 Coming up on DTNS Uber's transparency report, a smart robot for space people and why companies have so many security problems. This is the Daily Tech News for Friday, December 6, 2019, in Los Angeles. I'm Tom Merritt. And from Studio Redwood, I'm Sarah Lane. Drawing the top tech stories from Cleveland, Ohio, I'm Len Peralta. Hi, the show's producer, Roger Chang. And joining us today, very happy to have David Spark, producer of the CISO series at CISOseries.com, back on the show. I mean, if we're going to do that, let's just do it right here. Give him some real applause. How's it going, David? Thank you very much. It's great to be back on the show again. We've known each other for decades, Tom. I really... It's literally decades now. Yeah. Yes. That's amazing. It's a... We had that, what it was, a year or two years ago. There was a 20-year anniversary up here of ZDTV days. Yeah. Yeah. It's bizarre to me. We were just entertaining, David, with our ridiculous conversations on Good Day Internet about sandwiches and lemurs. You get that wider conversation by becoming a patron at patreon.com.dtns. Let's start with a few tech things you should know. Qualcomm announced the Snapdragon XR2 augmented reality platform with a dedicated AI engine and 5G capability. The XR2 supports 8K 360-degree video playback and can output to 3K by 3K per eye displays running at 90 frames per second. Its vision processor supports up to 7 tracking cameras. 5 OEMs are developing headsets on the platform already. Pokemon Go creator Neantik will work with Qualcomm to create reference hardware and software and cloud components for XR2-powered AR glasses with support for Neantik's real-world platform. And Qualcomm isn't done announcing things in Hawaii until they announced their two new Windows on-arm SOX systems on chips, Snapdragon 8C and 7C. The 8C succeeds the Snapdragon 850. Qualcomm says it'll have 30% better performance. And the 7C is meant for entry-level laptops. It does not have 5G support, although the 8C does. Qualcomm says the 7C will offer 25% better system performance and twice the battery life of competing X86-based platforms at the same price point. So a little shot across the ballot intel there. US Senator Bernie Sanders announced a plan to subsidize local publicly-owned broadband networks, reinstate open internet guidelines, and classify broadband internet service as a public utility. Sanders also wants to quote, unwind anti-competitive vertical conglomerates and stop internet service providers from also providing content. So Elizabeth Warren wants to break up Facebook, Google, and Amazon. Bernie Sanders wants to break up AT&T Comcast and Charter. Maybe they'll be on the same ticket. Just break everybody up. Who knows? A delegation of Swiss companies met in Mauritius to encourage collaboration on blockchain-based ventures there. Mauritius is an island nation in the Indian Ocean just to the east of Madagascar off the coast of Africa. The founder and CEO of Crypto Valley Venture Capital presented three seminars on creating a blockchain technology ecosystem in Mauritius. Crypto Valley Venture Capital is considering pursuing a blockchain hub for the African continent based on the island of Mauritius. All right, let's talk a little more about Samsung rumors. We got all these Apple rumors. Let's talk some Samsung rumors. Let's do it. Sources tell Bloomberg that Samsung's upcoming Galaxy S11 device will feature a 108 megapixel sensor that it announced back in August as one of four in its rear camera to come. The other cameras will include a 5x optical zoom lens and an ultra-wide angle, as well as a time-of-flight depth-sensing camera. The high-resolution sensor and telephoto camera will also reportedly be included on a Galaxy Fold clamshell device. Both devices are expected to be announced in February. Xiaomi is also using the 108 megapixel Samsung sensor in the Xiaomi CC Pro. And Sam Mobile says that the Galaxy S11 will also have a 5000 mAh battery. So a big one. I mean, we shouldn't have been surprised to hear that Samsung would use the big sensor that Samsung Imaging made. When they announced it in August, I assumed that was going to be going in. But people are going nuts about this story today for some reason. David, do you have any idea why people would get so excited? Not just about 108 megapixels, but also the size of the sensor. Excuse me. What was the previous megapixel size that we're at? What are we at currently? I don't even know. It's not even so much the number of megapixels as the size of the sensor. It's like one and a half inches large. So the thing that people are so excited about is this gets close to a mirrorless camera in a phone. Right. Well, we have, by the way, we've been shooting a lot of great video on phones anyways for quite some time. And I mean, yeah, a lot of people are seeing, honestly, with the video quality with phones so good, really, the only thing that fails is the quality sound and the quality lighting. I mean, there was actually this video going around about a snowball fight, the guy who did the John Wick movies. He made this really great video. It's an iPhone commercial, but he made a great video showing a snowball fight in John Wick style action. Really, these things shoot unbelievable video. The failings, I think in almost all any video coverage, I don't know about with still photo, but is with lighting and sound. And you're always going to need some kind of external microphone, and you're always going to have to set up good lighting and the phones are not going to be able to solve that on their own. Maybe, maybe not. I imagine we're going to see phones start to push that. There are certain things they can do with microphones to bring far fields stuff in. But more than that, sound processing and lighting processing done by AI may be something I agree with you that I don't think you'll ever quite reach what you do in real life, but they can start to get close. And this is one of the things like one of the sensors on this is about doing sort of, it does a flash thing to sense depth of field. So to create some kind of depth of field shot, which is what a mirrorless camera can do with the proper lens. You get a nice zoom in on your subject and you blur out the background, which creates separation and everyone loves that shot. Yeah. Well, Galaxy fans, you're getting an even better Galaxy phone, not with a huge battery to boot. I think that's the other thing that's people excited. Less exciting, but important is Uber releasing a report listing all of the sexual assaults, homicides and fatal accidents associated with its rides in the US in 2017 and 2018. This is Uber trying to be transparent of the 2.3 billion rides in that two year period. The company says there were 19 fatal physical assaults, 5,951 sexual assaults, 45% of which were committed by the rider, not the driver, and 58 fatal crashes. So all in all of the 2.3 billion rides, 0.0003% of rides ended in one of these three kinds of critical safety incident. The report is an effort to not only be transparent, but use the data to improve safety measures. And Uber announced it will start sharing the names of deactivated drivers with other ride hailing companies to make them aware of past incidents. And Uber's going to make sexual assault and misconduct training mandatory for all US drivers. Yeah. I think when I first read these stats, I was like, wow, I mean, physical assaults. But when you look at it in the sense of, okay, 2.3 billion rides over a two year period total for the company, it's such a small number that kind of mimics, unfortunately, what human behavior sort of looks like anyway. It certainly, riders should be safe, drivers should be safe. That hasn't always been the case. But I think that the company not only being transparent about this is definitely a good thing. And also saying, we're going to share this stuff with other companies and policies with other companies. So let me question that, but do you think that's a good thing? Because so Uber's coming out of like a massive amount of bad press, like a kind of an endless stream of bad press, if you will, which by the way, I just want to mention, I'm stunned like any business could survive the volume of bad press Uber got. So my question is, do you really think this is good? Because I don't know necessarily, because it's, it's kind of like you said initially, Sarah, kind of startling numbers and uncomfortable. Are people going to be happy about this information? I mean, I'm happy is the way I react about it. Yeah, I don't think anything about this is like, Oh, this is great news. But I think it's important news. And I think that if a driver is deactivated for something certainly involving a physical altercation, whatever that may be. Well, yeah, it is important for, you know, if that driver is just going to go to a competing company and get behind the wheel again, and there might be an ongoing problem. I mean, it's, it's information that I think it's, it's better being shared than not shared. And I do also think that the riders having a greater instance of assaulting the drivers is also really important because, you know, you get a lot of, a lot of people are taking Uber because they're drinking, you know, and they don't want to drive. And you don't necessarily assault anybody because you're drinking, but you kind of see that stuff late at night a little bit more. And drivers, particularly women, are really vulnerable in situations like that. So, you know, that's also a sobering statistic. I can't find an apples to apples comparison here, but the National Safety Council in the U.S. lists the 2017 rate of traffic fatalities at 1.47 per 10,000 motor vehicles. So I think that's the kind of thing you need to look at to make sense of this. They need to do a show comparison. Yeah, we also know how they compare to the taxi industry, for that matter. Certainly on the sexual assault, I would like to see a comparison to the taxi industry because you don't hear about sexual assaults in the taxi industry, but that doesn't mean they don't happen. Right. And no, and also, I mean, like you said at the beginning, Sarah, it's like, this is a good thing, and I'm kind of questioning. Is it really, I mean, to reveal this information? And I'm saying it more, especially given what, you know, again, the massive amount of bad press that Ubers come on. I personally have, I go with a competitor, a well-known competitor, mostly because my co-host used to work there too, as well. But the, I'm just stunned that, you know, they're still so vibrant in business given all their bad press. I'll be interested to know if this actually helps their street cred, or in some ways, sours it, or kind of a noise all the other companies. I don't know. I have no idea. Yeah, I'm trying to find a good number, but there are definitely, there are definitely a large number of sexual assaults. When I say large number, I mean in the thousands that I'm seeing referenced in stories, but I can't find a serious number on this. The Guardian UK said reports of sexual assaults by taxi drivers rose 20% in three years in December of last year. So, or actually December of 2017. So yeah, good to have these numbers, but it's important to find other numbers that you can compare them to for context. Well, on a completely different and happier note, in November, the crew interactive mobile companion, or CMON, have a lot of acronyms on the show this week, became the first autonomous free floating robot and smart assistant to operate on the International Space Station. CMON 2 was launched Thursday on the SpaceX resupply mission. It has new features, including using the IBM Watts Watson tone analyzer to detect emotions by crew, which would be tested as possible solution for group think, among other things. CMON can also look up information for astronauts conducting experiments and document activities with its video camera autonomously. CMON 2 will stay on the ISS for up to three years, and it's a collaboration between IBM Airbus and the German Aerospace Center. I'm going to call him Simon, because that's just easier. And I think this is really cool. Why would we know what the official pronunciation of this thing is? No, I don't. I don't know. I'm going to call him Simon is what I'm saying. But whatever you call him, this is interesting, especially that you have a voice assistant when astronauts are working on experiments in tight quarters that they have to get right in a high stress environment. Let's face it, you're orbiting above the earth, you've got to pay attention. There's not a lot of room for mistakes, even though we've been doing it for a long time. Having the manual at hand where you can just say, okay, what's the next step in this experiment? I think that's super handy. Absolutely. I want to see a seaman or a Simon seaman. Oh, that didn't sound right, did it? That's why I was trying to encourage us all to say Simon, but you know, you make your own choices. I wish we would have looked this up before the show. I'm embarrassed and I apologize on behalf of the entire show. Well, on that note, what's going on with rockets, Tom? It's project Simon. I just checked. I went to an interview. Rocket Lab completed mission running out of fingers, its 10th ever launch, which saw its two-stage electron rocket carry an artificial meteor spacecraft and six microsatellites into orbit. Rocket Lab also tested a new guidance system for orienting the booster for reentry, gathering data to further its plans to eventually reuse the booster. And unlike SpaceX or Blue Origin, which vertically land the booster, Rocket Lab plans to use helicopters to capture its rather small 17-meter first-stage booster during a controlled fall. It's just too small for them to reliably re-land it the way SpaceX does, so they're going to send helicopters after it and try to catch it. Reuse will help Electron reach its goal of one launch a week with 227 kilogram payloads. Yeah, go ahead, Sarah. I love the idea of a helicopter being like, get that guy. He's coming down, but not vertically. Let's catch him before he hits the ground. I don't know. These are always great visuals, but it's pretty amazing that we're starting to get to the point with these various missions by private companies where we're starting to think outside the box, like, okay, so you got to get something up in the air. You got to launch some microsatellite into orbit. There's all sorts of ways to do that, but they all need rockets, and then we got to get these rockets back down. And how do we do that? So, you know, good on Rocket Lab. Yeah, this is, I mean, David, what do you think? It's great to see more of these companies coming into the market and providing wouldn't this the original SpaceX plan was, you know, see if you can launch a rocket twice. And that was just such an anomaly at the time that could anyone actually do this? And now they're trying to normalize this behavior, which, you know, we have a history of this. And so, yeah, darn cool. I'm all for it. Yeah, it's good to see more of these kinds of companies. I think people hear about SpaceX all the time. They may hear about Blue Origin, but not realize that there are more of these kind of companies in the space creating this sort of stuff. What if the helicopter doesn't catch the booster? It probably won't be able to be reused. It seems like you kind of go like, well, that's cool. If it works. Yeah. Well, and that's why they're doing, that's why they do these things in small steps, right? They did try to catch this one. They used this to test the telemetry and find out what the data was so that they have a good chance of catching it the first time. But yes, SpaceX had a few fails on the re-landing of theirs before they finally started to get it right. But that's how you get it right. Spotify announced its 2019 statistics, including the fact that Post Malone was the most-streamed artist of the year, followed by Billie Eilish and Ariana Grande. But the surprising numbers actually came from Spotify podcasting. Spotify has more than 500,000 podcast titles in its catalog, and listeners to podcasts on Spotify have grown more than 50% over the year, along with a 39% rise in hours listened. Comedy, society and culture, true crime, news and health and fitness were the top categories. And the Joe Budden podcast with Rory and Maul, the top show. Yeah, this is interesting because I was skeptical that Spotify was going to be able to make this work. Being a music company, I didn't know that they would understand what a podcast listener would want. And you see companies do this all the time, but they're like, oh yeah, we'll get into this other business. And they don't do it well, because they don't really understand how it works. But I feel like Spotify, maybe because of all the acquisitions they've made, bringing in people who do understand podcasting, are really starting to do a really good job at creating a place where people find podcasting and want to listen to them. Do you know how many of your own listeners are Spotify consumers? No, I do, but I don't have the number off the top of my head. I think mine, it's about 10% for my podcast is Spotify. They come through that. But I would have guessed that it would have been close to zero when they first launched this, because they had a gated community, they didn't have all the podcasts in, it was a music app. Well, they originally didn't let podcasters have theirs. I remember back in the day, I submitted a podcast and Spotify didn't accept me. I just submitted it and went, okay, well, that was the end of that. But that was some time ago. It's obviously grown as a platform since then. And there are also exclusive podcasts on Spotify. And the company has made inroads in that sense and has really popular podcasts that don't live anywhere else. And I think that that's a big part of why it's seen good numbers. Yeah, it's a smaller percentage than that for us. It's probably around 3% for us. It looks like I'm just looking at the numbers now. But I think it's probably going to grow, honestly. I think Spotify has proven that they've done what they need to do to actually make this work. Hey, folks, excuse me. I wanted to say. Sorry, Len. Yeah, go ahead. Rob Walsh, who is one of the original podcasters, is behind, I believe, Spotify, or trying to get, at least on trying to get more... He's involved in Spotify's podcasting efforts, you mean? Yeah. Well, for... Is he not with Libsyn anymore? No, he was with Libsyn, but he's really pushing the Spotify thing. So just wanted to say that. Well, because Libsyn, I know that they incorporated the Spotify statistics into their overall stats when they were actually split out. Now they're one and the same. And this literally just has a like a week or two ago. Yep. Well, folks, if you want to get all the tech headlines each day in about five minutes, be sure to subscribe to DailyTechHeadlines.com. All right. So we hear all the time, David, about companies who have had a breach, had lost data, had an intruder steal their information or their secrets. And I know, I've seen it in the chat room over and over, people asking, why can't companies secure themselves better? You talk to CISOs, Chief Information Security Officers, all the time. In fact, you just had an hour-long conversation about this topic. Do you have any insights to help us understand what's going on there? Well, I can provide some information. I'm not going to say, you know, I'll have the solution, sadly. Could you please solve this for all of us, David? Thank you. Yes. So just the term that is used in the industry is just they call it the security basics or the security fundamentals. And it's like, you know, things like getting, you know, getting your patches down, having, you know, or having a patch management program specifically, getting firewalls set up, configuring your cloud instances correctly, that is a common, common problem. Reason, you know, someone like, you know, got access to the cloud. Well, it wasn't, quote, a break-in. It was just never configured properly in the first place. An AWS instance that was left unsecured. We hear about that all the time. Constantly. It's constant. And also, there are some that are just left open, they're just not used, forgotten about, and yet they're just holding data or you have a third party that isn't secured as well as you're secured. I mean, so there's sort of a, it's a sprawling issue. The problem is that often it's hard to do a lot of these things at scale. Like, for example, so often you'll hear a story of, you know, they were breached by a known vulnerability. That's a common, common term. Well, a company may have 3,000 known vulnerabilities that they need to patch. They can't do it. So what they do is they have a patch management program where they have to prioritize things and things could take, you know, 90 days, if not longer, to patch or sometimes never for that matter. But I will say this. This issue comes up all the time on our shows. And specifically, they talk about getting the basics down, getting your security basics down. And I'll tell you, one of the other basics down is communicating to the rest of the staff about the importance of security, about maintaining your own personal security and the company's security. And usually they sort of, and that's why like most companies have to go through security awareness training, which is much maligned and not appreciated. So now CSOS are trying to figure out more ways to make this more entertaining and engaging and people see the value of it. So it doesn't become more of a requirement rather than, oh, I see the value of it. So it's not something people try to avoid because it's tedious. You want people to understand that it's important thing to do. Well, for a lot of people currently is tedious. I mean, we did a show once and we asked the audience, because I do a lot of these live recordings, and we asked the audience how many people have gone through security awareness training. And like this audible groan through the whole room was heard. So it's pretty clear it's not an enjoyed. Because even if someone goes through the training, it doesn't mean that they pay attention and absorb it the way that it is intended, if they're bored. And also everyone's like, how the hell do I get out of this? I got more and things to do. Yes. So more it's about micro advice, like in tips. I know we had this, we had this woman from Facebook who does security for their new cryptocurrency that's coming out. And she, they do something during, well, during the security awareness of October, which is a security awareness month called Hacktober, where they have a whole slew of different games that they play with people and they give away exclusive Facebook swag to Facebook employees if they achieve certain goals. So gamifying turns out to be one of the more popular ways to create security awareness and get down to basics and deal with these problems. But yes, the volume of breaches is high. I would say my number one tip for everybody, start using a password manager if you are not already and employee two factor or multi factor authentication, wherever you can, those two things will help you dramatically. I think scale is really important going back to that point because when you sitting at home or me sitting here, hear about an unpatched vulnerability leading, it's perfectly natural to say, well, why didn't they patch it? I patched my stuff. I got my Android update this week and I press okay. It's not that simple for a company with thousands of employees with, as you said, thousands of vulnerabilities to patch to just say, oh, let me press okay, patch all my software. It doesn't work that way. No. And I will tell you that there are companies out there. One of the sponsors of our show, a company called Vulkan Cyber, that is trying to sort of deal with this patch management issue. And I will tell you also, another company that we have sponsored us, Exonies, it's also dealt with asset management, just knowing what the heck you've got in your environment. These really basic needs that companies have, like how do I know what I have? How do I patch management? These are kind of becoming the new darlings in the security industry because they've been sort of dazzled by who's got the latest AI and machine learning and blockchain empowered solution when the reality is I need to deal with some very basic fundamental issues before I look at what's glitzy. It's funny. The problems here are very similar to the problems that people have in general with social networks and moderation and toxicity and et cetera, is the problem is bigger than humans can manage because we have such an efficient way of doing one thing, but we don't have an efficient way of keeping up with it. So we have an efficient way of pushing information out on social networks, but we don't have an efficient way of moderating that. And same with vulnerabilities, we have an efficient way of installing and rolling out software, but we don't have such an efficient way of being able to keep it secure. Yeah, I mean, that is really it. Honestly, pre-cloud, post-cloud, that's kind of your dividing point of when things started exploded. And then as the usage of cloud just dramatically increases, it just becomes a more and more complicated issue for that matter. Yeah. So I mean, yes, as Bart Bouchat says on the security bits portion of the Silicast podcast, stay patched so you stay secure. That's very good advice for the individual and not impossible to accomplish. It's a harder challenge for large enterprises. Not trying to let them off the hook, but I'm saying it's not an equivalent situation. And also, even if all your patches are good, like the number one way people get into companies and they essentially violate a company is getting valid credentials. Right. So there's this other… Fishing somebody. Yeah. Yeah, yeah. You have thousands of employees. It's, again, it's a scale problem. It's harder to keep them, right? Yeah. And so the people who really need to be trained are the executives. The executives need to be trained as much as possible on the importance of this. They can go train the executives. Thanks, everybody who participates in our subreddit, train the executives, submit stories and vote on them at dailytechnewshow.reddit.com and also join in on the conversation in our Discord. It's a lot of fun. You can join by linking to a Patreon account at patreon.com. Hey, Sarah, what's in the mailbag? Oh, Tom, I'm glad you asked. So we had that story about a possibly wireless iPhone coming in 2021. We got several emails. Alex and Christopher both were of those emails saying, here's the problem with that. Carplay. Everything's got to change. You've got to plug in your phone for Carplay. This isn't going to work for me. Well, Marcus, who says he's from, it's beginning to look a lot like Christmas, Minnesota, had a few thoughts regarding the rumored port free iPhone in 2021. Marcus says it's clear that Apple's headed this way. I'll be on board if they include this one feature, a magnetic smart connector like on the iPads. To Patrick's point, Patrick Peugeot yesterday, this could enable a cable-like experience for those times who need to plug in via Carplay or do data transfer or charge via a wall outlet. You could just use a new cable with a magnetic smart connector on the end, and it could work much like the old MagSafe, where the newer iPad smart connector. Apple's expertise with magnets is on full display in the iPad Pro. This would be a logical next implementation, and it would be very Apple. Remove a major port, but try to replace it with something better. I would love if they would standardize this across iPhone, iMac, and Mac lineup, so they could bring back MagSafe, that iPhone iPad and Mac lineup rather, so they could bring back MagSafe while still removing the port from the phone. I love this email from Marcus because he didn't just notice a problem, but he went ahead and thought through like, well, here's how they might react, and then evaluated that part of it. Very, very forward thinking. Thanks, Marcus. Thanks to everybody who wrote in with their thoughts on this. You know, sometimes something sparks something. We got a lot of a lot of feedback on that particular idea, and again, we don't know if that's happening yet. But we do know that we're shouting out our patrons at our master and grandmaster levels, including Michael Akins, Chris Allen, and Degresha A. Daniels. Let's check in with Len Peralta, who has been illustrating today's show. Len, what do you have for us? Yeah, you know, I was pretty excited about this whole Spotify stats thing, and especially about the podcasting part of it, only because, you know, I've been podcasting and you and I have been podcasting for a real long time, so it's finally good that it's hitting the mainstream. But I feel like there's some people who maybe are wannabes, they want to be doing a podcast, and so this is kind of what that's about. This is called wannabe, and the stat here is that some people, when this particular person who looks a little bit like me, spent $55,278 minutes thinking about finally starting a popular podcast this year. You had no original ideas, but did manage to think about Ariana Grande's video focus 2,630 times, while waiting to order your 83rd roast beef sandwich from R&B. So it's an infographic. It is. It's a little stat that maybe you may have missed if you weren't paying close attention to all the stats from Spotify. So yeah, so this is available right now on my online store. Also, if you're a Patreon backer, you can get it right now at patreon.com forward slash Len. And I just want to remind people with the holidays coming up. I have pretty much an open queue for my custom drawn Christmas cards, holiday cards. Oh, wow. So go over there and order right now. This is the best time to do it. If you don't have an idea for a Christmas card, take advantage of that open slot while it's still there. Yes, please do. Thank you, Len. And also thanks to David Spark for being with us today. David, how do people keep up with your work, your podcast, and everything that you do? Just go to CISOseries.com. Again, CISO stands for Chief Information Security Officer. And we have two podcasts. And if you're in the cybersecurity field or you want to learn more about it, or specifically if you sell it in the cybersecurity field, we have one show called the CISO Security Vendor Relationship Podcast. And that talks about that. And then we also have another show called Defense in Depth, which we pick one hot topic and we go into depth. And my co-host, Mike Johnson, who's now the CISO of Fastly, formerly the CISO of Lyft, and my other co-host, who's Alan Alford, the former CISO of MyTelNOW Delivery CISO at NTT. They are my co-host and they are the wisdom. I just keep the balls up in the air. So give the shows a listen. They're a lot of fun. Excellent. Go do that, folks. Check them out, CISOseries.com. And don't forget, we have new patron reward merchandise to celebrate six years of DTNS. Len created us a six-year anniversary DTNS logo. I just shared it in the Discord today. And if you back certain levels at Patreon.com slash DTNS for three months, you'll get either a sticker, a poster, a mug, or a t-shirt with that logo on it. Depends on what level you back, what you get. You can find out all the details at Patreon.com slash DTNS slash merch. Our email address is feedback at DailyTechNewShow.com. We are also live Monday through Friday, 4 30 p.m. Eastern 2130 UTC. And you can find out more at DailyTechNewShow.com slash live. See you Monday. This show is part of the Frog Pants Network. Get more at frogpants.com.