 Hi, this is Allison Sheridan of the NoCellicast podcast, hosted at podfeed.com, a tech-dology geek podcast with an ever-so-slight Apple bias. Today is Sunday, July 9th, 2023, and this is show number 948. Well it's that time of year again, it's time for me to ask you to step up and help create content so I can take a couple of little trips with Steve. This coming week is our grandson Forbes' birthday, and I've also got a video due to Don tomorrow, which means it's gonna be super tight to get content together for this coming week. So any early submissions in the next couple of days will most likely make the next show if you can help me out. Then two weeks from now is MacStock, so a week from this coming weekend. We're gonna be out of town from July 20th to 24th, so I'm pretty sure I'm not gonna be able to pull off the show that week before Sunday, because I'd have to get it done like on Wednesday, which means I'd have like Tuesday to get it done. Anyway, I'm gonna need a lot of help from folks for that week's show. I'm quite likely to have to slip the show till Tuesday and shove a mic in people's faces during MacStock to get content, but that might be fun as well. Then we're going to Mammoth Lakes for a week with Lindsey and her family August 6th to 12th. So if you have something right quick for me, I can use it. If you have something in a week, I can use it. If you have something the week after that, I can use it. So dust off those microphones, look around at all the gadgets and software you have on your desk and please do a review. Let's keep this 18-year streak alive. You can send them to me at allisonatpodfeed.com. This week's episode of Chit Chat Across the Pond is another installment of Programming by Stealth. Now, if you've been following along, in installment 152A, Barton and I decided to hold off on the middle of the lesson that he'd written up. That middle bit where he said, put a pin in it was about the use of X-Args. I am so glad we did skip it in the last installment because it's a pretty useful concept and it deserved a lot more attention than we would have given it if we tried to cram it into the middle of that episode. The other good news is that Bart learned a bit more about how X-Args does its magic, so he was better able to explain it and he updated the show notes with a lot more detail and a great worked example. As a teaser, the big problem X-Args was designed to solve is that there's times when we want the data from the standard input stream, STDN, to be passed to another command as one or more arguments. In any case, you can find Bart's fabulous tutorial show notes at pbs.bartafisher.net. Well, happy OS Beta season to all of my Apple friends. As you may know, back in June during WWDC, Apple announced that developer betas would be available right away for Mac OS Sonoma, iOS 17, iPad OS 17, and watch OS X. They also said that public betas of all the OS's would be available in July for the masses, but then they did something unusual. They did not put restrictions on who could download the developer betas. Because nobody does FOMO, fear of missing out, better than Apple people, I've seen a lot of normally self-restrained folks loading up these developer betas on their devices. If you have a spare iPhone, iPad, Mac, or Apple Watch, that's a fun and probably harmless exercise. And while public betas are still betas, they do tend to be a bit more stable than developer betas. But obviously, if you depend on your device to get work done or communicate with friends and family, you would never ever put a developer or public beta on your primary device. You know that, but you're still tempted, aren't you? Now explain two weeks ago how to create a separate volume on your Mac with APFS, the latest file system, and explain that you can install beta OS on that volume and not put your primary machine at risk. Kind of the best of both worlds. Sadly, those instructions came a little too late for Mr. Edd, as he'd already given it into temptation and installed Mac OS Sonoma developer beta 2 on his primary machine, a MacBook Air. And to be fair, he also has an iMac as a backup, so it wasn't the silliest thing to do. Now I got a hint that he'd put the beta on his Mac when he texted me with the question, are you on Sonoma? From there, he went on to explain that he had a tiny smidge of a problem when he was wondering if I could help. He was unable to type on his keyboard. Okay, well technically he could type, but no text appeared. He only heard clicking sounds when he typed. He reported that the mouse worked just fine. As a diagnostic kind of fixed step, he tried rebooting with the shift key held down, which had it been an Intel Mac would have booted up into safe mode. But his MacBook Air is an Apple Silicon based Mac. For future reference, to boot into safe mode, if you have an Apple Silicon Mac, hold down the power button until you've shown the disc from which you can boot. Select a volume and only then hold down the shift key and click continue to boot into safe mode. Now I suggested he try an external keyboard, and I'm not sure if he tried that or not. But right around the time I suggested that step, he mentioned that clicking on the tail scale menu item didn't do anything. You may remember that tail scale is an interesting networking tool that I recommended back in November. It allows you to put all of your devices on a virtual private network while they also are still on your normal network. Tail scale runs as a menu bar item. I didn't get as far as asking whether any other menu bar items were misbehaving, but I dashed over to the Googles and I searched for macOS Sonoma keyboard problems. I was quickly rewarded with a Reddit post about the same keyboard issue on Sonoma Developer Beta 2. The poster explained that their keyboard worked in Alfred, but nowhere else. That was curious. Two people said they had the same loss of keyboard access and they traced it back to little snitch. Another person posted that Postgres menu helper was the problem. Yet another person posted that it was Parallels Toolbox that was causing it. Yet another person said it was Western Digital Discovery. And finally, someone said that quitting tail scale would fix the problem for them. The one thing I see that all of these things had in, all of these different apps had in common was that they were all menu bar items. I got back in contact with Ed and we discussed how he could force quit tail scale to see if it would release his keyboard. Menu bar items don't show up in the normal force quit menu, but I knew a way to do it for any process. I suggested he use his mouse to open applications and then utilities and then double click on activity monitor within there. Once he had activity monitor open, he could sort alphabetically and scroll till he found tail scale. On the left top side of the toolbar for activity monitor, there's a tiny icon of an X inside a circle. If you hover over it, the tool tip says stop. With the suspect app in focus, hitting the X icon offers to quit the app or you can choose to force quit. And when I'm annoyed at a menu bar item or any other app, I don't wait around to see if regular quit works. I just jump right to force quit. So Ed followed my instructions and as soon as he force quit tail scale, his keyboard became functional again. And while it was really fun to be the hero saving a good friend in a time of crisis, I tell you this is a cautionary tale. Do not ever, ever, ever put a beta operating system on a device you need to reliably use. Unless, you know, you just can't stand to be left out of all the fun, of course. I'm not blind, but ever since I was nine years old, I've been fascinated by assistive tech for the blind. When I was nine, I read a book called Follow My Leader by James Garfield in which a young boy named Jimmy is blinded by fireworks. I also don't like fireworks. Anyway, in the book, Jimmy learns how to deal with his loss of sight, including learning braille. As a little girl, I got a piece of cardboard and a punch from my dad's shop and I made dents in the cardboard to simulate the braille dots of the alphabet on the flip side of that piece of cardboard. I taught myself the alphabet sitting on the floor of my bedroom. When I was in high school, my mom began to lose her vision to macular degeneration. She faced it with courage and strength and never once complained about it. The pod mom was pretty amazing. When her vision was getting pretty bad, she had a salesman from V-Tech come to the house carrying a giant machine to demonstrate to her. The basic idea of the V-Tech device is still in use today. It has a flat area where you place a piece of paper that you want to read. Above that is a large display. At the time, it was a CRT and has a camera underneath that points down at the paper. The V-Tech had controls for zoom level, contrast and colors. My mother was enchanted with the V-Tech and my father, who was devoted to her, wouldn't even let the salesman leave with the demo model. He bought it on the spot and told him, you're leaving it here. This began my mother's love of assistive tech. She even did a review for the no-silicast about a digital book reader that she was wild about. If you'd like to hear her back in 2010 telling us about it, there's a link in the show notes to no-silicast number 259, and her appearance is right near the very beginning of the show. It's an intelligent assessment of the book reader, and she makes fun of me kind of a lot, so you'd probably enjoy it. Now, I enjoyed learning along with the Podbomb about assistive tech for the blind. Eventually, I started getting interested in the built-in screen reader software on all Apple products called VoiceOver. I dueled the round with it here and there, trying to figure out how it worked. I was starting to get the hang of it, and then I got a crazy idea. Maybe I could force myself to learn how to use VoiceOver if I committed to doing a tech talk at Macworld while blindfolded. I was just as nutty of as an idea as it sounds, but I didn't learn VoiceOver without help. A lot of blind folks love podcasts because guess what? They like everything that sightlings like, so I started leaning on my blind friends I'd made through the podcast to help me learn. Learning to use VoiceOver on the iPhone was pretty easy because everything's kind of in a nice grid, controls and applications are predictable places and most buttons are labeled. My understanding is that Apple provide a very structured API that makes it easier to automatically design applications for accessibility with little effort. VoiceOver on the Mac is a lot harder to learn and to use. Every app is completely different and don't even get me started with the variability in website design. I was eventually able to come up with a very narrow set of tasks that I could mostly reliably perform with my eyes closed for my presentation. It went well, but definitely not flawlessly. There's a link in the show notes. It's kind of hard to watch actually. Well, for me. Anyway, I'm glad that I forced myself to learn VoiceOver in such a sinker swim way. I didn't get to a point where I would ever call myself proficient VoiceOver, but I gained just enough skills that I think I can test apps on the Mac to figure out if they might be accessible to the blind. I can definitely tell if an app is totally unusable with VoiceOver, but I wouldn't ever be able to say an app was completely accessible. I thought it might be interesting if I taught you a few of the things I use to test apps for accessibility. Now, I'm gonna repeat it again. I am not an expert in VoiceOver. I'm like, maybe a high level novice? If you're familiar with how ski slopes are rated, I am not a black diamond skier, but I can pretty much stay upright most of the time on the bunny slope. So my goal here is to help you learn how to identify navigation problems in accessible fields and unlabeled elements. Now, when I first tried out VoiceOver, I couldn't understand how real VoiceOver users got anything done because it was so inefficient to wait for the voice to speak everything out. My real VoiceOver users and friends explained that they speed the voice way up. It's incredible how fast they can listen and understand VoiceOver. But for those of us just learning, it might be helpful to look at the settings for VoiceOver to get a speed and voice you're comfortable with. In applications, utilities, there's an app called VoiceOver Utility. There's a ton of controls in here, but I'm gonna focus on just a couple of them. On the general tab, you'll see keys to use for the VoiceOver modifier. Now, the modifier is the key combination you're gonna be using to trigger moving around on the screen. By the way, blind folks I know refer to this key combination as the VO key. So for example, rather than continually saying control option right arrow, I'll say VO right arrow because that's the way they talk. The modifier can be set to control option like I just mentioned, or caps lock, or both at the same time. Now, I use caps lock as nature intended, so I choose control option as my VoiceOver modifier key. Next up in the verbosity tab, you can change the default of how detailed VoiceOver is in its descriptions. Another way those who accomplish VoiceOver users become efficient is to set the verbosity to low. But while learning, I suggest you set the verbosity to high because it's gonna explain everything to you. As much as I experiment with VoiceOver for evaluating the accessibility of apps, I still forget how to do things, and I appreciate VoiceOver telling me things like, you are currently on a table. To enter this table, press control option shift down arrow. I can imagine that level of explanation for a real VoiceOver user would be as annoying as heck. I mean, all they need to know is I'm on a table. Okay, got it. That's all they need, but I need that extra reminder. Now, the last thing to look at is the speech tab. Here you get to choose the voice and language for VoiceOver. I'm not sure if it's the default, but Samantha in American English is very clear and understandable. Next to the voice dropdown, you'll see a number. This is the rate of speech. That is how fast VoiceOver is going to speak to you. You can set it anywhere from one to a hundred. I've got mine set at 45. Experiment with the speeds and the voice until you use something that's easy for you to understand. Now, since this is a tutorial for sightlings, here's a little tip. Whatever VoiceOver says to you will also be typed out on the screen as well in a little black box. Sometimes I mute VoiceOver and I just read the text out because it helps me concentrate better on learning how well an app is working. Now, it's interesting to poke around in the VoiceOver utility, but those are the essential things I wanted you to know. Let's move on to actually using VoiceOver. Let's try to read the VoiceOver utility itself using VoiceOver. All right, on any Mac, you can launch VoiceOver by holding down Command F5. Since it's for the blind, you'll hear an explanation of what VoiceOver does and you get two buttons to choose from. Use VoiceOver and turn off VoiceOver. At any time, you'll be able to turn VoiceOver off using that same keystroke, Command F5. You can choose to not have this window shown in the future, but I keep it on as an indicator to me that I've remembered the right keystroke to launch VoiceOver. I said they're going, you know, control F5, shift F5, shift five, I can't remember and finally I remember it's Command F5. I get the window, I know I'm in. Now remembering how to turn VoiceOver off is crucial to you enjoying this experiment because it can get pretty overwhelming to be hearing everything on screen being read out loud. Since I'm not actually using VoiceOver to navigate my Mac, I toggle listening to it during my experiments by simply muting my Mac. So I can keep it going, but I can just mute and unmute so it's not bothering me. With the VoiceOver utility in focus, you should hear VoiceOver begin telling you where you are in the application. Now, most of the app interfaces seem to be considered tables or something like a table and knowing how to navigate around in tables will give you an indication of whether the app is well-designed. You should hear you are currently on a table. To enter this table, press control, option, shift, down arrow. The verbose example I gave earlier. That's what, again, we're still talking about the VoiceOver utility app that we were working with. So that's where we're gonna hear this. Now, you won't always hear the interface referred to as a table. Audio hijack, for example, calls its table of available elements a group. Text expander calls its main window web content. Now, these probably mean different things, but navigating all of these things is identical to tables. Now, actual web content is often navigated in the same way. For all of these, VoiceOver will tell you to use VO, shift, down arrow to interact. The VoiceOver utility will have the left column of tabs selected with a black border. The selected tab in the left column will still be highlighted in blue. Now, in this case, we don't need to go down into this column. We wanna move up and down in the column and then move over to the right column in order to interact with the controls. So we'll use the normal up-down arrows until you hear the speech tab being read out. Now, to navigate to the right side pane, you use the right arrow, but you have to add the modifier keys, so VO, right arrow. Focus will jump to the Voices tab. Now, VoiceOver will tell you the name of the tab, in this case, it's Voices, but it'll also tell you you're currently on a selected tab, one of two. For obvious reasons, it's useful to know how many tabs there are. Using VO, right arrow will highlight the second tab, pronunciation. But how do you select the pronunciation tab? In VoiceOver, use the space bar with the VO modifier keys to select a button, a tab, or a menu item. So we'll use VO space to switch to pronunciation. Since we set verbosity to high, you don't have to remember VO space because if you give voice over a minute, it'll remind you that's how to interact. Let's left arrow back to the Voices tab and VO space to select it. Let's say we wanna change the voice from Samantha to another voice. Use VO, right arrow repeatedly and it'll go past pronunciation, mute speech, and then you'll hear customized language list table. When we know what to do with tables, VO shift down arrow to dive into the table. Interestingly, Apple have chosen not to read out the column labels, so VO skips ahead and says language default. VO right arrow will read out your default language, which in my case is English. Another VO right arrow will take us to the chosen voice, in my case, Samantha. VO voiceover now tells you that you're on a pop-up button. Just like selecting the tab earlier, we can use VO space to open a pop-up. We'll still be on the original selected voice, but we can use VO and the up-down arrows to move up and down in the list of options. If we get to an option with submenus, we can use VO right arrow to move into the submenu and continue our navigation. Once you land on an option you like, hit the space bar to select it and pop back up into the table. Let's use VO right arrow to move over to change the rate. You'll hear voiceover tell you the value for the rate, and it'll tell you that you're on a stepper, which is a common name for those little up-down arrows to change a value in small steps. This stepper is basically another table because it has two elements that are connected. It's got a typed value and a set of up-down arrows. Once on that rate stepper, we need to use VO shift down arrow to dive into the table. This takes us to where we can type a number. Use VO down arrow to get to the stepper first, and then we need to interact with this like another table. We'll dive down with the VO shift down arrow. Only then can we use VO with the up-down arrows to change the value. Now, if you given the choice of typing a number, I'd certainly pick that, but it's good to know how to test steppers to see if they work with voiceover. We're now down a lot of layers deep into these so-called tables. We'll use VO shift arrow to get out of the stepper, up again to get out of the pair of stepper controls, and a final time to get out of the customized language list table. Now, this sounds difficult, but it's really not that bad once you get to this idea of diving down and popping back up out of tables. If we use VO right arrow a couple more times, we'll hear the add or remove language buttons and finally the help button. If we hit VO right arrow again, we'll hear a little bonk sound telling us we've reached the end. Recognizing this bonk sound is crucial to understanding if you've reached the limits of an app or a table within an app. To get back to the left column to maybe explore another set of options in the voiceover utility, we have to VO left arrow repeatedly until we hear voiceover tell us we're back in the table with speech selected. Before we move on, I want to add just another disclaimer to what I just taught you. Sometimes when I say to use VO right arrow or left arrow, you can actually use just the right or left arrow. And sometimes using VO with the arrow keys doesn't work at all. I just sort of flail about trying both until it does what I want. Now I suspect that's not how people are good with voiceover do it and that there's an actual pattern to recognize here but I haven't yet found it. Now armed with just this very basic understanding I've given you of how to navigate an app with voiceover, let's do a test run on an app to see if it's accessible. I wanted to come up with a third-party app that most people would have or at least is useful and free for you to test along with me. I chose an app I love and I've been using for ages, Mac Tracker from mactracker.ca. This app will let you look up any Mac, iPhone, iPad or any other device Apple have ever sold. You can check to see things like what is the maximum RAM it can take? What's the resolution of the screen? When did it go out of support? It's a really terrific resource for Apple folks. It runs on Mac and iOS and it's donationware. You can download it for free but every year or two I send the developer 20 bucks because I use it all the time. Now the design of Mac Tracker is a left column with little chevrons to open categories, things like say desktops versus notebooks. Within a category you'll see the family of products such as Mac Mini. When selected the right pane shows you all of the models of Mac Mini with their dates of creation and below each one it shows the month and year they were created and discontinued. When you find a model of Mac Mini you want to learn about a double click will open it in a new window. This window has a series of tabs across the top for general software, memory and graphics and more. The top of the window is a picture of the device you've selected. So with voiceover turned on the first thing we hear it telling us is that we're in Mac Tracker and we're in a toolbar. We get the familiar by now suggestion to use VO shift down arrow to interact with the toolbar. Fair enough let's dive into the toolbar. We hear it say four items add remove comma group. Well looks like we can dive down another level. Visually I could see that this group is a plus and minus button to add or remove items. There's only two things to choose from though I'm not quite sure why it says four. When I move to the plus button it keeps saying add slash remove. When I go to the minus button it says spacer dimmed button. Now unlabeled buttons are at the top of the list of the most annoying things for voiceover users. Incorrectly label buttons I don't know. I don't know if that's worse or better than no label at all because it's not a spacer dimmed button. It's a minus button. Anyway we'll shift VO up arrow to get out of that group and then VO right arrow to move to the second set of buttons. We learn that there are two radio buttons categories and my models. I can select my models and it's suggesting I use the plus button above to add models I've owned. Okay I can navigate back to the plus button in the tool bar and then VO space to press the button. This launches a window to add a model and information about it which for the most part is accessible to voiceover. The window contains date fields which don't allow data entry with voiceover though. So I give MacTracker kind of a B minus for this menu. If I close this window and continue navigating the tool bar one more VO right arrow and I'm in the search field but only tells me it's a text field. It's a minor problem I suppose but they could have just told me it's a search field. If I get a bonk if I try to go any more to the right so I know I've reached the end of the tool bar. I'll pop back up out of the tool bar with shift VO up arrow. Now VO right arrow takes us to the heading for whatever happened to be selected in the left side bar. In my case I heard it say Mac mini. All right now let's try another VO right arrow. This should take us over to the right column where we can see all the list of different kinds of Mac minis. But instead it reads out the number of models in the list. That happens to be 18 for the Mac mini and it's at the bottom. It's below the list of all the Mac minis. I get one more VO right arrow and you'll hear the bonk meaning we're at the end of the road. But wait a minute. What about that column of Mac mini models listed right there? Nope. If you don't have functioning eyeballs you do not get to know what those 18 models are. You also can't access the entire left column to change models or categories. There's literally nothing else available in Mac Tracker for the blind. I'm afraid that my beloved Mac Tracker for the Mac is a 100% fail for accessibility. Now the good news is the developer does have that iOS version I mentioned for Mac Tracker and it's about 99% accessible in my testing. The only thing I could find with voiceover on iOS is that the little image of the device selected is unlabeled. It just says button when you slide your finger over it. Now that's not a crucial part of using the tool but realize the voiceover user can't know that it's a non-critical part of the tool. Now to be fair, while it is a button if you press it nothing happens so I think it's just entirely mislabeled. Now my understanding is that Apple has created those really good APIs for iOS development and they automatically make things accessible without much work and that's why Mac Tracker on iOS is so much more accessible than it is on the Mac. I very rarely find an app in iOS that isn't at least like functional in some way and that's why I'm not teaching you how to test in iOS. There's one more step in my process for testing apps. I write a politely worded email to the developer explaining my findings and suggesting that they could increase the reach of their app if they fix the navigation problems for screen reader users. Now not every developer reacts well to my emails. Some of them say, yeah, we'll add a tar list of things to work on and they just really don't send back the vibe that this is a high priority task. Some of them ignore me entirely, just entirely, just don't even write back. A very select few have even said this app isn't for the blind. That last category, they get a not so politely worded email for me in return. However, you'd be surprised how often I get emails back saying things like, oh my gosh, I never thought to test for that. Thank you, I'll look into improving this. Some have even asked me whether I know people who could help test the app after they fix it and I send them a list. Here's my favorite recent example of a response I got from a developer to one of my politely worded emails. Ian Sampson develops an amazing tool called Hush which is an app to remove background noise and audio files. Terry Austin actually reviewed it for us here. In order to add a file for Hush to process though, you had to drag and drop the file onto the Hush window. That's not something that can be done easily or reliably if you're using a screen reader. I wrote to Ian about it on April 15th. He responded back immediately that he'd work on a better solution. On May 9th, he apologized for how long it took to fix it but announced to me that the new version was released with alternate methods. It had been only three and a half weeks and he was apologizing for how long it took. Anyway, after writing up this article that you've just heard, I shot off an email to Ian of MacTracker, not the same Ian and hopefully has a positive reaction to my suggestions for improvement. I did a screencast online video about MacTracker eight years ago. Maybe he remembers me and he'll be open-minded. I hope that you enjoyed what you learned about testing the Mac apps I should say for voiceover accessibility. I enjoyed doing it and I hope I didn't muck up the instructions too much. I suspect my blind friends will gently correct me if I did. If you'd like to test the gold standard for accessibility with voiceover, test any of the apps developed by Rogue Amoeba, such as Audio Hijack, Loopback and SoundSource. They built these apps from the ground up with accessibility in mind. Audio Hijack is especially amazing because it's a very visual tool with little blocks you move around on a canvas and connect lines between them to represent the audio flow and yet it's fully accessible to voiceover. Whenever I hear whining by developers about how either it's too hard or no blind person would wanna do it, I point them at Rogue Amoeba. If you'd like to learn more about using voiceover on the Mac, I included a link to Apple Support article over at Apple Support. It's called VoiceOver User Guide for Mac. We have two heroes of the podcast this week. Max and Adam just became our newest patrons. These two lovely people who clearly have awesome taste in podcasts went over to podfee.com slash Patreon and they chose a dollar amount that showed the value they get out of the shows. You know, we do a lot of work here each week and I really appreciate the support. It means so much to me that people are willing to support the show in this way. Max and Adam, you absolutely positively rock. Well, it's that time of the week again. It's time for security bits with Bartmuse shots. How you doing today, Bart? Hi, I'm doing good. I am pleased that having successfully dodged the thunderstorms this afternoon. If anyone follows me on Master Done, they'll know I did not succeed in the morning on my walk because I can't out walk a thunderstorm but I can out cycle them I have proven this afternoon. I'll have to go back and check Master Done to see what happened to you. Well, let's just say it was so heavy that the rain was, you know the way when rain bounces, it gets a little crowns? Yeah. Those crowns were three inches tall. They were taller, they came above my ankle. The crowns came above my ankle. Like I had Gore-Tex shoes on and I got soaked because it ran down my leg to the top of the shoe. Like nothing can stop that. Oh my God. I don't mind if hiking shoe can stop that. That was amazing. It's just like, okay, weather, you do you win. Yeah. Whereas this afternoon I was on the bike and so thanks to the magic of modern weather apps, I could just dodge them. I was like, just plan the route and dodge them. It was great. And I was watching the thunderstorms. You should be five kilometers to my right. There you are. Five kilometers to my right. That was perfect. So yeah, anyway, good days. Good days. Security, eh? Let us start with a few follow-ups of stuff we've talked about before. I think it was the last time we recorded, or maybe two, might be two ago, either way. We talked about Apple's check-in feature coming in iOS 17, which is like a smarter temporary version of location sharing that respects your privacy and solves the problem of I'm leaving this party and I'd like you to know I get home safe. I'd like to do so with the least effort for you, for me and the least privacy invasion. And we now know more because the betas are out. And so once the betas are out, people get to test it. So there's a lovely article from the Mac Observer where they show you all the different screenshots. And the feature is at least as clever as I thought it was and slightly cleverer because there's actually different granularities of sharing. So if you're doing it with close family, you can let them track you in real time. And if it's only you don't trust as much, they'll only get your location when Apple thinks something's not miss. Oh, okay, okay. Like you stopped moving and you aren't home yet. Okay. You aren't making progress, I believe, is the phrasing they use. Or you're feeling to make expected progress. Or you're, I think the other thing was your phone stops reporting to the internet. Like if your battery died, that would trigger that alert, I think. Yes. And in fact, one of the things that is included regardless of how you share is things like the last time we saw you on the cellular network, where were you, what was your battery level? Those kind of things that you can make sense of, oh, okay, their battery was running low. Okay, I'm not as panicked as I thought. Basically the screenshots are nice. And it gives you a good idea actually of how this isn't something we sort of half taught through. This is very clever. And it's nice to see. Something else you've talked about a lot, and I promise you 2024 will be lots of discussion of the DMA, the Digital Markets Act, which is one of the terrible two-some or the digital duo of European unions, big new laws. You have the DMA and the DSA, the Digital Services and the Digital Markets Act. Right. So this is the Digital Markets Act. So it's for people, for companies who run app stores and things like that. In other words, this one is Amazon, is on the firing line here, as well as our friends like Apple and Microsoft and so forth. So under the law, some companies are under extra scrutiny because they're really, really big. And they're called gatekeepers under the law. And they have to go above and beyond because they have this position of power. And we were pretty sure we knew who would fall under that category, but the companies are supposed to self-report. And we now know that the following six companies have said that, yep, we are under this umbrella, Apple, Alphabet, i.e. Google, Amazon, Meta, i.e. Facebook, Microsoft, and ByteDance, i.e. TikTok. So these are the companies that have to do things like offer interoperability? Yes, and they're not allowed, like if they do a merger, they come under extra scrutiny because they're in a position of power, therefore the dangers of abuse of that power are greater. And they're not allowed to self-preference. I don't remember, I didn't think we hated the Digital Markets Act. I don't. Oh, okay. You said the darker, the way you said that duo was that they were doomsday scenarios. Oh, that the industry hate them. Oh, okay. Not us, okay. I thought we kind of liked this. No, I especially the DMA, the DSA is a little grayer, but I'm not against it actually, but there are more people with more criticisms with DSA. Anyway, but we might be against this next one. We might be, so we have known for some time because we've talked about it a few times, Meta slash Facebook recently joined the chorus, head of the pack in terms of complaining where people like the EFF and Signal, the people who run the Signal app. Basically, the UK are in the final stages of putting together a very large bill called the online safety bill, not the online safely bill, that's an interesting typo. It didn't go, it didn't get an underline because safely is a word, just not the right one. And one of the things this bill does is very, very, very, very misguided. It is the classic old, well, put in a back door, but only for the good guys. So effectively banning into any group. How close is this to becoming law? At the final stages of going, it's in committee stage, I believe, so it's on its way to the parliament floor soon. Is anyone in the UK government understand how math works or no? Clearly not the minister who is continuing to doggedly push this bill as it is. Whether or not enough members of parliament understand these things, I do not know. And in the UK, the government isn't quite stable at the moment. I don't know how much of that makes its way across the pond, but they've had a few prime ministers in the last 12 months. We do see that. That's the last one didn't last as long as a head of lettuce, as I recall. That was it, yeah. Theresa May and the head of lettuce. That was quite funny. In the Schadenfreude sort of way, that was hilarious. Yeah. So as I recall, didn't Signal say that they're just gonna go, yep, we're out? Yeah, Signal were very strong. They basically said, we're not doing that. We're starting off. None of the government people that work, say, I don't know, national security will be able to have encrypted communications. If memory serves, there are even security agencies against this bill. They're trying to remember exactly who criticized it. Yeah, at the very least it's retired former heads of security agencies. I'm not sure if they're retired and therefore speaking freely, or if they're current, therefore under the thumb of the government. I don't remember exactly, but I know they're like people who know what they're talking about. This is, yeah. Anyway, it is not a fact. There is still time to shout loudly and Apple have joined the shouty chorus. Okay, good. And that brings us on to two deep dives. None of them are that deep, but there's very little news. So I figured we should go. But medium dive doesn't have the ring to it. It doesn't. So the internet got very, very, very cranky because Firefox did something that I think is very, very sensible. And I tried to put it as a one sentence in the show notes and remain stories. And I was like, no, let's, let's give myself the breathing room here. So Firefox do this thing called, they call them ESR, which is extended service release, I think, or security release. Basically it's equivalent to the long-term support you see on versions of Linux and stuff. And so this is a version of Firefox that they promise to keep security patched in the long-term, but on which they will make no more functionality improvements. So Firefox 115 ESR is going to keep being kept secure, but whatever shiny comes in Firefox 116 is never coming to 115 ESR and so on and so forth. Okay, by the way, it is extended support release. I just double checked it. Support. Okay, that makes sense. And this is the kind of stuff that if you're running like, if you're making some sort of device with an embedded browser, like a kiosk, you should always use the ESR because you can't update those easily, those kiosks. So you use the ESR version and that makes it safe. And a lot of Linux distros designed for old devices will use the ESR because it's got a future, right? But it's getting no new shiny. And what's a lot of doing is they have said that everyone who is currently on Firefox 114 on Windows 7, Windows 8, Mac OS 10.12 Sierra, 10.13 High Sierra and 10.14... Oh, Sugar, you told me how to pronounce this. Mojave. No, Mojave's right. Yes, right. So these are all being auto-migrated. So you're on 10.14, you're getting all the new shinies and without you doing anything, you're now going to 10 to 115 ESR. So you are now paused in terms of features. You get one more shiny, which is this month's shiny. And from now on, you're getting no more shiny from Mozilla, but you are still getting security updates. And the internet lost its ever-loving mind because these people on these older operating systems are not getting any more new shiny. And I'm like, hang on a second, that's really generous. Because Microsoft stopped supporting Windows 7 and Windows 8 this January. So the fact that Mozilla are promising security updates is actually them going above and beyond the Call of Duty. So they're providing the security updates to operating systems that the vendor themselves don't even support anymore? Exactly, that's going above and beyond. Why are people cranky at Mozilla for going above and beyond is what I'm saying. But the internet does that. And in Macaland, Apple don't support Catalina anymore. Like it's still on the old numbering system. It's 10.5 Catalina, it's not even 11. So Catalina users also keep getting security updates. So do high Sierra, like Sierra for goodness sake. That's ancient. And they're still getting security updates from Mozilla. I just sold a cabana those ages ago. I just sold a computer to a woman who was trying to get, she wanted a backup to her current computer. And her current computer was running Sierra. And I said, I'm not downgrading this to Sierra for you. You can just stop that. Get that thing off the internet. And that old, that other one becomes the backup in an absolute emergency, but you got to use this new one. And she tried it out and she went, oh, this is great. I like this. It's like, oh, you. Yeah, so anyway, if you hear people complaining that Mozilla are being evil, no. They're just not giving them shiny on operating systems that have been deprecated by the vendors. But they are supporting them for security. Good on them. They're supporting them for security. So I see this as good news. The internet need to complain. Right. Well, now the next one sounds like a crazy situation if we should be outraged about it when I mentioned it to you. You said, well, hang on a minute. So what are we talking about? And this one is nuanced, right? This one is nuanced. Oh, this is definitely great, right? This is not definitely great, but this is being reported as the sky is falling, George Orwell has become real. In fact, I have learned a new law. If you want to know the value of a security story, the more shouty the mention of George Orwell, the less value the peace have. It's been like, right, the more people compare people to Hitler, the wronger they probably are. So you'll have seen a lot of reporting that France has become George Orwell's 1984. That's not fair or useful. They are doing stuff that I don't like, but there's nuance here. So what was the announcement that ever, what was the big headline? Yeah, so let's pull back. So like the British in the process of making a big bill to help cybersecurity and they're making a terrible mistake where they're going to accidentally as one of the things to build those outlaw encryption, the French are also working on a big bill and most of it is quite sensible and isn't getting people cranky, but one piece of it has gotten a lot of attention. And what they are doing is they are giving law enforcement the right to go to court to get approval to effectively deploy malware against suspect. So they're getting the right to enable the GPS tracker and or microphone and or camera on a connected device and that explicitly includes laptops, computers, phones, tablets, cars, basically a thingy that has a GPS, a camera or a mic and to the internet. It's really what it boils down to. And so there's a legal structure here where the police get the right to somehow turn these things on. Now, the law doesn't mandate that this is possible. It says that law enforcement have the right to which means that law enforcement can social engineer people. Law enforcement could use some sort of hacking or they could buy Pegasus or similar software from the NSO group for this for them. Can I stop you for a second? They have the right to ask to be allowed to do it, not just do it. So like in United States terminology, they could request a subpoena to be allowed to do this. All right, not a subpoena. What is the warrant? A warrant. Yeah. So like a warrant to search, they need to be able to do this in order to search, but it's a narrow, not a dragnet sort of a thing. They can't just go, I'm going to turn on all of the cameras in downtown London or actually it's France, downtown Paris. So that is true of all of these provisions, but there's actually two layers to this. So to just get the location data, but not the video, not basically the camera or the microphone, the bar is lower. The bar is the crime in question must have a minimum sentence of five years in prison to be even eligible to be asked for. So the crime isn't serious. So it's got to be a serious crime, okay? Yeah. And at that point in time, they have to get approval from a judge and then they can go ahead and do it. And that will probably be easy enough to get, like you can get a wiretap warrant or whatever. I don't think there's going to be a massive bar on that. But again, it has to be five years worth of jeopardy. The turn on the microphone is under stricter control and camera. So those two, because they're so scary, they're under a stricter control. So as part of the, this is why it's good to have a bit of controversy. So as part of the controversy, the bill has been amended to beef up the wording, to strengthen the wording to make it clearer. So the government said, well, this is only for serious crimes. And people went, well, then why doesn't the law say that? And the government went, ah, I know how to fix that. So they've added wording that says, when justified by the nature and seriousness of the crime and for strictly proportional duration, they're not a dragnet. And oh, not indefinite. And not indefinite. No matter how proportional, never longer than six months. So this is after the fact though. Let's say there was a murder and now I'm looking at the GPS of the car of the suspect that may not have the suspect in it, but I'm looking at the GPS of it and I'm watching it drive around. What's that got to do with the murder that happened three months ago? Okay, but that's, solving a murder is probably not where this comes in use. I don't think this is the problem it's also the police. But imagine that you are, you have a terrorist cell, you believe that there's a terrorist attack being planned. This is obviously serious. You would then go to a judge and say, here's our evidence. I think they're planning an attack in Paris next week. And the judge goes, okay, yes, you have permission to enable their mic, enable their video and enable the GPS. Okay. So it's stopping a crime from happening. It's not after the fact. Or it might be a case that we believe that these are the people who've been responsible for the last 20 years or so of some sort of a scam. These people have successfully defrauded 400,000 French people out of a billion francs euros. Yeah, they're probably not driving around to do that one. What about a drug ring where they're seeing, they think somebody's a drug mule driving back and forth or something like that. Maybe that kind of thing. Yeah. Yeah, so there has to be a crime involved with at least five years and that's for the GPS. And then for the mic, it has to be a really serious crime. And the other thing is they have explicitly exempted certain people from being eligible at all. This law can never be used against doctors, journalists, lawyers, judges, or members of parliament. So a lot of our crap, and yeah, I'm not gonna go down. Right, but so the people who everyone is worried about the NSO group being used against, right? Particularly journalists, right? You have concerns about people's health data, so doctors are out. You have concerns about unfair influence on the justice system, so judges are out. And you have concerns about spying on opposition politicians, which is certainly how Pegasus has been abused in countries that are not really democracies. So members of parliament are explicitly out. So the worst abuses of the NSO groups Pegasus software that we know about from all that reporting, they're explicitly exempted from this law. So in the abstract, I don't like the idea that the government have the right to go and hack people. That doesn't feel good, I don't like that. But the fact that the law does not mandate tech companies to do this for the government is a very, very silver lining here. Very, very silver lining here. But I'm gonna throw one, what's the opposite of a silver lining? Dark cloud, tarnish. A bit of tarnish within the cloud. This does set up a perverse incentive, which is we've seen in action before. So do you remember this thing just about 15 years ago, there was a leak of a whole bunch of hacking tools that belong to the CIA that were all leaked out to the internet and they ended up with a whole bunch of people being compromised with zero days. Because the NSA felt that they shouldn't tell Microsoft or Apple about these zero days because they were using them to spy on people. Right. Well, the incentive here is that if law enforcement find vulnerabilities to make it possible to make use of the permission they have to hack people, why would they tell Microsoft about a vulnerability they're using to hack people? I think one of the things you said to me when I first asked you about this was this is out in the open with a light shine on it with structure and visibility. Right. That they were probably kind of doing anyway. Right, so that gets to my last point. So everything I've said so far is uncontroversial, fact-based and not my opinion. It's just, this is the thing. I'm now switching a little bit towards opinion and I'm not going to tell you what to think but I'm going to suggest a way to think about this and then come to your own conclusion. So the first thing I would say is we know for a fact there are lots of governments doing this already. Right, I don't know the detail in every country and it is kind of down to resourcing because if you're a small country like Ireland I don't think you can afford to be doing a lot of this stuff. Whether you want to or not doesn't really matter. Like our minister for justice can want all he wants but he can't do any of this because he doesn't have the money. But large nations most certainly can. We know they can because the NSA's tools have been leaked so we know they were doing this because we got their hacking tool. We also know that it's perfectly legal in the United States to get what's called a national security order where law enforcement can go to a judge in secret to have a secret hearing where they get an order to a company that the company is legally forbidden to say they've received and that they have to follow. So we literally do not know what happens under those national security letters because it's illegal for us to know. So I do not know what's going on in the States and neither does anyone else who doesn't have a really high clearance. So there might be people who know but they can't tell us. But we do also know because we've had a couple of hacks of people like the NSO group that was an Italian company. We know the list of customers of these kind of hacking tools and they include major democracy. And we know that companies like the NSO group turn a tidy profit. So clearly this is happening. But then the question's a bit different. Do I feel less, do I feel happier that it's happening in secret and that I don't know about it and I can go la, la, la, la, la, la, and pretend it's not happening? Or do I feel better if the process is open, transparent and that there are clear guardrails like cannot be used to target journalists, lawyers, judges? Yeah, that last part really makes me feel better. And it coming from the United States, doctors. Yeah, this is important. So my first good reaction was, ick, ick, ick, ick, ick. Then I went, okay, they're not mandating tech companies break their own technology. Okay, that's a take. And then I was like, but this is happening anyway. So maybe some guardrails is a good thing. So I've come around, take me a while, but I've come around to seeing this as, well, actually I think this is the less, what's that joke for the thing Winston Churchill said, democracy is the worst form of government, apart from all the others. This is the worst way to do surveillance, apart from everything else I can think of. I'm not happy about it. I'm not happy about it, but it's probably for the best. So anyway, there we are. That was quite deep actually. That one deserves this title of a deep dive. I struggled to find notable news. I found two items, they're not particularly happy. Well, one of them is. So first off, there a US federal district judge has issued what is widely described with a controversial ruling, that places an injunction on the federal government from talking about moderation to social media company. It's not just that they can't ask for a specific thing to be taken down. They can't raise the topic. Now, a federal district judge is nowhere near the top of the pile. So the chances to me seem very, very high that a judge closer to the top of the pile is going to be asked for a second opinion on this. Though I imagine this is going to a circuit court and then depending on what happens at the circuit court, this is probably going to the one above that, which is the Supreme Court. So stay tuned is what I would say on that one. There was a good cover to this on the Sisters in Law podcast and it was an interesting swap of free speech to the First Amendment for free speech rights that they don't want the government leaning on the social media companies, which the government says they're not, who knows. But then what they've done is eliminated some free speech from the people who work for the government. So it's sort of like, you can't have both maybe. So yeah, I'm not gonna lose a lot of sleep on this one. No, as long as it's the district court ruling, it's basically, oh look, some lawyers are going to have some fun in front of a circuit court judge. And then probably the Supreme Court get to have a go probably. And then in the world of, well, every silver cloud or every cloud has a silver lining. So we had a wee bit of a coup in Russia a few weeks ago. And the Russians insist it wasn't a coup. Is it a coup if it doesn't succeed? I believe it's called a coup attempt, which I think you know what I say in the show notes. So Pregatian and his Wagner group had a wee charge towards Moscow and then didn't quite go all the way. And he's not very popular at the moment in Russia. And as a side effect, he was doing a lot of things, including running the most effective troll farm in the misinformation, disinformation. Oh, I saw this, yeah. Disinformation, the information group, notorious. Well, they were Pregatians proud. And so they have now shut down as part of all of this fallout. I'm sure someone will replace them. But for now, yay. Yeah, yeah, that's nice. The more chaos there is over there, the better. There's not enough chaos to cause them to drop a nuke on someone. Chaos. Anyway, on that happy note, pallet cleansing. Good. This is a half pallet cleanser. It's in the show notes section called Just Because It's Cool. You and I, I think, often joke offline that I am particularly fond of emoji and I really do consider them a language. And I think a lot of people lost their ever-loving mind when the Oxford English Dictionary started putting definitions of emoji into the dictionary as if they were words. Now it's like, well, of course they are because that's how people use them. These have become a language. I now have a second piece of evidence to bolster my argument that they are language. In Canada, a court has ruled that a thumbs-up emoji is a scent. It is basically, yes, I agree with this. So. So I, on the Daily Technique show, they went into this in depth and I think this one was important because the person who gave the thumbs-up emoji and agreed in agreeing to a contract had previously answered the same kind of request for the same kind of contract with things like Yup. So, you know, if Yup is agreeing to a contract, why would thumbs-up not be? That seems like it fairly covers them, I would think. From my point of view, right, putting my direct personal hat on, I can tell you now that when I have my work hat on and I need to get permission to do something because there's something urgent happening, I work in cybersecurity. Is it okay if I block dot, dot, dot? If my manager gives me a thumbs-up, I consider that to be yes, Bart, go ahead and protect us. Pretty darn, and I want to be pretty darn sure that if I get shouted out by someone who's above my boss's head, that I won't be the one to get shouted out because I will have obeyed the thumbs-up and I'm pretty sure that that will be seen as yes, Bart was okay, who posted the thumbs-up? You, why did you give the thumbs-up? I think maybe you should bookmark this story just in case. I may have done so. Ha, ha, ha, it's a legal contract. Look, it says so. Exactly, so I do have a true pallet cleanser-ish. Well, no, this is a pallet cleanser. I really enjoyed this episode. So, Malicious Life is a podcast I really like because they tend to go back in history and sort of when all the dust is settled and there's no unknowns anymore and there's no hand-waving, they tell us the story of something important to do with computer security. And one of the episodes that I recently listened to and thoroughly enjoyed was the full detail of Sony's Root Kit fiasco. This is at the very early days of the music industry. I remember this one. There's a lot of trouble for sticking malware on audio CDs. Back when music came on CDs and we had a place in our computer to put the CD. You know, I'm looking at my Mac here, going, I couldn't stick a CD into this thing. There is no slot. Anyway, it's a fascinating story now that we know all the detail and Ran Levy is the host and he's just a good storyteller. That does sound like a fun story because that was huge when that happened. I remember people just losing their minds, rightfully so. Rightly so, yeah. Yeah, it was really good. And as I say, Ran Levy, he's Israeli so it's always fun to hear a story in a foreign language. Yeah, it just makes it better. So, he's a good storyteller anyway but the Israeli accent really helps. I just get so sucked into the malicious life. The perfect road trip, like if you have like a one hour drive somewhere, hop on a malicious life and enjoy the heck out of it. Sounds good. Well, this was a real up and down episode. Some ick, some non-ick, some stop thinking this is ick, this is actually okay. That was a very balanced part. I appreciate your perspective on this, especially on the French story about the ability to turn on cameras and stuff because I was right there at 11 in Alarmist when I read it and you said, well, hang on, think about it this way. And, you know, here's some more facts behind it so that I really appreciate the in-depth coverage on that. Yeah, and no one should feel bad about jumping straight to 11 because I did too. It's just, I think, I just, we need to train ourselves that if we jump to 11, we need to ask ourselves, well, hang on a second, are we being a bit hasty? Which is hard, it's so much fun to be at 11. Wait for me. Well, we've exercised that muscle, man. We're good at that. Fair, very fair. Anyway, very simple messages to end the show. As always, remember, folks, if you want to stay safe, stay patched, so you stay secure. Well, that is going to wind us up for this week. Did you know you can email me those reviews and recordings that you're going to do for me at Allison at Podfeat.com? You can do this anytime you like. If you have a question or a suggestion, you can also send those on over as well. You can follow me on mastodon at podfeat at chaos.social. And remember, everything good starts with podfeat.com. If you want to join the fun in the conversation, you can join our Slack community at podfeat.com slash Slack where you can talk to me and all of the other lovely no-silla castaways. You can support the show at podfeat.com slash Patreon like Max and Adam or with a one-time donation at podfeat.com slash PayPal. And if you want to join in the fun of the live show, head on over to podfeat.com slash live on Sunday nights at 5 p.m. Pacific Time and join the friendly and enthusiastic no-silla castaways. Thanks for listening and stay subscribed.