 Hi, this is Allison Sheeran into the NoCillicast podcast, hosted at podfeed.com, a technology geek podcast with an ever-so-slight Apple bias. Today is Saturday, August 5th, 2023, and this is show number 952. What's that time of the year again where you have to pay attention to when the podcast comes out to figure out whether there's a live show that week or not? Since this is a show on Saturday, there will not be a Sunday show on August 6th. The next week will be off all week playing in the mountains with Lindsay and Nolan and our two adorable grandchildren, Forbes and Sienna. But we'll be back in time for me to host the live show along with Steve on Sunday, August 13th. It's going to be pretty much pre-recorded with some help from our friends. That means it's going to be a relatively short live show so be sure to get there early, and it also means that I get to goof around in the chat room like everybody else. I don't know if you realize this, but there's actually a newsletter called the Podfeat Press. It's very simple. It gives you all of the show notes links for each week's No Silicast. It comes out automatically right after I publish the show, which makes it a handy-dandy reference guide for the links to all of the blog posts. If you subscribe, you don't have to dig through the show notes in your Podcatcher of Choice on a tiny little iPhone screen to find the things we've talked about on the No Silicast. It's super easy to sign up. At podfeat.com, look in the upper banner on the upper right-hand side. You'll see a link to the Podfeat Press sign-up. If you follow that link, you can enter your email address and any first and last name you'd like, real or imaginary, and then choose whether you want an HTML or plain text email to be sent to your inbox every week when I publish the show. Now, if you're on the fence about whether to sign up, on that same page, you can preview previous campaigns. And that'll let you see if it looks useful to you. I didn't name them campaigns, by the way. That's what MailChimp, the automated service that creates these, sends them out for me, calls them. But here's the best part. At the bottom of every email from the Podfeat Press is a red, underlined link that says, unsubscribe from this list. If you decide it's not for you, you can unsubscribe and I promise it will actually stop the emails. Unlike the Marriott Bonvoy email list that I've unsubscribed from, I think it's 238 times so far and they keep spamming me, which is awesome. Now, you might be wondering why there's no newsletter for Chitchat Across the Pond. Well, those podcast episodes, both light and programming by Stealth, are really just one link, so it seems kind of unnecessary to send you an email that tells you an episode is up and pretty much nothing more. If you sign up for the Podfeat Press, though, each week's NoCillicast has a link to that week's Chitchat Across the Pond if there was one. Give the Podfeat Press a try and see if you like it. And if you don't, that's totally cool, too. Last week, I promised to tell you a little bit about the MaxDoc Conference and the Midwest Mac Barbecue. I promised it wouldn't be my summer vacation, but rather I'd try to give you a feel for the conference and maybe you'd consider going next year. In case you're not familiar with the conference, it's the brainchild of Mike Potter of the For Mac Eyes Only podcast. Barry Fulk is the host of the Midwest Mac Barbecue, along with his lovely and welcoming wife, Bobby Ann. The barbecue was close to Chicago proper, while MaxDoc is north about an hour in the little town of Woodstock, Illinois. This year was MaxDoc 7, but I think it's been 10 years since MaxDoc started. For the years before the pandemic, the conference took place at McHenry College, which is a beautiful theater that could house probably 300 people or maybe more. MaxDocs was never a big conference with maybe 150 or 200 or so people attending. But what MaxDoc has always had is a very high percentage of the attendees being friends of the PodFeed podcast. This year was the first year the conference was back with no restrictions since 2019. As the conference date approached, it was obvious to Mike Potter that we weren't going to have the numbers back up to pre-pandemic attendance. Rather than take a bath financially, he chose to move to a small theater called Stage Left, right in the town of Woodstock, Illinois. It's an adorable little town made famous as the site where the movie Groundhog Day was filmed with Bill Murray. The best way to describe Stage Left for the crowd we had is cozy. Mike had to cap the attendee list at 75 people because of the size of the venue. And that was kind of sad to me because there were people who wanted to come, but weren't able to because it filled up too quickly. While it was really swell to be able to walk to the local wine stock to hang out after the show, I'm hopeful that we'll grow back to our previous numbers so we can be in a larger venue. Now that I've set the stage, let's back up to the barbecue at Barry and Bobby Ann's house. This barbecue is open to all and any who want to attend, even folks who couldn't make it to Mac Stock. It was purely a social event, and for those of us who've attended in the past, we all said it felt like coming home again or being with family, but family you actually like. For those who hadn't ever been there before, like Joe from the Northwoods and Penelope, who flew over from England to attend, they both said that they found a warm and welcoming community of fellow Apple nerds. Dave Hamilton and Michael Applant even performed some live music for us. The conference itself was really good. Because of the size, it kept that tightly knit feeling of camaraderie. Mike likes to have a theme do his conference, and this year the theme was simply learn. Now, I'm not going to give you the full lowdown on all of the speakers and what they talked about, but just a tidbit or two that I got from each of these speakers. My arch nemesis, Chuck Joyner, entitled his talk, Learn and Live in the Future, or Get Stuck in the Past. The big takeaway I got from his talk is the idea of giving yourself a learning budget. Not just a budget for the money to learn, but for the time to learn. I think that's brilliant, and as much as it pains me to say anything he says is brilliant. Probably the big surprise speaker of the show was Rachel Schmitz. Her husband is Mike Schmitz, who's pretty well known in the Apple community and a fellow screencast online tutor. When Rachel got up to talk, she explained that she's actually not very technical, and that kind of set the stage for low expectations from us. She's the homeschooling mother of five, and she talked about how we might want to think about our consumption of information through our digital devices. She suggests that we might have information obesity. Think about that. That's a great phrase. You probably know what that feels like when you start kind of vibrating with too much mental stimulation. She suggested setting yourself some limits on consumption and turned to creating with your tools. She told us great stories about how her kids are doing exactly that. For example, one of her sons is actually her audio editor for the podcast she does. He learned how to use ferrite on the iPad, and he loves having that job to do. She was really, really compelling. She was probably one of my favorite speakers of the week. Dave Ginsburg gave us an overview of cloud services and how they fit into both our business and personal lives. One of my takeaways from his presentation was that Dropbox and iCloud are tied at 300 million users, with Google Drive and OneDrive pretty far behind. That kind of surprised me. Dave Hamilton is a big fan of network-attached storage, and he talked about how to supercharge your network with these tools. I took some notes on how to better use Synology Drive to access data on my Synology rather than always using the web interface, and I made a note to add another drive as a hotspare. I actually hadn't thought to do that. You may remember the fabulous Kershan Sia, who used to contribute a lot to the show. She walked us through shortcuts on iOS, not just teaching us how to make them, but she started with the foundations of why to use them and how to use them, and then worked our way up into actually creating some shortcuts. Wale Cherinsky took the stage next with the MacStock Film Fest Day 1, where he showcased videos created by attendees just for the show. Steve created a fabulous video he called Learn About Iceland, and it's filled with fun facts to know and tell, including such things as an Icelandic Santa named Sausage Swiper. There's a link in the show notes to Steve's video. It's fantastic. The final event of the day was great fun. Dave Hamilton hosted the Mac Geekab Caucus, on stage where all of the people had ever been on the show. Of course, there was John F. Braun, host and Marinus, along with new co-host, Pilot Pete, but also Adam Christensen of the Maccast, Jeff Gamet, and little ol' me. Dave called it the Caucus because he posed a series of topics to us, and we had to come to a consensus on whether we think the state of these things are better today or were better in the early days of Apple. For example, we talked about backups and automation and more. It was a lot of fun, and Dave has released the audio as Mac Geekab 993, so you can hear the brilliance of us all for yourself. After an evening of tomfoolery at dinner and back at the hotel lobby where Jill and I did push-ups for unknown reasons, we started Day 2 of Mac Stock with a brief talk by Bob Wood about why if you like Mac Stock, you might really like your local user groups. This was followed up by my talk, entitled The Power of Learning by Teaching. It was kind of funny, but just about every person on day one referred to my topic in their own talks. Even Chuck Joyner said it pained him to say something nice about my topic. It kind of stole my thunder a little bit, but it also emphasized how much people resonate with this idea of the power of learning by teaching. I know you're terribly sad you didn't get to see my talk, but I have good news for you. In a few minutes, I'm going to be playing the audio of that presentation that I did, and Steve also recorded the whole thing for you in video, and you can watch it at a link in the show notes. Brittany Smith's talk was entitled Save Your Brain, Work Smarter, Not Harder, and she explained some of the tools she uses to help in her consulting practice. She figured out that she has a string of workflows that she goes through with every new customer, and so she figured out how to automate these workflows. For example, she can automatically create a worksheet and outline for meeting notes and even calendar appointments all without doing anything manually. I especially enjoyed Jeff Gamet's talk, entitled Decoding the World of Hi-Rez Audio. He started by explaining just what the heck audio bitrate and sample rate mean and why we might care. I've studied this so many times, and it took his talk to really cement the concepts in my noggin. He moved us on from there to get into digital audio converters, also known as DAX. He told us why we might want one, depending on what Mac we have and what we want to listen to, and he even gave us a couple of recommendations we could buy. Our very own Joe from the Northwoods was up next. You know I'm a big old fangirl of hers, so don't take my word for it on how well she did. After the conference and Jill had already gone home, we were hanging out with Dave Hamilton, and out of the blue he leaned over to me and simply said, Jill crushed her presentation. I mean, hey, that's not me talking, that's Dave, so you could believe him. The title of her talk was Learn New Technology with Sticks. It's hard to explain the sticks in a brief explanation, but she artfully wove two totally disparate subjects into one set of lessons to learn. The two topics were how she gets people to learn the medical software that she supports and how she converted herself from Windows to the Mac. I know, those are totally disparate topics, right? What do they possibly have to do with each other? But it was fascinating and somehow she was able to blend the two subjects perfectly together with her lessons. Another well-known no-silicast way in our live chat room is Professor Marty Gensius, and he was the next speaker. He started his talk called Apple of My AI by saying that when he first thought of his topic, nobody was talking about AI. By the time he got to Mac stock, that was pretty much all anybody had been talking about lately. In any case, he had a very interesting lesson on how he uses AI. He explained how with repeated and well-constructed prompts, he's able to create a syllabus for a course, you know, kind of an outline of what needs to go into it. He was the example of, let's say you wanted to teach a course on Final Cut, and he showed how you could use his method to make sure you had a good outline of everything you need to teach and not forget and leave anything out. Mike Schmitz, more commonly known now as Rachel's husband, talked about PKM, or personal knowledge management. He explained how he uses tools like Obsidian to gather all of his knowledge that he really deems important. He made sure to clarify that every note you take and resource you find isn't necessarily knowledge you need to retain, and he talked about how he filters things down to what he wants to retain. Now, I really enjoy watching Mike present because he always does something interesting in the way he presents. At the first Mac stock where I met Mike, he did a live demo. Live demos are fraught with danger. I mean, Barbie dragons just barely begins to say it, not only because you have to be able to flawlessly execute the demo, which is hard enough, and you have to be able to explain it while you're executing the demo, but you're also really likely to have dodgy wifi, so how did he do a live demo? Turned out, wasn't a live demo at all. He had tricked us. He creates video screencast segments, and he puts each segment on a different slide. This allows him to just hit the space bar on the keynote and the video advances. It was genius, and I've occasionally stolen that technique from him. This year, the cool thing he did was that all of his graphics in his presentation were hand drawn by him. Now, remember how Rachel said we might benefit from learning something creative instead of consumption obesity? Mike's thing that he decided to do to become more creative was he wanted to learn to draw. His icons were playful and eye catching, and I love them. Now, the slide that stuck with me most was when he said that learning to do things takes practice and you will fail a very long time, very, very, very many times before you succeed, but his slide is what cemented it to me. It showed three hand drawn poop emoji followed by a hand drawn diamond. It was perfect. Well, while we finished out the conference by showing the second half of the inspiring videos from show attendees in MaxDoc Film Fest day two, we went out for tapas and wine at a lovely place called Wine Stock, then out to dinner together on an outdoor patio where we talked and laughed until they closed the place down. Well, technically, we stayed well past when they closed the place down. They said, we're turning off the lights on the patio, but you guys can just stay because we were swell and fun for them. The bottom line is that MaxDoc is one of my favorite events of the year and we missed it terribly over the past four years. Getting to see Barry Fulk and his lovely wife, Bobby Ann, Joe from the Northwoods, seeing John Ormsby, also known as NASA Nut in the live chat room, Marty, also known as Drunk Nignolty in the live chat room, Brett Kennedy, who used to come to the live chat show, but, you know, we have been missing him in there lately. We got to see Troy Schimpkes who finally made it for the first time and we got to see Tim Genevich again, also known as Dr. Tim in the live chat room. Tim, by the way, won t-shirts when he showed up at the Midwest Mac barbecue wearing a pod feet shirt. Finally, the wonderful Corky chauffeurs us all around town the entire weekend and that is always delightful. We got to hang out and see his amazing dogs. He's got these giant English mastiffs. It was just fabulous. Loved getting to see him again. Now, the one sad part was that Bruce, also known as use the data in the pod feet slack and very participative there and you've heard him on the show. He was supposed to be there, but unfortunately fell ill and that was a real bummer. We were really looking forward to meeting him in real life. Oh, wait, there's one more story I absolutely must tell. At Max Talks 7, I got to hang out with Reverend Barry Jinn. Would you believe he was my office mate back in 1989 when I was working for Hughes Aircraft Company? He somehow stumbled across the no-silicast online and figured there probably are two Allison Sheridan's out there. He made contact a few years ago and he decided to come to Max Talk this year to meet up with me after 34 years. How cool is that? I am 100% certain that there are people I forgot to mention who are listeners to the show and we're at Max Talk and I really apologize but my memory is only so good. So these are the people that I know participate a lot in the show and that's how come I'm able to remember their names. Anyway, I loved seeing absolutely everyone, old friends and new. If you count Steve and me, the no-silicastaways were more than 10%, probably close to 15% of the attendees, which is pretty much how high it usually is even when there's a bigger crowd. So if you wanna come to Max Talk and get to meet people who are loving the same show and loving all of the other shows of the podcasters who were there, I gotta tell you, Max Talk is the place to be. As long as Max Talk is still going on, Steve and I will keep going. I hope this has helped to encourage you a little bit to keep an eye out for the dates next year so that you can join us too. Now I just finished teasing you a little bit by telling you during that overview of Max Talk that you could go watch the video of my talk about the power of learning by teaching. The video is really cool because Steve did a great job editing in my slides that weren't actually visible by the camera. I am very proud of my slides. You see, my slides don't have words on them, they're mostly pictures. I'm a big believer in not making people read when they're watching a presentation. Anyway, I also thought it might be fun for you to get to hear the talk right now in the podcast. So I went back and I cut out the lovely introduction by Mike Potter. I cut out all of the long pauses when I tried to figure out how to transition to the next story. I cut out all of the ohms and ahs or at least most of them. I also cut out the Q and A section at the end. Would you believe after all that cutting that I cut it down from 43 minutes to only 24? That was a lot of ohms and ahs. Anyway, with that, here's my talk on the power of learning by teaching as presented at MacStock 7. What I wanted to talk about was to think about there's a lot of different ways you can learn to do things. A lot of people like to take classes and they like to have an instructor who stands up and spoon feeds them the information and that's a great way to learn but it isn't how I like to learn. People like to read online tutorials and I'm really glad people like to read online tutorials because I write online tutorials so I really want you to keep doing that. When Rachel was talking about stop consuming so much and produce, no, do not listen to her. I need consumers, I don't want you all producing just to go back and read and listen to what I'm doing here. A lot of people like to watch videos to learn and you could watch YouTube of course but you probably really wanna watch ScreenCast Online. Big disclaimer, I work for ScreenCast Online as well. So videos are a great way to learn but I actually don't learn that way either and there are some people out there. Anybody out here read manuals? Yeah, I've heard about that but it's just not my way, it's too slow. I wanna get in and start doing stuff and then get stuck. That's kind of more my strategy. An example, I write blog posts that are full tutorials of things that I know how to do. It might be just introducing you to a new app and the way a new app works and I'll go through and explain step by step how it works. They're really in depth. You've noticed I talk a lot? I write a lot. I write about 5,000 words a week but then the other thing I do is that same content is what you hear on my podcast and I remember somebody telling me once why do you let people have the blog posts if that's what you're gonna talk about on your podcast? They're gonna read instead of listen and I said, oh gosh you're right to be terrible if they got the content the way they wanted it. I should stop doing that right away. So I do both. So you can consume it any way you want and pick and choose what you wanna listen to or what you wanna read and you get both for the same price of free. And I thought I'd go through an example of how I learned in order to put stuff onto the podcast. My friend, Pat Dengler, she sent me a link to this app called Shotr and it's a screenshot app. Well I've got about 12 screenshot apps. I'm addicted to screenshot apps. I love screenshot apps and I was really enamored with CleanShotX but she said, no, no, no, try this one. At the time it was free it is now the grand total of $8. Not per month, not per year, $8. That's how much this app costs. And I thought, well, how good could that be? It's free at the time, you know? I said, ah, that's not gonna be very good. But I thought, I'll go take a look at it. The first thing I do is I push all the buttons and just go around and push, because again, I don't read the manual. I don't wanna know how to do it. I wanna just push all the buttons and see what it does. And I'll give you an example here and you don't need to be able to read what's up on screen there. And there's a row of icons across the top. And I take a look at that and I go, well, I see a, you know, I see a save icon, a copy icon, a pen. That's all pretty obvious. But the next button over is a piece of paper with like six braille dots on either side. Wonder what that is. And you click it and it turns out it's how you drag images out of it right into another document. Well, that's kind of cool. And then I go, well, the next button, what is it? It's an arrow. So it sort of looks like a selection tool, but it's also got like a little crop symbol. What does that do? Well, it turns out it selects and it crops. And that's an unusual way to do a tool. As I keep going across, you see it an arrow. Well, it's gonna put an arrow and T is gonna be a tax. I don't care about those. But the next one over says one, two above a line with like two vertical lines next to it. What does that do? It turns out it's a measurement tool. If you hold down the one key and you drag your cursor around, it tells you the horizontal distance between any two elements on that screenshot. So somehow, and there's probably somebody real smart here who knows how it does this, but somehow it's actually looking at the images and the text on screen. It can measure the distance in pixels. And so if you're a designer that's trying to do layout, it can be really, really helpful. You hold down the two, it does vertical distance. So anyway, I'm just sitting there banging at these buttons just poking them to see what they do. At this point in the process, I need to take a critical eye and really look at this and see whether is this something I'm gonna wanna do a review of? I'm gonna wanna teach how to use. So my first question is, does it solve a real problem? But if it doesn't solve a problem, then don't go talk about it. Now the problem can be, I'm bored and I wanna be entertained. Like I did a review on an app called Clack. Have anybody heard of that? It's a menu bar app and its whole job is to make your keyboard sound like a clicky keyboard. I love this app. I love it. It makes me happy every day. It's the dumbest thing, but it makes me happy. So that solved a real problem. I might ask, is it unique? Is it actually gonna do something that I can't do any other way? And you look at ShotR, well, not really, right? Because I can do my CleanShotX. I got all these other ways to take screenshots and annotate them. But maybe it's like something else, but it's better. Or in this case with ShotR, the conclusion I came to was it wasn't better. It was just different and it was fun and it was playful and I really, really liked it. So that actually made the cut in that one. So I don't bother doing the review unless it meets that criteria. So one thing I never do, people say, well, you should tell us about apps that are bad. So we don't accidentally buy them. And I say, that doesn't sound very joyful at all. I'm not interested in that and I'm not gonna slam somebody. If I do find a bad app, by the way, I write to the developer and I say, I have a few suggestions for improvement. So at this point in my learning, I start digging a little deeper. It's time to just really dig into the app and get into it. Here's another shot of ShotR. And when I clicked on the blur tool, I noticed at the top it says blur, blur text, erase and erase text. What is this sorcery? So I selected a region and you can see that there's still a little gear there. Under the region I've selected, but the text is gone. So right away, I mean, that's eight bucks, right? I mean, to be able to do that. So obfuscating information that's private that you don't wanna have shown, that you can do blur, you can do the regular kind of blur and it pixelates it and things like that. But to be able to just erase the text and leave the graphics, that's magic right there. But when I get to this point, now it's time to start writing. So what I'll be doing is I'll writing, use the blur tool to select an area, blah, blah, blah, and I'll actually start to write it out at this point in the process. The next thing I do is I just start poking all the buttons in the settings or preferences. And to be honest, I don't poke every button. I may look at it and go, oh, that sounds too hard. So one of the things ShotR does, that's really cool is it does scrolling screenshots and a couple of apps do that. But what this one does is when you select the region, it auto scrolls. So you don't have to guess like how fast to go, which is really cool. And but it has an option here. It says scrolling screenshot max height, 20,000 pixels. I have no idea what would happen if I changed that to 10. No idea. So after I've done poking all the buttons invariably, I'm stuck. I find something I don't understand. So when I get baffled, I've got something, I've got to figure something out. How does this button work? What am I supposed to do? At this point, I do the unthinkable. I look at the user manual. But I only really like user manuals where they're very specific and great. And I put up the gold standard. Rogamiba in general is the gold standard of basically everything. And their user manuals are spectacular. The best thing in there is there's a search box. So I could search for the thing I want so I don't have to read the manual, which is what I really don't want to do. But they also give great screenshots and that like, have you ever used, oh, there's a tool. Dave loves this one, is it Pixelmator, I think. When I tried to learn Pixelmator, they would say, okay, touch the color picker tool. What's it look like? And there were like no tool tips back then. There might be now, but the user manual's horrible on that. But in this one, it's really, really good. But invariably, I don't get to the point where I actually understand how do you use something. So what I do is I contact the developer. And you would be amazed how much developers actually like to write back to you about their tools if you approach them correctly. So my approach is, so I'm probably an idiot, but I don't understand how to do this. This doesn't make any sense to me. And I always tell them, I hope it's a mistake I'm making because it's easier to fix me than it is to fix software. So if I tell them that, then they're like, oh yeah, well, you know what you could do is this. And every once in a while, you get somebody who's snarky and gives you a snarky answer and that's good to do. But what's fun is you start to get to know them. Have some fun, be playful when you write to them because they can help you and make your life easier and you can make them happier. You know, start by telling them all the stuff you love about their software. In fact, put that in the title and then put the part you're mad about inside there. And if you bother them long enough, sometimes you get an app like Feeder from a reinvented software. This guy named Steve Harris. This guy is one of the funniest, most snarkiest, sarcastic people I have ever met my entire life. I ask him a lot of questions. So for the people who can't read it from here, in his About Me page for Feeder, it says, thanks to Allison Sheridan for use of her feed and screenshots and for being generally annoying. Steve and I had an opportunity to go to England to meet up with Don McAllister and he did a Tweet Up in Liverpool. Steve Harris drove two hours to come to Liverpool to go to that Tweet Up. And I got to meet him in real life. He was hilarious. And I'm talking to him before he left. I said, God, it means so much to me that you drove four hours just to meet me. And he goes, no, I came to meet Don. Actually, I wish Adam Christensen was still here because he's the one who pointed this out to me. It was up there for two years before I ever noticed it. Steve never told me. Now, if I really want to learn something, I sign up to do a screencast online tutorial. There is no better way to learn a tool than to have to demonstrate a tool. That's where you realize that you've been kind of skipping over some parts and just using the parts you know. But with a screencast online tutorial, you really need to do it in depth because people pay for this service. It's a podcast because you subscribe to this because you're learning stuff. It's a tutorial service. So you can't just do a half big job when you're selling something to people if they're actually paying for the content. I gotta tell you, I did one on RetroBatch which is a really cool tool for image manipulation. Super fun automation stuff. And doing the video for screencast online was way, way, way, way, way, way harder than it was to do the blog post and talk about it on the show. Because I have to practice it so many times so that I can fluidly go from step to step and I can, seriously, can't hand wave. You can't have anything jumping on screen, go, oh, let me back up because you can't back up. Once you've laid that down on tape, you have to keep going. So when I wanna learn it really well, I'll sign up to do a tutorial. And the thing that really brought it home to me thinking about learn by teaching was that if I do a screencast online tutorial on something I already know how to use, I learn it so much better. Audio Hijack is a tool that is just essential to my workflow doing the podcast. I'm using it all day every day. I couldn't believe how much I learned by teaching it on screencast online even though I've been using the tool forever. Couple years ago I did a mind mapping tutorial, which I thought, yeah, it's on iThoughts, it's a great mind mapping app. And what I start doing to do the videos is I start taking notes in just little bubbles and you can rearrange them real easily to tell the story in the way you wanna go because I like to start my tutorials with, why do you care? Am I ever gonna need this? Because I figure I've got about 20 seconds for somebody to go, I don't care about that. That's a banking app, I don't have any money. Whatever it is, I gotta catch them, I gotta give them a hook. So I work on how to tell the story to get them to go, oh, I might do that someday. I might try that. And so I really work hard to get a story in a cohesive order. And one of the other things you have to figure out when you're teaching it is where do you teach the settings for a given application? Cause you can bore the heck out of people if you start in settings. But a lot of tools, you have to start in settings and Shatter was a good example. If you didn't set things up in settings, you couldn't actually use the tool well. So you have to figure out where do you feed it in. Usually I try to make it at the tail end, I don't know, is the end the amuse-bouche? No, that's the middle. Anyway, dessert is where I usually put that in, but sometimes you gotta put it in the right place. So I use a mind map to help me learn. And I just, I could not believe how much I learned about audio hijack when I did that tutorial. New story, I'm really interested in accessibility. Accessible tech is so much fun. People with challenges, man, they get some of the coolest stuff. And one of the things I wanted to learn was voiceover, which is the built-in speaking tool for the blind for in macOS and iOS. And I was really interested in this. From a little kid, I've always been interested in Braille and things, for some reason, Braille just really blew my dress up. I was excited about learning about it. So I had played around in voiceover and I just, I couldn't get the hang of it. You know, I would play with it a little bit and I would just kind of shy away from it. So in a moment of madness, I volunteered to do a presentation at MacStock blindfolded and I love what Don McConnell, sorry, Mac Roll, what'd I say? MacStock. Yeah, no, I'm never doing this again. I am never doing this again. It turns out the iPhone's actually not that hard to use in voiceover because you've got this constrained area. It's only this big, you can't be that far off and it's always in a little grid. The back button in almost every app is always in the upper left and the APIs that Apple gives you in developing tend to make it automatic to label the buttons. But when you go over the Mac side, it's free range. I mean, you don't know where anything is on the page. You don't know what window you've got in front. Don't even get me started on how hard the web is to navigate because every developer is designing everything differently. So I think I rocked the iOS part. I crashed and burned when I did the Mac part. How many people know the rule never changing anything in your presentation at the last minute? I moved my presentation to the desktop right before I went on stage and I got it stuck to me and it was like I was like this. I was going around in a circle with this thing stuck to my foot and everybody could see that I was everywhere I went. Presentation was just following me around on screen but I didn't know I actually had to take the blindfold off and I was crushed because I had worked so hard to do it perfectly. I'd practiced it a thousand times and I didn't get it right but what I liked was the audience said to me afterwards they said, no, no, you showed us how hard it is. That's what, if that's what you were trying to teach you definitely got that message across to us. So another fun story about that I enlisted a bunch of blind friends. The cool thing about podcasting is blind people can listen, right? So all these blind people listen to my podcast and I talk about accessibility in the middle of mainstream podcasting and so I have a lot of blind friends and so I enlisted them all. How do you do this? How do you do this? And I remember I called a blind audio engineer who has a studio out in New York and I called him up and I said, do you think I can really do this? And he goes, oh, Allison, it's not that bad. It's great, you're going to be able to do this. It's a piece of cake. Well I called him afterwards and I said, you liar. And he says, yeah, I know, right? It's really hard. Why did you do that? He says, why didn't you do it if I told you how hard it was? All right, so that was really fun. I enjoyed doing it. Again, I was crushed that I didn't just nail the whole thing but the audience was very nice. I believe you guys were very forgiving afterwards. But learning that skill because I did that tutorial is now what I can do is I can test apps for accessibility. So I try to remember every time. I don't remember every time but when I'm going through an app about three quarters of the way through, I'll go, ooh, I wonder if it's accessible. And I know enough to stumble my way around to tell you if it's inaccessible. I can't tell you if it's great but I can tell you if like, nope, nothing's labeled here or you can't navigate this at all. I came across an app recently that I won't call out but they came out with a new version and the old version was accessible and the new version isn't. Like nothing was labeled, couldn't navigate. I mean train wreck bad. And I wrote to the developer and I got an email back in 17 minutes and the guy said I didn't do it before the new version. I'm gonna work on it now, I take responsibility and I'm ashamed that I didn't do it right. Now that's almost as good as if you'd done it right. I also found out recently that Mac Tracker is not accessible. It's just a table. But on the Mac, you can't use it at all. You can, there used to be a web version but that's gone but the iOS version is pretty good. It's not bad. That's what I'm talking about. An iOS stuff is a lot easier to be accessible. But I use this all the time and what I was able to do was write a tutorial for all y'all to learn how to do it. I walk you through. Okay, hold down these buttons, do this arrow key and I give an example of how to walk through and try to do it. And actually Mac Tracker is the one I call out in there because I was really surprised that it wasn't. It's been around for 140 years. I thought it would have been. Older than the Mac. Older than the Mac, yeah. Probably, yeah, it's got all the iOS stuff in there too. Steven and I got solar panels. Shortly after we had solar panels installed we had a whole home battery system put in. And we found that a lot of people are interested in the topic they wanna know. They're usually like, oh, it's never gonna pay off, is it? Well, batteries aren't for us but the solar panels will in seven years. But we had a lot of people asking questions. How does it work? How do you manage it? What happens? What are the different scenarios? And we started thinking about, well, okay, if the sun is out and the grid is down what can I use in my house off the battery? Cause when you get the battery you get kind of a budget of, I don't know, amps or watts or kilowatts or something. Steve would tell me, he's a WM and ME. You have to decide what circuits are gonna go on the backup battery. In our house our electric vehicle charger can't be on the battery and our oven can't be on the battery. So those two are off but everything else in our house can be run off the battery. Well, we started getting these questions about how it worked. And so one of the tools I used to teach is I create diagrams. I'm always given Dave a hard time. I'm always saying, hey, can you diagram that for me? I'd really like to see that. So you don't have to understand anything on here. This is just a representative of what we do. We probably made what, 25 versions of this, Steve? I think as we went through we made like 25 versions of this because we couldn't figure it out. We realized we didn't understand how it worked. If you could see it and if you cared it tells you what happens when the grid is on up but when the grid is off is the sun out. Is it nighttime? How much battery is left? How does the energy flow? Like the energy always flows to your house first no matter what. And then it tries to pull the battery and then if it's got access it sends it back to the grid. But if the grid is out you actually, we can't use our oven or our cars. However, well we can use the cars. We just can't charge them. However, we discovered in drawing this diagram that if the grid was up we could use the battery power and keep from using grid power. We're like, whoa, that's interesting but we figured it out, we learned it because we did this blog post and this diagram and wanted to teach how it worked. So that was a really great example of learning by teaching because we learned something we actually didn't know. I also test drove this on some friends of mine who are real smart but know nothing about this and their questions were really invaluable because they're like, well, I don't know what's that what's that line mean? Oh, if I made it dotted maybe that would help. So I love doing diagrams. This is done with the free diagrams.net is a website. You can also download it locally and it's got a different name but I won't confuse you with that. Really good free diagramming tool. I use it all the time. New story. So we do, I show live on Sunday night, Steve produces it and I'm the on air talent as it were. What it really is, it's not like Mac Geekab where you're actually getting to see the real show. You're seeing the making of the podcast. So I stop and start and chat with the audience and goof around and they pay no attention to me in the chat room at all, Marty. I'm looking at you, where's Marty? Yeah, that's Drunk Nick Nolte in our chat room. He's definitely, oh, John, where's NASA night? He's really annoying. Did John Lee? Oh, there he is. I just get a creepy feeling when he looks at him. So he's always making snarky comments. But anyway, these people, and Jill is on team Allison. So she's one of the good ones here. There's Jill. She said she learned how to podcast by watching my live show. The setup of this is somewhat complex because we're piping a lot of different things around. So again, I diagrammed it to make sure I learned how it worked. So at the top, you can see that my audio and my video both go into StreamYard, which goes to YouTube for the video. But also my recording software called Hindenburg, which gets a lot of laughs every time you say, you expected that would work out well. It's actually a great application. But anyway, I need to learn it better. So I really need to do a screencast online tutorial about it because I don't know how it all works. I taught Jill how to podcast. She's teaching me how to use Hindenburg because you know what she does? She reads the manual. I was like, Jill, how do you do this? I don't know. She'll help me. That was another thing I was going to put in here is just get friends of yours to read the manual and tell you how to do stuff. And it's a great way to learn. Just you just got to find the right people. But separately, we pipe Steve in and we've got the video and audio going different places and Discord has the audio but not the video. And so piping all of that all around is difficult. So I keep diagramming and I put down all the settings. This is audio hijack and loopback. And like I've got a button there, important to be unchecked. I can't hear the audio from Hindenburg if I forget that one button. And I forget that button. Sometimes it gets flipped back. So I diagram that and I took diagrams of what the way Hindenburg is set up and the way Stream Merit is set up. And once I've done these diagrams, I know that in the heat of the moment we're trying to get ready. It's three minutes to five. And man, there is heck to pay if I don't start at five o'clock on Sunday nights because that's what time we start. If anything goes wrong, I could just flip up these charts and go, oh, okay, there's the button. I didn't check that. I didn't check that. Something got flipped the wrong way. So I find diagramming things to be a really good way to document it, learn it, and then you have it as a resource to go back to when things go wrong. I used to use a different piece of software that had literally a 15 page document to go with these kinds of settings. Don't use it anymore. And I'm so happy we're on Stream Merit is so much, so much simpler. Now I'm gonna flip over to doing examples from other people. I wanted to learn to program when I retired. I thought that would be fun. I talked to a buddy of mine who was a programmer and I said, I want you to teach me to program. He says, I'll get you a book. I don't want to read a book anymore and I want to read a manual. So I'm not gonna learn that way. So I was talking to Bart Buchatz out of Ireland who's a programmer, cis admin, security specialist, friend of mine that he does a segment called Security Bits on my regular podcast, the NoCillicast. And he said, well, I'll teach you. What if we do it in an audio podcast? That sounds like a really silly idea. An audio podcast to learn programming. Imagine reading a shell scripting out loud. You will hear that, but that's a dense language. But what he does is he writes perfect tutorial show notes. So you can choose not to listen to us at all. You can read his tutorials and go along. Or it's even better if you hear him explain it. And the value he says I bring, and I argue with him all the time that I don't bring much value because he does 98% of the work, is I'm that idiot in the front row going, I don't understand. Can you repeat that? I don't get it. And he says, that's where you make me step back and I have to explain it better. And that's the tiny contribution I make other than producing the show. The interesting thing was just a couple of weeks ago, he told me, like I said, we're doing the shell scripting section. He said, Alson, what you don't understand is, I am one week ahead of the class understanding this. I am learning as I'm going. So he's been doing shell scripting forever, but he knows that if he has to teach it, and I'm in the front row and I'm gonna ask, he said, you're gonna ask the wrong question. I said, I would say I'm gonna ask the right question, but that can really throw him off his game. If he's not like me, he's not just gonna make something up. He's like all factual and writing stuff. And so he has to know exactly how it works in order to teach the class. And so he's been learning more and more about bash programming that he ever knew before. A funny thing about this show is I was just telling somebody over here today, the people who take this class are mostly programmers. People who already know. And they end up going back to try to refresh their memory and get deeper into it, which is really depressing for me because I'm the junior programmer going, I don't know anything. And these people are like, well, I've been doing this for 38 years and I just learned this. But the good thing is I have a whole bunch of people to help me with my programming. So it's good for me too. Last example, my friend Linda was just telling me a story. She wanted to get this teaching job and it was like earth sciences, something like that that she was gonna teach. And in the interview, they asked her, do you know what the tectonic plates are? And she says, yeah, those are those dishes I keep in the top of my cabinet for company. And she said they thought she was just being flippant because it was such an obvious question. She had no idea what the tectonic plates were. But she faked her way through by being funny. But what she said was, she was one week ahead of the class, just like Bart, reading the book, understanding it and then being able to teach it to the class. Cause of course they're probably not reading the book. But it was just another great example, but learned by teaching. She says, I know all about the tectonic plates now cause I had to teach the class. The final thing I wanted to say is that as a result of the work that I've done to teach other people, I now have over 3,200 blog posts. So when I need to know something and I go out and I Google it, I cannot tell you how many times the answer is at podfeed.com. And I know it's cause I'm logged in as me for a long time. I thought, oh, I'm famous, you know, but then I logged out to Google and it was not nearly as exciting, but I stay logged into Google. I can always find the answer because it's a podfeed.com and it's like, well, I knew how to do that at one point. Well, that's good. It's in here. I'll just figure it out. So I learned by teaching and then I've got documentation of that and then I can go back and I can learn it for myself. So learn it again because memory is bad. I'm out of time. Thank you very much. Well, this week, the very lovely Owen Harris went over to podfeed.com slash PayPal and he made a one-time donation to the podfeed podcast. I wrote back to him and I told him that means a lot to me, that he's out there either reading or listening and at least enjoying the content we create here. I thank him for his generosity and supporting independent podcasting. I hope you appreciate Owen as well for his help in keeping the no silicast ad-free. What's that time of the week again? It's an early security bits with Bart Buchat's, hopefully not too much happened in a week, Bart. Is it strange enough? No. The show notes were looking stupendously short when then luckily of all things, a report came out. But it's actually kind of a nice report. So I turned it into a whole bunch of security medium or a deep dive as we're calling him, yeah. Very good, very good. We have one little follow-up of the never ending story that is the NSO group and Pegasus and all that shenanigans. The FBI went off to investigate why it was that, well, basically the FBI discovered that the FBI accidentally bought Pegasus software, sorry, bought NSO group software after the US government embargoed the company in retribution for them being up to all sorts of nuttiness, which was deeply embarrassing. Yeah, it's like, who did that? Oh, bleep, it was us. That's horrible. They did stop straight away though when they discovered and it wasn't Pegasus, it was something called Landmark, which is for location tracking as opposed to turning on the mic and stuff. So ick, what a bit less ick. Yes. Okay. I'm actually kind of glad that did happen. It's interesting that they confessed it. Well, to me, this is a good sign, right? This is how transparency is supposed to work and you're supposed to learn a few mistakes and stuff. So yeah, I mean, you know, people make mistakes. This is the right way to do it. Yeah. So that then jumps us into our deep dive, which is a report that hit the news feeds. It is called the top of vulnerability, sorry, the most exploited vulnerabilities of 2022. And it is by- Oh, that sounds fun. Well, it actually kind of is interesting to see. Well, so there's lots of things that are theoretically dangerous and there's lots of things that the bad guy could be going after. But what is actually happening for real, right? You know, if you have a bad front door lock and you live out on the Rocky Mountains or if you have a bad front door lock and you live in New York City, it's very different thing. So where are the actual, what's actually happening instead of just the possibilities? Because we always talk about, you know, this could happen, this could happen. So I thought it was interesting. Now it's by what might sound like a random collection of countries, Australia, Canada, New Zealand, the United Kingdom and the United States. But they're not random. That is the Five Eyes group. Okay, okay. So this is a report by the various intelligence and cybersecurity agencies from the Five Eyes. And so they have very good insight into what's actually happening in the real world because they're very interested in protecting the most important economies in the world. Let's be honest. Right, right. So the report is not too long. Most of it's appendices. So it's actually, it's a bit, they didn't think of like diagrams or graphics or any of that. They put their logos in. So it's not completely free of color. Their logos are at the top. But other than that, it's kind of just text. Pretty dry. It's pretty dry. But it is, it is accessible. Anyone who's listening to this could read it. But I think that the best thing to do is to jump to the list of 12 most exploitative vulnerabilities on page nine, which I'm going to translate into human ease for you because I think it's most more interesting that way. So at the top of the list, we have login details leaking from a widely used and very expensive corporate firewall, otherwise known as 40OS and 40proxy from a company called Fortinet. And we have a long running joke and work. They call everything 40. They actually have a backup solution called a 44t. I've never heard of this. This must be a corporate thing. It really is. The number of zeros on these people's invoices will make your eyes water. So login details leaking from what is basically the front door to your corporate network. Of course, when such a vulnerability came out, everyone attacked it. Because this is like, they provide like VPN access and get right. Exactly. That is where that is the front door of major corporations. Of course, that's where they went. The next three together are basically there are different vulnerabilities, but two, three and four are all remote code execution and the ability to bypass login in self-hosted versions of the single most popular groupware product on planet Earth, Microsoft Exchange. Microsoft Exchange can be self-hosted. Exchange is the self-hosted product. What you're thinking of is Office 365, which is Exchange migrated to the cloud, but... I don't know what Exchange actually is, Bart. I think of it as a corporate product for email. I don't think of it as anything else, but self-hosted sounds like it's a home use thing. Self-hosted in the corporate sense. So it is your groupware, right? So it's your email, your contacts, your calendar. Oh, corporates, okay. So is this all gonna be corporate focused stuff? Mostly because that is where the money is. That is what's mostly attacked, right? But this is what's going on in the real world. So in the real world, what's going on is people are going after people who's self-hosted Exchange servers where you can run any code and log in without a password into anyone's inbox. Do you think why the bad guys might wanna do that? Maybe. Next time we have a wonderful one, a remote code execution and the ability to bypass authentication on a third party provider of multi-factor authentication. So you pay these people to put multi-factor authentication in front of your in-house websites instead of you built yourself. Only they have an authentication bypass and a remote code execution in the two-factor authentication you put in front of your stuff. I hate when that happens. I think that's just, well, hilarious in all the worst possible ways. We have arbitrary code execution in self-hosted versions of the most popular project management software suite out there, Confluence from Atlassian. You've probably heard Atlassian ads all over the place. Oh yeah. So that's how you're managing your big corporate projects. So of course that's where the, if you're a bit of corporate espionage, of course you want to see how the designs for the latest Fusion reactor are going, right? Right? Eight and nine then come together in a little thing called VMware. So why not just go in and grab all of the, oh, sorry, I've skipped one, but I'll go back to seven. Eight and nine are in VMware. Basically you go in and see all the virtual machines running in all the companies. I'm actually going to skip back to seven at the very end. The last one then is basically looping us back around to the start. There's actually a bunch of firewalls called big IP. Rrrr, big firewalls. These also cost money, house payments per month from F5 networks. So they're all really big corporate things, protecting the front door of the corporation, protecting email contacts calendars of the corporation, protecting the project management of the corporation, protecting the two-factor authentication for the corporation. Number seven that I accidentally skipped would probably should have skipped in purpose. Good old log for J. The old log for shell vulnerability makes it in at number seven. I remember that one. Yeah, that was supposed to be a lot of fun. That was a month of buying coffee for our citizens. It really was. So log for J is an open source library for adding in string processing into your in-house Java apps. And the corporations love Java. So there's Java apps all over the place and of course apps all have logs. Therefore log for J was everywhere. So it was a backdoor into all of those little apps corporations build to make themselves go. But it's not worthy because of everything I've mentioned, that's the only open source one. Everything else. Oh, that's good. Yeah. Was lots of big corporate stuff. So I thought that was kind of interesting. So in terms of real world threats, that's A, I wouldn't say too scary because they're the kind of things we'd expect people to be going after. So it's pretty obvious stuff. The also then if you want to continue reading on the report, if you skip ahead, actually before we skip ahead. So I sort of went, well, what do I make of those? So I've already said they're going after what you think they'd go after. Just the one open source project, a little log for J. And again, almost everyone on that list is a really big hitter. And I'm going to apologize to the poor people at Zoho because I don't think they count. They are not in the same league as your VMware, as your Atlassians, your Microsofts, but everyone else has really big names. Yeah. Yeah. Well, but the big names, right? Big software, more software, more mistakes, more humans, more mistakes, makes sense, right? And also there are bigger attack surface because they're everywhere. So even if they were harder to attack, they could be 10 times as difficult to attack, but it's a hundred times as valuable to attack them. So you still do. So it's all about the money, right? I keep saying this, follow the money. But the last thing that jumped out at me is that five of those 12 vulnerabilities were in what is arguably considered to be the legacy approach. So people, in general, Microsoft wish no one would run Exchange. Microsoft wish Exchange would vanish and everyone would use Office 365, which is their software as a service version. Atlassian are trying to get everyone onto Confluence Cloud because that's their software as a service version of Confluence data and Confluence server, which is the compromised products. So if you're still insisting on running your own data centers with your own servers and stuff, you're actually putting yourself in more risk because the customers of the cloud services were never affected by these vulnerabilities. Yeah, that's easy to say if you're thinking about, student record data of what time their classes are, it's a little different if you're talking about the IP of your company or, I don't know, national security. Well, it isn't. There isn't any way you're gonna convince a company. Ah, you say that. Have you ever heard of Confluence? No, I didn't actually get to say it because you spoke before I finished. I don't think that you're gonna convince a company like Raytheon to say, I don't know, put Warhead Secrets on a cloud-based service. I thought you were gonna say that. That's not hosted locally. Well, there's actually a thing called Gov. There's a whole separate version of Microsoft's cloud for government use that has been certified and the encryption keys are managed by the agencies. And so it's like a different copy of a hardened version of the same cloud. So there's actually two clouds. There's a government cloud, which is used by the US government. And there is, and contractors and those kind of people. Okay, so that's different than what we were just talking about. Well, no, because it's the same product. So you just basically, when you go to sign up, you go to say, am I Gov cloud or am I Public Cloud or am I China cloud? There's three versions of the cloud. One of them is not a good thing. Don't go to China cloud unless you're in China and you have no choice. The other thing that people might find interesting in there is the list of advice or what you do to protect yourself. And what I love about this advice is that none of it is earth-shattering. None of it is like, oh, I'd never have thought of that. It's all the basic stuff, but sort of gets back to my favorite side ever, which is that doing the cybersecurity basics well protects you from 98% of threats. Just, it's not about rocket science, just do the basics well. And so if you read through the report, you're basically left with, actually, I love that they started the very first piece of advice they gave, these fancy words, but basically, make management responsible for your organization's security. They have to be the ones where the book stops. They have to be responsible, and the true meaning of the word responsible. I thought that was great to put that as your first piece of advice, because if they're responsible for it. I bet they'll get right on that, Bart. Yeah, corporate governance, we are actually heading that way. It is now considered to be a negative thing if there is no one with cyber responsibility in your C suite. If there's no, yeah. So that's progress. That's the CISO. Nowadays, it's usually a chief security officer. So it's usually a CISO these days. That's literally what I just said. It is, isn't it? You said that's your CISO. Yeah, never mind, never mind. Brain did not compute that. The other thing that they really focus on is secure by default and secure by design. And they're two sides of, I guess, are even the same coin. You have to design things to be secure, but also secure by default means if something fails, does it fail open or does it fail closed? And there used to be a thought of, oh no, make it fail open, because what if we end up being locked out of our system? Or what if there's an outage? And now the answer is, oh goodness me, no, fail secure, fail secure, fail secure. Because otherwise, all you have to do to get, it's be the equivalent of having a security system where when the power goes out, all the doors unlock. I mean, what did the bad guys do? He goes, snip. Yeah, so maybe not. Yeah, so that was kind of interesting. The other thing that was really obvious was that if you haven't yet jumped on board, train zero trust and you're still thinking about the old molten cancel approach, really you need to change that. You need to get onto the zero trust train. I think we did an entire segment on zero trust, I think. I think so, yeah. So basically it's MFA everywhere always. Make your devices prove their identity, which is really important, right? Should this laptop be allowed onto the network? Well, until it has proved that it really is one of ours, know it's the answer. It's called network access control. That's really important these days. And regardless of how fancy pants your corporation, patch early and patch often, which of course is given the fancy pants named patch management, is right up there. That is whether you're us or whether you're big corporate, patch early, patch often. The other one I- Yeah, that sounds pretty obvious. Yeah, the other one I think that people often forget about because it's really boring, is you actually need to capture your correct configuration, which we call a security baseline configuration, which is really fancy, but you basically record your configuration in an auditable way, and then you audit against it. So that could be as simple as taking a checksome with all of, imagine taking all of your settings files, all of your P lists and doing a checksome on them. And if the checksome changes old sugar, there's only your configs is wrong. And you just need to have something that says auga, auga. This is not, this should be set to A and it's set to B. Because that is one of the most common ways where bad stuff happens, right? The setting gets flipped. Often because, oh, this isn't working. What if I turn the firewall off for a second? Does it work now? Oh, it does. I really should go back and fix that firewall. What, it's five o'clock. Oh, okay. I'll get to that tomorrow. Nope. Classic, classic. Well, and another thing that does for you, this is something that Dave Hamilton talks about all the time. He says, go look at your router right now and look at what the lights are doing. What's blinking? You know, are your modem, what's blinking? What's on? What's off? Go see what your current state is. And in fact, he's got another one that I don't think is actually practical. But he says, go look at your console log right now. What's it look like? What's flying by? Okay, so now in an emergency, when you see these warnings, don't go auga, auga, because those are always happening. But the problem is there's too much in console to actually easily do that. But looking at the blinking lights, that's a good one, right? Yes, and I wish I had thought of that. Well, when we moved house, we changed internet service provider, we changed router, and the first time the internet went down, the better half was like, go down and see if it's our internet or if it's something else. And I was like, well, I don't know what normal is, but the lights are this shape now. It's like, there's some red ones and some green ones. This shape. How does that do for you, right? Yeah, and then I remember thinking, I should have taken much more interest in what it really looked like. I'm gonna actually piggyback off that excellent suggestion with another suggestion. A lot of routers have an option to export their config as a file. Sometimes it's an XML file, sometimes it's a JSON file, but you can often export the config as a file. Well, if you do that. I've done that before, not lately, but I should. Yeah, I stick mine into Git. And then if I ever need to get my router back to the last time I knew it was working, I can just go back and go, well, I know that worked. I was missing half of these new features, but at least it worked. Anyway, a little bonus. But that is technically speaking a part of your secure baseline configuration management. So it's very fancy we're being here. The other bit of advice they gave, which is again, sort of bunk, bunk on the head, of course, but you actually have to audit who you give access to because usually the way this works is a one-way system. Yeah, Bob and Accounts needs access to that system. Okay, Grant, give Bob access. Now, Joan needs access to that system. Give Joan access. Five years later, Bob and Joan still have access, but Bob is now over, not in the accounts anymore. He's now over in, I don't know, he's in some office in India or something and he's completely exposed in a dangerous place, but he still has access to all the finance systems. Or he moved from finance into quality and he no longer needs that. And that can, you did a long segment on the way Microsoft sets up those kind of controls to get you the right access at the right time to the right people and only for as long as they need it. And that I still think it's impossible and no one will ever do it, but I think it's a wonderful idea. Well, there are tools there to bring you closer. There are tools to make it, you know, because you're right, it's, you're never perfect, right? You're never gonna be perfect, but gosh darn it, you should do your best. It's called Identity Governance. Yeah, it's called Identity Governance at the buzzword. The other one they're really harp on about is you should be scanning your network to notice when something shows up that didn't used to be there. Because, yeah, either your processes are leaky and you need to tighten up your processes so that you actually know when stuff is supposed to arrive or it's not supposed to be there. But either way, you really shouldn't know what's on your network. This is called Asset Discovery in Fancy Plants terms. And then the last thing is basically log everything, shove it in a giant big pool of data and throw AI at it. And if anything weird happens, the AI will go, auga, auga. It didn't used to be like this. Just a bit like your blink of an eye. How does it? It's just dumping the data into AI tell you that it's auga. Oh, there's slightly more to it. You're paying someone for something called a seam, but basically you put all the data in a place and then you tell the AI, you have a month where you're hoping everything's normal. Or at least. Oh, okay. And you tell it, this is normal. This is normal. And then you give it later and it'll tell you what's going on. And then after that, you turn it from learn mode into shout mode. Not really the technical terms, but you know, you got what I mean, right? You tell it from, you train it and then you let it go. And it's actually surprising how it doesn't have to understand why it's wrong. Anything, it doesn't have to understand any meaning. It's just like, it used to be this shape and now it's this shape, auga. And then the human beings come in and go, oh, well actually that's completely normal. And then you tell the AI, no, no, no, learn this, this is normal. And then the AI goes, oh, okay, then those triangles are good. Fine, okay, great. That shape is normal. But it's shockingly effective because almost nothing doesn't leave a trace. Like you can't do anything on a network without there being a log somewhere. Right, right. Anyway, I thought it was interesting to see a report from the real world. You know, and none of it's rocket science. And none of this is like, I haven't mentioned anything esoteric or weird. Right, not some weird mysterious effect we didn't realize was happening. It's remote code execution vulnerabilities exploited on corporate services. Yeah, and notice it's not weird zero days and really esoteric, you know, lead hacks or stuff. It's just the basics. It's just the basics. Which I thought that that in itself I think is interesting. Okay, I also did manage to find some news. I worked very hard. I found you two stories. So the Securities and Exchange Commission of all people are being mentioned in security news, which is at first glance weird. But this ties back to me saying, it's all about the money, right? Follow the money, follow the money, follow the money. The Securities and Exchange Commission care about share prices and of investors not being defrauded. If you are a publicly traded company and you suffer a data breach and you hide that fact and it then gets discovered, all of your shares will plummet in value and your shareholders will be defrauded. Therefore, it is now a new requirement that within four days of any publicly traded company determining that there was, let me get this right, any cybersecurity incident, they determine to be material. Which is their word for could cost us share price. And they have four days to report from when they know it's happening. Wow. That would be lovely if that isn't what happens normally, right? It is not and that is largely because at the moment, I believe they have to report quarterly and they have to mention in their SEC filings that if they've had any data incidents, but it's only every quarter. And we often actually do find out for the first time that a breach happened in an SEC filing, which I think is terrible. Like, that's not how we should find it. Do we find out in an SEC filing by last pass? Do you know, I'm 80% sure we did. I think you're right, Allison. I think that is one of the, there was definitely a recent one where I was extra cranky because they didn't even tell us nicely. They'd, you know, popped it into a... They buried it, right? Yeah, exactly. It's like, yeah, I mean, there's a risk that... Have you ever noticed? Yeah, there's a risk our CEO gets run over by a boss. Oh, by the way, we had a big data breach. You know, it didn't be, I think it's a... Look over here, shiny thing. Yeah, yeah, yeah. So anyway, I thought it was interesting. Good to see the SEC making it clear, but it actually is an existential issue for a publicly traded company. You really do have to be honest about these things for the health of your shareholders. Now, I would say, how about your users? But, you know, not all companies have users. So I guess the shareholders do come into it. The other thing I just wanted to put a fire extinguisher in because there's a story doing the rounds because it's click baity. ChatGPT finds dangerous Mac malware. That's the headline I saw all over the place. I couldn't possibly phrase it better than Joshua Long. So I'm just gonna quote from Joshua Long's summary of the grand total of this non-story. The research group essentially asked ChatGPT, hey, do you think there's more Mac malware out there? ChatGPT basically answered, yeah, probably. And the researchers were like, okay, cool, we'll go back to doing our jobs now and try find some. I saw the transcripts. More malware than what? Do you think there's more Mac malware out there than there was yesterday? No, they asked whether there was any... Sorry, not more as in a greater quantity of, more as in that has not yet been discovered. So they actually asked ChatGPT, is there undiscovered Mac malware on the dark web? And ChatGPT said probably, so they went looking. I think that the answer to that would always be, yeah, probably, no matter what you put in the subject, right? Right, whether ChatGPT was confabulating or not at the time. Yeah, probably. But it was amazing how much traction it got. I thought once there were screenshots of the conversation, it would be obvious there was no story here. But I saw stories with those shouty headlines, with the screenshots, and I'm thinking to myself, have I lost the ability to comprehend English? Is there something in these screenshots that I can't comprehend? But no, it was just the biggest non-story I've ever come across. So anyway, there we are. I'm guessing that had this come out in not the silly season, maybe it wouldn't have gotten the traction that it got. I don't know, it hit two hotboard and clickbait issues, Mac malware and ChatGPT. That is guaranteed a headline these days, isn't it? You know, put those two together. I did, I say I managed to find, you managed to find the palette cleanser, which you sent to me, and therefore I consider that I found it because it was in my inbox, which is not how it works, but anyway. I found a second one too, I've just added that, while I'm describing this one, I will send you the, in the chat in Zoom. You should be able to follow along, but let me see if I can find that in the interface. Oh, there we go. The first one is the classic books that people learn nerd stuff from are the O'Reilly books. And they always have an animal on the front, and then they've got the subject of like, learn Python in 30 days or whatever. This screenshot from, let's see, phpc.social posted this on Mastodon. The names of the books are hysterical. It's copying and pasting from Stack Overflow, you bring the error message, trying stuff until it works. And every one of these, they've got like, you know, a cow or a stupid cat or a chicken or something on it. They're so perfectly in the style. Yeah. The animals are just so perfectly O'Reilly. Cause I thought they were real for just a moment. Then I was like, wait a second. I don't recognize those. I like blaming the user, a pocket reference. Essential, changing stuff and seeing what happens. I mean, those would actually be great books. They really would actually be quite useful. The O'Reilly books are such an institution that the book about Pearl had a camel on the cover and people still talk about the ultimate guide to Pearl being the camel book. It's not known by the author. It's not known by anything else. It's the camel book. And to this day, my, you know, we've done some cool podcast series together and stuff, but my proudest moment is still the fact that there is an O'Reilly book on Apache Tomcat, where when you go to the acknowledgments page, it says Bart Bouchotte. Because I contributed. Really? Really. I wrote the chapter on installing Apache Tomcat on Mac OS. Wow, that's pretty cool. It is pretty darn cool. No one reads books anymore, but I'm still, I still have a copy of the book and I have a baseball cap that is O'Reilly, that they sent me and unfortunately, the really nice hoodie, well, I wore it a lot and now it isn't a really nice hoodie. Well, after I do our second palette cleanser, I'm gonna say what I'm most excited about that you, I made your day the other day with a post, but let me do the second palette cleanser. Somebody called Math with Bad Drawings. Apparently these people actually do books. There are books called Math with Bad Drawings, but they did a post that I've found it on Mastodon. There's a link in the show notes, of course. It is a handy guide to picking STEM majors. So it's a traditional flow diagram. It says start and the first thing says, are you good with things like physical objects? Yes. There's yes and no. If you go down, yes, it says, what are your feelings on safety? I am for safety. If you say you're for, you should go into engineering. If you're against, you should go into chemistry. I am in a completely the wrong field here according to this diagram. If you go into ambivalent, you get to chemical engineering. That's like, I could go either way on safety. The other path is, do you like math and or money? And it gives you choices. You end up in economics or environmental science, biology, finance, computer science, depending on how you answer these. It's much funnier if you see it in the link in the show. I'm sorry, I was trying to find how does one get to be a computer scientist? So, do you like math and or money? Yes, comma both is what gets you on the path towards computer science, which is already interesting. Do you prefer to perform overt immediate evil or slow indirect evil? Overt finance, indirect computer science. Is that fabulous? That is absolutely wonderful. That is absolutely wonderful. I just love it. I'm telling you, I find the best nerd stuff unmasked it on, that's for sure. Also from Jeff Atwood, who is speaking of Stack Overflows and stuff, Jeff Atwood is Mr. Stack Overflow. I did not realize that. So there you go. We'll tie it all together in a neat little package. Well, I'm gonna close this out with yay us. And us is you, me and Helma. In the Mackie Gab has a Discord chat room and they've got different things like cool stuff found. And a lovely gentleman named Chicago Tom and I don't believe Bart or I know this person wrote this. I thought some of the listeners might be interested in this very extensive tutorial that I found called Taming the Terminal. And I actually am not unfamiliar with using the terminals. I worked on a Linux system for about 10 years before switching to the Mack, but I never really systematically learned all the little nuances and tricks that came with working in the terminal environment. This tutorial has been wonderful as it starts at the beginning and walks you through all of the things that you miss when you just jump in and start hacking around. The tutorial is available in many different formats. There's a podcast of the same name that is available on Apple Podcast and probably other places to go with it. So you can listen, read or listen and read. Did that make your day or what, Bart? I believe my answer to you was if we'd written this ourselves we couldn't have written a more perfect review. You know, it is a real book and you can buy, well, I've got a copy of the physical book and so do you and so does Alma which I never actually publicized how to do this but we should make that the inserted testimonial by Chicago Tom. Why you should buy this book? No, it really, really brought a smile to my face. I was like, God, that's why we put all the effort in, yay. And it's proving very evergreen. It definitely is. Well, it picked a good topic for it, that's for sure. Yeah, yeah, because. All right, Bart, well, we're actually going to be back in a week or you're going to be back in a week. I'm going to be back on my own. I've completely lost track of when we're doing well. But anyway, yes, I will be back to you soon. There will be more security bits and I'm hoping stuff happens. Actually, no, I'm not. I'm hoping I give you a really boring file where I read the phone number or the phone book or something to you. Yeah, we're OK for content. So if it's a short one, make it a short one. Understood. And remember, folks, like the five eyes tell you, stay patched so you stay secure. Well, that's going to wind us up for this week. Did you know you can email me at alisonatpodfeet.com any old time you like? If you have a question, a suggestion, or even a review, just send it on over. You can follow me on Mastodon at podfeetatchaos.social. Remember, everything good starts with podfeet.com. If you want to join the conversation, you can join our Slack community at podfeet.com slash slack, where you can talk to me and all of the other lovely new silicastaways. You can support the show at podfeet.com slash Patreon, or you can be cool like Owen and do a one time donation at podfeet.com slash PayPal. And if you want to join in the fun of the live show, don't go there on August 6th, but you can go there on August 13th by heading out over to podfeet.com slash live on Sunday nights at 5 p.m. Pacific time and join the friendly and enthusiastic no silicastaways. Thanks for listening and stay subscribed.