NC_2024_12_21
This episode features tech updates, a whimsical reading, and guest Steve Matten discussing AI programming with Olama. Bart shares smart home humidity tips, and Rogue Amoeba's adaptability is highlighted.
Automatic Shownotes
Chapters
0:00
NC_2024_12_21
0:27
CCATP #804 — Pat Dengler on an Elaborate Scam Involving “Amazon”, the “FBI”, “Lawyers”, and More
1:12
The Night Before Christmas
4:07
Steve Mattan on Running LLMs Locally with Ollama
40:24
My Smart Home Humidity Journey — by Bart Busschots
1:06:54
Support the Show
1:07:41
Security Bits — 21 December 2024
Long Summary
In this episode of the No Silicast podcast, I cover a variety of engaging topics while providing updates on technology and its implications. We begin with a recap of the previous episode featuring an insightful conversation with certified Apple consultant Pat Dengler, who shared her experience with a complex scam targeting her neighbor. This story prompted us to create a standalone episode titled "Chit Chat Across the Pond," which dives deeper into the dangerous world of online scams.
The highlight of this episode includes a unique annual tradition as I read a modified version of "The Night Before Christmas," dedicated to our dear friend Honda Bob. This whimsical rendition incorporates various tech elements, from AirPods to the latest Apple products, creating a fun atmosphere for our audience.
We shift gears to a deep dive into the world of AI programming with guest Steve Matten. I initiate a discussion on running large language models locally on Mac, specifically using the Olama application to download and execute various models. Steve shares the ins and outs of using this tool, including its integration with the Visual Studio Code environment, allowing for an interactive learning experience without relying on cloud-based solutions.
Throughout the conversation, we explore how the coding landscape is evolving with the rise of AI-assisted programming, particularly through platforms like GitHub Copilot. Steve explains the nuances of setting up different models to optimize performance for specific programming tasks. We also discuss the advantages and challenges of using AI to enhance coding ability, providing a well-rounded perspective on the topic.
As the episode progresses, I shift focus back to technology news and highlight Bart's segment, where he delves into managing humidity levels in smart homes. He discusses the significance of maintaining an optimal indoor environment and reviews various humidity monitors and devices. This comprehensive overview equips listeners with practical knowledge on improving their home technology experience.
The episode concludes with a special mention of Rogue Amoeba's journey in adapting to changes in macOS security that threatened their software. Despite challenges, they managed to emerge stronger and are now in a better position to continue their innovative development, thanks to supportive partnerships with Apple.
Listeners are encouraged to stay informed and secure in their digital lives, with practical advice on settings and tools to enhance their technology use. Overall, the episode captures the essence of community, learning, and festive cheer intertwined with valuable tech insights, making it a delightful pre-holiday installment.
The highlight of this episode includes a unique annual tradition as I read a modified version of "The Night Before Christmas," dedicated to our dear friend Honda Bob. This whimsical rendition incorporates various tech elements, from AirPods to the latest Apple products, creating a fun atmosphere for our audience.
We shift gears to a deep dive into the world of AI programming with guest Steve Matten. I initiate a discussion on running large language models locally on Mac, specifically using the Olama application to download and execute various models. Steve shares the ins and outs of using this tool, including its integration with the Visual Studio Code environment, allowing for an interactive learning experience without relying on cloud-based solutions.
Throughout the conversation, we explore how the coding landscape is evolving with the rise of AI-assisted programming, particularly through platforms like GitHub Copilot. Steve explains the nuances of setting up different models to optimize performance for specific programming tasks. We also discuss the advantages and challenges of using AI to enhance coding ability, providing a well-rounded perspective on the topic.
As the episode progresses, I shift focus back to technology news and highlight Bart's segment, where he delves into managing humidity levels in smart homes. He discusses the significance of maintaining an optimal indoor environment and reviews various humidity monitors and devices. This comprehensive overview equips listeners with practical knowledge on improving their home technology experience.
The episode concludes with a special mention of Rogue Amoeba's journey in adapting to changes in macOS security that threatened their software. Despite challenges, they managed to emerge stronger and are now in a better position to continue their innovative development, thanks to supportive partnerships with Apple.
Listeners are encouraged to stay informed and secure in their digital lives, with practical advice on settings and tools to enhance their technology use. Overall, the episode captures the essence of community, learning, and festive cheer intertwined with valuable tech insights, making it a delightful pre-holiday installment.
Brief Summary
In this episode of No Silicast, I provide updates on technology while recapping a previous conversation with Apple consultant Pat Dengler about an online scam, which leads to a standalone episode titled "Chit Chat Across the Pond." The highlight features a whimsical reading of a tech-themed version of "The Night Before Christmas" dedicated to Honda Bob. Guest Steve Matten joins me to explore AI programming, focusing on running large language models locally with the Olama app and its integration with Visual Studio Code. We discuss the shift in coding with AI tools like GitHub Copilot. Additionally, Bart shares insights on managing humidity levels in smart homes, offering practical advice for enhancing technology use at home. The episode wraps up with a look at Rogue Amoeba's adaptation to macOS security changes, underscoring resilience in innovation. Overall, it’s a blend of community spirit, festive cheer, and valuable tech insights.
Tags
No Silicast
technology updates
Apple consultant
Pat Dengler
online scam
Chit Chat Across the Pond
AI programming
large language models
Olama app
Visual Studio Code
GitHub Copilot
smart homes
humidity management
Rogue Amoeba
macOS security
innovation resilience
Transcript
[0:00]
NC_2024_12_21
[0:01]Hi, this is Allison Sheridan of the No Silicast podcast, hosted at podfeet.com, a technology podcast with an ever-so-slight Apple bias. Today is Saturday, December 21st, 2024, and this is show number 1024. Well, we're going to be off for the holidays here. Didn't want to miss a show, so we're coming out a day early, and I hope that doesn't throw anybody off, but remember, there will be no live show on Sunday, December 22nd.
[0:27]
CCATP #804 — Pat Dengler on an Elaborate Scam Involving “Amazon”, the “FBI”, “Lawyers”, and More
[0:27]You probably remember in early December in Nocilicast number 1021 that you heard an interview with our friend and certified Apple consultant Pat Dengler about how her neighbor was this close to giving up $30,000 in cash to some scammers who had woven an elaborate web of lies to trick her. After Tom Merrick called this story Darknet Diaries worthy, Steve encouraged me to make that interview a standalone chit-chat across the pond. We wanted to send it to our friends and relatives, so we thought you might want to do it too. Look for Chit Chat Across the Pond in your podcatcher of choice for episode number 804, Pat Dengler on an elaborate scam involving Amazon, the FBI, lawyers, and more.
[1:12]
The Night Before Christmas
[1:13]And now it's time for the 13th annual reading of Steve's ever-so-slightly modified version of The Night Before Christmas. This is dedicated to our dear friend and longtime Nosilla castaway, Honda Bob, who left us in 2019.
[1:27]Twas the night before Christmas when all through the house not a creature was stirring, not even a trackpad. Okay, work with me here. The airpods were hung by the chimney with care in hopes that all things iMaker would soon be there. The Nosilla castaways were nestled all snug in their beds while visions of iPads danced in their heads. And pot feet in her kerchiefs and i in my cravat had just settled down for a long winter skype chat when out on the lawn there arose such a clatter i sprang from the keyboard to see what was the matter away to the windows i flew like a flash drive tore open the shutters and nearly did a nose dive.
[2:09]The moon on the breast of the new-fallen snow gave the luster of brushed aluminum to objects below, when what to my eyes seemed very bizarre but a miniature sleigh and eight tiny cars with a little old driver with whom elves hobnob i knew in a moment it must be honda bob more rapid than 5g his vehicles they came and he tweeted and shouted and called them by name Now Accord, now Civic, now Fit and CR-V, on Element, on Ridgeline, on Pilot and Odyssey, to the top of the porch, to the top of the wall, now drive away, drive away, drive away all!
[2:46]As dry leaves that before the reality distortion field endowed, when they meet with an obstacle mount to the cloud, so up to the housetop the vehicles they flew with a sleigh full of Apple products, and Honda Bob 2. And then in a twinkling, I heard with a squeal the skidding and sliding of each little wheel. As I drew in my head and was turning around, down the chimney-bub came with a bound. He was dressed in coveralls from his head to his foot, and his clothes were all tarnished with oil and soot. A bundle of SSDs he had flung in his Scotty vest, and he looked like a geek who was extremely obsessed. A wink of his eye and a look not too pious soon gave me to know he had an apple by us. He spoke not a word, but texted his concern, and filled all the stockings, then hit return. And laying his finger aside his levitation app, a command to his iPad, up the chimney, ASAP. He sprang to his sleigh, and his autos did they bristle, and away they all flew as if shot from a missile. But I heard him exclaim as the poem prescribed, Happy Christmas to all, and please stay subscribed. Well, thanks for that, Steve. I know this is a holiday tradition that Nocila Castaways always look forward to. With that, let's jump into some serious tech nerdery.
[4:07]
Steve Mattan on Running LLMs Locally with Ollama
[4:10]I'm going to do something now that I've never done before, and that's introduce a guest about whom I know virtually nothing. I have evidence that Steve Matten is a listener to the Programming by Stealth podcast because he has contributed several fixes and valuable suggestions through GitHub to the project. He also participates in our Slack at podfee.com slash Slack. Beyond that, I literally don't know anything about his background. I don't know where he lives. I don't know how tall he is. I don't know anything, but I do know that he has something super interesting to tell us about. So with that great introduction, welcome to the show, Steve. Oh, thank you very much. I can fill in some of those blanks. I live in Southampton, New Jersey, which is just inside the New Jersey Pinelands or the National Pinelands Reserve, which means I live in the woods, not the Northwoods, the Eastwoods. There we go. Steve from the Eastwoods. We could do that.
[5:05]I have a bachelor's degree in physics and a master's degree in computer science. And as soon as I got the master's degree, the company that was paying for it moved me into management. So I've never written a bit of code in anger in all those years. You know, that's kind of the path that Bart went along. He was getting his PhD in physics when I first met him, and I always worried that getting into podcasting was why he stopped his PhD, but he swears it has nothing to do with it. But I'm pretty sure he's got a degree in computer science, too. So you are definitely our people. That seems to be all we need to know. That's very interesting you haven't written any code in anger, because most of the contributions you've made have been about code. Yep. So I did...
[5:52]I wrote some utilities for myself back at that job. The company paid for me to go to grad school. Oh, nice. I went back in college, RPI, Troy, New York, 121. I graduated in 1982. 1982 was the height of the Reagan recession. One of the paths when you're tired of going to school was to get a job and have the company pay for you grad school for physics. Well, nobody got jobs that year. Okay. So eventually I got a job, kind of pseudo programming, and then I got hired, I got moved down to our corporate office, the development shop, and I was put in charge of testing. I was the one tester for 12 programmers because infamously, one of the VPs told all of our customers that they were supposed to test it for us. And why weren't they sending in all those bug reports? Why are they just complaining? That didn't go over big. Anyway, I started writing small utilities for myself. Um, and said, Ooh, this is interesting. A little mind in physics. My project was computer modeling of the surface dance, Ramon effect, which was in Fortran many, many years ago. Ooh.
[7:10]There you go. Um, so then I said, okay, well, they'll get them to pay for me to go to grad school. I did. And as soon as I got the degree, they said, Nope, we want you to be a manager now and put me in charge of building out actual testing group. From what I've seen, it appears to be in your DNA to mess around with code. So what we started talking, you actually did a post in Slack where you described, and I'm going to give the opening pitch for it, but then I want you to get a little bit into the details. We are definitely not going to get into the weeds because we could go here for hours and have too much fun. But you figured out a way to run a large language model, AI if we'll call it that, on your Mac without actually being connected to the internet. Like it runs locally. Is that correct? I didn't figure it out. Well. But I was able to implement it. You let go of the pieces. So, yes. But even it gets better. I've got, oh, and that screen over there running on a Raspberry Pi. Oh, nice. Anyway, so the tool. All right, so let's step back. This is a book. You can't see the book if you're listening, but it's Learn AI Assisted Programming with GitHub Copilot.
[8:29]My company, the one I'm currently working for, the eSuite people have, just like you were just now, Now, they've drank all of the Kool-Aid, not just some of the Kool-Aid, all of the Kool-Aid about AI. And one of them actually came to my boss, who's the EVP of development, and said, I'm getting people calling me up and saying that they've got these programs that we could use in our business, and they don't even have any programmers. They just ask ChatGPT, and it writes programs for them. Why do we need programmers? And he's there, well, trying to convince them that it really doesn't work that way. We started a project there, and they said, Steve, you're not writing any code now. Go figure out if this thing can make you a programmer. Oh, that's actually an interesting way to do it because you are a programmer, but you're not a programmer. Right, right. So I could understand it enough, but I'm not writing any code. Okay. And so we decided to do GitHub Copilot as our test, which, no, yeah, GitHub Copilot. That's the book again. and I was going to learn Python with that in VS Code. And they paid for the...
[9:43]Um co-pilot for the experiment and i tried it just for people who don't know what he's talking about it basically when you're in a code editor github co-pilot is trained specifically to help you write code and that's it's written by microsoft so it's a large language model.
[10:01]Yeah right and it's fun because you got in there and it worked kind of um even even that most of this book is spent telling you that it's not 100% accurate, that 50% of the time it's going to be wrong. And it teaches you not how to do code in Python, but how to figure out whether or not that code is right. And they even have some nice chapters in there where they say, many of the people that use train, teach people and put up GitHub repositories in academia will have exercises and it'll say, here's the beginning, you know, and then there's the part that says your code goes here as a comment and there. And the people will put in, you know, hey, I'm trying to write this and they'll get back from GitHub Copilot. Your code goes here.
[10:45]That's what they're trained on. And we tried it and we decided, yeah, this really wasn't going to help us. Okay. And we're not using that. But that got me interested, just like anybody else who's probably listening to this in large language models and all that. So I was one day wandering around the web and i saw this thing about olama and continue and let's spell that out real quick o-l-l-a-m-a and olama is the large language model that facebook has written right meta um no no llama with no o is the set of models that meta has written okay um olama is a tool that allows you to pick from many, many models to download and run locally on your machine. Okay. And I said Mac, but it's obviously more than Mac. It's any Unix or run on Windows? Yep. If you were to go to the Olama site. Actually, you did put a link in the show notes already. Yeah. Olama.com.
[11:57]Olama is a tool that allows you to run large language models locally. And it has a whole variety of tools and it helps you pick different models and different sizes of the models. On my Raspberry Pi, I downloaded a model that's really tiny, 1B, 1 billion. Yeah, let me explain what I think that means. A small large language model and a large large language model. The difference is in the number of parameters in the matrices that make this thing up. I don't know if that's quite the right wording, but a lot of people think, well, a large language model is built on the whole internet and a small language model must be on fewer words. And that's not what it is at all. It's the size of the matrix of the model, the number of parameters. So when you said 1B, you mean what, 1 billion parameters? 1 billion parameters, yep. And there's even smaller models, but you can run those size models on your Pi.
[13:01]On the Mac that I have, I have a studio with 64 gigs of RAM, megs, right? Yeah. The more memory you have, the more, because it loads the model into memory to do all the calculations. Oh, okay. Okay, so you're not caring about disk size. You're caring about RAM. Oh, that's really interesting. Okay. And you're caring about video RAM because it tries to do it on the GPU, not the CPU. Oh, really? Mm-hmm. Huh. Okay. But I can't, I, when you buy a Mac, can you control how much video RAM you get? It's all of it. All of it. That's the nice thing about the, um, M series max is all of the RAM is both. Oh, okay. Okay. That's the, so it's, my machine has plenty of RAM and plenty of CPU power. It's the original studio M one max, um, chip. So, if you were to have an M4 with plenty of RAM in your machine, you should be just fine. Actually, they don't have an M4 studio yet, I don't think. Do they? I don't know. M3, I think, is the slightest. You're the expert. I'm just the… You're just not a programmer. Okay.
[14:25]All right. So, Olama is this app that you download from olama.com, and it's literally just downloads. And then when you open it, it's going to ask you to mess around in the terminal, I think, right? That's what happened next? Yes, it's a terminal app. And what you do is you go into the terminal and the command to start it is olama. But like a number of different terminal apps, that's the command. And then there's a secondary command, just like git. When you say git and then the secondary command, it's olama and the secondary command. So olama run and the model name.
[15:01]Will if you don't have that model pull it down load it into your system and then start running it so you can ask questions of olama or not of olama of the model you selected okay so let's get those pieces again so olama is a way to talk to your terminal to get your terminal to start uh installing these uh a large language model because i think when i first ran it you're saying it, that's when it said, okay, this is what you're going to have to go type into the terminal. When the first time I typed it, it put glop all over the screen, and then it said, okay, I'm ready. And it was just sitting there waiting. And then I could say, Alama, run that model, and then I could start asking you questions. That's pretty much it. And that was a command line. Now, Steve, my husband, Steve, asked me an interesting question. He says, how big was it? And that gets back to this thing about thinking of large language models as being big. I said, i have no idea i don't know where it is and i use the uh my favorite uh app for finding things i can't figure out where they are because i don't even know what they're called i use find any file and it found it buried down in some library file somewhere if you go to the olama website, and you'll see up over here there'll be a a link that says models right and if you look in the model, so you can click on a model and it will show you all of the variants of that model.
[16:31]So for example, you mentioned llama earlier. So there's a llama, a new llama, llama 3.2, right. And that comes in two sizes, 1 billion and 3 billion. Okay. And you can look at it and you can click on that. And then it has more information on the page about what that model is what it does some of the parameters okay you can look at like there's the llama 3.1 that has a 8 70 and 405 billion.
[17:04]I did end up going down a rabbit hole later, asking it to just install different ones, but I didn't know what it was doing, really, and what it meant to go into the different ones. I ended up loading Llama 3.2 Vision, thinking, wow, that sounds better, but I think it had nothing to do with what I needed it to do.
[17:24]So, we've got, okay, again, we've got this app, sorry, yeah, the Apple Llama. Once that's running you it tells you to go to the terminal and type in a llama run, i'll get it yet a llama run llama 3.2 so it does all the glop on the screen from now on you're pretty much not really talking to a llama anymore no you're talking to whatever model so in your example right there you're talking to llama 3.2 and you're asking that model the questions so just like if you were using chat GPT and you ask chat GPT a question, now you're asking Lama 3.2 a question. Right. And it's just was sitting there at the command line. I'm not talking to Lama anymore. It's already done its job, which is disconcerting. Like while we were talking here, I haven't played with it in a little while. I typed in Lama and said, okay, launch it. And it went, uh-huh. My Mac just didn't do anything. But over at the command line, I think it should be working i think i'm doing something wrong but i can tell it's oh we got to start a llama first.
[18:30]We got to serve it up so there's a little command line but at that point you you told us that that was fun but you took it up a level beyond that and this is where the third piece came into it right yep so there's a couple many pieces now i got all kinds of pieces so um the next thing was because I was interested in using it as a programming tool to make suggestions similar to Copilot. What I had read was you could use this other tool called Continue.
[19:01]And continue. Can we wait to get to continue? Because I think you did Enchanted next. Well, Enchanted is a good. And if you go to the Olama GitHub page, again, if you're on the main Olama page, there'll be a little GitHub up over here. People can't see me pointing to the top of the screen here, right? Over there. It's over there. You'll see GitHub. And if you go to GitHub and scroll down, you'll see integrations. And there'll be a whole list of tools that are front ends or other tools for using it.
[19:33]And that's where you found. Yep. The first one is called OpenWebUI or WebUI Open Something. But the second one is called Enchanted, and it said Mac Native. And I said, okay, I use a Mac mostly. Let's try that one. And it's just a simple UI, GUI UI, where you can select the model you want, and then run your question. So at this point, I'm going to keep saying it again. Olama is what let us be able to download the models and now we have them available to us in the terminal and we can type little questions and it spits little answers back to us. But as soon as you run Enchanted, Enchanted is talking to that same terminal application that's been, or the model that's been installed. And now you say it's a little gooey, but it looks exactly like ChatGPT to me. It's pretty. It's Mac-like. It's got the right buttons. It's light gray, dark gray. It's got Enchant is written in colors. I mean, this is a very, it's a very nerdy beginning step and immediately becomes not nerdy at all. Exactly. So if you are intimidated by the command line.
[20:43]And you shouldn't be because you've already listened to Taming the Terminal. That's been out for years now, right? Right. But if you are and you're more comfortable with a GUI, then this is a nice one there that, yep, you can use. Now, the other thing that I said was I took Keyboard Maestro and set it up so that as soon as I start Olama, it automatically launches Enchanted. So I never have to go into the terminal. No, I just, you know, go Alfred, Ollama, Ollama starts, Enchanted starts, and there you have it. Okay, okay. By the way, I am doing this at a much higher level each time because I'm talking, we're going to be talking to the Nocila Castways, not necessarily programming by stealth folks, some subset of the two. So as soon as I got to that stage, I was pretty excited. So now we've got Enchanted running, we've got a happy little GUI, everything's pretty, We don't have to get our fingers too dirty at the terminal, but you really wanted to be able to use this for development.
[21:43]So where did you go next? So that's where that continue comes in. And that's a tool that will is integrated in both VS code and, um, jet brains tools. I don't use jet brains tools, so I'm not really familiar with what the names are, but for the non-programmer, a visual studio code is a code editor does a whole bunch of stuff, but it's kind of nice. because it's got, it's not kind of nice. It's really nice. It's got a plugin architecture so people can write these plugins to do things like install this continue app that will allow us to talk to the same model.
[22:21]Yep, exactly right. So it's a plugin. You go into the plugin marketplace, you type in continue, it'll bring it up. You click install, it installs it. It gives you, it says, now you move the continue over to, from the left sidebar to the right sidebar. So you have a little chat window there all the time. And it allows you to do multiple things. There's a little bit of configuration. You have to tell it which model you want for code completion, which model you want for chatting, which model you want for embedding. And they tell you which ones they recommend for different things. So if they tell you for a llama, they recommend these models. And those models will change over time as new models become available and become replaced. The old ones become better and things like that. But they'll walk you through those steps. You set it up. Okay. So this is where, hang on. This is where I didn't make it. I didn't make it past this step. I got as far as installing it into Visual Studio Code and, um, and it took me a while to get it to start answering questions for me, but I didn't ever notice it telling me how to talk to what model. Cause I thought we were using the stuff we installed over with Olama.
[23:29]Yes. Now, continue doesn't just use Olama. Continue will, if you have a ChatGPT API code, you can put that in. It'll use ChatGPT. It'll use Claude. It'll use any of those, Gemini, any of those models. I was more interested in doing everything locally to see what I could do without having to pay anybody for sending things out to ChatGPT or anybody like that. So I chose as my provider, Olama. Okay. And then since I chose Olama, any of the models I had downloaded via Olama were then available in VS Code. And in the configuration for continue, you want to tell it, this is the model I want to use for code completion. And they suggest, I think it's called Star Coder. So you suggest that. And they said, this is the one you want to use for chat when you're asking it questions about code.
[24:27]And I forget the one I selected for that. But now you've got to go to Olama and download those models because continue won't see them unless you've downloaded them. Okay. So again, you go to Olama, but continue, when you look at the documents on continue, it'll tell you, it'll suggest if you're using Olama, these are the models we suggest. They're small enough to run, but they give good results and they're optimized for code completion and code work. So you want to go to the continue site, read the documentation. It's very simple steps. I mean, you know, I did it in a half hour. I was up and running.
[25:03]And then as I sent you, I sent you a couple of things that were, to me, extremely spooky. I'm learning Python with a textbook called, what's it? I don't have it over here.
[25:16]But Python Crash Course. It's from NoStarchPress. And it's the third edition. And apparently it's been quite widely used by people who have uploaded things to places where these models can be trained on, because I'll type in, you know.
[25:33]The start of one of the exercises and it'll finish the exercise for me completely and it'll even do, as i showed you i was doing exercise like three and it then did exercise four and exercise five and actually just know them all out and said here you're done this is that's actually terrible, it is because you never learned anything it was delightful and and spooky and terrible at the same time because now it wasn't always right that's the other thing because it's being trained on students answers and the students don't always get it right you know it gets graded and some of the things and again you ask it questions there was uh you know i wanted to do a loop and i asked and i couldn't get the loop right it's like okay the loop is several chapters ahead but i know loops because you know i'm not a programmer that doesn't write programs so i knew okay i should be able to do a loop here and I'm writing a loop in C and the syntax is not quite the same. So I'm trying to guess. So I should only had to do this in the chat window and it gave me an answer that was wrong, but it was close enough that I could say, oh, I see what I'm doing wrong now and figure it out. And that's where I'm learning because otherwise I was just frustrated. Like I'm not getting anywhere now. Now it said, okay, here's a hint.
[26:49]And the hit wasn't complete. I still had to figure it out. Oh, that's good. How did you get it to stop answering for you?
[26:58]It doesn't. So when you do the code completion, you can either have and take everything. Or there's another keystroke. I don't remember it off the top of my head right now that you can say, just take it a word at a time or a line at a time. So it was showing me all this other stuff that I didn't really want. So I would just say, no, just give me this little bit. Okay. Right. That's the help. or I could go over to the chat window and say, Hey, I'm trying to do this. Help me out. I'm trying to do a for loop for, you know, this, how to, what's the syntax. Okay. Tell me that. That's interesting. So it's, it's, you're chatting with it and it's doing auto complete though. And like you said, those were two different models. You had a point to you, you continue the continued documentation suggests that you We use different models for different things because they are optimized for different use cases. One of the things I've heard is that the chat GPTs of the world, Gemini, Claude, those kind of things.
[28:00]Those use a lot of resources to build and design because they're training on the internet. But specialized models are much more energy efficient, so you can feel less guilty about how that was built. Because if you've got a model, for example, that only knows Python, that's going to be actually, that won't have used much energy at all. But, okay, it's got Python and C and Swift and it's got a whole bunch of languages, then it's going to be a little bit bigger. But that's still really small compared to the internet being part of the training data that went into building those matrices, right? Yep, exactly. When you read the documentation around these things, they talk about smaller models and targeted models are often much better for this than the generalized models.
[28:51]So if there are models that are trained on code, GitHub Copilot, for example, was just trained on GitHub. Right. Now that's good because it's just code. And it's bad because a lot of people like yourself put code out on GitHub. Now, I'm not saying that. Common mistakes become common. Exactly, right? Or if you're trying to do JavaScript, it's using all this old JavaScript. Oh, yeah. It's not using, you know, it's using var instead of let. Okay. And practices like that. Yeah. And that's where more targeted ones that they say, okay. Now, there are other techniques you can do for that. There's context in that chat window and continue in other tools as well. You can say, here are some documents. Let me load these documents in. And I want you to use these documents as context. So you could use the chapter, right? Now, the problem is, is that you can only have so many tokens. A token is, you can think of a token as a word. It's really just parts of words. Okay. But for our discussion, you can think of it as a token of a word. So if it says, I can have 2,000 tokens, 2K tokens, well, your document can only have 2,000 words. Now, the models will tell you how many they can use.
[30:07]A llama, when it downloads them, sets everything to 2K. So if you want more, you've got to go in and tweak that. So some of them can have up to 128K. What's the purpose of the token limit? The token limit is because that uses resources. If you're going to, say, ChatGPT and you pay for tokens, you're not going to want to upload all this stuff to ChatGPT and run up a big bill. Or it's also using memory. Um, the other thing is that. But it's artificial in our example, right? Because we're doing it all locally.
[30:48]Now, right. But remember, continue isn't just local. Oh, okay. Right. Okay. Now, the other thing is that even though you have this large context window, everybody can see my hands getting bigger and smaller on the screen here, right? Um, it doesn't always remember it all because it has to load it all into memory. Okay. It's already got the model in memory. It's got whatever else you're running in memory. And now it's got to load this into memory. And there's a lot of documentation out there that it says it remembers the beginning, it remembers the end, and it doesn't necessarily remember the middle. So you want to target that stuff in context. The other way to do this is RAG. I think it means retrieval augmented generation. And what you do there is you take a whole bunch of documents. I could take that Python book, turn it into a PDF, OCR. There are steps. I don't know how to do them. I haven't done it yet, but you can do that in a format that the system will understand. Then you upload those in a rag and the rags, and then you say, just look at this stuff. So if you wanted a Python expert, you could take multiple Python textbooks, do whatever process it is to ragify them and then say okay you know just look at this.
[32:10]How interesting. And it's one of the ways that they're trying to make it so these things don't hallucinate, which is a big problem. One of the things I've liked about using large language models is that I can be really tailored in my question. And so, like, if I try to ask using Google, in Keyboard Maestro 5.4 running on macOS Sequoia, what is the syntax to do, blah, blah, blah. It's just going to barf on me. I mean, it's just going to give me like the Keyboard Maestro website or something. But in Chachi Petit, I'm able to give it that very, very specific thing. Like, where is the menu that tells me how to do this thing that I'm trying to do? Like, I know the menu's there somewhere and I can't find it. And it's not always right, but it understood the question. It didn't understand anything. It regurgitated something that showed that it was at least on the right path. And then I can start to narrow it down. Whereas with Google, you're just getting, the answers are always too broad for what I want is I want it in this operating system on this application, this version of this application. And so I would think with this, you could be able to say, I'm running, you know, using JavaScript version, blah, blah, blah, or HTML5 or Bootstrap5, give me the answer to my question. Can you do that?
[33:31]You can. And it's good that you asked it in the context of a programming language because programming languages are very structured. There's a very well-defined syntax that they have to follow.
[33:44]Thus, the answers are going to be well-known, right? You can tell whether it's right or not right away. Natural language is much less structured. So if you ask it a question about natural language topics, it's much more likely to confabulate because the words', choices are much bigger. Right. Whereas in code, it's pretty much, hey, if you put a, you know, parentheses, then you know there's going to be another parentheses eventually. Right, right. And if you're doing a for loop, there's going to be certain things that have to be in that for loop. And there has to be, you know, depending on the language, a colon at the end and curly braces or whatever.
[34:28]Yes. So it could be wrong, but that's different than hallucinating. Yes. Wrong is, boy, everybody makes this mistake. Yep, yep. Everybody makes this mistake. Here you go. But it's close enough that you can say, oh, yeah, I could run it through, you know, try to run it in VS Code and it'll say, oh, hey, you've got an error here. Here's why. Right. Finding logic errors or security errors, right, things like that are more problematic because it's not going to be able to help you with those. And if you're not a good coder, and then this book over here, you know, learn AI programming, keeps saying that don't use this for mission critical stuff like medical controls, because there's no guarantee that it's going to have the right safety protocols or the right security protocols in there. You still need to know. And that's, again, why it's good for programmers. There was a thing I read recently that said programming is one of the use cases that'll work because the people that are using it usually have some domain knowledge. Like if we were to use it for the programmers at work, it wouldn't replace them. But they could ask it a question, they'll get it back, and they'll be able to say, yeah, I understand this. Oh, it made this same mistake everybody makes with SQL injection. So I'll be able to fix that.
[35:52]The old SQL injection, right? Yeah, that's interesting. My reaction to that is, for now, that's true, right? But as people get lazier because it's doing more and more for us, we're going to be less and less skilled. And that's where it gets a little bit scary. Oh, it's going to be, yeah. It's going to be a hot mess.
[36:15]It is, it is. I mean, I read another one. This is getting a little bit off topic here, but about hallucinations. And it's real easy to tell. You know, if it tells you to use glue to keep cheese on your pizza or eat pebbles to get your mineral daily dose of minerals, yeah, you can pretty much tell that's wrong.
[36:30]But if you were to ask ChatGPT to give you a review of the movie Wicked, it would happily do that for you. It's never seen the movie wicked right it's just making it all up that's actually a really good example because it can't have seen the movie right no right so everything it does is that it just makes things up what's putting words in an order that is likely to be said by because somebody else has already said it yep yeah yeah that's interesting one other thing i did see that I did succeed in doing in VS Code running continue, was you could ask it to, I forget what it was. It was like tighten this code up or make this more readable. So it took a code I had written and it just kind of made it nicer. You know, it made it a little bit tighter. You can ask it to explain things. Why is this doing it the way it is? You can do it exactly like you said, refactor it. Yeah, refactored it. And it even put in some nice comments. And I was like, man, that's better than what I wrote. Yeah. But again, you've got to know that it's still doing the same thing that you thought it was doing before. Yeah, it didn't.
[37:46]Maybe the real trick is going to be people writing tests back to where you started from, right? Is that if you got good tests, you'd be able to verify that it still did what you thought it was going to do. So maybe you write. Pointing to the book again, everybody who can't see this on radio.
[38:02]But anyway, exactly, that's what they keep saying, that the skills are going to change from knowing the syntax and the semantics of the language to writing better requirements up front and test cases at the end to make sure that it's working. Or like Helmut keeps trying to convince me, write the tests up front. Well, you write the tests along with the code. Yeah. Yeah. This is really fun. I love that you grabbed all these pieces. I know Steve's making it sound like, oh, there was this, and then they told me to do this, and they told me to do this, and told me to do this, but he did a lot of reading between the lines to pull the pieces out because I go to the Alama GitHub page, and I'm like, look at all this stuff. I would never have known to look at integrations, for example. I would never have clicked on that. But it is as easy, as he's saying, to do these things. But I really appreciate you showing us where these pieces are and the puzzle pieces we can put together.
[39:08]I've just had a great time talking about this, Steve. I think this is super fun. If people wanted to chat with you about this, would the right place be to go to our Slack? Maybe to the PBS channel? They can contact me there, yep. Any other place you want to plug, you big old Mastodon user or anything like that? I'm pretty much stay at home.
[39:32]But I'm not in Madagascar on 12-hour bus rides and all that. Okay, yeah, we did talk about that. Let me ask you one more question. Do you remember how you found Programming by Stealth?
[39:43]No. well yes because i was i listened to taming the terminal i wanted to learn how to use the terminal, and when i was googling around for references that came up so i listened to that and then from there i found pod feet and the programming by stealth well very good i for one am very glad that you did and i appreciate you coming on the show this was this was super fun thanks again good good i enjoyed it as well. I still cannot believe that Steve Matten has never done anything like that before, because I thought he was great. I really, really enjoyed that interview.
[40:24]
My Smart Home Humidity Journey — by Bart Busschots
[40:24]Hi folks, Bart here with one of these rare solo review segment-y things. Alison was looking for some content to tide over during Thanksgiving, so I thought I would share some of my recent HomeKit-related experiences to do with managing humidity. And until a few months ago I probably would have assumed that managing humidity meant talking about how to dehumidify things especially given that I live in Ireland but no my journey is about adding humidity or at least measuring humidity and then adding humidity actually. So this change of my knowledge of and interest in humidity came about due to some unfortunate health issues. Basically my nose decided it would like to bleed very heavily to the point that maybe an ambulance trip or two might be a good idea.
[41:19]And one of the things that can trigger, as opposed to sort of be a root cause but a trigger, can be dry air which causes the mucosa in your nose to dry out. And that will then trigger a nosebleed with a deeper underlying cause. And so I suddenly became interested in figuring out, do I have a humidity problem? And if I do, what should I do about it? So immediately when I got home from hospital the first time, my first question was basically, how in this house can I figure out what it is actually currently like in terms of humidity? And I was pleased to discover that a bunch of.
[41:59]Unsmart connected dumb little sensors that i had bought actually i bought the first one mildly passive aggressively um for work when we were having a bit of an argument with our buildings people about the temperature of our office which was not good um and we needed some facts and so i looked on amazon for a cheap thermometer and i found these really cool little ones and that little magnetic back on them and you just i stuck them to the bezel of my monitor actually and it would tell you the temperature and it also said other things and I completely ignored all the other things and when Covid happened I picked one up for the home office as well to make sure I was working in a comfortable environment and lo and behold when I looked down at my little device I'd had for years I noticed that not only did it say the temperature it also said the humidity and had a little smiley face to indicate whether or not that humidity was a good thing or a bad thing. And I remember them being cheap because after I bought one, I bought another one very quickly afterwards.
[43:02]So I checked and not only was it cheap, it still is cheap because they're still available. It is called the Thermo Pro TP49. It is currently for Ireland a whopping €7.33 on Amazon. Now, this obviously isn't any sort of smart integration. This isn't a home kit. This is just a little digital readout that has a battery in the back of it. And the battery has a very long life because I don't think I've ever changed it. And it's all gone strong.
[43:33]It has a little kickstand and, like I say, a magnet on the back. And so I actually didn't throw them out when I got cooler, more high-tech things. I just changed what I use them for. So I have a whiteboard in the kitchen where I plan, where I basically write out all the food in the pantry and plan out what I'm going to eat what days to avoid food waste. That's a magnetic whiteboard. So I now have my home, one of those, stuck to it. And in work, I don't really want to run smart devices on a corporate network. A, well, it wouldn't work very well. And B, it's just not a good idea. And C, I'd probably get in trouble. So for all sorts of reasons, that's not a goer. So I still actually use that one in work just to keep an eye on that everything in the office is fine. And actually now that I have actually paid more attention to not just the temperature, I can see that the smiley face is determined by the combination of temperature and humidity. So basically, when your workspace is in a good place, you get a smiley face. When either the temperature or the humidity isn't right, you get a sort of a middling face. And when it's really bad, you get a sad face. So actually, it really is purpose built for a work environment, just to make sure that you're in a happy home environment. Anyway.
[44:41]You know having had my medical issues and having discovered that yeah humidity is important I wanted something a little bit more robust and I wanted something that I could keep an eye on on my phone and that would give me probably more accurate readings so I invested in a HomeKit compatible air quality monitor and I started basically by looking around at some Mac blogs I trust looking for specifically home kit and air quality recommendations they were the keywords i was using and i don't remember which of the mac blogs i've been following for years but one of you know one of the popular mac sites that i've earned my trust over the years had an article.
[45:26]And they basically listed um sort of two shortlisted devices and one of them caught my eye which is the Quing Ping Air Monitor Lite. And it has a couple of nice things. So first off, it is small. Secondly, it can be powered by USB-C. And thirdly, it has a very gently backlit display. And it has a nice array of sensors. And all of those sensors are sitting in at, you know, are available in HomeKit. So when I add it to a room and then I go into that room in HomeKit, but all the sensors are sitting right there in HomeKit. Now, I'm not sure I would use the word cheap for this diminutive little box. You know, it's about five centimeters across, a little bit less tall than it is wide, and about as deep as it is wide. You know, it's a small little box. But you don't pay for things by size. So, yeah, it's about €100, slightly less.
[46:29]Um but it's actually really nice and the display is easy to read 24 7 and it doesn't blind you know you can have it in the bedroom without it blinding you and stuff so in the end i've ended up kind of really really liking them and also the physical user interface i kind of like um so it doesn't have well it has around the back like a button for pairing it and stuff but in your day-to-day usage. The interface is a touch sensitive area on the top, a sort of a strip, a bit like a snooze button on an alarm clock I guess. It's a strip on the top of this little cube and you swipe left and right to move between the different interfaces and it will show you the different readouts as you swipe around.
[47:18]And so in terms of what you can see, you will get the temperature and the humidity. You will get the PM 2.5 particles. So there's a little particles that are particularly bad for your breathing. The PM 10, which is your bigger dusty particles and CO2, which particularly inside in the home office is actually kind of interesting to keep an eye on. Um it will also um actually just a small point to make is that when you go into home kit those last few readings get combined into a single home kit air quality rating which home kit will then tell you is excellent good or poor etc which is probably actually although my data under itself wishes to see all of the fine-grained detail everywhere. I think, human-wise, what you actually want to know is whether your rare quality is good or not. You don't really, how many parts per million is the right parts per million? You don't know these things instinctively. So actually, excellent, good, poor is infinitely more useful than the raw number. So I don't mind that HomeKit condenses those sensors, but HomeKit does explicitly show you the temperature and the, humidity.
[48:39]Um, the other nice little thing. So like I say, this idea of a rating to help you deal with the numbers is useful. It's, you know, it's a nice thing when you see it in HomeKit. So does that imply that the physical device is slightly inferior to HomeKit because it's giving me the raw numbers, whereas HomeKit is giving me a useful number? Well, no, because the physical device does both. It has, so it has its touch bar on the top. It has its very dim, it may even be an e-ink display that's slightly backlit. I don't remember these Actex specs, but it's a very dim, but very readable display. And it has an LED light straight above the display. It's a subtle LED strip rather than a light, just a little coloured strip. And that strip changes colour depending on what it thinks. So if everything is good on the reading you have it set to, you get a green. So right now it is saying that my office here, as I record, is at 57% humidity, which is in the green zone. So it is a green LED.
[49:42]But if that goes too dry, I will get an orange LED. Sorry, the same LED will turn orange. And if it gets too moist, it'll turn blue. And in terms of temperature, orange is too low. Or no, I think in temperatures reversed, orange is too hot. Blue is too cold. And for the other ones, it's basically green or orange. So your CO2 is either you can sort of thing is too little co2 right that doesn't make any sense so they're not a bad amount of co2 or a bad amount of co2 so that one is just green and orange and the same with the particles the pm10 and the pm 2.5 there either is or isn't too much but there's no such thing is too little dust in the air you know or too little co2, so it's actually a really nice little device and, You plug it in over USB-C, which I have everywhere, so I have one sitting in the home office and one sitting in the bedroom, and it works great. But like I say, at €93, it's not exactly cheap, although in the US, it is notably cheaper at $76. I don't know why.
[50:45]But, okay. Oh, yes, sorry, the last point I wanted to make is that it works great when you plug it in, but if you plug it out, it actually has a battery, so you can actually carry it around the house. So if you need to be in another room for a while, When it's on battery mode, it behaves almost as wonderfully as when it's plugged in. The only difference is the screen will go to sleep until you tap that touch-sensitive swipe region, and then it will come back on for five minutes, I think it is. It stays on for quite some time because it's just a dim little display, but not infinity, whereas if you keep it plugged into USB-C, the display stays on for infinity. Well, for the life of the device, I guess. Infinity is a big number. So, as Alison is very fond of saying, great you're measuring something okay so what do you do about it if the number you get is wrong well the answer is that for me i need to deal with air that is too dry so i need something that will respond to the air being too dry and it will add humidity to the air i need a humidifier not a dehumidifier which in ireland gets a lot of very quizzical looks when i tell people about this purchase. So again, I went to the various trusted blogs and I ended up on, I can't remember which of the Apple sites again it was.
[52:05]But it was one of the well-trusted Apple sites, and they went through a couple of different possible products. And some of them were humidifier, dehumidifier. So you can actually have one device that can do both. Some of them were primarily diffusers for aromatherapy oils and stuff, which can also add humidity. And that's actually something you really, really, really don't want if you're trying to make the air moist for health reasons. You don't want it to be filling the air with particulates, with chemicals, basically.
[52:34]Um and the other thing then is before i made a purchase i did a lot of reading and i mean a lot of reading because it takes a while to you need to do a lot of reading on the internet if anything to do with health until you can start to recognize the quackery from the medical advice and if you only read one or two blog posts or whatever you are very very much in danger of reading the quackery instead of the sound science. So after I did a whole bunch of reading, I came to realize that there are actually, two mechanisms for adding water into the air. So we all know that if you boil water, you get steam. Steam is water in the air. So one way to make humidity is to heat water. But then you end up with hot water in the air. Whereas what you actually want for.
[53:32]Your health reasons to stop things drying out is you want teeny tiny drops of cold water suspended in the air you don't want steam that will condense and then cover your everything in wetness you actually want it to stay in the air because it's in such a fine mist and it's in that mist at its cold state it's not in that mist because it's hot and so basically you need a very very i presume it's a very fine little nozzle that makes a very very fine spray a very fine mist of cold water and.
[54:07]So these are the two mechanisms and so I went hunting for a humidifier that was using the cold mechanism which immediately means it's not usable for aromatherapy because aromatherapy always need to be heated to do their thing so anyone you buy that's based off cold stuff is not going to do aromatherapy and conversely anyone marketed as an aromatherapy one isn't doing the cold thing so from my health point of view the cold thing was what I wanted so that let me cut down loads of stuff and in the end I ended up with a device which is it's not ugly but it's very utilitarian but it's actually very practical and it's designed.
[54:48]Specifically for use in a bedroom which is exactly what I want because that's the room I spend the most time in on a day-to-day basis the single room i spent the most time in and also my experience of my nosebleeds is that morning was when i was getting them which tells me that the issue is with sleeping arrangements anyway i ended up buying a device called a vocolink smart humidifier four bedroom 2.5 liters that 2.5 liters is the size of the tank that's a lot of water because it's designed to run for five days then you're supposed to clean it and refill it and then you can run it for another five days which is fantastic now i don't run it 24 7 because i'm not in my bedroom all the time but i could so the reasons this device won out of my short list was a the big tank and the five days between cleaning that was kind of like okay i can live with this device.
[55:42]It is or it supports a sensor activated mode so as well as humidifying the air it is also a humidity sensor and it reports its sensings to home kit um and one of its modes it will only add moisture when the humidity falls below a threshold you can configure and so at night actually that's perfect you tell it hi please keep it at 60 or please don't let it fall below 60 and it will You can basically say, for eight hours, keep the humidity above.
[56:24]60 percent and finally finally it has an integrated night light which is an led light with adjustable color and i do mean the full rainbow of colors and it's located underneath the water tank so it's actually really cool so basically this thing has a frosted cylindrical the whole thing is a frosted cylinder basically a frosted white cylinder and the top 75 80 percent of that frosted white cylinder is actually the water tank and all of the mechanics are in the bottom little piece and that is also where the light is which shines up through the water so the water ends up glowing and then the frosted glass diffuses that glow and you can change the brightness on the color of that light which is really cool there are also physical buttons so yes this thing is home kit integrated but there are also physical buttons where you can manually control independently of each other the nightlight and the humidifier and you can set a timer on it as well. There is an app from the company that I think you do well I certainly ended up using it once to get the thing set up and sort of introduced to HomeKit.
[57:39]But there is also HomeKit integration and in fact according to my notes which I'm assuming I wrote when I knew this for a fact, yes you do need the custom app in order to get it set up and then inside that app you basically choose do I want to add this to a Google house or an Apple house, and also it gives you some extra settings, and now those extra settings are actually available through shortcuts which is fantastic, but those extra settings let you set the target humidity the brightness and the color actually no sorry i'm i'm reading my own show notes exactly backwards uh home kit will let you set the target humidity the brightness of the nightlight and the color of nightlight which is actually really cool because then you can create a scene so like i say it's a utilitarian device but you can make a scene so i made a scene for myself that is my typical night time mode which is two percent brightness and the same shade of green that the apple watch uses when it's in nightstand mode. So basically at night I put my watch in this nightstand mode and my humidifier gives me exactly the same color, which is 2% brightness. And also, actually, my alarm, my radio alarm clock is the same one that Alison and Steve recommended many years ago, whose name eludes me right now. But it also allows you to set the color of its LEDs. So that's also set to that same shade of green. So basically everything in my room at night is that shade of green.
[59:08]And of course, my target humidity then I have set to 60 percent. So why 60 percent? Well, this gets back to this whole you have to Google medical things many, many, many times. And 60% is an interesting number, not because that is somehow the number everyone agrees on. Everyone gives different ranges, some narrow, some broad, but every single range I found contained the number 60%. That was not true of 50 or 40, but it was true of 60. It definitely wasn't true of 70. so basically while no one agrees in the exact healthy range everyone agrees that the number 60% is within the healthy range for sleeping arrangements there is a whole other debate on what is appropriate for an office environment which I'm just not going to go into because I really was interested in what do I do at night so basically 60% seems to be the right or seems to be not the wrong answer and I ran it by my specialist who initially looked very worried as if I was to make him pick a number and when i basically said look i know there's a lot of different thoughts on this so i've chosen 60 is that reasonable and immediately his face brightened and i went yes that's absolutely reasonable um so that was good now i mentioned this is a fairly.
[1:00:27]Utilitarian um you know a fairly utilitarian device um so um it's not all that expensive So because it's, you know, utilitarian rather than, you know, fancy pants and elegant, it is plastic rather than glass, for example. So it's frosted plastic. It kind of looks like frosted glass, but it isn't glass. Anyway, it's €44.47 at the moment on Amazon here in Ireland, which isn't bad at all.
[1:00:56]And thanks to the magic of HomeKit, combined with the magic of shortcuts, I now have a one-click button which does all the following. It enables a scene that sets the night light to two percent the humidity to 60 percent so that is that is my scene that i have defined and i can trigger that scene anyway you can trigger scenes in home kit but this shortcut does more than just trigger that scene it also enables the eight hour timer feature and it turns off my bedside lamp so basically when i trigger that scene all the lights in my room go out and the humidifier turns on and it's two percent green 60 humidity for eight hours which is a pretty nice way to um you know last thing at night tap that one button which is sitting on a widget of course on my home screen and hey presto we're all good for the next eight hours, Actually, and speaking of little bonus tips, I also want to recommend an app called Home Widget for HomeKit, which allows you to create more powerful HomeKit based widgets for your home screen slash whatever that screen is, you swipe to the left to get to.
[1:02:10]I had sort of assumed that I wouldn't need anything more than Apple's default set of widgets to create me everything I wanted for my HomeKit stuff. And i got very frustrated because i couldn't combine shortcuts with sensor readings with setting a scene and toggling a scene and so forth and it just it was feeling clunky and i was making multiple widgets instead of what i wanted was you know single widgets for basically two different purposes and in the end i again did a bunch of searching around and very quickly found that a whole bunch of people i really trust agree that if you want a nice home kit experience with widgets that are very powerful and very customizable you want a home widget for home kit um it has an annual subscription for 4.99 per year or you can buy it outright for 9.99 and initially when i wrote the show notes i thought i was paying 4.99 a year but actually i checked and i just bought the lifetime so go me um it is really cool so the.
[1:03:14]Way i'm using it is on my home screen i have a quick little two by two grid which allows me to quickly access the most important scenes and shortcuts this is a mix of scenes and shortcuts which is kind of cool and they also act as sort of indicators so i have a bedtime scene which sets my desk lamp to a very a dim red and when i tap that that lights up that square um i have a daytime scene which sets that same desk lamp to 100 pure white and the daytime scene also turns off the humidifier so if the eight hours aren't up yet as soon as i hit that daytime scene the humidifier turns off anyway regardless of what the timer said and i actually have a connection made between my alarm going off on my iphone and that daytime scene although i added another shortcut in between so that it actually turns on that lamp at 25 percent then 50 percent then 75 and then it flicks over to the daytime mode um with i think it's five seconds in between so i get sort of it's not quite dimmer switch because it's in jumps at 25 percent but it works it works anyway so that is toggles for scenes and then.
[1:04:25]Below then I have a button named Start Humidifier, which is actually a trigger for a workflow or a shortcut. So I keep calling them workflows in my head because that's what they used to be before Apple bought them. And also because it's something else I do sort of in the evening is I don't like to have my electric toothbrush charging all the time. So I have a scene that I can trigger, which turns on a smart plug where the toothbrush is plugged in. Also from Meros, I have a lot of Meros stuff around my house. Must be something to do with Allison. awesome anyway um that little button there turns on that smart plug until 12 noon the next day and then turns it off again so basically on the days where my toothbrush says i'd like to be charged i just hit that button once and then it's charging until the next morning by which time it will be ready and then on that screen you get to when you swipe to the left of your home screen what i actually have is a grid showing the air quality readings from the queenie peg devices for my bedroom and my home office so i can quickly see at a glance how we're doing and one of the powerful things that the home widget gives you is that you get customization about the labeling of those items and how you like them displayed the icons and stuff like that so it's a lot more customizable than you would get with the standard apple home kit stuff so basically i have a four by two to give me.
[1:05:47]The air quality the humidity the temperature and the co2 in the office and the air quality the temperature uh sorry the air quality the humidity the temperature and the co2 in the bedroom nice little two by two grid so anyway that is my humidity based home kit journey um you know i keep saying i haven't gotten into home automation yet and then i keep sort of thinking Oh, actually, no, I sort of have. So that's a little sneak into or a little peek into some of my HomeKit adventures. And so far, touch wood, they have been robust, stable, and have worked really well for me and have not added stress to my life, but actually made life a little bit less stressful, which I do believe is rather the point of automation. Living in a very temperate climate, I'm afraid we don't have a very strong need for humidity sensors or any more humidity devices. But I'm telling you, I do know people who need them, and I'm going to recommend basically everything Bart recommended here. That was fantastic, Bart. Really appreciate it.
[1:06:54]
Support the Show
[1:06:55]Well, I was tootling along on my morning walk this week when I got a notification from Slack on my Apple Watch. It was from NoCillaCastAway, Scott Kelsey. Scott was asking me for the name of the app that I love so much that lets me track items in my home. I knew the answer to that right off the top of my head, so I popped open Slack on my iPhone and I answered him that it was under my roof, and I sent him one of the App Store links. I put my phone away, and in just a few seconds, Scott responded, also in Slack, Wow, that's service! I laughed, but the next notification after that made me smile even more. He had immediately gone to potfi.com slash donate and bought me a couple of cups of coffee. He certainly didn't have to do that, but I love how it's so easy to say thanks now. And with that, I'll thank Scott for his generous support of the shows.
[1:07:41]
Security Bits — 21 December 2024
[1:07:42]Music.
[1:07:50]Well, it's that time of the week again. It's time for Security Bits with Bart Bouchotts. How are you doing today, Bart? I am doing good. This is day one, because we're recording a day early, of my extended leave. So, yay. You're on the work 11 months of the year plan now, right? Yes, so the reduced working year scheme, to make it sound uninteresting. Well, that's good. You've got a big stack of fun little projects ready to go, I bet. and how many of them are work on your taxes and how many are have fun? I'm hoping to have all of that stuff done by New Year's Day and then to start 2025 with an empty slate of fun projects. That's my plan. There you go. Today was Christmas shopping. That wasn't fun. Where'd you get me?
[1:08:41]A Security Bits episode. Yes. No, it's the grocery kind and everyone in the country was like, oh my god we must buy everything in the world because christmas is coming and the shops will be closed i went in our supermarket open at 7 a.m i was there at 8 and it was crowded you were there at eight i didn't know you've ever been up at eight in the morning yeah it's been a while it was dark, It's always dark in Ireland. Well, we're actually here to do some security bits, but hey, it's the holidays. It's time to just goof around, right? It is absolutely time to goof around. My Mac literally has festive lights dangling off the dock. So yeah, I'm in that mood.
[1:09:21]There you go. So we have a follow-up story to get started. Literally from the last time, we talked about the FBI having said, so yeah, that little hack that we knew affected a few telcos, it was actually eight of them, and there's a whole bunch more in other countries that it's not up to us to name, and please use encryption, which we talked about in detail.
[1:09:46]Well, that has now been stereo-echoed or whatever by the Cybersecurity and Infrastructure Security Agency, or CISA, as they prefer to be called. And they have now updated their documentation for what people of importance should do. So this is every member of Congress, every CEO, every person who might be traveling to China with trade secrets. They have a list of what they call exposed people, I think is the term they use, rather than vulnerable. Uh, it's just really good advice though. And again, it's laying out the importance of end-to-end encryption and they give like a tip of the hat to Signal as well, which is kind of interesting that that seems to be the de facto open source known to be good product. And what I like about CISA is that they're not conflicted like the FBI are because the FBI, half of their job is to break encryption and half of their job is to secure people. So that's in conflict. They're in conflict with themselves. CISA is only about security. So they don't have that split brain going on where they're both against and for because they don't try to break anything. They're only interested in protecting.
[1:11:01]Anyway, link in the show notes. It's a good document. Hey, I'm going to do a feedback and follow-up on the fly, not having prepared it and not having told Bart about it. I believe it was the last time we got together that you talked about the different security levels of different ways of doing communications. We talked about obviously SMS being the worst and going up through RCS and when RCS is secure and not secure and WhatsApp being really secure Signal being the most secure we went through that breaking news, I believe.
[1:11:35]The Scottish government has banned WhatsApp from use on government devices is the title, and it's being reported that way. But if you read the actual messaging, they're banning all non-corporate conversation tools, social media tools. They don't define what non-corporate is. But the weird thing is it's not because they're saying there's security flaws in this. They're doing it as a punishment because apparently a bunch of civil servants deleted a bunch of information from WhatsApp about the COVID pandemic or during the COVID pandemic. Do you know more about this story? I don't know about this story, but I can put a lot of meat on that. So that's a compliance issue. So basically, if you do work for the government or for a corporation, the same applies. It's your duty to do all of your official work in a mechanism that you can comply with data protection laws. And those laws work two ways. You need to be able to secure stuff and produce stuff on demand because you're paid for by the public or you have a fiduciary duty. So if you delete something while you're working for the government, that's a crime.
[1:12:54]And the only way corporations can enforce that is to have a managed platform like Zoom. If you have a corporate Zoom account, there's a copy of your messages sent to a database that the company owns. So there's a third party, a third secret key in every conversation. That third key is the company's key. So Zoom don't see anything. It's still end-to-end encrypted, but there's a third end in every conversation, the company. And so that's saved for a legal hold or for compliance. But if you go off the reservation, if you go and do stuff privately, they're relying on you to be good. They can't do it technologically. They don't have a technological control. So the control you use is block them on corporate devices. Thou shalt use our Slack. Yeah, same thing though, right? Employer government, it works out the same. This is for state employees. Right. I'm just wondering what non-corporate means when it's the government. So I guess it's whatever tool if they're using Teams, for example. Yeah, so if your department uses Teams and you use Slack, then you're off the reservation. If you're a Slack department and you use Teams, then you're off the reservation. You should be using what is provided to you where you log in with SSO from your office.
[1:14:17]Okay. It's compliance. It's not security. It's not that it's an encryption risk. It's about compliance. I thought it was interesting because it was, the big headline is they're banning WhatsApp. App but if you keep reading it's like yeah but they're actually banning all of them except for whatever's considered the official one hey what you should be doing is doing work stuff on your work device and personal stuff on the phone you have in your pocket because it's 2024, just about for another week no it's just about 2025 Bart yeah yeah anyway I thought it was interesting that it would the way it was being reported and and like you say it is a compliance story yeah right deep dives uh no we have no deep dives i forgot to delete that heading that's why i was like i don't remember writing a deep dive but i didn't it's action alerts december patch tuesday has been and gone only 71 bugs which isn't a huge amount but one of them is a zero day so patchy patchy patch patch and i love the headline from the internet storm center from sans apple updates everything yeah pretty much patchy patchy patch patch.
[1:15:36]All right that takes us to worthy that was a little while ago that was that was the that was um safari 18.2 uh and i was 15.2 and i was yeah yeah i think that was like the day after we recorded last okay okay where are the warnings then lots of heads up here and given that it's the holiday season it's probably a good time to remind people to be careful and to remind your friends and family to be careful the first one though is firmly pointed at nocilla castaways not your friends and family um i've said a few times that we're not going to talk about every time someone does something naughty on a repository of popular libraries like npm because we'd be doing it every week but i figured now might be time to do a little reminder um so npm and all of those repositories, don't guess the names. Thousands of people downloaded malicious libraries impersonating malicious tools.
[1:16:38]So, yeah, don't do that. I just realized I accidentally tabbed in the next story. That's not a sub-story. It's a whole different story. So as I say, if you're using NPM and you're looking for a library that is the NPM version of ESLint, go to the ESLint website. They'll give you the real name. Don't just guess. The typos are full of malicious stuff. Absolutely wedged with it. Okay.
[1:17:09]Okay, so there is a scam doing the rounds, particularly in the United States, apparently. It comes in over SMS and it says, Apple approval notice. You must do blah, blah, blah to approve such and such. Your Apple idea will be shut down. It's horse poop. Not real. That's not how Apple works. I was very proud of my nephew for contacting me just two days ago, sending it to me and saying, Hey, I feel like this is a dumb question, but is this real?
[1:17:39]Nope and always ask me good job yes absolutely um and while we're on the fire extinguisher neck of woods here uh there are a bunch of tiktok videos going viral getting a lot of clicks and views uh for saying very scary things about apple they're also horse poop so no airdrop doesn't steal your credit card information if someone comes close to your phone and airdrop activates for you to maybe send something they haven't just got your credit card details yes it uses nfc no they haven't just taken an apple pay stupid um and the other one i don't even understand how is there's a video saying that iphoto or sorry the photos app is telling people who viewed your messages i don't even grok how those things are connected but anyway that's what tiktok says also wrong absolute garbage.
[1:18:42]Now, the next two stories both explain the same new trend in malware. Attackers are starting to very proactively make illegitimate use of legitimate things because a lot more organizations are switching to allow listing. And so you get to sneak through the security by being from paypal or from docusign or from what's the other one listed there um venmo it happens to be another example um and google is a case so so the real invoices it's just you don't owe the money right yes exactly so they'll pass all of the normal sniff tests because the email is legitimate it's not from a spoof domain every security test will pass because it really is sent to you by a PayPal. It's just not for something you bought from someone you bought anything from. It's some randomer has sent you an invoice. And what they will do is they will abuse things like the seller comment field.
[1:19:48]And in that field, which they control, they will write what at first glance looks like PayPal's anti-fraud line. If you think this transaction is fraudulent phone this number it's not paypal's number it's typed into the text box where you could type a horse horse battery staple pancakes waffles whatever you like so check the header above information if that's a field put there by the person who sent you the invoice do not believe anything phone numbers email addresses they could type anything right the actual paypal fraud line get it from paypal don't get it from the content of the invoice you know the one that really set me off on this path is that google have consolidated all of their services under one domain because it lets them share cookies without it being a third-party cookie it's about tracking you better it used to be maps.google.com and mail.google.com and now it's google.com forward slash maps, google.com forward slash mail. Right? Oh, that's interesting. It is. So that means that the cookie has to be shared because it's on the same domain. There's no way to break it apart.
[1:21:09]I've always been unclear on this, and everybody, forgive me who understands it already, why is, if they still have the same top-level domain, mail.google.com and maps.google.com, why is that not the same domain and there are still first-party cookies?
[1:21:27]Your browser has a choice of whether or not to segregate them, because they are in different buckets they can say that the cookie shouldn't be or sorry should be shared and they're allowed to say that it should because they do own the parent domain but the browser still can so firefox to protect you was segregating those cookies for google because that way you could log into maps without google being able to connect it to other stuff like search and stuff but by putting it on the one domain the browser literally can't tell the difference there is no difference so that's why they did it but anyway there's a side effect of that google forms is now sitting on the same top level domain as everything else and you can make a google form to send you anything and where does the email come from blah de blah at google.com and people have managed to register plausible names like, you know, customer support sales, ireland.google.com and stuff like that. Using Google Forms, they can trigger an email that validly comes from Google servers, provably so, digitally signed. And it arrives and you think, oh, this is the anti-fraud team. And someone literally lost half a million dollars worth of Bitcoin in one click with a Google Forms fake.
[1:22:54]Oh, my gosh. And this is happening in other places, too. I think it was Teams or something. No, actually, no, it was Microsoft Forums. Jesus, Forums are dangerous. Don't use Forums.
[1:23:06]Google Forums and Microsoft Forums. So this kind of stuff has been happening. And then an entirely separate story is a particularly fine-tuned version of this problem of using legitimate services illegitimately is to do it with payment services. And the three that are just being used so widely at the moment i have seen this for real, with all of my hats on is paypal venmo and digi sign so they're legitimately from paypal but anyone can send an invoice on paypal right i invoice people through paypal all the time so i do all my stuff so i can send anyone an invoice saying please pay you know bar officer creations a million dollars no one's going to do that but i could also send an invoice that says something really scary just final payment you've already committed blah de blah phone this number if you have a problem and make it be my number and steal all your money and that's what's happening, wow wow yeah so just be very careful you can have totally legitimate invoices for absolutely illegitimate things.
[1:24:15]Be careful. Right. Notable news then. I've definitely jiggered things to be ugh first and then we'll get less ugh as we go along. So the first one is important. So words matter. There was a terrible name for what is a really popular way to defraud people of millions of dollars, which is AI-based chatbots that spend a month striking up a romantic conversation and eventually turn it towards a cool crypto investment. And you get a dashboard and it looks like your money's getting a good return. And then all of a sudden it all evaporates and disappears and you never hear from the person again. And the name that was used was pig butchering because you fatten a pig and then you have bacon. But it's a horrible word, right? Who is going to say, I was a victim of pig butchering? It's so demeaning. So Interpol have decided that we actually need people to feel comfortable talking about this crime. So from now on, everyone in Interpol is never to say those words. It is romance baiting. And that's literally what it is. That's better. Much better. And that really matters. Yeah. Now the next two stories I put here, because they are companies we care about, and it sort of gives me an opportunity to have a conversation in public that I had with you, but I'm not going to say in any way why.
[1:25:41]It's just people have some misconceptions about the GDPR in Europe. And I think people assume that if you're caught in a data breach, you're in trouble because of the data breach. But that's not really why you're in trouble, if you get in trouble. So if you have a data breach, you have a duty to report it and you have a duty to disclose it responsibly to the people whose data you've lost. But if you lost it without being negligent, and if you reported in a timely and accurate manner... Then there's no fine. It has been reported, it has been processed, it's in the statistics, but that's the end of it. There is no more. You're not punished because you haven't done anything wrong.
[1:26:22]So when you hear fines, it means one of two things has happened. Either the company was negligent up front, they didn't take seriously their duty to protect your data because you have a responsibility to protect people's data. You have something of value, you must protect it. and you can be found negligent. Or you knew a data breach had happened, and you kept shtum. You didn't report it, didn't responsibly disclose. Then you will also get fined. Or if you're meta, you did both. You both didn't protect it up front, and you didn't give an honest disclosure.
[1:27:05]You minimized what actually happened. I have an analogy for a way to think about this. If you were out when you were a teenager and you knew you were going to be late and you called your parents and told them, you were in way less trouble than if you just showed up late. Worse yet, you pulled a meta and you snuck in a window and they caught you. Absolutely. Is that a good analogy? It is, actually. And one of the interesting things is the Irish Data Protection Commissioner loves going to tech conferences to show people, I'm a human being, really friendly. It's a lady at the moment She was really nice too But the last was a really friendly guy And he basically went Look I'm not your enemy If you talk to me honestly I'll talk to you honestly And we'll be fine Just don't lie.
[1:27:54]It's a good message And the other people Who need to learn that message Is Netflix.
[1:28:00]So they didn't actually have clear and accurate policies. So yeah, we don't take your data or what we do. We don't really do what we do. Basically, they lied in their, do you know that statement no one ever reads? You still have to be honest just because no one reads it.
[1:28:15]So they got in trouble for that. So you get in trouble not for being breached, but for being negligent or not being honest. And that's what happened to these two companies.
[1:28:25]And they also hid a problem? yeah so you're supposed to tell people in your data statement what you actually do with the data and you're not supposed to do things you don't tell people you do which is where netflix fell short okay but they only got fined 4.75 million euro where meta got 264 million dollars in fines yeah different scale different scale different scale okay yeah uh then we move to the united States. We're still in the ICC area. The Office of the Inspector General, which I just have this vision of someone with a really big hat being very important, but it's probably way less interesting. Anyway, the OIG has spent the last four years trying to figure out whether or not the subpoenas that were sent at Apple for messaging details about the families of Democratic lawmakers sent by the Trump DOJ, whether or not that was actually legitimate, those subpoenas. They were not I don't remember that they were not they were not you're not allowed to subpoena Apple for that information that's not appropriate so that's interesting I don't even remember that happening do you remember that? I remember it breaking a long time after it happened it didn't leak that the government had done it until a year or two later at which point it wasn't as much of a scandal because you know old news but I do remember it happening thinking well that's a bit ick.
[1:29:52]Yeah. I'm sure glad we got out of the ick part, Bert. Yeah. Okay. No, no. No, we have one more. But you get to do the last bit of ick, and then I turn us around. Okay, good. All right. So, the U.S. Authorities are launching an investigation into Chinese router maker TP-Link for a possible ban due to security risks. And the reason I wanted to bring this up is, you know, we generally, you know, it's an investigation. So what? Nothing's coming of that.
[1:30:20]Tom Merritt on the Daily Tech News Show is, well, Tom Merritt in real life and on the Daily Tech News Show is one of these calm, non-inflammatory, doesn't make a lot of, you know, inflammatory predictions. His analysis of what's happening here is that it is inevitable that there will be a ban after the investigation. And here's a couple of things behind that is, first of all, it is a Chinese-owned company. And during a patent investigation or suit, TP-Link tried to convince the judge that we really have two totally different businesses. We have a Chinese business and we have a U.S. Business. And the judge called it implausible when he denied their argument. So they really are a Chinese company. There is no doubt they're a Chinese company. They own 60% market share of U.S. retail market. I've seen 65 and 60, but the sources I trust said 60. But anyway, that's a distinction without a difference, or a difference without a distinction. Anyway, so 60% market share of the U.S. retail market of a Chinese company. And how many times, Bart, have we talked about TP-Link having failures.
[1:31:30]Security failures, things they didn't tell us about, things we found out about too late? Those are the kinds of things that have stacked up. There is nothing in the list of malfeasance or maybe incompetence combined with Chinese company to the U.S. That would lead Tom to believe that anything other than a ban would happen next. Now, bear in mind, the mechanism whereby a state actor would sneak malware in is pretend incompetence.
[1:32:02]Hmm. Oh, bug. Oh, we weren't spying. Bug. Whoopsie daisies. Let's patch that.
[1:32:08]Whoopsie daisy. I love it. So I put a link to the DTNS 4918 and it's timestamped to right when they started talking about this. But another interesting piece of that is Roger Chang, the producer, pops into the conversation and he says, yeah, you know what? I've got four TP-Link routers and i have flashed the firmware on all of them to be ddwrt and that's something that man i remember back in the old linksys router days doing that and uh i was capable of doing it and so if you are the type of person who thinks that's a better idea than throwing it in the bin consider flashing your tp link routers with ddwrt and then you don't have to throw your hardware away possibly.
[1:32:49]Yeah good call definitely totally agree with that yeah all right excellent okay so now i get to take us um into more positive territory the germans caught my eye so there is a piece of malware that has ended up being pre-loaded into a whole bunch of android based sort of devices so not we're not talking phones here we're talking um smart tvs and those kind of you know sticks and those kind of things sure and a bunch of them are available dirt cheap and they have malware in them whether through incompetence or whether through intentional supply chain attacks. Who knows? By the way, they're a little bit mild we're trying to phone home. And the German government basically went, I'll tell you what, why don't we just block that at the country level? None of these devices in Germany can phone home. Problem solved.
[1:33:40]Well, for Germany. Right. But the German government shouldn't block anything else, right? The German government shouldn't be interfering with anyone else's internet. So I like this. They're not overstepping anything. Yeah, no, it's correct, correct. But now does that mean that Belgium has to do it and the United States has to do it and Finland has to do it? Yeah, yeah. Or actually, to be honest, if Interpol did it, they could, rather than blackholing the DNS at the country level, they could just take the DNS off these people, seize the domain. But there's a lot of very clever chicanery of doing things in jurisdictions where international, what now? Who are you?
[1:34:21]That's a fun one though that is a non-X story it is absolutely then we move to top tips now this is a.
[1:34:30]Difficult conversation, but a spectacularly important conversation. And we're going to have lots of Nassila castaways with family visiting them or visiting family.
[1:34:40]A legacy contact is something your Apple account, I can't say Apple ID, Apple account, Apple account, Apple account. A legacy contact is something your Apple account should have. It is a person who you have designated as being okay for Apple to give your information to if you die. So this means they can get as much information as is possible if you go if you combine a legacy contact with a shared password and one password they should be able to get everything of yours if you pass like all of those amazingly important memories on your phone they you know so it's very important it is data you don't get like say for example their apps no no that that's a license sense it's the data yeah yeah you don't just get to inherit all their content or their you know paid for media or apps that would be kind of cool to be able to hand those down in your will or something but no we don't own software we just rent yeah right right yeah so you put a link in the show notes to the mac observer article we actually sent the instructions to steve's mom just about a week and a half ago just coincidentally just said you know i don't know you don't take a lot of photos but you know you've got some music whatever you know if you would like to do this Actually, the music depends on if it's rented, I guess. But anyway, if you would like to do this, here's how to do it.
[1:36:01]Yeah, I ended up doing it with my dad on the phone at random. I think he wanted to change mom's iCloud password. And he went, by the way, while you're in there, there's a little thing at the bottom of that same screen. And he went down to it and went, oh, look, you're my legacy contact. And I was like, oh, OK, I guess we've done this.
[1:36:16]I've been there before. But yeah, that's a good one for over the holidays, right? Yeah, exactly. And then I want to give a shout out to listener Lynn in the wonderful Slack at podfee.com forward slash Slack, where she posted a link to a podcast from the AARP, which I believe is the American Association of Retired Persons. Something like that. Yeah. They basically have some really good advice for how people who use U.S. Carriers can secure their phone from SIM jacking, which is the first step in a lot of really nasty malware, because banks, despite everything we know, love SMS for two-factor authentication. So if someone can become your cell phone number and they have your password because maybe your bank has really terrible policies like they're not allowed to belong with any characters this also happens in banks, then they can steal your money so stopping sim swapping is really important and the reason I say it's US specific is because every carrier around the world gets to have their own policies and procedures and the instructions in this podcast are AT&T and T-Mobile and so forth, Right. Okay, cool. Yay, Lin.
[1:37:30]Absolutely. I don't see any extra palette cleansers, so I think I'm the only one cleansing some palettes. This, I think, is a story that really affects you and I. So we are both extremely heavy users of the amazing products from Rogue Amoeba. Right now, there will be silence on this recording without Rogue Amoeba. We wouldn't hear each other and there'll be nothing recorded. It'll be a complete mess, right? Right, right. And we've seen them struggle a little bit outwardly, but under the hood, they had an existential crisis because Apple pulled the rug out from under them as they tried to secure macOS. And I've had hints of this story, but they wrote a blog post and A, it's really well told. It's just a really well written blog post. It tells the story, you get all the suspense and you come along for the journey. And it explains how Rogue Amiibo were able to basically completely overcome this and they're now in a stronger position than they've ever been and they're now getting really good support from Apple.
[1:38:34]But there was a time when things looked real bad. And now I feel a lot less bad about the bugs you and I have experienced in the last year. Now that I know what was going on behind the scenes, this move from, what is it, ARC to ACE? No, ACE to ARC. Oh, God, you would get it wrong. Yeah, so ARC is the new one. Yes. That's interesting. I have not read this. I'd like to, I'm real curious to hear the background. But yeah.
[1:39:02]What ACE stands for Audio Capture Engine and ARC is Audio Routing Kit. The ACE method of capturing audio with things like Audio Hijack and doing interesting things with loopback and creating aggregate devices was real janky. ACE was really hard. You had to go in and change security settings at the, what is that method of booting up? Kernel level stuff. Turn off security integrity protection, SIP, isn't it, SIP? No, I don't think we had to turn SIP off. We didn't have to do that, but we had to lower the security level basically to one level below the highest. Anyway, it doesn't matter. It's gone now. You don't have to do any of that janky stuff. So I didn't know that there was something really scary coming. I've always wondered why they're allowed to do what they do. So I'm glad that they are maybe more official now with Apple being happy. Yes. Basic, yeah. As you'll find out, they were given special exemption. What they were doing with Ace shouldn't have been possible in the last two versions of macOS, but they were given a little bit of a leeway by Apple. There was actually a hard-coded exemption in macOS.
[1:40:11]And then they were running out of time on, okay, we're not going to keep doing it. Well, Apple were a little bit slow. Apple said, here's a temporary pass. We are going to make an API for you and for everyone else to do audio routing legitimately so that every app can use these APIs. They're going to be proper APIs, sandboxed, all the usual stuff. So anyone can now do audio routing thanks to Rogue Amoeba, basically.
[1:40:35]Okay. So now with Arc, it's 100% supported, 100% secure, so you don't have to lower your security settings. So not just Apple looking the other way. Correct. Correct. Okay. So that could open up competition for Rogue Amoeba. It could, but the thing is, the fact that the APIs exist is one-tenth of the work that went into the ARC plugin, right? Oh, sure. Oh, yeah. No, I'm not saying they don't deserve the market that they have. Yeah.
[1:41:06]I wonder whether that opens up any possibility they would ever allow something like this on iOS. It makes it technically much easier because it's much easier for Apple to port a stable API to iPadOS than it is to start from scratch, which is what they had to do before. I would not be surprised if the iPad Pro all of a sudden was able to do this kind of stuff. And then podcasters could do everything.
[1:41:29]Yeah, that's something that a lot of people might not know is that you just, you literally can't do what Bart and I are doing on an iOS. They don't let you. Not on an iPad. You'd need multiple devices and then mush it all together later. Like I'm sure you could jury ring it with like an iPhone and an iPad and split all of these cool apps we have off into separate physical pieces. But that's, ugh, it's hard enough and it's all on the back. Yeah, I don't even know if it's possible. Yeah, exactly.
[1:41:55]Well, very cool. That will be fun to read. I'm looking forward to that. I love the people at Rogue Amoeba. And even though we were whining about a few wee bugs that we were having, they were always there for us. They're the greatest team. Fantastic people. And they can write. Honestly, it's a really well-written post. I really enjoyed reading it. Oh, yeah. Oh, their documentation is the best. The best documentation of any app I've ever used, bar none. It's best in class. Apparently, it's trumped by Flying Meat Software with Acorn, which apparently has the very, very, very best documentation. 1,000% disagree. But I haven't checked lately, but it was one of the reasons I don't. I've got to make sure I'm not mixing up Pixelmator in them, but I remember one of those two apps, just terrible documentation, like the worst. That'll be Pixelmator. Oh, was it? Okay. Like they tell you to use this tool, but they wouldn't show you what the tool looked like. Like they didn't have the icon. they wouldn't even put a freaking uh uh i ran into this two weeks ago and it drove me nuts because it said you do this and you do this only the words and what i was looking at.
[1:43:04]Two totally different things huh yeah well i'll go back and look at acorn we'll see we'll see if they can meet my standards uh but they're also everything rogue amoeba does is fully accessible to the blind unbelievable yeah now when you see audio high people.
[1:43:22]I've now taught three blind people to use audio hijack wow it's amazing when i look at audio hijack the thought that it's possible to make that accessible just makes my head explode these people are brilliant yeah well they built it they built the new versions from the ground up accessible first and the reason bart's saying that it's unbelievable that it is is it's a drag and drop interface you have little blocks you drop in there's little colored lines that move there's all these indicators that how could that be accessible but it is wow anyway okay enough love fest yes yes indeed they're not paying for this episode yeah they should though they really should they don't have to true true okay well that's all i got and you know it's a festive episode so we didn't really stay particularly on target but hey who cares i think uh a merry Christmas and a Happy New Year to you then, Bart. Yes, because two weeks from now, it will be 2025. Jesus. Wow. Yeah, folks, have a peaceful and joy-filled holiday season with those you love and remember. Stay patched so you stay secure.
[1:44:35]Well, that's going to wind us up for this week. Did you know you can email me at alisonatpodfeed.com anytime you like. If you have a question or a suggestion, just send it on over. Remember, everything good starts with podfeed.com. You can follow me on Mastodon, at podfeet.com slash mastodon. And if you want to listen to the podcast on YouTube, like the kids do today, you can go to podfeet.com slash YouTube. If you want to join the conversation, you can join our Slack community at podfeet.com slash Slack, where you can talk to me and Steve Matten and all of the other lovely Nozilla castaways. You can support the show at podfeet.com slash Patreon or with a one-time donation like Scott did at podfeet.com slash donate. There you can use Apple Pay or any credit card. Or if you like PayPal, go to podfeet.com slash paypal. And if you want to join the fun of the live show, you're going to have to wait until January 12th when we'll be back from CES. And then you can head on over to podfeet.com slash live on Sunday nights at 5 p.m. Pacific time and join the friendly and enthusiastic Nocella Castaways.
[1:45:33]Music. Well it's that time of the week again it's time for chit chat no it isn't start over.
[1:45:33]Thanks for listening and stay subscribed.