Gartner report. So I went and looked at their Gartner. 4.8 out of 5.
[1:36:33]So, no, that's not a fly-by-night operation. And that rating is based on reviews by customers. They like CloudStrike a lot. I'll be very curious to see the updated score one year from now. But, you know, the most recent score is 4.8 out of 5, which is pretty darn good. So they are world-leading AV providers. The other thing that happened is humor happened. Now, XKCD is usually timeless, and I have never seen XKCD respond to a news event within 24 hours. They did for this one. There is an XKCD of someone on a scooter pulling someone in an office chair around the office because, well, what else are you going to do? Everything's down.
[1:37:17]Yeah, that reminded me of the person I was talking to who said to everybody just went on vacation. Yeah. And then also Kultimac linked to a blue screen of death screen saver to put on your Mac so that you can basically do nothing all day and have it my machine's look blue screen of death look, because we want to we want to take vacation too I love it that is hilarious, actually it's a wallpaper not a screen saver but I love it yeah either way it's so good right and if it's big enough to be a wallpaper it's big enough to use as a screen saver it's got enough pixels anyway, that is That is our, I don't know, I did call it a deep dive, not a security medium. Okay, I'll give it that name. That was quite deep. But it was kind of the biggest thing to happen all week. So worthy of it. So, action alert. Patch Tuesday. It has been and gone 142 fixes, four zero days. Patchy, patchy, patch, patch. If you can. Well, Windows land, so you can. Not Android. No, no, no, no. I mean, if your machine's out yet.
[1:38:24]Sorry now i'm with you yes yes if you're not on a blue screen of death patchy patchy patch patch, um one of those four zero days we now know in hindsight has been in use for a year so patchy patchy patch patch um it will be in limited use of course because that's how it stays in use for a year without being noticed against those people who need to buy something like cloud strike so So there we are. Anyway, we can tie it all back. If you're a Netgear user, they are warning their users to patchy, patchy, patch, patch for an authentication bypass bug that basically lets you administer the router with no password. And it particularly affects some of their Nighthawk high-end gaming routers, which they're actually, they look cool. I know a couple of people with Nighthawk routers. They're lightning fast and they look really cool. Nice routers, patchy, patchy, patch, patch.
[1:39:16]Moving us on then to worthy warnings, it has been a bad two weeks for data breaches. So we start off with just a little thing. AT&T may have leaked call and SMS metadata for millions of their customers. Very strange dates on this. So your SMS messages and your calls between the 1st of May and the 31st of October 2022 and on the 2nd of January 2023. Those were the two data sets that got leaked. Very oddly specific data sets, but okay. And they were left lying around in Snowflake, which you may have heard of in recent weeks. Oh, maybe it was Snowflake I was thinking of when I said, haven't we been talking about CloudStrike? So AT&T was a customer of Snowflake. Snowflake. Yes, they were. And for reasons of their own choosing, those particular data sets were up in that cloud for AI analysis. Us oh so anyway that that that was the thing that happened um and you went yeah but at&t have told all their customers so why are you talking about this part you just said last week that well you don't do this anymore or we'd be here all week and so yeah and i did debate whether or not to include in the show notes and then i had a realization at&t customers don't only contact other AT&T customers.
[1:40:38]They probably send SMS messages and phone if you still use your phone at all. I'm not sure how often I use my phone now that I think about it but the SMS messages I do. The SMS stuff, yeah. So it kind of affects anyone who knows anyone with an AT&T. So it's kind of like there's a whole bunch of American-centric call data just out there now where they know who talks to who. And that may or may not be useful in a bit of spear phishing. It's metadata so it may help with things like does this company, often phone the cloud strike tech support number therefore I know they're cloud strike customers and I can send them an email offering them a fix to this little problem I know they're having right now so it can be surprisingly valuable information, We really are tying a bow around everything today, aren't we?
[1:41:27]Also, on that sort of thing of this actually isn't quite being responsibly disclosed to everyone, Rite Aid have issued a filing, with one of the state governments where they're legally required to say that we have lost data on 2.2 million people, but they haven't, in anywhere I could find in the article, said they've actually told the people.
[1:41:52]So what has been leaked is data includes purchaser name, address, date of birth, driver's license number or other form of government ID presented at the time of purchase between June 6, 2017 and July 30, 2018. Which is again, why is that data set sitting somewhere for someone to steal it? What are you doing with that data set? What did you not clean up? There's a lot of that going on. And actually, it's one of the reasons I really like that the GDPR makes it a part of your responsibility to decommission data. If you have to get rid of it after three years, then 2017 data doesn't exist anymore. Yeah. And then we have three breaches that are all sort of connected in the sense that they all have the same effect. They all leave the victims open to automated targeted phishing. So normally targeted phishing involves work and effort. But if you steal a large data set full of metadata, you can automate targeted phishing. So 15 million Trello users, their email addresses are now leaked and everyone knows that they are Trello users. So you can map the Trello user account to the email address. So you can probably use that to send a more crafted, more believable phishing message.
[1:43:09]400,000 Life360 users have had their phone numbers leaked. And these are all this is down to an unsecured api in all three cases, uh ish and then the third one is really there's a popular hardware maker for people who are into pc gaming who like to build their own rigs one of the companies that sell really cool really quite high-end stuff is called a zotac so if you're building your own game or pc you may well be a zotac customer and they have a database of their rmas which i can't remember what it stands for but Return to Manufacturer Authority or something. Basically, I bought something from Zotac. It was broken. I sent it back and they gave me a new one. That's an RMA. Okay, right. But I don't know what it stands for. Return blah, blah, blah. Authorization is the A. Return blah, blah, blah, authorization.
[1:44:05]Their database. Returned Materials Authorization. I would never have got to materials in a million years. Never gotten there. Their database was accidentally sitting on a web server without a robots.txt or authentication, so it got indexed by other search engines. So that leaves you very open to phishing, obviously, because you can search for it, or at least you could. So these three breaches didn't meet your criteria of them responsibly disclosing to their customers? That is correct, but I put them here for the same reason that I put the developer ones up the top. This is now happening so often that there is no more value in me telling you that did you ever use Trello or this company or that company? I have now said this so many times in the last six months that no one could possibly have a mental list in their head of who they're in danger of being phished from.
[1:45:01]So I think we just need to accept that anytime we get an email from any company that we do business with, we should assume that there's been a data breach to make this a convincing phish. And just start on the assumption that it's a phish and then prove to yourself it isn't.
[1:45:18]Because there's been been so many data breaches i think there's no value in me telling you oh if you ever use trello be careful you're gonna forget these so we're not doing these anymore okay um because this is such a thing metadata just leaks everywhere and metadata is all you need for convincing fish you don't need the fine-grained detail to trick people just assume it's all a fish ever-present vigilance that's where we've ended up back to ever-present feature now having said that i am going to draw attention to something because I have a little bonus to tag on that makes this into a not all bad news. So at the moment, there is a rise in activity targeting iCloud users, which is very much our people. So that's worth saying. These are coming in in the form of SMS-based attacks. So smishing is the fancy term for SMS-based phishing. And they send you to a web page that that has a lookalike domain, but isn't iCloud.com, and that obviously looks like iCloud.com, it's a phishing site. Don't enter your details. And this gives me an opportunity to link to a very impressive support document from Apple that has been recently updated. It doesn't have a short title, but it is descriptive.
[1:46:32]Recognize and avoid social engineering schemes, including phishing messages, phony support calls, and other scams from support.apple.com. It's actually a very good document. So it's one I have bookmarked to send to friends and family if they ever ask me the question of, well, how can I tell? It's actually just really good advice here. And it's written in a very approachable way. So that's, there we go. That's a little bonus to tag onto this. So ever-present vigilance is just our answer. And there's some nice tips for being vigilant from Apple. So it all ties together. And my other little tip that I'm sort of hoping to hammer this into everyone's head as much as like, don't click on links in email. Every time you type a username and password into a webpage, look up. Look at the address bar. Just make sure it says what it should. So that is now my muscle memory. I'm typing in a username, look up. I think that's good advice to give to everyone.
[1:47:31]We have some quick notable news stories to quickly run through. The list of companies who have turned out are in trouble in Europe has grown. It now includes X, formerly Twitter. They are being hauled up under the Digital Services Act, not the Digital Markets Act that's caught Apple out. I think META are also Digital Services Act. In this case, there are three reasons the EU are cranky. They say that the blue checkmark is misleading because it's not actually validation, even though everyone thinks it is. An interesting argument.
[1:48:06]Under the Digital Services Act, you are required to be transparent in your advertising, and they are not. And you are required to provide researchers access to, to particular advertising platforms so that stuff like election manipulation can be studied by researchers and meta are not sorry x are not making their apis available to researchers to investigate election integrity and so forth so that is why they're being complained about, google have been caught with their fingers in the proverbial cookie jar but they've been very open about it. Anyone over the last couple of years could have gone to GitHub, downloaded the source code for Chromium and found this to be true. Nonetheless, it was never listed anywhere. Google Chrome has a special case where they will send CPU usage and RAM usage and really quite low level system information to some websites, star.google.com. And no other websites, which means they get to fine-tune. So why does YouTube work more efficiently than Vimeo? YouTube can see how stressed your PC is and ramp down the resolution, not based on your bandwidth, based on your CPU usage, because they can see your CPU usage, but no one else can. Oh.
[1:49:31]Now, who's holding them to account for that? At the moment, no one. Or is that just this we also know? Now it is a case of this we also know, and now they're very embarrassed. And now I would imagine at the very, very, very least, because this was in Chromium and no one had noticed it, which means that not only was Google phoning home to Google about Google Sites, Edge was phoning home to Google about Google Sites. And Brave and all of these other Chromium browsers. Oh, oh. You know how I feel about the advance of Chromium. I know. And this is a piece of, this is a datum you should have in your quiver for making that argument. So there we are. Yeah, so I imagine all the open source people will start to pull that particular line of code out of their versions of the Chromium engine. And whether or not Google will get a slap on the wrist remains to be seen. It appears to be an antitrust violation because it is giving their own services a leg up in a very tangible way. We shall see.
[1:50:29]But I don't only get to say bad things about Google. So Google offer a service called Advanced Protection, which is very similar to Apple's thing where you can turn on enhanced security and the price you pay on Apple land is features go away. In Google land, you could only get the feature in the past if you bought a hardware FIDO token. So people like Leo Laporte have had this on and they have had to carry around a hardware FIDO token to get this extra protection. Because passkeys are basically the FIDO standard in software with the help of a secure enclave, Google have updated the program. You can now use passkeys, which means a whole bunch of people who are grade Z celebrities can protect themselves because they don't have to carry around hardware dongles anymore. They can just use passkeys. That sounds good. Good. Yeah. So I'm very happy with that.
[1:51:20]Signal have made a, I would say, notable improvement movement to their desktop apps, and they get a slight slap on the wrist here for initially being reluctant to making a very sensible change. Until this change which is now a work in progress is not finished yet, your Signal desktop client saves your full chat history unencrypted on your machine, so any malware on your machine can read all of your chats. There exist APIs for not doing that. They haven't been using them they're going to so on the mac the encryption key for this database of all of your chats will be saved in your keychain which means that until you unlock your keychain it will be unavailable so someone who just grabs your hard drive won't be able to read your chats this is just logged into your iCloud account and you're logged into your account is your keychain unlocked?
[1:52:17]Yes, but the keychain is also protected by API. So if I have a piece of, if I have a malicious app installed next to Signal, before now, the malicious app could just look across. Now, the keychain will say, uh-uh, you don't get this information. And therefore, you can't have the key. And the key will be in a piece of RAM that only Signal has, because RAM access is also per app, right? That's, do you remember the blue screen? You remember the general exception for us you used to see in Windows? That happens when one app tries to reuse a piece of RAM that belongs to another app. It was the most common reason Windows 95 used to crash. So we've had apps being stopped from stomping on each other's memory forever. So by having the keychain in the mix, it means the encryption key is now only available to Signal. Which is how it should be. And the thing is, the API was there all along. It probably wasn't there when Signal was first written a decade ago, but it's been there for a while now. So they kind of deserve like a slow clap, you know? Yay! But really? So anyway, it's coming. It's all good. It's a good news story on the whole. Another good news story where we're going to have to have a little bit of patience, but I still really like this. So MacPaw are a company we like. They do really imaginative stuff. while living in a war zone. They're a Ukrainian company and they're still being active. So yay.
[1:53:37]They went to a security conference and they gave a presentation and they gave us all a sneak peek of where they are and they seem to have the engineering working. So now it's a matter of productizing it. So this would appear to be a prequel to giving us a product announcement. They have a new approach to protecting you from phishing. At the moment, when you buy phishing protection from your antivirus provider, what you're basically getting is a block list of known bad sites that other users have reported as phishing which updates if you're lucky every hour or so but that's not really very good because it relies on someone noticing they're being phished telling the provider the provider checking it out then the provider making it collecting all of these updates together and then once or twice a day pushing an update down to everyone's machine so yeah a phishing site that's been active for a a while, you'll know about. But nowadays, some phishing sites change their domain name every hour. So some of them can be like really fast rotating because it's really cheap to do that. So MacPaw have had a different idea.
[1:54:41]Our computers now have hardware neural networks on them. They can do machine learning and hardware. So a phishing site looks like a known brand. AI can recognize looks like. Why not just ask the AI to see, does this link look like a Google login page, but isn't Google? If yes, block.
[1:55:09]Lock oh oh genius that's interesting yeah yeah so i just think it's why did no one think of this before let's use ai to look for stuff designed to look like what it isn't there you go i really like that and from the department of oh please please please everyone copy this singapore is a a country that is technologically at the leading edge. That's one of their things. And their banking system has been technologically quite robust for a long time. So they require a multi-factor authentication for all banking and have done for years. They've gone one step further. Not only must banks have multi-factor authentication, they must now within the next three months switch to only having phishing resistant multi-factor. So phishing resistant means it does not require the user to type in a code on a web page. Because if the user is typing a code on a web page and they don't look up, they may be typing the code in the wrong web page. It may be being intercepted by baddies who are then stealing all of their money, by typing the same code into the real website at the same time. And you can buy that phishing as a service. Phishing-resistant MFA is stuff like passkeys. The human isn't in the loop. The human can't be tricked.
[1:56:34]Therefore, this whole avenue of attack goes away. And the government have just said, every bank you have three months, all of your banking apps must be phishing resistant. Not only must they have MFA, they must have really good MFA. Have at it now. Please copy. Please, please, please, please, please. Let's just all do this. This would be good. Yeah.
[1:56:56]Right. Well, after all that, we have some palate cleansing. There's one from me and one, no, there's two from me and one from you. Would you like to go first? Sure, why not? So you guys have heard me talk before about the Clear and Vivid podcast with Alan Alda. It's a great show that is about talking to people about communicating science. That's his whole thing. That's what he's for. And he had a woman named Sanjana Curtis on. She's an astrophysicist and she's a theoretical astrophysicist. And she has a TikTok channel where she's explaining how the elements got created. And she's doing, she's calling it Stardust, sprinkling Stardust. And she, every episode is how one specific element became created. And she's delightful. And Alan is brilliant, of course, in his interview and understands what she's talking about. But she explained supernovas and the creation, how, well, actually, my favorite part was when she explained how stars basically come to the end of their life. And I had never heard that exact explanation. And it was so clear and so obvious of it. I don't want to spoil it for you. It is a fabulous episode. And I immediately subscribed to her over on TikTok. It's delightful. Again, her sprinkling stardust is the TikTok channel.
[1:58:18]And this is an example of palate cleansers coming full circle, because I discovered Alan Alda's podcast from you in this segment a couple of years ago. And I have been a loyal Alan Alda listener ever since. And now we've come right back full circle with you recommending a different episode because the TikTok, you know, A, because Alan Alda's cool. And he really is such, like, they come in little series. So you have like six episodes and then nothing for ages and then another six episodes. But every time they come back, it's like, yay, Alan's back. Yeah, and sometimes they're talking to comedians. I mean, it's not all science, but it's communication stuff, but with a big bent towards science. I loved it. That's really good. Yeah, it's really good. Oh, I just saw your palate cleanser. I just got that same one from Kaylee. So anyway, go ahead. Excellent. Okay, so my first palate cleanser is a bit of reading, if you like reading. So I would call it a long read. The scroll bar is really quite small. It's from Fast Company. And for me, this is nostalgia. For a lot of listeners, this is probably like a history lesson that is completely alien to you because you were born after the internet was invented in 1994.
[1:59:26]Anyway, it's called What the Internet Looked Like in 1994 According to 15 Webpages Born That Year. So it's 15 screenshots of 15 webpages from 1994 and a whole bunch of text around it. And I think my favorite one is a A page from the Microsoft website with a photograph of the webmaster, singular, next to the web server, singular.
[1:59:57]Microsoft, one of the largest corporations in the world for cloud computing, had one piece of hardware holding up their entire website with one person running it. Wow. And he must have typed that sentence in the third person, because I promise you, he was the one typing the sentence. saying this is the webmaster.
[2:00:16]And some of the graphics, like they're 16 bit, you know, 16 bit colors and really blocky. And some of the graphics are so over the top, ridiculous, like a four year old drew them. It is really quite funny.
[2:00:30]The Microsoft one is hilarious. Like, oh, wonderfully retro bling. By the way, real, real blast from the past or a history lesson, depending on your age. Very much worth a read. But the next one has been recommended to me in a few different avenues. News Tidbits had a good article on it. I think John Gruber pointed me to it. I heard a couple of other podcasters mention it. So the Steve Jobs Archive slowly releases Steve Jobs related content and they've just released an article with a video and it's the video that I really want to recommend. So in 1983, which is before the Mac, the International Design Conference was in California and they invited Steve Jobs to speak. And he gave about a 20 minute prepared talk and the rest of of his 55 minutes, he just said to the floor, ask me anything. And he pontificated on whatever they asked him. So the first prepared remarks are amazing in how human-friendly and accurate a summation of the entire history of computing until 1983 he gave in those couple of opening minutes. Cuts to the chase uses no big words, really understandable. It is an amazingly insightful insightful summation of computing up to the 1980s. And then come the questions.
[2:01:50]I think that man had a crystal ball hidden away somewhere. It is, he doesn't use what we now end up as the technical terms. We will have devices with radio links where we can get people's messages in real time as we're walking around the street doing our shopping. We don't call it radio link. We call it Wi-Fi or cellular. But he was kind of right.
[2:02:09]And one of the things that really stuck out to me was he said, This is 83, so the Lisa was the state of the art. And he described what he wanted a computer to do. And because it was a design conference, there was a lot of talk about typography and stuff, which was kind of cool. But he basically said, look, we're working to make these really approachable machines where people can do the humanities with technology. And it will be better in all of these ways. And right now we've managed to squeeze all of this into the size of a bread bin. We're going to get it into the size of a shoebox soon. And in five to seven years, we'll have it in the size of a book. So he was already using the term effectively MacBook in 1983.
[2:02:50]Now, a year later, the shoebox came out. That is the app. That is the Macintosh. So I went and Googled first Apple laptop. Was it five to seven years? Not quite. It was eight. He was out by one. That's pretty, pretty impressive. He also described the app ecosystem in 1983. He basically said, there is a market of Apple users. You can write a piece of software with very little input, and you can sell it to even 1% of all of the people who have a Lisa, and you can make blah thousands of dollars a year. And that's become ever more true. He described the app store on iOS in 1983.
[2:03:31]Stunning. Absolutely stunning. Because I sometimes think we get a bit blasé. I, Steve Jobs, he was a visionary. Yeah, yeah. Well, we shouldn't spoil any more of this because it is absolutely delightful. I'm only 15 minutes in, so I want to have the fun discovery of this. Oh, great. You'll love the Q&A. Right, okay. We have talked a lot. So I'm going to say, until next time, remember folks, stay patched so you stay secure. Well, that was a mammoth show. Two hours and four minutes. I'm sorry. Couldn't help myself. Anyway, that's going to wind us up for this week. did you know you can email me at allison at podfeet.com anytime you like? If you have a question or suggestion, just send it on over. Remember, everything good starts with podfeet.com. You can follow me on Mastodon at podfeet.com slash Mastodon. If you want to listen to the podcast on YouTube, you can go to podfeet.com slash YouTube and see all of the videos that we talked about during the show. If you want to join the fun in the conversation, you can join our Slack community at podfeet.com slash Slack, where you can talk to me and all of the other the lovely Nosilla Castaways. You can support the show at podfeet.com slash Patreon or with a one-time donation like Kenneth, our hero, did at podfeet.com slash PayPal. And if you want to join in the fun of the live show, head on over to podfeet.com slash live on Sunday nights at 5pm Pacific time and join the friendly and enthusiastic Nosilla Castaways. We'll be broadcasting from Lindsay's house next week, so you might get to hear my grandchildren too. Thanks for listening and stay subscribed.