NC_2025_02_16
This episode discusses web app deployment with GitHub Actions, features David Wu on charging solutions, Renata Scorsoni's fogponics garden, and covers key tech updates and security advisories.
Automatic Shownotes
Chapters
0:00
NC_2025_02_16
0:23
PBS 176: Deploying a JavaScript Web App with Webpack & GitHub Actions (GitHub Pages)
1:19
ScreenCastsONLINE Tutorial: Editing in Apple Photos on Mac
2:05
CES 2025: Aukey Active Cooling Chargers, Slim ID Tags, & Powerbanks
9:58
CES 2025: Plantaform Smart Indoor Gardens
14:50
Fast Point-to-Point File Transfer with Blip
26:56
CES 2025: Biolite Backup Energy Systems
34:25
Support the Show
34:57
Security Bits — 16 February 2025
Long Summary
In this episode, we delve into the latest advancements in web app deployment and file sharing with a focus on powerful tools like GitHub Actions and Blip. Continuing the progression initiated in a previous installment of Programming by Stealth, Bart, our expert guide, brings us full circle as he unwraps the comprehensive features of GitHub Actions, enabling us to effectively automate our web applications' deployment to GitHub Pages. We explore the intricate components of workflows, jobs, steps, and events, all thoroughly documented in the show notes for easy reference. This provides essential insights for anyone looking to create their own YAML files, marking a significant step towards mastering GitHub's capabilities.
We also engage with the world of media creation, where I share a personal favorite: Apple Photos as a robust tool for editing images. After a detailed exploration of its comprehensive editing tools, I encourage listeners to enhance their digital photography skills using this built-in software on macOS. As part of this discussion, I draw attention to my recent ScreenCastsOnline video tutorial that serves as an expansive guide for maximizing the editing potential within Apple Photos.
Our discussion shifts to the innovative technology showcased at CES, where I had the opportunity to interview David Wu from AUKEY. We explore cutting-edge charging solutions including a gaming wireless charger equipped with a cooling system, and a 300-watt charging station capable of powering multiple devices simultaneously. David introduces us to the novel TrackMate, a wallet-sized rechargeable device that integrates seamlessly with users' smartphones for added convenience. Each product detail provided by David not only captures the imagination but addresses practical everyday tech needs, from gamers to everyday users.
Later, we pivot to the realm of indoor agriculture with Renata Scorsoni from Plantaform, who introduces a revolutionary fogponics garden system. This innovative apparatus promises a sustainable solution for growing food indoors, utilizing significantly less water than traditional methods. With a direct connection to an app that monitors plant growth, this gadget embodies future-forward living, perfect for urban dwellers.
Amidst our insightful technology discussions, I share valuable insights on file transfer methods, spotlighting Blip – a remarkable application that simplifies sending large files seamlessly between devices. I walk through my experiences in using Blip, detailing its innovative features that bypass traditional cloud storage methods, ensuring quick and secure file sharing.
Our exploration also includes some pressing tech updates and security advisories, where we discuss notable changes in the landscape of tech security, particularly regarding DNS services. Together, Bart and I cover the importance of maintaining updated systems and we offer actionable steps to bolster personal security across devices.
To wrap up, we highlight powerful takes on the necessity for vigilance regarding app security, emphasizing the risks associated with simply producing images and saving sensitive data in less secure environments. Our discussions create a compelling narrative about the ongoing evolution of technology, filled with practical advice and exciting recommendations for fostering tech-savvy habits. So, join us as we explore these critical topics and much more in this engaging episode.
We also engage with the world of media creation, where I share a personal favorite: Apple Photos as a robust tool for editing images. After a detailed exploration of its comprehensive editing tools, I encourage listeners to enhance their digital photography skills using this built-in software on macOS. As part of this discussion, I draw attention to my recent ScreenCastsOnline video tutorial that serves as an expansive guide for maximizing the editing potential within Apple Photos.
Our discussion shifts to the innovative technology showcased at CES, where I had the opportunity to interview David Wu from AUKEY. We explore cutting-edge charging solutions including a gaming wireless charger equipped with a cooling system, and a 300-watt charging station capable of powering multiple devices simultaneously. David introduces us to the novel TrackMate, a wallet-sized rechargeable device that integrates seamlessly with users' smartphones for added convenience. Each product detail provided by David not only captures the imagination but addresses practical everyday tech needs, from gamers to everyday users.
Later, we pivot to the realm of indoor agriculture with Renata Scorsoni from Plantaform, who introduces a revolutionary fogponics garden system. This innovative apparatus promises a sustainable solution for growing food indoors, utilizing significantly less water than traditional methods. With a direct connection to an app that monitors plant growth, this gadget embodies future-forward living, perfect for urban dwellers.
Amidst our insightful technology discussions, I share valuable insights on file transfer methods, spotlighting Blip – a remarkable application that simplifies sending large files seamlessly between devices. I walk through my experiences in using Blip, detailing its innovative features that bypass traditional cloud storage methods, ensuring quick and secure file sharing.
Our exploration also includes some pressing tech updates and security advisories, where we discuss notable changes in the landscape of tech security, particularly regarding DNS services. Together, Bart and I cover the importance of maintaining updated systems and we offer actionable steps to bolster personal security across devices.
To wrap up, we highlight powerful takes on the necessity for vigilance regarding app security, emphasizing the risks associated with simply producing images and saving sensitive data in less secure environments. Our discussions create a compelling narrative about the ongoing evolution of technology, filled with practical advice and exciting recommendations for fostering tech-savvy habits. So, join us as we explore these critical topics and much more in this engaging episode.
Brief Summary
In this episode, we tackle advancements in web app deployment with GitHub Actions and file sharing through Blip. I highlight GitHub Actions' automation capabilities and the power of Apple Photos for editing.
We feature an interview with David Wu from AUKEY, discussing innovative charging solutions, and Renata Scorsoni from Plantaform, who introduces a sustainable fogponics garden system.
Additionally, we cover important tech updates and security advisories, emphasizing vigilance in app security. Join us as we explore these essential topics.
We feature an interview with David Wu from AUKEY, discussing innovative charging solutions, and Renata Scorsoni from Plantaform, who introduces a sustainable fogponics garden system.
Additionally, we cover important tech updates and security advisories, emphasizing vigilance in app security. Join us as we explore these essential topics.
Tags
web app deployment
GitHub Actions
file sharing
automation capabilities
Apple Photos
David Wu
AUKEY
charging solutions
Renata Scorsoni
Plantaform
fogponics garden
tech updates
security advisories
app security
Transcript
[0:00]
NC_2025_02_16
[0:00]Music.
[0:12]And this is show number 1032. Before we get started, I want to tell you there will be no live show next week. The show will come out early, but we'll be out of town for the weekend.
[0:23]
PBS 176: Deploying a JavaScript Web App with Webpack & GitHub Actions (GitHub Pages)
[0:24]Way back in September of 2022 in Programming by Stealth, Bart finished off the Webpack miniseries by leaving it as an exercise for the student to actually deploy their web apps to GitHub Pages. Bart closes that circle in the latest installment of Programming by Stealth while teaching us how to use GitHub Actions. We learn about workflows and jobs and steps and events and runners. Bart includes great tables in the show notes of the terminology, so now we have this really great handy reference guide for making our own YAML files to run GitHub Actions. As always, Bart and I had a great time. I learned a lot, and he's got us set up for even more fun in the upcoming episodes, where we'll be learning how to make free websites using GitHub pages. Of course, there's a link in the show notes to Bart's fabulous show notes for Programming by Stealth number 176, or you can also listen to the audio or subscribe in your podcatcher of choice to Programming by Stealth.
[1:19]
ScreenCastsONLINE Tutorial: Editing in Apple Photos on Mac
[1:23]A lot of people ask me what tool I recommend for editing photos, and I almost always suggest Apple Photos on the Mac. When I show them the power inside the editing tools for Apple Photos, they're usually surprised that they have so much capability right in front of them all this time. In my latest ScreenCastsOnline video tutorial, I decided to do a deep dive into all of the editing tools you get with macOS Photos. If for some weird reason you aren't yet a subscriber to ScreenCastsOnline, you can get a free 7-day trial at ScreenCastsOnline.com and watch this tutorial and all of the current back catalog. As always, I've got to give my disclaimer that if you try this service, you'll probably end up wanting to continue and subscribe.
[2:05]
CES 2025: Aukey Active Cooling Chargers, Slim ID Tags, & Powerbanks
[2:08]All right, let's get into some fun interviews from CES with one of my favorite companies. I got my very first GAN charger from a company called AUKEY, A-U-K-E-Y, and I've come across them with David Wu here at CES, and I've got to see all of these new products. I see a bunch of innovation awards. Looks like some pretty cool stuff. What have you got here?
[2:28]Yeah, we got some really cool things this year. So we got three products, got the CES innovation awards. Okay. The first one is the gaming wireless charger with the cooling system. So it's very new in the market with a very niche design and a very nice design with the three functions display the temperature when you charge your phone and the cooling and the light. So I'm going to describe this for the audio-only audience is what we have here is a round puck that's got some bright white lights on it and if I set this on the MagSafe connector on the back of my phone, Steve's going to be able to bring this in here. The fan is just turned on to start cooling the phone down and it's showing the temperature. Yes, and it can keep cooling your phone down because the others, your phone get heated when it's charged either with the word or either with the wireless charging. But this one, no, not at all. It keeps cooling.
[3:27]So it can be like 20 Celsius, 20 degrees. So this is really good for gamers that are heating their phone up, right? Yes. This is really, really pretty. So is this on the market yet? And if so, how much is it? The retail price, sorry, I forgot the price, but it's already in the market. It is. Okay. All right. This is also a new one. It's a 300-watt charger, the charging station with four USB-C plus two USB-A. Oh, wow. That's a beast. Yeah. It can charge everything you have.
[4:00]It's a charging solution for all your devices. It's like four laptops. Yeah, four laptops also, yes. It's 300 watts, and the maximum now with the laptop is 140. So you have multiple devices you can charge at the same time. And you're not going to carry that on an airplane, but... This doesn't come with... It's just a charge on a battery though, right? No battery, so you can take it anywhere if you like. All right, the next one? Yeah, this one is... Is a is a track mate okay it's a fantamized uh product so this looks like a a little bit it looks like a credit card it's just credit card size with a little power button on it, yes this one is a slim as a card you can put it in a you know wallet or some other places, what's the unique thing for this brother is made from the glass the matte glass and the the metal frame.
[4:55]The thing is, the normal one, you can get in the market, three years later you need to throw it away. But with the hours, you can always recharge it every half a year and you can keep using it. How do you charge it? Wireless charging. You just put it here. Oh my gosh. It's a wireless charging. It's just wireless charging this on, he's using the MagFusion Game Frost, the cooling one. I guess that's overkill, but what is the power button for? Sorry? I see a power button on the front of the card, the TrackMeet. This is to match, to bundle with your phone. Oh, okay, right, right, right. Yes. That is beautiful. That is tiny. Also, there's a unique thing. If someone found this card or they found what you have lost, they can scan this QR code and find the information you leave for them, and they can contact you. Excellent. I guess they'd have to know to do that, but you can find it, right? Yeah. These are fabulous products. Now, I see you've got a couple more products that have the cooling system, this active cooling system. Yes. This is also the products with 3-in-1 with the cooling system. So 3-in-1 megs. It's the phone. Qi2.
[6:10]Qi2, where it's charging for the phone, for the Airbus, for the Apple Watch. Oh, I didn't notice the Apple Watch in the back. So this is unique, it's a cylinder coming out at you with the Apple Watch charger on the top and the T2 on the front. And I assume that's a fan in there too? Yeah, there's a fan and there's a cooling pad inside. So it works the same as the game for us. Oh, that's very nifty. Yeah, it looks like you got one for another one of these cooling fan chargers for the for the dash. For the dash, yes, you can click.
[6:46]To your air vent and I could charge the same function but using the car. That's where my car, mine gets really hot, is doing charging in the car. So I think that would be great. Yes. All right. I don't think we need to go through all of these, but there is... There's one more thing. One more. Just one more. Yes. This is something very unique in the market. You don't see it in any other places in the market. This is a six in one worth charging product. Six in one. Six in one, And it can charge three smartphones at the same time, Qi2 certified, three phones, three wireless chargers, Qi2 certified. So this is also magnetic down here? Yeah, magnetic and Qi2 also. So one down on the bottom and then two up on cylinders up above? Yes. And here, it can charge the smartwatch also. Oh, very good. And if you put it down, you can charge your air force here. Oh, that's how you get to six. Yes. And also in the back you have two parts. Oh, wow.
[7:47]So it comes... Wait, I'm not up to six. I got one, two, three, four, five. Where's six? And also these two. The chargers on the back. Well, you can count it as seven because you got two USB-C's back there, right? But you cannot use this one at the same time. Either watch or either the earbuds. Sure, sure. That makes sense. All right, we might as well finish up. These are the prettiest little magnetic batteries I've ever seen. So these are you slap them on the back your phone yeah they're uh uh 5 000 million powers i believe yeah 5 000 milliamps also very very thin and very very thin and very very powerful also 15 watts charging power is the t235 also there you go yeah t235 okay that that's uh wait did you say 30 watts or 15 15 right 15 right yeah they're really pretty there's like a rose gold and yeah a teal and gold and silver and a black. Yes. Those are beautiful. All right, so if people wanted to find out about all of these fantastic Aukey products, where would they go? Now they can go Costco to find some products, and they can go Best Buy to find some products, and we are still talking to Walmart. Maybe soon they can find it in the Walmart. All right, so the company you look for is Aukey, A-U-K-E-Y, to find all these products, and this is not some weird fly-by-night. The name of the brand, EU, stands for good. Oh. The key is a key. Okay, in what language? In Chinese?
[9:15]In Chinese, it's a good key. Oh, I like a good key. All right, thank you very much. This is fantastic. Thank you, Alison. Yes.
[9:29]So after we got done talking, David gave me the MagFusion GameFrost that he talked about, the gaming charger. And this thing is amazing. It's really, really fun. As we described, it lights up. It's got a little fan. It tells you the temperature. It really is a very, very slick little device. And I think it's nifty. It's Qi2, which means you're going to get 15 watts of charging with this as well. That's the MagFusion GameFrost. And I think it's really neat. No, cool. Get it?
[9:58]
CES 2025: Plantaform Smart Indoor Gardens
[10:02]I found some plants at CES, and I had to stop and talk to Renata Scorsoni from Plantaform. Plantaform, yes. What are we looking at here? We've got a big dome, a big egg. Yeah. This is an audio and video podcast, so you're going to need to describe it in detail. Okay, no problem. So this is what we like to call the future of indoor gardening. It is the world's first indoor garden to use fogponics, which sounds kind of weird, but basically what that means is it uses fog to grow plants instead of water or soil. So misting it all the time? Exactly. So it's got ultrasonic foggers in the bottom. It is a dome-shaped, egg-shaped device that is fully enclosed, which allows us to be very water-efficient because it recycles that water. And it uses 98% less water than traditional gardening methods, and actually 30% to 50% less water than even an aeroponic system, which is where it's spraying the plants. Oh, wow. Wow, that's amazing.
[10:53]Yeah. You've got a bunch of lettuce growing in there right now. Yeah, you can grow up to 15 different plants all at the same time in this device. So we've got three rows of five. We do have curated pod packs with very specially curated selections of pre-seeded, non-GMO seeds. It's just like an espresso where you scan the pod pack, you put it in there, and the app does everything for you. It knows exactly how much light to give it, how much nutrients, how much water. And it even reminds you when it needs water, which because this is so water efficient, it only needs to be watered every two to three weeks. Oh my gosh, that is amazing. Yeah. So I see a door on the side. Is that where you access to get the food out? Actually, no. It is a fully enclosed garden. So whenever you've got all the windows on.
[11:34]It does dim the light a little bit. So you don't have these bright LED lights glowing in your house. Some people find that a little bit bright from time to time. So we've got these tinted windows on it that not only dims the light and gives it more of an ambiance, kind of a sophistication, elegance to your house, so like a living piece of furniture, but it also helps us control the humidity and make sure that we're very efficient on the water usage as well. So it is one of the more... You've got to have those windows on to keep the fog inside, right? Yeah, but the fog doesn't fall out that bad anyway. So it's totally okay because the fog is being delivered to the roots through that root chamber that's in the center column. So it's getting to the roots before it falls out and cascades down and makes it look beautiful as well. Okay, so it's not fogging the tops of the plants. It's fogging the roots? Fogging directly to the roots and it's delivering that water and the nutrients directly to the roots in an oxygenated environment. So what that does is it grows the plants a little bit faster and a much more consistent yield because the roots aren't sitting there and potentially rotting in water. That's what I was saying about it.
[12:25]So this would be great for an apartment where you can't have an outdoor garden or maybe you live in a desert where it's really hard to grow things outside. If you live in Canada like us where we've only got a very short growing session, this works really great for Canada as well. So you can have something like cherry tomatoes growing in the middle of winter with some basil and some nice beautiful lettuce. There you go. There you go. So this just won the CES Innovation Awards for food and ag tech, I see. Yes, we do. We're very excited. That's our new best friend you've got sitting there on the table. There you go. And so, oh, are these the plant pod packs? I've got some cherry tomatoes and greens here. A little basil, a little bit of lettuce in that one. And we've got a few different selections. One of our most popular is the cocktail mix. People love that one. You grow the herbs that you want to put in your cocktails. Because, you know, herbs, you kind of buy them, you end up throwing them out. This is also helping reduce food waste, which is one of our core values of the company, right? We want to make sure that the food is hyper-local, pesticide-free, and you're eating it as you need it, not buying a bunch and then having it go bad in your fridge and then throwing it out. You're not going to get any fresher salad than this. I was going to be making a caprese salad right here. Exactly. It's a mozzarella. I'm good to go. Exactly. This is the one I'm growing at home right now. If I showed you my app, that's the one that's going to show up on it. Oh, so it's app-based too, of course, so you can watch your plants grow. Yeah, so I can even pull the app up for you.
[13:36]I picture my kids there, but there's the Plantiform app. Shows that you're growing, and because this is connected to my one at home, you see that I'm growing the cherry tomato mix. It's been going for 32 days, and I need to water it soon, but yeah. So do you manually water it, or does it know when to water it? It tells you when to water it, so it waters the plants on a consistent basis as needed, but you have to refill it every two to three weeks. And because we've got five liters in the bottom and two liters in the top, so you just lift this up, fill it at the bottom. We got to see the fog. Yeah. Oh, there's the roots. There's the roots there, and we've got the water at the top. And there's also a container at the top. This is an extra reservoir. Turn that around for you. So you can put water and nutrients at the top as well. That is so cool. Now, is this available yet? Yes. It's literally launching today in the U.S. So it is available at plantaform.com to purchase right now.
[14:28]Plantaform.com. Oh, .com. I'm sorry. And what's your price point? What do you think? No. What do you think it's worth? No. It retails for $4.99 U.S. That's actually not bad. That sounds great. And it comes to everything you need for your first harvest, including a lettuce pack. So you get 15 seeds, you get the nutrients, six-month nutrients, and everything you need to grow your first harvest. That sounds fantastic. Thank you very much, Renata. Thank you very much for dropping by.
[14:50]
Fast Point-to-Point File Transfer with Blip
[14:51]I've mentioned this before, but I'll remind you that when Bart and I record an installment of Programming by Stealth or Security Bits, we both record both sides of our conversation. We use Audio Hijack from Rogue Amoeba to record the files in stereo, putting him on one track and me on the other. We do this for two reasons. The first is so that if for some reason something goes wrong with my recording, like I forget to push record, we have his as a backup.
[15:16]Secondly, this method provides higher quality recordings for you. In my recording, my voice will be direct from my mic, but his voice will be recorded through the Zoom call. Any artifacts induced by the Voice over IP service will be included in my recording of his voice. On the flip side, though, Bart will have his original recording from his mic, and my voice will be through Zoom. Because we have these two stereo recordings, I can take my voice from my recording and Bart's from his recording and discard the two Zoom side recordings, but still give you the best of both worlds. Now, we had a problem to be solved, and that was finding the best method for Bart to send me his 600-800 megabyte recording every single time we record. For years, we've been using Dropbox for this process. For a long time, he didn't pay for Dropbox, which meant he could only have it on one Mac, and it wasn't the Mac where he made the recordings. He would save the file on the recording Mac, then sync it to a second Mac with Dropbox running, which then synced the file to the cloud. After this giant file made it up to the cloud, that shared folder synced the file down to my Mac, and finally I could start working with the file. There were a few failure points in this process, such as Bart remembering to sync the file from one Mac to the other, and it required us both to have Dropbox running. I can't tell you how many times I accused him of not sending me the file, but it would turn out that Dropbox had stopped syncing on my end for some mysterious reason. Even after he started paying for Dropbox, it still takes a long time for such a large file to make its way across the Atlantic.
[16:46]Recently, Bart found a much better solution for transferring files, a tiny app called Blip from Blip.net. Blip provides point-to-point file transfers without storing it on any servers in between. Because there's no server between the two devices, it's really fast. The speed is only limited by the sender's upload speed and the receiver's download speed. It also uploads and downloads simultaneously, not as two separate operations in series. Now, before I explain how to use Blip, you may be wondering about the cost. Blip is free. The FAQ says, is Blip really free? It was answered with simply, it's completely free to use while we continue to roll out Blip. Going forward, we want to keep Blip free for personal use. We may introduce paid plans for commercial use or special features. For now, that's good enough for me. Now, another FAQ says, will Blip show me ads? The answer made me smile. It said, absolutely not. Don't be silly.
[17:47]Well, another cool feature of Blip is that a file transfer can survive drive disk connections, network interruptions, and even full disks. It remembers where it was until you rectify the interruption, and then it starts back up again. There's no file size limitations because the files are never stored on anyone's servers. Not only can you transfer massive files, you can even transfer folders without zipping them. The FAQs even say you can transfer project files such as a Final Cut.fcp bundle file without ever needing to zip that either.
[18:19]Think of Blip as airdrop, but for everyone, whether they're nearby or not, regardless of their platform of choice. Mac, Windows, iOS, and Android all have supported Blip apps. At first, I thought they had a Linux app too, but the link is to sign up for Linux, and it asks you why you would want that. Looks like they're still gauging how much interest there is before they build the Linux version. I thought it was kind of a funny question. Why would you want it? Like, well, the same reason I would want it on any other device, right? Oh, well. So I tested Blip with VoiceOver, and I was able to access all the features. So I think literally everyone but our Linux friends can play. Now that I've explained the cool promise of Blip, let's discuss its simplicity. Both sender and receiver need to download the Blip app on their devices. They also need to have a Blip account, which can be created by providing an email address and then verifying ownership of that address. You do not create any other kind of account. You don't have a password or anything like that.
[19:17]Now, since my primary use has been from the Mac, we'll start with the process there. From the Blip Memubar app, the sender types in the receiver's email address, or if they've previously connected over Blip, they can select the name from their list. This opens another window in which Blip waits for you to select photos or files to send to the recipient. On the other end, the receiver sees a notification asking whether they'd like to accept or decline the file transfer. The file begins to transfer as soon as the receiver hits the accept button.
[19:46]Now remember, it's sending and receiving at the same time. On both ends, you can see the progress and speed of the transfer. Between Bart and me with pretty good connection speeds, it's less than a minute for this 600-800MB file to be transferred between us. It's magical! I think I squealed like a little girl when it worked the first time. We've been using Blip for several months, and it has been delightful every single time. Now when I want to initiate a transfer, I usually have the file visible in Finder already. Rather than going to the menu bar, I can select the file, right-click, select Services, and then Blip. This pops up a window showing me the file I want to transfer and the list of my contacts who use Blip. It's the same process as using the menu bar app, but in reverse order, which is a few seconds faster for me. I was enamored enough about Blip that when Adam Banks joined as the primary guest on Chitchat Across the Pond, I suggested he try using Blip. It took him all of, I think, 28 seconds to be all in on Blip. I think he enjoys saying, I blipped you.
[20:47]With all of the terrific features of continuity between iOS and macOS and syncing of photos and documents, I don't often need to transfer files between my Mac and iPhone. Still, for science, I tested using Blip with iOS in the mix. I installed Blip on my iPhone, entered my email address, and acknowledged the email confirmation. Then I selected a file on my MacBook Air and used services to open Blip. Since I had registered a new device, I could now see my iPhone and MacBook Pro in my contacts list in Blip, so I've got my MacBook Air, my MacBook Pro, and my phone all in the list in Blip. When I tapped the iPhone, Blip on the MacBook Air told me to open Blip on the phone. My phone already had a notification from Blip, and tapping on the notification automatically opened Blip and accepted the file transfer. In the Blip app on the iPhone, I could see my list of devices and Blip contacts, along with a receive section showing the file I had just accepted. Below it, I was told the device from which it was received.
[21:47]This was all swell, so I could see the file here, but where did it store the file? I opened the iOS Files app, backed all the way out to the top level where you choose the cloud storage service, you know that top level, and I just searched for the file name. It found the file, and a long press revealed an option to get info. At the bottom of the info pane that told me things like the file type and size, it showed that it had created a folder called Blip in the section entitled On My iPhone. So not in any cloud storage so it wasn't on my desktop it wasn't my downloads it was on my iPhone inside the blip folder it created a subfolder the name of the subfolder is the name of the device that sent the file appended with the date and time of the transfer now my first thought wow that's a really specific folder to create because it's only going to ever have one file because when is it ever going to be at the exact same time but then I remembered that you can send multiple files simultaneously. Instead of splattering them all over the file system on the phone, they'll be nicely filed by the device that sent them and the precise time they were sent.
[22:52]I asked Jill from the Northwoods to blip me a file, and I used my iPhone to accept it. Again, it stored the file in the newly created blip folder on my iPhone. Unlike when transferring between my own devices, the subfolder was her name appended with the date and time of transfer. That made perfect sense. The iOS app for blip has settings that allow you to enable notifications and hear a sound effect when you're being blipped. By default, the auto-accept toggle was flipped on, but only from my own devices, and that explains why the file automatically transferred from my Mac. If you don't like it, your only other choice is never. You can't have auto-accept from random people. So it's either from your devices or never automatically accept.
[23:36]In settings, you can see where Blip plans to save the files and it sort of acts on the iPhone like you can change the location. You can select the save files to setting and it opens the files app but from there, I wasn't able to figure out how to select a new location. I feel like I might be missing something here, because why would the option be there if you can't choose an alternate location? By default, if you blip an image or video to your phone, the image will also be imported into Photos. With iCloud Photo Library, for me, that's overkill, so I toggled that off. I said earlier that with the joy of continuity in the Apple ecosystem, I didn't need blip between my Mac and iPhone. Yep, I found it quite natural to take a screenshot of my iPhone and send it to my Mac via Blip instead of AirDrop. I don't know if it's the reliability or the fun of a shiny new app, but it worked quite well and I have found myself using it several times.
[24:30]Settings on Blip for Mac were trickier to find. As I described previously, clicking on the Menu Bar app opens the drop-down menu to choose who to send it to. In that same drop-down, there's a tiny gear. You would think that would be settings. When selected, it shows another drop-down menu for how to email or join the Discord community and an option to choose to open settings. Okay, so it's another level down. Unfortunately, the secondary drop-down vaporizes faster than I can select any options from that drop-down. So I think it's got a little bit of a bug in it. But I found a workaround to get to settings. If you launch the app using Spotlight, instead of the drop-down menu from the menu bar, you get essentially the same drop-down menu, but it's from the upper left corner of your Mac screen. Now, I've seen a couple of apps doing this. It's a weird little drop-down with kind of a, I don't know, a nubbin that goes back to the upper left that's kind of squared off. It's a really odd little menu. I think it must be new in Sequoia. So anyway, you get what looks like the exact same blip menu is from the menu bar app, but from this drop-down, you can select the gear to open settings. For example, on the Mac, you can choose whether to auto-accept files from your other devices. You can change where received files are stored. Unlike on the iPhone, where I wasn't able to change it, I was able to change it on the Mac. You can have it play sound effects and set it to launch a login.
[25:49]I convinced Jill from the Northwoods to dust off her old PC and test using Blip from Windows. You know, she's always up for a tech experiment. In a few minutes, she had Blip installed from the Windows store and was blipping me files. I thought it'd be fun to see how Blip looked on Windows, so I asked her to send me a screenshot, and it looks almost exactly like it does on the Mac. It's a very fresh, clean interface.
[26:12]Now, right when I was testing Blip on my iOS devices, something got borked, and I wasn't able to Blip myself or Blip with Bart. I shot off a note to the tech support email address, and in less than a day, I had a nice email from Tomaz asking me if I could try logging out and back into my devices to see if that cleared up the problem, and it worked. I'm glad I had a glitch because knowing that there is tech support, even on a free app, is great information. The bottom line is that Blip is amazing. It's fast, it's free, works on nearly everything, you can transfer huge files, it's accessible, and there's even good tech support. If you need to transfer huge files quickly or files between different platforms, I suggest you head on over to blip.net and give Blip a try.
[26:56]
CES 2025: Biolite Backup Energy Systems
[27:00]Well, I saw a refrigerator here at CES, and I'm not used to seeing that, but this is not about the refrigerator at all. I'm here with Erica Rosen from BioLite. What are we doing here today? Okay, so the fridge is here as a bit of a prop because it's being powered completely off-grid by backup. Backup is an automatic backup energy system that you can install yourself in under 30 minutes. It's a safety net between appliances that you need to keep running and the grid, so when the grid goes down, things like your fridge stay up and running, your life is undisrupted, you go about your business. So this is video, but also an audio podcast. So describe the size and shape of what we're looking at. Absolutely. So for the backup system, what you are looking at right here are two rectangular metal tablets that are on the wall. And these are basically very skinny, very smart batteries. These are energy storage systems that they install directly onto the wall, and they're designed to live in forgotten spaces. So I think for folks who are listening, yes, it's a long rectangular battery, but it's only 2.8 inches thick and that's because we have a state-of-the-art inverter in here that is the thinnest inverter of any kind. So whatever a wall outlet can do, this can do and it takes a lot of science to make that happen. We have a... That's just on 110, those have been charged up. Yep, yep, yep. So this is a three kilowatt hour solution. It can output 1,800 watts of power with 3,000 watt surge. So if the compressor on your fridge kicks on, no problem. It can handle it. I always make the joke on things like that is that that can even do a laser printer.
[28:29]Oh, I'm going to have to check out the power specs. I'll get back to you. You can't put them on a UPS because this power surge is too much, but this is like that. Yeah.
[28:37]Those are actually really pretty. I mean, I'm not sure I have a spot on the wall in my kitchens, But would you be putting these, so you were saying forgotten spaces, like in a coat closet or something? Yeah, yeah, yeah. So these are designed, as I said, to live in forgotten spaces. And one of the most important forgotten spaces is behind your fridge, if you can believe it. There's about a three to four inch clearance behind your most fridges. And this can slide right back there. I'm sure for people listening, they may be like, doesn't it get hot back there? Isn't it dusty? Yes. And we designed for that. This is a fully enclosed solution, and the back of the unit is actually a giant heat sink. And so we are able to manage any sort of ambient temperatures so that it doesn't just live in that space, it thrives in that space. It's going to do just fine. So do you sell them in pairs, or can you buy one? How does that work? Yeah, so the unit that is on the wall right now is what we call the complete kit, and it's comprised of the core unit. That is the brains of the operation that has battery plus an inverter, and then it has an extend unit and that is just an extra energy reserve. So the complete kit is three kilowatt hours, but you can buy the core unit as a standalone or you can add additional extend units onto the system up to a 10.5 kilowatt hour solution. Okay, so let's say I have this in my house and I find that extra space behind my refrigerator. I put it in there. How do I plug things into this? Yes, yes, yes, yes. Should we walk across? Come on over, yeah.
[30:02]So if you come over here, I can show you over on this side so you have a.
[30:09]The input so you plug it into the wall and that goes right here and then there are two AC ports And so those AC ports are where you can plug devices directly into backup But let's say you're like I have I have more than two things I need protected. No problem Every system comes with a magnetic extension cord and so you can plug in USP looks like a surge protector Yes, it's a power strip. So basically, if you have more than two things you want plugged in that need automatic protection, you can plug them into this strip, no problem. Okay, so this isn't for powering your whole home, but a few devices that are near each other, right? Correct. So this is designed to be an in-room solution. So if you look at this, for example, with the fridge, one of the most important rooms in the home when the power goes out is your kitchen. You want to be able to keep your fridge running. You don't want to lose all of your groceries. You know, if you have milk, medicine, like medical dog food. Insulin. Insulin. Exactly. Exactly. And so when the power goes out, one of the places where people feel the most helpless is their fridge. And we want to keep your fridge running no problem. That is what we care about. I want to come around to this side of you. Now, I want to see that this is actually cold inside. Show me. Yes, we have nice cool beverages in here. And we have, oh my, how did that get in there? Oh, look at that. It's a CS Innovation Award. Home appliances. I told them not to put it in there. Oh, that's a cold soda.
[31:36]Yep, and it's all happening totally off-grid. And then if the power were to come back on, backup would automatically recharge itself. Oh, it does. So you don't have to do anything. Unlike some more portable solutions where you have to remember to charge it back up, the minute the grid comes back on, this is going to recharge itself. You don't have to think about it. So is there some sort of app so you know how much it charges? Yes, there is. There is an app that will communicate both locally via Bluetooth and Wi-Fi, the cloud. If the power goes out, it'll notify you. And then you can also do things like schedule time of use. So let's say you're on a rate system with your utility company. This is more of a secondary application, but if you want to save a couple of cents here and there. No, that matters a lot. Where I live, my rate is double during peak time. Yeah, so you can run devices off this for a few hours every day during peak hours, and then you can end up saving some serious dollars by the end of the year. Yeah, that would not be too hard in L.A. pricing. Steve, I'm going to do something I've never done before. Erica's going to stay here. I'm going behind the fridge to make sure she's not cheating plugged into the wall. So I'm walking behind the refrigerator over here. Okay, I see a power line there, but it's not going.
[32:43]Nope, we're... Here, let me show you. Okay, hang on. We're all running around now. This is fun. This is a full demo. So you can see that this is plugged into the inverter, and so the power's running off of the whole system. So you have, and then, and so you can see that, This light that's blinking right now, all systems live. Okay, and what about this black cable? Is that going to the wall outlet back there? That's the fridge. Oh, that's the fridge. Oh, okay, there we go. Yeah. All right, nothing up her sleeves, even though she does hide her rewards in the refrigerator. That's why I came. We're in Vegas, after all. There you go. Thank you very much, Erica. Oh, price point. Did you already tell me? I don't know, but I'll tell you again. So the complete kit is $3,000, but at a three kilowatt hour installed solution, and again, this is an installed solution, it can qualify for a 30% tax credit. So you're looking closer to a $2,100 out of pocket. So that's in the federal, that'd be the federal tax credit? That's right. Wow, that's availability. Shipping this summer. Oh, fantastic. And where would people go to find out more about BioLite? Yeah, come on over to BioLiteEnergy.com. That's B-I-O-L-I-T-E Energy.com. Very good. Thank you very much. This is fun. Yeah, thanks for your time.
[33:56]Well, I have to say, if we didn't already have whole home batteries, I would really consider that BioLite backup battery system. It was really, really cool. And I was pleased to see that it was working as well as it was to be able to go around the refrigerator and make sure she wasn't, you know, trying to cheat or anything. Because you do find that kind of thing from time to time. But yeah, I would definitely check into the BioLite backup system if you would like to have your food stay good during a power outage.
[34:25]
Support the Show
[34:29]Well, this week I'm actually not going to panhandle for you to help the show, but it's okay if you do want to use one of the financial links anyway. What I would like you to do, and it's not going to cost you any money, go to whatever podcatcher service you use and review the NocilaCast, Chit Chat Across the Pond, and or Programming by Stealth. The more people that enjoy the show, the happier it makes me. So if giving a five-star review brings us more NocilaCastaways, then I think it's a win for everyone.
[34:57]
Security Bits — 16 February 2025
[34:58]Music.
[35:06]Well, it's that time of the week again. It is time for Security Bits with Bart Booth Shots. And I think we've got a relatively calm day, right? I think so. Yeah, it was some fun stuff to talk about, but it's not hectic. Not hectic. We can manage. Good. We get to give a little shout out to your wonderful Slack as our first piece of feedback and follow up. Um i mentioned last time that i had had trouble with quad 9 who i had been using as my dns provider for a very long time and they just became unreliable and so i went back to 1.1.1.1 which is run by cloudflare and i mentioned that the only thing i'd really lost was that quad 9 is a a really good free properly funded not free p dns provider and b it filters malware by returning nx domain, which is the DNS answer for no, no, that doesn't exist for known malicious domains. So it's DNS filtering. And I was like, I kind of lost that, but oh, well, fair enough. At least I have working DNS. That seems a teeny bit more important. And now make sure I get the username. I'm actually not sure how I'd pronounce it. F-E-O-R-E-R-S.
[36:23]Ferrer's? Ferrer's? Oh, Ferrer sounds way nicer. That sounds fancy. We go with that. Either way, on your Slack, potofit.com forward slash Slack, Ferrer's chimed in to say, Bart, you're forgetting half of Cloudflare's features. Because yes, in fact, I'm forgetting two thirds. So they offer a 1.1.1.1 which is just fast free it's freemium which is fine it's not a creepy business model it's safe uh really good free dns 1.1.1.1 and it's so easy to remember it's how am i going to forget that right but they have two variants that are aimed at families so the product is actually called uh 1.1.1 for families and it comes in two flavors so you have 1.1.1.2 does exactly what quad 9 did so it is fast good dns with malware filtering.
[37:21]And if you go even better so 1.1.1.3 it's family safe malware protecting dns so it blocks out adult sites and gambling and those kind of things that you wouldn't want to have in a house with young kids so you can have all of that bundled straight in for free by using 1.1.1.3 i know in ireland this is why it's really silly because i forgot about this but i actually knew about this because i know that in irish schools 1.1.1.3 is used by a lot of schools to fulfill their mandate to filter without having to pay for a product oh okay okay that's awesome yeah let me ask you did Did you change yours to 1.1.1.2 or did you keep it unfiltered? Aspirationally. Yeah, when I get around to it, I will. Will you? Okay. I will. Yeah, there's no reason not to. I won't go to 101.103 because we are a pair of adults living together. I don't want to have a disagreement with my provider about the definition of family friendly. That is such a fuzzy term, right? Sure. Or have that discussion with my darling beloved. Why is my internet networking? I said, I don't want to know what you're doing. Anyway.
[38:39]We also have a little bit of follow-up on the tiktok saga in the united states, nothing has changed from my description of the legal realities of the situation we're still in this 75 day period where the law exists it is real but there's an executive order promising not to prosecute anyone which has no actual legal standing and when last we left our story Apple and Google had not put the apps in the App Store. And then the first piece of news that would have been the only follow-up I thought is that TikTok started giving instructions for sideloading on Android, which makes perfect sense if you're delisted from Google Play. Well, you are going to tell people about sideloading, aren't you? But then there was a letter sent from the Attorney General of the United States, Pam Bondi, to Apple and Google. We do not know what was in the letter, but the apps appeared in the store shortly after.
[39:38]Okay okay you know on the side loading thing it didn't seem to make the news but i started getting messages on ios saying hey you know you can go to the website and share save it to the uh to your home screen actually it must not have been on ios because i've already got the app it must have been on the on the web because sometimes i go to tiktok.com on the web and it says hey you can make it act just like an app yeah actually that's really cool in modern version mac os where you can just have stuff in the dock i do that a lot because it also isolates your cookies so if you're forced to go to the evil blue website you could do that as a separate app in your dock, yeah yeah there's a lot of limitations to it i don't use it anymore because that but uh but you could also do that on the iphone you could you can yes save it to the home screen that's been around for ever first yeah that was around yeah that was around from when steve job said I have a great app option for you it's called web apps and the whole world went yeah, but you could put them on your dock or sorry your your desktop the equivalent right.
[40:41]And then one final piece of follow-up. We have heard a lot about so-called Salt Typhoon, which is a codename, by the way. It's not what these people actually call themselves. They're a secretive organisation. We have no idea what they call themselves. So they've been codenamed Salt Typhoon. They are a group of attackers in China who we are as sure as it is possible to be that they are affiliated with the Chinese government. But, okay. Anyway. We know they were attacking Western telecommunications infrastructure very dramatically, 28 of them in the middle of the summer. Then we had some good news that the US ones were verified cleaned up. And then we had some bad news that two extra hacks were found. Well, they haven't stopped. They are continuing to attack telcos and they succeeded for a while thanks to unpatched Cisco routers. Because the telecommunications industry, despite having been told you're under active attack, never thought to patch the routers. It's, I don't know. That industry, no. Let's say something loudly right now, because I don't know, I'm just spitballing that it might come up in notable news. Bart, why did Salt Typhoon, why were they able to do this hack to the Western telecom companies? How could that possibly have happened?
[42:02]Actually, I'm not sure what you're angling for. Because there was a backdoor that the United States government had demanded. Oh, I hadn't noticed that a little suddenly. Oh, for God's sake. Yeah, so they had a backdoor that only the good guys could use. Oh, sorry, you're talking about the story in the summer. Yeah, okay, sorry, this is different. This is an unpatriority. Yes, yes, yes, yes. What you're talking about in the summer was... Okay but you were talking about western telecom the hack of western telecom companies that's the same story from this summer yes but in the summer they used our back door now they're using unpatched routers okay all right good but say but i wanted to just kind of bring up that that you could it clearly it works perfectly to have a back door that's only for the good guys absolutely no problem whatsoever those back doors can't be used just like in houses no no one ever burgles through the back door only through the front door right right okay so we have no deep dives so we can jump straight to action alerts um it was named the january android security update but it did not hit my feed last time and we recorded on the 2nd of february last time so they must have been slightly late either way it's out zero day under active exploitation in the kernel of android so patchy patchy patch patch if you can.
[43:24]This is, I hate that bit, but that's what it is. It has been patched Tuesday from Microsoft by 2024 standards. Very light month. Four zero days, it was eight the last month, and just 55 patches. I think it was 145 last time. So compared to five years ago, whoa, four zero days compared to last month. Oh, wow. That's very little. It's a good day. Yeah. All right. Well, hopefully that's just going to calm down. that was just an anomaly yes well no i hope it stays calm because the last month wasn't all i mean last month was the anomaly only a little bit i think this month i'm afraid is the anomaly anyway and we're yes some updates from apple hot on the heels so last time i told you that apple patched everything and apple have done it again but not everything uh they have eight ios 18.3.1 ipad os 18.3.1 and ipad os 17.7.5 which is an odd ball in the mix here it is a patch to something to do with the usb port and apple are being very coy about the detail presumably because they want some time for this patch to get out but apparently they witnessed in the wild an extremely sophisticated targeted attack against carefully chosen targets.
[44:49]I'm reading into that something targeting very high-value people by a state operator. Either way, Apple knows something we don't, and they've issued a patch. So patchy, patchy, patch, patch. Because once the patch exists, you can reverse engineer the patch and compare it to the previous release to figure out what they fixed. So now everyone can start doing whatever this extremely sophisticated attack was. I'm really intrigued that it's for ipad os 17 but not ios 17 so my it's curious i yeah i don't know this they obviously did something that they tried for the ipad before it came to the iphone.
[45:30]Yeah must be yeah all right well even if you're not on ipad os 17 patchy patchy patch patch patchy patchy patch patch uh i have said a million times and our friends in the u.s telco industry have just proven it to us you cannot run unpatched routers whether you're a home user or a giant big telco which means if you have a zeisel cpe router this is a series of routers that is now discontinued there is a zero day it is being actively exploited these routers are legacy They're not going to get patches ever, ever again. And Zysel have confirmed the fact that, no, these are gone. So if you have a Zysel CPE router, apply it to the trash can. Or if it can run an open source firmware like DDWRT.
[46:22]I would suggest the recycle bin, but yes. The thing that really bothers me about this is most people don't mess around with their routers, right? You get a router you slap it in you're done.
[46:35]You don't have any way of knowing this unless you don't know if this is this happening in the u.s but i know here in ireland the trend nowadays is that you don't own or operate your own router it's owned by and managed by your isp so they put it in and they handle the software updates and so it is literally a piece of their infrastructure in your house and so it's not your responsibility anymore are you talking about modem or router because router is the same thing here they're the same thing so here they come as one box by default they can be okay so here by default it is completely normal that they are the one box and if you are a nerd you choose to run your own box and they will support you because they have to under eu law so i run my own box but i had to give them back their box so when i signed up to become a customer they sent me their box which was fully managed and i was like thanks but no thanks and they went oh you have to send us the box back they said i didn't want the box and said yeah but we had to send it to you say okay fine whatever your process is we'll exchange boxes but here that's now the norm.
[47:41]We've gone the other way it's quite common to just get your own modem because they bring you they charge you a lot of money it's like seven ten bucks a month and you can go buy a modem for you know 70 bucks you you make your money back really quickly so it's not at all uncommon to have those devices separated and to have your own. Now, that's probably the nerdier people do it, but there's not like any barrier or question about it.
[48:07]Different countries do things differently. It's always interesting. So my experience of what's normal is very different to what other people think is normal. But in any case, so you're saying that because if you had a Zyxel router from your ISP, what would happen? Would they know to do this and replace it responsibly? Or do you have to trust them to know? 10 years ago I wouldn't have trusted them these days here with our ISPs they will cycle out the boxes and basically tell you you're due a free upgrade which is just their way of saying it's time for us to get these managed devices out of our fleet because they're a pain for us to manage now it makes a couple of things their problem which I kind of like it when it's not you know don't make it non-tech people's problem to handle the life cycle of a piece of tech sure yeah.
[48:56]No, I think one of the reasons they do it is because they make them a three-in-one. So it's a router, a modem, and your TV box. It's your TIFO-style box. So they get to brand it all and push out all of their branding on everything. So it's your television, your internet, and your Wi-Fi in one box managed by your ISP. TV? You mean like... Television. Like cable? It could be satellite, it could be cable, it's television. Well, television is a very vague term. I mean, I don't have any service like that. I have YouTube TV, which is a streaming service. Yeah, you're a cord cutter, right? So traditional television where things happen at a given time and they tell you up front that at this time it'll be the football. Six o'clock, it'll be the news. That's the definition. We need a word for that, and television's no longer it. Yeah, it's the opposite of on-demand. Off-demand, I don't know. Yeah, off-demand. You'll get it when we don't well tell you to. Linear television? Isn't that the name for it? Linear television. Maybe. But if you said it's like your TiVo, then it's a DVR? Yes, he does that too, because there's smart boxes and they have Netflix installed and all that kind of stuff as well. Yeah. I hope they're on an unpatched version of Android too. Okay, moving on. Oh, probably.
[50:11]Now, this story, I'm afraid to say, when I was younger, I could give you a really detailed answer on this story, but I haven't built my own computer in oh so long. So I don't know if this is something a lot of our listeners need to care about or none of our listeners need to care about. All I know is if you're running a PC with an AMD CPU, There is a firmware update for your computer, probably, if you're running a certain type of chip, and it stops a really nasty bug where malware can stick what's called microcode, which is basically firmware in the actual CPU chip, into your CPU. So that means the attackers can poison the very, very heart of your computer, which happens below the operating system level. So that's not a good thing for baddies to get to poison so if you're a pc user who's built their own pc and you stuck an amd cpu in there have a wee look see at this and see what you make of it, okay i'm sorry i can't be more helpful i was just so out of that game.
[51:21]Moving us on to worthy warnings uh my first worthy warning be careful when you experiment with a new hotness du jour, whatever it happens to be. At the moment, DeepSeek is pretty darn hot. And if you run your own copy of DeepSeek, which is one of its magic features, is that it takes so little resources to run locally, and it's an open weights model, so you can just download the numbers that make up the neural network and run it yourself. If you do that, you're fine. But if you use their free online version, turns out everything you type is sent to a bunch of servers in China controlled by ByteDance without any encryption they're over plain old HTTP instead of HTTPS so just so you know, So they didn't come back and say they'd patched that or they'd fix that? They might have done, but my point kind of stands. No, I had this data breach. You may be mixing it up with the data breach where they forgot to put a password on their database with all the historical data. They closed that barn door after everyone had a good look at the horses.
[52:26]By the way, if you want to run a large language model locally, on our fabulous podcast, Programming by Stealth, I interviewed Nosula Castaway's Steve Matten, who had figured out how to run large language models with something called Ollama. It's from the command line, so it's a little bit nerdy. But you just issue a couple of commands, and pretty soon you've got this beautiful interface that looks just like ChatGPT, and you've got a local model running. I tested what he said we could do. I ran the Lama model from Facebook. I unplugged my Ethernet cable, and I turned off Wi-Fi, and I was still able to use it. So I know it's working that way. so I uh maybe I could sneak a link in the show notes to that episode yes that was an excellent episode it was one of those ones where I got to listen as a regular listener they're always fun.
[53:15]Well and that's only happened like three times in history two times in history maybe very few yeah you and Helma did a fun show and you and Steve did a fun show and I don't know there might be a third I think that's it I think that might be it yeah okay now my next um worthy warning is one that i don't know if i've given before in some regards this isn't new but i guess it's now becoming easier because our mobile devices are getting so much more powerful that they can do more stuff locally there's also the fact that apple have added a bunch of apis for image processing with our amazing neural engine chips in our iphones like because they're just very good at these kind of things so some people when they need to keep something safe instead of sticking it in a password manager they take a picture of it so it's not in a text file on their desktop it's in a photo in their photos app synchronized across all of their devices.
[54:16]And the baddies have cottoned on to the fact that if you use ocr on someone's photo library you Could pick up some very interesting Stuff They were extra interested in the secret Seed key for people's Cryptocurrency wallets So they can steal All of their money, But this made the news, not because it's the first time anyone's ever used OCR, because that has been happening in the background, but because they successfully snuck the OCR malware into both the Google Play Store and the Android Store temporarily.
[54:55]And this is a timely reminder that you are safer in those app stores, but stuff sneaks in, right? Sometimes malicious people get their app snuck in, they just sneak it through a review because the reviewers are too busy or whatever. Sometimes they hack legitimate developers and the legitimate developers don't know they're shipping malware. Sometimes they buy a company that's going bust and they turn a legitimate app malicious. There's all sorts of reasons it happens. So you're safer by a long shot, but you're not perfectly safe. And so you shouldn't assume that nothing on your phone can see your photos app because you could install a photo editor that you give access to your library that then gets hacked by the baddies and accidentally becomes malicious despite the developer's best wishes right so if you have a secret it should be kept in an app whose job it is to keep secrets it should be in a password manager one password will let you save attachments It's just fine.
[56:00]I think you can in Apple's passwords app too, but I know you can do it. You can as well, yeah. You can do a locked private note in Apple Notes if you have to. Right. Scan from your phone directly into that and you can do it. Just to give you a little statistic here, in 2023, Google blocked 2.28 million apps from being published on the Play Store. I mean, this is the largest game of whack-a-mole on earth. Yes. But in October of 2024, Zscaler found more than 200 malicious apps still in there. I mean, they're whacking them as fast as they can, and you still have to be careful.
[56:39]Yeah, if you whack 2 million moles and 200 get through, that's a success rate of 99.999. It's a fantastic success rate. And yet everybody looks at how many they do have in there and then acts like that's a terrible thing. I mean, it's bad. But the way to have them not be able to get this OCR information out of your photos is to not put it in your photos. Bing, bing, bing, which is the takeaway I'm hoping to give people. So the actual story is a hook for the real message. Keep secrets in an actually secure place, not an obscure place, a secure place. So I just took a photo of my new driver's license so that I could put it into my password manager, 1Password, but it was still in my Apple photos. I've now deleted it. Oh, good call. Does 1Password let you control the camera directly?
[57:32]Um, from, from the Mac, no, my only option was to upload an image. So I had, I took it with my phone, I blipped it to myself on my Mac, and then I pulled it into, no, I had to open it in preview to change it from being an HEIC. And I started to open it in preview, export it back as a JPEG. So now it's sitting on my desktop too, and then import it into 1Password. That may be not as elegant i probably should have tried from one password on the phone see if it would do it directly i don't know i know that like a lot of chat apps let you use the camera directly so the apis exist but i don't know if one password uses them but yeah there you go perfect example right and it's a legitimate thing to do but you temporarily left some debris so clean clean it up.
[58:20]Just one piece of notable news but it is quite notable and it is one of those ones where the end story is stay tuned this is going to develop and this may develop into quite the story this could be the biggest story of 2025 so back last year it was very controversial when the uk parliament amended the investigatory powers act to add part of the law that says that the government could compel tech companies to implement technological measures to bypass security products and they promised they pinky swore that they wouldn't use it to break encryption and stuff or to demand companies do the impossible don't be silly but we do want the law well they got the law, strangely enough they're abusing it for exactly that so the law actually makes it illegal for a company that receives an order under the law to say anything about it there's a secret court you can appeal to this is a bit like the pfizer court in the united states i'm afraid i'm afraid they didn't lick the idea off the ground but either way it's a bad idea whether it doesn't matter what country it's in it's a bad idea so anyway the uk have it too and so there is no official comment from apple.
[59:43]Sorry, I forgot the actual story, didn't I? I've done that thing where I do all the lead up and then forget the story. There are very credible reports, basically a leak, that the UK government have sent Google and Apple orders under this law demanding they break their encryption for file storage, iCloud, Google accounts, etc.
[1:00:05]For everybody. Yeah, that's the other thing. Yeah, that's the other thing. So not just for UK people, they demanded it for planet Earth. And the rumor has it Apple have not said yes, but we don't know if that means Apple are going to be forced to remove these features from UK users, which would get them out of half the trouble. Nobody knows, right? Nobody knows what's going on and no one's talking officially. All we have is a bunch of very credible leaks. And it's credible enough that the United States intelligence community is up in arms because this is like, we've just seen what backdoors can do and you've just, you illustrated the point perfectly by reminding us all what happened in the summer with the telcos and now we have the UK government demanding a backdoor in every iPhone and every Android device on planet Earth and of course the American government who are still reeling from discovering all their telcos are broken are going, oh my god, no! Don't put that there why didn't they use the math that only works against bad guys yeah, do you remember the April Fool's actual specification for TCP the evil flag that every bit that was malicious would set the evil flag and then we could update our routers to block the evil flag.
[1:01:26]Yes so we have bipartisan support from US lawmakers lobbying the UK government to stop it. That tells you this is a big story. Yeah, I find that interesting that there's something the United States government could agree on to do that was right. That's how outrageous this is. A foreign government demands unencrypted access to every American's data. The fact that it's also every Irish person, every French person, every German person It doesn't matter, right? It's every American to a foreign government. That's obnoxious. Yeah. Hubristic. It's also interesting that the.
[1:02:14]It's a secret. You're not allowed to know about this and we know about it. Yeah, because it leaked. Because within the UK government, there are people with a conscience who are like, oh my God. It had to be, right? Well, it could be somebody from Apple, but. No, no, no. We know it was the UK government source. If we believe the report, then the report tells us two facts. It happened and we know about it because an official in the civil service leaked it. Okay. Okay, got it. Backing up one little bit. Yes, you're right. I could have just taken the photo directly from 1Password on the phone. That is good to know, because like you, I have done exactly what you do. Although I did it even more complicated. I did it on my Mac, told it to use my iPhone to scan a document, which made a PDF that I then had to convert to a JPEG, which I then put from a desktop into 1Password, leaving my clutter on my desktop. So you can do that scan, but not a scan you can choose photos so you could have skipped one step it can do it can do a scan or a photo but if you do a scan it does that orthogonal thing where it fix your perspective and stuff and makes it an actual square yeah yeah it gets rid of the keystoning yeah then i'd look a little bit less like a non-human you know you never look right in a passport photo but.
[1:03:32]At least don't be keystoned right we have no top tips but i do have an excellent explainer so this is yet again from my favorite podcast planet money although it's from their indicator series these are short little snippets of cool information they're about 10 minutes long which is a very nice bite size and i tell everyone that if you want to understand the world follow the money because the money is what drives everything and one of the follow the money things that is very much related to a few of our stories today is cryptocurrency and at the moment the new if you'll excuse the pun the new meme in crypto is meme coins so how do they work and exactly how are they a ponzi scheme because hint hint they're a ponzi scheme do not be tricked into buying a meme coin you are giving people free money of yours, But if you want to actually understand and have intelligent people explain it to you, the indicator from Planet Money will explain exactly how the meme coin game is played. Okay. All right. I just got away from Bitcoin or cryptocurrency. Good. Good. This is wise. This is how one keeps one's money.
[1:04:57]Right. We have two pallet cleansers, one from each of us, Would you like to go first or shall I? Sure, I'll go first. There's a certain amount of concern overall in trusting companies that maybe have ulterior motives. And, you know, Microsoft has shown itself to be a pretty good player lately. But they own GitHub, and there's also been concern about GitHub then taking all of the content that was created on GitHub and slurping it all into training data for Copilot. Copilot. So there's reason people are concerned about it. So I found an alternative to GitHub and GitLab called Codeberg. It's a codeberg.org. It's a free and open Git hosting platform, and it's from a German nonprofit, and the servers are located in Europe. So if nothing else, you can spread your concern to different continents, but you can use it like a GitHub client. I haven't exercised it enough to be able to tell if you can do things like you can do GitHub pages. Yeah, there is. I think they're called Berg pages. Berg pages. And there's CICD stuff as well.
[1:06:16]Yeah, this is something that we've just started to talk about in Programming by Stealth. So that's kind of close to home. Maybe I'll give that a poke. That sounds like fun. Yeah, I spent some time in their FAQ. Yeah, I looked around their FAQ because I was curious. And they definitely did mention that they had, it was either ICE pages or Berg pages, but it was a pun on their logo, which is in the big iceberg. And they mentioned automation and CICD. So yeah, they seem to have a pretty good feature set. Cool. And does it pass your sniff test? Very much so. so they have structured themselves their FAQ addresses their financing so you understand how it's possible for it not to cost you money and how they are in no way monetizing your privacy in order to enable that which is the magic words right always follow the money as I just said in my previous story there and yes they passed the test so yeah it looks cool, Cool. I found out about it on Mastodon, by the way. Another great open source product or service or whatever we want to call it.
[1:07:24]Right. So my palette cleanser is some reading, a long read. I've been doing a lot of these lately because I don't know where they come from, but sometimes they end up in my RSS feed and I get completely sucked in and they're like, oh, wow, this is cool. So when I think screensaver, i think silly animations from windows 3.1 toasters pipes connecting things that kind of stuff turns out that's like the tip of the iceberg the real story about screensavers is not about silly pictures it's about not damaging screens which is a much more interesting history and it's a history that has very much closed its circle it started off by having screens automatically turn off which was really not easy in the old days and how does your phone save its screen, it turns off it doesn't put toasters up it just turns off so we got right back where we started from but how we got there is fascinating and i learned oh so much so there you go you know would you believe i got sucked into this one too oh let me guess a mastodon yeah.
[1:08:37]Oh good okay well like I say not the world's worst week right some substantial stories but we had some fun but of course our message is always the same at the end stay patched so you stay secure, well that's going to wind us up for this week did you know you can email me at alison at podfeet.com anytime you like if you have a question or a suggestion just send it on over. Remember, everything good starts with podfeet.com. You can follow me on Mastodon. I have lots of fun over there. Come join us at podfeet.com slash Mastodon. If you want to listen to the podcast on YouTube, you can go to podfeet.com slash YouTube. If you want to join the conversation, you can join our Slack community at podfeet.com slash Slack, where you can talk to me and all of the other lovely Nosilla Castaways, including Bart. You can support the show at podfeet.com slash Patreon, or with a one-time donation at podfeet.com slash donate with Apple pay or any credit card, or you can go to PayPal by going to podfee.com slash PayPal. And don't forget, you can also go give us a five-star review. And if you want to join in the fun of the live show, you're going to have to wait until March 2nd because we aren't going to have one next week. And then when you do that, you can head on over to podfee.com slash live on Sunday night at 5pm Pacific time and join the friendly and enthusiastic podcast.
[1:09:53]Music.