NosillaCast Apple Podcast

The episode covers family-tech balance, a hiatus announcement, insights on Audacity, autonomous yard robots, AI voice recorders, and essential security updates, showcasing technology's impact on productivity.

2025, Allison Sheridan

NosillaCast Apple Podcast

http://podfeet.com

Automatic Shownotes

Chapters

NC_2025_03_30

Open Source Audacity — My Latest Video Tutorial for ScreenCastsONLINE

CES 2025: Yarbo Modular Yard Robot

CES 2025: PLAUD AI Voice Recorder

Replacing a Big-Boy Camcorder with a DJI Osmo Pocket 3 & Mic2

CES 2025: TEWKE Intelligent Light Switch

Support the Show

Security Bits — 30 March 2025 (Bart Solo)

Long Summary

In this episode of NoCellicast, I reflect on my experiences as I navigate family time and technology. Currently in San Diego, I discuss how the podcast will take a brief hiatus but still have a live show next week before heading to Japan. One of the critical topics I delve into is my deepened understanding of Audacity, the open-source audio editing tool that has been a staple for my podcasting journey for nearly two decades. I share insights from my recent video tutorial for ScreenCastsOnline, highlighting how to utilize Audacity effectively, including its comprehensive features that I had never fully explored before.

The episode features an intriguing discussion with Kathy Jeng from Yarbo, where we explore innovative yard work solutions provided by autonomous robots capable of handling snow blowing and lawn mowing. I ask about the technology behind these devices and how they can differentiate between obstacles like children and pets while performing their tasks autonomously. This is a fascinating peek into the future of yard maintenance and how technology is reshaping domestic responsibilities.

I also engage with Alaina from Plod.ai, who introduces us to their wearable AI voice recorder called Plot Note. This device not only captures conversations but also generates actionable transcripts and summaries, revolutionizing note-taking in meetings. As we unfold the capabilities of this gadget, we discuss its ease of use and security measures, ensuring user privacy during cloud processing.

I invited listener Marty Gensius to share his firsthand experience using the Plod Note, particularly in a professional setting. Drawing from his role in lengthy faculty meetings, he details how this technology simplifies the note-taking process, enhances productivity, and allows him to focus on the discussion rather than managing minutes, showcasing a real-world application of AI tech in everyday tasks.

In a lighter segment, I analyze the technical setup behind Steve's impressive video recordings during tech events, focusing on the Panasonic 4K camcorder and additional equipment that enhance audio-visual quality. I discuss the challenges and improvements involving the DJI Osmo Pocket 3 camera, detailing its ease of use, impressive features, and potential as a future replacement for more cumbersome gear.

Additionally, I explore the latest AI trends at CES, culminating in an engaging conversation about Tuke, an intelligent light switch designed for energy efficiency and smart home integration.

Finally, I summarize essential security updates highlighted in Bart's solo segment, warning listeners about the importance of patching vulnerabilities in software like GitHub and the ongoing concerns with personal data storage systems like 23andMe. He encourages everyone to prioritize security best practices while discussing the implications of recent data breaches and the responsibility of companies to protect user information.

This episode embodies my passion for exploring technology while reflecting on my experiences, and it promises an engaging discussion on personal productivity, innovative tools, and the ever-evolving intersection of technology and daily life.

Brief Summary

In this episode of NoCellicast, I reflect on balancing family and technology while in San Diego and announce a brief hiatus, with a live show before my trip to Japan. I discuss my enhanced understanding of Audacity, insights from a tutorial, and feature conversations with Kathy Jeng from Yarbo about autonomous yard maintenance robots and Alaina from Plod.ai on their wearable AI voice recorder, Plot Note. Guest Marty Gensius shares his experiences using Plot Note in faculty meetings. I also examine Steve's video recording setup, highlight AI trends from CES, and summarize important security updates, emphasizing the need for software protection. This episode showcases my passion for technology's role in productivity and daily life.

Tags

NoCellicast

family

technology

San Diego

hiatus

Japan

Audacity

autonomous robots

wearable AI

Plot Note

AI trends

CES

security updates

software protection

productivity

Transcript

[0:00]

NC_2025_03_30

[0:00]Hi, this is Allison Sheridan of the NoCellicast podcast, hosted at Podfeet.com, a technology geek podcast with an ever-so-slight Apple bias. Today is Sunday, March 30th, 2025, and this is show number 1038. But we're still down in San Diego watching the kids, playing with all the kids, having a great old time. But we should be back in our house next week. And then the following two weeks after that, there will not be a live show. So we're going to be out of town till the 21st of April. So we won't be back in the live show until the Sunday after the 21st, if you can keep track of that in your head. Anyway, we will have a live show next week, but that's it for till we go to Japan. Anyway, let's kick into the show.

[0:46]

Open Source Audacity — My Latest Video Tutorial for ScreenCastsONLINE

[0:46]I've used the free and open source Audacity for audio recording and editing for as long as I can remember. I did my very first podcast recordings using Audacity nearly 20 years ago. What I never did before, though, was to actually learn how to use it well. I'd push record, do some minor edits, maybe remove some noise, and then export the file. I finally decided I'm going to learn this tool. Since there's no better way to learn than to teach, my latest video tutorial for ScreenCastsOnline is all about Audacity. This tool is surprisingly capable and well-documented. I taught the basics of using Audacity in the tutorial, how to understand the on-screen tools, and how to find help with the more advanced features. But it is really, really deep. It can go so much further than what I actually taught. When I told Bart I was going to do Audacity, he was like, whoa, really? That's a big one. That made me nervous but I think I did a good job on it and I'm really proud of it. I hope you'll watch it if you're already a Screencast Online subscriber. If you aren't, of course, there's a free seven-day trial that will let you watch my Audacity tutorial and all of the current back catalog. You can find it at screencastonline.com.

[1:55]

CES 2025: Yarbo Modular Yard Robot

[1:59]Now everybody loves yard work they love to rake leaves they love to snow blow of course but it turns out that the robots are going to take over that job for us too i'm in the yarbo booth with kathy jeng yes and uh she's going to talk to us about some robots that maybe can take over these tasks for us sure sure so basically you can see it's like all season used yard robots which is fully autonomously so you can see right there that's our snow blower, right there and then this is our lawnmower module and then the blower module and wait a minute i love to do uh i have a blower for my leaves so do i still walk around and get to do it or does that happen autonomously as well it's autonomously as well yeah so but you also have two options the first option is fully autonomously you just do the boundary uh just draw the boundary and it It would do the autonomously working plan for you.

[2:55]Is it nowhere to blow the leaves to? Yeah, so basically you just set it up, adjust it on the app. Yeah, so you can just control and adjust on the app. So you know, you're just pointing out where you want to blow the leaf. And then it will be doing the calculation by itself. And then just follow the path. So a blower, like a snowblower or even a leaf blower, isn't a dangerous thing. But a lawnmower, that's a little bit scarier. How does it avoid, I don't know, children, animals? How does that work? Good question. So actually, you can see here, every module in the front, we have two cameras. And then also the sides on both sides also have the cameras. And then back also have the cameras. So we have six cameras in total. So definitely 360 degrees, all covered by cameras. So if you are standing in front of the module right there, when it's cutting the lawn or snowblower the driveway for you, it would detect you and detect a person or detect animals, any object. So it would just stop right there. So snowboard stop right there until you say it's safe enough. So I'm continuing to work. If it's a lawnmower, it's just saw the obstacle over there. Just do the obstacle, avoid it. So stop right there and then go around it. Okay. So I guess we trust vacuums to go around us. Now it's a little bit scary going up a level, but this is pretty fun. I love it. So the company is Yarbo, Y-A-R-B-O. Yeah. And what's the website?

[4:22]Yarbo.com, Y-A-R-B-O.com. And are these products available now? Yes, it's all on sale right now. Oh, very good.

[4:30]Let's see, Steve is giving me the money symbol. Let's say the lawnmower. How much does the lawnmower cost? The lawnmower is about like $4,000. Yeah, it really depends on what's the location you are, the shipping costs. But like you can see, it's a four in one unit. so all together it's about like six thousands okay so you can buy the whole suite of products yes like speak up like around like six thousands to seven thousands i see that's a that's a lot of kid payments but i think it's something a lot of people want to do is not do yard work thank you yes thank you.

[5:04]

CES 2025: PLAUD AI Voice Recorder

[5:08]We've been talking a lot about AI at CES this week, as you would expect, but I'm talking to Alaina from Plod.ai. They have wearable AI, and she's going to tell us all about it. Sure. So we have this AI voice recorders that helps you record the meeting or conversations and then give you AI-generated transcripts and summaries. So you don't need to type your meeting minutes ever again. That sounds good. So what are the form factors for this? So for this one, it's our first product. It's called Plot Note. You can carry it around just with your phone. We have this magnet-compatible case that's included in every package. And for this one, we launched in 2024. It's a wearable device that you can wear as a necklace, a wristband, or a pin, or a back clip. Four ways of wearing it. So these are devices that have a microphone, record the audio, figure out, do a transcription of it. And then what happens next? Correct. We'll give you everything. The transcripts, the audio file, the summarization, and map and to-do list. Everything. So we're on a to-do list. Okay. Well, shoot. I'm going to get action items out of this. That's not good. But so this device that's on your wrist, she's got a beautiful bracelet. It's kind of a lozenge sitting on a bracelet. Looks lovely. And I can see it as a lovely necklace here.

[6:29]I'm confused. How does it get from that device to giving me all this information? Is it uploading to the cloud? What's going on here? That's correct. So the recording files are stored on device. We have a 64 gigabytes local storage. And when you start to generate the transcripts and summaries, that's when you upload the recording files to the Google Cloud. That's where we process the voice to text and text to summaries. Does it go from the device on your wrist to your phone and then up to the cloud? Correct. And it's a Google Cloud, you said? Yes. Let's talk about security then. What's happening up in the cloud? Well, it's encrypted, so we don't have access to your conversation. We only use the Large Language Models API to process the voice files. And because we're using the business enterprise API, the Large Language Models company also promised that they don't use your conversation data to train their machine. They will or will not? They will not. They will not. And what large language model is it? GPT-4.0 and Cloud 3.5. Very, very interesting. The smartest ones.

[7:39]So far, you don't know what's going to happen tomorrow, right? Exactly. So let's say I wanted this one that's got the magnetic connector, so it's basically like a MagSafe wallet on the back. Looks like a credit card, but that's actually recording. How much does that cost? This one is $159. available on our website on Amazon in Best Buy. And then is there a monthly subscription? No, we have a starter plan that after you buy this device and have your own account, you can already start using it. We have 300 minutes of free quota every month to the starter plan users. Oh, that's a good idea. And then what about this lozenge wearable device for the necklace and the bracelet? Yeah, so this is $169 because we have this whole accessory kit that goes with it. Okay, so it's pretty. Now, I'm not sure the men are going to like it, but I think it's adorable. Thank you. All right. So if people wanted to learn more about Plot.ai, where would they go? Just go to www.plot.ai. There you go. That was a setup. But you also said that some of these products are on Amazon already. Yes, they're both on Amazon. They are. Very cool. Thank you for talking to us. Thank you.

[8:46]After Steve posted the video about Plod AI, Marty Gensius wrote in our Slack that he has been using Plod for a while and he's very pleased with it. I asked if he'd like to drop in a note about his experience, and he did. I'm Marty Gensius, sometimes known in the castaways as Drunk Nick Nolte. Allison, thanks for asking me about the Plod Note and the Plod Note pen. You know, I like to overdo it, so of course I own both. I discovered Ploud products a couple of months ago when I was unceremoniously volunteered to take minutes at our every other week, three hour long faculty meeting. Typing is not my strong suit and writing notes by hand wasn't even a consideration. Ploud became my go to solution for note taking.

[9:33]I record the meetings using my plowed note, pausing when sensitive student topics come up, and then generating a transcript from that meeting. Our meetings follow a comprehensive agenda with specific sections led by different faculty, so I take that transcription and generate a summary. Then I combine the summary, the full transcription, the official agenda, and my own version with action items and notes and put all of that into ChatGPT. From there, I ask ChatGPT to generate meeting minutes that follow our agenda format and export the results in Word so I can make few edits before sharing it with the team.

[10:19]It's an efficient and sanity-saving system. I'm currently at the American Counseling Association Conference in Orlando, Florida, and I've been using both the Plowed Note and PIN during various division board meetings. I've taken over the note-taking role in several sessions to give folks a break, and the devices performed really well using the same workflow I use back home. I'm also presenting at the conference on AI tools for counseling practitioners, and I've incorporated a live demo of the plowed devices into my session. The responses have been great. Attendees have been intrigued, impressed, and even a few got online mid-session to order one for themselves. It's been fun showing how these tools can ease the documentation burden in professional settings, especially for those of us who'd rather not be stuck typing for hours after a long meeting. Well, that's great, Marty. You know, I didn't take it terribly seriously when I saw it because we see so many things that don't turn out to be that amazing. I try not to get too excited, but this really does make me intrigued. It also makes me remember something important I learned when I read Dilbert's guide to.

[11:30]I don't know if it was Guide to Management, but one of the things he said to do was to volunteer to take notes and then assign action items to people who would have never said that they would ever do that thing, and then you never have to do it again. So that's something I always lived by. Anyway, thanks for the impromptu review.

[11:48]

Replacing a Big-Boy Camcorder with a DJI Osmo Pocket 3 & Mic2

[11:51]If you've enjoyed watching Steve's videos of our interviews at CES and CSUN's Assistive technology conference over the years, the quality of the video you've been watching is due to his Panasonic 4K camcorder. Its large 1-slash-2.3-inch CMOS sensor gathers a fair amount of light, but it struggles a bit under really low-light conditions, which is common in some of the CES venues. It also has challenges in changing light conditions, such as if a bright monitor comes into view while he's recording two people speaking right in front of him. The biggest advantage of his camcorder is the 20x optical zoom. It was the key feature behind his spectacular videos from our Africa safari trip. But that 20x Zoom doesn't provide any advantages in doing interviews in hotel ballrooms. For a powerful camcorder, it's relatively light at 351 grams. That's like three quarters of a pound. And compared to camcorders of old, it's pretty small at 9x9x4 inches. However, he has to add a lot to the setup when we go to conferences. To get high quality audio for the videos, we use the Audio-Technica System 10 digital transmitter mic and receiver, coincidentally which we learned about at CES many years ago. The receiver is a bit bigger than a box of cards, and it slides onto the cold shoe on top of his camcorder. To hold it there, there's a threaded piece that needs to be tightened down, well, like four or five turns on those threads. The receiver has two antennas that have to be folded out to enhance the signal reception.

[13:19]The transmitter microphone looks pretty standard, but it's powered by two standard AA batteries.

[13:24]Steve can confirm the connection to the mic on his receiver's display, and the remaining battery level is shown on that receiver as well. Now, we could put new batteries in every time we start a new event, but that's a lot of e-waste, so we go as long as we can with each pair of AA batteries. It's a trade-off, though, so every day and a half or so, we have the hassle of replacing the batteries in the middle of a press event. Hopefully not in the middle of a recording with a press event. Steve usually has me stop when it's down to, say, one bar. Anyway, we moved to this fancy new digital audio system in 2015, a decade ago.

[13:59]Once you add the receiver to the camcorder, now it becomes reasonably heavy to hold by hand during interviews, so Steve uses a monopod to support it. While recording interviews, Steve has to stand back a bit because the angle of view is not very wide. This creates a challenge in the press events because people often walk between me and Steve without realizing that we're recording. If you've kept a watchful eye on our videos over the years, you may have noticed me making some weird hand motions as I'm physically pushing someone out of the frame. I've done that more times than I can count.

[14:30]Well, a few years ago, I solved that by buying Steve a wide-angle lens to screw onto his camcorder to help solve that problem. It worked well, but it added even more weight to the system and even more time to screw that on during setup. While the monopod helps support the camera and gives you stable video, its length makes it very difficult for Steve to easily push in with the camera, say to get a quick close-up of what the interviewee is trying to show us. So let's review what Steve's been carrying in his backpack at CES all these years. He has to carry the camcorder, the transmitter, the receiver, spare camcorder batteries, spare AA batteries, and the monopod, and when he was using the wide-angle lens, he had to carry that as well.

[15:11]Now, setup involves getting the camcorder out of the case, sliding on the battery, screwing on the receiver onto the top with that threaded mount I mentioned. He has to attach the audio cable from the receiver to the camcorder with several service loops to take up the slack. He plugs in a mono headphone cable to the camcorder so he can monitor my voice. He has to screw on the wide-angle lens. He has to extend the monopod. And he has to screw that onto the camcorder. He has to power up the camcorder, power up the mic receiver, check the channels to make sure we're communicating. And Bob's your uncle. We're ready to go. Well, this whole process takes about five minutes. And of course, breaking it down is the reverse of the whole rigmarole. For the press events at CES and CSUN, we just set it up at the beginning of the evening, and then we break it down at the end of the event. Now, one of the reasons we don't do a lot of interviews on the big show floor is it's just not worth the overhead of setting up and breaking down if we find, you know, say one interview every couple of hours. Well, the pros of this setup is that you get this high quality video and audio for the interviews, which is the most important thing. The cons are it's heavy and bulky for Steve to carry and the setup and breakdown process denies you any spontaneous interviews.

[16:19]At this point, you've probably figured out that something's coming here. Well, over the few months leading up to CES earlier this year, my friend started talking about an intriguing little camera, the DJI Osmo Pocket 3. Now, this has actually been out for over a year, but I've just started to learn about it. My good friend Pat Dangler has the Osmo Pocket 3, and Rob Dunwood bought one just for CES.

[16:42]As we lugged around, well, I should say Steve lugged around his giant backpack of gear for recording, here's 6'5", former defense tackle Rob Dunwood carrying this teeny tiny little camera about the size of three fingers. Well, four things prompted me to start looking at the Pocket 3. Saving Steve's aching back, Steve's birthday was coming up in April, CSUN was coming up even sooner, which would be a perfect test case for whether this tiny camera could replace Steve's rig for CES next year, and we have a trip to Japan in April, where a small video camera might be fun. Before I go much further, I really should describe the DJI Osmo Pocket 3. I'm going to call it the Pocket 3 from here on out because that's a mouthful. Picture a five and a half inch long rectangular device that's 1.7 by 1.3 in cross-section. The top is a tiny gimbal holding that small camera. Along the length of the handle is a two inch touchscreen. If you rotate the touchscreen 90 degrees so it's perpendicular to the handle, the gimbal and camera spring into life. And this entire thing weighs 179 grams or 6 ounces. The Osmo Pocket 3 is $519 and it comes with a few accessories. The base package includes a protective cover that easily snaps onto the camera and a short handle you attach via USB-C to the bottom of the handle. This short handle makes it a little easier to hold and it adds a standard quarter 20 thread mount for mounting a tripod.

[18:05]Both Rob and Pat suggested I buy more than the base package, though. They said I should consider buying the Osmo Pocket 3 Creator Combo for $669.

[18:15]In addition to the protective cover and the short handle, this package also comes with a longer handle that is a battery. Pat said that the Pocket 3 is so small that it is hard to hold in the hand and reach the record button and the little joystick, so adding this battery handle helps even more than the short handle with ergonomics, plus gives you more battery power. The Creator Combo also includes a mini tripod, a carrying case, and probably the most important accessory, a DJI Mic 2 wireless transmitter. This itty-bitty little mic is no bigger than a box of Tic Tacs. The Mic 2 transmitter has a built-in clip so you can attach it to your collar, or you can use a tiny but powerful magnet if you want to, say, have it lower down on your shirt. It automatically transmits the audio wirelessly to the Pocket 3. When all of these accessories are packed up, the included case literally fits in the palm of your hand. Now, normally, when I do research on a big purchase like this, I would do it with Steve, but I wanted this to be a surprise. As I read about the Pocket 3 and I watched videos about how awesome it was, I saw videos that Pat had taken to Disneyland with it, and I started to think this might be a viable solution for Steve. The one thing holding me back was whether this tiny camera would be able to do well in the challenging light in hotel ballrooms for CES press events. It's not just low light. It's, you know, nasty overhead lighting and has this ghastly yellow tint to it. It's just awful.

[19:43]Well, the question is, could this tiny camera have a sensor big enough to gather the amount of light gathered by the big boy camcorder's sensor? I looked up the specs on both cameras, and I found the answer, but the way sensors are measured and described is kind of weird. Steve's Panasonic camcorder has an image sensor that's specced as 1 slash 2.3 inch. Now, using simple fractions, you would think that's a little smaller than a half an inch, but you'd be wrong.

[20:10]The Pocket 3 specs say its sensor is 1 inch. You'd think that means 1 inch. You'd be wrong again. I'm not going to go through all the background to explain this or even the math to get us to the correct answer. But I will tell you the correct answer. The camcorder's 1 slash 2.3 inch sensor measures 0.3 inches diagonally. The Pocket 3's 1 inch sensor measures 0.7 inches diagonally. To put it more simply, the sensor in the diminutive DJI Osmo Pocket 3 is significantly larger than the Panasonic camcorder, which means that surprisingly, it should be able to outperform the camcorder in our challenging recording environments. I still wasn't convinced. So I asked Rob if he could send me a link to some of the video interviews he recorded at CES with his Pocket 3. I was blown away at how great they looked. I was pretty darn sure Steve would be really happy with this very early birthday present, and I was right. I gave Steve the camera before CSUN is planned, and he dug into learning it straight away. I downloaded the manual and I even printed it out. But to be perfectly honest, it was way easier to learn by watching online videos. There's lots of material out there to teach you how to use it.

[21:21]Turning on the Pocket 3 is super simple. I kind of mentioned it up front. You rotate that touchscreen 90 degrees and you're in business. The controls for the camera are accessed by swiping down, left, right, and up on that little 2-inch screen. Steve took to it quite quickly because of his experience with the GoPro camera. The controls aren't the same, but the gestures were very familiar. The gimbal is one of the best parts of the camera because it helps stabilize the image so there's no camera shake or tilt.

[21:49]The gimbal has several different modes, and I'm not going to go through all of the ones we experimented with. There's a mode, for example, that does face tracking, which is great if you're doing maybe a selfie video, but we settled on the one that keeps the horizon stable but does not track the subject. Steve needs to be able to point the camera at me and the person I'm interviewing, but then also to be able to nimbly pan the camera to the product we're talking about. Speaking of nimbly, you can change the speed at which the gimbal reacts as you swing the camera around. If Steve were to violently swing the camera down to look at the ports on a battery system and then whip it back up to look at me, ideally the gimbal would slow down his movement to smooth it out. With the speed controls on the gimbal, Steve can choose to have the camera slowly follow his movement, go at medium speed, or go quickly to his new position. We did some experiments and the fast setting best met our needs, but he will have to be careful to not move too quickly or the video could get a bit jerky. Luckily, he's had a lot of practice doing smooth pans without a gimbal, so I think we'll be okay.

[22:51]It also helped to watch Rob's first video attempt at CES to cement the fact that we did not want face detection. As I mentioned, Rob is 6 foot 5 inches tall. He doesn't have a videographer as I do, so he put the Pocket 3 in selfie mode and he held it at arm's length with the camera in face tracking mode. It would have been perfect, except the gentleman he was interviewing was a full head shorter than he was. The camera locked onto Rob's face, so he was perfectly centered, but that left the other gentleman basically with his chin resting on the bottom of the frame. As I said, this was Rob's first attempt, so it was a learning experience for him, and we were glad we saw it before we did our tests.

[23:28]When explaining Steve's camcorder setup, I explained that he monitors my audio from the wireless mic using a mono headphone plugged into the camcorder. This is easy with the Pocket 3. The camera has a USB-C connector on the bottom where Steve can plug in a headphone adapter to monitor the audio from the mic too. If the battery handle is connected via that USB-C connector, the handle itself has another USB-C connector that supplies the audio signal. It looks a little dopey though as the USB-C port is on the side, so the adapter and the headphone cable are kind of sticking straight out towards the subject. The adapter we have is white, so I might get him a black one to make it at least a little more subtle. Then the tic-tac-sized Mic 2 transmitter would be pretty weird to hold in my fingertips to do interviews, so Rob recommended this cheap mic handle stick thing. It's basically a piece of plastic that has a slot into which you can slide the Mic 2. We were able to add my fancy no-silicast mic flag to the stick. It makes the Mic 2 look like a big girl microphone. And we spent a lot of time reading up on how do we make the Mic 2 connect to the camera. All that research was time wasted because you turn on the Mic 2 and the camera goes, got it.

[24:38]Seriously, that was it. It was just like, yep, I'm on. Once the mic connects, Steve can see little bouncy level lines for the audio in to verify the levels are good. When Steve used to record with his big boy camcorder, he would have to give me a hand signal to tell me when he started recording. But with the new Pocket 3, the Mic 2 actually vibrates as soon as he hits record, so I already know he's ready and recording. We'll probably stick with the hand signal for now because we've been doing it so long it's just habit, but it's cool that I have that vibration to let me know it's time to start the interview. With the Pocket 3 paired with the DJI Mic 2, the Pocket 3 records the audio and video to a micro SD card. It has no internal storage. Additionally, though, the Mic 2 transmitter automatically stores a backup recording locally to its internal storage. It was a nice surprise to have this backup. The audio quality of the Mic 2 transmitters is really good for video interviews. I wondered if maybe it would be good enough to use as my Rode mic when we go down to Lindsay's, but it wasn't quite up to my standards for that use. Pretty good, but not good enough. The USB-C connector on the bottom of the camera can be used for data transfer and for charging. The battery's handle USB-C connector can also be used to charge it. If the camera is less than fully charged, connecting the handle will charge the camera back up, depleting the battery handle. The MIC-2 transmitters have USB-C ports for data transfer and charging of them.

[26:04]The mini tripod that comes with the Creator Combo is adorable. It's not much bigger than your thumb, and it weighs practically nothing, but it gives the Pocket 3 a nice stable base. You can't connect the tripod directly to the Pocket 3, because remember, the camera only has that USB-C connector on the bottom. But both the standalone camera and the Creator Combo kit come with a mini handle that plugs in via USB-C, and that's what sports the 1.4-20 thread for attaching to the tripod. If you buy the Creator Combo and get the battery handle, it also has the threads to attach to a tripod. Now the Pocket 3 supports adding additional lens adapters to the camera. They're wee tiny since the camera is wee tiny and they magnetically snap on in front of the camera lens. The Crater Combo comes with a wide angle lens you can pop on to expand the field of view from its standard 92 degrees to 108 degrees. As it turns out that 92 degree field of view of the Pocket 3 is well wide enough for Steve to easily capture the interview subjects without having to stand back very far, so we didn't need to use that snap-on lens, and nobody walked between us when we were at CSUN.

[27:09]Steve also bought a magnetic variable neutral density filter, also on Rob Dunwood's recommendation. He explained that in outdoor filming, that big sensor gathers a little too much light. So if you want a shallow depth of field, you need to stop the sensor down a bit so the aperture can open up more to give you the shallow depth of field. We haven't tested out the $18 third-party filter from K&F yet, but it looks pretty nifty. The base model and crater combo both come with a protective plastic case, and there's even a little magnet inside that'll allow you to hold any of the available magnetic lenses, DJI, and third-party cell.

[27:46]All right, enough description of the camera. Let's talk about real-world performance at the CSUN Assistive Technology Conference. We're happy to confirm that the video quality is fantastic. It did a surprisingly good job of automatically adjusting video settings under terrible lighting conditions. One of the problems Steve's had in trying to take videos at trade shows is he often has to shoot the interview with a giant video screen in the background. Inevitably, the exposure changes to make the display look good, causing the faces to be super dark, or it exposes the faces, and then the video screen is completely blown out. While at CSUN, I was chatting with someone in front of a super bright screen, and he was delighted to review the recorded footage because the Pocket 3 did a fantastic job of exposing both at the same time. One reason for this is probably the advancements that have been made in digital signal processing in the years since his camcorder was first developed, but it was still a delight to see how the Pocket 3 performed. The audio sounds great too, and we confirmed that we have a full backup of the audio on the Mic 2 transmitter.

[28:50]After one of our first interviews, we were walking away and Steve was swiping on the little screen to perform some function when a trash can appeared. He tried to swipe it away and inadvertently hit it instead. To our dismay, the file was deleted and there is no trash can to go back to if this happens. No undo that we could find. Luckily, I had told the guy we just interviewed that we had a new camera and we were still learning it, so when we went back, he was quite gracious letting us record again. Steve learned to be very cautious if that trash can pops up again.

[29:23]When we were doing practice recordings at home, Steve found at one point that he couldn't hear me through his mono headphone, like it had been working, and then he couldn't hear me. We swapped out the USB-C to audio jack adapter, and that didn't fix it. We swapped out the headphone itself, but he still couldn't hear me. At some point, the problem went away, but we didn't remember or figure out what had fixed it. I bring this up because while we were at CSUN, it happened again.

[29:48]Luckily, Pat Dangler was actually with us at CSUN, so we started troubleshooting with her. She suggested Steve unplug the battery handle and plug the headphone adapter directly into the bottom of the camera. He could hear again. We figured out that the reason he lost audio was that the battery handle was completely depleted. Without power on the handle, he couldn't transmit the audio signal to his headphone. We don't know whether this was the same cause of the failure when we were at home, but it very well might have been. At least we know what the problem is now. We were kind of surprised that the battery handle depleted in just a couple of hours. We looked up the specs and it's only 950 mAh. I happen to have my 10,000 mAh battery with me, so I was able to recharge it for use again after lunch. That seemed like kind of a silly solution to carry a battery to charge a battery to charge your camcorder. When we got home, Steve just bought another DJI battery handle for $69 on Amazon. There are less expensive battery handles from third parties, and I was kind of pushing Steve to save some money, but he decided to stick with DJI for this particular product. That also made us go look up the battery specs for the camera itself, and it's only 1,300 mAh. I know the camera's big benefit is how small and light it is, but I expected we'd be able to record the four or five hours we were at the show with the battery handle attached. The spare battery handle doesn't weigh that much, but it does diminish the simplicity of what Steve has to carry.

[31:12]I mentioned early on that the giant camcorder on the monopod made it hard for Steve to push in really close on a piece of electronics to get a tight shot. With the Pocket 3, it was a dream for him to move in and out, and the gimbal kept the Ryzen steady and the video panning nice and smooth. It's kind of a tease that you haven't seen any of these videos yet, but this is a good way for you to judge the new ones that are going to be coming up soon. It's time for the bottom line. While the 20x optical zoom of Steve's camcorder was priceless for capturing a cheetah in a tree a quarter of a mile away in Africa? For doing interviews at tech conferences, there is no question that the DJI Osmo Pocket 3 with Mic 2 transmitter is a much better solution. It's lighter, it's smaller, it's less complex to set up, it has vastly improved low-light performance, the transmitter captures a backup recording of the audio, the camera's gimbal mount provides smoother motion, it doesn't require a monopod to hold for long periods of time, and the entire kit has rechargeable batteries. At $669, the Pocket 3 Creator Combo is not cheap, but if we were to replace, say, Steve's camcorder with the current model from Panasonic, it would be $800, and that doesn't include the microphone transmitter, receiver, and monopod. We'll have to keep an eye on the battery levels, but overall, Steve and I are delighted with the DJI Osmo Pocket 3 and Mic 2.

[32:32]

CES 2025: TEWKE Intelligent Light Switch

[32:36]Well, as long as you put the buzzword of AI into a press release, I'm going to show up. So I'm here at the TOOC booth with Piers Daniel, and he's going to tell us about their smart switch. I'm sorry, smart. Intelligent smart switch. Intelligence. Yeah, yeah. No dumb one. Exactly. So we're from London. We spent the last few years developing what we believe is the next generation of light switch. And the reason we're building it is because we want to build a smart grid. And the best way of doing a smart grid is to control energy within the home. So what we do is we replace any light switch. So in America, Europe, and it becomes an intelligent sort of control for Lutron style home automation platform. And meanwhile, in the background, so you've got really cool, you've got lots of sensors. So we've crammed our light switch full of nine sensors. And what it gives us is a really good insight as to how you live in your home and what you're doing. So automation is super simple.

[33:32]You know, five-year-old and 95-year-old can use it without instruction. But in behind the scenes, we're using all this data to understand, you know, is your humidity right? Do you need to open a window? Have you got molds? All the elements that actually become part of how do you create an efficient, safe home. So where is it getting the data that it's displaying? So we've got all that in the light switch itself. Oh, the humidity and the air quality? Everything is in this device here. So I can just take this off. So everything is built in. So we manufacture this in London. And the idea is that when we come to the U.S., we'll manufacture in the U.S. as well. So what he's got in his hand, some people are only listening, is what, maybe three, three and a half inches across square. It's like we talk about it being half an iPhone. There you go. So it's just an OLED screen.

[34:20]Very bright. We can't call it a tablet because in Europe, they'll make us put a USB port into it if it's called a tablet. That's right. So it's not a tablet. it. So as you can see, it's telling us we have to put it back onto the dock. So we replaced the light switch with something called a wall dock and it still has physical buttons on it. So you can still switch the lights on and off. So you don't need to worry about technology taking over your life. And then you put the wall dock, the panel back onto the wall dock, and then it just connects up. It meshes with the other light switches in the house using a technology called Thread. Oh yeah. And then we're matter compatible so that we can then talk to other devices within your home. And then what we do is we, in the background, we look at how your energy consumption is. So in the UK, we're talking to your smart meter. We're talking to your plugs, so smart plugs. And we're then starting to optimize your energy consumption. So like my mother used to nag me to turn the lights off or turn the temperature down, we're doing all of that continuously in the background. And in London, we're saving about 50% of the energy cost just by installing our light switches. So that's not installing insulation. that's not installing solar, heat pumps, batteries. Just by putting our light switches in, we're saving half the costs of the energy consumption in the home.

[35:31]30 percent of the actual consumption is being saved and so for us i'm gonna i'm gonna challenge you a little bit the lights today since they're leds and and uh they don't save you very much at all right that's not i don't see a little micro savings and then the uh obviously we talk to thermostats so we can we can control those and we talk to white i flick on my uh my electric oven and all that savings gone it has but but also in the uk for example which i think is coming to the US is time of day tariffs. Yeah, we have that. Okay, well, not all states do yet. But in the UK, we've got it down to 30 minutes. So every 30 minutes, the tariff changes.

[36:09]And but you know, as a consumer, I can understand that because I'm a geek. My wife, my children don't give a shit about that sort of thing. Sorry, apologies for profanity. They don't care about those sorts of things. So what you need is a device that's automatically managing that. So the feedback we give to the user is wait 20 minutes, you'll save $2.

[36:30]And what we're trying to do is nudge people in the same way you're nudged into doing recycling. We try and nudge you into actually changing your behavior. And by changing your behavior, 60% of all consumption in the home is user driven.

[36:43]Okay. So if I'm deciding when to run the dishwasher, for example, I tried to turn it on at 840, it's going to go, man, if you just waited till nine, that would cost you this much Exactly. And what we're doing in London is we're talking to the smart socket behind your dishwasher. So when it actually turns on, we turn it off. And most washing machines remember their status. So the moment the power gets turned back on again, they continue their cycle. So we're turning unsmart devices smart. So it sounds like we have to have a lot of outlets put into the house to have this work. And that's our next product is actually the plug socket. So really smart, very nice plug socket, LED ring in it. It glows different colors depending on energy consumption, help train you again. So that, you know, for us, the ecosystem is light switch and plug socket. That's our control. Everything else we just talk to using an API or matter. I'll tell you what else would be great is if you had, say, your TV and your DVD player or your Apple TV plugged into an outlet that was smart, that knew that you don't watch TV in the middle of the night and it turned off all of those little LEDs, right? We've got about a million of them just in our bedroom. So we reckon 10% of all energy in the home is just passive power. Right, right. So it's just, you know, we saw a PlayStation 3 consumes 22 watts of energy off.

[38:01]Are you serious? Oh, man. So just 22 watts all the time, just being off, not being used. And that's where the AI bit comes in because we use something called neurosymbolic AI.

[38:11]Say that again. That's a fun word. Neurosymbolic. So it's where basically we teach the AI engine some basic rules, but 90% of its learning comes from the user in the home. And it's about your home, not about my home. So we're not interested in big data. So it's the opposite model of AI. What we're interested in is your individual behavior processed locally on the switch, understands your behavior. And by your interaction with the switch, you teach the AI engine. So if we do something and you don't like it and you switch it back, we learn that.

[38:43]And then the next part is about giving you really natural language communication. So open a window. you know turn the heating down you know turn off this turn on that and that you know you'll save two two dollars you'll save five dollars and that becomes part of then you learn it it seems like that's sort of gamifying it too right exactly yeah and i think you know that's why it's all like lots of pretty colors uh but in a way that's classy you know we're bringing a bit of class to this so we don't we want it to be a sexy product that you know if you got it under the christmas tree, you would be happy not not not upset that your your uh your partners bought you a light switch there you go sort of like think of it as nest 2.0 oh yeah yeah that's exactly what it sounded like nest would have done the light switch had they not got bought by google and i think this is this is the hardest part and the really hard part for light switches is that a lot of light switches don't have a neutral wire so um what it means is the lights are in series so that when the light switch is off, there's no power going through the circuit. So no company has really been able to put technology in a light switch without that neutral wire. You don't know if you haven't got one until you take your light switch off the wall.

[39:54]And what we've done is developed the tech and patented it that allows us to put any technology, our technology straight into any light switch. Whether it's got a neutral wire or not. Exactly. So the really unique bit of our proposition is we don't need a neutral wire. And that will unlock the whole marketplace. Whereas, you know, we might have only 5% or 10% of users currently using smart home and certainly automated lighting. We can penetrate 100%. That's fascinating. So how this is powered from the light switch itself? Yeah. So everything- Because you didn't put a USB-C port in it. No, exactly. So yeah, the power comes from the light switch. We use a combination of parasitic power and a battery within our device to basically manage the lighting. But to do that effectively, we've had to make it a really hardcore, low energy supply to the switch. So we've written our own software. We've built our own hardware. So everything is us. Just so that we haven't used a third party software like Android or anything. It's our own operating system, our own embedded code. And that enables us to be super energy efficient. Now, how much energy does that fancy the OLED display use? Not very much at all, because if you notice, most of it's off.

[41:06]So, most of it's black, there's a light blue ring around the light switch. Exactly. And actually, if we're not in demo mode, like we are now, when you walk away from it, it actually just turns off completely. So you just tap the screen and it waits? No, we've got a Doppler radar. So as you walk up to it, comes to life. Of course you do. Yeah, of course you're using gum. Of course we do. We put everything into these things. You are a geek. Yeah, yeah, yeah, exactly. Well, no, I'm not. My team are. I have a dream and that's what we're trying to build. So what questions have I forgotten to ask other than where did the name Tuke come from? T-E-W-K-E. Yeah, so Tuke came from, because I'm an old romantic, my wife came from a little village in England called Tewksbury. But trying to start any company, this is probably my sixth company, so I've had a number of exits in the UK. I'm invested in gut health, education, fashion, and technology. And this is my first energy business. But the problem with any company is trying to get a name. And I really wanted a dot-com because if you want to go global, you need a dot-com. And I also want to be one syllable and not mean a rude word in Korean or something. So you have to make a word up. So Chooksbury, Chook, I thought I can do that. I hadn't appreciated every nationality is going to call it something else. So I think Chuky is the preference for Americans on the whole. But Chuky is a bit like Nike or something else. But anyway. There you go. There you go. So it's T-E-W-K-E. And where would people go to find out more about it? Just Chuky.com.

[42:31]That's right. Dot com. I should have known that. There we go. And what do you, what's your price on this? So at the moment, we're sort of in our MVP development mode. So we're installing in London, in the UK. We are doing another raise, so we're going to come to market in the US, hopefully in the summer. And we will manufacture in the US. So we've made everything in-house, so we will bring it all to the America. America is going to be the best market for this. You guys have an amazing... I used to live in Alaska and Colorado when I was younger, so I'll be coming home with my English accent. But the idea is that we bring everything with us.

[43:13]DIY install through third parties and maybe through some larger distribution partners. We've also designed it BOEM. So if we have a big enough partner, we could give it to them a white label and then use the Chuuk software and platform to then run it. Very good. This sounds fantastic. I hope you're successful because it turns out that energy thing, that's a real problem. It is. And we anticipate $1 trillion is wasted a year on energy consumption. I think half of it's at my house. Yeah, probably. Or mine, because I'm not there. They've got everything on running at the moment. Thank you very much for your time. Appreciate it. Thank you very much.

[43:49]

Support the Show

[43:53]Hey, I do a podcast and I don't do ads. Want to support the show? Go to podfeed.com slash Patreon, and I would appreciate it very much.

[44:02]

Security Bits — 30 March 2025 (Bart Solo)

[44:03]Music.

[44:12]Hi folks, Bart here with one of those rare solo security bit segment-y things. Alison is away having fun family time. I was away yesterday having really fun family time. And Alison is also getting ready to do that whole travelling halfway around the globe thing that she likes to do. So, oh yeah, and our clocks are changing as well. So it's complete chaos here today in Ireland, or for me anyway. So basically, it did work out for me to have time to prepare and record a security bits, but not at the same time that Alison had the time and the mental space, etc, etc, etc, to join me for it. So you're going to have to make do with just a little old me telling you what's going on in terms of security since we last spoke two weeks ago.

[44:59]Let's start with a little bit of follow-up. We spoke last time about an update to a story where Microsoft had reacted extremely proactively to the potential of malware being found in the VS Code marketplace, only it turns out they shot first looked second.

[45:19]And what I had said was what they should do is rather than deleting suspect plugins immediately and booting the developers straight off the store they should suspend the plugins and or the developer accounts investigate and then act for real either you know making a suspension a permanent removal or if they discover oopsie it's clean after all just restore everything which is what they ended up doing last time and i'm used that all in all it was a good response users were protected very quickly when apple when microsoft discovered they got it wrong they rolled back very graciously. But I said, oh my God, I hope the lesson they learn is not, oh, we best not respond promptly. Well, I don't think that is the lesson they've learned because we now know that they have removed two more extensions for deploying early stage ransomware. These haven't been rolled back. This looks like it really was real. So it would appear that Microsoft have taken the appropriate lessons from the somewhat public debacle. And we seem to be in a good place, keeping the VS Code marketplace well-maintained, well-gardened, which is great because many of us in Scylla Castaways are very big fans of VS Code.

[46:37]Sadly, another thing many of us in Scylla Castaways are really big fans of, especially if you're playing along with programming by stealth, is GitHub. And I don't want to go into these in great detail every single time because this has now become a story arc in the way that for a couple of years everyone's attacking adobe products was a story arc and everyone is attacking over sms trying to trick you into giving up your cryptocurrency is a long long long running story arc a story arc we've talked about quite a few times now is that attackers are going after developers and they're going after them in places developers naturally congregate so-called watering hole attacks and one of those places where an awful, awful, awful lot of developers congregate and do an awful lot of work is GitHub because it's a fantastic service. And unfortunately, that means that they are continuing to focus their attention on GitHub. And there's two news stories that have broken in the last two weeks. They really make quite a few headlines.

[47:37]So I've broken these down into lessons you should take away, as opposed to going into all the fine detail. Links are in the show notes for all the fine detail. But one thing you should note is that the GitHub people, if they discover some sort of an issue with your system, they're not going to communicate with you by sending you a message through the GitHub issues feature, which will cause an email to come to you telling you a new issue has been opened, and then asking you to click a link to authorize an app, which will then use the OAuth workflow, where it'll say, hey, you're about to grant blah-de-blah app, but you'll have a convincing-looking name that's completely fake, the following permissions on your repository, and you click yes to give the app access. Well, that is the OAuth workflow you would use to authorize a legitimate GitHub client.

[48:27]But if something comes to you as a GitHub issue, asking you to authorize an app, it's not legitimate. It may use words to make you think it's legitimate. It absolutely positively is not legitimate. That is not an appropriate way for GitHub to communicate with you. And it's absolutely not a way GitHub are going to ask you to give them permission on your repository. In fact, they're never going to ask you to give them permission on your repository. So the whole thing's a scam. And of course, once you grant an OAuth access to a malicious app, that malicious app can do anything that the permissions you said okay to can do, which is a fantastic way to get your GitHub project hacked. So be very aware of authorizing, you know, this app would like the following permissions. Unless you really are trying to do something where you are installing an app that you really want, don't approve any apps do anything. Full stop. End of story.

[49:18]Another little takeaway is that we've talked quite recently on Programming by Stealth about the powers of the CICD implementation GitHub offers called GitHub Workflows, which are made up of GitHub Actions. And there is a store where you can get a whole bunch of those actions. And many, many, many really important ones are maintained by GitHub themselves, but the marketplace also allows third parties to add actions. And those third parties are even further broken down into third parties that have done something to earn some trust from GitHub and just randomers on the Internet. And on the show, I made a point of saying, you know, if you're going to go into the marketplace to get stuff, stick with the verified developers. But actually, I think based on what's happened in the last two weeks, you should go even further and where possible, stick to the stuff from GitHub themselves.

[50:16]Now, the word I actually use in this one is minimize your use of actions that are not from GitHub themselves. Because a bit like plugins and WordPress and so forth, if you have a need, you have a need. And if you're making an informed decision to accept a risk, well, you're making an informed decision to accept a risk. But just don't go around installing every plugin that vaguely strikes your fancy, maybe, because every single plugin is a risk. And every single GitHub action you bring into your workflow is a risk. So there's a risk and reward, you're getting cool automation that's making your life easier. But again, it's a trade-off. So make that trade-off in an informed way, and then I'll be not complaining at you. I'm going to tread a little bit lightly here, and I particularly miss having Alison here to keep me on the rails for this story. So for this next piece of follow-up, we are shifting our focus to the United States, where longtime friend of the show, Brian Krebs, continues to do absolutely sterling work on, documenting for us the actual effect on the national cybersecurity of the United States of America of the, I'm going to use the diplomatic phrase, Doge chaos.

[51:30]I think we had already mentioned last time we recorded that one of the things Brian Krebs had warned everyone about was that Doge had fired a bunch of CISA staff. Now CISA is the Cybersecurity and Information Security Agency for the United States. They're a relatively new department, but they do absolutely sterling work. And the concept of, well, we will make mistakes and we will correct them was applied to CISA and they fired lots of people. And then someone went, oh, I wonder if we need protection from cybersecurity threats. Oh, sugar, we do. Let's hire those people back. Unfortunately, they were fired in a ham-fisted way so that the agency was incapable of contacting the recently fired staff to offer them their jobs back. So the best they could do was ask the media to put the word out and ask the people involved to please get in touch with CISA through their personal communication channels.

[52:36]Well, to say that that's open to abuse by hostile nations is the understatement of the century. That is a spectacularly terrible idea in terms of cybersecurity. Hey, people who claim to be cybersecurity experts who want their job back deep within the United States government, contact us. Oh my god, that should be the other way around, right? This is absolutely terrible. I don't want to go on in detail about this because thankfully I don't do a American home news podcast. This is cybersecurity. So I can just say that if the intention of the Department of government efficiency is to more efficiently protect the cybersecurity of the United States of America, then so far, the agency is failing miserably. And Ryan Krebs is continuing to do sterling work highlighting the real dangers that chaos calls.

[53:41]Now, criticizing other governments, Citizens Lab, I believe they're based in Canada, they have a long track record of doing sterling work at exposing how governments abuse or use, depending on your point of view, grey hat hacking tools like Pegasus and Pegatron and all these various things we've mentioned that for some reason all seem to come out of Israel. Anyway, Citizen Lab monitor those and they have helped Apple to do a better job of securing iOS they have helped Google capture all sorts of problems in Android they've helped Meta tidy up some stuff on WhatsApp they have done sterling work over the years they have a new report out and they have pretty strong evidence that six, what I would consider to be Western governments are using, in this case, the Pegatron spyware, to attack...

[54:36]Basically civilians in their own countries, which is a civil liberties attack. Six governments, and they would be in alphabetical order, Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Denmark in particular surprises me as a European. We're used to having a different attitude to these things in the Scandinavian countries. Cyprus surprises me because it's a very, very small country who I wouldn't think would have the budget for such things. And, well, Canada's the home of Citizens Lab. That's sort of surprising too, isn't it? Anyway, we shall leave it there. I'm almost done carefully tiptoeing around landmines and hoping I haven't crossed any sort of line Allison would prefer me not to cross, but I'm afraid to say we have a deep dive which ventures back into American waters.

[55:31]As I say, we are not a news podcast, so thankfully we don't have to go into the nitty-gritty details, but it is fair to say that Signal has been in the news in the last week, and it is fair to, well, it's not fair to say, it's a factual thing to say that the President of the United States of America, when asked questions by journalists has literally called the safety of signal into question. So you, Nesilic Hastowicz, may be wondering, is signal safe? I'll give you the TLDR, and now I'll go into the details. For personal use and for authorized corporate use in compliance with corporate policies, yes, yes, yes, yes, yes, signal is completely safe. The issue is not with the safety of signal.

[56:23]So from the point of view of our discussion here these are the pertinent facts of this, latest i don't know what gate we've attached to it i'm guessing signal gate i haven't to be honest i haven't even checked what the media are what silly name they've tagged onto it but everything ends in gate i bet you it's signal gate so from our point of view we're going to keep to the really core facts we're going to keep the three facts senior u.s government officials were chatting about planned military strikes on Signal, and they were including in those conversations precise details about timing, targeting, and specific military assets that would be used for this not-yet-happened military action. Somehow, someone, apparently without intending to, added a journalist to that chat with all of this very sensitive information.

[57:16]That is a second pertinent fact the third personal fact that there are laws and regulations in the united states covering the dissemination of this kind of sensitive military information and these communications were not compliant with those laws and regulations so those are the facts without going into the detail or the controversy bits so why is it simultaneously true that this kind of use of signal, as has happened in this high-profile story, is not safe. But simultaneously, it's completely safe for us Masilla castaways to use signal in a personal capacity, and even for many people working for many organizations to use signal in their, you know, official capacity as an employee or an officer or whatever it is they do within an organization. What's the difference? Well, in order to understand the difference, it's very important to understand what end-to-end encryption does and doesn't do, and what makes a public service like Signal different from a private or corporate communication system, which is entirely internal to that government or organization.

[58:38]So Signal uses an open and independently audited protocol. It's very important to say that there's no secret sauce in Signal. And their protocol has been very heavily audited by the cybersecurity community over the years, for many, many years now. And their protocol doesn't invent its own wheels. It is built by basically using existing, well-known, well-documented open, and also independently audited cryptographic algorithms as sort of Lego blocks to build the Signal Protocol on top of. And so that means that you know that we can securely and transparently do the following. Right the signal protocol will share the public keys belonging to the participants in conversations in a secure and transparent way you can't basically the public keys that are in a chat can be viewed by everyone in the chat and they can be verified so all of the keys and little verification codes can be displayed within the signal app so you can use a different channel other than signal to verify that the key you think is Bob's key really is Bob's key, and so on and so forth. And...

[1:00:07]The keys you can see are the only keys. There is no mechanism by which there can be secret keys in Signal. Again, all audited by the cybersecurity community. So we know we can share the public keys of participants and that we can see them and that we know they're there. We have ways of verifying them. We also know that those public keys and their matching private keys are used to encrypt all conversations between the devices of all the participants in a chat, such that at no point between leaving one device and arriving at another can anyone, including Signal, decrypt the message. That's what it means to be end-to-end encrypted. From the moment it leaves my phone to the moment it arrives on every other phone in the chat I'm partaking in, no one else can see the data. It is undecryptable until it arrives at the other end where there is the appropriate private key to decrypt it.

[1:01:12]That is what Signal guarantees us in an extremely verifiable way. We can be highly confident. It's always possible there's a bug in Signal's protocol that no one has noticed in all these years of auditing, and it's always possible there's a mathematical weakness in the well-vetted, carefully studied cryptographic algorithms used in Signal, but to the best of our knowledge, Signal does those two things securely.

[1:01:43]Now, that's just two things. I say just. Two extremely powerful and important things, but just do things. It doesn't do anything else. Which means that of the things Signal does not, and in fact can not do, is secure the endpoints, the devices. Signal can securely transmit information between devices. But if any of the devices in that conversation are hacked, Well, then the attacker can read everything on those devices, including the securely delivered messages. You know, if you send something by a secure courier, when it arrives, it's out of the courier's protection. It's now in the protection of your building. Well, that's the equivalent of your device, right? This is no different to Brinks Ally. They can't keep the stuff safe when it arrives on the bank. That's the bank's problem. Signal can't keep stuff safe when it arrives on the phone. That's the phone's problem.

[1:02:46]Another key point to notice is that while Signal doesn't allow anyone to be secretly added to a conversation, it's a public service. Anyone on planet Earth can use Signal, which means you can accidentally add anyone on planet Earth into a Signal conversation. And yes it is possible in fact it's easy for the participants to check who is on a chat, but that involves the participants noticing the notification of who all was added if it's a big chat with 20 people being added at once you're going to get a notification that says yeah you've just been added to a chat with these 20 people if you don't notice well it's not the app has done something technologically wrong, you haven't noticed.

[1:03:38]And you can at any time go in and check the participant list. But again, if it's a long list and you haven't taken the time to very carefully go through it, you won't notice. And even if you do take the time to go through it, you're a human, you make mistakes. So ultimately, what we have here is the potential, because it's a public system, for anyone who shouldn't be on the chat to end up on the chat. And the squishy Antio-organic bits can miss that fact. The technology isn't broken here.

[1:04:06]It's the squishy organic bits are at fault here. And, you know, hey, we're involved. We're always involved. So the reason that governments and some corporations issue users with secure managed devices is to protect the data when it's at rest.

[1:04:22]The reason governments and some organizations choose to run their own private secure messaging systems, many of which can run on the Signal Protocol, by the way, because the Signal Protocol call is entirely free and open, is to ensure that no outsiders can be added to conversations because it's not a public service, it's a private service. And if you have a closed ecosystem, the humans will, the humans can still make mistakes. They just, the scope of those mistakes is limited to the organization's members of the private communication mechanism as opposed to planet earth and because the organization is running the communication system themselves the audit trail to determine the scope of any whoopsies that these squishy organic bits can still cause is within the control of the organization so the blast radius is smaller and the ability to be the ability to know what happened so you can clean up is way higher so that's very significant And that's why governments and organizations have rules about what types of information can be shared with which apps on which devices. So for US military secrets, that obviously does not include talking over the public signal system from any device.

[1:05:47]Especially not signaling a personal device.

[1:05:52]So for your own personal use, signal really is about as secure as messaging services get. And if you work for an organization that allows the use of signal in specific ways for specific types of devices for specific kinds of information, and you follow the rules, you're absolutely golden. You're not doing anything wrong. You're in fact doing things right and using very solid tooling. So, the question in this latest Trump administration scandal isn't whether or not Signal is safe, but whether the official's use of Signal in this specific way was both safe and legal. And as best as I can tell, based on the available facts, the answer to both of those questions is a resounding big no.

[1:06:43]But equally, Signal is a good choice for Nassila Castaways to stay in touch with friends and family. In fact, it's my preferred. If someone asks me for my recommendation, it is what I will recommend heartily with two thumbs up. I use it myself and I'm a donor. So I really do mean it. I am a big fan of Signal. I genuinely believe it is the best offering out there. And I put my money where my mouth is by being a regular signal donor. Right, I think that's me clear of the minefield. I don't think I've trodden on any mines. I really hope I haven't overstepped the mark because this is Alison's show. Alison gets to set the tone. Everything I've said, I would feel extremely comfortable saying on my own podcast, but while this isn't my own podcast, I'm only a guest here. So I hope I've been a good house guest, Alison.

[1:07:38]Let me know if I've messed up and I will tweak my internal algorithm for future solo Security Bits episodes. With that out of the way, let us move on to our more regular scheduled programming, starting with some action alerts. If you live in Windows land and you browse the internet, so basically if you live in Windows land, then you should probably update all of your browsers. Because while initially it looked like we had two completely unrelated stories, one saying that Mozilla has warned their Windows users to patch a critical Firefox sandbox escape flaw, and that Chrome had patched a zero-day use to spread sophisticated malware. Turns out those are two sides of the same story. Attackers are using a related technique to exploit just about every browser on Windows. These are advanced attackers, so we'll probably be talking nation states here. This is not something that's happening a dime a dozen yet. But of course now that the patches are there they can be reverse engineered and now the cat is out of the proverbial bag and now every little cyber criminal around the world is probably going to start doing this too so patchy patchy patch patch that obviously means firefox it obviously means chrome it also means all of the chromium spin-offs like edge and brave and so on and so forth and they too have patches waiting for you so patchy patchy patch patch.

[1:09:01]If you are one of the Nostella castaways who use Ubuntu Linux, you should take note that there are three newly known, newly published, publicized security feature bypasses that have been discovered in Ubuntu. And there are no patches in the strictest sense of the word, but Canonical, the company behind Ubuntu Linux, have released an advisory with recommended changes you can make to your system to harden against these security bypasses. So a security bypass is where an advanced security feature that is supposed to give the operating system more protection above and beyond what's normal is broken. And so you end up with the advanced protection being missing, but you're not actually left with a full on vulnerability because a remote attacker can't get in. It's like Apple do some really advanced stuff on the Mac, and sometimes there's a bypass of the really advanced stuff, like, say, apps unboxing. Well, that doesn't let an attacker onto the machine, but it does mean that the belt and suspenders, well, you still have a belt, but suspenders have been cut.

[1:10:12]And that may be mangling that analogy a bit, but it's subtly different to a full-on vulnerability vulnerability. It's not good, though. You actually want to have as many layers of obscurity as possible. Therefore if you are an Ubuntu Linux user well you know Canonical have taken the time to recommend these changes to make your system safer so at the very least give it a read I mean you may decide it's not relevant to you which is perfectly valid to do by the way like not every attack surface is an issue for every user but you know you should be aware this is a thing, So details in the bleeping security story linked in the show notes.

[1:10:55]Moving us on to worthy warnings then. We have spoken a few times about MobileMe because the times we've spoken about them before now has been due to their ineptitude at safeguarding data. Because they didn't enforce multifactor authentication. And if you, regardless of how good you were at protecting your security by you setting strong passwords and you doing multi-factor, if you chose to use their very enticing feature to share your DNA so that they can find your long-lost relatives, which is one of the reasons people love services like 23andMe and the abstract.

[1:11:36]Well, the security of your genetic information is now connected to the weakest link of everyone who happens to be related to you. And unfortunately, because 23andMe's enforced baseline was underwater, it was terrible.

[1:11:53]Because you could have terrible security settings because 23andMe let you, well, you're at the mercy of your relatives. That's terrible. And that's why lots of people who worked really hard to protect their genetic data have lost their genetic data and that is 23 and me is ineptitude. And that didn't go over very well. So much so that the company has been flailing to try to recover from that dent isn't the right word, that absolute wallop to the public image. I mean, you know, you're entrusting them with really sensitive information. The one thing they can't do is lose it and they did. They filed for chapter 11 bankruptcy protection in the United States and the court filings show that their intention isn't to restructure. Their intention is to sell to a, quote, independent bidder. Now, the company have been at great pains to say that nothing will change in terms of data protection. The cynic in me will say, oh, dear, that's been your biggest problem. That's not good. But they mean it as a thing that's supposed to set your mind at ease. You know, our policies are still our policies. Don't worry. And of course they want to say that because the only value they have to a potential buyer is all of that genetic information that users are hoofing in there.

[1:13:16]Um, but while the company were very careful to beg you not to run away, California's attorney general released a customer alert recommending that users do in fact run away, but don't run away. Use your protections under the CCPA to delete your data, protect your data, delete it, get it off the service, and then run away.

[1:13:42]And I'm just going to interject here with a little factual thing that I think is very very pertinent so in a lot of ways US and EU law is very very similar there's all sorts of international treaties so we respect each other's intellectual property and lots of things are in common thanks to various treaties over the years but there's one way in which our laws on the two continents are couldn't be more different and that's in terms of who owns data. So under EU law, you are always the owner of data about you and companies can be custodians of that data and can, with your permission, use that data to do various things. But the ownership stays with you. So that means that as companies go into bankruptcy and get sold, the data they hold is not theirs. So while they can transfer the rights that they have been granted to the new owners of the company, they're not transferring ownership of the data, they're transferring the rights you have granted. So that means you as a user, as a subject of the data, data subject, do you see official terms of the legislation, you can't lose anything when the company that holds your data is purchased.

[1:15:01]But in the United States, that's not how data is classified under the law. In the United States, the company that collects the data owns the data. Data is sort of treated like gold. If you find it in the stream, it's yours.

[1:15:17]As I say in Europe, data about you is yours and the company can just hold it. It's a different way of thinking about it. And a major side effect of the US approach is that when a company is sold, the data goes with them. And at that point in time, every guarantee that the company has given to the users about what will and won't happen, their data evaporates into thin air from a legal perspective. It just becomes someone's word. We promise that they won't abuse you in the future. But that has no legal weight. That has no legal standing. So while 23andMe can say it is their intention to sell to someone really really trustworthy unless you trust 23andme to do that and you trust whoever and you don't know who it will be to actually honor the promise they make to 23andme that 23andme believe then you actually have to delete your data because from a legal.

[1:16:16]All you know all bets are off all promises previously made are null and void so that is really important to bear in mind if you've decided oh jeebers i think i do want to uh you know do that then i would recommend a listen to checklist number 417 from secure mac hosted by the wonderful ken ray where ken goes through the hows and the whys and most specifically the hows of adjusting your permissions and so forth on 23andMe, so as to revoke the various grants you may have given for your data to be used in medical studies or whatnot, and to remove your data from their systems, and then close your account and sell off.

[1:16:58]And the last story we have here under Worthy Warnings is one of those grey area ones where I can hear Alison's voice, or no, I can see Alison's eyebrow raising, going, are you sure this was on the right side of the line of what doesn't doesn't make it into security bits. And I think this just about does 51% yes, 49% no. And the reason is purely because Oracle have responded to a very serious data breach by not really responding to a very serious data breach in a proper way. So normally when I read a story, I look for the line that says, and the affected people have been notified. And when I see that line, I say, well, there's no need for me to waste all of our times on security. It's because the people who have been involved have been told. Well, when I read through the bleeping computer story on this breach looking for that magical line, I found the inverse of that magic line. Oracle have decided not to notify victims directly. So that means that Nosilla Castaways may be caught up in this, and they may or may not be able to do anything about it, but they may want to know. So here's what we know.

[1:18:19]Oracle have a product called Oracle Health, which is for a large part an acquisition that used to be a service called Cerner. And they bought it and they rolled it in with some other stuff they already had. And it's part of what is now branded as the Oracle Health suite. And that's a suite of tools that is used by healthcare providers like hospitals and clinics to manage their system. So it's not a service that you or I as a regular human being would sign up for. It's a service that will be used to manage our data by some sort of a medical practice we have a relationship with.

[1:18:58]And they are in the process of migrating the old Cerner data to new Oracle infrastructure. And one of the old legacy servers that hadn't quite been cleaned up yet is what got hacked. Which means that the victims of this data breach full of sensitive medical information are people who are patients in clinics who were customers of Cerner before the acquisition and before the system was merged into Oracle. Oracle have decided to tell only the customers and then give the customers a template for how those customers i.e the hospitals can then reach out to the actual people involved in the data reach but oracle have decided that they don't have a responsibility under the law or apparently the code of ethics to actually take ownership here they messed up and they're leaving it to other people to clean up which is really annoying because it means that i can't say to you well well, you'll know you're involved if you got a notification. I can't say that to you. The only useful thing I can say, and it's not particularly bloody useful, is contact your clinic and ask if they were Cerner users. Because if they were, your data is probably caught up in this mess. And then the question is, well, what kind of a clinic was it and what kind of data mine is in there?

[1:20:17]Oracle say they're going to pay for credit monitoring and so forth. So if you ring up your medical provider and they say, yup, we were a certain customer, then the next question is, and how do I get the free monitoring that Oracle have said they're going to pay for? Because you can't ask Oracle, because Oracle have decided to wipe their hands of this whole thing. So I'll just end with a little bit of opinion by me. This is a spectacular ding on Oracle's reputation in my mind. The evasiveness. I mean, for a start, the only reason we know about this is because bleeping computer got the bit between the teeth. They took some leaks, they took some insider information and they ran with it and they hunted it down and they hunted it down and they basically confronted Oracle with it and Oracle reluctantly admitted to the fact that it had happened while continuing to be extremely evasive and not to share information properly with anyone. So I'm just, I consider it quite scandalous the way Oracle have behaved here. So in my mind, Oracle have a really big black eye against them for how they handle this one. I really wish I could tell Nusilla Castaways anything more useful than ask your medical provider if they're certain our customers, but I genuinely can't think of anything more useful to say and the problem is this is a big deal no I don't know Alison again if I should have gone 49-51 the other way let me know.

[1:21:39]Right, moving on to notable news. The European Commission is continuing to enforce its regulations on US tech giants, which has definite effects on the privacy and security and so forth of all of us in the Silicasta Ways. Apple have been ordered to make a list of very specific changes to how hardware interacts with the iPhone. They have the right to appeal. So basically, they have the right to argue back with the European Commission to say that actually, no, we shouldn't do this thing you've told us to do, because while you would consider it compliance with the Digital Markets Act, we think we can also comply in this different way. And what you're proposing has these privacy implications, and we don't think we should do that. We should think we should do this instead. The problem is, of course, interoperability opens up the possibility of privacy loss. Apple are both incentivized to preserve our privacy because that's a really big, you know, we are the customer with Apple. So their interest in ours align.

[1:22:44]And one of their big selling points is this privacy focus. So they're very reluctant to give up privacy because it's a key feature. And they have an incentive to prevent interaction to sell more hardware. And the European Union are very worried that the second incentive is causing Apple to lock out competitors unfairly. And me as a privacy advocate, I'm very worried that the European Commission is missing the boat on the privacy and spending too much time being too fixated on the antitrust elements. They're both valid. I'm not entirely sure about the weighting. And the reason you need to watch this is because depending on whether Apple say sir, yes, sir, to each and every one of these proposed changes, we actually could be exposing the privacy of EU users, negatively so we need to watch it, so in Apple's case they don't really have, I mean, they've been told to do a certain thing and told how it is that they can argue about it, but they haven't been found guilty of anything. They've just been told, basically, we know you're working hard to comply, but we think that in order to really comply, we need you to do these things. Google have ended up in a very different situation.

[1:24:00]The EU do not believe Google is genuinely trying to comply with the Digital Markets Act. In fact, they believe Google is flouting the Digital Markets Act. So under the Digital Markets Act, the way this works is that the commission issue a preliminary finding, which basically lays out in black and white the thing they are asserting that Google are doing that is against the law and the evidence they have to match that. So the preliminary finding is that Google is self-preferencing in search results. If you search for buying something on Google, you will get Google-owned things artificially high up the list, self-preferencing. It's illegal under the Digital Markets Act. If you are a gatekeeper.

[1:24:42]Google, having a near monopoly in search is absolutely a gatekeeper. That's why they're in trouble for this. And this is, this isn't, so it's a preliminary finding, which says, well, that doesn't sound too bad. But if you translate the concept into US law, it's basically an indictment, which means that there is now a formal accusation of guilt. Yes, Google have a right to defend themselves but they do actually have to defend themselves or this preliminary finding will become an actual finding and at which point in time they will they will be legally speaking in breach of the digital market sector they will get fined and that could be spectacular they could go up to 10 percent of global turnover or global revenue to use the u.s phrase so that's a big deal so google having much worse and it's over self-preferencing apple we need to be a little bit careful because there could be privacy implications if Apple don't do a good job negotiating with the EU. And they're treading a needle here because the EU have legitimate antitrust concerns and Apple and us have legitimate privacy concerns and they just have to be balanced out against each other.

[1:25:48]That then brings us to the United States for our next notable story. Utah has, passed all the way through the process a law which puts the onus of age verification onto the app stores and so it's probably not a coincidence that two weeks ago we were talking about apple having just released a white paper defining in great detail how they're going to provide such a system um the other companies are further behind but it is now the job of google in the play store to provide a similar mechanism for age verification at the Play Store level.

[1:26:24]You can make arguments for and against this. You can say that the likes of Meta and stuff are getting off easy because they don't have to do the hard work of making sure the users on their platforms are over the age of 13. But I would make a different argument. Again, this is my opinion. Don't confuse this with fact. But I think that age verification means entrusting someone with sensitive information. And if you do it at the app store level then you only have to place that trust in one provider which is the company you were already trusting with basically the entire security of your phone which contains oh so much really sensitive information so this lets me not actually take on any new risk right i've already accepted i've already yeah i've accepted that apple are someone I trust with my data because I'm an iOS user. If I don't trust Apple, I can't use iOS. If you're an Android user and you don't trust Google, sorry, what are you doing? You have to trust Google to use Android. So there's no actual change in who you have to trust here.

[1:27:27]Whereas the other alternative would be that Facebook would have to start taking IDs and say, you know, scans of your driver's licenses and saving those. I don't trust every single site on the internet who provides a service that needs their age verification to hold that kind of information. I want that to be handled by a privacy conscious company like Apple instead. So from my point of view, this Utah law sets things the right way around. And as usually happens in the United States, individual states go first and the federal government follows later.

[1:27:58]This seems like a good lead for Congress to follow at the national level. So we shall see.

[1:28:07]Now is as good a time as any to give you a timely reminder of why it's important to stay patched. So we now know, thanks to responsible disclosure, it's all already patched. And if we did our whole stay patched, stay secure thing, we're all good. But we now know that in the past, Apple passwords was open to highly targeted phishing attacks. Now this is down to accidentally using http for some stuff on the local network that shouldn't have been done over http it's not something that basically the attack scenario is extremely specific and it's a very difficult attack to pull off and it was responsibly disclosed so the actual real world risk to Nusilla castaways is vanishingly small here. Assuming you patched so that you had the fix before every cyber criminal on planet Earth learned about this now, then you almost certainly have nothing to worry about, which I think is the main takeaway here. A problem was found, Apple were notified, Apple responded, everything's patched, and now that everything's patched, we're being told what happened, which is entirely transparent and entirely appropriate and basically that's how it's supposed to be done. So patchy patchy patch patch. Another timely reminder that it can happen to anyone. I applaud Troy Hunt for owning his mistake.

[1:29:35]All of us make mistakes. I have my own war stories. I once accidentally deleted every single computer from our active directory at work. We got to test our backups. Turns out we had really good backups. So in the end, after 20 minutes of terror, everything was fine. And I also like to tell the story of a fantastic colleague who is extremely experienced, literally decades of being a top class, best kind of nerd, really good at his job, amazing sysadmin, who in our open plan office let out a string of expletives spletives the sailor would be proud of because they'd just fallen for a fishing attack. But the thing is, they recognized what they'd done straight away. That's the difference experience makes. And they were able to immediately respond, immediately change their passwords. And in their case, they got it all locked up before the attackers had a chance to do any harm whatsoever. And Troy Hunt had a similar thing happen.

[1:30:39]Specifically, he shares the actual fish. It's actually a very good fish. a lot of fishes pull on the whole sense of urgency thing and sometimes they overdo it and too much of a sense of urgency doesn't work it's not believable it sets off your spidey sense, but the fishing people who attacked Troy they threaded the needle perfectly they didn't make any mistakes in the branding or the look and the feel or the wording or anything there was no red flags that way and they struck just the right tone of urgency to not set off your spidey sense It was a masterfully executed fish. And it got Troy because he was in London, jet lagged to all be Jesus, and he clicked.

[1:31:20]And like my colleague, he noticed straight away and immediately responded. Now, the thing is, in his case, the phishing people scripted their response to the phish. So Troy the human was racing a script to lock his account down while the script was trying to exploit it. And the script was quicker than Troy the human. So he lost email addresses of his MailChimp mailing list, which is why the blog post is both a notification to affected users, it went out to the actual MailChimp list involved, and a blog post sharing with the world that it had happened, explaining the hows and whys. And I really like it when experts own their mistakes like this because it helps destigmatize mistakes, which makes regular folk way more likely to tell the service desk that they've done something wrong so that the service desk can respond in lockdown accounts. A lot of people think, oh my god if I admit to IT services that I fell for a phishing email they'll be really mad at me no if you admit if you if you come forward immediately and say hey I've just done this help we will be so thankful to you that's what we want you to do anyway some takeaways here.

[1:32:33]Troy makes a really big point of this it's not a coincidence that he was jet-lagged and tired as all heck because that's when you make mistakes that's when your brain that little bit that's supposed to fire to say think then click, it does still fire.

[1:32:50]After you've done the click. It's, you know, the cogs are moving too slowly. Your click finger is quicker than your brain. The click finger goes, and then the brain goes, no, stop. Only it's too late. So that's what happened, Troy. It could happen to absolutely anyone. So that's the first takeaway. When you're tired, try to proactively put your shields up. This is very difficult to do because you're going against human nature here. But this is like another really good thing I always thought, or I learned, from economist Paul Krugman, actually, is that whenever you see a piece of news that perfectly aligns with your beliefs that you really want to be true, that's when you need to do the most checking to make sure it bloody well is before you spread it to all of your friends on, at that time it was Twitter. That's very counterintuitive. It's like, yay, I want this to be true, is when your brain, your natural human instinct is to turn off and to just share, share, share, share, share. But actually that should be a signal to say check, check, check, check, check. When you're tired and you're getting an email that seems urgent and you know you're tired which is a difficult bit here maybe you're too tired to know you're tired.

[1:33:55]Try to remember to think twice because you are impaired difficult advice but hey do your best, more useful takeaway is the same takeaway that i've already shared with you with my with my own experience with my colleagues experience what you get by being vigilant and by staying informed and by listening to security bits and by thinking about these things is the experience to realize what you've done within seconds instead of within hours, days, weeks, months, or years. Which means that even if you can't stop the damage, you can limit it oh so much more. So there is real value in being prepared even if you are still a squishy organic bit and you will still make mistakes. The superpower you gain is the ability to notice straight away and react immediately and to limit that damage.

[1:34:48]Right, that brings us to the end of our various news stories. So I'm going to leave you with a palate cleanser because I think you deserve one, especially because I had to spend my time trotting around landmines here. I hope I didn't offend anyone. I think I've stuck to the facts. Feedback is always welcome, especially on difficult episodes. But anyway, let us cleanse our palates with a podcast recommendation. There is a podcast from Vox Media that I quite like called Future Perfect. And they have a little mini series it's a four-part mini series the link in the show notes is just to episode one but you can take it from there the mini series is called good robot and what it is about is ai and it's a really good summary of kind of it tells the story in a very human way it grapples with the big questions of what is really going on here and how should we think about it and what is the potential positive utopia spreading out ahead of us and what is the potential dystopia spreading out ahead of us and how do we balance our way between those two possible future realities very thoughtful very insightful very much a human touch to everything, and also fun titles so episode one out of four is called the magic intelligence in the sky.

[1:36:09]Good Robot, Miniseries, Future Perfect Podcast, Box Media. Link in the show notes. Right, well, that is going to wrap us up for this solo security bit segment. You can, of course, tell me all of the silly ways in which I was wrong over on the Slack in Podfeet land over at podfeet.com forward slash Slack. There's a whole channel in there for security bits. That's one of the channels I actually check most days. I won't pretend to be perfect, but I do my best. I do my best. And you will also find lots of really fun Nocilla castaways in there. Right, I'm going to stop blathering on now. Until next time, you know what to do. Stay patched so you stay secure.

[1:36:52]Well, Bart sure sounded sad there talking about doing it alone. And I really miss getting to talk to, you know, one of my best friends. Being able to talk to him every week, even if it is about security horror, it's something that we both really look forward to. So unfortunately, we won't be able to do that for a little while until we get back from Japan, but I sure appreciate him taking it one for the team and doing it solo. But that's going to wind us up for this week. Did you know you can email me at allison at podfeed.com anytime you like. If you have a question or a suggestion, just send it on over. Remember, everything good starts with podfeed.com. You can follow me on Mastodon at podfeed.com slash Mastodon. If you want to listen to the podcast on YouTube, like all the cool kids, you can go to podfeed.com slash YouTube. If you want to join the conversation, you can join our Slack community at podfeet.com slash slack, where you talk to me and all of the other lovely no silly castaways like Drunk Nick Nolte. You can support the show at podfeet.com slash Patreon. You really should do that. It's awesome. Or you can do a one-time donation at podfeet.com slash donate, where you can use Apple Pay or any credit card you like. Or you can use podfeet.com slash PayPal. So many great ways to throw money at the show. And if you want to join in the fun of the live show, Head on over to potfeed.com slash live this coming Sunday night at 5 p.m. Pacific time, but not for the two weeks after that. And there you can join the friendly and enthusiastic Nocilla Castaways.

[1:38:13]Music.

Unable to load audio file. Please set an audio file.