NC_2024_12_08
Jill discusses her motivational podcast and video projects. We explore Bart's Git submodules, my browser challenges, and Jill's use of Descript, highlighting the importance of the right tools for effective content production.
Automatic Shownotes
Chapters
Long Summary
In this episode, I delve into the latest trends and tools in the world of technology with my guest Jill, who has made significant strides in podcasting and content creation. Jill is not only the host of her own daily motivational podcast series, "Start with Small Steps," but she has also expanded her reach into video content, which opens up new opportunities for engagement and audience growth.
We kick off our discussion by revisiting Bart's comprehensive miniseries on Git submodules as part of my "Programming by Stealth" segment. Bart has escalated the complexity in this final installment, tackling real-world scenarios of managing submodule changes with Git. I share my experience of grappling with the challenging concepts, and how, with Bart's persistent guidance, I finally achieved a breakthrough. For those interested in deepening their understanding of Git, the tutorial show notes can be found at pbs.bartificer.net.
Switching gears, I recount my ups and downs with Safari profiles. Originally, I was excited about the potential of tab groups to streamline my social media interactions. However, it quickly became apparent that the implementation was not as seamless as I had imagined. I outline the numerous workarounds I attempted and conclude that the inconsistent syncing between my devices has led me to seek alternate methods, such as using different browsers for specific tasks. Jill also shares her insights about video creation, revealing how she efficiently merges her audio and video workflows using Descript while recording her podcast.
Jill elaborates on her venture into video, explaining how Descript allows her to create a polished product without significant additional labor. We explore the impressive features of Descript, including transcription editing, filler word detection, and the application’s unique capabilities like automatic overdubbing. This technology streamlines Jill's content creation process, proving essential as she balances her ambitions with managing a busy life.
As our conversation unfolds, Jill shares her aspirations to enhance her YouTube presence and optimize her content for a wider audience. We address the coding challenges of integrating video production with established audio workflows and discuss potential edits and improvements that could be made to increase viewer engagement.
To wrap up, we emphasize the necessity of finding the right tools to maintain productivity and creativity, allowing creators like Jill to thrive despite the many challenges of content production. In line with technological growth for creatives, Jill mentions her exploration of collaborating tools integrated in Descript, offering a glimpse into a future where efficiencies dictate success.
This episode captures the challenges and triumphs of podcasting in the modern digital landscape, from gaining proficiency with Git to leveraging innovative platforms for video production. I encourage listeners to explore the various resources discussed, including Descript and Bart's Git tutorials, to elevate their own tech journeys.
We kick off our discussion by revisiting Bart's comprehensive miniseries on Git submodules as part of my "Programming by Stealth" segment. Bart has escalated the complexity in this final installment, tackling real-world scenarios of managing submodule changes with Git. I share my experience of grappling with the challenging concepts, and how, with Bart's persistent guidance, I finally achieved a breakthrough. For those interested in deepening their understanding of Git, the tutorial show notes can be found at pbs.bartificer.net.
Switching gears, I recount my ups and downs with Safari profiles. Originally, I was excited about the potential of tab groups to streamline my social media interactions. However, it quickly became apparent that the implementation was not as seamless as I had imagined. I outline the numerous workarounds I attempted and conclude that the inconsistent syncing between my devices has led me to seek alternate methods, such as using different browsers for specific tasks. Jill also shares her insights about video creation, revealing how she efficiently merges her audio and video workflows using Descript while recording her podcast.
Jill elaborates on her venture into video, explaining how Descript allows her to create a polished product without significant additional labor. We explore the impressive features of Descript, including transcription editing, filler word detection, and the application’s unique capabilities like automatic overdubbing. This technology streamlines Jill's content creation process, proving essential as she balances her ambitions with managing a busy life.
As our conversation unfolds, Jill shares her aspirations to enhance her YouTube presence and optimize her content for a wider audience. We address the coding challenges of integrating video production with established audio workflows and discuss potential edits and improvements that could be made to increase viewer engagement.
To wrap up, we emphasize the necessity of finding the right tools to maintain productivity and creativity, allowing creators like Jill to thrive despite the many challenges of content production. In line with technological growth for creatives, Jill mentions her exploration of collaborating tools integrated in Descript, offering a glimpse into a future where efficiencies dictate success.
This episode captures the challenges and triumphs of podcasting in the modern digital landscape, from gaining proficiency with Git to leveraging innovative platforms for video production. I encourage listeners to explore the various resources discussed, including Descript and Bart's Git tutorials, to elevate their own tech journeys.
Brief Summary
In this episode, I engage with Jill, a leader in podcasting and content creation, who hosts a daily motivational show, "Start with Small Steps," and is venturing into video content. Our discussion begins with Bart's advanced miniseries on Git submodules, highlighting my struggles and breakthroughs in understanding complex scenarios with his guidance. I share my experiences with Safari profiles and the inconsistencies that prompted me to explore alternative browser solutions. Jill provides valuable insights on her video creation process, utilizing Descript for seamless integration of audio and video, which enhances her content efficiency. We explore the technical challenges of combining these workflows and share aspirations for audience growth on platforms like YouTube. The episode underscores the importance of utilizing the right tools to enhance productivity and creativity in the ever-evolving landscape of content production.
Tags
Jill
podcasting
content creation
motivational show
Git submodules
browser solutions
video creation
Descript
audience growth
content production
Transcript
[0:00]
NC_2024_12_08
[0:00]Hi, this is Allison Sheridan of the No Silicast podcast, hosted at podfeed.com, a technology geek podcast with an ever-so-slight Apple bias. Today is Sunday, December 8, 2024, and this is show number 1022. You know what's neat? I have a voice all day long till right around 5 o'clock, and it is now leaving me yet again. But we're going to bear up and keep going.
[0:25]
PBS 174: Working with Submodules (Git)
[0:25]In this week's installment of Programming by Stealth, Bart completes his miniseries on Git submodules. I gave him a hard time because Git is actually a miniseries, so it's a miniseries within a miniseries. Anyway, last time we talked, he created an imaginary company with three developers, and he went through three relatively simple scenarios where Git submodules were implemented. In this finale installment of his miniseries within a miniseries, he takes it up a notch in complexity, and we actually get to push submodule changes. This path is fraught with danger, and I get stuck for a long time on the very last scenario. I kept trying to give up and said, Bart, just move on. I'm never going to get it. He would not let me give up, and he eventually helped me understand. Hopefully, some other people might have been stuck at the same spot, or else you're all going to be yelling at your phone saying, Allison, why can't you get this? But in any case, he brought it home, and I was able to understand. You can find Programming by Stealth Installment 174 in your podcatcher of choice, and of course, his fabulous tutorial show notes are at pbs.bartificer.net.
[1:33]
Profiles in Safari – a Bug and a Workaround
[1:32]Well, a few weeks back, I talked about my struggles to use tab groups and how I solved my particular problem by using profiles in Safari instead.
[1:41]You'll remember my goal was to have a way to open a handful of social media sites all at once, spam them all with my latest content, and then get out.
[1:50]Profiles gave me an elegant way to do that. I have to do a quick review of what I talked about last time in order to explain why I'm bringing this up again, but I'll give you a spoiler. Profiles does not work as well as I described. It needs a workaround. In the original article, I explained the two things I needed to do to have my personal profile open to one page and my social media profile open to a set of tabs for my social media sites. First, I needed to open Safari settings and on the general tab, set new windows to open with my preferred page. This is where new windows for the default personal profile will open. Then on the profiles tab in system settings is where you create a new profile. As soon as you give it a name, you have the option to create a new bookmarks folder for favorites. As soon as this new bookmark folder exists, still in the profiles tab, I needed to set new windows to open with and choose tabs for meta. Tabs for meta was the name of that profile where all my spammy, well, my social media sites were where I'm going to spam people. So this process creates a folder in bookmarks with the same name as the profile. So the profile's name was Meta, so it was Tabs for Meta. Now what I thought was the final step was to open each social media site and add it to that folder. This put the social media sites into the tab bar for that profile, but more importantly, when I opened the profile, all of the tabs weren't open automatically.
[3:13]At that point in the story, I was very proud of my little self, especially since this new meta profile would sync between my two Macs. No matter which machine I was using, I could use the keystroke Shift Command Option 1 to open my meta profile with six social media tabs open, and then Shift Option Command 0 to get to my personal profile. The day after I posted my victory, I was on my MacBook Pro, not my MacBook Air where I had written the article, and set up the meta profile. I used my keystroke to open the meta profile, and instead of it opening my six social media sites, it opened every single favorite for my personal profile. I have a folder with several bookmarks in it in my favorites bar, which means it opened 10 tabs, none of which were the ones I wanted. Now remember, this was on my meta profile, so it should not even be looking at my favorites for my personal profile. That's completely the opposite of what I told it to do. I fetched my MacBook Air, and I compared the Safari settings on both Macs, and they were identical. I verified that the MacBook Air was still opening the correct tabs with the Meta profile. It would open the six social media tabs.
[4:23]Confused, I tried tickling it on the MacBook Pro by changing the Meta profile to open new windows to the start page, and then I changed it back to tabs for Meta. My trick worked. Now my MacBook Pro happily opened the six social media sites on the Meta profile. Great. Then I went back to the MacBook Air, and guess what? Now that Mac all opened all of the personal favorites when I opened a new Meta Profile window. I was able to do this experiment repeatedly and proved it would only work on one Mac and would always break on the other Mac. I think I can call this a bug because it sure is not obeying what the menus say.
[4:59]I briefly thought about going to, you know, apple.com slash feedback and reporting the bug. Then I realized, you know, that's just spitting in the wind. They might look at it. They might even be able to replicate the problem if I spend enough time describing it. But I'm betting this is obscure enough that it would be way down low on the priority list. But I came up with a workaround. I made my MacBook Air work properly first. Then I went to the MacBook Pro and I created yet another profile, which I called Meta MBP for MacBook Pro. I had to create a folder called Meta MBP for Favorites and told it to open new windows with tabs for Meta MBP. Then I populated this new folder with a duplicate of my social media sites in the same order that I did on my Meta for the MacBook Air profile.
[5:45]The only problem with this solution is that now I have to hold in my little pea brain the fact that the MacBook Pro is one digit higher in Keystroke to open social media sites. So to get to the same place, I do Shift Option Command 0, and that brings up the personal profile on both Macs. But the MacBook Air has to be Shift Option Command 1, and the MacBook Pro has to be Shift Option Command 2, both to get to that meta profile that I want. So as long as I can keep in my head which one's one and which one's two, I can do it. Now, I don't expect any of you to do this, but just in case there was one person out there who tried it and would shake their fist at me with my great epiphany from before because it didn't work properly, I figured I'd better tell you about it. It sure would have been nice if tab groups were static instead of letting you change them accidentally, which is the reason I had to do this whole thing.
[6:37]Then, three days later, as in about an hour ago, I tried to use my keystroke for my MacBook Air Meta Profile using my MacBook Air, and it opened all the favorite tabs for my personal profile again. Okay, I know this might be confusing, but let's get this straight. The Meta MacBook Air Profile is supposed to open my Meta tabs, not the personal favorites. I tried the Meta MacBook Air profile using my MacBook Pro, and it opens the correct tabs over there. I don't know what's going on, but evidently it's not possible to have two different Macs use different profiles and have their own independent favorites open as tabs. I have to either talk to Apple after all, or use a different browser, as has been suggested to me. I think it was George from Tulsa who said, maybe I should just use Firefox for that, and they've got some things called containers. I'm going to go experiment with that because maybe I just need to spam someplace else. Just go to a different browser altogether. I am tired of this, and I can't believe it doesn't work. I was so happy and proud of myself for this both times I thought I solved it.
[7:41]
Jill from the Northwoods on Descript for Podcasting (No Blog Post)
[7:41]Music.
[7:48]Jill from the Northwoods is joining us today to talk about a cool technology she's using. As you may remember, Jill is building a podcast empire with a daily motivational show she calls Start with Small Steps. She's also got Small Steps with God, The Bible in Small Steps, and my personal favorite, Puzz, Blossom, and Squeak, which is a podcast about getting outdoors and learning about the world around us. Welcome to the show, Jill. Hi, thanks for having me. Always a joy, always a pleasure, every single time. So your empire started with audio podcasts, but because you seem to have a limitless time, you've decided to branch out into video now too. and I always thought that sounded like a lot of work. What got you into the idea of doing video for your podcast and what kind of, where are you going from there? Well, primarily two things. First of all, I think in podcasting, there's no algorithm, so it's hard to get discovered.
[8:42]There's no way that says if you like that podcast, you might also like Jill's podcast. But in YouTube, there is. And so I'm finding that my YouTube channel, which I did very little with, just had audiograms coming out of a phonic, was doing just about as well as my podcast. And I thought, well, what if I actually gave this some love, would it actually do better? Yeah, you taught me about that as there was a little checkbox in Auphonic, and now when I ship the podcast, it becomes this silly little waveform. I haven't actually gone over and looked how it's doing. It never occurred to me anybody would actually listen to it, but I guess that's a thing. Yeah, it is, and I do have listens, and while some drop off because the algorithm suggests you, and then someone sees it and says, oh, it's not a Jill video, or maybe this is not what I was interested in, there's always a drop off but there are people who listen through the whole thing plus it gives you demographics of your listeners and so you kind of know who they are and it was a little surprising to me.
[9:40]Okay so uh video is hard and you thought that would be fun so what uh what are you doing with the video what's your what's your goal there, My goal is to record once, where I create a video, I read my podcast. I don't read them, actually. I have an outline. I do my podcast on video. I export the audio out to Hindenburg podcast. Then I publish the video, YouTube. So I'm only doing one work once. Oh, okay. Okay. So you still, let's see, let me think about that. If you have to edit the audio over in Hindenburg, aren't you also editing the audio when you edit the video over for YouTube?
[10:26]That's right. So I first edit it in Descript, which is the software we're going to talk about. I edit it. I get it down to exactly what I wanted to say in the order I wanted to say it. And then I export the audio to MP4 or to WAV. Okay. So let's see. Yeah. Yeah, so the tool we're going to talk about, I've always called it Descript. I don't know why. Descript, Descript, we don't actually know which one it is, but I'll probably keep saying Descript. So this is a tool that you're using to actually record the video? You're not recording on your computer like with Final Cut? Right, I'm recording it directly into Descript or Descript. I'm doing it right there, I'm editing it right there, and then I'm outputting the formats in both ways. Oh, we should let you do that right now. You should be running it. So I thought Descript was a web platform. Is it actually an app you run on your Mac? It is an app, and they just came out with its version to run on Silicon natively or the right way, whatever it is the right way. And it's great. The app is a lot better. It is a web platform, but you can...
[11:35]Run it on Windows, you can run it on Mac as a native app. Oh, okay. All right. And how much does Descript cost? Descript is free to try, but it costs, there is a free level, you don't get much with it. But when you're running it as a subscription, there's a hobbyist level, which gives you like a couple of hours of its AI ability, its transcripts, you know, some of its features. When you run it on a different level, let me get the name of it, it is creator level, which is $24 a month compared to the hobbyist, which is $12 a month. Then you get all the features for many, many hours, 30 hours of transcriptions, and it'll go as far as doing AI voice. So it'll do a lot when you get that creator level. Okay. So are you on the creator level then? You're using the AI stuff? the whole deal? Yeah, I decided to gift myself a year of it to see if I would use it, if I would like it, to see if I could learn Final Cut Pro and do just as well with it.
[12:43]You know, and then get off of Descript, or it's just so wonderful I have to stay with it. Okay, all right, well that's a good idea, so that way you're motivated, you've given it a good college try, and you've got a deadline, you know, it worked, it saved me time, it saved me money, it improved my stats, it gave me the fun that I want out of this, maybe not the chore, a little bit more fun. So the problems that you're trying to solve using Descript, what is it you want to, if it's successful, what does that look like for you? The most important level of this, as I mentioned this with the Ecamm and everything else, is I wanted the quickest, easiest way to produce a video without fuss. I didn't want to make this this huge drag of me spending hours and hours and hours of matching audio and video and, I'm making this a pain. I don't want more work. I want less work because I'm already very busy. And so I wanted to see if this could save me time. And after watching other people's YouTube videos about this, I thought this is really the product that will save me hours. And it does. By the way, you've been saying Ecamm. I'm not quite sure that's the right word. Oh, no, not Ecamm. No, Facecam. Facecam. Yeah, it's the Elgato Facecam.
[13:56]Elgato Facecam, yeah. Face cam. So that's the thing that allows her to read her outline in a camera view and be looking right at the camera. So that makes for better video. So you're not looking down at something, right? Right. Okay. The first time you said it, I was like, was that called eCAM? No, it wasn't. Okay, good. So face cam. All right. So you want to be able to get in, record a video, have easy editing, and then export out to YouTube for the video and to Hindenburg to publish it as a podcast. All right. So what is it about Descript that's different than a traditional video editor where you record and then you cut and splice and try to make transitions and things?
[14:37]So it has a lot of those features. If you want to edit along a timeline, you can. You can do it the old-fashioned way, which is the way Final Cut Pro, I shouldn't call it old-fashioned. It's the professional way, the classic, the professional way of doing it. But I had trouble sometimes because my audio got off track with my video and I didn't know all the features. I'm learning Final Cut Pro. I'm not very good at it. It's a complicated product. It's a complicated, but I mean, it's amazing, but it's complicated. And I thought, oh, this is going to take me a long time to figure out what I want to start doing this now. And when I watched what other people do, Descript allows you to edit through a transcription, A little bit like Hindenburg has that feature too, where you can look at a transcription and highlight a sentence, look at a word and cut those out.
[15:26]Copy a paragraph, paste it up someplace else, and it lets you sort of visually edit based on the words you're saying instead of this timeline view. Okay. This is why I really wanted to do this as a conversation because I don't understand what you just said. You're saying you've recorded video and you look through and you realize I said Ecamm when I should have said Facecam. You can take the word Ecamm, change it to Facecam, and it changes the video and audio? It changes the audio. It won't change the video. But you can go through. It has an AI voice. You record a paragraph of your voice, and then it will be able to overwrite. So I said Ecamm. I'm going to type in Facecam. It'll spit in the word Facecam from my voice, my intonation, but the video stays the same. So it does not fix the video. Well, I thought it really was magic. It's still pretty magical, but so you're going to look a little bit like when you've got.
[16:28]Voice dubbing from one language into another, and the person speaking Japanese in a Godzilla movie, but it's some guy with a Western accent, and the lips don't quite match up. But a word here and there, that's going to be no problem, I would think. Right. Or you could cut to the picture of the book you're reviewing and pay no attention to the thing I'm saying. Oh, okay. So if you had to redo a paragraph, you would just do some sleight of hand there. Jill, can we really trust what you're saying? Is it really you right now? It is. It is me. But I mean, not just even the overdub part of it, but sometimes you do a take and then you're, oh, I didn't like how that sounded. I'm going to say it again. You can first not only just take that paragraph, highlight it, and delete it. The software itself will look for places where you used filler words, where you repeated what you said, where you did one take and you then tried another take, and then it will analyze the take and cross out the bad take, and it'll help you clean those up. Oh, wow. Oh, wow. Now, I think I learned about that because I watched one of your videos recently, and I said, you said this one thing twice, and you said, oh, no, I uploaded the original, not the corrected one, because G-Script had fixed it, but you just uploaded the wrong one and you were able to swap that in. That's really interesting.
[17:52]You and I record very differently. Yes, we do. Yeah. When I record in front of the live audience, I record and if I make a mistake, I back up, cut it, and I say it again. So I don't do editing after the fact. I do editing real time while I'm doing it. But I'm doing it off of a script, so it's very easy for me to repeat exactly what I was supposed to say, not what I actually said when I made a mistake. And you're doing it more off the cuff and more naturally, I think, because you work off an outline. And not only that, sometimes you say something and, oh, it just didn't quite resonate with you when you're watching it back again the way you thought it should have. And so sometimes you realize it when you're recording it. So you try a couple of different ways, and then when you're editing, you can pick which one you thought sounded the best. And I do that from time to time. Okay. Okay. So talk to us about the interface. What is it like?
[18:47]The interface is a giant project board, essentially. So what you see is when you first log into it, you just have a place to type the name of your project.
[18:56]And so I call it, you know, start with small steps, love where you live. So I understand which project it is. And then you have a big menu panel along the right-hand side. And where I start is where it says to record. So I can either record directly to audio with no video. I can record to audio and video, or it will also do screen capturing. So if I wanted to go the technical route and show what my screen looks like when I'm doing something, I can do that as well. Oh, no, that's interesting to me, especially because in Screencast Online, our tool of choice is ScreenFlow by Telestream. And Telestream has apparently forgotten that ScreenFlow exists. They haven't done an update in ages and ages and ages, and they're not responding to questions about like, hey hello anybody home you know is something going on so we're all getting very anxious when sequoia came out we're like okay you go first i don't know you know a project that's you know we depend on so much appears to be unsupported at this point do we go to the new operating system luckily it did happen to work but if it hadn't worked we would have all been just dead in the water like we don't have a backup plan we've started looking at um camtasia for mac which has come a long ways in the last few years and so that's looking to be a good candidate but I mean, man, we have so much muscle memory, all of us. We have keyboard maestro macros and everything. But I wonder whether Descript would be something to look at for doing screen capture.
[20:25]Yeah, I was curious about it too. I also have Camtasia and it didn't gel with me. I used it for work to create webinars, which I thought it did a great job for the webinars. But then when I started using it for this purpose, also testing it like I tested Final Cut Pro, I didn't enjoy it as much as I did for work. And so I am curious and I haven't tried the screen capture part of it, but I'm interested to see how it works because I think it's kind of a one package deal for a lot of things yeah i mean it's certainly not a not a low price one of the amazing things about final cut is uh i bought it for steve and we paid 200 bucks for final cut and then we added uh motion and what's the other plug-in there's there's two big ones yeah anyway out the door it was 300, we have never paid another penny for it and that was well over a decade ago it is actually i should double check and make sure that's true when when final cut first came out but uh final cut pro 10 it was 300 bucks it has never gone up there's no subscription that's been one of the best investments we've ever made to not have recurring costs but, it sounds like Descript is really coming along with some things that are different right, Different, yeah. Talk more about the AI features. I've got a couple of things in the notes you sent me on what the AI features are.
[21:47]The AI features are interesting, and I've just begun getting started with them. And part of them I mentioned already, finding gaps, finding filler words, finding places where you repeated yourself. It'll highlight it, and you can either say, just take them all out of my thing, and it'll go through and it'll edit them all out. Have you figured out what filler words you use? Yeah, I get into ruts. I mean, it's funny because I will do a really good job of it. And now I'm saying, you know, all the time. And that is a habit I broke ages ago. Oh, and it came back? And it's coming back. Yeah.
[22:24]I figured out mine is so. I shouldn't tell you that. But if you go through the script, my script, and find out how many times, or the transcript of the show and find out how many times I say so. And I learned it from that I was doing it when because of screencasts online I think Don McAllister pointed out and I was like oh man you're killing me now I can't hear I hear it all the time yeah I got stuck in so and I've also gotten stuck in right you want to do this correctly right you want to you know I don't like oh come on stop saying right all the time but yeah so it'll do that my pet peeves is people who say something that I may or may not agree with not not I mean what you just said, sure, we would all go, yeah, right, right, right. But there's cases where they'll say something. I'm like, no, I don't completely buy that. And they'll say, right. It's like, no, no, I'm not bought in yet. You have to prove it to me before you go to right. Correct. Yes, that's it. It has a weird feature, which I have not used because I bought this Elgato teleprompter. I look right at the screen. It has this thing that will move your eyes to the camera all the time. So if you're looking at your notes, if you're looking over to the side, you run this thing and it'll make your eyes point.
[23:37]What is the camera? It actually does a really good job of it. Really? Yeah. And I bought this teleprompter, so I don't have to do that. But wow. Yeah. That's interesting. I'd like to, that'd be enough to go try it just to see how creepy or good. I thought, I remember that came out on the iPad for FaceTime because the camera was on the wrong, you know, on the side instead of the top when you're in landscape mode. They actually have a feature that it, and I haven't heard anybody talking about that in years. I don't remember if they got rid of it or kept it or whatever happened to that. Yeah, I don't know. I feel like I try to be expressive. And so sometimes when I was doing the video, I'd be like, well, and I'd look up at the sky and then I'd come back and I thought, that's just going to get rid of it. Oh, yeah, yeah, yeah. Your head would be tilted up. She's got her hands out like she's looking up at the sky to look at the clouds or something like that. Only her eyes are straight at you. that would be incorrect. Right.
[24:39]It'll do green screen, chroma key without any sort of green. And I sent a picture of it, but it's really interesting. Even as busy as this thing is behind me. Describe it because this is audio, remember. Oh, sorry. Yeah. Audio. I have a screen behind me that looks like a forest with the aurora borealis and stars behind it. It's busy. It's Jill from the Northwoods. It's me in the Northwoods. I tried the green screen function. I switched a button. It thought for a while, and then suddenly this whole back screen behind me got blotted out, and I could put in backgrounds, pictures, colors.
[25:17]And how did it do good on the edge work on your headphones and hair and things like that? It did really well. It did really, really well. I was impressed with how good it looked, even though, again, I have kind of hair that sticks up because it's curly, and the background that's busy, I was very impressed of how well that worked. Okay. In general, I'm not a fan of people who use that green screen effect like in Zoom. Inevitably, there's some people who use it on Daily Tech News Show, and inevitably I see half a microphone floating in midair, and then part of the boom arm is showing. One side of their head is missing entirely because there was a headphone and it got erased. And it just is much more distracting, I think. But it looks from the screenshots you gave me, it's actually pretty good.
[26:05]Yeah, I was impressed with that. And then the other, the last AI feature I actually use is what's called Studio Sound. I have breathing problems. I have asthma. I use Hindenburg and plugins to get rid of my heavy breathing that I do while I do podcasting. And this has something called Studio Sound, which cleans up your audio. Really? And that takes out the, is it like that kind of a noise that you're talking about? Yeah, right. And it's not as good as the plugins. The plugins are certainly better, and so that's why I run my audio podcast through Hindenburg, because I feel the audio comes out better. But for the video, I think it's fine, and it cleans it up enough. There are a number of other AI features that will help you create content and write things and create images, and it's all the standard AI writing content stuff.
[26:54]Okay, so you can make it sound bland and like everything else if you want? Right. Which I don't use any of that, but yes, it can do that. And I don't know, not my favorite thing, but. Yeah, we've talked a few times about that. I think that you use AI for good, not evil, if I can say it that way, but people who create their content using AI, I think are doing it wrong. What you're doing is, what are you good at? You're good at talking and describing things. I'm good at hitting microphones. You're good at talking and describing things and your strength is not in writing. So what you do is you have it right, but you have it right from your transcript of what did I say and clean it up and use those tools to make it be concise in what you meant to say. And that's for good and not evil. You're doing the thing you're good at and it's doing the thing it's good at. And I think that's a better partnership and a more honest relationship with your audience. Yeah, I think so too. I think that people are afraid of what AI is going to do. And obviously there's a lot of scary tools in this and other things, but people aren't going to like it. I don't think people are in the end going to like AI books and AI podcasts.
[27:59]Yeah. I know somebody who does ads on their podcast and they did really good ads. I mean, really compelling. I was always, boy, that sounds like a product I really want to go do. And then for fun, they started having AI write it and they would tell it, make it fun. And now it's like, hey, here's what we're doing. And it's just, it doesn't sound genuine. And now I skipped their ads And I didn't used to keep meaning to tell the person that, but, you know, I don't want to hurt their feelings. Right.
[28:28]Let's see. Oh, back to the breathing thing. I wish I'd known you had those tools and could have taught me how to use them because I just did a screencast online video. And as my audience knows, I lost my voice yet again this year, and it's still a little bit gravelly. But one of the things is I don't have as much lung capacity as I normally do. And in this video, I can hear me going in between. And my voice, my clips are shorter too, because I could only get out four or five words before I'd have to take a breath where I'm, and I'm, you know, I kept trying to sit up high in my chair to get my lungs as big as possible, but I needed, I could have used a tool to just take out all those breath sounds. So I always got to remember whenever I'm stuck, just ask you, because you've probably already solved it. It's all about time saving for me because podcasting and YouTube, I have a full-time job and I don't have time all, you know, to do nuanced editing, which is what I used to be doing. And so now I try to find these tools to make everything streamlined and much easier. Think about that to the audience. She has a full-time job and she's doing four podcasts and she volunteers her time for the NoCillaCast. I mean, you're the bomb. You've got to be efficient unless you sleep two hours a night. I don't. I sleep decently. Decently. Good, good, good.
[29:42]Let's see. What else? There's some collaboration tools. Do you get into those with Descript? I haven't because I don't really collaborate with anyone. All my podcasts are just me by myself, but they did buy Squadcast. They bought Squadcast, which would be a Zoom-like app that is meant for podcasting. So what it will do is it will record your audio locally for you and my audio locally for me, and then it'll bring the whole thing up into the cloud so that I can now in Descript, piece the whole video together, put frames around it so we're sitting in cute little boxes. I don't do that, though. And then I can also have you check with a link, and you could watch it, put notes in, so that you could say, oh, strike that or, you know, Okay, the part where I picked my nose, could you edit that out, that kind of thing? Could you, yeah, could you put a big block over my face right there? Yeah.
[30:38]Oh, that's cool. I do remember somebody using Squadcast. That was a paid-for service, I think, like a Zoom-like thing, like you said.
[30:47]Let's see. Anything else interesting about exporting, integration with other platforms? Well, yeah, so the export is nice. Right now, I'm just doing it in raw waveform. I'm exporting the audio and then putting it into Hindenburg. I'm also exporting the video file and then uploading it to YouTube manually for no good reason, because I could directly put it into YouTube. I think I'm just new at it. I just did my first video where I recorded it as a podcast and put it on YouTube last week. The first one just came out. And so I'm just new. But it does have a direct connection to Buzzsprout, Blueberry, Captivate, eWebinars, and YouTube. So I could just have it directly publish all those things directly to YouTube. This is the big difference between you and me is I learn how to do something. And once it's repeatable, I'm really less likely to change it. I think you've challenged me a lot to do that where, you know, I suggested to Jill that she use Feeder, for example, from Reinvented Software, which is what I use to publish the podcast feed. And I think you'd agree it's a good tool. And I've never let it FTP the file up to my server for me. I do that. I do that. I use it. Or actually, I think I do now because you said I could. Actually, wait, which do I do? Yeah, I do. I let it. Boy, now I'm not remembering.
[32:10]No, no, I know what it is. No, Hindenburg, Auphonic does it for me. That's right. But I never did the step that I could have uploaded the file using Feeder. And you asked me whether I did that. I was like, oh, no, oh, no. I use Transmit from Panic Software as my FTP client, and I move the file up there manually. Well, Libsyn got real weird and everything was real strange with that. But now that you taught me, I think you taught me most of what I know about Auphonic. I was using the local version, but now the web version that you taught me does all that FTP for me. But I would have probably still been doing it by hand if you hadn't said, Allison, try this. Come on, come on. Push the button. Push the button. Do it. Do it. Try it. Because it's like, I've been doing this since 2004, 2005. I know how to do this.
[32:53]I have other ways I can show you too. But yeah, I am big into this. I like doing that and I like constantly, you know, proving, improving things. What is it? Kaizen, you know, or Six Sigma. I'm always just incrementally improving everything so it's better. Okay. Okay. I look at the speed that I'm able to publish the podcast and I'm pretty pleased with that. It's usually by like 6.15 when I close the show out at six o'clock. I can get it out by 6.15. So I figure I'm doing pretty good. But I need to stop sitting back on my laurels. And what if it could be seven minutes? What if it could be three minutes? Could I do more? We all need more time in our lives. Well, and that's really where this descript helped me because I can tell you that the first time I tried to make a video with it, with Final Cut Pro, hours. It took me hours to get a very short five minute video done on it. Now. Well, if you did a 25 minute movie video, it would have taken half the time though. Right. Right. It was really terrible. And I mean, time consuming. It was beautiful. It worked really nice. I could do a lot of things with it. But now with the script, let's say I make a 20-minute video, the whole thing in 25 minutes, I watch the whole thing, I edit it, it's published, 25 minutes later, I'm done. And yeah, I can edit everything quickly. I can get the pictures and the images.
[34:17]I even could do more. There's the ability to create frames and title screens and graphics that I could put in it. I could become better. And that's what my next goal is going to be. But it allows me to do all those things quickly that now video barely takes me any much, any bit longer than it would be just to edit my podcast directly. That is amazing. And out of that, you're getting video and audio. And out of that. That's astonishing, yeah. So would you say that by doing just that piece and waiting to do the other pieces of adding frames and titles and all that, are you saying you're starting with small steps? I am starting with small steps. I tell people that. I say, you know, just so you know, I'm new to video. Small steps. Trying it. So actually, that's a good question. I'm going to put a link to the video that you've, your first podcast episode that you've posted. Which of your 48 podcasts did you start with? I started with small steps, primarily because that's the YouTube channel that has subscribers. That's the one that has attracted more people on YouTube than anything else. And so part of my brain is trying to figure out, am I going to just have one big channel with all my videos? Or should I break it up into Buzz Blossom and Squeak, you know, and have separate channels for everything? Yeah, that's one of my favorite questions to get the answer to wrong. I start with it all in one, and then I pull it apart, and then I do it that way for a while, and then I try to squish it back together.
[35:43]We could talk about chit-chat across the pond, being broken and taken apart and put back together 14 times now. I don't know what the right answer to that is, so I should just tell you, don't do whatever I do. I think that's the wrong answer. I wonder whether in your case, like the three start with small steps, the small steps branded sort of things would be good. And then Buzz Blossom and Squeak, because it's a completely different topic, I think might be a better one by itself. But again, don't ever take my advice. I'm kind of thinking in two different ways that I have two podcasts that are religious in nature, and that might be an entirely different audience. So I might put Buzz Blossom and Squeak and start with small steps together and then take the two religious ones and put them together, but I haven't quite figured out what I'm going to do yet. Yeah, because those would be two different audiences. You could always cross-plug them. You know, if you like this content here, you might consider going over to my religious podcast or vice versa. You know, if you like my religious podcast, you might want to go outdoors and think about what we've talked about. Right. And do it with AI so it sounds stupid the way I just said it.
[36:47]So, I think this has a lot of opportunity, you know, to do something, and I don't know. I think it's made it easy for me. And I still have now time to think about my thumbnails and my art and, you know. Oh, yeah. You have to have your face, the O faces, you know. Doing that pointing to it. Actually, you could do that with some of your stuff about like meteor showers. You could be pointing at a meteor shower with this amazed expression or the aurora borealis. I got to say, buzz blossom squeak. I've talked about it a bunch on the show. I love this show.
[37:20]It's got a delightful intro. I find myself kind of dancing to the music as I get started. I'm all excited when I'm on my walks and I learn about scientific, could you fix that with Descript? Scientific understanding of things, of, you know, the way trees, was it the mighty oak? You did one all about oak trees. You know, the way the oak trees live and survive and what they do to the earth and everything. You get very scientific in your explanations. And I didn't expect that. And I was really excited to really get in-depth knowledge, not just, ooh, look at the pretty birdies. Well, that was my second use case of why I wanted to get into video, to be honest. I said the first one was to get the algorithm. The second one is Buzz Blossom and Squeak. Wouldn't it be nice to start creating videos on how to go birdwatching or parts of a tree and actually be outside and doing a video? Oh, okay. Capture some video on that. Right. Yeah, that's very cool. All right. Well, what is your YouTube channel? So we'll say it out loud and I'll put it in the show notes, of course, too. Okay. Well, I will say it. Of course, I don't have it memorized. It is youtube.com forward slash at start with small steps podcast.
[38:35]Okay, I've got it. Start with small steps podcast. Very good. All right, Jill, thanks so much for coming on the show. And I'm just going to thank you again for taking over the show while we were in Africa. You did a bang up job and it was a widely acclaimed people loved it. So I want to thank you for all the support you do for the show and doing this so that I can take some little holiday time. Oh, absolutely. It's great talking to you. I always love doing it too, so it's not a problem at all.
[39:01]
Support the Show
[39:05]Well, did you know that if you're a patron, you can actually increase your donation? That sounds super greedy, but that's exactly what Greg H. Did last week. He was already a very healthy contributor, and he increased it by quite a lot. Thank you, Greg, for your generosity in helping me pay the bills around here. You too can be swell like Greg H and go to podfee.com slash Patreon and choose an amount that shows the value you get out of the shows. And Martin Stein did something similar. He's also a longtime patron, but he also bought me a cup of coffee at podfee.com slash donate, you know, just to test it out for science. Then Tom Maddock, who I explicitly asked to test the new donate service for accessibility, but I specifically told him not to donate again, he donated again. And I told him I'm very cross with him about that. We round out our heroes list with Klaus Wolfe and Zeke Hager with some very lovely donations. Thank you so much to everyone for all of the lovely funding to help support the show.
[40:01]
Security Bits — 8 December 2024
[40:03]Music.
[40:11]Well, it's that time of the week again. It is time for Security Bits with Bart Booth Shots. What's shaking this week, Bart? Either something's really broken and my RSS feeds don't work, or very little, very little.
[40:26]But we have a deep dive, so it's all good. Okay, good. You know, I like a deep dive. Yeah, and actually, the deep dive is a direct follow-up from our first story, which is a follow-up of something we've talked about at least twice before. So this started a few months ago with a story that three us cell carriers had been compromised by the chinese government and we didn't have a lot of detail and then last time so two weeks ago we mentioned that t-mobile had put their hand up and said me too or right too and then earlier this week the fbi in fact first a white house spokesperson and then the fbi basically went Oh, it's way worse than that. It's not just four American carriers. It's carriers in, quote, dozens of countries. They didn't say which countries or which carriers, just dozens of countries. So basically the Western world. And there's some choice quotes here. We cannot say with certainty that the adversary has been evicted because we still don't know the scope of what they're doing. We're still trying to understand that along with those partners. That's the U.S. Cybersecurity and Infrastructure... Sorry, Cybersecurity Infrastructure Security Agency? That doesn't seem right.
[41:54]All the right letters anyway. Right.
[41:58]And that was then followed by a call for journalists with officials from the FBI. And that's been reported on in a few different places. Now, we can't hear the raw audio, so we're kind of working on quotes in media organizations. But nonetheless, we seem to have a good idea of what was said. And that takes us to our deep dive, because a lot of people are... Before you go in there, I just want to say that I wanted to post, and I never got around to it, an article to our Slack, podfee.com slash Slack, that I was going to entitle it Dog Bites Man. There's an article out there. I could find it, but it says that the FBI has now said that maybe we should encrypt things and not have back doors.
[42:46]Okay, that's how it's been reported. That's not really what they said. Okay. So we're going to talk about that. So your perfect setup here. Okay. So the FBI got on a call with the journalists, and a lot of people are reporting this as a U-turn, that this is the FBI having completely changed their mind. But that doesn't stand up to parsing what they said with legalese, and the way they chose to say things, they were being very deliberate, in my opinion. So let's start off with what they said. Our suggestion that we have told folks internally is not new here. And I'm going to underline that is not new here. Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible to intercept.
[43:46]Okay, so they're saying not new, so bear that in mind. Later on, we get another quote. People looking to further protect their mobile device communications would benefit from considering using a cell phone that automatically received timely operating system updates. Responsibly managed encryption. Responsibly managed encryption. A phishing-resistant multi-factor authentication for their email, social media, and collaboration tools. Responsibly managed. That's a strange phrase to throw in there, isn't it? I don't think so. What do they mean? I don't think so. I mean, you can interpret it different ways, certainly. But we've been having quite a discussion in our Slack about responsibly managing how we encrypt things on our phone.
[44:34]Right. Okay, well, let me explain what I think is going on here. So something a lot of people forget, because it's easy in conversation to talk about encryption with one broad brush, right? But there's actually two distinct types of encryption that happen when you're messaging. There's encryption in motion or encryption in transit, which is what's happening while what you say is flying across the internet. And if that encryption goes all the way from your phone to the person's phone on the other end without being decrypted in between, we call that end-to-end encryption. And the FBI have been saying for a very, very long time, at least a decade, that you should use encryption in motion for everything. So they're not changing their mind here at all. This has been their advice for ages, because otherwise your stuff is free to every cyber criminal on planet Earth. Okay, sure. So that's why they said nothing you hear, and they're correct. The other type of encryption is what happens on those endpoints. So encryption in motion doesn't do anything to stop someone who has your phone from reading your stuff, or who has the phone on the other end from reading their stuff. So the second type of encryption is encryption at rest, which you and I would call full disk encryption. So basically decrypting your hard drive.
[45:56]And that is the bit where this word responsibly managed encryption is doing some very heavy lifting. Because what the FBI are against is there not being a backdoor there. That's what they sued Apple over for the San Bernardino case, and they withdrew that case in case the judgment went against them, and they have made no change in that position since. So the FBI are not in favor of encryption without backdoors on the endpoints, and nothing they've said changes that. But they are and always have been in favor of encryption in motion, which they still are. So having, this is why I don't think the reporting on this is about, oh, this giant change of mind. To me, this is entirely consistent with the position they've had before. However, it's really good advice. So let's actually go through their really good advice.
[46:53]So the first thing I'm going to pick on, I'm not doing it in the order they said it, because for a start, they're quotation marks, so I don't actually know what order it happened in the call. So the first thing I will focus on is using phishing-resistant MFA for everything important. And that phrase, phishing-resistant, is not something we used to say. So five years ago, I would have said to you, use MFA, any MFA, it's all better than nothing. Don't worry about which type of MFA, just use MFA. And now the advice is becoming phishing-resistant MFA. What does that mean? Yeah, I mean, phishing is getting to the squishy organic bits. So how is that? Correct. What does that mean? So if your MFA makes it possible for you to be tricked into typing something into the wrong web page, it's not phishing-resistant. So that covers SMS-based two-factor, because if you're on, say, login.geagle.com instead of login.google.com, and you type in your two-factor code, well, you've just been phished, right? In real time, that's being put into the real Google login page, and in they go.
[48:07]It sounds like they're talking about passkeys to me. Ding, ding, ding, plus, plus. They're talking about FIDO. So in the universe that those FBI agents live in, FIDO is a hardware token. They will have been issued actual hardware tokens that they use for these things. It's corporate environments, high security environment. For us, it's FIDO2 through PASCYS, which is a software implementation of the same cryptography. Okay. So yeah, pass keys. So what they're saying is use pass keys.
[48:41]And you and I have had a long discussion about protecting the crown jewels, right? How often have I said your email is your crown jewels? Because every account you have online, what's the lowest common denominator? Click, I forgot my password. They're going to send an email and let you reset it.
[49:00]So that is obviously crown jewels. But the FBI are like, well, think a little bit bigger. So they do say email but they also say social media because that is your reputation so what's at risk there is literally your online reputation which these days could be really important it could cost you jobs it could cost you the ability to change career maybe or whatever it's a really big deal if your public profile gets messed up so that's probably wise to say protect that one too and then they say collaboration tools which is in their mind almost certainly google or office 365 corporate stuff right because that's something baddies really want is your corporate identity but i don't know about you i treat my family as a mini corporation these days i actually use business tools to run my household and i'm not saying every necessarily castaway does but i say Yeah, a few of us do. So we should have MFA on that. I don't know what you mean about running your house as a corporation. That doesn't... I use Office 365 to manage the house. Shared calendars, shared contacts, share files. So we don't have personal accounts that we share with each other. We have a company account for the family, which has two employees. And so we sign into our tenancy.
[50:25]We're using... We're pretending to be a small business. So we're using corporate tools to run the household. Okay. I don't see what that buys you. Okay. That's a whole other conversation, massive amounts of stuff, but that's not related to security. That's related to convenience. Okay. I mean, you could run it in a Synology office on your local Synology inside your house. Okay. I could. I wouldn't want to, but I could. You're right. The point is, though, if you are using, if you're in work, you absolutely have to protect your work identity with MFA. And even if you're not in work, you may actually have things you use during your life important enough to treat the same. So they are the crown jewels, expanded crown jewels from the FBI's point of view. That was good advice. I can't disagree with it. The other thing they say is, stay patched. Two thumbs up. Yeah, okay, that's what we do, right?
[51:29]And then it's, well, what about full disk encryption? So this is where things are very, very easy these days compared to five years ago. Or for us Apple people, 10 years ago. So if you live in the Apple universe, you have it. It actually takes effort to turn off full disk encryption on an iPhone, an iPad, or a Mac. If you have an M-series Mac, you have to go out of your way to turn it off. Hi, listener George. Yeah, exactly. I was just going to say, George from Tulsa can tell you about that. Yeah, he tried. And even then, it's not fully, fully off. You know, so it's, yeah, you have all this encryption. And it's almost as good for our Windows brethren. There's just a little caveat. You have to be using Windows 10 or Windows 11. And then you get it by default, assuming you are signing in to a personal Microsoft account or a work or school Microsoft account. Because if you're using a local only account, you do not get automatic encryption because there's nowhere to put the key. Effectively, if you sign into the Microsoft iCloud, you get encryption for free. Otherwise, you have to take some actions.
[52:48]Okay. And that then brings us to the last one. Try to use encrypted stuff for voice and text. Oh, okay. Well, yeah, good idea. But there's a little more nuance here. So this is all about end-to-end encryption. And the first time in the show notes, I explained that E2EE is a contraction abbreviation for end-to-end encryption. And then I got so tired of typing that that the show notes are full of E2EE. You could do a global find and replace if you hate my E2EE, but I couldn't keep typing it on my phone. I don't know. What does that say for? End-to-end encryption. Okay.
[53:34]So we've talked a lot about end-to-end encryption. And over the years, we've said things like, I mean, it's technically possible to hack cellular networks, but it's so hard, it's not really practical. What the FBI have said to us flat out is, no, that assumption goes away. You must now assume that everything you say or type over the cellular network is vulnerable. And not just that, but this is telecommunications infrastructure. So your physical wired phone, if you still have one of those, is every bit as vulnerable as your cell phone. It's all everything that goes back to AT&T or T-Mobile or Aircom here in Ireland or British Telecom probably consider all of it to be eavesdroppable because it is so that's the new worldview and if I was having this conversation with my work hat on there will be a lot to say here I'm going to fudge over it and tell you that if you work for a company the company have an IT department whose job it is to figure out the right way to protect the company, to balance functionality versus security. And the only advice I give people is...
[54:53]For 100% of things you communicate for work, use the tools work gave you. Don't use your personal iCloud. Don't use a personal email address. If you're doing work stuff, say it and type it over things you got from work. If you can, do it on a device you got from work, but that's not always practical. Some corporations work with a bring your own kind of approach. That's fine. And euphemistically people who use personal stuff for work stuff is called shadow it don't be shadow it use the tools yeah i mean that seems pretty obvious the times people don't is when uh real it makes life too hard and makes it hard to do the things that you need to do to get your job done and i know you're a hundred percent on the it side driving the security of the business but a lot of times things that IT did to us meant we couldn't do our jobs. That's what causes shadow IT to exist. I am so aware of that because a part of my role is to intelligently balance doing what is most secure from what is actually likely to be used. Because the most secure is going to be so annoying, we're going to make shadow IT.
[56:13]So i spend a lot of time trying to figure out how do you balance that how do we get enough security without making everyone's head explode and get it so that people actually take part instead of forging their own path but anyway you know we're about normal people so let's put our personal hat-ons and i i think we all know that sms and mms are not encrypted i think we all take that for granted and we know now that cellular phone calls assume they're not encrypted fixed landline phone calls assume they're not encrypted but in terms of the other stuff for the most part I think we know what is it isn't encrypted but there's two things I want to call out that there's a lot of misinformation about so we'll get to those later but let's start with some really easy low-hanging fruit a social media platform is about broadcasting none of the social media platforms give you end-to-end encryption that's literally not their job they don't they're about broadcasting they're about sharing they're not about encryption protection safety right so they may have things called private messages or direct messages no right twitter x no no end-to-end encryption mastodon no blue sky no although they've hinted they might do it later but they haven't given us a date and instagram is a no but it's not impossible they'll do it in the future.
[57:43]So you're metasolder products is a bit weird oh sorry go ahead no no go on no finish the side.
[57:50]Okay, so Meta's other products are a bit weird. So Threads is an easy answer. There is no direct message function in Threads. They experimented with it briefly with a small public beta, and then it went away again. So not a question. Everything on Threads is public. It's obviously public. No questions asked. And Facebook is, to use Facebook's own term, complicated.
[58:13]If you stick to one-to-one messaging via the actual Facebook Messenger app, you actually get full end-to-end encryption. But if you do anything else, like use a web page to talk to a brand or do groupie chats and stuff, you're not going to be covered. And even the end-to-end encryption they do have is a little weird because they say they use Signal, which is a good protocol, and one they made up themselves called Labyrinth. And they're not very clear on how those two are supposed to have been married together or what that means so maybe end-to-end encrypted well yeah i'm not going to make a firm pronouncement on that one i would say if you're looking for secure communications the blue app is not your friend but there are lots of really good friends to have, So I'm going to be positive now, and I'm going to say what is really, really, really good, and then what's good, and then I have some notes on things that people tend to think are better than they really are.
[59:25]So I recommend Signal and Apple Messages and FaceTime, and they're not quite equal, but they're very close. So if we lived in some sort of weird world where none of us had to worry about the fact that we actually only get to use the tools that people we want to talk to are on, right? In an ideal world, everyone would be on the tool I want to use, yay, but it's not the world we live in. And in an ideal world, every service would have an app that perfectly aligns with what we think are important features. And every app would be just as usable to us and we wouldn't hate any of them. That's not our world either.
[1:00:02]So leaving that aside, technologically, the hands-down winner is Signal for three reasons so it uses end-to-end encryption for everything by default if it's in that app it's end-to-end encrypted no doubt no confusion i click on this icon i have encryption end of complexity the key management is 100 transparent and everyone can verify that there's no mystery keys in the conversation there's no eavesdroppers and you can verify that easily and cryptographically soundly and there's absolutely no mystery meat right the this is the reference implementation of a really well tested and attested free and open protocol called signal this is the protocol for end-to-end encrypted messaging and it's used very widely and this is the official implementation so that's the gold standard technologically leaving aside quality of app and whether you like the app and whether your friends are there just in terms of encryption this is the gold standard.
[1:01:18]Okay apple messages is a really close second and so is facetime right there are two apps to get at the same core underlying um what would you call it system right it's going over the same infrastructure just texty versus voicey so the messages app is a little bit more confusing because in the same interface you go into one icon you have a mix of encrypted content and unencrypted content sitting side by side. And so you have to remember blue bubble encrypted, green bubble unencrypted. It's not the world's most difficult thing to remember. You could argue green means good. Why is green mean the one that isn't encrypted? But that's an accident of history. And they're never going to change that. As of right now with, oh shoot, suddenly blanking on the, what's the protocol that lets us talk to Android people more nicely now? RCS? RCS. So as of right now, RCS is not encrypted by the way Apple has implemented it, but they could, is what I understand. We will come to RCS. There is a whole bit. RCS is all asterisks. Okay, but we need to mention it in the context of messages. You're talking about iMessage right now. Okay. Or about messages, so that's why I bring it up. Correct. So green bubble is RCS or SMS. It is unencrypted on iPhones. As of right now.
[1:02:40]Everything I'm saying is today right right I know I'm just saying they have chosen not to implement it encrypted but they could.
[1:02:49]That could change. For RCS, not SMS. Correct. So it's always going to have a mix in here. I didn't ever say SMS. I said RCS. Sure, sure. No, no, I'm just clarifying to the listeners. No matter what happens in the future, this app is going to be a mix of encrypted and unencrypted content because SMS is still in the mix here. So that is just a mental load to bear in mind. It's not the end of the world. It's not a big deal. It's just one icon, two answers.
[1:03:14]Um this year messages inherited the feature of key transparency it's not quite as straightforward to use as the signal protocols one but it works and it's well documented well tested, you have to opt into it it's not on by default and there's a few requirements you have to meet before you can turn it on so if that's something that's important to you apple's website has the details and linked in the show notes and then the other thing is that apple are very transparent about how messages works they have detailed white papers showing all the technology and stuff and they have it peer-reviewed by academics in the field so it is we can be pretty sure but it isn't open source so we still have to trust apple that what they have had vetted by the experts and what's physically in our phones is the same. I have no reason to doubt this whatsoever, but there is an implicit trust there, which I'm happy to give. So that's why I say Apple is almost as good as Signal technologically. It's very close. They're both fantastic mechanisms. So you're including Apple messages that has an encryption that you can't see and can't verify.
[1:04:34]But you always say that you don't trust telegram because you can't see and verify there nobody can verify their encryption method there's a spectrum of not verify right apple have published white papers detailing in great deal how it works they also have sent it to very well-trusted academics to audit their work so the level of assurance we have is high it's not as open as open source but it is high. Apple have been very, very transparent. Very transparent. Okay. And in contrast, the Telegram people haven't at all? They've given it to no one? I wouldn't say at all.
[1:05:20]At all is a very strong statement, but way, way, way, way, way less open. Way less open. It's full of mystery meat. They tell us these vague hand-waving things and no one can verify and when people have tested it it has fallen on its face it has there have been major problems with the cryptography and telegram it hasn't stood up to scrutiny fallen on its face, broken, crackable. Security researchers tested it. It failed. Okay. And there's bigger problems with it, we'll come to. Like I said, there's a whole section about to come.
[1:05:59]So I am very happy to tell people if you're using Blue Bubbles and FaceTime, you're doing fine. Don't worry about it. It's really easy. It's a standard app. But it also narrows down who you can talk to. Yeah. Dramatic. So that's why Signal is more open, assuming your friends are those kind of people. I'm going to give a really strange third place. You're going to fall off your chair, baby. Hold tight. My third recommendation is WhatsApp, which is powering half of Europe, because like Signal, everything you do in that green app is encrypted end-to-end by default. You have full key transparency, and it is using the Signal protocol. What you're trusting, because it's not an open source app, is that when Facebook say, we use the Signal protocol, and we don't have a secret backdoor, they're being truthful. So you have to trust Facebook. Do you feel lucky?
[1:07:01]There have also been a lot of security researchers poking at that app. It's very, very likely fine. And it's very highly used across europe uh and across south america i believe used doesn't mean anything bart highly used no no what i'm highly used what it means is it's practical that a lot of your friends and family will be there and it's on the signal protocol and it's encrypted by default and it has key transparency so it's a pretty good option because it's universal i don't like the apps ui but it's tolerable it's hideous it's horrible it's gotten less hideous i spent better now than four years ago in uh africa using it and i couldn't it was like i had to use it that was the only choice we had but it was terrible i but anyway people like it people like it and there's a lot of people there and it's a good choice right so that's positive to be truthful though you use it because your family uses it oh yeah if i had my choice we'd all be on signal would it be on this list, It would be on this list because this is a factual statement of its quality. It would be here. It just wouldn't be on my phone. Okay.
[1:08:20]Yeah, there's things on my phone I don't like. But hey, you have to talk to people, right? You have to put these things in order of importance, right? And human contact is more important than technical considerations. So this brings us on to RCS then, which I would say is not reliably secure.
[1:08:39]So in the united states you now have pretty good support from carriers for the rcs protocol across your major carriers and apple have added support to ios 18 so there's a lot more rcs happening than there was before the summer but the official specification does not support encryption the official version of rcs is plain text google have developed an unofficial extension which does add a layer of encryption over the standard protocol. But that's their custom invention. That is supported by their implementations only. So Android versions where the app you're using uses Android's core libraries will get that Google encryption. And as best as I can tell, that's good encryption. But it's only there if every single device in the conversation is on an appropriate version of Android and on a cell phone carrier that supports RCS. So if any one device in the conversation is not on a Google-y operating system or not a new enough Google-y operating system, it'll fall back to plain RCS. And if any one person is on a carrier without RCS at all, it falls back even further to SMS. Jeez.
[1:10:02]I see what you mean, asterisk all the way down. So even if Apple was to implement some kind of end-to-end encryption, the chances of them using the one that Google has created sounds rather slim. I thought, but the spec could be improved. Yeah, so what I'm hoping, so Apple have said they want to work with the standards body to make an official encryption. So you know the way Apple invented DisplayPort and then gave it to the community and now it's a real standard? My hope is that Google give their spec to the official body. Everyone makes it the official spec, and then the other people adopt it. So the Google stuff gets to stay where it is, and everyone gets up to their level, and we have encryption as soon as possible.
[1:10:52]So if it stays, like let's say Apple adopts that, That's their, they put that, sorry, they put their protocol into the spec, the spec gets approved, Apple adopts it. Won't it still be true that if the carrier doesn't support it? Yes, so that second fallback to SMS stays there, but it's a simpler world if we live in a world where RCS is encrypted, and the only question is, are you on RCS or are you on SMS? Whereas now it's a three-layer problem, RCS with encryption, RCS or SMS. So that's extra complexity. And I'm hoping we come to the day where SMS is turned off, right? The carriers just give up on it. It's old, it's obsolete. We turn it off and it goes away. We're at least a decade from that i'd say but it'll happen someday i guess so i would just like it to be illegal for banks to use it.
[1:11:49]Yes that's going to happen way earlier it's going to have regulations saying you can't use sms for anything of any value and then it'll fall out of use because we're not allowed to use it that'd be nice so the last thing then is the asterisks for telegram so telegram has end-to-end encryption support but it's not on by default and it's only enableable in very specific situations so let's leave aside for a moment that they committed the cryptographic sin of inventing their own cryptography that's a long history of being a bad idea but let's just look at let's imagine the algorithm is perfect so you you have to explicitly enable it so you have to make a new secure chat and you cannot do that with more than one participant straight away if it's a group chat on telegram it's unencrypted period end of story no way to change it if it's a one-to-one chat you still can't make it encrypted unless it becomes a one device to one device chat so if i if you start an encrypted chat with me on one of your many devices.
[1:13:00]And I accept that chat on one of my many devices that chat is now connected, device to device yes but it does give you those two little icons you get a set of icons where you can say okay I see a duck a banana a shrimp and a xylophone what do you see and as long as I see the same thing then we know we've got it encrypted I think that's hilarious we rarely use that it is a funnier.
[1:13:25]Sorry like the normal way to do this so that's key verification so that's done with qr codes on the signal protocol which is very boring and efficient and you know it works really well but yeah the emoji is way cooler right i see a duck an aubergine and a cucumber yay right yeah definitely they win awards for the cuteness there that is okay that is genius i wanted them to win something.
[1:13:49]Yes but the fact that it's so clunky to do because there's one device to one device, means that in reality there's very little encryption happening in the telegram app so it's probably fair to assume that if it's behind that blue t it's not encrypted now the thing i should have said first which was in my show notes first but i got distracted is that i'm not saying everyone should use encryption all the time i'm saying please everyone make an informed decision and decide that you are perfectly happy to go unencrypted in this app and then do remember that if you're trying to send some medical information to a friend not to do it in the app that you know is not securely encrypted or if you work for a corporation that does something of import don't do any of that in telegram or in sms or in Facebook Messenger.
[1:14:47]Or, you know, or, or, or, or, right? So just make an informed decision. There's no right, there's no wrong. The only thing you shouldn't do is blithely not think about it. Right, right. Well, yeah, I was thinking about that. You and I speak unencryptedly texting about aubergines, as it turns out sometimes. Yeah. And that's probably not an issue. But if I need to text you a code, I always switch over to iMessage. Yes, you do. I rarely send you one, but, you know, my kids will ask for something. I'll say, okay, you'll get it over there.
[1:15:22]In fairness, you do, Alice, and round about every time you go on holidays. Oh, yeah, yeah, yeah, you're right.
[1:15:30]Yeah, because there's a lot of password sharing that's pretty scary at that point in time. Trust. Yeah, absolutely. Okay, so that is our deep dive. Pretty deep, I think. Yeah. And then we have one or two stories to finish the show. Well, thank you. So action alerts, one important update. People who own a QNAP NAS, Network Tax Storage, patchy patchy patch patch. Some nasty flaws in QNAP. They have been patched, so make sure you have the patch.
[1:16:02]In terms of worthy warnings then, it is this time of year to remind everyone that almost all of us are expecting a package now. So a phishing email that works off the assumption that you're expecting a package is going to land they only have a few major carriers to pick from so if you have five things coming to you two of them from DHL two of them from UPS one of them from US Postal Service or whatever the chances of a phisher guessing that you're waiting on something from DHL are high Bye.
[1:16:38]They could send out a million messages and get 200,000 hits. Whereas normally you send out a million messages and get 10 hits or whatever, right? So this stuff is really, really happening this time of year. And I have witnessed firsthand that the Fisher peoples are really quite clever because they take geography into account. So in Ireland, we got hit by a spate of them with our National Postal Service. And I have seen people in my life fall victim. and they got two-thirds of the way through being phished and only when it said, and now your credit card, did they pause. They entered all their other information, but when it said, we need a payment, then they paused, looked up at the URL and were like, wait a second, that says unpustpackages.com, but it's unpust.ie. Why is that .com? To which point I said, not just that, why is it unpustpackages instead of unpust.com? You're wrong twice there. Well done. You spotted it. You didn't enter your credit card details. I hope there was nothing too sensitive in the rest.
[1:17:46]Yeah, you've got to always applaud people when they do catch it and not shame them when they don't. I mean, I believe this will happen to me. I really do. As alert as I think I am, I think it will happen to me. And so I'm not shaming anybody. and I've talked about this before, but Steve's parents always call us about anything weird. Like, I mean, the slightest thing and every single time it's not been something wrong. And every single time they say, oh, I'm sorry to bother you. No, no, no, no, no, no. You're doing the right thing here. Do it every single time.
[1:18:21]Agreed. And I like to tell people that this happens everyone. The best you can hope for is that you're alert enough to notice just after you've done it. So you're aware enough to spot it immediately, not a day later, a week later, a month later, straight away. So I tell this story and I'm happy to tell it again because I think it's important. I work with a sysadmin who is literally a bearded guru, right? He's a Linux nerd, big beard. He's been at this forever. He knows everything. The man's a genius. There was the most elegant swearing I have ever heard erupted from the office. Because he had fallen for a fish, but he noticed it within two seconds. We were able to lock everything down, prevent the damage, no harm done apart from a mild ego bruise. And we all now have a story which we tell every single user who is really sheepish. I mean, I didn't know if I should tell you and I was afraid to call support. And I was like, no, no, no, no, no. Never be afraid. Always call us for help the immediate moment you think there's something wrong. It happens. everyone. It's not if, when. And it's good it did happen to him. Because there's humility now, right?
[1:19:39]Yeah, I mean, he's not particularly prone to not being humble, this particular individual. But I'm sure there's plenty of people who would have been unhumble until, you know. Yeah, yeah. But he's got no chance of humility now. Exactly, exactly. Notable news then. And the first story I thought might make a deep dive if nothing else did, but it turns out it was very boring in the end. So we love MacPaw. They're a fantastic Apple developer, and they have branched out to do cybersecurity products. And they do that under a different brand called Moonlock. And every year, I didn't realize they were the same company until their press release about this report said, Moonlock, buy MacPaw. Oh, OK.
[1:20:27]Um so they're mac people through and through and so they do a report every year on malware on the mac and so their 2024 report is out and i thought oh there'll be lots of juicy stuff here but actually i'm going to jump to the end and stay stay patched and stay secure and be on the lookout for scams because the way macs are being taken over is still being out of date and the squishy organic bit that's the first point of entry still so that's i guess good news what tempers the good news a little is that the stuff they're tricking you into installing is getting more sophisticated a lot more sophisticated it's about three years or so behind what's happening on the pc and on linux uh linux is targeted because one of those servers you're talking about the threats of apple's behind mind.
[1:21:24]No, no, as in the malware is less sophisticated. Okay. It's not using as many advanced techniques because it probably doesn't need them. But remember, it doesn't get in unless you let it in. It's still not breaking in. You're still letting it in. But when you let it in, it's not as fancy pants. So on the Windows stuff and on the Linux stuff, they have to do all sorts of things to evade antivirus tools and stuff. They get very sneaky. The ones on the Mac are not as sneaky, but they're becoming noticeably more advanced in their feature set malware is like anything else it has features um and what's particularly worrying to me is that malware as a service is now very much the thing so you don't write your own malware to be an evil person you buy it like you would buy office 3c5 or whatever right you know so much per month so much per attacked computer or whatever malware as a service for mac used to be rare as hen's teeth and cost a fortune it has plummeted in price and is now way more available than it ever was so the barrier to entry for people to try trick us mac people is going down and down and down you don't have to write your own malware and you don't have to spend a lot of money to attack mac users.
[1:22:44]Yay yeah but remember stay patched stay secure that's exactly what i'm saying and ever present vigilance your best maddie moody impression because it's the squishy organic bit that lets the baddies in and unpatched software and that's within our power you know that's we're not defenseless i take that as a positive another thing i want to take as a positive is that the life of people who have gone from having no password manager to using iCloud passwords has become a little bit easier because a third-party Firefox plugin for iCloud has become the official Apple plugin for Firefox for passwords. Did Apple buy them or bless them or what? Acquired. I don't know the nature of the acquisition. They are now the official owners listed for the plugin, whether they hired the person and took it over or whether they gave them a big pile of money and went, thank you very much. We don't know, but it's now theirs.
[1:23:51]It's fully blessed. That's the important part. Correct. And then the last thing we have is some mildly good news that the U.S. Federal Trade Commission has blocked two very large data brokers from selling location data in the United States. The headlines tend to leave out the caveats. The headline I saw was U.S. Federal Trade Commission blocks data brokers from selling location data. And I thought, oh my God, a blanket ban. This is amazing. no it's two specific companies and only data related to sensitive locations which are churches healthcare facilities military installations and schools it's a lot better than nothing but.
[1:24:35]It's not the universal band the headlines made me almost think we had yeah i saw that too and i got all excited yeah then i clicked in oh it's sad now yeah now i have one excellent explainer which is sort of a semi palette cleanser i guess very very cyber security related but fun all the same i'm a huge fan of the planet money podcast and one of their hosts was caught up in one of the big uh breaches ticket master um so they had first-hand experience of what it's like to be the victim of this kind of a breach and they decided hey i'm i have a show to make.
[1:25:15]This is a piece of inspiration let's run with this so they interviewed specialists with the simple question so every time someone gets breached you get this email telling you you've been breached and giving you advice is any of that advice worth anything or more importantly of all of the pieces of advice you get in those standard emails which pieces are the most effective where should you focus your energy and it's actually a really good discussion interesting because we're inundated with so many look out for this look out for that everything's a danger yeah so what should you do what actually works what's just theater and what actually helps you and how does it help you right it's planet money so they explain how it's not just here's a bullet list it's like well actually when you do this what's really happening is blah which stops x y or z and for some things it's like yeah it doesn't achieve anything not worth your effort and other things very very effective definitely consider doing it so.
[1:26:21]And then I have real palate cleansers. I have two. So the first one is a little on the nerdy side, but, you know, that's our people to a lot of extent. I know. So I'm a gigantic Lego fan, and I have been fascinated by how you design user interfaces so that human beings can use computers. And the people over at the Interaction Magic blog have married those two things into one cool blog post. They explain approaches for designing user interfaces using lego because lego has these little sloped pieces that appear in their cars their helicopters lots of sets have these little completely fake interfaces that are just little lego blocks okay yeah they're completely fake right they're just drawn on and they have unlabeled buttons but they actually allow you to illustrate different approaches to how you lay out features. You have 50 switches to put on this nuclear reactor. Do you group them by function? Do you group them by geography? How? How do you make it so that a human won't cause a Chernobyl? Okay.
[1:27:31]Yeah, with Lego. It's cool. That's awesome. There's lots of fun pictures. Yes. And then the last one is completely frivolous, but it's that time of the year. We're into the holiday season. There is a Mac app by a developer who does a whole bunch of cool tools other people like that I can't remember the name of right now. But for Christmas, he has released an app called Festivitas, which is pay what you like. So there's no price. You pick your own price. And it will put holiday lights across your menu bar and your dock.
[1:28:07]It's Simon Stovering.
[1:28:10]Yeah, it's reader. If you've done some apps, people will know because you're not going to recognize my name. I didn't, but I saw someone say what apps he does. And then I did recognize the apps. Runestone, Scriptable, and much more. Oh, Runestone. I use Runestone on iOS. That's probably why I recognized it. Okay. It's a nice text editor. Okay. So basically you get to choose the flash pattern or no flashing. You can choose how often the lights are hooked up and how much of a drop there is. So by default, that actually takes up quite a chunk of the top of your screen, right? With these dangly lights. But if you put the drop to zero, it's like a line of taut Christmas lights across the bottom of your menu bar. And that's way more useful. And I turned off the flashing. I heard about this in the funniest context.
[1:29:01]John Syracuse on the Accidental Tech podcast was talking about one of his frustrations with his little, he's got a little app called Switch Glass. And one of the things he needs to know, he would like to be able to know in the app, is whether or not you have the dock on the left, right, or bottom of your screen. Because he glues it to the right side of the screen, but if your dock was there, that would be a problem, so he'd like to know. There is no public API to know the answer to that question. There's a private API, and he used it, and then he got bounced from the App Store because of it. So he specifically cited Festivitas as, how does that developer know where the dock is? And I would like to know how they know.
[1:29:42]That's a good point, because I have my dock on the left, and my Christmas lights appeared on the left. Now, I turn them off because Festivitas lets you pick whether you have menu bar, dock, or both. And I really want them along the menu bar, but I really don't want them on my dock. So I turned them off on the dock and I stopped them flashing because that drove me nuts. Right, right, right. But I thought that was funny that that's how I heard about it. He suspects that he's using the private API because this app is not in the Mac App Store.
[1:30:11]That seems very likely to me. Yeah, it seems very likely. Yeah, so that's all I got. That's it. So as the FBI told us, stay patched so you stay secure. Well, that's going to wind us up for this week. Did you know you can email me at alison at podfeet.com anytime you like? I was handing my business card out at lunch today just telling people, email me anytime you like. Anyway, if you have a question or a suggestion, just send it on over. Remember, everything good starts with podfeet.com. You can follow me on Mastodon at podfee.com slash Mastodon. If you want to listen to the podcast on YouTube, you can go to podfee.com slash YouTube. If you want to join the conversation, you can join our Slack community at podfee.com slash Slack. And there you can talk to me and all of the other lovely Nocilla castaways. You can support the show at podfee.com slash Patreon or with a one-time donation at podfee.com slash donate. And there you can do it with Apple Pay or any credit card or through podfee.com slash PayPal. You can be like Greg H. And Z Kager and Martin Stein and Tom Maddock and Klaus Wolfe. And if you want to join in the fun of the live show, head on over to podfee.com slash live on Sunday nights at 5 p.m. Pacific time and join the friendly and enthusiastic Nocila Caster.
[1:31:24]Music.