 Hi, this is Allison Sheridan of the No Silicast Podcast, hosted at podfeat.com, a technology geek podcast with an ever so slight Apple bias. Today is Sunday, November 12th, 2023, and this is show number 966. Well this is going to be a nice big beefy show, but a lot of it was produced in a little bit of a different way. I've got an article by me, but Jill and I did a little conversation where we talked through something rather than her doing a monologue about it, and that's a really great segment, and Bart's got security bits, but it's a solo security bits. Because this week, my grandkids, a whole bunch of them came into town, I was missing two, but we had Kyle and Nikki and Teddy and Lindsay and Nolan Forbes in Sienna here, and had a big play weekend, and so I needed a lot of help, and so we got there in the end. And I think you'll like it. It's going to be a lot of fun, so let's get started. Last week, I forgot to tell you that I was on Cord Killers again with Tom Merritt and Brian Brushwood. This is a great podcast that I really love. It's all about TV and movies, and they really try to emphasize watching what you want when you want to watch it and how you want to watch it. So they talk about what technologies to use or what kind of channels to get to be able to watch the things you want, but how to make sure you get the content that you want, and it's really, really fun. We talked about recent surveys of teens and young adults that found they would like less sex and romance in their content and more friendships and platonic relationships. That was a pretty interesting discussion. We also talked about whether Martin Scorsese's insistence that people sit through his three-hour and 26-minute movie without an intermission is reasonable, and why directed David Fincher might not want to make a sequel to the social network. It was great fun, and I really felt like I had a lot to contribute in this episode. I'm kind of intimidated by these guys because they watch everything and they know all these details about who's making the movies and who's in the movies and how they were made and they know so much more than I do, but I felt like I held my own this time. Anyway, you can find Cord Killers in your podcatcher of choice, of course, but you can also look for episode 478 or search for my name in the title. And of course, I've made it easy for you by making the chapter title in the show notes a direct link to this episode. In 2009, on episode 195 of the No Silicast, listener Scott Patz suggested I take a look at an app called DVDpedia from Burji to catalog and organize my DVD library. I tested it out and I reviewed it for the show and I loved it. And I've been using it for the past 14 years. Then you may wonder why we catalog our DVDs, now Blu-ray and UHD discs. And it's the same reason I catalog our expensive belongings in our house using the awesome Under My Roof software from Binary Formations. If you have a fire, flood, earthquake or theft from your home, the insurance company is far more likely to reimburse you for your belongings if you have some kind of proof of what you owned and not just a paper receipt. If you have a small collection of physical media, this wouldn't be a concern, but we have over $10,000 worth of discs in our collection. So it's worth a little bit of effort to scan them in when we buy new ones. Steve also rips our physical media to our Plex server and we use a customized field in the DVDpedia database to mark which items have been ripped. In my mind map of Doom, trademark Donald Burr, for my new compave process, DVDpedia isn't a mission critical or even a high priority app because I came along for a while without it. But it always has maintained a position of importance to be installed before I consider the pave complete. As you know, when I do my true paves, I install every single app from scratch. DVDpedia is listed in my mind map as being in the Mac app store. But imagine my surprise this time when I went to install it and I did not find it there. I went to Brugge's website and I used the download button there. But then I noticed a very sad word. It said Sunsetting next to it. Just a week or two before I went to download DVDpedia, developer Connor had announced that he was stepping back from programming and was going to prioritize spending time with his family and therefore would be sunsetting all of the Pedia apps, including DVDpedia. I can't say that I was super surprised about this as development seemed to have stalled many years ago. While it still functioned as well as it did on day one, there hadn't been any new functionality or even a new coat of paint in a very long time. Now, even though DVDpedia continues to function, I knew it was time to move on. In fact, the sunsetting of DVDpedia gave me the push to do something I'd been contemplating, but was too lazy to start. And that's moving all of my DVD collection into under my roof. I've been thinking about it ever since I did a screencast online tutorial about under my roof and I scanned in our Star Trek discs to demonstrate how to create a collection. I'm not sure this will be a story that helps you in your own life, but the transition between these two apps showed me that both sets of developers had made a significant effort to ensure data portability. DVDpedia made it easy for me to export the data and with a smidge of hand holding under my roof, made it easy for me to import the data. It was kind of a fun exercise. So I thought I'd tell you about it. The DVDpedia main window is filled with useful information. There's a table containing all of your DVDs and it has columns that you can drag around high to reveal and even create to make sure you have all the information you like to see at your fingertips. At the bottom you can see the details of the selected DVD, including album artwork and on the left you have any groups you've created. Across the top is a typical set of menu icons to add, delete and edit your database, but the one that was delightfully obvious was a nice big export button. DVDpedia has so many export options. It's crazy. I really shouldn't dwell on how cool DVDpedia was, but you could even export to HTML and it would build these beautiful webpages with images and descriptions of the movies. Anyway, one of the options is to export to text and you can set it to export to CSV, which stands for comma separated values. On my first export to CSV, it seemed to be missing a lot of the information I was hoping to get. I was bummed, especially knowing that support emails would not be returned. But then I went back to the export window and I actually read what he had written. It says the tab in CSV exports are based on the columns shown in the list view. OK, I went back to the main menu and main window, I should say, and sure enough, I didn't have the columns visible that I was looking for, could figure out why they weren't showing. It was simple enough to turn them on and do a new export and I had a good CSV file with all of the details I wanted. You probably remember that I'm a huge fan of under my roof as my inventory for everything in my home and everything about my home. My latest article about all of the awesome capabilities was just this year in April. I figured that as well written as this app is, it was bound to have an import function for my CSV file, but for the life of me, I could not find it. I wrote to Diane by contact at binary formations who does all of the spectacular documentation. By the way, her husband is the developer and I asked Diane, where do I find an import button? I was really hoping to find one in here. Well, it turns out under my roof is all in one window and has left sidebar navigation for how you want to view your stuff. It has tabs across the top, depending on what you're viewing. It's got separate columns for information and plus buttons in different corners and even a three dot menu in a circle, but none of these revealed anything about importing data. When I wrote to Diane, she got back to me very quickly and she patiently pointed me to the hamburger menu in the upper left, which takes you to the options pane where there's an import button that allows import from CSV. I don't know what it is about this hamburger menu that reveals the options pane, but I never think of looking there. There's a whole lot of stuff in there. Remember, I did a video all about using this tool, but I don't think to look there. There's something about it. My brain is blind to the information that's hidden in there, so I never think to do it. But anyway, I'm also glad I wrote to her first because she made a suggestion that was invaluable in what I was trying to do. Since I have a lot of data in my under my roof database, importing nearly 400 new records could be quite messy to clean up if I made any mistakes. See, she suggested that I create a new home, which of course I called delete me home and import the DVDs into that home first. That way, if anything got messed up, I could just select all, delete and try again. Now, I said earlier that you probably wouldn't learn anything from this story, but I lied. That's a really good thing to put in the back of your brain if you ever need to import data into an existing database. I'm guessing a lot of the oscillicast ways have had to do that, and I'm guessing all of them learned this the hard way and they probably have great horror stories that they should tell me. Well, anyway, Diane pointed out to me that under my roof comes with a category for DVD blu-ray discs that has a custom field layout that includes fields like director, actor, studio, all those great fields. She told me how to edit the field layout to customize it to make sure I had all the fields I'd need that would be incoming from my database. Importing the CSV brought up a window to map the fields that Diane had told me to make sure I had available. I went back and forth a bit until I had it all lined up beautifully with title matching to title, genres matching up and directors and more. Well, I had it all lined up beautifully. It failed the import with an error that said, you must have a field that the items name in order to import items from the CSV file. And I read that over and over and over again. You must have a field that the items name in order to import items from the CSV file. Well, I wrote to Diane and I said, I'm pretty sure that's not a sentence and I don't know what you mean. So I had to bother her and, you know, she really should stop being so helpful because it's easier to ask her than bang my head against the wall trying to figure it out myself. The one thing I don't like about all the databases I've dealt with and I get caught up on this every time is the first field is always like a sacred field. It means something to be the first field. All the other fields, you can rearrange them to whatever you want, but that first field, it's sacred. As Diane patiently explained, the title of the movie had to be called name, not title. Well, it was quick work to change the CSV file, just change that top word from title to name and then it would match what under my roof wanted and then it imported beautifully. I think she's also going to fix the grammar. She's really good at being precise on grammar. So I think she appreciated that tiny little help from me. Anyway, Diane had also explained to me earlier that the images from DVDpedia would not import since CSV files can't contain images. So the CSV file came in fine, but I didn't have the images. Now, after I moved all of my DVDs from my delete me home to my real home in the DVD category, it was time for the incredibly tedious and not fun but terribly boring part of this project. One of the many export options in DVDpedia is a .dvdpedia file. A quick right click to show package contents reveals an XML file of all of the data and a folder of all of the cover images. Now, a backup export can also give you the same thing, but the images are a little bit more buried. Now, here's the sad part. The DVD cover images are labeled 1.jpg, 2.jpg, 3.jpg. So that would be OK if the cover images happened to be alphabetically sorted but just had numerical names. Sadly, they're numerically in the order of when I added the DVDs to my database in DVDpedia. So they're not in order at all. Now, the import process as a result was quite painful. I put DVDpedia at the top of my screen with under my roof below it. I selected the DVDs category in under my roof and I selected the tab for photos so it'd be ready to drag in those images. Now, to the right, I opened the finder window to the right, on the right hand side in list view and I set the view options in finder to make the larger icon so I could sort of see the images. I would then select an image file, hit the spacebar to bring it up in quick look. Now, I could see clearly that 1.jpg was whatever movie, Lion King, let's say. And now, in the under my roof window with the DVD showing, I could use the search window to type in the fewest number of characters I could think of to quickly find that movie. My right wrist had been hurting over the course of that week. It's better now, but it was hurting. And so just typing a couple of characters was making me crazy and especially having to do it over and over and over again. So I wanted to type the fewest number of characters. Now, once I got the fewest number of characters to get that movie to pop up in under my roof, I could drag the JPEG from the finder window into the photos tab for the Lion King DVD. OK, that's one done. I had 378 movies to do. Anyway, so since I'm still in the finder window, I can use my arrow key to go down to the next DVD and the quick look image will change automatically. No need to spacebar in and out of quick look. Well, that worked most of the time. Every once in a while, the image would be super high resolution so it'd fill up my whole screen so I'd actually have to spacebar out of quick look to see the images to drag them into under my roof. Now, back to the under my roof window, I have to select the area, the text area in search and do another search. I so I can't just start typing. I can't like command F and start typing. I have to actually go into the text area and select the text. There is a little X to remove the previous search, but it doesn't auto select the text. So it was easier to select it every time. Again, tedious. Actually, I did this so long, I moved my trackpad to the left, my left hand because my right hand was getting so sore. Anyway, you might be wondering why I had DVD pedia open at the same time with under my roof and all these images. When a handful of cases, I found either mistakes or missing information or duplications of media that I needed to cross check. So I was sure glad DVD pedia was still working for me. In the show notes, I made a little silent movie showing the tedium so you could feel my pain. And I want you to note in the video, you can see that we have these 378 items in our collection. So I repeated this process that you're going to see in the little movie. 378 times. I really want you to feel my pain. It was terrible. I also put a screenshot in the show notes of how the DVDs were displayed in DVD pedia and how nice they look in under my roof. Now, talk in bottom line here. You may all think I'm nuts for going through all this work to track physical media when everything's available on streaming, but we really like our physical media and we also really like being able to look up which movie we're looking for to see if we really own it. Like I was going through this and for some reason we only own Toy Story 3 and Toy Story 4. What happened to Toy Story 1 and 2? I think I need to add them to my Christmas list. That's what I need to do. Well, anyway, it only took me a few sessions to do all of this and now I'm very happy that everything under my roof is in under my roof. I'd also like to thank Connor for 14 years of support for DVD pedia and for making it so easy for me to export my data. Well, I was chatting as I often do with my good friend Jill from the North Woods over on Telegram and she started telling me a story about an interesting problem that happened when the father of a friend of hers ran into an emergency situation and wasn't able to get a hold of his own child and ended up getting a hold of Jill and she wanted to explain why this happened and what these people could have done to have allowed this person to get a hold of them in an emergency. So welcome to the show, Jill. Hi there, good to see you again. Yeah, we thought you could do this as a standalone thing but I have a lot of questions. So I wanted to be in the middle instead of writing to her afterwards and going, but what about this? What about this? What about this? So I'm gonna just interrupt you as you explain the whole story. How's that sound? That sounds great. Well, it happened about a month ago and my phone starts ringing in the middle of the night and I used the focus mode of sleep so that I don't hear anything happen. And so I was caught a little bit off guard like, what is that? Pick up my phone and it was my friend's father. Now they are older and she's the, his wife, my friend's mother has not been feeling very well lately and has had some urgent care kind of events. Calls me and he's in tears and he says, well, I've tried to call my children and none of them are answering me. And so I live a block away. So get dressed, I head over there and I check in and see what we can do. And so I realized how come nobody else was answering the phone. So when my friends woke up, I said, I am with your parents and she is sick and where are you? Why did you answer my phone? She goes, well, recently they just got rid of their landline and so now they're total iPhone users and they put it in the other room. They put their phones in the other room and not only that, they turn them off because they don't want the phones ringing and blinking and doing all these things. And I said, well, you are new to not having a landline. That's not acceptable. We have to get you set up so that people can reach you when they need to in an emergency. So that's how it started. This is gonna start getting into a combination of the regular old do not disturb and what's now called focus modes, right? Right. We're gonna stay up front here. Jill is not proclaiming to be an expert in focus modes. Right. This is like a whole field of automation you can create where like when you're podcasting, something happens or whatever, but this is more of a practical, what can regular people do for regular situations that might arise like this to help them out? Yeah, absolutely. And I started talking to people at work and starting to ask them, do you have your phone set up so that if someone were having an emergency, they could reach you? Oh no, no, I turned my phone off or okay, nobody knows this. Nobody has any idea that you can use focus modes and other methods to break in in case someone has to get a hold of you. And so that's what we thought we'd talk about today. Yeah, so what's the simplest form of what you're talking about that somebody could set up to make sure that they can be contacted in an emergency? Right, the simplest and most bulldozery way of doing this is what's called emergency bypass. And you can find that by going into the contact app, selecting a contact, clicking edit in the upper right hand corner of that contact and just a little bit farther down, there's a setting called ring tone. And when you select the ring tone, the very top part of that screen says emergency bypass and it will still respect the haptic selection. It will still respect the ring tone decision if you've picked a special ring tone for the people close to you. But what it will mean is that sound will come in through any focus mode, through any silencing method. It is a bulldozer, it will just come in. And so it is, yeah. Let's start by complaining about Apple hiding emergency bypass under ring tone. Right, right. I don't set ring tones for people. Because by and large, my phone doesn't ring anyway and I don't need a separate ring tone for separate people. But I would have never in a million years thought to look under here. So I'm reading, oh, by the way, this is on the phone. This doesn't work on your Mac. Even though your Mac may respect this setting, there's no ring tone setting on the Mac in contact. So on your phone, I don't know if it's on the iPad. I don't have an iPad close by. But going into edit on the ring tone, then the first thing is this toggle that says emergency bypass. And I'm gonna read it out loud. Emergency bypass allows sounds and vibration from this person even when the ring switch is set to silent or when a focus is on. So if I've got the thing set to ring switch set to silent, it'll come through with a haptic instead of the ring tone? That part I don't know. I think that I don't see ring tone none. So I assume it'll do both. Okay. Yeah. It'll ring tone on your phone and haptic on your watch. So this is specific, oh, okay, maybe that's it. So this is specifically someone makes a phone call. This has nothing to do with they send you a text message. This is just about a phone call. I believe so, yes. Okay. So that's the bulldozery. Maybe this is one person that they're always allowed to get through, right? Like this person's father or mother. That might be, if you've got an elderly parents, that might be a great one to put in. Child away at school. They're never gonna use the phone unless it's an emergency, right? Cause they don't use the phone. Right. So is there a more nuanced thing we can do next? So my friend then said, well, they call me all the time and I don't want them to just get through. You know, sometimes I'm speaking, sometimes I'm on a Zoom call. And so isn't there a more nuanced way of doing this? And I said, there is. And this is the way I do it, but you can set up your focus modes. And focus modes are setting that exist in the entire Apple landscape. It's on the Mac, it's on the phones, it's on the iPads. And you can even set them up so they all share the same focus mode at the same time. So if you're going to sleep, maybe all your devices then respect that sleep-siting, sleep setting. This is one of my favorite things is that if I, on my Apple watch, if I use the side button and then I tap on the do not disturb and type, well, I have to tap 28 times now because these silly focus modes everybody's so excited about. But then it stops my phone from doing anything in my Mac. So I can do all three very quickly right from the watch or whichever one's easiest for you. Right, and so we can do things. Like I said, a lot of productivity people set their wallpapers and do exciting things with it so that they can focus, which is the idea of the focus. But now we're talking about emergency settings, someone trying to get through. I said, there is another way. And this is how I do it. At that time, I didn't have anyone as emergency person. So I now set up a focus mode, which is sleep. That is the one I go to bed with and it's scheduled. So it goes to bed at a certain time and it turns on, it turns off in the morning. The focus modes are nice. You can have as many of them as you want to have. But this is more nuanced because you'll be able to set who you wanna break through, what apps you want to break through, and then also schedule the focus modes or have the focus modes come on like when you're at a location. Maybe I'm at the office or I want a special focus mode when I'm at church compared to when I'm at home and compared to when I'm at work and it can set it all up and do it automatically. So they're very nice that way. Okay, so I'm looking at do not disturb as which is the default one. And let's just say we stick with that. Let's do something simple. When I go into it, it says allow notifications. Notifications from selected people and apps will be allowed. All others will be silenced. So then it says allowed people and that's where you would select specific people to be allowed through. That would be. And that would be as far as I can tell, anything that uses that contact. So that's gonna be messages and that's going to be phone calls. So it's not going to be Telegram or it's not gonna be other apps that use their own contact list. Oh, that explains something. I know I've been in do not disturb and Steve Telegrams me and they do get through but I always thought it was because he was an allowed people but it sounds like it probably would be anyway. Yeah, as far as I know I can't distinguish you on Telegram versus you. It only knows it's contact. Sure. Yeah, that makes sense. It's realm. That makes sense, right, yeah. So the focus mode then you can set up a focus mode and so you could say this person is allowed to call me and in this focus mode I get their notifications which in the end is why I got my parents, my friend's parents phone call. I was using that. I set up people to be in that group and they were in that group. Oh, that was lucky as it turns out. Yeah, I like this. One of the other things you could do is silence some people. It's like, hey, when I'm podcasting God, Jill is always bothering me. I want to just silence Jill. The rest of the world is allowed to bother me, just not Jill. I like that one. Right. You could absolutely do it that way too. You could silence certain people. You can allow certain people or you can actually do groups of people. So people who are my contacts could get through or people who are my favorite contacts could get through. Yeah, look at that. Yeah, so it is. Just any of the groups you have in contacts could be set. You could create your own group and these are people who are neither my favorites nor all and they can always reach me as well. Oh, that's kind of nice. So you don't have to pick, pick, pick, pick, pick. You could say, okay, this is family and these people are allowed through. Right, so that's nice. And it's nice because then you can do it and you'll have to set that up for each of the focus modes you use. So if you do not disturb during the day and sleep at night, you'll have to set it up in both places. I'm embarrassed to point out that I was looking at the sleep one and my sleep one had no notifications allowed from anybody and I realized it's cause I use do not disturb for sleep. Oh yeah, right. I'm old school. I have not embraced any of the focus modes. But when I find interesting in here and this explains something that happened to me and in fact, we talked about it when this experience that you had, the last section in there says allow repeated calls. It says a second call from the same person within three minutes will not be silenced. And this explains why Apple was able to call me at 6 30 in the morning cause they call you twice. And they know that that's how their focus mode works. Probably. I was about to say a non girl scout say forward to describe them. That's insidious. Yeah. So the idea is that if Jill calls my friend at seven in the morning and she's sleeping, no big deal, but Jill calls twice. Maybe that's a big deal and maybe that's an important reason to get through. Yeah. So that's the, it makes sense, but yeah, they know that and they called you. 6 30. Geez. And they knew what time zone I was in. They claimed they didn't and say, no, no, you knew. We've had this conversation before. Okay. So at the very least being able to do this nuanced approach for just a couple of people is probably a good way to go. I like that. What other advice do you have? Well, the other advice I have too is to set up the focus modes fully and start removing, making sure the apps you don't want to bug you. So I asked other people, I said, well, did you set a focus modes? How do your parents get ahold of you if they need to? And, oh, I just let my phone have notifications on all night and it blinds me every time a text. And so I said, okay, now you're going the other way. You have no focus mode set up. The phone is just blinding you all night long, ringing every app that rings through the day. So I think dedicating yourself to some time saying which apps should get through and which ones should not get through so that your phone neither keeps you up nor prevents your loved ones from getting ahold of you when they're having their emergency situation. It really benefits you to dedicate yourself to doing this sometime. So I use do not disturb for daily when I'm doing something and maybe I'm speaking at a conference or I'm doing something or I'm presenting at a meeting. I have a work one where all my games and all the silly stuff on my phone can't contact me, but the serious stuff can, text messages and telegram and things. I have sleep mode set up and then I have one called a recording just like you so that nothing can make a beep or a boop or a bop while I'm trying to get a good recording out. Okay, that reminds me, I need to turn on tune to disturb right now. Right. Well, it used to be because I wear headphones that anytime someone on telegram would message me while I was recording, it would come loud and then I would jump out of my seat and, you know, so, but spending your time and getting these set up correctly will ensure that when you're getting sleep at night because not everything's bugging you but then also the people who you love and you wanna hear from will be able to contact you too. I just thought of something. I often send my daughter Lindsay a text message when I know she's asleep, but I figure I'm just gonna send it now because I'm thinking about it and she'll see it when she wakes up. But if she set me up as an emergency contact who could break through, I'd be annoying the snot out of her. It'd be, yeah. I should think about that. That's interesting. In fact, I called someone last week that I never talked to before and I rang and it rang and it rang and it didn't answer and I thought, oh boy, she has a focus mode against people she doesn't know. You know, like she only let's through this. So you called us again really quickly? So break through maybe? Yes, I did. Yeah. Is that the default, by the way? Is default for do not disturb is set to double call can change it? You can change it, but I believe that on the ones, there's four of them that come with Apple. I think there's four of them. I know do not disturb personal sleep and work come with your iPhone. I already pre-set up and I believe the ring through on the double call is set for all of them. Okay, well, that would make sense because you're trying to show you how that works. So I'm looking at do not disturb on the Mac and we already talked about a lot of notifications, a lot of people, a lot of apps. Oh, actually a lot of apps. We didn't really discuss what that is. You can, you can it plus to say certain apps are loud. And oh, did you already mention this time sensitive notifications? No, I didn't, but that's a good point. So time sensitive notifications could be something that maybe you want to come through. But a lot of those tend to be someone tried to log into your bank account. Maybe you do want to be notified at any time when that happens. But I also have time sensitive notifications that have like breaking news on Apple news and I don't necessarily want those coming in. So that's a mixed bag to be honest. I'm not sure that one. Yeah, how does it decide what is time sensitive? It has that preset. You can, you'll notice every once in a while. Like I said, some of the news stories will say it. Someone saying two factor authentication is a time sensitive notification. So somehow Apple classifies that as we need to hear from you shortly. And so I feel like it's again, a mixed bag. So you're right, it does have app settings that you could say is allowed to get through. I think my say. Something to allow, I might do that. I just turned it on and I noticed it brought back in a banner notification that I'm late giving Tessa her flea medication. That's from my reminders. And it showed that because it's saying, you were supposed to do this yesterday and you still haven't done it. But it might be good to have that on, especially in a work setting, if you've got another meeting coming up and you forget you're not paying attention, you wouldn't want to be a do not disturb and not get that time sensitive notification that, hey, you got another call you're supposed to be on. Right. No, there are some methods for sure, but you can also allow an app. So you could say, well, all of Outlook could get through or all of Apple calendars can get through. And that way you could just permit your own calendar from coming through. And then the last one, which again goes a little bit more on the productivity side, is there is the focus filters. Applications who build applications for iPhones and Macs can allow filter focused modes like Fantastical does this too. So I can say that during the workday, I want it to show my work calendar. But as soon as this time crosses and I go into a different focus mode, don't show me my work mail, don't show me my work calendars and I can close that out. So it's not an emergency type of setting, but you can with the focus filters say, during this focus mode, I want to see this part of your application, but not that other part of the application. Whoops, I was a mute there. That's interesting. I can see in the regular calendar, it has it too. If I tap into app filters, then calendar, and then I look at calendars, I get to choose which calendars would be coming through. So maybe I don't care about my work one when I'm podcasting, but vice versa. Right, right. That's really interesting. So you can get into these with just, like you say, a little more nuance without being whole hog automation shortcuts running that this happens and that happens and the lights come on and all that just because of a focus mode change because you pressed a button. Right, can't do it. And the other nice thing is I set my focus mode for sleeping time. So it doesn't show me my work application on my iPhone desktop. So I don't see my work emails. I don't see. So those are removed and only things that I use at night, maybe headspace, the alarm clock are showing to me at nighttime when I have do not disturb on and it's not showing me the full array of all my phones. Not only that, on that focus filter, you could say I only wanna see text messages from the people I care about. So only my friends can text me while I'm sleeping. And if I get spam, if I get other types of text messages like what's my balance on my credit card? Which is just the thing you wanna see when you're trying to get to sleep. I can shut that off. I don't even see it. I only see my friends. It's kind of ironic you and I've talked before about sleep tracking. One of my favorite things Jill ever wrote was I did a post called sleep tracking is stupid. She immediately came back with a post called sleep tracking isn't stupid. That's one of my favorite responses I've ever had. And you gave some really good examples of how it's helped you, but it's ironic that as we're all trying to figure out better ways to get sleep and then we've got bank notifications coming out in the middle of the night. Yeah, you wanna think about your credit card balance when you're trying to get to sleep, right? That's really restful and helpful. Right, right. So there are a lot of things focus modes can do and it's really impressive what Apple has provided to us for focus modes. But again, I think it helps us at that nighttime situation when we're having a crisis someone else is trying to reach us. And we wanna be that person who helps them. What I said to my friend is I said, you know, all those times where I imagined that if anything happened to me overnight I could immediately call you and you would come help me. I realized now was never true and hasn't been true since you bought iPhone. So now I feel more comforted knowing that I too could call them in the middle of the night in case I had a crisis. That's great, that's great. I love it. Well, this has been great. That's exactly what I was hoping we would do is I'd be able to ask you questions and understand this better than just getting one of your delightful little recordings. So again, if people wanna follow you anywhere the best place is... Start with smallsteps.com is probably the best place and your Slack channel. Those are the two places I hang out. I talked over that a little bit. So I'm gonna say it again. Start with smallsteps.com, her fabulous podcast. You should subscribe to them all, the podcasting empire of Joe McKinley. Right. All right. Talk to you soon. Thank you. If things are tight financially for you, I do not want you to even consider supporting the podcast financially. Every once in a while, someone does that when they do it, they really shouldn't. I feel super guilty about it. I like having the show not cost me money to produce and I consider it a labor of love to create this content for you. If you can afford to support the show, it would be swell if you did to cover the folks who can't afford it. I'd be happiest if we had lots and lots of tiny donations. A dollar a month from enough people is enough money, right? Anyway, consider going to podfeed.com slash Patreon and showing your support for the podfeed podcast. Hi folks, part here with a solo security bits. Please forgive me as I don't quite do a good job of channeling my inner Allison to challenge myself when needed, but I'm gonna do my best. As I say, I always miss Allison when she's not around to keep me on track in these security bits. So let us get stuck in with some follow up on some stuff we talked about before. We talked last time about attackers running a bunch of campaigns to get to succeed in getting malicious ads for software into Google ads. And that continues. There's now a different app has successfully gotten malicious ads into the Google ad network. This time it's CPUZ, which is apparently a popular app for profiling your CPU performance. Gamers like these kind of things. Again, it shouldn't be possible to get malicious stuff into Google ads. So not a good development. The SolarWinds saga has taken an interesting little twist. The Securities and Exchange Commission in the United States, they're the people responsible for regulating the stock market and stuff. Believe it or not, they are involved because they are suing SolarWinds basically for misleading investors by telling everyone everything was absolutely hunky-dory fine in the lead up to the hack. And they say that actually no. SolarWinds had reason to believe everything wasn't absolutely hunky-dory fine and they shouldn't have told investors that. And then when a lot went pear-shaped, the investors lost money and therefore that is a, well, I'm not sure if it's a crime, but it's certainly an issue. And just to remind us that the likes of the NSO groups, Pegasus continue to cause problems. We don't know specifically which of these grayware spying apps is in use. Apple didn't give that information out, but we do know that Apple sent a proactive notification to opposition politicians in India to say that there is a state level actor attempting to attack them and to be on the lookout for that. So they should be using lockdown mode. It's kind of embarrassing here because Apple are simultaneously courting the Indian government and well, who's most likely to be spying on Indian opposition leaders other than the Indian government. It is a little awkward, but anyway, there we are. Moving on to action alerts. I believe there are quite a few, you know, so the castaways who run QNAP and NASAs. I know we have a lot of people who like the other big NAS provider, whose name misgives me right now, but I also believe we have some QNAP users. Either way, two very dangerous flaws were patched recently in QNAP. So patchy, patchy, patch, patch. And if despite all of Alison's warnings, you continue to use wise cameras, specifically the wise three, be absolutely positively sure you are patchy, patchy, patched, patched because there was a proof of concept released for an exploit and wise released a patch for that exploit on the 22nd of October. So I guess a patchy, patchy, patch, patch. Moving on to some worthy warnings then. It's getting ever more difficult to decide which of the many breaches are worthy of telling people about and which aren't. But it sort of struck me that a breach at a single hotel, now granted, it's one of the most famous hotels in the entire world. If you click on the story in the show notes, you will see a photograph of it and you immediately recognize it's these three tolls skyscrapers that have like a sort of a slab that links the three skyscrapers together almost like, you know, cricket stump or something. The Marina Bay Sands, huge, huge hotel. They have a loyalty program for people who are able to come back regularly to this very large hotel. And I guess the scale of the hotel becomes clear when you realize that the breach affected over half a million customers. 665,000 customers were breached from that single hotel suffering a breach. The breach in fact was in their loyalty program. No pay, no passwords, no payment cards. So really the danger here is targeted fishing. And the other potential danger for these kind of things with big hotels is that it's of interest to hostile governments. So I'm trying to remember where this hotel is in Asia. I should have checked this before starting to record. So let me vamp a little while I open up. It is in Singapore. So that is in a part of the world where the Chinese government may be interested in who their citizens are meeting and stuff. So potentially there's another danger there if you're some sort of an activist or opposition politician in that neck of the woods for people to know that you are in the Marina Bay at the same time as someone else who you want to talk to without everyone knowing you're talking to them. Potentially. Also a timely reminder that whatever anything is in the news, the baddies will try to make a quick book offer. So this week we had, or over a week ago actually, we had a new AI chatbot being released by X, XAI. And there is no official app for Apple or Google, but there are apps in the app store. So as always, these are fake apps. And so don't download them. And it just, I just thought I'd jump on my soapbox here for a moment. So Apple review all the apps for their app store and malware and stuff gets taken out. But something Apple explicitly don't do in the review processes, check trademarks. And you could argue that Apple couldn't possibly check all trademarks, fair enough. Space seats up to the owner of the trademark to contact Apple, complain about the Apple and Apple will look into it and maybe take the app down. When something is impersonating a major new product, that's not about protecting, you know, X. That's about protecting users from an obvious fraud, not this fake and obvious counterfeit. And so I think Apple should be dealing with egregious trademark violations, not to protect the owner of the official trademark, but to protect us, the user. So Apple has some homework to do here. I do not like your policy. I say that quite often with the app store. Anyway, moving on to some notable news. There is an important group called FIRST, which is the Forum of Incident Response and Security Teams. Basically, it's a place where all the people who run security operations centers get together and search in all those kind of places. And for many years now, they have had a specification, a scoring system, in fact, for giving numeric numbers to vulnerabilities based on a detailed algorithm. So it's an object of scoring system for vulnerabilities, like a game of 20 questions. And then, depending on the answers to each question, you get a score. And you've probably seen CVSS, that's the Common Vulnerability Scoring System, which is what FIRST produce. You tend to see CVS ratings like, oh, that bug was a 9.8, that's the CVSS. That's what these FIRST people do. And you also probably hear words like critical and those kind of things. And those words actually come from the CVSS system, specifically, a bug is critical if it has a CVSS score of 9.0 or greater. And if you're wondering, it's a scale from zero to 10, where zero is not a bug, not a vulnerability, and 10 is a uga, uga, uga. So we have for a long time now been on version three of that specification, but at the moment, a shortcoming of version, actually 3.1, if we're gonna be really pruniquly. But version three and 3.1, as the threats have changed, the game of 20 questions has been failing to provide a nice spread of results. And so the reason for the CVSS score is to triage bugs so that security professionals can focus their attention on the worst problems first. Because that's the best way to get a bang for your book, right, no organization has a security team big enough to do everything. So you're constantly in continuously triaging in the security industry. That's, you know, with my new job and work, I say new, it's been a year now, most of, not most, a significant thing I have to do is figure out what's worse than what because there's finite resources, infinite problem, you have to triage. And at the moment, what's happening is far too many bugs are clustering together at the 9.8, sort of too big of a clustering on the same number. So how do you choose how to allocate your work if everything's getting the same score? So basically the game of 20 questions, the questions need to be adapted for the modern realities of the threats we face today. So all of this is a really long way of saying that version four of the CVSS scores have been released. So there's a new game of 20 questions, extra questions added. And so the hope now is that we'll have a nicer spread, particularly between nine and 10, where our bugs will be a little bit more fanned out so that we can prioritize them a little bit more easily. And, you know, so you may see CVSS four scores started to be seen all over the place. Link in the show notes is a bleeping computer article describing, it's kind of interesting, you know, whenever you hear people talk about a critical bug, it's not a word they're pulling out of the air, it actually matches to an actual number. And that number comes from the CVSS and that's when I got into version four. Now, I need to channel my inner Alice and very strongly for the story because this story very nearly, not very nearly, it actually didn't make it in initially because I threw my skeptical hat on very hard. So Microsoft have launched a new company-wide security drive which they have dubbed their security future initiative. And I know Alice and if you were here, would say, oh, Bart's stopping such a fanboy. But it wasn't originally in the show notes because my pure cow poop detector went to 11. Yeah, right. Out of the show notes, this isn't a story worthy of including. I know they're doing it and if I see them actually do some actual changes, then I will consider talking about it on the show. And that was about a week ago, but it's in the show. Well, that would be because they actually had a whole bunch of proactive, genuine actions ready to go. So while there obviously is PR spin in calling it the secure future initiative, Spress doesn't have a TM stuck on the end of it. So there obviously is some PR spin going off here and they want to get some kudos for doing cool stuff security-wise. Great. There does actually seem to be some wood behind the arrow here. So I actually am going to talk about it. Now, I am going to tell my inner Allison again and say that I have seen some critiques of at least one of the initial announcements because Microsoft are making it out as being we're doing this really future, this really big thing to make things better in the future. Whereas most of the security industry's actual analysis of the facts behind the spin is, oh, finally. So not yay, well done. This is forward thinking. Oh, finally, you should have done this years ago. So we talked last time about the fact that in response to a bunch of US government departments getting hacked in Office 365, Microsoft changed the retention period that everyone gets for free on their audit log to 180 days. It had been 90 days, now it's 180 days and that was changed for free for everyone, which was nice of them. Well, that same hack, it was kind of, there's a model of security we think about as Swiss cheese. So Microsoft had about five or six layers of protection on the encryption keys that were securing these logins. And by sheer dumb luck, all the holes in the Swiss cheese lined up and you could kind of make a point and say, well, you know, they really did have a lot of protectors in place. And yet because of this flaw, lining up with this flaw, lining up with this flaw, the security keys leaked through a bug tracking system. I mean, it was a very convoluted way the keys leaked. And so you could make the argument of, well, Microsoft tried really hard. They got very unlucky. But a valid criticism when Microsoft released their detailed analysis was, well, hang on a second. The key was in RAM. Ultimately, you had five or six protections in place to stop the key in RAM being leaked. But the root cause was that the key was in RAM. Why was the key in RAM? We have hardware for keeping keys safe so that they are never in RAM. On our iPhones, we call it the secure enclave. There are equivalents of it on our Android devices. And you can buy equivalents for server farms. They're called hardware security modules or HSMs. And so signing cryptographic signing keys should be in a HSM. Now, it's easy to do for one server. It's difficult to do for a giant big server farm. Difficult, but not impossible. And not something a major provider should be failing to do. So a giant big announcement as part of this new secure future, sorry, secure future initiative is that they're now going to use HSMs for the encryption keys for Office 365. Okay, good. You should be using HSMs. But you don't deserve a pat on the back for that. You deserve an O finally. So O finally, that's been done. Okay, now are they doing anything more than just P or spin and O finally? Well, actually, yes they are. So we do have three pieces of concrete change that I think is positive. And it's been one week. So in the one week, we have these three genuine pieces of concrete change. So the tyranny of the defaults is a big deal. And a lot of stuff gets hacked in the cloud because the default policies are open. The amount of data breaches caused by it in a poorly secured cloud database or a poorly secured Amazon AWS bucket is immense. And that just comes from bad defaults. So Microsoft are starting to add into Office 365 tenancies. So let me jargon bust for a second. If you sign up to Office 365 as an individual, you just have an account. But if you sign up to Office 365 as an organization, you get like a super account. It's an account that contains accounts and it's an account that contains settings. Everything to do with your organization's Office 365 is in that super account. And to avoid horrible confusion, they don't call them super accounts, they call them tenancies. So a tenancy is just your little piece of Office 365 where you get to rule the roost. And one of the most important things you get to do in there is set your various security policies. And so different organizations have different needs, right? If I'm running a university, I need it to be much more open than if I'm running a government contractor or a defense contractor. So if I'm running a defense contractor, I might have it be that if the AI in Office 365 has a low confidence that an account is hacked, it should lock the account anyway as a precaution. Better to lock someone out for an hour than to have an attacker sneak in. Whereas if I'm running a university, that's a terrible idea, right? Because for a start, my users are going to be doing more risky things because they're out and about in the world in a way that someone in a defense contractor would never be. So I need to switch that same dial to a very different setting. I probably don't want an account blocked, not even, not definitely not low, maybe not at medium, and yeah, okay, if it's a high confidence account is compromised, then go ahead and block it. So those policies really change how a specific company's Office 365 works. And at the moment, it's up to you to configure it yourself. You're kind of thrown to the wolves a bit. Well, Microsoft are changing that by adding a default, secure by default baseline that for new tenancies is just going to be on. So when you walk into your tendency, instead of walking into an empty room that's up to you to secure, you're walking into a secured room that's up to you to tweak the security on. If you find that, oh, actually, this is a bit too secure. It's limiting us. Well, then you dial the, to lead the dial now back to being a bit more permissive. And if you find it's not permissive enough, you dial it forward. But by having this baseline, you've just gotten rid of a whole bunch of misconfigured stuff. And so these policies are going to exist and you can turn them on or off, but they will be provided for you out of the box. So they're called these baseline policy and they're just going to be added into everyone's tendency. And if you don't do anything in a few months time, those default policies will activate and everyone will become secure by default. And all of us got emails to say this is going to happen. You now have 90 days to decide whether or not you want to twiddle the knobs or whether you're happy to take the baseline policy. But that's just clever. That's just a really good design. Basically it's default firewall rules that you can turn off if you want to. But if you don't do anything, things are set up well. So these policies will be so-called Microsoft managed. So over time, when reality changes, the baseline can be changed. So not only are you secure by default, but you stay secure by default. And so any company that doesn't have the resources to keep proactively reading all the news and figuring out the latest, greatest best practices, you don't have to do that anymore. Best practices are for free, they're just there for you to just opt into. In fact, it's better than that. You have to opt out of the best practices. It's just right where to do things. So I liked that. Is there a concrete thing I liked? Is that Microsoft were having another go at preventing abuse of multi-factor authentication? So this time last year, the biggest threat to multi-factor authentication was MFA fatigue, where an attacker would just hammer out an account causing lots and lots and lots of push notifications to the Authenticator app. And back then, the default behavior on the Authenticator app was that you just had to click, okay, it's me. So if I spam you with a hundred messages, you, you know, you were as a listener to the Silicast, made and realized that you absolutely positively should keep saying no, no, no, no, no, no, no, no. But a lot of human beings will eventually go, oh, go away and just like, fine, yes, whatever, just stop haranguing me. And that was actually a way that multi-factor authentication is being bypassed. So I say MFA fatigue attacks. And so the solution to the fatigue attack was number matching. So in order to log in, the person trying to log in was shown a two-digit number and then the Authenticator app needed you to enter that same two-digit number to say, yes, it's me. So you couldn't just say yes, it's me to make the notifications go away. But that didn't stop the flood of notifications. So now you're in a position where you couldn't because you couldn't see the number because it wasn't you. So you couldn't allow the attacker in. But there was still a denial of service going on. An attacker could still distract vast swathes of your workforce while they went on, you know, hacked you some other way while you were busy being distracted by this flood of notifications, right? So it was still a useful technique. It wasn't getting them past multi-factor, but it was helping them distract people while they did something else. Not to mention making a lot of people very, very cranky because it's a flood of notifications you can't deal with. So now Microsoft had a little bit of AI that if they're even a little bit suspicious that the push notification isn't real, they won't send the push. What they will do and say it is on the interface with the person who may have been an attacker but probably isn't an attacker is trying to log in, it will say no push notification sent if this really is you, open the app yourself. So if it really is you and the AI got it wrong, you have the minor inconvenience of manually opening the app. If it's an actual attack, you're left in peace. No bombardment by notification after notification after notification. I just see that as a very clever use of AI. I really like it. So I like that. Well, that's great for corporate people, not that much use for your average home so the other thing that they are doing in the next release of Windows 11, so it's already in the preview builds and it's gonna be coming to the real-bind build is that Windows 11, when you turn on file and print sharing is going to stop doing the legacy Samba version one stuff. So if you ever do firewalls and you have Windows file and print sharing, you'll notice there's four ports you have to open up for full Windows file and print sharing. 137, 138, 139 and 445. Well, 137, 138, 139 are the legacy ports and 445 is actually the modern port. Well, from Windows 11, from the next version on, 137, 138, 129, confined to the dustbin of history. Gone, only 445. So the old Samba 1 protocol will just not enable by default unless you manually go in and turn it on, which you still can if you need to, if you have some sort of old system that absolutely has to talk insecure Samba 1. Okay, fine, you can do that but normal people won't get it by default. So the default behavior is modern, much more secure Samba on 445 and no more of the legacy stuff on 137, 138, 139. And maybe this one deserves an O finally too, but either way, it's still a good development. So stronger MFA, less haranguing from push notifications and more secure Windows file and print sharing for everyone. Okay, that seems concrete. Let's hope there is much, much, much more to come from the secure future initiative. Okay, so I said most things about Microsoft, so let me now say some nice things about Google. Google Chrome is going to, so this is a feature that was in preview for a while and is now coming into the general Chrome browser for everyone. Google Chrome will automatically upgrade HTTP connections which are insecure to HTTPS connections which are secure and it will only fall back to HTTP when the HTTPS fails. So if you tell it you want to go to podfi.com it will try HTTPS colon slash podfi.com first which will succeed because Amazon's website is secure and they will never attempt the HTTP. Only on a website where HTTPS fails will it try HTTP. Secure by default. It's a big deal because the old behavior was you try insecure first and then the website would redirect you from insecure to secure. But your first connection was insecure. So if you have an attacker sharing your coffee stall with you or whatever your hotel with you, coffee shop, that's the word my brain wasn't finding. If you have someone sharing your coffee shop with you, then they can intercept the first insecure message and prevent the redirect and continue to attack you and you won't end up on the secure page if you're not paying attention. So the secure by default is a really big deal. So I'm delighted to see that rolling into the full-fledged Google Chrome and I hope every other browser on the planet copies that. Google Play then is making it a little bit easier to tell the difference between spam VPN app number five million and 77. That's out to steal all of your privacy in order to give you a free VPN service or a cheap VPN service and make it easier for you to find trustable or at least trust what? VPN apps you have a reason to trust and that reason is a standard type of audit called the MASA or the Mobile App Security Assessment which is a standard and basically a VPN app in the Android store that has been audited against the MASA standard and passed by an independent auditor can get a badge to the effect that this has in fact that this VPN app is in fact audited and it's not just audited by any old sod it's audited by independent auditors against the MASA standard. So there's actually some there there and that is just good. Might be better to require that all VPN apps pass the standard but anyway, it's just a good development and makes it easier for everyone to check their app. Okay, so metta, God bless them. I've been trying to avoid complying with the GDPR since the moment the GDPR came on I had told Alison when we talked about the GDPR first that exactly what the GDPR means is going to be determined not on the day the GDPR launches but very slowly over many years in many European courts because at the time I would have said Facebook now I have to say Metta are going to push at every boundary and only do what they are forced to do and they are going to try to get the courts to adopt the most permissive possible interpretations of the language in the GDPR and I don't think that was a particularly insightful prediction but it was a true prediction and one of the things the GDPR requires is informed consent. Okay, it's not strictly true. If you process data you have to justify that processing and there are many possible justifications and so if you are legally required to process some data that is a justification on the GDPR and there are seven of them in total and the seventh, the fallback justification is informed consent. If you don't have a legal requirement and you don't have one of the other requirements like it's not written into the contract or whatever it gets a bit legal but basically if you don't have a very concrete reason to collect the data that falls under the GDPR then you have to fall back to informed consent and Metta really don't want informed consent because their business model is based on technically telling you everything they're doing in the terms of service but knowing no one reads the terms of service and therefore they rely on uninformed consent. Their entire business model is built on uninformed consent. The GDPR requires informed consent and so Metta had been trying to avoid this problem by claiming that oh no, no we fall under the contract justification for processing all of this data and that didn't hold water with the Norwegian Data Protection Commissioners who ruled against Facebook in July and Facebook appealed that higher up and that has now gone to the European Data Protection Board who have upheld the Norwegian Data Protection Commissioners findings and the Data Protection Board have instructed the Data Protection Commissioner who regulates Metta i.e. the one in Metta's home country in Europe i.e. the one here in little old Ireland to order Metta to stop using targeted ads on Facebook and Instagram in Europe until they get actual informed consent because right now it has been ruled that they're breaching GDPR probably not unrelated Metta have launched a paid ad-free subscription service in Europe so yeah that's one way to get around the problem is if you offer people a paid ad-free service then it's easier to say that well actually our justification for the normal services that users have proactively chosen ads versus no ads then easier it's more defensible position it's more informed consent so definitely not 100% related stories but there's definitely a connection between the two here Google are also trying to use European law against others so with the upcoming Digital Services Act gatekeepers have extra responsibilities and if you're determined to be a gatekeeper messenger service you need to interoperate with others you need to allow others to interoperate with you in fact is what the law says and so initially sort of attempt one at figuring out who is and who isn't a gatekeeper the European Commission ruled that iMessage is not a gatekeeper because in Europe Apple actually does not have a big share of the messaging market at all WhatsApp absolutely kicks iMessages everything here in Europe and frankly sort of plain old SMS so in America I know that iMessage is darn dominant and if European law were in America iMessage would be a gatekeeper no question asked but in Europe iMessage is actually quite unpopular so initially iMessage was not marked as a gatekeeper and Apple were happy with that Google were not because Google really want all the world to use OCS and there are many flaws with that idea which I'm not going to know so they have banded together with some European cell phone carriers and they are asking the European Commission to reconsider and to make iMessage a gatekeeper after all Apple say they are looking forward to defending the current status quo with the European Commission so we shall see and then finally another related story to European regulation is that in a filing to the Securities and Exchange Commission of all things a 10k form I believe it was Apple have basically said that a big risk facing them in the future is that they will be forced to implement third party app stores in Europe so they're saying in regulatory filings that there are going to be changes in their business practices because they are almost certain to be forced into making these kind of changes in Europe so that is to some extent you know well yeah of course but nonetheless it's interesting to see Apple accepting that reality rather than doing a meta and being sued into doing everything so anyway that's just an interesting related piece of news moving on then and our news section at the US Federal Trade Commission is ordering non-bank financial firms to report breaches within 30 days so at the moment if you are a company that do financing things without technically a bank you don't actually have to report breaches immediately well now even if you are not actually a bank but you do financial stuff in the United States you still have to report your breaches so that should make things a lot safer for Americans money so if you're wondering well who counts as a non-bank financial services mortgage brokers motor vehicle dealers payday lenders investment firms insurance companies peer-to-peer lenders and asset management firms so they now have to proactively tell you when there are breaches in the same way that traditional financial institutions do which is a very good thing everything to do with your organization is in its own little super account finally in the news section WhatsApp are adding a new privacy feature that will protect your IP addresses during calls so if you're instead of it your call making a direct peer-to-peer connection to the person you're calling your voice calls will get rooted true meta servers but because there's actual int to an encryption that's a safe thing to do so that means that the IP address of the person you're talking to won't be visible which is potentially a pretty substantial security win if you are you know someone in a sensitive position moving on to top tips just the one but I think it's a good one to know about so one of the changes that has come with the latest version of Safari is that you can now enable the same kind of advanced tracking protection that is always on in private browsing mode bring that protection with you into regular browsing mode and there's a setting hidden away under advanced settings so the link in the show notes is to a Mac observer article telling you how to do it on iOS and so it walks you through the various steps in iOS the same feature is available in Safari on macOS Sonoma in fact I think it's all Safari 17 because I think I found that on my non Sonoma Mac as well then I think about it anyway in the Mac it's a little easier to get to because there isn't a separate settings app that covers all the apps so you just go into the settings pane within the current apps so in Safari you go to settings and you go to the advanced tab and there's a drop down in there where you can change it basically so link in the show notes with the screenshots for iOS and the same naming the same verbiage is available to you in Safari on the Mac it's just under settings advanced no excellent explainers no interesting insights no just because it's cool straight to palette cleansing I believe Tom Merritt sometimes listens to this show hey Tom but I nonetheless I'm going to make him blush because I have really really I've always enjoyed his show no little more but I've been double extra enjoying it in recent weeks and months because he's done a whole series of shows pinging off what's known as the mother of all demos it's Engelbart's demo of basically modern computing like decades ago it's astonishing how correct the Engelbart or how prescient the Engelbart demo was like when Engelbart was doing his demo of collaborative editing across the network and email and all this stuff like the first Mac hadn't been invented yet Xerox PARC hadn't really gotten going yet it's just amazing how early that demo was and how amazingly prescient it was but you know there's lots and lots and lots and lots of technologies underlying that demo and one of those technologies is something called Aloha Net and Aloha Net was invented out of absolute necessity in Hawaii and it is the precursor of the Ethernet protocol which is ubiquitous in modern networking and one of the things so we know Ethernet mainly through cables because we call the copper cables that carry our home networks we call them Ethernet cables so we think Ethernet came from copper and people are often surprised when I tell them that the Ethernet protocol works on Wi-Fi people find that very very weird because they're so used to calling them Ethernet cables so they thought that Ethernet goes through the air is weird but actually Ethernet's origins are in the air Aloha Net was a radio-based network and that's where Ethernet actually that's sort of the key inventions that made Ethernet Ethernet came from Aloha Net or a lot of them did and so the latest episode of the know a little more podcast is on the story of Aloha Net and it's a fascinating story part of it I had heard in networking 101 back when I was doing my computer science degree because the concepts are pretty darn important but it was nice to get some human interest on the story so I really really enjoyed the episode I'm recommending that episode because it's about Ethernet effectively but also all the other episodes in the recent series starting with the first one that explains what the mother of all demos was and every episode between that episode and now has been pinged off something in that demo anyway recommend them all it's all really good stuff know a little more great podcast right Allison I hope I have done an okay job without you and remember listeners until next time stay patched so you stay secure well thank you so much for doing that Bart I think it's so funny that you say you don't do a good job without me but you do a wonderful job without me and I think that's part of the beauty of our relationship between Bart and me is I feel like I'm kind of superfluous I'm just that person interrupting him and he thinks I'm critical to it so that's why we both love it doing it together because we both think we fit perfectly together anyway that is going to wind us up for this week did you know you can email me at allison at podfeed.com anytime you like if you have questions or suggestions just send it on over you can follow me on mastedon at podfeed at chaos.social and remember everything good starts with podfeed.com if you want to join in the fun of the conversation you can join our slack community at podfeed.com slash slack and in fact that's where you should go to tell me the stories of all the times you didn't put the right name field in the first sacred slot in a database transfer anyway you can also talk to me and all of the other lovely nocella castaways in there you can support the show at podfeed.com slash patreon or with a one-time donation at podfeed.com slash paypal and if you want to join in the fun of the live show head on over to podfeed.com slash live on sunday nights at 5 p.m pacific time and join the friendly and enthusiastic nocella castaways thanks for listening and stay subscribed