 I ain't done this because I was in Slack and now... Because you're such a big Slack fan, all you do is hang out in Slack. Oh my gosh, it's totally ruined my production. Slashed Giffy all day. It was supposed to help me with productivity here, I am like way behind on the art for the show. But that was a pretty good Luke Skywalker meets Beyonce Gif that you found, so I have to say that was worth it all out there. And this. All this in Slack. No, there was another program that was similar to it that I was like, okay, you know, it's just like another live message board or something or live chat sort of thing. Slack reminds me of Twitter in some ways when it first, when Twitter first launched because it's kind of impossible to describe to someone who hasn't used it. Because it sounds like, oh, it's like IRC and then you're like, well, why don't I just use IRC? Well, you can do this with its productivity. Well, I've got productivity. Like you have to. It's pretty IRC. Well, are there like giant global slacks that I'm not aware of? Because I'm only using it internally with Hack 5 and then also with you guys. Yeah, I think there are some, but mostly it's for internal use only. That's interesting though. Did Twitter ever do a marketing campaign for itself when it first started? Yeah, I think it's called South by Southwest 2007. Yeah, but Twitter wasn't selling to companies. So they didn't have the potential revenue. Yeah, Slack has revenue. Internal Twitters. Yeah. Interesting. All right, well, you all have a good show. Thank you, Jenny. Hope you have a lot of fun. We will. I hope you learn things. I know we will. Is Roger here today or not? Roger's here. He's just gone where I'm about to go to the great beyond where producers go when they're not on the show. Good bye. Good bye. I can't come back. I don't know how it works. All right, you guys ready? Yeah. Here we go. If you would like to donate to the Daily Tech News Show, simply go to dailytechnewshow.com slash donate. Donate via Patreon monthly or just once via Bitcoin or PayPal. If you want a t-shirt, go to slashloop.com. Thank you. This is the Daily Tech News for Friday, December 11, 2015. I'm Tom Merritt joining me today. Mr. Darren Kitchent, founder of hack5.org and H-A-K-5.org and D-T-N-S contributor. How are you, sir? Darren Kitchent. So excited, awesome to be here looking forward to New Year's. Yeah, good stuff coming up. Len Peralta is alongside as well to illustrate the episode. Will you be using words or art this week, Len? I think I'll be using both this week. Painting a word picture with art. Oh, my gosh. Now I just want some Len Askeart when you say that. Wait, did Darren say he was excited about the New Year? Yeah, yeah, it's coming up. It's coming up in less than a month away. What's wrong with that? It's okay. I guess you're right. Len's like, don't rush me, man. I still have to go and get this Christmas. That's right. I haven't even started shopping yet, so I just wanted to make sure I heard right. All right. Yeah, just, I don't know, 14 more days or 14 more shopping days, so for power you say that. We're going to talk about drones today, folks, but it's cool because Japan has an intercept squad for drones. We're going to get to that in a bit. Let's start off with the headlines. Microsoft announced changes to its OneDrive storage limits again. They just changed it in November to bring down the limits, got rid of unlimited, but now they're pulling back a little bit on that. Office 365 home, personal and university subscribers who are unhappy with the change from unlimited to a terabyte, can get a full refund. Anyone with more than a terabyte of storage who wants to stay without getting the refund can get 12 months grace period on their overage without having to pay extra, gives them some time to plan. Free storage, if you remember, went from 15 gigabytes down to five gigabytes. If you are a free user that has more than five gigabytes on the free tier, you can either get a free year of Office 365, which of course comes with that terabyte drive now, or you can sign up to keep your 15 gigabytes of free storage. Just go to aka.ms slash OneDrive storage and click a button that says yes. You can even unclick the subscribe me to promotional emails and you still get to keep your 15 gigabytes. That's Darren is probably the best part of this is them saying, ah, and finally, if you just want to keep your 15 gigs free, click this button. Yeah. Where's the URL where you can also just keep the unlimited that we're taking away? Yeah, they're not that generous. All right. Like how long is that link going to be up? I just feel like, wow, Microsoft, like of all people you should know not to try unlimited because there's always that one guy in South Korea with like a gigabit fiber connection slash dev slash you random and a W get script. Yeah. And I think the W the windows 10 launch may have been more successful in the OneDrive people may be expected in signing up new users because it came right after that. They're like, ah, we need to change these plans, which seemed to me like a bit of a panic about storage because storage capacity is getting bigger and bigger and cheaper and cheaper all the time. This isn't something that they shouldn't have really been able to anticipate it. I wouldn't have thought. Oh, or they could, you know, there's so many technical ways where they could have weaseled their way into keeping that unlimited plan with throttling and things of that. Yeah, I'm glad they didn't do that. It's just a little frustrating. New York Times reports that Ali Baba has agreed to buy the assets of the SCMP group that SCMP stands for South China Morning Post or used to. That is the main thing that that group owns. It is Hong Kong's daily newspaper. Alibaba says China's government had no role in the deal, although some people are nervous that a Chinese mainland company now owns Hong Kong's daily paper or will Shanghai venture capitalist Eric X Lee advised Alibaba on the acquisition and said it would quote, give the paper a unique and powerful vantage point to offer global readers a more pluralistic and realistic view of China. So Darren Ali Baba saying, we're going to, we're not going to change the editorial direction. We're not going to interfere with the editorial direction of the South China Morning Post, which can report on things like protests, human rights issues in ways that mainland papers can't. But at the same time, they're saying we want to use it to get a fairer view of our country out there. That's really weird because that's a tech company buying a media outlet. It's like, what if Google bought the New York Times? How would you feel about that? Yeah, I mean, the closest thing is Jeff Bezos buying the Washington Post, but Amazon didn't buy the Washington Post. Jeff Bezos bought the Washington Post. It would be even crazier is if like Microsoft had a 50 percent stake in a cable channel with NBC or something. I don't know what they call that. They got rid of that. Oh, did they? Yeah. Who? Let's say I guess I guess tech and media really does want to be together. I'm trying to think the like Alibaba equivalent to Amazon equivalent to Facebook equivalent to Google. I think the Bezos thing is as close as we've gotten. I don't think any of those companies have ever bought a traditional media company. The Microsoft partnership on the cable channel is pretty close to you. Right. Hmm. I don't like it anyway. Whenever media and tech companies come together, it's, I don't know, it always puts sour taste in my mouth. Oh, I don't know. I mean, Paul Al and Ventures buying Zip Davis Television worked out just fine. I'm sure it did. Teaglass 1976 pointed out that PC World reports T-Mobile USA is offering Verizon subscribers a free one year subscription to Hulu if they switch mobile phone service from Verizon to T-Mobile between December 11th and December 17th. Switchers essentially get $100 gift certificate. It's a code for Hulu by text message that you have to use by January 31st. So you don't get to commercial free tier, but you get $100 off a year of Hulu, even if you did the commercial free. I guess this isn't a net neutrality violation. It's it's not like they're making the Hulu packets free on the T-Mobile network or something, but. Well, they're doing that too. Yeah, seems a little separate thing. But yeah, I don't know. I guess just chalk it up for like holiday promotions, which we've been barraged with for the last month anyway. So well, what they're doing, I think here, I think it's pretty obvious Verizon has really been pushing video as its big deal and they have that go 90 service that they own that does like clips and stuff. So T-Mobile said, well, instead of clips and stuff, how about you just get Hulu with full television shows for free for a year if you switch to T-Mobile? Yeah, take that cable companies. Yeah. I don't even have service at home. I just use tethering to my phone. We are. Do you have an iPhone 6s or 6s plus? No, no, neither do I. But you so we're not going to care about this. But those who do have those phones, Tumblr has updated its iOS app to support live photos, a feature of the iPhone 6s and 6s plus. So if you have that phone and take photos that do the come alive thing, you can see photos like that from other people who have that same phone. When you see a concentric circle supernova icon, as Tumblr calls it, show up on the photo on Tumblr, the rest of us will not judge you. What? But so for me, not having an iPhone 6s or 6s plus, does that still mean that I can take like 90 photographs within a three second span and then play them back at like 30 frames per second and then share that? What do they call those again? Live photos? Oh, right, right. Yeah, you can do that, but you can't do it as easily. Man, I don't get a special icon. No, feel special. You can now access Gmail and Google Apps with iMap through Yahoo Mail, which lets you use Yahoo's email search, smart contacts, rich compose features, the Yahoo account key. It's available today for iOS, Android and desktop browser. Yahoo already supports multiple other mailbox iMap outlets like Outlook.com, AOL and Hotmail. Hotmail? Hotmail, I guess. You know, you can also do the inverse of this because Yahoo supports iMap, so it goes both ways. You can import your iMap from Yahoo into your Gmail. Or, you know, I must say I'm really thankful that email seems to remain one of the last open protocols still in wide use. Yeah. Well, iMap actually is a standard that people use and then allows them to use their email with whichever service they would like, which is fantastic. So I'm glad that still works. Right. We were talking about Slack right before this and it's like, well, yeah, it's just like IRC. Again, an open protocol. But like, you know, all of these things could integrate, but imagine how different the world would be if there wasn't like the open standard for email. Or I guess, you know, it'd be like being on Prodigy. Oh, I didn't get your email because my service doesn't work with your service. Imagine if email worked like an instant message. Oh, yeah. I'm on CompuServe. Can I get to your email? Oh, yeah. Okay. Well, there's a third-party app that I can use to translate between the two. Yeah. Right. Yeah, there's middleware between Dropbox and Slack. Yeah. Oof. Remember the report from LeMond the other day that a series of French police proposals, including one about banning Wi-Fi during a state of emergency, had been leaked? Well, T.J. Burbank wanted us to note, Ars Technica passes along a report from The Connection, quoting French Prime Minister Manuel Vall saying, quote, English translation, quote, a ban on Wi-Fi is not a course of action envisaged. He also said he was not in favor of banning tour. You know, sometimes I wonder if political leaks like that are just like testing the water, you know, like, ah, how, how outraged are they going to get? Sometimes they are, I'm sure. I don't know if this was one of them or not, but yeah. Uh, and the, the out, the out, the, uh, reaction was strong and the Prime Minister is pretty definitive saying, no, we're not, we're not going to do that. Good. I'm glad they're not going to do that. My guess was that the proposals were made because they said, hey, make a proposal for anything you think could possibly work, and then we'll decide if it's a good idea or not. And so they made these proposals and then they looked at them and they said, well, these are not good ideas. Yeah, we can't, that's the way it's supposed to work. Bought people on the head with them. We're, we're France. We're, we're back at capital of the world. But you don't go to somebody and say, make proposals that are only perfect. That will, I mean, no, you said make, make all the proposals, politicians to be perfect. Yeah. Abituele Condolce wanted us to note that hoverboards, the, the misnamed, in my opinion, self-propelled, self-balancing two-wheeled scooters, which is a little bit of a mouthful, are now banned on flights by Delta United Airlines and American Airlines, according to Buzzfeed. That puts them in company with seven other airlines who previously banned the devices. Delta's review found some batteries exceeded the 160 watt hour safety limit and posed a fire hazard for airplanes. Many of the batteries are mislabeled The Consumer Product Safety Commission is currently investigating 10 fires allegedly started by the hoverboards. Problem is, you don't know who makes the hoverboards. There are probably plenty of hoverboards out there that are perfectly safe, but so many different companies are making them and some of them are mislabeling their batteries. Well, I mean, mislabeling of batteries is just kind of like something inherent in, well, in batteries. They're actually probably buying mislabeled batteries. Like, oh yeah, it's like 80,000 milliamp hours at 3.7 volts, not at five, which you're going to use it at. So really, you know, do the division. There's good reason for this. You know, the way that the TSA does it is they come up with an equivalent lithium content. There's a weird equation to get to it, but like basically you're allowed up to eight grams, unless it's over eight grams, which is typically 100 watt hours, in which case you can go up to 13 grams, which is about 160 watt hours. Still, the shame about this is there's perfectly safe and legitimate ways to carry batteries of that capacity on an airplane. But I guess just not with these particular devices and that sucks because if somebody else comes out with a better version of this device, we're saying that the battery is removable and you can actually do what the TSA recommends, which is or insists, which is to put electrical tape around the actual battery terminal. Then you should be good to go. But no, everybody's going to look at and be like, that's one of those hoverboards that doesn't hover. Southwest Airlines is still reviewing it, but said they don't anticipate banning 160 watt, 60 watt batteries, even in hoverboards. So they're going the extra mile, but most of these airlines are basically taking the approach that they have plenty of other things to deal with than check a hoverboard to see if its battery is properly labeled or not. So it's easier for them to just say, you know what, you don't need these things on the airplane. Forget it. Right. And it's the same, you know, this is coming from the same industry where, you know, years ago, not not as it is today, but years ago it used to be like, sir, you have to turn that off. It's a Kindle. It's it's not it's not on. Yeah, you know what, I don't have time to learn what a Kindle is. I don't have time to argue it looks like a tablet. It's turning off. Totally. It's exactly the same thing. Starting January 1st, security certificates using the SHA-1 algorithm will no longer be issued by most certificate authorities. The reason is that Ford's certificates are becoming more possible. I think its last estimate was it only takes $700,000 to cause a collision. Certificates are moving to SHA-256 or you sometimes see it called SHA-2. Cloudflare co-founder Matthew Prince put up a blog post Wednesday proposing a fallback system that would serve a SHA-1 certificate for legacy devices that are still out there in use. Estimate of 37 million people worldwide still use devices that can't accept a SHA-256 certificate. Most of those uses are concentrated in places like China, Africa and the Middle East. Facebook Chief Security Officer Alex Stamos posted support for Cloudflare's idea and suggested that the CA browser forum create a legacy verified certificate. So the idea here, Darren, would be you would only give a SHA-1 certificate to somebody who proved that they would always serve the SHA-256 certificate first and that they could technically support it. You know, this is a bold move and I think that you should go ahead and continue on with that because while there's all of these devices, what was quoted like 37 million devices? 37 million people. People, right? I am one of those people and actually I'm not even capable. My trash 80 doesn't have the computational power to decode the SHA-1. That's not what this is about, Darren. No, no, no, it is. It absolutely. No, it's not. When they went from MDA-5 to SHA-1, they did it over a much longer period and there were almost zero devices and that's when the trash 80 people might have spoken up. You're talking about whole countries with large populations of people who can't afford to replace their phones with a phone that doesn't support SHA-2 and you're going to shut them off from being able to access websites. Okay, so why move in the first place if you're just going to enable a downgrade attack is essentially what you're creating. You're creating a huge loophole backdoor that any hacker would like, oh great, now I have to send an extra packet that I spoof as a server saying, yo dog, I don't support the thing and then we just downgrade like we do with any other like SSH attack and then try to go with the lowest common crypt only. And then you have the difficulty of educating people who already can't be bothered to look and see if there's a lock icon to be able to tell a SHA-2 from a SHA-1 certificate. Man, I get that. That is a fair argument. That lock icon and maybe like a lock made out of twigs. So what is the solution? Because that is a very fair point which is, well, the alternate is to leave a vulnerability out there. I think what Cloudflare and Facebook are saying is, look, it's still $700,000. You're not going to see a lot of these in the wild yet. We've still got some time. Well, what you're saying is, no, this is from an industry that is dependent on all of this stuff continuing to work, but at a certain point you have to put your foot down and say, look, we need to move forward because as much as we love the convenience, if it's at the detriment of the security to that point, I think you just have to draw the line in the sand and say, like, OK, and maybe that means pushing the date out further. But what will happen is you're like, oh, we're just going to do this in the interim, right? Yeah, sure. I think you've convinced me that the dual certificate system may not be such a great idea. It isn't. It just enables downgrade attacks. But I still think maybe you need to delay implementation of SHA-256 for a little while. There's a lot of people in a lot of places that will not be able to get to websites. Unless you could show me, and this may be something that Cloudflare and Facebook won't talk about, there may be another way for this to be fixed. I can't see how this couldn't be fixed with the right software. Yeah, and maybe that's all it needs. I mean, I don't expect my, you know, 19, late 90s era Nokia to be able to browse the web when it only has a couple of apps. That's not what this is about, though. This is about somebody in Nigeria who has a smartphone that's running gingerbread and they can't afford to buy a new one. I would expect gingerbread to be able to be upgraded. Well, maybe, yeah. And if you could show me that, then I'm going to be less interested in giving this dual certificate thing. Because you're right, there is a vested interest for somebody like Facebook and Cloudflare. With like a proxy. Facebook also has the basics by Facebook plan in place, which is a self-interest, but also a somewhat charitable one in helping provide access, too. So it's not, yeah. And they don't all profit. And their terms of service is such that developers can't implement crypto regardless. So that's... On Facebook for basics? That's the internet.org thing, right? Yeah, yeah. Yeah, no crypto for developers. No JavaScript. Yeah. Oh, that's right. Because they want to limit what was executable to make it work on older phones. I mean, again, coming from a privileged society where people can upgrade their phones every couple of years, it seems ridiculous. Well, I just think everybody should have the privilege of strong crypto. And so... What if your device can't do it? Yeah, I get that, but I... I mean, even, oh, you know what? I joked about the Trash 80. Given enough time, the Trash 80 could do it. It would just be a very painful experience. And you know what? We don't need to do a Trash 80. Nobody's talking about that. We're talking about a phone that's like five years old. Well, ultimately, a line was drawn in the sand. You should. Well, and a line was drawn in the sand with MDA5. It just wasn't drawn so quickly. That took like seven years to phase out. Oh, you think it's the next week now? Just wait for the next week. Well, you know, officially anyway. We're talking the same thing as this. But for certificates, right? Yes. And we went on SHA-2 officially in 2013. I'm sorry, SHA-1 in 2013. It's only two years later. You're right. And it may actually be a moot point when at the end of the day, the way the entire certificate authority system is set up anyway is kind of prone to all sorts of malicious stuff anyway. Yeah, there's a whole other issue there. It is, it is. Yeah. I'm sure no nation states have ever compelled any certificate authorities to hand over private keys or anything. That would be ridiculous. I can't believe you even suggest that. Let's finish with something positive. CNET reports on PDLoggers, a group of three students at National University in Singapore developing a group of sensors that help prevent people with Parkinson's disease from falling. There's something called gate freezing that happens as you get Parkinson's as it develops, which pauses you mid-walk without you realizing it. So sensors are placed on each ankle and the back of the neck to acquire data on a person's walking pattern. And then an algorithm that runs on one of those Edison chips from Intel. It's one of their mobile, or Internet of Things chips. Consents when a fall is imminent and then vibrate to alert the walker and provide a little biofeedback to get your walking going again before you fall over. Yeah. This is the exact same technology that the accelerometers and gyroscopes they are used to keep drones upright. Yeah. It's just keep people upright. Mm-hmm. It's fantastic. Yeah. Then we just put some rotors and made a lot of thrust. But you know, like, oh, you're tipping. Let's boot up this motor. Yeah. Some really fast electrical. Oh man, my grandpa had Parkinson's. How much would he have loved if he had been able to just fly over people? That would have been amazing. Oh, I'm tipping again. Yeah, screw you people. I'm cutting the line now. Thank you, folks, for submitting stories. Keep it up at dailytechnewshow.reddit.com. You guys are the best. Let us know what stuff you'd like us to talk about by either submitting the links or voting on them at dailytechnewshow.reddit.com. And that is a look at the headlines. All right. Tokyo Police, according to Japan Today and Nikkei are putting together a drone unit. Now Japan Today called it a drone squad. I don't think that's an official name, but I'd kind of like it to be. Yeah, right? Dozens of officers will start work on a trial basis later this month and then go into full-time work on it in February. 24-7 monitoring of major buildings like the Prime Minister's residence. They will warn operators by loudspeaker. And if a drone gets too close to a protected building, they will send out the drone interceptor, which has cameras and a big two to three meter net that can capture the drone mid-flight. There's even a video of this working, man. Okay. There are, I have three points to this and we'll go through systematically. But first of all, you should watch the video because it is kind of hilarious. It's of what looks to be a DJI S800, which is like a really big drone that's typically used to carry like big cinema cameras like the red or something like that. And it's got this giant net and it's chasing down your typical like phantom quadcopter that you buy at Best Buy and hope for the best with. Yeah, so if you're watching the video version, we're taking a look at that now. And okay, so there are so many problems with this on multiple levels. First of all, that is not an autonomous drone by any stretch of the imagination. I don't think they ever said it was autonomous though. No, you're right. You're right. The drone squad are actually highly skilled pilots, I'm assuming. They must be. And also what I love about this is the time that it takes to set one of those things up, you're like, oh, look, a drone in the sky. Like what are you gonna do? Like you have to unfold all those arms. You've gotta prop all the motors. You gotta put the props on. You've got to set all of those rigmarole up. You gotta wait for your satellite lock, all of those things. And meanwhile, the demonstration video is showing a DJI phantom, whereas so many possibilities with drones. I've seen drones going over 100 miles an hour, and I keep saying that word. I really mean model aircraft or small unmanned aerial systems or pick out acronym. But you're not gonna stop. By the time you notice a quadcopter booking towards some Senate building or whatever, at 100 miles an hour, it's like too late. And when you think about the current crop of drone management, airspace management systems that are already in place from, you know, the likes of your Lockheed Martins of the world, you're looking at radar, not radar, GPS jamming, control signal jamming, lasers and things of that nature. Take this down, this net approach is like, it's like Scooby-Doo comical. Like what's next? Are they gonna have like, oh, smoke screen comes out. Drone squad. Drone squad. I mean, how Japanese anime is that? It's perfect, it's beautiful. Well, here's what happened. A protester landed a drone that had a very small amount of radioactive sand on the roof of the prime minister's office building. No one was hurt, no one got radioactive. But after that happened in April, they pushed through new laws that are going into effect. They went into effect on Thursday, banning UAVs over crowded residential areas and particularly around protected buildings like the prime minister's residence. So I think, Darren, what's going on is they have restricted drones more particularly so that they can try to enforce this and dissuade this sort of thing from happening. But at the same time, you've got a lot of freaked out people who don't understand like, they're dropping radioactive sand on the prime minister, like almost imagining it falling on his head, right? And so you come up with an equally impressive reaction. Well, here are the police with a giant net. They'll stop that drone. Right, no, this really does feel like a PR stuff. Okay, point number two. Quadcopters have landed on the White House lawn. Imagine instead of Japan where, I mean, it is, it fits in Japan. It absolutely fits in an anime and I love the drones chasing drones comic aspect of it. But imagine this were Washington, DC and there's S-800s with nets circling the White House. What? Sorry, I'm not buying fighting drones with drones. And then that brings me to my third point which is getting a little bit more realistic here. And Raymond, if you need to, but I feel like guns when used responsibly can be a lot of fun and so can drones. Unfortunately, there is a certain element of risk and both are capable of dealing significant damage. If you- Let me back you up real quick because the gun violence debate is so politicized and very sadly, so related to tragic recent events that I don't know if people can think clearly about it. So let's say cars, let's go to cars because cars can be used for dangerous things and they can be used for very fun things. And I think that might serve your metaphor as well. Okay, I actually need to preface this by saying I'm ridiculously apologetic if I was being insensitive in any way. I actually protect myself from the media. That's why I do tech news and I have no idea what's happened in recent event with guns and I hope not to, so please don't PM me any terrible stuff. Cars is a good one. Radio would be another one. You can mess up someone's day and not just like someone's day. If you're using the wrong frequency at near a hospital, you could potentially be jamming life-saving equipment and both cars and radios are licensed. You can't get on the streets and go on a rampage. You have to learn how to properly use these things. You become a ham radio operator before you can transmit and you're given permission to use certain frequencies and things of that nature. I feel like the drone registry that we have right now is a step in the right direction. I'm actually not against the concept as much as I joke around about like, oh, loopholes making them less than 8.8 ounces and things of that nature. But a pilot's license may even be better because what I'm getting at is I am so opposed to the blanket stuff that we see like out of Chicago recently of like, oh, we're just gonna ban drones altogether in this area because it's ignoring the fact that many drone sports are using very small, very light drones that fly no higher than the tree line and don't pose significant threats and things of that nature. So, I guess it's like that. A study was released this morning or maybe yesterday from Bard College looking at all of the close encounters which we all think means aliens but it actually just means two objects coming within a very close distance of them between so-called drones and aircraft. Only 35.5% of drone sightings from piloted aircraft between December 2012 and September 2015 were close encounters. 90% of them were above 400 feet. The majority were within five miles of an airport and those are already places where you're not supposed to be flying these kind of aircraft, these kind of model aircraft. And that's the kind of stuff that the DOT and the FAA are looking to prevent which is because we have such a lack of education. Those instances happen with Yahoo's for lack of a better term that go down to your local big box store, grab the cheap drone and put it up in places where they really shouldn't with no understanding of what the regulations may be. And so I feel like I'm sure it was the same way when like CB radios or citizen band came out. You'd have a bunch of Yahoo's that are like, ah, cool, let's put more wattage in it. Let's use bigger antennas and then all of a sudden they're having unintended consequences. Thankfully, none as life-threatening as potentially an S-800 going into an engine on a flight path. But I feel like rather than fighting the drone problem with other drones, maybe we just use some sensible regulations saying like how about you just show us that you're a reasonable person that's not going to drive down the freeway at 90 miles an hour into oncoming traffic. Like I think that's one of the test questions at the DMV. I think honestly the drone squad for lack of a better name isn't a bad idea the same way having traffic cops who can pull you over and go, hey, did you realize you ran that stop sign or whatever to make sure that we all are paying attention and following the rules, right? The net thing, I don't know. I mean, maybe the prime minister's residence, you could fly it up there. It seems a little like to take a while to deploy it. And by the time you got it out up there to catch the drone, it might not. I don't know. That seems more for effect to me. You need surface to air missiles. That's what you're doing. Nerf missiles, surface to air nerf missiles. With nets that pop out like that. With pop out nets, perfect. We solved it. That's it, boom. I mean, I think that E-Walks, look, if an E-Walk can take out an ATST, surely we can get some boomerangs that'll take out a DJ. You could learn a lot from those mini bears. All right, let's get to our pick of the day. Allie Smith, aka 40 Thieves, who was very often in chat, and I love to see him there, was listening to the show when we were talking about Chrome for Android's new data saver mode and wrote that it made him think, as he writes, about what does my site cost dot com, a site designed to calculate how much loading a website cost to download over mobile networks in various countries around the world. He ran DailyTechNewShow.com through it, came up with the numbers. We'll have the link in the show note. They're obviously estimates, but they're based on the cheapest available plans. The most expensive place to look at DailyTechNewShow.com is Vanuatu for 53 cents. You can look at DailyTechNewShow.com. Here in the U.S., it's only 12 cents. Pull down DailyTechNewShow.com. So really, it should be like, yeah, sorry Buzzfeed that I'm running an ad blocker, but also like your 40 megabyte website is costing me. So where's my kick? Exactly. Now, and these are the most favorable costs, like the cheapest plans and the fastest loads. But if you run a website, this is a great way to look at kind of, wow, this is what it costs for somebody on mobile to view me. I recently ran across some of my college books, one of them on web design with HTML3, and it recommended keeping your homepage no larger than 30 kilobytes because that would take about five seconds to load and anything more than that is just too annoying. I still think that's a good idea. But we had beautiful homepages in less than 30 kilobytes, so it's possible, people. It is. Send your picks to us, folks. Feedback at dailytechnewshow.com. You can find my picks at dailytechnewshow.com slash picks. Finally, John, one of our bosses, sent a link to a Technobuffalo article about a picture from ZTE. They haven't actually shown this off yet. I bet we'll see it at an upcoming conference or something where it is powered by a smartphone. So it's a big television, 55 inch television, 4K resolution. You put a smartphone in the back of the TV to make it a smart TV. You just dock it in there kind of like the old Asus Pad phone. John writes, why hasn't this happened yet? Why hasn't this happened? Well, you see, there used to be a wonderful thing called MHL, but they had it on with another standard that I think used something called a Slimport. And then manufacturers, they just dropped it all because Chromecast and also infuriating because that was such a wonderful- You forgot DLNA, too. Sure, I did this for years. I was just mentioning how I don't actually have internet service at my home, but I do have a big screen TV. And so I've got an MHL-based HDMI cable. So it's HDMI on one end and a micro USB on the other. And all I do is just open up Netflix on my phone, plug it in, and it would be on the TV. And who cares, right? You don't need a smart TV if you already have a smartphone in your pocket. But see, I don't like the idea of docking my phone behind the TV because I still want to be able to use a phone. You still need the second screen experience, you know. Exactly. And how am I gonna use my phone as a remote? If it's docked into the TV. So I think that's why this hasn't happened is it requires you to surrender your phone to the television while you're actually using the television. Yeah, unfortunately, too many times we, like Tinevec has been mentioning about dropping Ethernet for Wi-Fi. We give up good technology for more convenient technology all the time. Yeah. Well, that is it for this episode of The Daily Tech News Show. Thank you, Darren Kitchen, HAK5.org, the place to go to find out more about what you're up to other than hearing him tell you right now. Hey, Darren, what are you up to? We are doing a little bit of brute force attacks and we're using some interesting radio stuff. So go and check it out if you're into hacking radios. We walk you through the whole process. It's pretty cool. A little bit of Python, a little bit of hacking. Nice. Len Peralta is here illustrating the show and once again, movie poster style. Len, you're knocking me out here. This is great. Thank you. Hopefully you can hear me okay. You guys are a little bit crazy sounding on my end. So hopefully you sound okay to me. Okay. The, yeah, it was said in the chat room before we even started that intercept drone squad sounded like an anime. And so that's kind of what I did here. You know, originally I thought it was just Sunday nights on ABN, which is a throwback to our- Nice little 10 state reference there, yeah. But here is the drone squad, protectors of the prime minister. When drones get too close, they're on the case. They're complete with a little Japanese font in the back there that I threw in, which actually says drone, if you speak Japanese. Nice. Wow. And so yeah, the drone squad. Darren's got his finger on the button. He's ready to fight. Oh, uh-oh. I've got some sort of stick or something that's ready to hit people or something. I don't really know what's going on. I want to mention that this print, this image was literally, I'm usually pretty good about my time. This was done exactly as you were finishing, just because I was running a little bit behind and I couldn't get my button gear. But I think it turned out pretty cool. And you can check it out over at lendproaltestore.com. And can I mention one other thing? I guess, Len, only because I know everything you do is freaking awesome. Oh, thank you. No, I just want to mention, we are two weeks away from, of course, Christmas. And there is still time to order custom Christmas card, custom holiday card, I should say. Drawn by me, thank you so much for everybody who's ordered so far. This has been the best year so far. And I want to try to create a new quota for me to beat for next year. So just go over to lendproaltestore.com. It's right on the front page. And get a custom holiday card drawn by me to send out to all your friends. So here's what you do, folks, all right? You want to make your loved one who's involved in the Daily Tech News Show happy. You go and you buy them a poster at lendproaltestore.com. You get a card made so that you can fill it out and express your love for this person. You buy them a copy of the internet as like a snowblower and 200 other things I got wrong about tech this year from our Saturday blogger, Mike Range on Amazon. And then you get him a DTNS mug at DailyTechNewsShow.com slash store. I love it. That is a great plan. It's a perfect holiday. Absolutely great plan. And I think every one of your listeners should do it. Thank you everybody who supports the show. DailyTechNewsShow.com slash support is the place to go to do it. Our email address is feedback at DailyTechNewsShow.com. You can give us a call 51259 daily. That's 5125932459. Catch the show live Monday through Friday, 4.30 p.m. Eastern at alphageekradio.com and diamondclub.tv. Visit our website, DailyTechNewsShow.com. Back Monday with Veronica Belmont and special guest Peter Newell. Talk to you then. The show is part of the Frog Pants Network. Get more at frogpants.com. Diamond Club, hope you have enjoyed this brover. That is some crazy good art. It's so good, Len. Love it. Oh, thank you. Hey, I'm gonna log off for a second. I'm just sounding like they were buying it as you guys were talking. You guys are sounding a little bit froggy to me, so. Okay. I'm gonna drop out and then drop to come back. See you in a minute. Shibit. Like pants wearing, frog. Shibit. Shibit. Shibit. Shibit. I'll huff. All right, wait. All right, I'll get a title and then I have a question. Okay. Yeah, yeah. What do we got for titles? I'll huff and I'll huff and I'll hack your shaw one search. Much better. Wow. Down. Shaw Nanagan. Ah. Ah. I kind of like that. Pretty good. Begun the drone war and stuff. That's cute. No more begun the what's have. That's just, you could submit them, but I'm just not gonna ever use that. We've used that too much. Don't mean to be a downer. Drone on drone violence. Hoverboards don't fly. I swear as God is my witness, I thought hoverboards could fly. I think Shaw Nanagans. Shaw Nanagans, I think so. Okay, which is great because that leads me to my next one. TRS Haiti. Darren, this question is pretty cute. Come on, I'm lovin' on the TRS. I'll just sit here. Darren, Darren Kitchen, focus in because I have a question. Hit me. I don't know what a shot certificate is and so you guys had this whole great discussion and I was sitting there not knowing what the hell you were talking about. Okay. But someone just simply explained it to me in a sentence so that I may now go back and place that whole conversation in perspective. I'm trying to find an analogy to certificate signing that doesn't include box. It's essentially the encryption on the certificate that proves that a website is who it says it is. It's what causes the little lock to happen. Okay, I get you. Wait, one person at a time because I would really like to understand. So first Tom and then Darren. So it is the, so if I may regurgitate what Tom said correctly, it is the encryption on the certificate. It creates the action that creates that little lock when you get an HTTPS site. No, that is not right but I'm giving you the like broadest brush to understand. It is the encryption that causes the certificate to be trusted so that you know you're visiting the right site and Darren can answer your questions about how that works. So, yeah, I just think there's an overview. If you, here's, I'm trying to give you the other direction understanding which is when I go to a website, I want to make sure that's really the website and the way they do that is there's a certificate and there's encryption on the certificate to make sure it's not spoofed and SHA-1 is the kind of encryption. Okay, that's awesome. Thank you, Darren, anything to add? I'm in 16th century London and I'm sending you a letter and you're assuming it's from me but the only way that you know to tell is because of the wax seal on it is embossed with my magic decoder ring that I wear which is very intricate and only I would have such an intricate ring but it turns out the intricate rings we were using before were kind of flimsy and you know like anybody could kind of like make one that looked close enough and there should only ever be one unique ring for everyone except there's these things called collisions where like you can make another one that looks almost identical or it is in some ways. So, we're made the rings way more intricate so that the possibility of two rings being identical are like snowflakes. Okay, and so the SHA-2 is the attempt to make it really as close to possible really intricate seals on the letters so that it doesn't do anything but prove that it came from me. Right. Yes. That makes total sense. It's a separate thing but you see it and you're like oh, that's Darren's seal. Yeah. And there's a bunch of people in Nigeria who say we can't afford these new rings and then the post office is saying well then you can't get the letters. Yeah. All right, well that sounds very fair. And it's not just Nigeria, I just picked Nigeria. Yeah. That's pretty good. And then there's some other people in Nigeria who are trying to craft rings that look identical to my SHA-1 ring which is why we're in this whole ordeal. This is a really good metaphor. I like that. That's what I was missing as your designated Daily Tech News Show normal. That's what escaped me in your very erudite discussion of SHA-1 and SHA-2 certificates. I think I'm gonna blame the latest Assassin's Creed for the reference, although that was in 16th century London, was it? Well, at some point it was, right? Yeah. In all those Assassin's Creed games. And SHA stands for what? Oh, that's a good one. Secure hashing algorithm. Wow, are you kidding me? That, okay, wow, it's a secure hash algorithm. And so the other algorithms that we've used in the past include MD5, SHA-1, all of which have found collisions where you can duplicate in a unique snowflake. SHA-2 and SHA-3 are all unique so far. Okay. You put, it's a one way thing where you put, hang on, how do I describe this? I take something big and complex and I run it through this algorithm and I get something unique. And so that unique thing proves what the original thing was. If I'm able to then take something different and get the same resulting code out of it, not really unique. Then we've got two giant unique things that have the same code and that's no good. Right. And that would be considered a collision. So like. Now, do those happen by accident or do you really have to work at it? What did we say, $700,000 worth of hacking? That's the estimate right now and that by 2020 it'll come down to 43,000. So a motivated organized crime or a state actor could conceivably make it happen. There's also the difference between this is how much computer power it would cost to do it and actually pulling it off. It's not like you just write a check and it's like done, we've broken the encryption. Like you still have to have the skills too. Okay, but the people who would likely be able to purchase the skills or acquire the skills and have the motivation to carry it through are probably not the people you want to be able to do it. Right, but essentially given enough time this will be something that you can crack like a WPA key with a powerful graphics card. The more important point is that the costs are coming down and what you want to prevent is people doing it. Right now it's cost prohibitive to do it and it's questionable if even the people who have $700,000 would consider it money well spent right now, it all depends. You only have to buy a $70,000 computer once though. What you're trying to prevent is us still using SHA-1 at the point where the cost has come down that lots of people can give it a shot for whatever reason comes into their head. Okay, that makes so much sense. Thank you, I really appreciate it. Yeah, that's the thing with all of this encryption stuff is it's all based on factoring prime numbers and so as computers get faster it gets easier to crack this stuff. So the stuff that was invented 30 years ago is trivial now. The stuff that was invented 20 years ago is becoming available today and the stuff we're inventing today hopefully will have like another 20-year lifespan but this is the thing is ultimately the new hotness today, SHA-2, will eventually be broken and then at that point we'll have the same problem again and then somebody's gonna say, well let's have an intermediate solution where we still serve up SHA-2 for those people but everybody else we give them a SHA-3, you know? Tindex asking about the Bitcoin ASIC and the fact that it processes SHA-256 at crazy rates but I think that's just processing the hashes, not actually breaking the hashes, right? Yeah and then well you could do a time memory trade-off attack but you'd need very, very big hard drives so that's not really feasible. And Tim Vick, I think Darren just answered that question that you just typed. I mean all of this stuff is theoretically possible with enough monkeys and typewriters. Well and that's what all of security is about which is what Darren and I were arguing about in that headline discussion which is- How secure is your website? Well it's about- It's not about whether something can be broken, can be broken and it's not about when it'll be broken. It's about when is the right time to worry about it. Until quantum computers, in which case screw it, it's all done. Well but they're only good for certain things like breaking encryption. Like breaking encryption. It's funny that the NSA has been spending, what was it, $73 million? All NASA. No, no, no, no, this is Stoden leak from last year. You can't spell NASA with that NSA, Darren. What? Ah! What? Oh my God. Did I say the magic word? You must have been watching Agents of S.H.I.E.L.D. I haven't been. Oh. I'm behind. Yeah I forget the name of the, oh, there we go. January 2014, article in the Washington Post, 79.7 million dollar research program titled Penetrating Hard Targets, which is, you know, this was a Edward Snowden leak about the NSA spending Bukubucks on developing a quantum computer because it would just like, you know, you would just feed it encryption and it would spit out keys, basically. They bought a new wave? I mean, the thing is about that, that one doesn't really impress me as a leak very much because NASA bought a D-Wave with Google and have been trying to do the same thing in public. So it's like, well, yeah, of course the NSA's doing it too. Is a D-Wave really, is a D-Wave $39 million? I don't know, it's pretty pricey. Probably not, though, you're right. Yeah, I was just gonna get one for the warehouse, but you know, I'm joking. Well, the problem with keys. Get really expensive computer, it's, you have to be very smart to figure out how to make it do anything useful. It's like a PDP-11, you're like, oh, cool, I flipped switches and I got lights to blink. How work? Now, break encryption, why isn't it doing it? Yeah, it's a one or zero, it's both. Wait, damn it, just looked at it. Okay, this is good, now I get it. Next up on quantum entanglement for newbies. I'm actually more comfortable with the understanding of quantum states than I am with math, so go figure. I mean, I couldn't actually mathematically get you to understand a quantum state, but I like the physics of it. Yeah, as I said on a Threat Wire recently, like let's not ban math. Yeah, I have a brain that's terrible at math, but great at statistics, so go figure. What is this, Obi-Wan? Click on the link. Oh, Len's in Slack now. I think he figured out what Slack's actually for it. He really did, actually, it's just sharing silly things. This is why we have a general channel on the Hack 5 Slack. Okay, now we need to teach Len to use the general channel. Oh, sorry, I just put it wherever I put it. Oh my gosh, I love fake Star Wars toys. Obi-Wan. Dennis. R2-3PO, and he's got R2 colors and looks kinda like 3PO. Flygon Gin, the Anakin that's a little girl. I like, I love Dennis. Flygon Gin is the best, little girl. Little girl. And Dennis, I totally want Dennis, I want to own that. I want to do the photoshop. Please tell me there's just a photoshop. I don't think so, these are real. Alright, you gotta put this in the chat room, too. Alright, let's put that in the chat. Put that in the chat, too. Oh my gosh. There we go. It's so good. Oh my gosh. How are you? I keep feeling Mace. Mace. Oh, there's more, oh, there's more. What? What? What? The Impemper, Daft Serious. Upright Slug. Conan. I think he's photoshopped, I'm not gonna lie. I'm just, what? Peruano. Gloria Star-Lord. Oh my gosh. I really hope these are photoshopped. Let's see what they say. Daily Mail is pretty, they usually have good stuff. Full silk trader, Carl Baxter. I think I might wanna buy one of these if it's real. Oh, I want Dennis. I absolutely want Dennis. Yeah, these are probably worth more than the original. I know, right? Yeah, listen to that. George, oh wait, no, not you anymore. Who's still got the toy rights? Disney. Disney, right? I think it's the toy rights. So Lucas finally sold those rights, huh? Well, Lucasfilm owns the, or LucasArts or whatever. Lucasfilm Ltd owns the rights. And now Disney bought Lucas. This is real. This is real, he ordered like a discount batch of toys. And this is what came. That is so fantastic. Toby won. It's pretty good. The only thing better would be if it was Toblerone and he had like instead of a lightsaber, a giant Toblerone. A little breakable chocolate. Oh my gosh. Oh. Well, by this time next week, Tom, you would have seen this movie. And we will have to talk to him. I'll tell you whether Flygon Jinn makes an appearance. Flygon Jinn. These are the secrets, these are the big spoilers. These are the one droid you're looking for, R2-3PO. That's the big reveal is that Darth Maul comes back as Dennis. I am Dennis, son of Darth Maul. Upright. Those are an official toys. No, they are an official. I have a couple of Lego toys that say S-Force, which is a combination of Star Trek and Star Wars and little figurines. It's hilarious. What happens is a lot of the companies that make the toys, oftentimes are mold to get copied and then some like third manufacturer makes these toys and it's like, well, we don't own the license to the official property. So we'll make something very similar. They'll call it like Star Force instead of Star Wars. And then, you know, for the, it's exact, but you can tell by the molds that they've been copied because the actual figures themselves are showing blood in detail. I'm out of the post and we're out of- Oh, did we choose a- Don't watch toys. Yeah, Sean Annigan's. Yeah, Shannon always likes that one. I bet she does. But she's up to some Shannon, Nanagans sometimes. Snub's Nanagans. Snub's Nanagans. Well, thanks everybody. Yes, I'm going to go to- I'm going to go buy Dennis. I'm going to go get Dennis too.