 Coming up on DTNS, a virtual whammy bar for your guitar and keyboard, a pair of leaks for both Apple and Android fans, and Microsoft warns that the SolarWinds attackers are still at it. This is the Daily Tech News for Friday, May 28th, 2021. We made it. In Los Angeles, California, I'm Tom Merritt. And from Studio Redwood, I'm Sarah Lane. From Studio Colorado, I'm Shannon Morse. Drawing the top tech stories in Cleveland, I'm Len Peralta. And I'm Roger Chang, the show's producer. We were just talking about Mosquito Lake and the size of Juno on Good Day Internet. If you would like that expanded conversation, get the show. Go to Patreon.com slash DTNS. Let's start with a few tech things you should know. Google Photos will end unlimited free storage for photos and videos starting June 1st, after which time new photos and videos that you upload will count towards the free 15 gigabytes of storage that comes with every Google account. But photos or videos that you've already uploaded will not count towards that cap. So consider this your cue to upload those photos and videos now before they start counting. Google wrote out a new free tool to help you manage your storage, and Google One subscription started $2 per month in the U.S. for 100 gigs of storage. Ten-year-old consumer advocacy group Stop the Cap examined pricing for spectrum customers in Rochester, New York. It found that customers who lived in neighborhoods where Frontier and Greenlight offered fiber internet service, you were offered 400 megabit per second spectrum service for $30 a month. However, if there were no competitive services at your address, in other words, a spectrum was your only option, the cost was $70 a month for 400 megabits per second. Price guarantees are longer in competitive areas, and installation costs are cheaper there as well. These are promotional prices, not your ongoing price. And Charter, which runs spectrum, told Ars Technica that non-promotional spectrum prices are consistent within each market. India's Tattas Suns has acquired a majority stake in India's Big Basket Grocery Delivery Service. Big Basket works with more than 12,000 farmers directly to deliver fresh fruit and vegetables. It will fit in as one element in a planned Tattas Super App that could also include Cure Fit Fitness App that Tattas is also looking to acquire. Anybody's making a super app now. After a one-month delay, Rivian announced its R1T Electric Pickup and R1S SUV deliveries will start in July. Company plans to contact everyone with a launch edition pre-order by November and hopes to complete all launch edition deliveries by next spring. Updates for the R1T and R1S include a now-standard onboard air compressor, a now-optional off-road upgrade with new adventure gear options and an 11.5 kilowatt-hour home wall charger. Rivian says offers 40 kilometers of range for every hour of charging time. I really want that R1S. Oh, do I want it? Maybe someday, never. The US FBI announced that foreign actors breached the network of a local US municipal government using an unpatched vulnerability in a 14-net VBPN appliance that the FBI had issued a warning about back in April. Once on the network, the attacker created a backdoor account named LE, then later created further backdoor accounts on domain controllers, servers, workstations, and active directories. All right, let us talk about the App Store. Not really. When you list an app in the Apple App Store, developers list what kinds of in-app purchases are available and how much they'll cost. That helps you evaluate the ongoing cost of using an app. If you're like, well, it's free to download, but I'm going to have to pay $3 for the Twitter Blue subscription, for instance. You'll want to know that before you download it. Twitter now lists a $2.99 a month Twitter Blue subscription under in-app purchases in its iOS App Store description. Although the feature does not appear to be live in the actual app. However, app researcher, and may I call her magician, Jane Mansion Wong, says she has been able to become the first paying customer. And Twitter Blue comes with color themes, custom app icons, undecend, and a collections feature. You can, you know, favorite things and keep them in a particular collection so you can organize your favorites. So she became the first paying customer, not just because she happened to be the first person that noticed this. The implication is that she figured out how to create an account. How to become a paying customer. I got to say, I'm a little underwhelmed by what you apparently are offered for $3 a month for Twitter. You know, the big one is the undecend, right? I don't really see how this is much different than deleting a tweet. If I compose a tweet, I say tweet, I realize within, I believe the last I heard was Twitter would allow a delay of up to 30 seconds, kind of like the undecend, you know, in an email client. You know, if I realize it that closely and I'm paying for the undecend feature, then I can be like, ah, whoosh. I don't want anybody to see that I feel stupid kind of thing. But anything beyond that, I would just have to delete the tweet. So it's, I don't know, you know, changing a color of my Twitter experience. Maybe it would be nice. Not something I'm clamoring for. I wonder who wants to buy this package. It makes a little bit of sense to me. I know a lot of people who like have grammatical errors that they figure out later and they might want to use the undecend for that. But again, you would have to notice that like right after you send that tweet. For me, this would be super useful if they let you edit tweets. For example, if you had a really engaging tweet and you were linking out to a very specific thing like a YouTube video or maybe a blog or a news article or something that you wrote. It would be nice if there was a change in that link, you could change that link afterwards, like that kind of editing ability. That would be nice. I realized why they don't put it there because they, a lot of places use news or use Twitter as a part of their news articles or news outlets. So there is a reason why editing doesn't exist. But that would be the only thing that would really make me like say, hey, I would totally pay for this. If I could force other people to see like a pink profile on my page, I don't, I don't think that would be worth three bucks. You can do all of this with other things, you know, with third party apps and extensions and things like that. Granted, it's sometimes worth paying for something to make it easy so that you don't have to go do it yourself and you can get the stock experience and all that. I get that. I don't see these four things being worth it for me. Not that the three dollars is too high of a price. They're just not things that I'm that interested in making easy for me. I was hoping they would come out and maybe they still will. I mean, this is just Jane mentioned long saying I figured out what's in here. There might be more things coming. They might also add in more things down the road after they officially launched this. I was hoping for more creator focused stuff, you know, content subscriptions, things like that. But we'll see. Hey, one more Twitter thing before we get off of Twitter, eight days after relaunching public applications for verification. Twitter said Friday it is quote, rolling in verification requests and they're pausing accepting new applicants while they review the ones that have been submitted and they hope they'll unpause very soon. So moving on. Have I been pwned is this database of username slash emails and hashed passwords that let you look up your accounts and see if you have been breached or if your password or username has been leaked anywhere. It's been run by security researcher Troy Hunt for a very long time and he has contemplated contemplated over the years selling it or otherwise disentangling himself from the application. So in August of 2020 he decided to make it open source and let the community start to manage it. Hunt announced that the code for pwned passwords is now open source and available on GitHub under a BSD three clause license. So Pwn passwords is not the entire have I been pwned API and service. It's basically a feature that allows you to enter your passwords to find out if those were leaked specifically separate from the email addresses. It receives Shaw one and NTLM hashed pairs of passwords and they are never ever stored in plain text in the database. So the data is stored in Azure, and it is working with the 501 C nonprofit called the dot net foundation on managing the open source project and dot net has nothing to do with Microsoft in case you were concerned. In addition, the FBI is also going to now add data from breaches discovered during its investigations to help make the database even more comprehensive. The FBI data is also going to be provided to the Pwn passwords program and all of that data is also going to be hashed as well with Shaw wine and NTLM. Yeah, I think taking the pressure off Troy Hunt is a long time coming. This is an incredibly valuable service to the internet to provide. I think the thing that a lot of people wonder, especially if they haven't used it before or they hadn't even heard of it before is, is it safe for me to enter my password into a database when I'm worried about my password being stolen? Like how does that work? Absolutely. Yeah, I'm glad you mentioned that because that's a huge concern. And it's one that I've heard people say like is Troy Hunt just basically collecting all of these passwords? Like what is he going to do that? Or the same thing with email addresses? Is he going to start spamming everybody who puts their email address into his website? And that's not true at all. So it's basically using this mathematical property to create these hashes, which are basically just a whole bunch of generic numbers and letters that are tied to each of these different kinds of passwords. And this is called k anonymity. So whenever you put in your plain text password into the site, it hashes that and turns it into a string of this sha one slash NTLM hash pair so that it'll it'll match it up and try to figure out if your password was indeed breached without actually sending your plain text password over to the entire database of hashes that are actually stored on the have I been pwned database. So it does keep the data separate and it does keep it anonymous. But the mathematical part of that, it is a little bit confusing, but it does help create that anonymity so everybody is safe if you're entering in those plain text passwords. Oh, go ahead, Sarah. Oh, okay. It sounds like two for anybody who's like FBI is involved. Hmm. I mean, FBI is just saying, hey, we're going to add data to this project so that the data is smarter. Yeah, this is data the FBI is finding, right? Yeah, they're sharing hashed versions. They're not, you know, again, they're not handing it over in plain text. Exactly. Yeah, they're they're sending all all of this information over to the have I been pwned pwned password database completely hashed. So even if they did have plain text passwords from any leaks or database breaches or any kind of vulnerabilities that the FBI has found they're not going to be sending that information over in plain text to this this pwned passwords database. Now, I see who is it here soft boiled eggy says you don't enter your password you enter your email address if you go to the homepage of have I been pwned calm that is correct. He wants you to use your email address to see has your email address been implicated in a breach but there is a function for using passwords right. Yes, so up at the top and I'll direct users to it. There is a link that says passwords and if you click on that it's an entire separate database that was included on the have I been pwned website. Back in I want to believe I want to say 2017, and there's currently about 600 and 613 billion different passwords that are included in there, or sorry 613 million that are included in there. So these are all different passwords that were either hashed or plain text that have been included in this database so you can actually put in your real plain text passwords and find out if those were breached or leaked anywhere along the line. And it won't tell you the accounts so somebody can't go in trying to like figure out like which which accounts use this password. It'll just say that password has been used in this many breaches so you probably want to change it. I'll give you an example I have an old password that I used to use back before I knew anything about security privacy. I put that in and the only thing it will tell you is how many times that password has been leaked in some kind of breach. So it tells me that password has been seen four times before. So I know that's a vulnerable password and I should never use it before but that's all the information I get I don't get the email or the username that's tied to it I don't even get what website it's from for the leak. I just know that the password was not a good password to use. Well, for anybody who might be feeling a little peckish we've prepared a duo of product leaks for your entree today. Please sit down get comfortable. First Bloomberg Chefs Mark Gurman and Debbie Wu have once again teamed up on a fresh Apple Air Pods leak. Hmm. Their sources say that Apple released updated will release updated base model Air Pods later this year with a shorter stem that might be interested to some people also a new case design similar to the Air Pods pro new Air Pods pro themselves are expected next year and will supposedly include fitness focused motion sensors. Now as a counterpoint for those with more Android preferred pellets, you might enjoy an analysis of the APK for Google's messages by XDA developers, which found that Google is working on support for pinned messages and bookmarking messages across conversations. It's not clear from the code when or if Google will activate them though. I long time coming on Google messages, although I don't know that I will ever use bookmarking messages on any platform, but pinned messages I have used before so that that'll be that'll be a nice to have Shannon and anything and either one of these appeal to your tastes. So even though I have an iPhone, I've never actually purchased one of the pairs of Air Pods, and it's specifically because they have those stems. I really wish they would go the route of, for example, the Samsung Galaxy buds, plus or pros, because those don't have stems on them so they don't get caught in my hair. Yeah, they made the stem shorter with the Air Pods pro and it sounds like the new Air Pods, not pro, are going to have shorter stems, but they still gotta add the stems the way they design them. You know, I don't like them either Shannon. I'm using I use the job as most days will one of them for for this show. And I mean you can see it. I'm not fooling anybody, but yeah, there's something about the dangle that I'm not crazy about either. I will say as far as pinned messages, bookmarking messages. Yeah, I'm kind of, I know we're talking about Google messages now but I struggle to think of two situations where I'd want one or the other. But I can't tell you how many times somebody like maybe I said hey remind me of your address again I forget how to get to your house and I know it's in my messages somewhere. And you know some key words sometimes bring it up if I'm trying to you know go back maybe up to a year between some message thread between me and somebody else. So pinning things like that would be very nice. I like the idea of pinning for example I had to look up a shipping tracking notification from one of my friends that had texted it to me and I keep on having to scroll back in the conversation to find it and then copy and paste it into the browser to look up the tracking. It would be nice if I could just pin that so I don't have to scroll back and forth every single time. And really quickly there's a lot of folks besides just the ones you see and hear on the show who make the show possible. And if you're interested in learning more about them. Why not head over to our about us page because we just redesigned it you're going to find links to all the companion shows we do as well. In case you're not aware we have a Spanish language show we have one that's deep dives into individual topics. Go check out all the contributors co hosts and related shows like did you know there's a live with it there's a brand new live with it on Roomba. You can find it at daily tech news show dot com slash about Microsoft announced that the organization believed to be behind the solar wind supply chain attack has been linked to a malicious email campaign targeting 150 government agencies, research institutions and other organizations in 24 countries. The attackers compromise the constant contact account of USAID, which is a US agency that manages foreign assistance. With that account access the attackers could send emails that appeared to come from the USAID Tuesday's emails were sent from USAID accounts to 3000 different addresses with links to documents on us election fraud clicking on the link took the user to constant contact, which was then redirected to a server that use JavaScript that caused an automatically downloaded file to an ISO image containing a shortcut to reports, a PDF and a hidden DLL file. So clicking on reports opened up a PDF and the hidden DLL and the DLL installed a back door. So the back door enabled persistent access which of course could be used for getting data for infecting others on the network. Pretty worrisome. Most of the emails were marked as spam, but some may have actually gotten through, unfortunately. Yeah, I mean, the news here is solar winds attackers at it again. And also let's give them a fifth name, because they refer to that organization by so many names. I just started talking about them as the solar winds attackers. This is not not a particularly unusual attack. Is it Shannon? I mean, it just tricks you like with with a click baby thing. Oh, election fraud. I want the documents. You get a PDF. Yeah, I think you got the documents and in the background you're getting a back door installed. Absolutely. Like this is so it's so historical. We've always seen attackers use some kind of emotional context to get people to click on spearfishing campaigns. And this is exactly that thing. And in this case, specifically, I did want to point out that Microsoft did say it's anticipating additional activity, maybe carried out by the group using an evolving set of tactics. And Vilexity, which is a security research firm, they also agreed with Microsoft and they they also said the same thing that it's entirely possible that a lot of these attacks did indeed get through because they did not see a lot of instances on virus total. So it's definitely something for government organizations and contractors to be on the outlook for because these are serious problems that we are currently experiencing in this day and age. Yeah, and it's not like those attackers stopped after December when the solar winds was was discovered, right? If anything, this just gave them more intel so that they could do more reconnaissance on the government agencies. Well, let's switch away from a security story to a music story. Sony has launched an Indiegogo crowdfunding campaign, which which it does from time to time usually in Japan but this one actually applies to the US and Japan both. It's motion sonic, a small capsule that you wear in a rubber band, like a fitness tracker band, you know, different bands are meant for different things. There's a wristband that's useful for emulating a guitar and one that fits around the back of your hand if you're doing a keyboard. It then uses an iOS app to link your hand motions to musical effects like a delay when you move your finger left to right or maybe pitch adjustment when you roll your wrist. Then if you connect your instrument to an iPhone and run the music from the instrument through the iPhone, you can implement the effects while you play. So it's like a whammy board. You're playing the guitar. You got this thing on your strumming away and then you like roll your wrist and suddenly you can make vibrato happen in the guitar or you're playing the keyboard and you turn your hand over and the pitch goes way up and you can do like some cool effects. Motion Sonic is going to ship to the US and Japan in March. The first 400 units going for 23,900 yen, which is about $218 US. After that, it'll retail for 27,200 yen. But a really, really cool way to make it easier to do some effects, don't you think? Oh, for sure. And if you watch the video that's on the Indiegogo campaign and the link is on our show notes, you get a much better sense of, oh, wow, this would be, well, not extremely difficult if you're a really great musician. There are other ways to make these effects happen, but a very seamless way to make somewhat complicated effects happen. And I am not musically inclined at all, but it just looks like magic to me. My first reaction was also like, well, why is Sony doesn't need the money? Why is Sony doing this? Is this more about, hey, we just want to make sure we have a base number of people who want this product rather than this is the money that we'd need to go forward? It's interest, right? It's not scrappy little startup Sony, man. If we could only scratch together the yen, we would do this product, definitely, right? It's a way for them to do prototypes, basically, and drum up crowd interest at the same time. And like I said, they've done it a few times in Japan with products that come out of their experimental research and development labs where they're like, we don't want to invest the amount of money to produce this at scale. But let's see if we can get a guaranteed number of people willing to pre-order it, essentially, and then that'll justify it. I like the accessibility route of this. If you don't have perfect movement in your fingers to be able to do different things with instruments, I feel like this would allow you to still get that same kind of sound, but just by a wave of your wrist as opposed to using your fingers rather quickly to be able to create the same kind of sound. So it might be useful from that accessibility for folks that don't have that kind of movement available to them. Yeah, you can change. Like a whammy bar works like a whammy bar, right? And if you can't make it work, you can't make it work. But you could say, oh, I want that effect, but I want it to be a movement that I can make. That's a really interesting way to look at this, too. And, you know, a few hundred dollars, that's super cheap, but it's not like, you know, beyond the pale as far as somebody who might want to take a flyer on it, especially if you're a musician who likes to experiment with stuff. I think this would be fun to play with. The only downside I can see is that it's not Android compatible at this point. It's only iOS. Well, I know we already fed you a meal earlier in the show, but you might still be hungry. And if so, Kellogg's has good news for you because the company is partnered with Food Service Robotics Company, Chowbotics, to create something called the Kellogg's Bull Bot, which lets you custom mix multiple cereals together. Yes, it's a robot cereal maker. And if you want to get extra wild, you could add things like chocolate, fruits and nuts, yogurt, even syrup. The Bull Bot will first serve students at Florida State University and the University of Wisconsin-Madison. Some pre-selected combos include snap, crackle, pop, pop, pop, which is Cocoa Krispies, Rice Krispies, hemp, pumpkin, and espresso syrup. Or you might prefer Hawaii 5-0, frosted miniweeds, bare-naked triple berry granola with pineapple, coconut, and mango bowl, which might be delightful and it might cause you intestinal distress. Who cares? It's fun! Bulls start at $2.99 and go up to $6.50 with lots of extra toppings. And I just can't give enough kudos to whoever was like, you know where we should test this? A college dorm. I mean, when I was in college, which granted, you know, was during the first Bush administration, I would have gone nuts for this. I would have used this every day. If this had been in the dorm cafeteria, I absolutely would have been creating a different recipe every day just to try it out. Because I essentially was doing, you know, back in my day, you just had the big plastic bins and you had to make your own creations. Now kids today, they got robots doing it for them. It's great. I'd be more than happy to mix up some cereal even though I'm 35 years old. They can put one of those in my house. I use Lucky Charms and like Frosted Cheerios and all sorts of good stuff every single day. So if they want to mix up some of that up and use me as a guinea pig, I'm more than happy to help. Yeah, same. Cereal, fruits and nuts, yogurt, it's great! We're seeing more and more of this technology, this sort of like robotic sorting technology that can be a little smarter than a purely mechanical vending machine. And I love that. I guess the first one I ever encountered wild was the universal soda machine where it was using the robotic system to mix the carbonated water and the syrup in a way that it could mix your sweetener and your syrup at the same time. So you could get caffeine-free, sugar-free versions of everything. You just, you picked your flavor and whether you wanted caffeine and sugar or not, and it would do that. Now they've taken it even farther. We've seen the stories about salad bowls and restaurants being able to do this and now the universal cereal machine. What's next? Alright, let's check out the mailbag. Let's do it. We got a few emails about our discussion yesterday with Justin Robert Young about those who buy Blu-ray games, spending more overall on games but less on add-ons. Mike and Dusty Dubai in particular wrote in and said, I'll buy a PS5 with a disc drive eventually. I bought my PS4 a little over a year ago on sale. It was bundled with some games that I was interested in. It'll be a few years before I buy a TV that would benefit from the more powerful PS5. And I love that Sony is releasing games for both systems and will allow buyers to have an upgraded version of the game when they move to a new system. Mike says, the reason I'll dish out more for the drive is I'm cheap. I rarely buy games on release today. I wait for them to go on sale within a few months. I rarely pay more than $20 for a game. If I end up saving money by getting physical copies of games for a fraction of the price, the more expensive version is worth it. The analysis that people buy in the Blu-ray drive version spending less in total makes sense. Nick Frank and Nicholas all wrote in with similar emails as well. And I assume we could have done a better job of clarifying this story. But Mike said the analysis that people buying the Blu-ray drive version spend less totally makes sense to me. I think is missing, maybe not, that the story was that PS5 owners with Blu-ray spend 17% more on actual game titles. The reason they spend less overall is because they spend less on add-ons. But Mike and several other people, and I think they represent a section of people, are like, yeah, no, I get the disc because I can save money. I can buy used copies. I can get things on sale. Nick was telling us it's different in Australia that the disc copies are often sold at less than the digital copies. But y'all with the Blu-ray disc are spending more on the actual titles. So it's the opposite of being able to save money. It's just that you're not spending on the add-ons later. So I'm curious if you have a perspective on why that is. Yeah, for sure. Yeah, if you have a perspective or you have a thought on anything that we talk about on the show, send it to us. Share your knowledge. Feedback at DailyTechNewShow.com is where to send that email. We'd like to shout out patrons at our master and our grandmaster levels. Today they include Brandon Brooks, Tim Ashman, and High Tech Oki. Also, we asked very nicely yesterday and our brand new boss, Brandon, not Brandon Brooks, a brand new Brandon, just started backing us on Patreon. We said we'd shout you out, Brandon, and we arched out in you out. Thanks for making our weekends bright already. Brandon was smart. Yesterday we said, look, you want your name in the show. All you got to do is back us on Patreon. You're in the show tomorrow. Brandon, Brandon, new one. What's up? Ask any shell, receive. Good job, Brandon. All right. Let's thank Len Peralta as well, who has been drawing for today's show. What have you drawn for us today, Len? Oh, you know, I feel like I missed out on trying to draw the serial bot. I feel that would have been perfect, but it was a kicker store. I didn't know if it was going to be on. But I ended up going with the have I been pwned because I just thought that was a funny name. And the image is of a gentleman who's thinking, hey, I haven't been pwned. I'm sure I'm safe. Meanwhile, he's got his date of birth, his mother's maiden name, his social security number, and his password all printed on his face and his hand. So he has been pwned. He's also wearing a sash that says Pwn. Somebody put a sash on him that says Pwn. He doesn't even know it's there. And he has a big L on his head, not that if you've been pwned, you're an L, but unfortunately, you know, that's the way you feel. But if you'd like to see this image, you can go over to my Patreon, patreon.com. It's right there for you. If you're a Patreon backer, you can download it. You can also go to my online store at LenPeraltaStore.com. Also, before the show, if you want to watch me do this, draw this live, you go to twitch.tv. And watch it live and kind of make, you know, just kind of be a part of it. Be a part of the fun. So check it out, everybody. Thank you, Len. Also, thanks to Shannon Morse for being with us today, Shannon. I know you're real busy. You got videos coming out all the time. Where can people find your work? I always do. In fact, my studio build for construction is almost done. So hopefully by the next time I'm on the show, you'll see a brand new studio behind me. But today I just wanted to give a shout out to my fellow co-host on Hack 5, youtube.com. We just hit 700,000 subscribers. And for a hacker channel, that's pretty awesome. YouTube hasn't canceled us. So I'm pretty happy about that. Yeah, long deserved. A lot of long years and hard work gone into that. So congratulations to you and Darren and everybody over there. That's awesome. Thank you. We are live on this show Monday through Friday at 4.30pm Eastern, 2030 UTC. Find out more at DailyTechNewShow.com slash live. We're out Monday for the Memorial Day holiday in the U.S. But we're back Tuesday with Allison Sheridan. Talk to you then. This week's episodes of Daily Tech News Show were created by the following people. Host, producer and writer Tom Merritt. Host, producer and writer Sarah Lane. Executive producer and booker Roger Chang. Producer, writer and host Rich Strafilino. Video producer and Twitch producer Joe Kuntz. Associate producer Anthony Lemos. Spanish language host writer and producer Dan Campos. News host writer and producer Jen Cutter. Intern, Dr. Nicole Ackermanns. Social media producer and moderator Zoe Dedering. Our mods, Beatmaster, W. Scottus1, Biocow, Captain Gipper and Jack Shid. Mod and video hosting by Dan Christensen. Video feed by Sean Wei. Music and art provided by Martin Bell. Dan Looters, Mustafa A, A-Cast and Creative Ast Arts. A-Cast ad support from Trace Gaynor. Patreon support from Stefan Brown. Contributors for this week's show included Scott Johnson, Justin Robert Young and Shannon Morse. Guests on this week's show were Nate Langson. Live art performed by Len Peralta. And thanks to all our Patreons who make the show possible. This show is part of the Frog Pants Network. Get more at frogpants.com. I hope you have enjoyed this program.