 structures including 2,907 homes in the city of Santa Rosa and 86 commercial units and the estimated 1.18 billion in damage. The total exceeds 3 billion in total county-wide losses. So we're running a little late. It looks like Sarah's having some technical difficulties. She keeps rebooting. I know that lifestyle. Yeah, that life. Waiting to see one more thing before we get started without her. We are going to be talking about the Wi-Fi vulnerability, the crack. We're all going to die. Thankfully, we're not all going to die. No, well, we are going to die. We are all going to die. I'm sorry. Not today. Not today. Maybe, hopefully. Well, probably. I have a high degree of confidence that we're all not going to die today. Yes. That's the good news. So we got that going for us. Oh, God, now if I die today, you guys are going to be really sad. We would be really sad even if you died tomorrow. Yeah, I was going to say that. Extra creepy horror movie, like sad. Like, oh my God, we predicted this and she said it. Like, that would be bad. That would make it worse. Would it? I think so. I think it would make it cooler. It depends. It depends. It could just reinforce my belief in the certain inevitabilities of life. Like death. Death in taxes. I don't remember that being a real shocker for you, buddy. Yeah, I wouldn't be shocked. No one ever said, oh, Roger Chang, the optimist. I'm not an optimist, but I'm not a scenario optimist. His disposition is too sunny. Yeah. If I ever come out way too happy, you know, something got screwed up. Someone I'll know that that your lady has started spiking your drinks with something. My sparkling water. She's like, here, honey, your sparkling water for your sparkling personality. Oh, we have the exact same personality. That's where we're married. I know you guys crack me up. It's my favorite thing about you guys. I love it. I love it. I love it. All right. So Sarah's going to join us when she can, but we're going to go ahead and get started. Y'all ready? Y'all ready for this? Hey, where did my windows go? Where did your windows go? Monkeys, one moment, one moment there. Thank you. Sorry. All right. Now are you ready? How do you want to split up the, um, the headliners? Uh, I'll just read the Sarah ones till she shows up. Okay. You can read the last Sarah one if she's not here by then. Okay. Does that work? That's fine by me. Here we go. No outside organizations have influenced the creation of this daily tech news show. This show is influenced and supported by people like me. To learn more, visit daily technewshow.com slash support. This is the Daily Tech News for Monday, October 16th, 2017. I'm Tom Merritt. Sarah Lane, uh, will be joining us shortly. We hope she's having a few technical difficulties, but we also have Veronica Belmont. That's you. Was I supposed to introduce myself? I'm sorry, I didn't, I didn't pick up on that. And also like Patrick made a sound and so the camera went to him and I was like, Oh, Patrick's okay. Okay. Well, anyway, I'm here. Happy Monday. And Patrick Norton is with us as well. Patrick is also here. How's it going, Patrick? Can I speak? Is it safe? Safe to speak. It's a safe space now for you to speak. All I did was click on my mouse, Veronica. I'm just saying. I didn't, I'm not the Google Hangouts. I don't control these things. It's just, it's just very confusing for me. It's not you, it's me. Apologies for that. Our Roger Chang is here as well. Roger, are you okay? I am fine. Good to know. Let's start with a few tech things you should know. Now, vulnerability in the Wi-Fi protocol has been revealed by Belgian researchers. All operating systems are vulnerable, though many of them have already been patched, not all of them. Users should make sure to use HTTPS and VPN when on Wi-Fi and patch systems as those patches become available. That's the bottom line. We're going to talk about that in depth a little bit later on. The U.S. District Court for the Eastern District of Texas has denied all Apple's motions, leaving stand a decision that it owes Vernet $439.7 million in total judgments. This is in a patent dispute over secure communications and FaceTime. However, all of the patents in the case have been invalidated by the U.S. Patent and Trade Office. Vernet has not exhausted its appeals at the USPTO, so the court case can continue, and Apple will have to pay Vernet. It's all a mess. So they'll still have to pay them even though I'm confused. This is why I'm not a lawyer. HTC is sending out invites to an event November 2nd in Taipei. Best guesses is the HTC U11 Plus smartphone will be announced, but who knows? Who knows? I mean, it's going to be the smartphone, but we don't really know. Huawei announced the Mate 10 and Mate 10 Pro phones with a dedicated neural network processing unit, or what they're calling an NPU, dedicated for the AI function. So the NPU can anticipate what apps you use and kind of pre-launch them so that they launch a little faster. It can reduce strain on the CPU, speeding up the CPU when it's needed, and it can help in apps like photos, like an automatically filter based on the photo that you're taking. It works with third-party apps like Microsoft Translator, phone runs Android Oreo with a 4,000 mAh battery, Kirin 970 CPU and 12-core Mali G72 GPU. The 5.9-inch LCD Mate 10 cost you 699 euros. That's coming to 15 countries, more than 15 countries in October. And then the slightly larger 6-inch AMOLED Mate 10 Pro is almost bezel-less, so it looks a lot bigger, has no physical home button and moves the fingerprint sensor to the back. That costs 799 euros coming in November. Folks, are we tired of phones or these impressive? For me, having integrated AI, actually deciding things like what your favorite apps are, I mean this is kind of like the next level stuff that we haven't really seen yet from from companies like Apple, for example. I'm really curious to know how it decides which when I want to use my apps. It's a little creepy, huh? How much do their partners, like part of me was like neural networking. Well, Google paid as this much to push their translation, or this company paid as that much to put their translation. I think it's both less impressive and less nefarious than this. It just kind of preps the apps, and then when you launch them, that helps them run a little more efficient and a little faster. Is AI at this point just getting stretched to cover everything? Because every there's news stories where it's like, our artificial intelligence, I'm like, no, your algorithm. You have a decision matrix that decides, this is not super cool next generation. Scotty, beam me up. I'm talking to my computer, and it's going to do things from the it's sorry, I get a little frustrated. No, it's you're 100%, right? I mean, it's just it's the buzzword of the moment right now. And so everybody's figuring out ways that they can kind of shift their wording, their descriptions of their products to make it fit into the artificial intelligence like bucket. We could say, you know, it's not really a neural network. It's artificial intelligence in your rice cooker that makes the rice cook properly. I have my rice cooker does have fuzzy logic. I have a fuzzy logic rice cooker. Okay. What is fuzzy logic AI? I don't even know what it means, Patrick. I don't even know what it means. It's fuzzy. I'm a little fuzzy on it. That said, though, all the reviews on the Huawei say that the AI is pretty impressive, and it's nice that they're not just throwing it against a virtual assistant that will anger you because it can't do what you would expect it to do. It's pushing it into the apps. So the camera tests that people have done, they're like, actually, I could tell, like, when I pointed it at one thing, it looks good. And then it adjusted when I pointed at another thing. So, you know what we should do? We should do a whole episode on why Apple has fallen so far behind on on their device artificial intelligence assistant software. I think that'd be an interesting topic. Did you do that already? You did, didn't you? No, but I would, I think there's more to it than just why Apple is falling behind. It's, it's, you know, where are they? How good are they? Because I don't think any of them are as good as they promised to be. Yeah, as they promised. They promise a lot. Yeah. Oh boy, do they promise a lot. Why don't they? IBM is promising to make bank transfers not last three days anymore. Anybody who's done that bank transfer knows you get like the three to five business day way. IBM set up a blockchain payment system to transfer money between banks across 12 currency quarters in Australia, New Zealand, and other South Pacific nations. System will make transfers happen almost real time. A cryptocurrency called Lumens from a company called Stellar will be used to facilitate the cross-border payments, although banks may eventually replace that with their own cryptocurrency. This is just to get it up and running. But if I understand this right, what they have to do now, especially when they go across borders, is take the money, convert it on their end, then send it over, then convert it again. And that's part of the reason, not the only reason, but that's part of the reason it takes so long. Well, this will be, yeah, that would be a very nice change, I think. The US buzzword for Patrick to get mad at though. I wasn't even going there, man. All right. Fair enough. I wanted to make sure you didn't feel you had lost the opportunity. No, no, no. I was going to get mad at the banks because the banks will still figure out a reason to sit on your stuff for three days. Yeah, they'll find it. But now it'll be entirely under their control and they can profit under it. Thank goodness for that. Look, you snarked for me. This is great. The US Supreme Court will hear an appeal by the US Department of Justice over a decision that prevents prosecutors from obtaining emails stored on a Microsoft server in Ireland without getting an Irish court order. New York based Second US Courts of Appeal ruled the emails on an Irish server of a customer in Ireland were beyond the reach of US domestic search warrants. Yeah, this is a big case. And when they won in New York, a lot of people thought maybe that would be over because if the US Supreme Court had said, we're not going to review it, that decision would have stood. But if you've kind of forgotten what it's about, it's a customer who says they're Irish with emails on an Irish server. The US Department of Justice wants it in relation to a case. Microsoft said, great, go to Ireland, get a warrant. The Department of Justice says, we don't need to go to Ireland. We got a warrant here in the US. You're a US company, give us the emails. And so the dispute is whether a US warrant can be used to make a US company pull data off a foreign server. Yeah, I guess if it's not collowed somewhere in the US, I mean, could that be a possible loophole in that kind of thing? Like if they have data centers that are sharing information? I mean, because this is on a server in Ireland, I assume that that's all that matters in this case. But it's an interesting question. And it's one of the reasons this kind of case is so important because it sets a precedent that can lead to other decisions saying, well, if that's all true right there, then why isn't this other situation also true? And the best part is our current Department of Justice is certainly laser focused on individual rights and preserving privacy for all citizens that we may be securing our business transactions and personal needs. Oh, I feel that in my soul. I feel that truly do. And as much as I might snark about the DOJ, we also here in the state of California have a senator that's convinced that all encryption needs a backdoor for the children to keep the children safe. And let's be clear. This is not, this is somebody who has a legal warrant within the United States. If this was on a server, there'd be no controversy. Microsoft say, oh, yeah, you've got a judge to sign up. That's fine in the United States. This is the problem is the US Department of Justice saying, we don't care if it's in another country, you're American, you have to give us what we want. And Microsoft saying, hold on, we're American, but we're also Irish. And if you're in Ireland, you don't fall under US law, you fall under Irish law and your rights should be projected there. And of course, the Department of Justice doesn't want to have to go to various countries and navigate those various legal ways to every time they need information stored on a foreign server. And keep in mind that the customer says they're Irish too. If this was an American customer and it happened to be stored there, that would be a different angle. Where is the ambiguity about whether or not the customer is Irish or not? Because this all feels like he says he's Irish. Well, it's because it's because it's a legal case. Okay. And we haven't gone to the due diligence to track the person down and prove they're Irish. So you have to say that it's responsible to say, look, the person says they're Irish as far as we know they are. Because the Department of Justice say, sure, they say they're Irish, but they're not. And then that becomes a whole separate issue. It just seems like a confusing thing for these new sources and also the US Department of Justice to have. Accurate. Confusion over. This is the kind of BS that is ruining the world right now is when we just, oh, well, because he says he's Irish, I guess that means he isn't. No, this is us accurately saying what we know. I'm believing him that he's Irish. If he says he's Irish, I'm just confused why the news and the US Department of Justice has confused over it. You should only accurately say what we know. It's time. A weakness in RSA Encryption Key Library, version 1.0 2.013 from Infineon has found to have existed since 2012 by researchers in the Czech Republic, UK and Italy. It's the same vulnerability that we referred to earlier on DTS from Estonia. Estonian officials announced there was a vulnerability related to some digital IDs made since 2014. This is it. Also affects Slovakian IDs. And it also affects the Trusted Platform Module or TPM and a lot of laptops. The exploit can factor the public key to discover the private key. That's not supposed to happen. That's the whole reason you fact... That's the whole point. So it's a weakness in this Encryption Key Library. For instance, a 2048-bit key would be factored in 17 days by using a 1,000-instance machine on Amazon Web Services for $40,300 and a 1024-bit key could be factored in 45 minutes for $76. Paper on the topic will be presented on November 2nd at the ACM Conference on Computer and Communication Security. RSA keys generated with open SSL, PGP or keys that don't use RSA like Elliptic Curve Cryptography are not affected. That's a big deal. It is. And especially because these RSA keys are used by people who need extra security, right? Researchers successfully trialed an implanted insulin pump and glucose monitor that relies on an algorithm running on a smartphone app to deliver appropriate amounts of insulin. The algorithm takes into account daily routines, including meals and sleep, simulating the functioning of the pancreas. A 12-week test saw significant, quote, improvements, including reduced levels of a key hemoglobin and less time spent in a hypoglycemic state. This is very cool. And you'll see it announced as an artificial pancreas, because it does the functions of the pancreas. But that's kind of normal for anything that is helping somebody who needs insulin. This would mean that you don't have to constantly be calibrating yourself. It would do it for you. And this study used people who are used to constantly calibrating themselves. So these are people who are pretty good at it. And they still saw this level of improvement. This is a really close friend of the family. We refer to it as a mock pancreas, but has an insulin pump and has had one for a very, very long time. And part of me sees her being really, really excited about this. And part of me sees her going like, is the app going to be maintained? Is Bluetooth going to fail? Do I need Bluetooth 5.0 for this? We've covered all these pacemaker vulnerabilities with Bluetooth. You don't want a Bluetooth vulnerability for your pancreas either. That's scary. Yeah, I don't know. But it's kind of like the grail for people who have to administer insulin is to have it done automatically. And it would be so awesome for her. So I'm excited. Hey, folks, if you want to get all the tech headlines each day in about five minutes, be sure to subscribe to Daily Tech Headlines at DailyTechHeadlines.com. That's look at our top stories. All right, let's get into crack, which stands for key re-installation attack. So it's a crack attack. This is a paper from Madi van Hoos and Frank Peasens of the Catholic Universitet Lüven or KU Lüven, apologies for the pronunciation, in Belgium. They released the paper today, but they point out that the paper was submitted back in May, May 19th, to be exact. And they have been in touch with vendors. So it wasn't like they sprung this on everybody today. Vendors have had a while to adapt to this, and many of them already have patched their equipment, and others are very close or if not already releasing patches today. It is a problem with the protocol of Wi-Fi, which means it's OS independent. It's not a problem with the operating system. So Windows, Android, Linux, OpenBSD, they are all vulnerable to a certain extent, depending on how they implemented the protocol. HTTPS and VPN are your defenses. If you just want to jump right to that, as long as those implementations don't have their own weaknesses, but remember those aren't silver bullets, right? Let's wind this back a little bit because we've kind of glossed it over. We haven't really gotten too far into what's happening. Yeah, tell me because I actually don't know any of this. Well, I was going to get to that, but I was going right to the mitigation for the people who are like, just tell me how to stop it. HTTPS, VPN, Ethernet, because then you're not on Wi-Fi or cellular data. Now, the US cert issued an advisory. The vulnerability will be formally presented on November 1st in a talk, but what is it? Patrick, explain. Explain. I was so close to getting to that toss. Well, it's funny because I originally saw this and it starts showing up on the Twitter feed. People are talking about it in Google Hangout and I'm like, oh my, delete expletive. Everything's broken and Wi-Fi will never be secure again, which is not true. Although, like you look at the titles and the first part of the news cycle was like WPA2 vulnerability. It was very apocalyptic and everything's delete expletive. I assume this is a family friendly podcast and I shouldn't curse like a sailor, but essentially in the handshaking process, what they call the four-way handshake in WPA2, they figured out that they can slip in a little bit of data. It's a man-in-the-middle attack, which basically means you have to be near somebody's, you or a device you have control of needs to be near their Wi-Fi. Essentially, when it's doing the handshake thing, you throw a little something of your own in there and that allows- Get it to reset the key. The third wave of the four-way handshake is one way of doing it. In fact, there are 10 CVE numbers, so 10 vulnerabilities here. Not all operating systems are vulnerable to all of them, but all operating systems that are unpatched are vulnerable to at least one of them. Windows and iOS are actually immune to the most severe of the several approaches. Android and Linux are the ones that have suffered the most of these vulnerabilities. Basically, they're reinstalling it all. They're reusing an old cryptographic key. Basically, it's like, for some reason, an old key works in this lock. Imagine if your lock changes, your key changes in the sense of a physical key. Imagine if every time you went to your door there was this negotiating process and a magic key appeared in your hand and you turned it in the door, but you could never use that key again. Well, it turns out you can use that key again in the case of Android 6.0 and above. You can basically, instead of getting the actual cryptographic key, just give it a whole bunch of zeros, which is a real nightmare. Which is the first key, right? Yes. It works over and over again. In theory, the WPAT protocol has a bunch of stuff in place to prevent it from failing, the four-way handshake from failing, even if packets get dropped. This is basically taking advantage of that and sneaking in their hack. The hack gives you access to part or all of the packets that are going between the device or the router. The device can be your laptop, your desktop, your phone, your Internet of Things devices, your console, your Apple TV, whatever it is. On one hand, that's really scary, but as Tom pointed out earlier, if you're running HTTPS everywhere and you should, EFF.org slash HTTPS dash everywhere, which basically forces your browser to use an encrypted connection to whatever server you're browsing. For example, I'm connected to wired right now and all of the packets between me and wired are encrypted, which is probably excessive or my favorite cartoon website. I can do an HTTPS connection to that, but it also means anybody who can crack into the wireless network will not have access to it. They cannot look at the packets or they can look at the packets. That's a really important point is all they can see is the data. This is not a remote hack. They need to be on your Wi-Fi network so that to be in range of it, and they're not stealing your Wi-Fi password even. All they're doing is seeing the traffic. If the traffic is encrypted, then all they'll see is the encryption. They won't be able to see what's in it. Yeah, so if you run a VPN between you and the remote VPN server, even if someone manages to use the crack to get into the wireless network and to get a look at your packets, all they're going to see is the encrypted packets between you and the endpoint of the VPN you're attached to. If you're running a VPN, now I can't run a VPN and use certain services. Like if there's a bunch of financial services, Craigslist, for example, hates VPNs. I don't know why. I don't care. I'll have a VPN going because I'm in a place where I need to be secure and it's like, oh, this really important service that belongs to a financial institution won't work because apparently they're afraid of VPNs. And oh, yes, Craigslist won't let me look for speakers. Even if you're in the US using a US VPN, we'll assume you're trying to trick it. But the point is, if you're encrypting the traffic or obfuscating it, they won't be able to see that. Now, that doesn't mean that HTTPS everywhere is all you need to worry about. HTTPS everywhere only works when the website is serving HTTPS if the website can be tricked into saying, oh, you don't want the secure version. Great. Here's the insecure version. Then that's a problem. If your VPN provider is not trustworthy or if your VPN endpoint has been hacked, then you're not secure either. But those are both true no matter what. What we're saying here is really most people don't need to worry about it, but they should take it seriously and patch it to prevent themselves from falling victim to it. So if you're at home, you probably won't be hacked. I'm not saying you guaranteed you won't, but most people aren't going to have someone drive up to their house and try to get into their Wi-Fi network. You should patch as soon as possible, but you shouldn't sweat and fret and worry about it. If you're in a coffee shop, an airport, hotel, you should already be using VPN and HTTPS everywhere. And you should absolutely especially use it extra now. And if you're at work, it depends on how big a target your company is. That's where the real worries come in. If you're at a company that's worried about industrial espionage, if you are at a three-letter agency, if you are a medical facility and for whatever reason, you think somebody might be trying to crack into you, that you may think that's far-fetched. If you're the HIPAA Compliance Officer from localhospital.org, this may be a much more serious thing for you. Large organizations and businesses that are prone to being hacked already, this is a nightmare. Not because it's particularly... It's not that it's that much worse than any other opportunity to crack into the network, but it's one more vector you have to defend against. And when you look at this, the great thing about this is once it's patched on the client side or on the router side, it's fixed. There's a really awesome cartoon from commitstrip.com, which I apologize I did not put into the rundown earlier. But they're like, oh, it's just a simple update from your router manufacturer. And then in the fourth panel, they're also sitting there in the plant, the tiny plant on the desk is now taken over the room and everybody's a dead skeleton. Because, oh yeah, what's the last time your router was patched? What's the last time your home router was patched when there was a previous vulnerability, say a year ago? So the nice thing is, Apple's basically said they've patched iOS, TVOS, WatchOS, MacOS, Betas. So that's getting ready to be rolled into a fact. Windows is patched. Microsoft, yeah. As of October 10th, Microsoft has patched Windows. This is a really good article. Mykotec, Maraki, Aruba, Fortinet, Ubiquiti, they are among the big enterprise level router makers who have patched this. I mean, particularly the ones that sell to government and classified organizations are already on this and they have patched it. Patrick said this, but it's worth repeating. If one side, either the router or the device has been patched, then those communications will not be vulnerable. Now, at least that is my understanding. That is my understanding also. That you probably should just patch everything to be sure. But if you've patched your device, if you're like guaranteed, I've got an iOS device, I've got a Windows device, I'm patched, then you can feel a little more confident even if that router you're connecting to isn't patched. It's no excuse not to take your normal security precautions. And I think that's the upshot here is normal security precautions are most of the things you can do to mitigate this. Yeah. And I mean, it's frustrating, right? Because this was reported as the end of the world. And, you know, it's also it just it just amplifies all these problems you already knew. Most home routers rarely, if ever, get updates even for critical security problems. So the newer ones will, the older ones won't. You know, most Internet of Things, which are essentially, you know, recycling the software, like the manufacturer makes sure it runs before they ship it to the companies that slap it in their own box and put their own label on it. And in most cases, those companies and all too often all they do is like slap their own, you know, graphics on top of the application running inside of the machine. There's not a lot of security on a lot of especially inexpensive Internet of Things devices and a lot of the expensive Internet of Things devices have never been particularly well audited or tested. So, you know, that's where you might be like, gosh, there's no update for this on my router. Maybe it's time to upgrade a router. And I'd be like, yes, it may be time to up this. This might be the excuse you need to upgrade the router that you probably don't need to upgrade otherwise. Using Ethernet will fix it. Here's a, you know, there's a Kevin Beaumont wrote a really nice kind of everybody take a breath article. It's called Regarding Crack Attacks WPA2 Flaw. You know, and he points out like, you know, it's patchable. Linux patches are out now. Windows has already been patched. You know, Apple basically says it's already been patched. He points out, quote, the attack realistically doesn't work against Windows or iOS devices. The group vulnerability is there, but it's not near enough to actually do anything of interest. You know, the, the place to pull off, even if you're in range. So this is a non-trivial this is all about estimating your own your own level of vulnerability and your risk versus your willingness to, to mitigate against it. If you're in a place where you have classified material that you know someone would like to get to, you need to unplug the Wi-Fi router until it's patched. And you need to patch all the devices and not use them on Wi-Fi until they are patched. On the other hand, you're an average person at home. You just need to make sure you get those patches as soon as they're out so that you don't accidentally run into some vulnerability down the road. That's actually one of the things Darren Kitchen pointed out when we were asking him about it earlier in the day. He said, modern devices will likely be updated. It's older devices that might never be. So this bug is going to be around for a long time. Or you're cheating up the issue that when vulnerabilities like this are found that impact nearly every device, the industry needs a better way to respond. Yeah. This was fascinating, gentlemen. I know I didn't have much to contribute, but I was listening very intensely. Well, how do you feel? Do you feel better or worse about this? Both, kind of. Now, I just feel like it's out there. As Patrick was saying earlier, we're never truly safe. I think that's just a society we live in now and the world that we're getting accustomed to is having this idea that, well, nothing is truly safe or secure and permanent. It's just about knowing how to best protect yourself and secure your data and understand how the information is being used and where it is out there in the world and doing the best to stay in front of it as much as possible. Tell you what, I have two thoughts before we leave. The first is, today is good news. This is the system working. The mitigations to defend yourself are all the things you should have been doing anyway. So if you've been following those good practices, you're okay. The other good news is that this is the good people finding something that was really difficult to find. The researcher who found this said he was actually goofing off when he should have been finishing another report and just staring at code when he started to realize, like, wait a minute, I think I could get around that. I could reset keys and that led to this entire paper. This is what you want. You want obsessive, talented people looking at this code and finding this stuff and telling vendors and manufacturers and then telling you before it's out in the wild. Also, my second point here is that I think tech thing should have a new segment called patch rick, where you talk about the importance. That's good. We bricked an arrow patching it recently to the latest stuff for a more upgrade. Ouch. Bricked it. Bricked it. Yeah, they did and all of them, all the other ones, successfully updated except for one which died and then killed everything in the house. You're not the only one that's, the rest of the network kept running, but I managed to brick one during an update too. Well, and real quickly, last point before we wind this up, that reminds me, Patrick, the last tech thing, you did a bit on those mesh networks and routers and such. Do those help because they put front and center the idea of like, hey, here's your app. Here's what's going on. You can check and see if you've got the latest firmware and if it's patched and everything. Well, I mean, the interesting thing about the mesh network is right now, it's because they are so expensive compared to sort of an entry level router. They are receiving a great deal of attention from the companies and that means I think that they have more resources to get updates. Where they will be two to three years from now is an entirely different question. But yeah, at this point, I'm actually kind of digging in some of those. The favorite thing for me is like, for example, we're talking about Robert Herron, my partner in AVXL. He maintains his mom's network which is on an Amplify HD router and he can basically pop up his phone and be like, okay, everything's running great. Oh, I can do this update. What's this weird thing attached to the network? Oh, it's the insulin pump or whatever it is. So in that sense, it's nice because you can do all that stuff remotely and you can check on that. So that may be more of an advantage if you're doing a lot of parent tech support. But at this point, all of them are so expensive, I think the companies are doing a very good job maintaining them. We'll know a lot more over the next like month as we see how long it takes or if companies roll out updates for these. Well, thanks to everybody who participates in our subreddit. You can submit stories and vote on them at dailytechnewshow.reddit.com and facebook.com slash groups slash daily tech news show. Thank you Veronica Belmont as well. Where can people find more of what you got going on? Well, we have the entire season of season one of IRL available for download now at irlpodcast.org and we are working on new content. We're wrapping up episode one of season two coming soon. I think we're going to have a mid-season episode as well. So in between the launch of season two, we'll have something new for you guys as well. And thank you Patrick Norton. You mentioned daviexcel.com with Robert Herron, of course techthing.com with Shannon Morse. But you're part of that whole hack five family over there. They got some big stuff coming up. Actually, this week, hack fives got a gear launch event. They've sold all the tickets for that but it's going to be live streamed for that. But if you go to hackfive.org slash rsvp or to me hackfive.org slash live the event will be live streamed with hack five releases quote three new devices at the quote hack five gear event. So if you're interested in pen testing tools and network security and you probably are if you listen to this podcast, keep an eye on hack five dot org slash live on Friday. To make sure I had my ducks in a row on the story and one of the things he mentioned is that they are both adding and patching the pineapple right now because the whole point of the pineapple is to pen test Wi-Fi networks. So they're like, well, we've got to be able to execute the crack hack on pineapple. So you can tell if a Wi-Fi network is vulnerable. If you're using it, you're relying on it. But he's like, but the pineapple is also vulnerable because it's a device with an operating system like every other device. Isn't that great? I don't know. The Wi-Fi Alliance had a great sort of press, you know, blog press release on this. We're like, we're very thankful that somebody found this and pointed it out and worked with all of our partners to help implement, you know, updates to this rather than just exploiting it in the wild or selling it to the NSA. That was cool. Hey, Daily Tech News Show continues to bring you shows like this one because you support us in doing so. Last month, you showed incredible support in allowing us to get to our next milestone. We had our first DTNS Labs episodes in the feed this weekend. But as happens, we have nine fewer patrons than we did at the beginning of this month. And mostly, people are saying it's because of financial difficulties. So if you haven't supported the show and you can afford a dollar a month and can pick them up, help us out. Get us to our goal. Our monthly goal is always to get just one more patron than last month. At the very least, go to patreon.com slash DTNS if you can help us do that. Our email address is feedback at dailytechnewshow.com. We're live Monday through Friday, 4.30 p.m. Eastern, 2030 UTC at alpha geek radio.com and diamondclub.tv. And our website is dailytechnewshow.com. Back tomorrow with Patrick Beja. Talk to you then. Roger, when Roger unmuted his microphone, everything went bananas. Hey, congratulations. Oh, Roger. Yeah, your USB audios or your audio glitch, your robot. Hey, congratulations, you guys, for 10 years of Sword and Laser. Oh, thank you. I was like, holy crap. That's amazing. We were kind of the same way, too. We kind of discovered it because of the listener. And we're like, is that for real? All right, how's that? Yeah, you're better. Well, I don't know what the deal is. I do kind of... Well, it's better. It sounds better now. Yeah, it's just a weird hangout issue. And I don't know why it keeps happening to you, because they're trying to put me out of the store. Are you... Is your Chrome up to date? Or are you on a different browser, maybe? Yeah, no, I updated everything. It's all up to date as the manufacturer or creator would like. The creator. All right, titles. Fuzzy Logic Rice Cooker. Patrick blows the whistle. It's only with Sunny with Roger. I'm a little fuzzy on the logic. Crack the electric hand buzzer of WPA2 Handshake. Patch everything. Use HTTPS already. Just say no to Crack. Crack is WPA... Defendant says he's Irish. DOJ disagrees. But he said he was Irish. Patrick Norton, the Statler and Waldorf of Tech. Those are the two old guys in the Muppet Show. Roger and I would be the Statler and Waldorf of Tech. Wireless Pathetic Authorization. Stellar Blockchain Launch with IBM. Have Warrant U Travel? Sue me, I'm Irish. Wear that t-shirt. I don't think Patrick's Day. Wi-Fi, no fun. Pairing that in a Dropkick Murphy's instead of, you know, Kiss Me and Delete Faced. WPA2, where are you? Hectronauts, Wi-Fi. Hectronauts. You probably won't be hacked. For God's sakes, calm down, people. You just really... What's funny is, you know, I limit myself on what headlines I look at and what people have read on Twitter, and I had not seen that much crazy reaction. Natasha Lomas had an excellent article at TechCrunch, and Verge had excellent articles as well. Dan Gooden's Ars Technica article was rock solid. Like, none of them were flying off the handle. They were all very responsible. But that's because I was looking at those three sources, not everywhere else. It was funny. I'm part of the reason I was so aware of this, because a couple security folks did really nice write-ups, or they were just like, you know, this is not... Because the titles, I can't remember the first title, it's basically like, WPA2 is broken, and you're in trouble, kind of like... What was that from, though? That's just... Because that's... Clickbait. No, I know why I did it. But I mean, I did not see that in the sources I normally follow. Hold on. Well, you're also probably... Well, I think this is one of the services that DTS provides, is that we read stuff so you don't have to. But another thing we can do is kind of help people to understand where they should be looking for trustworthy and reliable reporting. Wifi crack is whack. A lot of crack ones. Holy grail of insulin delivery. Insulin delivery. Cryptographic crack. Double secret four-way handshake. Yeah. You know, crack attack. Threatens all Wi-Fi networks. What to do? That's Tom's guide. Got Wi-Fi? You're prone to hacking. Tom's guide? Well, threatens all Wi-Fi networks. That's the edge. Crack. Wi-Fi's go-to security, WPA2 is fatally flawed, and will probably never be patched in many places. Okay, that's just wrong. Well, it's not wrong because a lot of inexpensive devices will never receive an upgrade. It will probably never be patched, implies that no one will ever patch it. And that's the part I take issue with. All right. Oh, so what do you like as a title? If any crack related? I'm going to let you guys pick the title because I am busy trying to clean up the end of this where the music got all crappy. Veronica, any preferences, Patrick? I like fuzzy logic race quicker. I just don't know if it really has much to do with the episode. Fuzzy logic and the crack attack? Fuzzy crack attack. It's kind of a hack. Crack attack. Because alliteration works so well for SEO. Nothing is safe. Crackpocalypse now. Oh, Crackpocalypse now. It's just a reused title from the late 80s. Yeah, I wasn't aware of that. WPA2 insecure. Is there anything ever too secure? WPA cracked again. I have to give up this conference room. All right. So you choose crack the electric hand buzzer of WPA2 handshake? I'll see you guys later. Bye, Pat. Bye, guys. Take care. I like that just because I think it's the longest. It's actually a longer title name than I would come up with. What do you think, Tom? Like I said, I'm not even paying attention to anything you're saying right now because I'm trying to edit this. All right, audience, you might get vote for it. Crack the electric hand buzzer of WPA2 handshake from JT0. What's the website for the titles? showbot.tvshowbot.tv showbot.tvshow.tv No, just showbot.tv as a .tv domain. And just say no, Crack has seven votes. That's a good one as well. Just say no to Crack. Just say no to Crack has eight votes. That wasn't me voting on it. Nine votes. Let's climb it up there. Ten votes. It's pulling away from Fuzzy. Oh, just say no to Crack has 11 votes. It's always sunny with Roger Chang. Seven fuzzy logic rice cooker, eight. Sounds like a horse race. No, don't blow the whistle. Oh, just say no to Crack 12. I was thinking just say no to Crack. Just say no to Crack. Sounds like that's the one that most people are going. That's the one I keep hearing you say most often. Just say no to Crack. Yeah, is that where we're going? We're one of the multitude of levels regardless of context. Good message no matter what you think it means. Yes. There you have it. If you're a concrete pourer, just say no to Crack. Fuzzy logic rice cooker, picking up speed. You know, those things, I don't know. I've used one before. I wasn't impressed. Spend 30 bucks on a good standard rice cooker, you'll be fine. But make sure to steam the seal pot. Okay, right? Yeah, K-R-A-C-K. Yes. There's not like an extra something in there. Consonant, vowel, so hot. Pat Rich. Oh, pat, patch, rake. Patrick. That is a good, that could be like a monthly thing. It could be like your character that comes out is like, you know, raises awareness for the importance of that. Yeah, but you have to wear like that. Blannon or Patrick. You'll have to wear like overall. Patsy leprechaun of joy. And then have a trowel. You definitely have to wear something with patches on it. Have a trowel so you can patch over things. Maybe a tweed jacket with leather patches. Ooh, a fake bubble pipe. That when you blow into the pipe bubbles come out at the other end. What's a real bubble pipe? Yeah, it's a fake tobacco pipe. Yeah, it's a fake bubble pipe. It's complicated. This is complicated. Oh, just saying how to crack is up to 16. Bloody laws of rice cooker, 11. Oh my goodness. What on earth? Sorry. Title just spontaneously started playing something. In your head. No, yes. A song I happen to like, but I was making it very complicated. Oh, 17 to 12. I say first one to 20. Oh, I already picked. I already picked just say no to crack. Oh, I'm already done. But that was an electoral college. You could still have the winner of the popular vote. I'm not going there. It's become a running bit on the titles. The show title is not a democracy. We take advisements from our panel. It's more like a corporate governance thing. We'll take it on advisement, but it's a referendum. It's not a binding vote. It's a postal vote. We'll see how you want to vote before you actually get to vote. Oh my goodness. It's a plebiscite. Is that what it's called when you? Is that? Yeah, a plebiscite where you canvass the population at large. Yeah. So how would you like to vote on this measure before you actually get to vote on the measure? What a waste. Plebiscite, the direct vote of all the members of an electorate on an important public question, such as a change in the Constitution. Oh, no, this is not a plebiscite. What's the one that they're doing in Australia for game marriage? They just call it a postal vote. But to non-bindings. I think referenda are usually non-binding, no? Except in California. That's true. The referendum votes here are binding. Because Brexit was non-binding. It was just a referendum. A referendum, a term used by any ballot measure to be voted on by the people can be an initiative or a referendum, a brand new law or constitutional amendment and voted on by the people in California. Initiatives can be proposed by the legislature or by the people through the direct initiative process. So a referendum can be binding or non-binding. It doesn't imply that in the name. Yeah, it depends on where you are and what you're voting for. Is there a name that implies the non-binding aspect in the word itself? A non-binding referendum. Without adding non-binding. Non-binding chats. Non-binding resolution. Non-binding blue. Wow, I'm finding it fascinating that the Google results in this are almost equally split between what you get past non-binding resolution. It all goes down to basically like 50% Puerto Rico, 50% Kurds, Venezuelans, and well, Kurds. One Venezuelan, the rest is all Kurds. It's Kurds and Puerto Ricans all the way down. And it sounds like Catalonia. Don't forget Catalonia. It just sounds like New York for some reason. Yes, I like this. Ken from Chicago says, I am the single member of our electoral college and I can be a faithless elector if I want. The following U.S. states allow legislatively referred state statues or referendums. I can ask you the word that means it's a vote, but we don't have to follow it. A non-binding referendum. A non-binding referendum, yeah, exactly. Well, it looks like Sarah's got her stuff finally figured out, which of course is always the way with technical issues. Well, it was a good show. Yeah, it would have been great to have Ron, but we did well. You guys did well. I just sort of hung out in the background lurking. You did a lot. I'm going to hold a non-binding referendum. Non-binding CHAPs. It'll be like a Depeche Mode cover band. Your own personal CHAPs. Hey, CHAPs. Okay, here we go. Referendum. The word you've entered isn't in the thesaurus. Thesauri. Apparently, I need a better thesauri. Thesaurus, this is. Thesaurus. Love that. Oops, it was on. So stop watching our silly thing if you're watching live and go check out twitch.tv slash Rock Pants because we're almost done anyway. In fact, thanks everybody for watching and hanging out with us. And we will talk to you tomorrow. Good bye. Bye, everybody.