 and like somewhere in the outskirts of Moscow and then do crunches there. I want to be able to do that thing where you're like on the side of a pole and you're able to do like side crunches like that. Like you're completely horizontal holding onto a pole. That's what I want to be able to do. So I think we do that yoga actually, except without the pole. It's like a side planky thing. Oh, so you're doing, you're mixing yoga into the whole thing. Yoga and ballroom are my two, like activity activities. Do you ever do ballroom yoga? I don't, you know, I don't think the world is ready for that. It's like beakroom yoga, but the room isn't as hot. How long have you been doing? You're talking ballroom dancing, right? Yeah, yeah, ballroom dance. I've only been doing that for. Dancing the downward rumba dog. Yeah, exactly. I think I've been ballroom dancing since like 1997. Oh, OK, so it's been a while. Yeah, I thought something you just took on recently. I sort of like to add, you know, make working out fun instead of a chore. I don't really consider it a workout, you know? Like with some, with like an hour of ballroom dance, you'll maybe like burn a soda worth of calories. I don't know. Just don't drink a soda. Don't drink that. I'm so apathetic. I'm just like, I'd rather just like. You always dance while drinking a soda. Is that that your thing? Yeah, like. No, OK. Oh, we're there, man. Although it's liquid Friday and today it's tropical, tropical turmeric, kombucha, tropical turmeric, kombucha. Yeah, that'll fix that. What else? Yeah, it smells like honey. It's like a brain spice. A legend. There's been a little bit of pineapple in it. So, you know. I had turmeric last night in my chicken tikka masala, so I'm feeling pretty good. Oh, yeah. All right. We ready? Yeah. Then here we go. Daily Tech News Show is powered by its audience. To find out more, head to dailytechnewshow.com slash support. This is the Daily Tech News for Friday, January 6, 2017. We have survived CES week. I'm Todd Mary, joining me, Darren Kitchen. Alongside, good to have you back. Thanks for lending Shannon to us, by the way. Oh, absolutely. I'm hoping that she comes back from Vegas in one piece because we got to ship off to DC for Shmucon right after this. You got a couple of weeks coming up. I just saw on Twitter that Shannon was talking cables with the Belkin guy. She may never come back. Oh, no. No. Oh, I. So, Darren at hackfive.org, just send your CV. Yeah, in case she doesn't make it out of the Belkin booth. Len Peralta alongside as well to illustrate the episode. How you doing, Len? Good. Happy 2017 to you. We still have that. We're just at the tail end here. We can actually say that and not be weird. Happy New Year week. Yes. The beginning of this week was the beginning of the new year. Hey, we're off to a great start on this year. It's amazing. Yeah, so far so good. We're going to talk a little bit about what the FTC, the Federal Trade Commission in the United States, is doing to encourage people to be secure with Internet of Things devices. This is something we've been talking about a lot on the show. It came up in our predictions show. So that is going to be very interesting. There's a carrot and a stick. I asked my dog before the show, which he preferred, and he said, I like both those things. So proves of the. Which one? Dog like. The Sawyer? Betch sticks. Yeah, it was Sawyer. Anyway, let's look at the top stories. Facebook has hired journalist Campbell Brown not to be confused with the former AFL and current Kabadi player out of Australia. This is Campbell Brown, the news anchor to lead Facebook's news partnership team. Brown described her role as helping, quote, news organizations and journalists work more closely and more effectively with Facebook. Facebook says Brown will not be involved in content decisions. Instead, she'll work with news organizations to help them meet their goals, business and journalistic on Facebook. Yeah, what does that even mean? I mean, is this just going to become another profit center? Is this like some way to get some money out of old media? I mean, it's literally called the news feed. So what it is is when the Washington Post complains about something, they need someone who speaks journalism to talk to the person from the Washington Post. And Campbell Brown speaks journalism. She knows what the priorities are, what the concerns are, and can effectively liaise with those people. And Facebook got beat up last year about journalistic ethics from the editorial decisions they were making and the trending topics to the fake news, hoopla at the around election time and afterwards. So they want to have somebody who knows how to talk these things on their team, I guess. So I think it's interesting to see a technology company like Facebook instead of embracing a technical solution to a social problem going ahead and just getting the right person. Yeah, it's part of a trend where these platforms are now slowly giving up being neutral platforms. For a decade, the argument has been, hey, we're just YouTube slash Facebook slash Twitter. We let people participate with each other and as long as they're not doing anything illegal, we let them take care of it. And the rhetoric has been moving now to, well, you're abandoning responsibility if you do that. And the argument of yes, but if we intervene, then we're taking responsibility for all content is starting to weaken. See, I think there was something beautiful about just trusting in the algorithm and the machine. As flawed as it may be written by a human, there was something that felt agnostic about that, whereas now what you just reminded is something more akin to like, oh, well, what is the cabinet at Facebook? What is the media cabinet at Facebook like now? You know what I'm saying? Yeah. And what happened was there were some things that the algorithm and the platform and the people on it didn't handle well. And the people on the platform are saying, hey, it's not our fault, we didn't handle it well. You're the folks who run this arena. You need to step in and make it safer. Whoa, or what if I've been wrong this whole time and Campbell Brown is actually a bot? You know, many people who saw her on CNN and NBC have surmised or wondered the same thing. So it's interesting, you know, and not to bring politics into it too much, but she is married to a Republican activist and she's been very active in the charter school movement. So this is Facebook trying to pick someone from the more conservative side of the aisle as well. Intel announced Compute Card, a 94.5 millimeter by 55 millimeter by five millimeter card. So they're calling it credit card size. It's slightly bigger than your credit card, but it's pretty small. Has a CPU, GPU, RAM, storage and wireless connectivity all packed in to that little bit of space. And the idea is to make it easy to upgrade the internals of smart devices. So kiosks, televisions, fridges, blenders, et cetera, without having to replace the entire device. Chips with thermal design power up to six watts could fit inside. So you could put a Core M or Core Y i5 or i7. Those are chips found in laptops inside this little card. Card uses USB-C plus extension, which is a variant of USB-C to connect to its devices. That gives access to all the devices inputs, USB, PCIe, HDMI and DisplayPort. Specs availability and pricing are going to be announced in June and they say that there should be availability shortly thereafter. Partners include Dell, HP, Lenovo and Sharp to make the devices. And the companies you may not have heard of, Seneca Data, Infocus, DTX, Tablet, Kiosk and Passentech who would implement the standard in their devices. And these are folks who make industrial equipment, kiosks and signage, ATMs, things like that. So it's kind of intriguing to think of the idea of an ATM not being stuck in the past because its internals can't be upgraded. You could swap out one of these cards and increase maybe its security and its capability. How is that any different though than the actual computer rather than the fact that the actual computer behind an ATM is just some clunking micro ATX with a bunch of IO ports. So Intel is what made a thinner Raspberry Pi with a case and a single USB connector? Pretty much. How is that different? Well, it's different because of the packaging. And if you can get enough of these Passentech Infocus type folks to standardize on it, then Intel can sell them a lot of them. That's high. These companies don't want to implement their own Raspberry Pis. That's the difference. Right, because the 40 pin connector is scary but like USB-C and a case, that's sexy. No, no, I get it. A Raspberry Pi also doesn't have a warranty for your ATM that Intel will send you. Fair enough. No, I get what you're saying. Like this could be done now. This is not a huge advance necessarily in technology but it is an advance in packaging and support. And right now, we don't have Raspberry Pis inside of kiosks and televisions. I do love the idea of my smart TV can stay as long as the screen is good and I just buy a small thing that I swap out. Xiaomi's trying to do that on their own. So that right there is something that Intel sees a lot of benefit in because they're like, oh, cool, let's make those appliances like refrigerators, those expensive big things like large televisions, give them more life by saying, hey, replace this small little almost credit card size thing that we make. I don't think that's something that the Samsung's of the world are really gonna embrace. It's an interesting thing, right? Because when you think of the kiosks, right? When you think of the pass and texts of the world, they know they're not going to get companies to buy all new kiosks. So if they can do this, they can at least sell them new internals and keep them as customers rather than switching to Seneca data for their future needs, right? I wonder if a television manufacturer could see this as the same thing where like, look, we know we're not going to be on the forefront. So if somebody's older, Vizio TV starts to get less functional, they might switch to buying a Samsung, but if we can keep them upgraded with better internals, maybe they'll still give us the money for that and stay brand loyal. Interesting idea. It's kind of like the whole modularity thing of like smart phones and the geek in me loves it. But I just, having seen consumer electronics for this long, I'm really doubtful. This benefits Intel and maybe a couple of specialized manufacturers where it will perhaps take off, like you mentioned about the displays, but I don't think we're going to see this in our refrigerators anytime soon. Yeah, I think you're right. I mean, and that's why all the partners are enterprise level equipment makers, commercial equipment makers, but it may be perfectly successful there for Intel. Apple filed an SEC document in advance of its February 28th shareholder meeting, which notes that Apple did not meet its target performance goals for net sales and operating income in 2016. That means executives received 89.5% of their maximum cash incentives. Executives received 100% of those incentives in 2015 because all the bills were met. So this is something where people who are worried about the health or critical of the health of Apple as a business are pointing saying, you know, it's hurting the executive's pocket. Maybe that'll get them to turn things around. I don't know. You're not worried that Tim Cook doesn't have enough money, I can tell. I know, right? Samsung expects its Q4 profits to rise 50% year over year. The company expects an operating profit of 9.2 trillion won, the Korean currency. That translates to roughly $7.8 billion US. That would be the highest operating profit for Samsung since Q3 2013. Now, you may be rightly saying, hold on, I thought the Note 7 was gonna wipe these people out and Samsung will see a fall in revenue, not profits, but revenue of about 0.6%. It's not that big of a drop, but it is mostly because of the $2.1 billion profit hit due to the Note 7. And this is something that I've been trying to convey as we've talked about Samsung, is this is a really big company with a lot of different product lines and a lot of diversification. Samsung's chip division is expected to earn a record 4 trillion won thanks to strong demand from smartphone makers for the RAM and memory chips that they make, high-end data storage products for the SSDs that they make, and apparently healthy sales of the Galaxy S7. Galaxy S7 was not impacted as badly by the Note 7 fiasco as people thought. That's also expected to help their mobile sales rebound and they also benefit a little bit from currency fluctuations that won depreciated against the dollar. And then they make tractors and missiles. And banks and a baseball team and yeah, exactly. So in the dystopian cyberpunk novel that we are all seemingly living in, how far along do you think Samsung is into becoming that omnipresent global corporation? Yeah, I mean it's kind of scary that you could have the Note 7 happen and get a 50% year over year rise because it shows that you can have the worst disaster possible on a product line and you're so diversified and so like have so many tentacles and so many other places that it won't stop you. Maybe SkyNet is a Samsung property. I like that. So yeah, no, Samsung sounds like it's going to be okay if you were worried. If you're not worried about Tim Cook, maybe you're worried about Samsung. Norway will begin a year-long process of shutting down FM radio broadcasts starting with the city of Bodo on January 11th. Digital audio broadcasts are already in place. They're already broadcasting across all of Norway but not everybody has a digital audio receiver or an adapter for their existing radio. And a lot of folks are unhappy because new equipment costs you money. It's not cheap. However, Switzerland plans a similar shift from 2020 and the UK and Denmark are also planning a switch. So this is happening. And it reminds me a lot of the digital TV switchovers where people complained and they were, there's a lot of confusion about adapters and receivers but after the switch was made, we all kind of got used to it. Yeah, and you know, this is really cool technology. I wasn't that aware of it until I really looked into it just because it's mainly big in Europe and Asia but Norway's was the first to adopt this. So it makes sense that they'd be the first to kind of make that switch over. They did back in the mid 90s and it seems pretty cool. Like it's MP2 based. So, you know, kind of like MPEG three but little older and can get to like CD quality with 256 kilobit encoding is really weird though, because as opposed to FM which we're all very familiar with uses OFDM modulation which is the same kind of stuff used in LTE and Wi-Fi. So I guess my biggest concern is while it's technologically really cool in the state of an emergency, you know an FM radio has been kind of a mainstay. You can get like hand crank variants of that. It's easy to transmit using this modulation. This is a little bit more complicated. Yeah, and we've had digital audio broadcasting in the United States for a long time. A lot of you may be getting it on a radio and not even realize it, but there, you know there's the ability like with HD to broadcast multiple channels on one frequency and things like that. But it has never really taken off in awareness here. And I could see if you're Norwegian and you've got an old car with an old radio you don't wanna have to go buy something to be able to just turn on the radio and listen to some tunes. So I wonder how many people this will push into using phones and other devices to listen to things in their car? Well, there's a lot of money to be made selling off frequencies like that just because digital transmissions are so much more efficient. I forget exactly how much more I think it's like eight times more efficient than FM. So that leaves a huge swath of spectrum that can be sold to, you know, I don't know, cell phone carriers and other people that have lots of money and use for that kind of spectrum. But you're right. It's, you know, especially in like older cars where it's a lot more difficult to switch over. You know, I actually find I can visualize the hodge podge solution being some sort of DAB receiver that then retransmits it to your car over FM. Yeah. This is an interesting transfer. The WikiLeaks Task Force Twitter account posted today. We are thinking of making an online database with all verified Twitter accounts and their family slash job slash financial housing relationships. And we are looking for clear, discreet father slash shareholding slash party membership variables that can be put into our AI software. Other suggestions after taking a little bit of flack for that idea, because some people said it sounded a little bit like doxing. The account later explained the database would be used to quote, develop a metric to understand influence networks based on proximity graphs. So this is something where they are asking for the ability to try to provide some data about public figures, but doing it in a way that has gotten a lot of people to feel a little controversial about it. So there you go. I'm still processing that story completely. Yeah. I feel about that one. Reference my comment about the dystopian cyberpunk novel we're all living in. Yeah, it is that. And does, does, I want to ask, my question I want to ask is, does the sound like doxing to you? But there's some word salad in these posts. So it's, it's kind of hard to tell what they actually do want to do. Probably continue their agenda, whatever that may be. Yeah, right. And what is that? Yeah, yeah. And as far as doxing is concerned, I've, you know, on a long enough timeline, we just may end up to the point where like privacy is a rotary phone. Yeah. It's a very good point. So I mean, as a verified Twitter user, I never asked to be a verified Twitter user. It just happened to me one day. My, my dad's dead. So there's not much there. I'm not a member of any political party. My wife works for Fandango. So there you go. I'll get you on to a good start. To get all the tech headlines each day in less than 10 minutes, subscribe to dailytechheadlines.com. All right, let's get into our main story. The U.S. Federal Trade Commission, FTC, filed a complaint against D-Link this week, accusing the company of failing to take reasonable steps to secure its routers and internet protocol cameras, potentially compromising sensitive consumer information, including live video and audio feeds from DP Link IP cameras. D-Link denies the allegations. They say no, it's security is top of mind. These allegations are wrong and we're willing to defend them. The accusations say that D-Link advertises security on its website, then hard-coded logging credentials did not defend against command injection vulnerabilities, left private keys available publicly on its website for six months, and left logging credentials in clear text on mobile devices. So D-Link may be able to come in and say, hold on, no, that's not what happened, you're mistaken. But if those things were true, they wouldn't be the first to have done that. So without going into whether D-Link actually is guilty of these allegations or not, certainly lots of internet things devices manufacturers have done exactly those things that the FTC is saying. The FTC also has cases against ASUS and TrendNet. So they're out there with the stick saying, if we catch you or we think you are not properly securing your devices, we are going to sue. We are going to try to come after you and punish you. That's the stick. On the other hand, the carrot is that the FTC announced the IoT Home Inspector Challenge on Wednesday to create an innovative tool that will help protect consumers for security vulnerabilities and they're putting up a $25,000 prize. So I want to talk about both these things here and the FTC is working with to make recommendations for companies, but what do you think of this overall, Darren? All right, well, let's just get the obvious easy stuff out of the way. And that is, Shannon won the prediction on 2017 that there would be an app to test for the security of your network when in terms of IoT devices on it. In fact, there were multiple apps and devices. Norton had one. There were several other devices and apps out there. This is definitely becoming a big thing. Yeah, she kind of just killed it on that one. She nailed it, yeah. I teased her. I was like, you had inside information that after she was like, no, I really didn't. She was very serious. I'm like, no, I know you didn't. I don't want to take away from your prediction. Like, because yeah, she totally nailed it. Right, she's been killing it with ThreatWire. So that is just like on the mind. So as far as like the carrot stuff, it's just not much to say other than, yes, more of that please, that's good. I like seeing governments push innovations. It's kind of like seeing things like the DARPA grand challenge and things of that nature. So it's good to see the FTC getting involved in that as far as the carrot is concerned and we can come back to that. But I think just as far as the stick is concerned, it's just kind of crazy to think the FTC could file a complaint and go after injunctions on corporations for not being as secure as they could be. Reading over the complaint, it really has mostly to do with misrepresentation. All of the like four of the five counts are on misrepresenting devices as being secure when in actuality they just weren't. And then there's these things like from the complaint, quote, for example, using a compromised router an attacker could obtain consumers tax records or other files stored on the routers attached storage device. And it's like, okay, well, I get where you're drawing those lines but like, why are these, why is John Doe's tax returns not encrypted on his NAS? And why is that D-Link's problem that John Doe didn't encrypt them on the NAS that he put on his router? Right? Well, if D-Link is at, I'm gonna try to make a defense. Let me just make it a test. If D-Link is saying to Joe Blow, hey, we're secure. They're out there saying like, we provided advanced security on these routers you buy, then Joe Blow may reasonably think, well, I know it's probably good practice to trust no one and encrypt my stuff, but I bought this D-Link router with advanced security. So I feel pretty safe not encrypting. I'm not saying Joe is wrong, isn't wrong, he is, but the FTC can then rightfully say like, hey, you can't go out and tell people like, you're gonna be fine if you use our routers and then they're not. Sure, okay. But who's not going to claim security? And like for instance, what is it? Let's see, Code Red, I love you, Melissa, Morris, MyDoom, Nimda, Sasser, SQL Slammer. I mean, I could go on and on and on and yet Microsoft claims security every day of the week. Right, but again, what they're saying is it's one thing to claim security and then there'd be like bad actors who break through that security. It's another thing to claim security and hard code the login credentials and make it like super easy for these things to get in. All right, well, where's the line, right? Because this hasn't been defined before and this is the first time I've ever seen. The court case is for the judge to decide. That's the way our system is supposed to work when one party says the line's here and the other party says the line's here and D-Link has a very reasonable perspective, as you're saying, then you have an impartial third party come in and say, well, hold on, let's cut the baby in half. The line is right here. Yeah, well, I mean, as long as, you know, I can see a lot of benefit to consumers from the outcome of this and I'm happy, don't get me wrong, to see these kinds of things coming up. I just don't wanna live in a world where suddenly like, you know, Apple is getting sued for there being a bug in their system. You know what I'm saying? Yeah, and so it has to be reasonable. It's a fair concern and so far it does look like, again, the complaint that you file in court has gotta go as far as possible in order to make sure you've covered all the bases. But if you look at what the FTC is saying in public, like really the problem is, we don't want them leaving private keys out on a public website. We don't want them hard coding logins and making it easy and that's why we're going after these people. So yeah, I think it's fair to be concerned about unintended consequences from a court case, but I also like that the FTC is putting pressure on companies to say, hey, if you're gonna advertise security, you can't do these things that are very obviously not secure. So how would the FTC, you know, if like best practices were to be somehow like standardized upon by the FTC saying like, okay, well, you know, in order to sell IoT or at least in order to get some sort of like seal of approval, you have to be able to prove, you know, these best practices, whatever they may be like not hard coding passwords or leaving, you know, default private keys on devices and things of that nature, then what would that look like? Because it's very easy for instance to, you know, looking at other areas of consumer stuff, you have things like UL certification or energy star or if I walk into a grocery store, I can easily identify something that is non-GMO or organic or, you know, USDAB for whatever have you just by these logos and it's great that they're there, but what would that look like in the realm of IoT devices and is that something that we want? Yeah, and the FTC has an attempt at that. There's a page up on their recommendations on securing IoT and it's okay. The fundamentals are actually really good. You need to create a culture of security. Like security needs to be by design from the beginning of your product. Do defense in depth so that you have multi layers of security. Take a risk-based approach and go after the most risky things first and no default passwords. I hate that they have to put that in there. Okay, so that's the only technical thing in there. Everything else is touchy-feely. Like, oh yeah, we totally have a culture of security. We hired a bunch of idiots. And that's the fundamentals, right? It then goes on into limiting permissions, taking advantage of available security tools and it's way too complex. Like it's just kind of meandering at that point. So I agree with you, the FTC could do something even better than this by motivating the industry to create an underwriters laboratory type of situation, which is an independent third party that says, hey, let's all agree on the best practices. But the double-edged sword of that is now you have a rubber-stamped logo that gives a false sense of security to consumers who say like, oh, well, but my router had that logo on it and, you know. Well dude, a logo that gives me some sense of security would be better than the current situation which is absolutely no security. Oh no, don't get me wrong. It's a show of some sort. There's a show full of happening and it's beautiful in some ways and scary in others. But something like that would, I feel like, give one, it would put undue pressure on, or not undue, but it would put really weird pressure on manufacturers to get some sort of rubber-stamped to be able to say that we meet these guidelines, whatever it is, in order to get in stores. Because if I'm manufacturing a washing machine, I need to get that energy store if I'm gonna get into the brick-and-mortar store. And then what you end up getting is a sort of certification that's just basically whittled down to the lowest common denominator which is just like, don't have plain text, crappy default passwords. Yeah, yeah. And I see you get anything good from it. I don't think it has to be a sticker that is as restrictive as you're talking about. But I think there could be something good if these device makers would come together and say, hey, let's all agree on the basic things you need to have in these devices. And maybe it doesn't have to be official. Maybe market pressure is just enough. But making people aware of that and making it easy for them to tell, like, hey, there's not a hard-coded login that will just leave this thing open. Making it standard so that when you set up a device, it says, hey, you have to set up a password. Like, I know you don't disagree with that stuff. No, I don't disagree. It's just the method of encouraging people to do it. And I've seen actually the market correct itself and do that voluntarily before to good effect. Like the ESRB, for instance, is that sticker and that wasn't mandated by any sort of government agency. It was probably put together by the publishers because they didn't want to be regulated. Same as the MPAA ratings, exactly the same thing. So yeah. On the other side, let's talk about carrots. Carrots are more fun. Carrots are, hey, let's not force companies to do anything. They help you protect yourself. So the FTC Home Inspector Challenge, the IoT Home Inspector Challenge, also Home Inspector just sounds a little bit unfair. But it's a challenge to build a tool that would, at minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants also have the option of adding features like addressing hard-coded factory default or easy-to-guess passwords. And a cash prize of up to $25,000 will go to the best technical solution with up to $3,000 available for up to three honorable mention winners. Submissions accepted as early as March 1st and a deadline of noon on May 22nd. And the winners will be announced July 27th. So this is saying, all right, let's go out the problem from the other side as well and say, can we award a prize to somebody who comes up with a really great way for the consumer to protect themselves? Yeah, no, it's good stuff. And hey, shout out to Georgia Weidman, who's one of the panelists. So she's pretty cool. She's been on hack five before pretty awesome infosec person. And I think that this is the sort of thing that I would like to see, like whatever the technology that comes from this, I would love to see that adopted into your home hub apps like Google Home and Alexa for the biggest impact. Cause it's kind of a no-brainer to just go ahead and like, hey, as long as we see that you're using this to control your home, let's scan the rest of your home. Yeah, and I love the idea of some kind of tool that would be developed that would be sort of available for manufacturers to put into routers or available for people to just download open source and install themselves rather than, and no offense to Norton, but the Norton router that was announced at CES is a way to sell you Norton subscriptions, right? You know what? You know, now that I think about it actually with the concept of this app that like scans your network for your home IoT devices that are potentially vulnerable and a concept of a stamp with whatever effectiveness of like saying, you know, tested in such and such date, 2017, 2018, whatever, actually, whoa, what if IoT is actually the thing that brings on a new era of security because we're actually concerned about things in our homes, the tangible physical things that we can like see and touch and feel in ways that we have never had or seen in our culture before. Yeah, no, it's a great point. Suddenly, if you are someone who, you know, didn't care like, ah, my email, whatever, how's that gonna hurt me? But you're like looking at a home security camera or a door lock and you're like, oh, I definitely don't want that to get hacked even though your email's probably more dangerous than your door lock, if it fixes the perception, yeah, that's great. All right, whatever carrots we can come up with, bring them on. Yeah, bring on the carrots. I think we're both agreed on that. And you're right, the panel of judges for this thing is kind of an all-star team. Like you mentioned, Georgia Weedman, recipient of the 2015 Women's Society of Cyber Jutsu Pen Test Ninja Award, the best award name I've ever seen, but also Chief Technology Officer at Shavira and author of the pen testing, a hands-on introduction to hacking. L.G. Camp, professor at the School of Informatics and Computing at Indiana University, Tareyoshikono, the short duly professor of computer science and engineering at the University of Washington and member of USENIX Security Steering Committee and David Wallman, he's the deputy director of the smart grid, I lost it for a second, smart grid and cyber physical system program office of the US Department of Commerce and Dan Kleindinst, a vulnerability researcher at Carnegie Mellon on the SERT Coordination Center and the founder of B-Sides Pittsburgh Security Conference. So, good stuff. Carnegie Melligan. Carnegie Melligan. You know, people mispronounce it all the time. Let's say Carnegie Mellon, but weird. Thanks to everybody who participates in our subreddit. You can submit stories and vote on them at dailytechnewshow.reddit.com. Help us pick what we're gonna talk about each day. Let's get to a couple of messages. John said, I think it was Shannon that said, she hoped that someone would scan your IoT devices and let you know if they were vulnerable and apparently so does the FTC and he was the one who pointed out the home inspector challenge to us. So thank you for that, John. And then Rico said, I heard in the after talk on voice wars, a new trope, that was yesterday's show, that Justin has some internet issues and y'all mentioned that dual ISPs bonded would be cool. It is and I do it at home to connect at work. I have Comcast Business and AT&T and bond them together using a very cool router called the Peplink Balance 30. It's not a very expensive router and it's around 200 bucks and it works great. You can also add a 4G LTE modem to it for super redundancy if you want to. And you can also get the same testimonial from Darren Kitchen at the Hack 5 warehouse who uses this with three Comcast Business lines to bond them. It's a Peplink is the same one. I use the exact same router. I can. Yeah, and I use the USB port on it to have a failover over to a LTE modem. So that's fantastic. So yes, we will have a link to that in the show notes or just search Peplink Balance 30. Yeah, it does have a weird issue where if you're doing some open VPN stuff, it can cause some weird issues because sometimes your packets will take whatever the best route is. So when you pull up, for example, what ismyip.com and you hit refresh, you're going to get a different IP address. Like you're just going to keep cycling through the modems. So it can cause some weirdness sometimes but otherwise it's all good. All right, well thank you again for sending that along to us Rico. And thank you Darren Kitchen for joining us. Hack5.org, H-A-K-5.org. We've had the whole team. Patrick was on, Shannon was on and now you've been on. So big thanks to your entire warehouse. Bring everyone else on now too. Nice, yeah, it's very exciting. Hey, you know what? This is a fantastic time to go and check out Hack5. If you haven't in a while, we have a really awesome episode out this week on life hacks. So it's very approachable. It doesn't get into crazy SQL injections or anything like that. So I, and it's all geared around maintaining your New Year's resolutions and building healthy, sustainable new life habits and things of that nature and some technology that can help you along the way. So if that's some of the interest to you, go and check it out, H-A-K-5.org or youtube.com slash hack5. That's H-A-K of the number five. And thank you Len Peralta for illustrating the show. What did you come up with today? Well, I can see his link, but he's muted himself. I went on mute now. Oh, there you are. There I am. Yes, you know, this might be considered low hanging fruit because it's, you know, it's, I don't know if things, of course, your stuff is going to come alive and sentient. But you know, I'd never drawn it before for the show. So I thought starting off the New Year with the Internet of Things worst case scenario, toasters, waffle irons and fridges coming after you, that's probably something that we don't want to have happen. I like that the refrigerator has a window screen. I know what I love is that, I don't know if this was on purpose, but you've embodied the Windows 2000 cubes. Yes, actually it was kind of, yes, I was trying to, I wanted to go back to win 98 for that. Oh my gosh. Well, you nailed it with, you hit Windows 2000 and that's a good mark. So yeah, Internet of Things, don't know if I'm on board with that just yet, but if you're in, you know, hey, you know, just be aware that your devices may become sentient, your miles may vary. Yeah, you gotta go check this out, ledproaltestore.com, if not to just look at it, definitely, you probably want to order it too. It's really good. That refrigerator is gonna haunt my dreams. Huge thanks to everybody who supports this show on Patreon, patreon.com did a nice little write up of 35 of their most successful patreons from the 2016 year and we were among them. And that's because of you and it's because of you that the show exists. DailyTechNewShow.com slash support is of course the place to find all the ways to support the show. Huge thanks to everyone who supports us like Todd Nolan, Peter Box, Daniel Clegg, and a tip of the hat to Alex Walker and Andrew Wolfe, who just raised their Patreon pledges at patreon.com slash DTNS. Our email address is feedback at DailyTechNewShow.com. We're live Monday through Friday, 4.30 p.m. Eastern at alphadiqueradio.com and diamondclub.tv and our website is DailyTechNewShow.com. Back on Monday with Veronica Belmont. Thanks everybody for hanging out with us. We'll talk to you next week. This show is part of the Frog Pants Network. Get more at frogpants.com. Diamond Club hopes you have enjoyed this program. That was a good, tight episode. Yeah, I liked it. I liked it too. I'm really adamant about this like, this kind of seal of approval thing, but I just feel like it's both a good thing and a nightmare. It's gonna be so easy. It needs an expiration date. Like I feel like we should actually put expiration dates on tech products. Like, oh, this router is spoiled. Yeah, yeah. The best before date. Yeah. Like. I think, and it's a longer conversation. I think there is a way to do it right. But you're bringing up all of the right concerns to have about doing it. You just implement tech that makes the router after so many months, just start to get moldy and smelly and then people will throw it out. Does this router smell bad to you? I think it's gone. Yeah. It's turning a little gray. Packets are coming out a little sour. Yeah. I don't see anything. You open up your laptop in the morning and you're like, whoa, oh, my router must have got that one. That's exactly it. You just need some like funk coming out of our laptops. Like, I think this is gonna need an update. Yeah. All right. Chobot is kaput. Chobot's got issues. It's not necessarily kaput. Let's not overreact. But we do have a secondary source. Thank you, Dark Redeemer, for putting together an impromptu place for the titles. Do you have that, Roger? Yes, I see it now. Sorry, I have too many windows. A show without titles. A show without titles. Thank you. Let me see. Ah, here it is. All right, see this bill, wiki. Oh, wait, what happened? What happened to the titles? They went away. Oh, they're there. Yeah, wait, wait, wait. Okay. Is the Internet of Things is happening? The wiki leaks. Leaks, bite-sized PCs, shaping social media, Intel's new cardware, encrypt all the Internet of Things, card-carrying member of the mobile computer age. Encrypt all. Encrypt all the IOT things. Okay. Or encrypt all the things of the Internet. I like that the word encrypt has become synonymous with security, and there's so many fallacies with that, but yet at the same time, I'm kind of like, okay, you know what, Normies, if that's what you're... If that's what it takes. If that's what you're doing, you know. Yeah. It's a good step. Idiot of Things, a show of feces. Idiot of Text. Yeah, that was the show that Jaren was describing happening out there. Yeah. Hope's Screens Eternal. I like Encrypt all the IOT things, the Internet of Things. I really like where BioCal is going with, FTC gives a D link in security. Oh, that's good. It should be gets an F in D link. D gets an F. I don't know. What's next? FTC goes after Microsoft for Windows 95 Second Edition. Listen, you can't... I think it's just... It wasn't a Second Edition, was it? All right, I'm kind of on Jaren's side. It seems... It's like... They did foster a culture of security. That's not what they're suing them for. That's a recommendation. But they said the word secure and it wasn't. They said it was advanced secure. Look, I get that the premise the FTC is using to sue is a little... has problems. Well, let's go after a game. I also think there's a big difference between companies thinking it's okay to just hard code their admin passwords and Windows 95 not being properly secured. Yeah, sorry, but consumer electronics is one thing. But when you talk about the actual impact to people, I feel like if the FTC was going to go after anyone, it should have been something like, I don't know, LinkedIn. Well, and then all of these data breaches, why does nobody ever... Why does consumer advocacy organization... Because they failed to go after one thing, doesn't make the other thing they do wrong. Well, yeah, but if they're gonna go into this territory now, suddenly it's like... You're just saying they should go into the territory. Computer security now. Why didn't you do anything about LinkedIn breach? Why didn't you do anything about the Outlook breach? Why didn't you do anything? I mean, I'm taking it from the viewpoint of you're suing them because they make a crappy product. Yeah. It's like... That's what the FTC does. And well, but it's... You wouldn't say LinkedIn is a crappy product. FTC goes after someone who makes a dangerous product. And so LinkedIn, that's a separate conversation. Maybe they should go after LinkedIn. It doesn't change whether D-Link actually made a crappy product or not. And I'm totally with you that there are big problems with this approach. But it also, for some reason I'm hung up on the idea of like, yeah, but if you hard code an admin password into something that is sold as the protection of a network, like that's a level beyond for me. Well, you know what? Then there needs to be a federal standard. I mean, like federal standard, we do that with automobiles, right? All cars sold in the United States have to have seat belts. Right? It's not an optional thing. I think there's a common law approach that says, hey, if you're saying we'll protect your network and then you hard code in a password that everyone can find and get into your network, like that's just not okay. There doesn't need to be a standard. That's obvious to me, but that's I guess what the one thing that I'm looking at here that I disagree with you guys on. Yeah, and when, you know, hundreds of thousands of email addresses and password hashes using a lame algorithm get leaked because of a data breach because you failed to secure your social network. Using MD5 I think is exactly the same thing. Yes, I do. But one wrong, one other wrong doesn't make the other wrong less prosecutable. Sure. That I agree with as well. And the title you ended up with is encrypt all the internet of things, correct? Those are two unrelated thoughts, but yes, I think. Yes, okay. Broke me. Sorry. Are you good with that, Darren? Yeah, yeah, sure. I mean, I like the D link one, but they're both good. All right. Whatever, let's continue perpetuating that encryption is security because it's, you know, I'm gonna give it a pass. If that's what everybody takes away from this, if it gets them using encryption, hey, you know, nothing wrong with that. Yeah, because it's not exactly right. I know what you're saying. No, it's not because there's, and there's so many failed ways to implement encryption, but everybody's takeaway from, oh my gosh, the last couple of years, you know, between Snowden and this election and everything. Well, would it be FTCP? Encryption is security. And it's like, well, not always. In some ways, encryption can. Really good encryption can help you be secure. Yes. It should, would it be FTC gives or gets a D link in security? Gives. Because you're giving it to D link, right? Gives it a D link. Yes, would be FTC. But like if FTC gets a D link, I mean, you're implying that FTC got a really, oh. See, that's why they're so upset. The FTC probably has a D link at one of the branch offices and they got hacked. It's totally it. It's totally it. They're like, there's our crap. Who let this thing on the market? The box. Should have said Swiss Chase. All right. So FTC gives a D link and security security. All right. Let's go with that one then. I like that one. Okay. Everyone, everyone good? Hey guys, Biocow, a lap belt is better than nothing. So I guess a stamp that says doesn't have password. Password is a good sticker. Feisty. Well, I'm actually still an advocate of that we need a badge on all websites saying what encryption methodologies they use to, you know, store your account credentials. Oh, and the FTC is actually advocating that for all. Goodness. Like you should be transparent about what security measures you're taking, not just encryption, but all the security measures you take. Right. I mean, I store everybody's stuff in plain text. I want you to know this. Yes. You should have to say it. Yeah. Maybe that's all, maybe that's all. Maybe you don't need a complex sticker system. Maybe if they just say, hey, whatever security measures you're taking, you have to admit them. Yeah. Like a kind of like a mandated transparency, you know, like for instance, a company operating a social network in the United States, like pretty sure they have to have a privacy policy published on their website. Yeah. So why would there not be a security policy? Is that a better compromise? I think it is because, you know, here's the thing. I would actually prefer not a badge that says like, oh, AES-256 or whatever. No, I get what you're saying. Yeah. I would actually rather a security policy that kind of outlines what are the, you know, both the technological and the processes that we use, right? Because obscuring those aren't making you any more or less secure. Right. So get out of that mindset. And then what that enables is an independent third party, kind of like the EFF or something like that to actually rate, like here are the top, you know, secure social networks or media or whatever have you of this year, you know, and actually like show like, oh, you know, these 10 sites use XYZ. And there are enough people who are interested in paying attention to those that the weak ones will be pointed out to folks who don't have expertise to look at them and understand what's going on. Yeah. And then the whole industry, they can adopt their own cool GIF or GIF that shows how awesome and their encryption is at login for those that know what it means and knows to look for. Kind of like the ESRB came out with all the different logos and such. Well, it's like terms of service, right? I mean, there's no sticker that says you'd have good terms of service. But when people have really bad privacy policies in their terms of service, it becomes very clear very quickly. Yeah. Like if you're, you know, if you're at some e-commerce site and they've got like some BBB logo on it, you're like, oh, you know, they seem to, I don't know, care. Well, and you saw what happened. What was it? Dropbox that did it recently? Who was the one that recently? No, no, I'm sorry. It was Evernote. Remember they changed their privacy policy to say, we're going to be able to read your notes. Yeah. Yeah. Oops. The dollar line. Yeah, it's good because there are, you know, watchdogs that like, yeah, it is us. There's consumers. We're empowered. And then we hold them. I'm really like this is the compromise solution of like, hey, no, you just have to say, you are required to say what security measures you're taking and the watchdogs will be the ones to leap on it and say whether there's an issue or not. Yeah, I mean, to get to there, all you need is enough consumers asking enough questions saying, hey, Facebook, hey, whatever, what do you use? What, you know, like be transparent about that. You're already transparent about how many national security letters you're getting. You might as well toss that in the report. Like, wouldn't that be cool? You're reading the Facebook 2016 zeitgeist, whatever. Yeah, yeah. And it's like, oh, we got this many NSL requests and we did this many, you know, dubious things with foreign governments. And oh, we also upgraded this many millions of accounts to this new higher level of security. Yeah. Absolutely. I love this idea. Oh, man. It's such wishful thinking. I know. Although, no, it is one of the things on that FTC page of best practices is transparency. So that's a step away from getting them to say, like, all right, let's just make that the rule. Transparency folks, it's not just a 24-bit PNG. You didn't go GIF. I'm very proud. Oh, no, no, come on. Got to be modern here. Seriously. Alpha channel is on here in the future. Yeah. Are you an alpha channel guy, Len? I have no idea what that even is. Alpha channel? That makes me feel a lot better about my Photoshop skills. Oh, yeah, I don't use alpha channel in Photoshop. Nice. I probably should, though, but, you know. No, one of those things where you have it slow and that's what you do. It's because you draw mostly. You don't really manipulate the image. Right, exactly. I mean, sometimes I do, but... Oh, my God. So what level, actually, hang on. I've really been curious, Len, since we're on the topic. Do you use the brush tool or the pen tool? I use the brush tool. Okay, so they're not vectors? No. Okay, because I was wondering, like, whoa, what awesome Patreon level would it be to not just get, like, you know, the high res JPEG, but to get the PSD file? Ooh, the PSD file. Yeah, I know, that's the lesson, you know what I'm saying? Yeah. What about transparent layers? Well, how big is your canvas that you generate? Well, usually, I draw it six or 300 DPI and 8 and a half by 11. But it just depends. It depends on what the final image, like, if I'm working on a book, what the final size in the book is gonna be. So I kind of work at that size. But usually, it's very, very high res. So I can sort of manipulate any size I need to. But usually, three to 600 DPI, so. It goes up to 13 by 19. It should look good, because it's pretty high res. I am, yeah, I had some issues with the Waycom driver making my stuff look like crap. So that was nice to be able to figure out today. It's still sort of weird and buggy. Waycom is sort of a strange. Is it where it doesn't, your pressure points are off or? No, what was happening was it was, like, if I moved the pen quickly, it looked fine. But if I did, like, finesse work, it made it all jaggy and weird. And it made my art look terrible. Not so with this piece today, because I- That's what happened to me, too. Oh, my life. Jaggy? Is your art machine also your general purpose computer machine or do you have a separate machine that's just for art? No, it's just this, I just have one. I'm not rich enough to do multiple computers. I have a podcasting computer and I have this computer. Okay. Yeah, we've got a machine in the studio that's responsible for recording the episodes and editing them and such. Yeah. It runs as a standard non-admin user and it has two things installed. Black magic and Adobe. Yeah, I do the, on my laptop, I have Photoshop on there to, you know, if I need to travel and do something in a remote place, but mostly that's my podcasting computer. So I will record stuff on that rather than try to muck up everything on one computer and try to ask you to do everything, because, but I just got a new, I just got a new iMac last week. So I'm excited. It's nice not to be able to have to wait a half an hour to restart something. Yeah, yeah. It's ridiculous. Yeah, with all those fonts. What about you, Tom? General Purpose, so do you have a special, just don't touch it, it works podcast rig? I have a special don't touch it, it works podcast rig. Yeah, that's the way to do it. It's a Mac mini. Oh, there you go. It's not super complex because all you have is an ethernet connection and stream and a USB port for the audio to get into it. There you go. Yeah, and it's, and then you could go work on another computer. You don't have to worry about it. I do everything else on my laptop. Yeah. So there's just another thing about Len because it's like, when you get it, Pristine, like don't touch it. Yes. Suddenly, like everything's working great and they were like, oh, let me just try out this chair. No, the nightmare story was last week, right before Christmas or the two weeks ago now is something went wrong with my computer and I was on with Wacom for hours trying to figure out what was going on. Like I updated the new driver and it just, it made everything look like absolute crap but I looked like, I looked like I was a hack, which, you know, I guess maybe I could be a part of it. Hey, hey, that's my friend Len you're talking about. Well, it's interesting, we used to do that, I used to do that for revision three, have two separate machines and I said, screw it, I'm just going to have both do both in case, because there's always an instance where something happens and you need a backup and I need to have a similar set of tools on both. Well, I do that. My laptop has all the tools. In fact, I did the show from CES on my laptop because it has all the tools, but I don't put any of the other tools on this one. And I had to blow this computer out one time and it was easy to reset up because there's so little on it. Yeah, it's a good feeling. I'm kind of, I'm kind of anal because I do this from, I basically, it's a habit I got into at Screen Savers. I basically image every build I have. Yeah, yeah, that's good. So, if it works, I image it out and then I just have, I, you know, granted each space but I have like, you know, eight, you know, five, 500 megabyte or not megabyte, gigabyte, you know, image of what, you know, all these, all these images. And then if it totally goes, you know, horizontal I'll just re-image it. If it's not a hardware, if it's hardware issue it's a different issue, but it's not for us to blow it out and then I don't have to waste time tweaking everything again. It's funny. I've been podcasting and editing audio for over 10 years and I still don't feel 100% certain about everything. Nor do you need to do that. It's like, you know, it's like learning, you know, photoshop. It's like, why, why, why learn alpha channels when you- Yeah. See, that's the thing I needed to do is alpha channels because it's one of those things you need to do to an image for video editing. Oh yeah. It's a, it's such a general purpose tool that like you end up learning the parts of it that makes sense for you. And even if you're only using 2%, you're using your 2%. Well, I've always, I've always believed like you learn as you, as you progress there are little bits of the tool that you discover, learn that make things a lot easier. Like actions, like trying to figure out actions for the longest time with something I was like, I don't want to, I don't want to deal with. But when you have to do like 20 of the same things, like how do I do this? So photoshop will automatically do it for me once I, once I do one action for this image and then it can do it for the next 19 by itself. I will actually admit that I've written USB rubber ducky payloads to automate really mundane tasks that I need to do in things like spreadsheets that I probably could have written macros for, but it was just easier. It's like, what I need to do is hit control C, then alt tab, then control V, then enter, then tap, then alt, then control S, then, you know, it's like, and then labyrinths repeat a thousand times. That's great if it works. All right, thanks everybody for watching. We are published. Woohoo. Have a great weekend. We'll see you later, everybody. Yay.