NC_2025_03_16

Highlights from the CSUN Accessible Tech Conference include HERE's EV navigation system, the Deskpad app, Amazon's Zoox taxi, Matter devices, cybersecurity updates, and an astrophysics talk recommendation.

2025, Allison Sheridan
NosillaCast Apple Podcast

Automatic Shownotes

Chapters

0:00 
NC_2025_03_16
0:35 
CES 2025: HERE Automotive Navigation Solutions
7:11 
Create a Virtual Display on Your Mac with DeskPad
17:34 
CES 2025: Zoox Robotaxi Funded by Amazon
20:53 
CES 2025: j5create Matter-Enabled Smart Plugs and Thunderbolt 5 Dock
27:26 
Support the Show
28:05 
Security Bits — 16 March 2025 ☘️

Long Summary

This week, I had the opportunity to take you all on a journey through our exciting experience at the CSUN Accessible Tech Conference. Chris and I connected with old friends, made new ones, and gathered a wealth of insightful interviews, although I’m teasing you by holding back the details until we finish our CES interviews. There’s still plenty more to share!

In one notable segment, I conducted an interview inside the Lotus Electra Carbon, which provided an incredible acoustic backdrop on the show floor. Joining me was Soumya Gopal from HERE Technologies, who brought a wealth of knowledge about their innovative platform integrated into the Lotus vehicle. We explored how this electric sports car aims to eliminate that familiar 'range anxiety' typically associated with EVs, allowing drivers to experience the thrill of driving without the constant worry about charging stations.

Soumya elaborated on the features of HERE’s navigation system, which not only offers detailed range management but also automates charging stops for long journeys like a hypothetical drive from Vegas to Chicago. By accurately displaying battery data and integrating it with navigation, drivers can focus purely on the enjoyment of the drive while the system handles logistics. We also discussed how HERE’s system includes real-time information about charging station availability, alleviating concerns that many EV owners face.

We then shifted gears to a quirky tool review where I introduced Deskpad, an open-source app designed to act as a virtual display for Mac users. This tool solves issues encountered during presentations, like clutter on your desktop, by allowing you to customize a dedicated display that’s both functional and visually appealing. I walked through the installation process and shared tips on how to optimize the app for diverse presentation needs, including setting its resolution and wallpaper independently from your main display.

Our expedition wouldn’t be complete without mentioning Zoox, Amazon's autonomous taxi offering, which I explored during the conference. The Zoox vehicle is quite unique with its symmetrical design and the ability to drive in both directions with its four-wheel steering. I provided an overview of its specifications and features, such as its scanning technology for a full 360-degree view, alongside the integrated communication systems which allow interaction with pedestrians and authorities as necessary.

From there, I also recounted our visit to the J5 Create booth, where we focused on the phenomenon of Matter-enabled devices. I spoke with Brandon Thweet, who described how Matter serves as a universal protocol that enables smart home devices to communicate seamlessly across various platforms, paving the way for easier integration of different tech ecosystems.

We rounded out the discussion with some valuable insights into personal donations that support our ongoing work. After that, we transitioned into Security Bits with Bart Mooshatz, where we delved into recent cybersecurity updates, touching on Apple’s response to key vulnerabilities and detailing the essential reminders for users to stay secure.

The episode concluded with a fascinating discussion highlighting the importance of understanding new developments in security protocols and intelligent systems, alongside the delightful recommendation of Dr. Alex Filippenko's talk on astrophysics, which came as a refreshing palate cleanser to our tech and security themes.

There's so much to explore and learn from technology, and as always, I encourage you to stay tuned for more from our adventures!

Brief Summary

In this episode, I take you through our experience at the CSUN Accessible Tech Conference, where I had engaging discussions and interviews, including a notable conversation inside the Lotus Electra Carbon with Soumya Gopal from HERE Technologies. We explored how HERE's advanced navigation system addresses 'range anxiety' for electric vehicles, automating charging stops and providing real-time information on charging station availability. Additionally, I reviewed Deskpad, an open-source app that enhances Mac presentations by creating a customizable virtual display. We also examined Amazon's Zoox autonomous taxi, focusing on its unique design and features, before discussing Matter-enabled devices with Brandon Thweet at the J5 Create booth. The episode wraps up with insights from Security Bits on recent cybersecurity updates and a recommended talk on astrophysics by Dr. Alex Filippenko, emphasizing the importance of staying informed in technology and security.

Tags

CSUN Accessible Tech Conference
Soumya Gopal
HERE Technologies
navigation system
range anxiety
electric vehicles
Deskpad
open-source app
Zoox autonomous taxi
cybersecurity updates

Transcript

[0:00]
NC_2025_03_16
[0:00]Music.
[0:09]Today is Sunday, March 16th, 2025, and this is show number 1036. This week, Steve and I got to go to CSUN's Accessible Tech Conference again, and as always, we had an absolute blast. We met up with a bunch of friends. We had a great time, got some great interviews, but I'm just teasing you about it because we're not going to tell you what we learned until we're finally done with CES interviews, and there's still a lot more to go, so you're just going to have to wait.
[0:35]
CES 2025: HERE Automotive Navigation Solutions
[0:38]Let's start off with an interview I did sitting inside a Lotus Electra Carbon on the CES show floor. The acoustics are the best you'll hear from CES because we're inside a car. And by the way, the platform she's going to tell us about sounds pretty cool.
[0:55]I'm sitting in the Lotus Electra Carbon with Soumya Gopal from Here Technologies, who is going to talk to us about the integration of their platform with Lotus and some other vehicles, I think. So Lotus wanted to have this sports electric car launched in the US, and it's already been launched in Europe. And I think here the driver needs the pleasure of driving a sports car without having to worry about the range anxiety that usually comes with an electric car. That's what you want a Lotus for is the fun, right? Yes. And this means that you just floor the car and go wherever you want to go without having to worry about where should I stop for charging, how long should I charge because the system takes care of everything. And this is what we did for the Lotus in integrating the navigation experience fully with range management. So basically what happens is we read the data, the battery data that is displayed here. So for example, it says the charge level is 82%. And this means it can exactly tell you how far you can get with such a charge level. And this here shows the range map of where you can get with this charge level.
[2:03]I'm going to tell some of the audience it won't be able to see this, but we've got yellow on the map showing where the car can go, and you can see where you can't go yet. And this also means that if I try to go to a long-distance location, so I'm going to put in Chicago now just for the fun of it, and going from Vegas to Chicago in a Lotus is going to be a lot of fun, but it also means you have to add automatically charging stops.
[2:28]When you get from Vegas to Chicago without the driver having to worry about where should I stop? So the system takes care of everything because here has a comprehensive navigation solution that takes into account. In 400 feet, turn left under Convention Center Drive.
[2:43]So now she's gonna, I think she's gonna end the trip. Are you showing us how many steps? Use the left lane and turn left onto Paradise Road. It's adding charging stops. Because basically it says you're going to cross time zones because you're going to cross state boundaries. And it has also added all of these charging stops, which tells you how many minutes you have to charge on your way to Chicago. And in every case, you can actually edit the stops to see if you want to have a coffee break or a lunch. So that the driver really only has to worry about where he or she wants to take a break and how they want to enjoy the drive. without thinking about whether my charging is compatible with the charging station, whether my car is going to be charged enough. All of that is taken care of by the solution that HERE and Lotus has implemented together. So with HERE, then, that means that you not only have mapping data, you also have data about where all the charging spots are for the different levels of chargers from all of the plethora of different companies we unfortunately have to deal with right now. Now, does it give you any kind of data on when you're arriving or when you're getting close to needing to charge to tell you whether there are enough ports open for you? Yes. We also have the availability information. So it will give you a list of, it will only choose available points. And if there are no available points, it will also tell you how many ports are available.
[4:00]And if it is not available, you have to get there and wait because that's the infrastructure. But this availability information is also available and will be displayed as red, green in the map, which shows what is available and what isn't.
[4:13]Okay. That's really cool. Range anxiety is such a funny thing because it's real, it does happen, but once you get the hang of it, it's really not all that hard. Because you start to find out you don't stop as long, you take a couple of stops, but you make them shorter, much more efficient, it's good to stretch your legs anyway. Indeed, I have an electric vehicle myself, and I think...
[4:35]The biggest problem for me is exactly what you said. If I get to a charging station and it's not available, because that's when the anxiety starts. As long as I'm able to charge my car, then I do like a break, you know, coffee, restroom, lunch, shopping.
[4:49]And this is why the availability information is critical. And this is why also being able to adapt the route is critical. For example, if I'm driving faster because I can on the highway, or if I'm stuck in traffic, which means I'm consuming more charge in stop and go, then the route has to adapt itself and add a charging point earlier. All of this is done dynamically by the system. That's really cool. Now, I've also seen that your mapping system does some interesting things while you're driving in terms of the display and some predictive technologies. Indeed. So we have what we call predictive search and predictive routing. So, for example, if you drive every morning at 8 a.m. To the office, when you get in the car at 8 a.m., it will automatically propose, hey, do you want to go to the office? Because this is learning from the consumer behavior. And additionally, we also have an AI-powered stack so that in the future, you can have completely voice-based interactions with the car. You can simply ask the car, hey, I want to go there without having to even touch the screen because this will avoid driver distraction. If you're constantly touching the screen while driving, especially when you're speeding down the highway, that's not always a safe thing to do. Right, right. Now, is any of the HEAR technology working towards automated driving? Yes, we already have two L3 solutions out there. In fact, the only two L3 solutions out there are powered by HEAR Maps. You will see an example of BMW there also in the booth.
[6:17]And we also have Daimler or Mercedes that is doing an L3 solution based on HEAR Maps. Lotus is working on adding some of the ADAS functionality in the future. But as a Lotus driver, my pleasure comes from driving the car myself rather than the car driving itself. So that's really important to know your audience, right? So you're sitting in a big fat BMW 7 Series. You want to relax, right? But here you're playing with the car. Yes. So that's why for us it's critical that the OEM makes this decision. So we have the technology stack to support navigation and automated driving. And we leave the choice to the OEM as to what stack they would like to implement in the car. That's really, really interesting. If people wanted to learn more about HERE, where would they go? We have, here we go, apps on the App Store or they can go to HERE.com website. Very good. Thank you very much. This was fascinating. I didn't know any of this before you started. Thank you, Alison.
[7:11]
Create a Virtual Display on Your Mac with DeskPad
[7:15]I've got one of the weirdest and headbendy tool reviews for you today. Let's see if I can set up a problem to be solved to kind of get you interested first. Let's say you're doing a presentation and you need to share your screen. This always causes a few challenges, especially if you have a messy desktop. You could use something like presentation mode and parallels toolbox, which hides all of your desktop icons. And that's what I've traditionally done. But what if you want your desktop wallpaper to be something more bland than, say, the F1 race car you currently use? That's another thing you have to change and then put back when you're done.
[7:49]Another problem I have in doing presentations, especially for Mac user groups, is that people are often watching from low-resolution screens. A lot of people watch on iPads. This means for them to be able to read anything on my screen, I need to lower the resolution of my screen. That's easy enough to do, but even if I'm only sharing one app, it means I can't pretty much see anything else on my screen like my own notes. And maybe you don't do presentations, but you need to be able to take screenshots of the entire screen where nothing else is showing. What if you had a dedicated display that you could set to low resolution and choose not to show any desktop items and define the wallpaper of your own choosing? Enter the open source Swift app called Deskpad by Bastion Andalevsky. I first heard about Deskpad, by the way, as a cool stuff found by Randy Walker on MacGeekGab 1077. DeskPad creates a virtual display on your Mac that acts just like a real display. You can customize the resolution and the wallpaper and do your presentation from there. Let's install it and see how it works, shall we?
[8:52]Bastion has released DeskPad on GitHub under his username Stengo. GitHub might sound intimidating and only for geeks, but I promise it's super easy to download and install his app from here. Following the link in the show notes, you'll see many unfamiliar tabs across the top. You'll see tabs like code and issues and pull requests and more. You'll see all kinds of undefined icons and words like forks. Even more baffling, you'll see a list of code items with names like .gitignore. If you're not a coder, these are all kind of intimidating. But if you scroll down a bit, you'll see a section called Read Me, and that's in plain English with pretty pictures. You don't need to look at this part, but it might make you feel more calm about where I've taken you to. On the right side, there's a column of options, and I want you to look for Releases and click where it says Latest. This will take you to a simpler page where you'll see a list of assets. There will be three zip files to choose from for download. You do not want either of the source code zip files unless you're a developer. You want to download deskpad.app.zip. From here on out, this will be just like any other app you download from the internet. Open up the zip and move the app into your applications folder. By the way, if you don't see releases over in the right sidebar, sometimes GitHub is a little weird if your window is too narrow, so make sure it's wide enough so that you can see releases.
[10:16]All right, on first launch of DeskPad, you'll get that annoying pop-up window about an app introduced in macOS Sequoia requesting to bypass the system private window picker. Just click Allow.
[10:28]As soon as you choose Allow, you'll see a floating window that is our new virtual display. Yay, we've done it! Except that the resolution of the virtual display is wicked high. You may not even be able to read the text of the menu bar. Let's fix that straight away. On your main display, open System Settings, Displays, and you'll see that you now have an extra display called Deskpad Display. With it selected, you'll see a list of resolutions. By default, the Deskpad Display was set, at least for me, to 3360x2100.
[11:01]That's a wee bit high for me to view on my 13-inch MacBook Air. Below the list of resolutions, you'll see a toggle to Show All Resolutions. I recommend scrolling down to the bottom of the list to see the high DPI options. I choose something super low like 1280 by 800 high DPI. That allows the desk pad virtual display to float nicely on my little display of my laptop and still let me see other things around that window. Choose whatever resolution fits your needs. Now that the screen has reasonable resolution, let's change the wallpaper. In system settings, wallpaper, toggle off show on all spaces if it was on. This will allow you to use a dropdown to change displays and apply a different wallpaper to the virtual display.
[11:45]The final thing to change, and this is where things just start to get a bit head-bendy, is to decide on the location of the virtual display. I know that makes no sense because you can see it sitting front and center on your display. What do you mean, where's the location? It's right there. But since it's a display, your cursor needs to know where it is. Is it above your built-in display? Is it to the right, the left, or the bottom? Your Mac thinks it's a real display, even though it's a floating window. Just like with a physical display, head back into the Display Set in System Settings and select Arrange Displays. Move it to a position relative to your main display. It doesn't matter where you put it because your brain will still have to adjust to thinking of it as being to the right, left, top, or bottom when your eyes can see that it's right in the center of your screen. Now, I never have a physical display above my main display, so I've chosen that location for my virtual desk pad display. The changes you make in display settings for resolution, wallpaper, and location are all maintained when you quit and restart DeskPad, so you only have to do this once.
[12:52]Now that we have our virtual display set up to our liking, let's talk a little bit about what it's like to use. Picture this. Have your Mac desktop littered with icons for files, and, you know, the ones you really do intend to clean up or use in some way someday. Maybe you're like me and you maintain some sanity for all the apps you have open by using Stage Manager. That gives you piles of app windows on the left. But sitting in the middle of the screen, you have one beautiful Finder window of Deskpad with its pristine desktop with no clutter. Now, from here forward, for simplicity's sake, as I describe usage of Deskpad, I'm going to do all of my examples, assuming you have arranged the Deskpad display above your main display. This will save me from having to say top, bottom, left, right every single time. So we're going to talk about it like it's above. All right, there's two ways to get your cursor into this virtual display, but only one way to get out. When DeskPad is just an app floating on your screen, the top of the window will be white. With DeskPad in the foreground, if you move your cursor over the window and click once, the top bar will turn blue. You're now on that display as though you've dragged your cursor into a new display.
[14:04]The other way you can get into the display is to drag your cursor upwards on your main screen. This is where it's going to get headbendy. As you drag your cursor up and you hit the top of your main display, the cursor will appear at the bottom of this floating display window. Makes sense, right? If that display was really above the physical display, the cursor would appear at the bottom as you drag up into it. But visually, this feels very weird. I end up kind of picturing it as like a loop because I drag up, but then it's down again as though it came out around the back of my display in some way. It's very hard to describe, but it's very weird.
[14:41]Now, clicking to get into the virtual display is easy, but the only way to get back out is to drag down to the bottom of the virtual display, and then your cursor will appear at the top of the physical display. You still with me? All right, now there's a fun side effect to this. You can easily lose track of your cursor. Imagine you've got your cursor in the virtual display, and then you use, say, command tab to switch apps on your Mac. And if you're using Stage Manager like I am, that app is going to disappear into the side. Now, this new app doesn't show inside that virtual display, the one that you command tab to. It shows on your main display because you haven't moved the app up into that display. So now you've got an app up in front of you, and desktop is probably covered up or gone into Stage Manager stack. You have no visible cursor because it's still over on that other display. The good news is you don't have to command tab back to desk pad to get to it. Think of it as like you can't see your screen above your screen and you just have to drag down on your mouse or trackpad and the cursor will magically slide down from the top of your screen. I know this intellectually makes sense, but I still find myself a bit baffled on where my mouse is when it happens.
[15:53]Now that you've practiced getting your cursor in and out of this headbendy virtual display, you're fully armed with how to move app windows into the display. Just as with the physical display, simply slide the app to the top of your main display until the app disappears and then comes up from the bottom on this virtual display window floating in front of you. It sounds obvious as you're picturing it in your mind, but I assure you it's very weird in real life. It's so weird, I couldn't even figure out how to take a screenshot of this happening. I decided to do a little screen recording instead. In the video on the show notes, you'll see on my screen DeskPad, System Settings, and Mona, my Mastodon client. I'll show you in System Settings Displays how I have DeskPad arranged above my main display. Then I'll show you how if I drag my cursor to the top of my main display, my cursor arrives at the bottom of the DeskPad display.
[16:44]Then I'll drag back down until my cursor comes onto the main screen. Finally, I'll drag Mona straight up, and eventually you'll see the Mona windows leaving the top of my main screen, while at the same time sliding up into the virtual desktop display. If you're not looking at this, that sounds normal, but when you see that the DeskPad display is on the main display, that's what makes it weird. I'm not sure what the bottom line is about DeskPad. It might be useful for the demo case I gave at the beginning, but it also might be too weird for you. GitHub may be a bit intimidating to you, but maybe following these directions for such an easy install will just kind of help you start to become a little more familiar with GitHub. I'm not sure I'll use DeskBad, but I'm sure glad I checked it out and I enjoyed the heck out of learning how it is to use and stretching my brain a little bit.
[17:34]
CES 2025: Zoox Robotaxi Funded by Amazon
[17:38]When we went to the Zoox booth at CES, the representative from Amazon was quite happy to tell me all about the autonomous robo-taxi they've created, but he declined to let me interview him. Instead, after his explanation, I did the recording solo. It's short and sweet, but I'm pretty pleased I was able to hold that much in my little head after just one explanation.
[17:59]One of the vehicles that's getting a lot of attention at CES is Zooks, and I'm standing next to it right now. This is kind of a proof-of-concept vehicle for allowing people to drive maybe on a route that would be considered like a small shuttle service. Not autonomous driving all over the place, but this is an autonomous vehicle. It's level four, which means it's fully automated without a driver. And this is operating in parts of San Francisco, where it's on a fairly small loop. But here in Las Vegas, it's actually going out on the strip. The vehicle has an entry and exit door on both sides. It's got cameras on the, or sensors, I should say, on the top four corners. It's got LiDAR. It's got radar. It's got optical cameras and infrared. And there's four of them, which they actually overlap with each other. And this allows them to get full 360-degree view. And even if one of these got disabled in some way, the other three would still be able to give them full coverage of the road and everything around them. Now, we're looking at it from this side right now, and we can see that there's bench seating, and they're facing each other, which might be kind of weird if you're in a shuttle situation, but that's still cool. Inside, you've got what looks to be a phone display there. You can change the temperature. You can watch your maps and stuff like that. You can make contact with the driver services through an emergency button on the top if you're nervous for some reason.
[19:24]There's also speakers all the way around the car above where you would think like the license plate would go in the front and the back. And I'm going to put my mic up against it here. Right now it's playing music, but we asked why they would have speakers on the outside. And they said so that the people inside could speak to authorities if the car was pulled over and also to speak to people that maybe are on the street. I don't know what they said, you know, what if somebody's banging on the car. Hey, quit banging on the car. So this is called Zoox Z-O-O-X, and it's kind of a proof of concept, but it's being funded by Amazon.
[19:58]When Steve was working on the blog post to embed the video of the interview that you just heard, he found out some more information about the vehicle. One of the interesting things is it's completely symmetrical, so it can go forward. The front and the back can be reversed, so the headlights become taillights and vice versa, so it can go either direction. He also learned that it has four-wheel steering, so it can kind of crab and go sideways and do all kinds of interesting maneuvers to get into interesting little small parking spots and that kind of thing in a city, or go in one direction, then turn around and come back out the other direction without having to turn around. Now, Silla Castaway and good friend of ours, David Roth, and his wife, Jennifer, happened to be in Austin during South by Southwest this week, and they actually saw one of the Zoox robo-taxis from Amazon on the street. He said he didn't know what it was until he saw the interview that I did, and so he was able to identify what that weird-looking vehicle was.
[20:53]
CES 2025: j5create Matter-Enabled Smart Plugs and Thunderbolt 5 Dock
[20:56]Well normally my interviews in the j5 create booth are a whirlwind of cool products i think last year there were probably 10 or 15 different products that we talked about but this year the focus is on something very specific and that's the emergence of matter enabled devices so i think you'll get a kick out of this but it's it's not nearly as much content as you'd normally expect from the J5 Create interviews we've done in the past.
[21:20]I like to stop by the J5 Create booth every single year because there are so many fun accessories. I asked Brandon Thweet to talk to us, and he says, well, we've got about a million things here. What do you want to talk about? And we decided out of all of the different accessories that are a lot of cross-platform stuff, but definitely many for the iPhone and Macs and things like that, but we're going to focus on Matter today, right? That's correct, yes. So what is your offering? Talk to us about Matter. Give a brief explanation of why we would care. Why does Matter matter? Definitely. So Matter is essentially a chipset that allows you to have any device, whether it's Android, whether it's Alexa, whether it's Apple, to interface with your everyday home devices. So you get a power strip. Maybe it's a power strip. Maybe it's an individual plug that it has as a Matter technology. And what that allows you to do is you can interface our products right with your Apple home environment, like I said before, whether it's Alexa, or whatever, in the app or voice control, and you can turn everyday products, such as a lamp that does not already have that smart feature, into a smart product. It's like making it instantly HomeKit compatible, but none of the words around that. It's just because it's Matter, it talks to it. I would say home automation is a great thing that can be done here. Home automation and basically just making a smart home, if you will. You can do a lot with Matter and with the technologies revolving around it, for sure. I don't know. I like having completely individual apps and having to manage everything separately on my network. That's more fun. Yeah, well, fair enough. Yeah, like I said, it's all... I'm kidding. Yeah, well, it is all set up in the app. You can use it. I'm sure there could be some other apps out there.
[22:45]But again, the biggest thing is either whether you're doing voice control, whether you're running a script. So if I walk by, maybe I have a motion sensor. When I walk by the motion sensor, I want this light over here to turn on, or I want this fan to turn off, or whatever the case might be, different workflows that you can make depending on your operating system. Okay, but that's all controlled within Alexa?
[23:04]Or wait, within what app? within Alexa's app, within the Google Home app, within the Apple Home app, so within your respective environment, I guess. So you say in your environment, but these could work for anybody. So that means you've got a better market share for you not having to do individual companies. That's great. So what kind of products does J5Create have? From my understanding, I know we have this one that is behind me right now. That's a larger power strip, four AC ports and a couple of USB-C and Type-A ports. I believe we have, Generally just some different formatted ones around this. We have one that's a little bit bigger. Maybe it's got like, I think, eight ports. We have one that's a little bit smaller. I don't know the exact details off the top of my head. But part of this is going to be everybody needs to go to j5create.com at the end and look for these things. But that's a category. What else do you have here?
[23:49]Beyond Matter. No, on this board right here. Well, the biggest thing, like I said, is going to be this right here as well as this right here. That's just the individual plug. So it has the same functions as any one of these individual ones would have, except it's just a single, you know, travelable plug. So you can put it a little bit more easy to kind of just fit it into one socket and not have to worry about a bigger power strip. So it's just one. So that's just, I got my Christmas tree I'm going to plug in. I just need that. Right. Okay.
[24:14]And do you know what your price point is on something like that? That one specifically, I'm not aware of right now. In general, you guys are really reasonably priced. You're not high in pricing. You're affordable. I would say so. do get a competitive price for a quality product. I just do not know the MSRP on this. I unfortunately can't give you a range. I can tell you this might give you an idea. This is $49.99 USD. And that's the power strip he's talking about with four ports. So four smart plugs. That's fantastic. Yeah, that's really reasonable. Now you've got a motion sensor up there too? Yes, so this is just another motion sensor. I'm not currently aware of any matter-related motion sensors that we're developing. Oh, so this is matter or it is not? No, this is just a regular old motion sensor that can be set up. This is, again, something we just bought to just show that, like, here's this use case you could use for it. Not actually functioning right now, and this one specifically is not made by us. Right now, we're just talking about these two products, essentially, yeah. Gotcha, gotcha. Well, what else do you want to show us here? Well, if you want to see specific matter, I can show you the other environments. Again, it's the same setup, essentially, it's just different environments. Okay, so it's just examples. I got you. It's just examples. I mean, you can see it working well.
[25:20]Like if I want to turn off this lamp right here, I'll click that button, for example, and there's the lamp. So, I see. So, he's got a column here for Apple, for Google Home, for Alexa with the same thing. So, he's controlling it directly from within HomeKit. One of these right here is set up under here. Okay, great, great. Well, we've traveled over to talk about Thunderbolt docks. What have you got here? Well, right now, we have a Thunderbolt 5 dock, dual AK-60 docking station, one of our more premier products. Got a lot of different ports on it, USB Type-A on the front as well as your host cable, SD micro slot. Micro, speaker phone slot, 3.5 millimeter right there. Behind it here, kind of a warp around a little bit. There's our USB-C connections, that's what you'll use for your displays, connect to external displays, up to two. A couple of Type A ports there as well, and an ethernet port, and then this one right here will be where your power comes in. So you have a power brick that comes with the product itself. Okay, now you call these USB-C, we mean also Thunderbolt 5. Thunderbolt 5, correct. Thunderbolt 5 being a standard of USB-C, those are there.
[26:16]But it's a great product, like I said. And right now, from my understanding, I could be wrong about this. I don't know of any Thunderbolt 5 laptops that are out yet. I know they'll be here eventually. But you guys are ready. Yes, that's essentially kind of the best picture to paint, you'd say. I remember when the Thunderbolt 4 was just announced. You guys were right out there in front. You guys like to be first. So do you have any idea how much this dock is going to cost? This one, I'd have to look at some further information about it. I don't know off the top of my head. You haven't priced your Thunderbolt 4 docks. Do you know how much the equivalent is from Thunderbolt 4? Or something, you know, like a similar product of like this, the Thunderbolt 4, I believe, I want to say 389, $3.89, $3.99. That's usually right about where they come in, yeah, for that many ports. Yes. It's a nice-looking device, too. I would say so, yeah. It's a, you know, sleek form factor. Try to just stick to the Thunderbolt 4 design, similar to those previous models we made, and just moving forward from there. So we're kind of talking at the high end here, but this place is just absolutely filled with little adapters and docks and things for your phone and things for your laptop. So there's a lot to find over at j5create.com? Yes, j5create.com. Yes, that's correct. I believe I said it wrong earlier, so j5create.com. J5create.com. That's right. Thank you very much, Brandon. Yes, thank you.
[27:26]
Support the Show
[27:29]This week, the delightful Christophe Trouche made his quarterly donation to support the podcast. Isn't that lovely? He likes the idea of continually supporting the work, but he doesn't want to be tied into a subscription. So he created a quarterly reminder to shoot some money to me, and we're both happy with that. He just goes to podfeet.com slash PayPal and sends the money. Easy peasy. If you'd like to be delightful like Christophe, but you want it even easier, you can go to podfeet.com slash donate and use Apple Pay or a credit card of your choosing with no login. In any case, it makes me feel all warm and fuzzy every time Christophe sends in a donation. Thank you, Christophe.
[28:05]
Security Bits — 16 March 2025 ☘️
[28:07]Music.
[28:14]Well, it's that time of the week again. It's time for Security Bits with Bart Mooshatz. Hello, Bart. Hello there. You are in wonderfully green green for St. Patrick's Day. I completely approve. I always forget that. I walk around completely oblivious of what I'm wearing. I don't pay any attention. I remember I was in a restaurant once and somebody went, Go Blue! Why are you saying that to me? A friend of mine had given me a shirt for the University of Michigan and that's their theme, apparently, is Go Blue. Okay. Well, I have a really nice Apple Watch strap on as well that I ordered at Christmas time this time. So it actually arrived before St. Patrick's Day. Oh, that's funny. He's showing us some shamrocks, by the way. Yes, I have a green one with green shamrocks and a white one with green shamrocks. So the last one I showed you was the green one, but today's clothes better match the white one.
[29:06]You're such a fashion and mogul. Only my watch strap, that's it. That is all of my fashion, because of the watch strap.
[29:14]All right, well, this isn't a fashion and Apple Watch Band show. We're going to talk about some security stuff this week. we are and we are going to start with a visit to feedback and follow-up because we mentioned last time the start of what we all knew would be a big story the uk's secret court trying to compel apple to i'm going to call it break icloud advanced data protection because its job in life is to be end-to-end encryption so a back door is another word for does not do its function at all that defeats the purpose right it's like saying where do you put your hole in this bucket it's still a bucket it's just got a hole it's like no it's not a bucket anyway it's still secret, we believe based on credible reporting that there was a secret case in a secret courtroom on friday and i haven't heard a secret outcome but what i can tell you is that in the united states two things have definitely happened, because we know those for reals. The first is that the US government officials have said that they are in contact with their opposite numbers in the United Kingdom government and giving them a piece of their mind.
[30:30]And the other thing we know is that a bunch of senators from both parties have gotten together to write a fantastic letter to the UK government. Senator Ron Wyden is, of course, one of the leaders here. He is just so good on tech stuff. The whole letter is actually really good But I'm going to read you a choice excerpt.
[30:51]Given the significant technical complexity of this issue, as well as the important national security harms that will result from weakening cybersecurity defences, it is imperative that the UK's technical demands of Apple and of other US companies be subjected to robust public analysis and debate by cybersecurity experts. Secret court hearings featuring intelligence agencies and a handful of individuals approved by them do not enable robust challenges on highly technical matters. Amen. Preach it. So how are they able to write such a great letter while not acknowledging that any of this ever happened? Ah, well, they're not bound by the UK law not to acknowledge it. Right? Right. Apple is bound because they're the subject of the letter. The UK government are not going to leak their own secret process, but the American government are under no obligation to respect what they consider to be a dumb British law. As far as they're concerned, they're peers of each other and you guys over there are doing it wrong.
[32:01]Okay. Okay. But they can say, well, we heard through the grapevine or it's being reported that. Well, given that these people have security clearance, they probably know from U.S. intelligence officials that this is real. They can't tell us how they know, because that would be breach of their secret briefings, but they have access to things you and I don't. Yeah, okay. Great letter. Anyway, so good. What their demand is, is do this in public. Don't hide this away in a secret court. And it's like, yeah, this is kind of an important debate for our time. Makes it even worse. Yeah. Yeah. Yeah. Stay tuned. Same bat time, same bat channel every two weeks. Actually, hopefully it will not, they won't just be met with silence. Like, nah, we don't feel like it. Unless the rumor mill says the whole thing just evaporated and went away.
[32:57]Let's see the way this could end, right? Is that Apple changed nothing. But if that loss stays out there, it still needs to be not there. Yeah, I'm staying tuned. Right. We have one more piece of follow-up. I think also last time we spoke, we gave Microsoft praise, in fact, for responding extremely quickly to what appeared to be malicious plugins in the VS Code, which is Microsoft's open source IDE that both you and I love. They have a marketplace for plugins or add-ons. And there were two very popular add-ons that happened to be skins for VS Code that appeared to contain malware and Microsoft leaped into action. They removed the plugins, removed their certificates so that everyone's copy of VS Code started to fail to run those plugins and booted the developer out of the app store or sorry, the marketplace. And we gave Microsoft great credit for responding quickly. Turns out it was a false positive.
[34:03]Turns out that, yes, the plugins contained obfuscated code, which is generally suspicious. So obfuscation is a technique for disguising the true actions of code. Right. And in this case, it was innocently their suspicious code caused by an outdated dependency that had basically been abandoned for years and did things in a weird way that looked really, really suspicious. The developer hadn't touched the plugin in years. They had actually decided they wanted to rebuild it from scratch, and, And so this outdated dependency was there. Anyway, end results. The developer decided to actually finish their complete rewrite. So there are now new versions of the plugin that are completely written from scratch, don't have these dependencies, none of this weirdness, no obfuscated code. Microsoft have let them back into the marketplace, have published the new plugins, which don't have weird things. Oh, okay. They've apologized to developer for overreacting. And they have clarified the rules on basically having obfuscated code, which means that in future they can simply say this is a violation of our terms because it's obfuscated instead of having to go straight to five alarm fire, we fear this might be malicious.
[35:32]And I think, well, I don't know what lesson Microsoft are going to learn. I hope the lesson they learn is that in future they should react as quickly with a suspension.
[35:45]Put everything in a safe place, then do your investigation, and then allege people are being mean or malicious. Instead of being the queen of hearts and just off with their heads? Yes, exactly. So by all means, suspend the plugin while there is doubt. That's safer. But don't accuse. Are you a little bit worried they might, the lesson they might learn is do the investigation while the thing's still sitting there? That's my fear. Once bitten, twice shy. Yeah, they're smarter than that. I hope so. I hope so. This is overall good news that this wasn't malicious and a fix and an apology. It's about as good as it gets. It does. If it wasn't for my lingering doubt, what if they take away the lesson, don't act next time? Because I don't want them to do that. I want them to be proactive, but... Don't accuse people of being evil. Just pause the plug-in. Right. Right. Okay, we have no deep dives because everything was shallow enough not to need one. But there's still some good stuff here. Moving on to action alerts then, it has been patched Tuesday. On the one hand, only 57 vulnerabilities. It was 167 last time, so that seems like a good month.
[37:04]However seven of those are zero days last time it was four so is it better is it worse i don't know either way patchy patchy patch patch um one zero day is of particular note because now that we know it now that we've discovered it cyber security researchers could look back through old logs and They now believe it was being very selectively exploited since 2023.
[37:32]So they kept under the radar with their use of this vulnerability, hoping to keep it secret and succeeded for a while. Now it's out there. So patch. Yeah. Apple have patched basically everything. So let your Apple stuff update because in this case one of those patches repatches or adds a more patchy patch I'm not quite sure what's going on at a technical level because Apple are not being, particularly fine-grained there was a lot of reports that Apple have patched the zero day that was being exploited in highly targeted attacks which sounded very familiar because that's exactly what they patched last time and I don't think there's been any new exploitation I think they're just reusing their language what they're doing is adding a stronger patch over the same problem.
[38:24]Oh, so they put a Flintstones Band-Aid on it to start with, and now they're doing a big girl Band-Aid? Yeah, now they're stitching it, I guess. I don't know. I don't know what way you want to take that analogy, but they're doing something more robust to provide more protection against the already known vulnerability that had a placeholder patch. And what's kind of interesting, I'm not sure we knew before, maybe because Apple were trying to say as little as possible until they had a patch patch is that the actual problem is so deep down in webkit that it's old enough in the code base that it predates the time when chrome forked from webkit wow so google have had to patch two so there's actually a matching update to chromium and chrome which is now rippling out to all the chrome-based browsers so patchy patchy patch patch so chromium is a fork of webkit i don't think i've remembered that that's a long time ago so there was a while when there was a lot of harmony in the world because google was.
[39:29]Pushing changes upstream to apple and so apple was benefiting from all the work google were doing and then the two companies fell out rather dramatically and.
[39:40]Google went no this is now a hard fork we are not going to take your changes anymore and we're not.
[39:45]Contributing ours back to you and because it's because it's open source they could do that they just couldn't keep using the branding web kit but they could take the code oh okay oh interesting so yeah it's like MariaDB and MySQL have split off so there was a time where they were the same and then there's a point in time where they bifurcate and now they're off on their own separate paths um those of you who have an Android device which does receive active security updates your March update is awaiting you it patches 43 vulnerabilities including a zero day that was found being used by the authorities in serbia to break seized phones so basically gray you know was it that gray key style devices were using this vulnerability to break into android devices so if you can patchy patchy patch patch and any of our many nocilla castaways who run their own servers you probably want to check for updates because there's a non-zero chance you're running the free type open source font library and the good people at meta discovered a nasty zero day in that open source project that i guess they are heavy users of and did a proper patch and did it all responsibly and etc etc that now went upstream to the library and is now available at all the different linux distros and i'm sure the windows.
[41:14]Version as well so patchy patchy patch patch if you need to.
[41:19]What an obscure thing. Fonts are always much more complicated than I think they should be. I think, hey, look, I type and those pretty letters come out. And how many problems are caused? Some of them have code code because they have cool things like ligatures where THs can join together in nice ways or an FS can flow into each other. And that all involves logic. And so they actually have executable code. Wow. I didn't realize that. That's cool. Yeah, it's cool. but yeah right okay uh worthy warnings then these are lots of little heads up so we know that we now have we have this annoying situation of this is why you can't have nice things when it comes to browser plugins the baddies are just abusing browser plugins left right and center and they're being really quite mean about it and this makes me cranky because browser plugins were once great fun and now they're a thing that I minimize my use of. That's why we can't have nice things.
[42:20]Yeah, I know. It makes me cranky. There is a new proof of concept demonstrating a whole new way to be malicious with browser plugins. Make them chameleon-like imitate a real one. So install your malicious one and take the place of one password. Mimic its UI perfectly. Take the person's master key. unlock their vault and steal all their passwords kind of nasty.
[42:49]Our browser plugins are usually through the source of the browser, though, right? Like, I mean, Safari, you get it from Safari extensions. Google gets it from the Google Play Store, right? Or something along their extension store.
[43:02]So this isn't, browser plugins aren't something you just go to a random website and go download, right? Or can you? You can do on Firefox. You can do on Chrome. You can't in Apple unless you do a whole bunch of right-clicking and ignore warnings.
[43:18]And turn off the code must be signed and stuff so on apple you really have to go out of your way to run a malicious to run a non-blessed plugin in safari which is why i tend to keep my plugins to safari wherever i can and absolutely absolutely minimize my use of them elsewhere the google place for is different because it works more on a we'll punish you later model instead of a we'll check you beforehand model which one does Google Chrome, right? So the Google Chrome ability data extensions, you're saying those are not vetted at all? They just let anybody post something there and then ask for permission later? Well, at all is the wrong word. They go through some automated scans, but Apple have this human layer that is provided retroactively by Google. Google are much more of a let the machine do it company, whereas Apple are much more of a we're going to scan all of this. So Apple's app stores are the least dangerous of all of them. So neither one of them is really the app store. I misspoke when I said Google Play. It's like the extension store and Safari extensions. They're not in the app store. Well, in Safari, they do come to you through the app store these days, right? You download an app called 1Password Safari Extension.
[44:37]Which you actually get in the App Store. Now, you can also get to it through special UI in Safari, but it is actually coming from the App Store. And it arrives, it's in your applications folder as an app, but when you double click on it, all it does is bounce you into Safari. Oh, yeah, you're right. You're right, I am seeing those in the App Store. It's so hard to find. The real good ones are in Chrome. One of my favorites is Silktide, that'll do accessibility checking of your website. It's a great extension, but I can only run it in a Chromium browser, so I run it in Microsoft Edge. But I just assume that they did some sort of checking. I guess, like you say, there's a little bit. But they do some sort, right? It's not nothing, but it's automated scanners are easier to fool than human review. And even Apple's review is imperfect. It's just the least imperfect. So this is a proof of concept that's described in Bleeping Computer, not that this is out in the wild happening? Yeah, the problem with a proof of concept from security researchers, it's kind of like, we've just told you this fire exists. We haven't told you how to make it, but you now know this fire exists. So I'm torn.
[45:45]Apple users need to be aware that there is a lot of a new flavor of an attack during the rounds. This is happening. This is smishing, as it's called. So SMS based phishing. and they're sending you sms messages with subject lines or you know headings whatever you want to call it with things like apple approval notice and apple pay verification and they pretend to be a notification saying by the way that payment you've just authorized for 5 000 euro for a brand new m4 mac studio that's gone through just fine if you didn't mean to phone this number and we'll happily work through it with you.
[46:29]So that sounds exactly like the one that hit Pat's friend, Dorothy, where, remember, Pat came on the show and described exactly what happened. It was exactly like that. It was, but it was Amazon, but it was for buying that you just ordered this laptop. So it doesn't sound like this is new. It sounds like this has been around for a little while. Oh, the concept absolutely is. I'm just saying that at the moment, there is a big campaign hitting millions of people with Apple-specific ones. So I'm letting people know that this is now very happening, targeting our folk. But yeah, it's not new, new. It's just heads up. Okay. Especially if you have friends and family who also have Apple accounts.
[47:09]So if I get a phone number or a text in an email or a text, I should just use that number directly. Right, Bart? Oh, yeah, absolutely. Totally do the thing that the message is telling you. No, of course not. If your sarcasm detector is broken and you didn't pick up my analysis, 50 gallons of the stuff, you phone the company or you contact the company through a mechanism that you know is correct based on something that has nothing to do with the suspicious message. You got it from your address book where you've been using it for years. Like if it's your bank, for example, or actually for your bank, you flip over your physical card and you read the number from the back of the physical card. Is a great one for your bank and for apple try going to apple.com if the day comes where apple.com is hacked we all have a way bigger problem than you getting a funny sms message you probably have heard about it on the radio and the television and everywhere.
[48:08]All right. Good. So in a somewhat related vein, there is a new flavor of something we've talked about before. So Apple is trying to trying its best to nip in the bud nasty scams. And so the messages app treats messages from someone you have never sent a message to differently to messages from someone you've had a two way communication with. If you've answered them and they've answered you, they assume that there's some sort of a relationship. Or if they're in your address book, they assume there's some sort of a relationship. But if you get a message from a number that's not in your address book and you haven't sent any messages to, then Apple disable all links in those messages so they're not clickable. They don't hide the text, but the phone numbers clicking on them won't dial them. Email addresses clicking them won't open the mail app and web addresses clicking them won't open the website so it's an extra break on phishing attempts i swear we've talked about this part i remember you describing exactly this yeah because the last time we talked about it the trick they were using was asking you to reply with a y at which point in time you've replied and now all of the links become clickable. They found another way around this very sensible block.
[49:36]So Apple have special trust relationships with some really well-reputable domains like Google.com. So a Google.com link is always clickable no matter who it's from. And Google.com support redirects. Now, Google are very mature about this. They do this in a very safe way. They put up an intercept page that says, you are about to be redirected away from Google, click to continue.
[50:01]So it's not like a secret redirect, but nonetheless, Apple's attempt to make the stuff not clickable in these suspicious messages has been bypassed. And if your family member is believing the message, they're going to click past that Google Intercept page because it's not a Google warning page. It's just a page stating as a fact, we are sending you here. But if the user thinks they want to go somewhere, they're going to go. So this has succeeded in bypassing apple's attempt to put on the brakes, that's pretty involved now the end result is if if any of your family members get an sms message with a page that brings them to a google page saying we're about to redirect you that is a red flag someone's sending you a genuine link they're not going to send you through google.
[50:53]Yeah yeah so that's the message that you can take away it's very annoying because you and i are likely to notice these things as weird but we all have these family members who it's good for us to know what's happening in the real world so that if a family member phones up and says i just got a message that does blah blah blah you can immediately go okay stop stop stop stop stop stop this this smells fishy it smells of cod that's a week old put it away right right and finally uk residents need to be aware that there is sorry not uk us there is a massive spike in another old trick it used to be um unpaid tolls we get these in ireland a lot for the m50 motorway which is everyone hates the fact that we have to pay to use the m50 our it's a motorway that has It's tolls that don't have a barrier. It's your responsibility to go to the website afterwards, type in your license plate and pay your money afterwards.
[51:53]And so it's a really good form of fishing here in Ireland. Anyway, this happens in the US too with UO Atoll for this bloody blah bridge. Well, they found a new technique. People's area code lines okay with their cell phone number. It aligns enough that you'll get like half the people. So you just say that they owe a parking fine in the city that their area code belongs to and demand that they click immediately or they face a giant big fine for parking in San Francisco or whatever. Yeah. Yeah, so be aware that is a thing that is out there. One of the ones that's been going on that's maybe similar to that is the toll roads are run by a company called thetollroads.com and text messages are coming out constantly saying that you're unpaid and you're about to get a bunch of tickets and stuff. I've been seeing that one maybe once every couple of weeks yeah yeah it's fruitful pickings right how many people have unpaid tolls it's a it's a significant number or might do.
[53:00]And that's all they need right okay notable news we get to start with a fire extinguisher and things go uphill from there, So there was oh so much shouting on the internet because a bunch of reporters took a press release from a conference and didn't do any fact checking and just wrote their headline. And the headline was backdoor found in Bluetooth controller used in billions with a B, IOT devices. Panic, yada, yada, yada. No, that is a that is an incorrect description of true facts. So what the security reachers found was completely legitimate debug commands available in a chip, accessible, not over the airwaves, not over Bluetooth, but from the device itself by either physically connecting to the debug pins on the chip or by having root access on the device. This is not the same as a backdoor. This is a debug interface for authenticated users. This is normal.
[54:08]Now, they should probably be documented, but it's not the kind of thing you leave out out of malice. It's the kind of thing you leave out out of, well, why would anyone care about these debug commands for us? Yeah, yeah. So there's no malice here. Seems a lot more over the top, as you say. Completely over the top. And every attack vector people have surmised, but you could abuse this by dot dot dot they all start with either if you have root access on the device dot dot dot at which point i'm going wait a second the attackers have root access on the device the show's over this this is irrelevant or if you can physically connect to the debug pins on the actual chip then you've already disassembled the device and it's completely in your control so we have a bigger problem anyway. I'm picturing Sally Hacker. I come into my studio here and she's down on her hands and knees with a little probe and she's opened up my Wemo switch or something. Don't mind me. I would notice that. Nothing suspicious here.
[55:13]So don't panic. Whatever you heard about every Bluetooth device, you had a idea that no, no, it's fine. It's fine. Not a backdoor. Not a problem. Maybe, hypothetically, conceivably, someday someone could find a way to abuse these features. That is not today. If it happens, I'll let you know. Panic off. Okay, good. And now we go to good news. The GSMA, which we discovered recently, is the GSM Association. Amazingly imaginative name. GSM is, again? The Global Standard for Mobile Communication Cell Phone Networks. Okay. They have formally approved an open cross-platform standard for end-to-end encryption on RCS. So this is the fancy pants replacement for SMS.
[56:06]And until now, the only encryption available was a custom extension that was proprietary to Google that worked from some Android phones to some other Android phones. and only between those supported Android phones. It was never part of the actual standard and Apple never implemented it because it was not standard.
[56:26]Apple said, we want a standard and we're happy to help. They were as good as their word. They were one of the big contributors to this new standard. This is now a fully open standard. Everyone is free to use it on all operating systems. And rather than reinventing the wheel, they have adopted a pre-existing open protocol that's well-documented and is actually under the banner of the Internet Engineering Task Force, the IETF, the MLS protocol. So this is perfect. This is everything you would want. And Apple have promised they will implement it shortly. That's all good news. What I find funny is referring to it as fancy pants because as though it was new and shiny, it's 17 years old. RCS was introduced in 2008. You know, they didn't bother with encryption. Yeah, and in fairness, 18 years ago or 17 years ago, we weren't thinking about things like we do now. Simpler times, yeah. But I don't want to throw water on this as being anything but good news because a lot of people were like, well, why didn't Apple do it? I thought they cared about privacy. So, okay, you've got to have a standard for this. So, that's great. And now, I noticed that neither of the companies, Google or Apple, talked about when, but I would imagine they'll get on this shortly. I would be very surprised if they weren't so. I would imagine the next iOS update will definitely have it. And we're coming up to WWDC time again. So I think it's coming soon.
[57:54]Now, another interesting piece of good news. If you are an Android user, Google are continuing to leverage AI for good. So I said a few weeks ago on this show that in my experience at the moment, AI is helping the defenders more than it's helping the attackers. And this is another example of that. Google are adding a feature to Android, which will use a local on-device AI model. So they're not setting everything up to the cloud. They're doing it on-device, which will scan your messages for patterns that look like scams. So they're training the model on genuine scams and then installing the model locally so it can run locally and it will alert you to anything that looks like a scam. so we've trained this thing to recognize cats this looks like a cat.
[58:49]Interesting. I wonder how they're doing that, and can they do it across different, let's say, power levels of different Android devices? You know, does it require 8 gigabytes of RAM, for example, if they're doing local work? I don't know. I shouldn't do, because this is a classifier rather than something that answers questions. Super narrow. Yeah. So it doesn't require a lot of RAM, probably. Bingo. Bingo. I would like Apple to just, in theirs, to just, if I wrote an email to somebody and they wrote back that they'd not put it in junk, that's all I ask. That'd be good. That's just the one little thing that I'm looking for. Please. Even if that's too much, if we're in each other's address book, like, could we be more explicit? Like, I literally have you in my address book. Yeah, I know. Or if we've gone back and forth four times, don't make the fifth one go into junk. Yeah, yeah, yeah. You've let the first four through. We now have a false sense of security, so now you should strike. I know, I know. I feel you. Oh, I feel you.
[59:53]On that note, Alison, you have a wonderful palate cleanser. I'm going to give this one two thumbs up before you describe it and tell you I am one hour and five minutes into this two hours of wonderfulness, and I'm thoroughly enjoying it. Well, I want to give a setup here. In December 2024, Dr. Alex Filippenko, who's an astrophysicist and a professor of astronomy at UC Berkeley, was interviewed by Dr. Brian Green for the Science Festival. They discussed the accelerating expansion of the universe, dark energy, and especially what they call the current Hubble tension. That's a discrepancy between the measured and predicted current expansion rate of the universe. If you have a mild interest in cosmology, this is a wonderful, wonderful interview.
[1:00:34]Alex isn't just a brilliant researcher in this field. He's a wonderful communicator of science at a level normal people can mostly understand. I am not going to pretend I understood all of it, but he's so good at explaining things in human terms. And he has a special place in my heart because when Steve and I went on our cruise around Iceland, Alex was one of the professors along with Dr. Andrea Ghez. And so we not only got to see him lecture live, we sat in the front row, we asked him lots of questions. And on these trips, normally, if you're not from the school that the lecturer is from, you don't get to eat with them. They eat with their own kind kind of thing. So we got to sit with Andrea, but there's Alex, and he was brilliant too. And he liked our questions so much, he invited Steve and me to sit at his table to eat with him. And then we went hiking with him and his family. And so he's just a wonderful guy. And he's kind of a... Absent-minded professor kind of guy. He's got this squirrely hair, and he's kind of silly and stuff, so he's very, very listenable.
[1:01:38]Like Bart said, this video interview, you can just listen to it.
[1:01:42]Is two hours long, but what I did was I listened to it over the course of a week, because I had to let some stuff sink in each time, so it's taken me a while to make it all the way through, but I watched it, Steve watched it, a bunch of my friends have watched it, now Bart got to listen to it too, and he's just delightful. And one more thing I want to say, The amazing part is Dr. Brian Greene is a genius in and of himself on his own right, and you know that he knows the stuff that Alex is explaining, but he never interrupts him and stops his flow and tries to be the one contributing. He asks a few questions, but he doesn't dominate at all. It's almost all Alex talking, and I think that's a real skill. And I lied. There's one more thing I want to say about Alex. He is so good at giving credit to other people. You'll hear it all throughout this where Brian tries to give him credit. He goes, well, it was actually so-and-so. That was actually so-and-so. When it is his credit, he'll say it, but he's always deflecting. And he told us a story that one of his projects he worked on was up for Nobel Prize. He took his name off and put his lead researcher, a young grad student, into place, and the guy won. So he would have had a Nobel Prize, but he didn't because he said, seriously, he's the one who did the work, so I shouldn't be the one. And I don't think in the history of time a professor has ever done that. They are rare. I have met a few who insist on putting their students ahead of them on papers, but they're rare.
[1:03:09]I'll count on one hand, right? Yeah. And I just want to say, so what struck me, so I didn't know you had a relationship with either of the people. I just thought it was an amazing video. I thought it was fantastic. I didn't realize why you had picked that particular amazing video. It's cool. what strikes me is that the conversation is simultaneously filling in detail at lots of different levels so if you already know the big picture stuff, They're doing an amazing job of explaining how we know what we know. Oh, yeah, yeah, yeah. Because astrophysicists are always saying, blah, blah, blah. And you're like, how do you know that? Yeah. He tells you. Yeah. Without math.
[1:03:53]Yeah, which is great, because it's based on what did we observe? If this is true, the universe should look like this. So we had to look, and it did, or it didn't. And the bit so i knew the big picture and i knew the what we know what how we know what i didn't know was which bits are we very certain of which bits are we mostly certain of and which bits are we still a bit woolly on so not only are they explaining the how we know at each point in time they're giving you a description of how how finally we know this do we know this exactly or approximately and so i'm learning i'll i'm getting a lot more detail on the bone i'm getting a lot more structure.
[1:04:34]They tell the story fantastically, right? I always say that the hardest part of writing programming by stealth is getting a story. These guys are great storytellers. Yeah, well, it's mostly Alex in this case, but Brian is. Yeah, if you want to learn how to explain things, he's just genius at that. And the fact that I could understand this, because I have not studied astrophysics at all. I sat in the front row and listened, and just through kind of exposure, I've gotten some understanding of it. But it was wonderful. It's delightful. Alex is just one of my heroes. By the way, the reason I knew about this is I'm on his newsletter email. And I should find out whether I can just get, if people can just sign up for it. So he always sends out things like saying, oh, this is when the blood moon's going to be out and what time you should go observe it. Or, you know, when the Perseid meteor shower is coming up, he warns you and tells you where to be and what you need to do and stuff. So he just put in this plug for his own thing in the latest email newsletter. So that was super fun. Excellent. I count that as one of the best palate cleansers we've had in ages because I feel completely cleansed and I still have an hour to enjoy. It's great.
[1:05:45]All right. Well, you have fun listening to that. And I think that closes up a rather light security bit. It does indeed. But the advice remains evergreen, folks. As green as St. Patrick's Day. Stay patched so you stay secure. Well, that's going to wind us up for this week. Did you know you can email me at alison at podfeet.com anytime you like? Lots of people do, and I just love helping people. If you have a question or a suggestion, just send it on over. Remember, everything good starts with podfeet.com. You can follow me on Mastodon at podfeet.com slash Mastodon. If you want to listen to the podcast on YouTube, like apparently lots of people do, you can go to podfeet.com slash YouTube. If you want to join the conversation, you can join our Slack community, at podfee.com slash slack, where you can talk to me and all of the other lovely Nocella castaways. You can support the show at podfee.com slash Patreon or with a one-time donation at podfee.com slash donate with Apple Pay or any credit card. Or you can be like the wonderful Christophe and do it through podfee.com slash PayPal. And if you want to join the fun in the live show, we had a hop and good time with everybody this week. Head on over to podfee.com slash live on Sunday nights at 5 p.m. Pacific time and join the friendly and enthusiastic Nocella castaways. Thanks for listening and stay safe.
[1:07:00]Music.

Error: Could not load transcript. Please try again later.

Reload

Loading Transcript...