 The Mac Observers' Mac Geekgab Episode 652 for Sunday, April 9th, 2017. Thanks, folks, and welcome to the Mac Observers' Mac Geekgab, the show where you send in your questions, tips, and cool stuff found. We share it all, and the goal is for each and every one of us, me included, to learn at least four new things every single time we get together. Today will be no exception. I am certain. We have three sponsors for you today, and all three of them are new. We have AwayLuggage at away.com.mgg, where coupon code MGG saves you $20 off of the coolest suitcase I've ever used. We'll talk more about that later. Bitbucket.org for the code is where you go to sign up for your free Bitbucket account and an awesome Git repository tool. We'll talk about that in a moment for you coders out there. Jamf now at jamf.com, j-a-m-f.com.m-g-g. We can go and get your first three devices signed in for free forever. Jamf lets you remotely manage all of your Mac and iOS devices. It's actually pretty cool. We'll talk about that later too here in Durham, New Hampshire. I'm Dave Hamilton. Here in Purple Connecticut, John F. Braun. That's right. We have a very special guest today from both the Mac Observer and from App Advice. We have Jeff Butts, aka Jeff Burns, joining us today. Jeff, thank you so much for coming on the show. It's awesome to have you, man. Thanks for having me. Have fun. Yeah, it's good to have you here. Jeff's been doing a bang-up job. For those of you that haven't noticed and you probably have, Jeff's been doing a bang-up job here at TMO with some great tips in addition to all the great stuff he does over at App Advice too. So it's a pleasure to have you here. We're going to talk a little bit about email encryption with you, Jeff, because you have cracked a bit of the code that's plagued this all for years. But we'll have you here for the whole show and I'm sure you'll be chiming in on other stuff too. Fun stuff? Anything you want to say, Jeff, before we get rolling? No, just glad to be here. Okay, awesome. John, you want to take... We had a couple of follow-ups and a quick tip. You want to take us into that to get us rolling today? I will because we got a good follow-up here. So Tim writes, Hi, David, John and Jeff. I have a comment regarding the discussion of Steven's question about changing an Apple ID email address. John referenced the Great Apple Help article detailing the steps. I just wanted to highlight something in the article that I don't think was mentioned on the show. No, it was not. Apple advises that you, quote, sign out of every Apple service and device that uses your Apple ID before changing the email address at appleid.apple.com. Failure to take this step could result in unexpected problems. For instance, I have seen a case where a user was unable to authenticate with iCloud on iOS after changing their Apple ID email. The issue was that the old Apple ID email addresses still displayed in the iCloud settings. The known good password was rejected because of the email address mismatch. This even prevented the user from signing out of iCloud on the device. The solution in this case was to change the Apple ID email back to the old address, sign out of iCloud on the effective device, change the Apple ID to the new address, and sign back in. I hope this is helpful. And yes, it is. Huh, that makes sense. I mean, they should have coded around this, but I get why this would happen. Yeah, and that begs the question, Dave. And I don't know, the thing is Apple doesn't really give you very good guidance on how to accomplish this. Signing out of everything you mean? Right, there is a way either on your computer on the web. So if you log into your iCloud account and you click, I believe, on settings, you will then see a list that I see right now, my devices. Oh, okay, it shows my Apple TV, my iPhone, my MacBook Pro, and my Mac mini. I recently removed my iPad because it's dead. So those are the four devices that I have signed in. But I don't see anything saying, hey, kick all these guys off. I do see on the bottom of the screen a thing that says sign out of all browsers, which... Yeah, that's not quite the same. Yeah, right. Yeah, so, and I think you had actually suggested, Dave, a sneaky way of, and I think I've seen this, but I think there is a way to accomplish kicking all your devices off. Well, yeah, if you change your password, it will knock all of your devices off. I don't know if it would solve for this problem, but it certainly would be, if you don't wanna bother signing all your devices out, this would be one way to do it, is change your password first, then change your iCloud email address. You're going to have to re-log into all your devices at that point anyway, and that might do it. I haven't tested that, though. Jeff, you know anything about this? Well, it seems to me that it must be an intermittent thing because I recently went through the process of changing my email address with my Apple ID, and it logged everything out, but I didn't have any problems logging back in. I did have to redo all of my, oh, what are they called? The unique app-specific passwords. I had to redo all of those. Okay. But I could still log in just fine on my iPhone 5, my iPhone 7 Plus. Huh. All right. That makes sense. Yeah, okay. Huh. Well, it's a good heads up to ward off issues like that. So. Yeah, it's something to be careful of. Yeah. Yeah, good stuff. Thanks, Tim. All right, Mr. Braun, you ready? All right, next we have Dave versus Dave here. It's true. What happened here? So Dave writes in and addressed this to the other Dave. And he says, I thought your recommendation to stop using LastPass and switch to some other password manager was too strong and it was premature. Anyone who followed that advice would have gone through a lot of effort and expenses. Let me give you some context for those of you that haven't heard last week's episode. We talked about how there was this vulnerability in the browser extension of LastPass and my advice, as you now understand, was if they don't fix this within 30 days to change to something else because the exploit was going to be made public about 45 days later. So I wanted to give people time to change to something if this exploit was not fixed. So that was my advice. And so now continue. Go ahead. Okay. The problem was identified on March 27th and resolved by March 31st. The details of the exploit were not made public until after the fixed extension had been published. Here's the post mortem published by LastPass. And we also actually had someone on Twitter let us know about this as well. And I did tweet it out on our Matt Diegheb Twitter account to let people know. And we're telling you again. So it is fixed. So LastPass for now is safe as far as we all know. And it was only an issue with the browser extension, right? Is that right with the last pass? Correct. And actually when that happened, so another part of the discussion what you probably want to do. So yeah, this is the extension in Safari. One thing you may want to do is if you do go to Safari preferences, you're gonna see a list of extensions and you're gonna see on the bottom of the screen a little check box. And it says automatically update extensions from the Safari extension gallery. A lot of times Dave, I actually prefer for something that has permission before I update it. But in this case, I think I would endorse checking that box. And actually when I looked, it says, oh yeah, you got LastPass 4.1.44, which is the patched version. So it just magically happened in the background. So just let people know how to make that happen and make sure that your LastPass or any of your browser extensions. I actually guess I don't see a reason why you wouldn't want to automatically update it except if you're a control freak, which is kind of why I do that sort of thing, right? So. That's true. We've never heard of an exploited extension making it all the way into the Safari gallery, have we? I don't think so. Jeff, have you heard of one? No. I haven't. LastPass has had a share of problems though. Yeah. Two years ago, they had some information stolen. Right. They said that the encrypted user vault data wasn't taken, but they were able to get email addresses, password reminders, and encrypted passwords of master vaults. Yes. So on the other hand, they're, you know, they provided, you know, from what I recall, full disclosure and they let people know that this was a problem and they fixed it. But yeah, shame on them for that it happened to them. I think most of the password manager vendors at some point have had something terrible happen and when it does, they... Yeah, I mean, it's unavoidable. People are going to hack. That's just the world we live in. All right. It is the world we live in. Right. I mean, you have to assume if you're, certainly if you're a service provider, the more popular you get, the more popular a target you become. And then that's true for those of us as customers of, you know, popular services like this, where some, especially one that has passwords in it, it's a, you know, it's a magnet for this kind of stuff. So yeah, it's going to happen. Yeah. Yeah. So. All right, good stuff. And then, John, you have a quick tip for us. I think we do. It's getting pretty hairy though, man. This is a hairy tip. All right. Hello, fellas. Just thought I'd drop you an email to advise you over a problem that was driving me mad for a while today and it's a vegetable solution. I would hate for anyone else to have been pulling their hair out as I was, especially as it turned out, this was indirectly a factor in the problem. I was using my magic trap cat on my new 15-inch MacBook Pro and my mouse was behaving rather erratically. It would appear to work okay for a while, only then to become really sluggish or jump about in fits and starts. I did all the usual things, switched off then on, unpaired, repaired, thinking it could be an interference, I switched off other Bluetooth devices, but nothing, still the same problem. Determined not to be stumped, I started looking at other things that might be causing a problem, cordless phones, et cetera, but still nothing. As a final desperate measure before throwing in the towel for a breather, I checked my track pad again to make sure nothing was lying on it, causing it to act funny. It was then that I had an epiphany and looked much, much closer. I had had a haircut earlier in the day and on very close inspection, extremely fine, almost invisible hairs from the aftermath of my haircut had fallen on the track pad. They were the blighters that was the cause of so much havoc and appropriately enough head scratching. A quick blow and the problem was solved. Next time I'm gonna rock it 80 style and get a blow dry just to make sure I don't get caught. Isn't that interesting? This is why I always take a shower right after a haircut. Yeah. Wow, I've never had that problem. I guess it makes sense though. I mean, you've got this huge surface, the entirety of which is capacitive, right? Touch sensitive. So, right, it is capacitive. That's how those are done, right? I'm not getting that wrong. I had something similar happen with mine and it was due to something different. So I just thought I'd share it since we're talking about things that make your track pad apt up. Sure. I use some cleaner on my computer on my MacBook Pro at some point. And I think what I had done is I had used the cloth, I had cleaned off the track pad and then I had left the cloth there and that's what I should not have done. And I actually put the machine to sleep because I was going out and typically I put my machine to sleep when I go out. And then when I got back home, I'm like, oh man, I left that cloth there, I probably should. Or I just took it off and I'm like, all right. And then I started to use the machine. Oh, the track pad was not happy. It was, yeah, same symptoms. Here's what had happened. Apparently some of the liquid had seeped into the track pad, little seam. And as you point out, David, it's a capacitive device. Well, liquids can affect the performance of capacitive devices. So I think the solution was I think I got a blow dryer to try to help some of that liquid go away and then put it on its side and had a fan blow on it for a while. Eventually it came back. But be very careful with liquids. And I don't know if it's a specific, it may be just specific to this model here and that there's a small seam in there that will allow liquid to get in there. Maybe the design of future machines beyond my 2012 don't have that problem. But you'll see a problem with liquids as well. Like also with Touch ID. I think we've all seen it sometimes. If you're sweaty or your hands are wet or you just wash your hands, it won't work. It'd be like that's not you because your fingerprint appears differently. Yeah, I don't run into that. Well, I think you had it. Didn't you have an issue once, Dave, with your I think due to your banging on the drums there, I guess, if your skin gets callous that could also affect the, right? Well, yeah, with Touch ID for sure. Yeah, yeah, and sweat and all that. But yeah, yeah, yeah. Huh, I don't know. It's interesting. One thing that I've done in the past, I've done this with my keyboard. I've never done it with a track that or a mouse, but I had a spill on a keyboard and I put it in the dishwasher just on the dry cycle and it cured it right up. Really? Yeah. Oh, I guess that makes sense. Just on the dry cycle, folks. Yeah, yeah, obviously. Yeah, don't put it through a whole cycle. Just turn the dial to dry. Yeah, yeah. Anything else counterindicated? Huh. So that just applied. So that turns on a heating element, I guess, right? So yeah, it turns on a heating element and I don't know what else it does, but in a matter of 10 minutes, the keyboard was functional again. I believe it. I guess, I mean, you could also do the same thing with the oven. Just be with anything where you're applying. Well, no. I mean, you just need to apply heat low enough not to melt any of the components, especially those of which that are plastic in the device because, you know, that's just how that goes. So yeah. If you want to flash dry it, I think maybe the, like the video that I shared in one of my posts this week, 25 pounds of black powder. Well, yeah, yeah, that might be a little different, though, Jeff, onto something productive and certainly the catalyst for why we have you here, Jeff. We've talked a lot on this show about email encryption and we've talked about it on the Mac and we've lamented about it on iOS. In fact, very recently, we just said how you can set up iOS fairly consistently to decrypt emails that were sent with S-MIME, which is the encryption that's built into OS X and Mac OS, or and iOS, sorry, and Mac OS, actually, all three. But encrypting email on iOS has frankly been something that has eluded John and I here on Mac for a long time up until recently. And so we walk us through some of that of what you've figured out and in a general sense, what the best thing is for folks to do. We will put links to your articles in the show notes so you don't have to get into the total nitty gritty. Anything that doesn't feel comfortable trying to explain to people to remember audibly, don't worry about it. How's that sound? Yeah, that sounds good. OK, basically, you know, I I have I have these issues where I don't sleep at night. So I just start playing around with things that bother me. And so I wiped out. Most of my encryption settings on iOS and decided to start fresh. And, you know, it's it's tricky. But if you can get these certificates in and then realize that iOS doesn't automatically import the public certificate that people send you when their emails are digitally signed. That was that was to me the missing link is once I realized that I had to get those public certificates into my key chain manually after that encryption started working. Yeah. So this is this is interesting. And there is something else I want to go through because even once you and I once you explain this concept to me, it I still had a problem. But but yeah, on on the when when someone sends you an encrypted email. So, for example, we're going to use you and me for this example. So I send you a signed email, right? So that's going to have my signature in it. What it also has is my public key that you can then use to encrypt an email for me. You can't decrypt anything that that is sent to me. But you can encrypt and that's the beauty of what's called public key encryption is there are two pieces to the key. One piece is good for encrypting data. And the other is the pride. That's the public key. And then the private key is good for decrypting data. It's also good for signing things so that you can prove that you are who you are. But in terms of the encryption, the private key decrypts it. The public key encrypts it. So the night. Yeah, right. Did I have a reverse first? OK, I thought I might have. Yeah. So the so the idea is we send out our public keys to anyone. In fact, you can even post them publicly because no one can do anything other than encrypt data for you with that key. So I send you an email that I have signed. And in the process of signing this email on the Mac, you it sends along my key to you. Your Mac takes that key and puts it in your key chain without you having to do anything just by the act of you receiving the email. You know, right? You now have my public key in your in your key chain. And so if you are set up to encrypt email, you now can encrypt email to me. It's just because you have my public key in your key chain. iOS does not do this. Exactly, which is crazy. Yeah, I mean, especially with the focus on security that Apple has had not just recently, but for years, you think they would have paid a little more attention to this. So OK, so what happens? Let's say I send you this email. You see that it's signed because there's a little what is there a checkbox on it or an asterisk or something? It's blue. It's a it's a it's a check mark inside an asterisk. That's OK that that and that means something. So. So now what do you do? Like if somebody gets an email like this and for the record, anybody that gets email from us, from either our feedback at Mackie Keb.com address or our premium at Mackie Keb.com address, you will see more often than not that they are signed and they have this little check mark in an asterisk. So we are sending out our public keys all the time in case you want to send us stuff encrypted. So on iOS, how does someone take that key and add it to their iOS device so that they could then send out encrypted email? Yes. So what you have to do is you have to actually tap on the sender's name. And that will take you to the information about that sender and it will indicate that there is a certificate there. And then you just have to install the certificate from there. And I go through all of that in the article showing with with nice little screenshots exactly what you need to do. Cool. Yeah, it's like a three step process, which which feels a little cumbersome cumbersome. You tap on it, you hit View Certificate, and then you say install, which is which which seems weird because you're not. It's very cumbersome. And I think it's one of the biggest reasons why third party encrypted email apps are able to make so much business. Yeah, fair point. Yeah. So while we're on this subject, so this is what's known as Esmime encryption, and it is the only type of email encryption that's natively supported, as we said, on both the Mac and the iPhone. And when you do install your own certificates, you now can without even having to do anything encrypted email that is sent to you is just simply viewable like like anything else. It just it auto decrypts when you try to read the message and it's great. Right. Or it's very convenient. I don't want to say it's great. I think it's great. But you know, there is that continuum between ultimate security and ultimate convenience. And by having it auto display the email, you know, some people may see that as as a security risk. But but that's how it works. So there are other types of encryption. The most popular one is PGP or on the Mac. We use a package called Mac GPG. Right. Am I getting that right, John? Is that right? GPG tools is OK. It's yeah. It's the GPG suite. OK. Jeff, what are your thoughts on? Is there any security difference in your mind between Esmime and PGP slash GPG? Is there one you prefer over the other for any particular reason? I prefer Esmime because it's centralized. Your certificate is stored on a central server and it's authenticated through this through that server with open PGP. You're relying on a web of trust, meaning your friends, when you get emails, when you send emails to your friends, they confirm, yes, the certificate is valid. He or she is who they say they are. You can trust this key. The problem is is people have gotten away from actually using that feature. Right. So you might have a hard time establishing credibility for your certificate. Now, with that said, Esmime has its problems, too. Certificate authorities lose credibility because of what we talked about earlier, people hack. So they get happed. They lose their credibility because maybe they don't respond quickly enough. And this is why, you know, you see things like Symantec just had a third of its certificates declared no longer valid by the rest of the Internet because they didn't respond quickly enough to exploits and hacks. Right. And that also happened with StartSSL, by the way, Start.com used to be, in fact, one of the tutorials we linked to recommended getting a certificate from Start.com. And I even used that one as an example in my first article about email encryption. And then I immediately saw that that certificate wasn't being recognized by Apple. Oh. And I looked it up and sure enough, Google, Apple and Mozilla had all blacklisted Start.com because they didn't respond quickly enough to problems with their security. Huh. There's a trend to this episode here. And it's how there is a the. Rate or the attention at which a company pays when they have a security risk seems almost more important than the fact that they've had one or a security exploit or a security breach, I guess, is the point. Because because it's going to happen or it is, you know, people are going to try to make it happen. The question is, what do you do once it does? Yeah. Yeah. And just a quick tip to to the listeners. GPG Suite, if you're on Mac OS Sierra, they have not quite gotten it yet. They're in beta. Everything works pretty well, but there could still be some bugs in there in their software. And they let you know about that on their website. Yeah. Yeah. Yeah. Yeah. I think they're on beta three now, which I'm on. They are they are on beta three. Yeah. And I mean, it's a great set of tools. And, you know, I've talked to the developers over there. And the problem is Apple keeps changing things. And with Mac OS Sierra, they changed so much in the APIs that it's taking the folks over in GPG tools a while to get everything working right under Mac OS Sierra. And most when we talk about Apple is changing things, specifically, we're talking about the Apple has changed things with mail and and the hooks for for baking this into mail. That I think even once Sierra came out, the prior version of GPG suite worked for doing manual encryption and decryption and signing of of, you know, files or documents or whatever. It just the the mail integration was completely borked. Is that is that right? I think that's right. Yeah. Yeah, that sounds right to me. Yeah. Yeah. So well, very cool. Thanks, man. This is I mean, thank you for explaining this to us, but also thank you for figuring it out in the first place. Now, I said there was one other thing about mail on on iOS. And that was that even once you told me I had to manually slurp in your certificate into my iOS key chain for lack of a better term. I mean, it is the iOS key chain. You can't go see it, which is sort of the frustrating part. But it is there and it's akin to the Mac OS key chain. But even once I slipped your certificate in, I couldn't encrypt to you. And that was because I had previously set up encryption on as my encryption on iOS, I had pulled in my own certificates and then as often happens, they expire and I pulled in new ones. But for some reason, mail tends to cash things and wouldn't acknowledge that the new one was there. It kept hanging on to the old one. So the trick there, which you explain in the article is that you have to go into your certificates or your profiles in settings. And I had to remove all of my personal private keys. And then I had to reboot my phone and the reboot of the phone was the key because or the no pun intended, right? Exactly. Yeah, because I guess some portion of mail, even if you force quit the app, some portion of mail is always running in the background on iOS and it would cash this stuff. So if I added new keys in, it wouldn't matter. It would it would it would be as though I had done nothing. So it's crazy. I really hope that we have, you know, iOS 11. Apple reengineers this because this is important stuff. And if they could make it easy for people to do, especially if Apple started their own certificate authority to really make it easy for people to do, which they kind of have already with iMessage, by the way, because you're doing public key encryption with iMessage, whether you know it or not, that would be that would be a nice thing. Or maybe they think, well, we already have it in iMessage. Why bother adding it to email? Well, and, you know, I hope that they fix it in iOS 11. But considering how long this problem has been going on, I don't have much hope for that. Yeah. No, yeah. Yeah. In the chat room at Mackeygov.com slash stream. Furbys asks a very good question. Doesn't adding a public key into Mac OS keychain propagate it to iOS if you have iCloud keychain sharing turned on? And, you know, it would make all the sense in the world. If that were the case, unfortunately, it's not. These are one of the few things that do not sync to iCloud. So and they don't sync to your other Macs either. I don't know. And that's what that's what really bugs me is, you know, you turn on iCloud keychain sharing. This is the other thing that I wish was just baked into Mac OS and iOS. Give me my stupid email accounts automatically on my iPhone using iCloud keychain. Other third party clients do it. Why can't Apple? Yeah. Yeah. Right. Yeah, it's true. All right. Well, this is the go ahead, John. Yeah. Well, I had one for Jeff, but I think the. So there is no way, whereas on the Mac, if you go to keychain access certificates and the logging keychain, typically, I can see all of the certificates that from people that have sent things to me. Right. I know. Actually, no. Oh, yeah. On the Mac OS. Yes. On the Mac. Yeah. On the Mac, you can. So for people for people that want to see the the, you know, all of the certificates from people that have sent you emails, that's where you should be able to see them. But I think you said it once before, I would just want to clarify. There is there's certainly nothing in the iOS interface to let you see that. No, there's not that I've been able to find. And I've looked profiles doesn't show it. Profiles is the only place where you can see your your private. Right. And those are. Yeah. OK. So that's the only visibility you get on iOS into certificates is is your own. And that that's aggravating. I'm you know, I'm now scratching my head. You know, is there a tool? You know, I look at IMAZING. I don't think it does it. I don't know if Apple Configurator. I don't think there's any tool that this is something that is. Shouldn't be hidden, but is. Well, what I haven't tried yet and maybe someone else wants to. I haven't checked Cydia. To see if jailbreak in your phone, jailbreak doesn't because I don't I don't jailbreak my iPhone simply because I need to keep it, you know, I'll put a beta on there when there's a beta coming out that's really big. But other than that, you know, I use my iPhone so much for writing articles and doing how tos and screenshots that I just I can't afford to jailbreak it. So I haven't tried that. Yeah, you need it to work consistently with that of your audience, right? Absolutely. Yeah. Yeah. Granted, a part of my audience is jailbreaking, but the majority are not right. Right. Yeah. Well, I mean, it's the audience you choose to to address. That's right. Yeah. No, it makes sense. The last thing that occurs to be is GPG. You mentioned Web of Trust and I think the one issue that I have with GPG, especially if you're going to get a certificate from someone else. I believe there's the potential. So if you go to a repository, so I think you can also. So once you generate a key pair, you can upload it to some repository and then if somebody searches for it, they're like, oh, there's John F. Braun's GPG. Yeah. It's entirely possible that someone can impersonate you and say, well, no, I'm John F. Braun. No, I'm John F. Braun. So if you're going to do the GPG thing, I believe the best way to get the certificate is directly from the individual themselves and not necessarily trust a repository. Yeah. And what a lot of people have started doing is they won't even they'll share the the hash of their public key over another medium like over the phone. They'll just spell it out over the phone and say, this is how you decrypt my message. Yeah. All right. That's crazy. But but it is trusted or it adds a layer of trust. I mean, I suppose that you could be impersonating someone another way. But yeah, the theory behind Web of Trust is that you can't fool everybody all the time, but it comes down to who has more friends. Right. Right. Right. Right. Interesting. All right. We will we will revisit this, of course. If you have any questions for us, of course, I mentioned the email address. Once I mentioned it again, feedback at Mackeygov.com. I think you said feedback at Mackeygov.com. I did unless you're a premium listener and then it's premium at Mackeygov.com. John, he said feedback at Mackeygov.com. Now it's a party. That's thanks, Joe. I've I've been wanting to do that for years. That's awesome. We are happy to have you here to do it. That's awesome. OK, so let's let's jump let's jump around. Let's jump to something that has nothing to do, I don't think, with with certificates or anything like that, because it's a it's a it's a heady topic and we need to relax and breathe. So we will go to Chris and Chris. Well, Chris has an interesting issue. He says, I've got the 2015 12 inch MacBook running 10, 12, 3, which I've been using. And actually, this might have come in. There's 10, 12, 4 out now, right? Yeah, but and I think he'd upgrade it. He said, which I've been using the adapter, which has USB and HDMI to connect external drives for about 18 months with no issues. Recently, I bought a 24 inch Samsung monitor, but I've been having nothing but trouble with it. At first, it would work most of the time. Sometimes the Mac acts like the monitor is connected and shows in display prefs that it detected the monitor, but the monitor won't come out of sleep mode. Sometimes unplugging the adapter and plugging it back in, fixed it. Sometimes only a reboot of the Mac would. Other times it would work for a while. And then the external monitor would suddenly go to sleep and I'd need to reboot my Mac again to fix it. Other times, both the laptop and the external display would go black and a hard boot would be required. Recently, though, I can't even get the monitor to come out of sleep mode. I've tried cycling inputs and the screen is acting like there is no input. I've got an expensive paperweight and if I can't fix it. Any ideas. So, yeah, I can certainly commiserate with you, Chris, but I might be also be able to help you as listeners might remember. I recently added a 27 inch mono price screen to my retina iMac in the office because my old Apple, my 14 year old Apple Cinema display, finally decided to stop working on me. And I started having almost exactly the same symptoms that Chris describes. It would I could wake my Mac from sleep. I never had trouble waking my Mac from sleep. But waking from sleep resulted in one of three conditions on the monitor. That was either it worked great or it would wake up and show and show an image. But none of my windows would be over there. If I had put windows over there, they would all have been recollected on my on my main screen. Or the screen would never wake up at all. It would just stay in sleep mode, even hitting the power button, nothing. I would have to power cycle the screen in order to get it to to display an image. And then, of course, all the windows would be recollected. So I worked with with mono price on this and they said, well, it could be your cable. So they sent me a new cable. And it seemed like that fix it for a couple of days and then it didn't. And so I started working with mono price again and nothing helped. Until Mother Nature stepped in. Now, what Mother Nature did was a week ago, Saturday, Mother Nature turned off my power for about three hours. Because there was a line down or a yeah, there was a line down in the neighborhood. We had a big, big snowstorm actually. We had about a foot of snow and it it it brought a limb down that brought a line down. Now, with an iMac, pulling power for 15 seconds or more and then reapplying power and waiting five seconds or more to turn the machine on results in an SMC reset. And that seems to have solved my problem. So the advice here is to never forget about the SMC reset. When something seems like a hardware problem, sometimes it's not and sometimes it's an SMC reset. And I think things have worked. You know, I was traveling for the most part this week. I spoke in what Boston and then and then Philly. And then I'm speaking actually as an aside, I'm speaking on Tuesday night right here in New Hampshire about Wi-Fi and mesh networks and all that good stuff. So come and come and see that if you're going to be around. But but that SMC reset seems to have fixed my my issue. So I don't need to send my monitor back to Monoprice, which of course, Monoprice would have would have done. You know, they would have made it for me. But very interesting stuff. So just wanted to share that advice. Any thoughts from from you, Jeff or you, John? Well, the dumb question is what is an SMC reset? That's not a dumb question at all. That's the system management controller. And it's essentially the power manager, right? In the Mac, is that is that the right way to explain it? Yeah, that sounds about right. Cool. Well, yeah, and it has. How about if we link to how to reset that? We will. That's a great idea. We've done that before. Yeah. But I think what you're doing when you do the reset for it. So I think it's very similar. But it manages different things and it holds information or parameters, if you will. And I think it's similar to the PRAM in that it. You know, it does certain functions and it stores certain information. And sometimes. That information, the technical term, I think is horked. Yeah, or it's corrupted. And sometimes you have to start from scratch. And that's what either an SMC reset or a PRAM reset is another thing to always try if you're if your machine is acting up. It's a type of nonvolatile RAM. What if we're warning before you reset your PRAM? Make sure you know how to get back into find my Mac. This is true. If you reset your PRAM, it erases all of the find my Mac information. Yeah. Really? Wow. That almost sounds like like a security exploit type of thing there. Yeah, it does. Don't you think? Yeah. Our good friend, Jeff, here has also written an article where the resetting the PRAM is an aspect of what we could call a security exploit or incident or exploit or whatever you want to call it. But I think it's I think it's a huge hole. I think it's weird, actually. And to address what John is alluding to, Jeff did put up an article that find my Mac has this serious security vulnerability and a couple of people in our in our market as as people want to do called you out on that, Jeff. And so they told me I was writing clickbait. They told you I've never I've never done clickbait in my life. Won't believe what happens next. That's right. Yeah, now that would have been clickbait. But people people didn't I think it was that people that and they were in some of these people are very serious about security and they did not like that you called this a security vulnerability. And so that was what elicited the reaction of this is clickbait. And to be fair, you know, the in the news, in the media, even in what we do, the the emphasis is usually on data security, securing the software. Right. And we've gotten away from worrying about physical security. Nobody mentions Kensington key locks anymore, even though they're usually there. You know, nobody nobody really talks about the fact that the physical security of your device is just as important as the security of the software on it. Yeah. Yeah. For example, it's a very good point, man. One thing where I've seen this happen well happens anywhere that you have banks and ATMs. Some nefarious people will install what's known as a card skimmer, I believe. And it's basically something that will read the stripe off of your card. And then you put it in the ATM and you get your money and then you take it out, not knowing that someone has collected that information, which if you know what to do with it means that you can make another card and then you're good. And some people may say that's a security exploit. I would agree. And it's a kind of sneaky one. It's not network based and it's not but it is, I say. Right. It's another type of exploit. And it's not it's not just ATMs. Here in Northeast Ohio, here in Northeast Ohio, there's been a there's been a rash of people replacing the card readers at the gas pump so that now it's been it's been in the news that you need to you need to look closely, make sure that the that the seal isn't broken. Oh, yeah. The seal is broken. Don't use that pump. Wow. Yeah, crazy. Wow. Fun stuff. All right. What I want to do is I want to talk about Rob and and we'll change gears again a little bit here and then and then I want to tell you about our three sponsors here. So Rob brought up a great question. Rob and I were having an email chat back and forth about about routers and cable modems and things like that because because it's a topic that I love as any listener knows. And and Rob said to me, he says, I know you like renting the cable modem, but you should do a show on buying cable modems for those of us who are price sensitive. There are good recommendations on units that will save a lot of money in a short period when Comcast wants to bill you ten bucks a month for the modem. And Rob is absolutely right. Some listeners might remember that I did move away from renting my cable modem last year, but since Rob missed it, I figured maybe many of you did too. Yeah. So my reasons for renting a modem from your cable company still apply. And that is when you have a problem, it doesn't allow the cable company to just point to the modem and wipe their hands clean and say, yep, it's your modem. You know, you got to get a new one and then the service tech gets to leave. That that is avoided when you are using a modem that your provider rents to you or provides to you. Some people don't pay a rental fee like your your cable company, John. I think I guess you pay a rental fee, but there is it is not broken out separately. If I give it back to them, I don't get a credit. Right. Exactly. That's the right way to say it. Exactly. As far as I don't get charged separately for, you don't get charged separately for my cable cards. Right. Right. Right. So yeah, I don't get charged separately for my for my cable modem either. And in fact, the only way I can put my own cable modem on their system is if it's a just a cable modem. I actually own a Netgear cable modem slash wireless router combo. Yeah. And Armstrong won't let me use it. Interesting. Yeah. Huh. Yeah. Makes sense. Yeah. Yeah. And it was it was a real pain in the butt when, you know, I moved in here and the people I moved in with, they were still using wireless G and it was just too slow for me. So I couldn't use something I'd already paid one hundred and seventy dollars for. I had to go out and buy a new wireless router. Because I couldn't use my combo unit. Right. Right. Right. Huh. Interesting. I'm actually looking here. So Optimum says two options. Optimum provided modem and then they say option to purchase your own modem. So Optimum, but they say if you purchase your own, we'll advise you on which are compatible, but you don't get any tech support. And if if bad happens, then it may be your fault. So Armstrong Armstrong will let me buy my own cable modem, but but only if it's just a cable modem. So it sounds like and guys don't take this the wrong way, but it sounds like a lot of the smaller market carriers just provide modems, at least that's the case for the two of you that that they don't charge you for most of the larger market carriers like Time Warner and Comcast will charge you a rental fee for that modem. And and so there are there are several decent modems out there. But as you guys just pointed out, you need to make sure that whatever modem you get is certified by your provider. The model number of that modem is certified by your provider. But you can save a bunch of money. I I'm currently running a Motorola 74 MB 74 20. Sorry, Motorola MB 74 20. That is a 16 by four cable modem and and works really, really well. It's been it's been rock solid for me. It's about 80 bucks at at Amazon. And and so I will put a link to that in the show notes. But the the other very, very popular one is the the Airis surfboard 61 SB 61 90. I don't know why I want to avoid putting the the letters in, I guess, because nobody ever talks about the letters. But but that one's also very popular. That's about 106 bucks right now at at Amazon. So but even still within a year, you can you can make your money back on that. And the Airis, the 61 90 is a 32 by eight, meaning it's got 32 downstream channels and eight upstream. And and and so chances are you don't have speeds that would make a difference there, but where the extra downstream channels make a difference is if you are in a crowded area, some Comcast will bind. I believe they will bind up to 20 downstream channels, regardless of your speed. And and that can help deal with some of that congestion. So that's where having more of those downstream channels can matter, even if the speed multiplier doesn't necessarily matter for you. So that's that's my thoughts on that, John. Do you have any any thoughts on that? I guess you don't. You don't think about what cable motor to buy because you can't. It doesn't matter to you. Well, I I'm very happy. I yeah, I have a it's an Airis Doxis three and I I get the speeds that I'm happy with and it's it's not a bottleneck and they provide the support. So there you go. Works for me. Sweet. Fun, fun stuff. All right. What else do we have here? I'm trying to look here. Yeah. What else do we have? All right. Well, those are those are basically the two cable motors. Jeff, do you have a cable modem that you like? Which what is the one that you're using right now? You know what? I don't know for sure. Putting you on the spot. OK. Yeah, that's fine. I think I think it's. No, I don't know. I haven't. OK, I have had good luck. You know, if you're if you're going to look at brands, I would look at the Motorola's are great. So Motorola used to sell the Airis brand. But they that relationship ended. Now, Motorola actually sells cable modems made by Zoom. But the ones that Motorola sells have additional features in terms of just reliability that Zoom doesn't put into their own. In fact, when I talked to the folks at Zoom, they said, you're better off getting a Motorola modem than you are a Zoom modem. So get the Motorola for that. The Airis modems have always been great for the most part. And and certainly the sixty one ninety is is is, you know, the the a great one that a lot of people recommend and works very, very well. I have also had good luck with netgears cable modems by and large netgears modems, like you mentioned, Jeff, are combo modem routers. So you have to make sure you're picking the one you like. The R seven thousand is essentially the the combined modem and router version of sorry, I think it's the C seven thousand is the combined modem and router version of the R seven thousand router. Yeah, I think I think they're they're combos. The model always starts with C with a C minus C six thirty. OK, yeah, so that that netgear C seven thousand, you know, it's it's got a it's got decent radios in it and and all that stuff, but I like to keep that stuff separate. But but I did have good luck when I was running that that netgear one. All right, actually to C sixty three hundred. Oh, yeah, that would make more sense. And see, here's, you know, when I was on Time Warner, which in in that market, it's now owned by Spectrum, I had this C sixty three hundred and the reason I bought it was because the one that the one that Time Warner provided was not dual channel. Oh, right. And as far as I could find out, I think surfboard, Aris does have a dual channel. OK, router you can buy, but it's a lot more expensive. It's a lot more expensive. Yeah, that's right. Yeah. Yeah, cool. All right. Well, I promised that I was going to tell you about our sponsors and I would love to do just that. Is that is that work for you guys? I'd love to hear about our sponsors. Awesome. All right. Our first sponsor today, as always, is for the geeks out there. But this is for the geeky travelers and not just geeky travelers, any travelers. And that is a way luggage at away travel dot com slash MGG, where coupon code MGG gets you 20 bucks off an awesome suitcase that is totally engineered for you. This suitcase has a USB port in it, actually has two USB ports, one of which can charge at 2.1 amps. It's got a 10,000 milliamp hour battery inside. It's got a lifetime warranty. It's got a hundred day free trial and free shipping to the continental US. These suitcases from away are very cool. It's a really lightweight construction, but a hard shell, which sort of is betrays what you might think of a hard shell suitcase. It's awesome. And they have carry ons in two different sizes, a smaller one. And that's called the carry on and then a larger one that's called the bigger carry on, then they have a medium and a large suitcase for extended stays. One of the other cool things about this is the way the inside of the suitcase is laid out, there's one side that's for all your soft stuff, like your shirts and your underwear and your clothes, right? And that one cinches down. It's got this cool little pad that sort of sits and it cinches down to compress that stuff in. The other side is for the things that can't compress like your shoes and your bathroom case and your your chargers that you're going to use with the wall, right? Your wall plugs and all that stuff. That's in the other side. And that's got a zippered closing pouch in order to keep all that in place. Very, very cool stuff. Check it out. Away travel dot com slash MGG. That's my new favorite suitcase promo code MGG. Get you 20 bucks off at checkout. Our thanks to away at away travel dot com slash MGG for sponsoring this episode. Our second sponsor today, of course, for geeks out there because that's who we all are is for the coder geeks out there. Bitbucket at bitbucket.org slash for the code. F or T H E code is where you can go to start your free account. Bitbucket is the get solution for professional teams. They're using their in use by over five million developers. It is fantastic. Bitbucket has the world's best pull request algorithm. It's got built in continuous delivery and it's got integrations with all your favorite tools like Docker, AWS, Azure, and of course, because Bitbucket comes from Atlassian, it offers the best Jira integration available, giving your team everything you need to take your code from concept to customer. Now, here's the thing. Bitbucket is your get repository. It allows you to maintain all your version control. You know what changes have been made either by you or someone else. A lot of people say you don't need version control if you're just a solo coder, nothing could be further from the truth I know from firsthand experience. My own worst enemy when I'm coding is me six months ago, right? And that's because I don't remember why I did what I did. Bitbucket lets me track when I did it and put in little comments when I commit to the repository. You got to check this out. Bitbucket.org slash for the code because that's where you're going to start your free account and you're going to be in great company when you do it. Bitbucket.org slash for the code. Our thanks to Bitbucket and Atlassian for sponsoring this episode. Our third sponsor today also for the geeks out there is Jamf. Actually, it's Jamf now and you can learn more about it at Jamf. Jamf.com slash MGG. Jamf now helps you manage all your Apple devices from anywhere. Right. When you first start your business, it's pretty easy to keep track of your own computer and your phone because it's just you and, you know, that's that's pretty simple. But as you grow and you start to buy more tech, not just for yourself, but for your employees, it gets harder and harder to keep track of everyone's Macs, iPhones and iPads, figuring out how to secure the iPad that your sales rep lost can be tough, especially in today's world where your sales rep might not be in your office with you. Jamf now makes that and a lot more much, much easier. You can configure settings, protect sensitive information. You can even lock or wipe a device from anywhere. Jamf now secures your stuff so you can focus on your business. No IT expertise needed. So I said this is for the geeks. It is because we're all geeks, but you don't have to be a geek to really take advantage of this listeners. You can start securing your business or even your kind of extended home, I think, today by setting up your first three devices for free. And then you can add more additional devices or just two bucks a month. But here's the thing, those first three devices are free forever. It's not like a free trial because it's not time limited. If you only have three devices in there, it's free forever. Like I said, you go to jamf.com slash mgg jamf.com slash mgg. Register your first three devices for free today and see how you like it. Our thanks to Jamf for sponsoring this episode. All right, let's let's jump to yet another different topic here, because we've done a lot about security. We've done some stuff about fun. One of our favorite topics, routers and cable modems. So let's let's jump to audio. We've got a couple of things about audio. Chester writes, he says, I recently took the plunge and bought a 55 inch LG 4K TV. I sold my plasma before moving last year and I miss it very much every day. I'm not ready to spend the money on OLED just yet. This is anyway now that I have a decent TV and an Xbox one. My cheap little Samsung soundbar isn't really cutting it. He says, I know you're into headphones and speakers, Dave. So tell me which soundbar is the best right now? Which one is the best and which one is the best for the money? I've been looking at the play bar from Sonos. Ever since I heard you talking about the play base recently, I need to find a place where I can listen to one in person. Yeah, so the I really like the new Sonos play base. And finally, now I can I can talk more about it. The review went live this week. It Sonos will tell you that the play bar is for you if you want to mount your TV on the wall and the play base is for you if you have your TV on a stand. And certainly from the form factor standpoint, that makes sense. I will say that in general, I like the sound of the play base better. That's the one that goes under your TV on a stand. They've added a subwoofer to it that the play bar doesn't have. They are both the same price. They're not inexpensive. They are 699 a piece. So but with that subwoofer in there and just the way they engineered this thing, it not only does it sound great for TV and movies, which is, you know, sort of the one thing you'd use it for. But it is fantastic for music and it has become our living room music listening solution, which I did not expect it to do. We had to play five spread out in a stereo pair. So I really kind of expected to prefer that. But but I do and I still love that. But the play base sounds great. So that's certainly the best one that I would find that I would say. And the operation of it, it's just like any Sonos stuff, right? It's totally seamless. It just works. You start playing your movie and the sound comes out. If you want to play music, you grab your iPhone, you launch the Sonos app and you tell it or you launch the Spotify app because that works too. And and it, you know, just you start playing music. It's all sort of automatic. But if you want to save a bunch of money, the JBL cinema base also sounds pretty good. It's much taller than the than the Sonos one, but it's got some low end. We have one of those in our downstairs in our playroom for the for the TV. And and you know, it's it's less than half the price of the Sonos. It's sort of a pain in the neck to play music through it, to be perfectly honest. You've got to do Bluetooth pairing and all that. So it's not that it's not that Sonos experience at all. We have that and to play one down in the in the playroom. And and so, you know, that's that's how that works. We have a separate device to play music down there. But but for just TV sound, the JBL cinema base, it's pretty good, especially for a smaller room. So any any thoughts, questions from from either of you guys? I don't I don't know what what your what your audio, your level of interest in audio is, Jeff. I'm pretty simple. I've got a black magic set that I bought at Walmart that it's two two speakers and a subwoofer beneath my desk. And it's good enough for me. There you go. There you go. Cool. And John, I know you. You know, my setup. I got a hundred watt Sony tuner and some basic speakers and. Sounds good to me. There you go. Center. Good to you. Yeah, John's John's neighbors don't like it much, do they? It's not that loud. I mean, it's a decent sound. No, no, no. I mean, it's I could make it loud. Sure. And OK. And even better, the I still have the you want to talk loud audio engine every now and then I got the audio engine speakers and those go to eleven, man. Honestly, and most of the time I when I'm watching videos or watching movies, I just use my headset because it's usually late at night. One of my roommates is 87 years old and he's right across the hall from me and I don't want to look at him. Right. Right. Yeah. Music out in the apartment. Yeah, music out loud is a wonderful thing, but it you have to be in an environment where music out loud doesn't make you worry about what is going to happen when other people hear it. So yeah. Yeah, exactly. Yep. Yep. All right. Very cool. On the subject of audio, I want to jump to John here. Not not you, John necessarily, but the listener John that writes he says, I've been having issues controlling the sound volume with my Mac mini attached to an LG thirty four inch ultra wide via Thunderbolt and finally found a little utility that will let me do it. Mac OS doesn't allow the volume keys to keys to be operational on HDMI or mini display port Thunderbolt connections because it assumes it is a line out and you should use the remote on the screen. He said, sound flower is what I am using. It used to be maintained by Rogue Amoeba, but it is now available at Github. And and he says that that this allows you to use the key. What he does is he says it let sound flower lets you route your audio to the sound flower device and then you can route sound flower to your screen. It essentially acts as a pipe in the middle, a software pipe, but a pipe. Nonetheless, so by doing this, though, it allows you to use the keyboard volume keys because you're controlling the sound flower volume. So so the way sound flower works is it adds another audio device, both for input and output, and you can hook things up however you like. So what he's done is he uses sound flower as his audio output device for his Mac. And then inside sound flower, he routes that sound to his to his display. So now he can use his audio keys, the volume keys, rather, on his Mac to to control the volume on his LG display. That's pretty cool. Sound flower is is available for free. Rogue Amoeba didn't write it, but they took over maintenance of it. When Cycle 64, I believe that's the name of the company that created it originally when they sort of abandoned it. Rogue Amoeba picked it up. Thank goodness, because us podcasters certainly here at Mac Geekab, we have used sound flower or something like it for every single episode of Mac Geekab that we've ever done. And then Rogue Amoeba kind of took it from there and and created something called Loopback that is a a commercial product that that does what sound flower did and and quite a bit more in a in a more robust package. But but for the simple use that that John's talking about here, sound flower is perfectly adequate as long as it continues to work. And it seems like it works with Sierra, which is bingo, bingo. It does work, but there's some there's some hiccups to it. OK, and and maybe I haven't found the real missing link. But I followed. I have that same problem. I have an LG monitor plugged into my Mac Mini through HDMI. And I followed a walk through that I believe Thorin wrote over a lifehacker. And it required installing sound flower as well as sound flower bed. Because if you install sound flower on its own, you don't get anything in the menu to adjust the settings. You have to go into audio mini settings and try to do things there. And that just doesn't seem to work right under Mac OS Sierra. So you need sound flower bed, which is old, it's no longer developed. It's it works, but there's a bug in that I turn my monitor off when I leave my computer. Whenever I do that, sound flower disconnects the HDMI. And when I turn my monitor back on, it doesn't reconnect HDMI. I have to go back into sound flower bed. Push all the changes through again. And sound flower bed has a habit of dying, just locking up on my on my mini. So I have to force quit sound flower bed, start it back up again. And it just it wasn't worth it. Huh. Yeah. OK. I might try a different. I might try to change my habits and just set the sleep settings for my display. But I'm so much in the habit of just turning my monitor off when I walk away from it and I don't know if I want to do that. Right. Right. Well, I mean, loopback, so I have a couple of thoughts for that. Number one, loopback would do it. It's like I said, it's a for pay product. I think it's it's either seventy nine bucks or ninety nine bucks. I mean, it's definitely well, it's it's geared towards, frankly, people like me, right, that we need it for doing a show like this. And it is, I mean, like I said, sound flower was was mandatory for what we did. Loopback takes it to a whole other level. So it's awesome and it's worth it for, you know, producing a podcast. Is it worth it for a home user to just wire up and I use wire up, you know, with air quotes to wire this up? Probably not, you know. Yeah, probably not. Probably not. But my thought for a little more than 70 bucks, you could get a small HDMI TV that has a remote control. That's right. Yes, right, right. But I wonder, though, to solve your problem, it would be to use Keyboard Maestro to script the the little dance that you have to do with Soundflower Bed, including relaunching it and trigger it with an on wake event, which Keyboard Maestro also lets you do. Well, you know what? I saw something about that. You can actually. What was I trying to do? The problem is, for whatever reason, I don't get any events when I turn my monitor back on. Those scripts usually look for events in the in the system log, don't they? Well, wouldn't this? Yes, but wouldn't this be a System Wake event? Or is it just when you turn the monitor on? There's no there's nothing in the log files at all. All that happens is, I guess, because there's no system logs to tell me is that the mini finally sees it. Yes, I have a display I can I can send my video and sound to. But it doesn't register in the system log at all that I've been able to find. And I have searched. Try Keyboard Maestro. It might not just rely on the system log. Yeah, because it I mean, it does a lot of magic stuff. So it's I'll give it a try because I would I would love I mean, I have my black magic speakers come with a little dongle that allows me to adjust the volume. It's a rotating dongle. But I would love to do it just straight for my keyboard. Yeah. Yeah. All right. So there's there's one other thing that that really would fall into a cool stuff found. But while we're on the subject of sound, I want to mention it. And it's a piece of software called Sound Control. It's actually Sound Control 2 from StaticZ.com. This is Dom Dominic Fiera, who I hope I'm pronouncing your last name right, Dom, who originally or not originally, but but previously was at Ambrosia Software and created a lot of their audio tools and worked on that stuff. So this allows a lot of different things. It might solve your problem because it will allow you to reroute audio to any specific device. It might solve John's problem, listener John's problem, because it allows you to add keyboard volume controls to your DisplayPort monitors, your HDMI TV, your receivers, exactly what he's talking about here. It allows you per app volume controls so you can adjust iTunes volume separately from, say, Safari volume or from your Spotify volume. Very, very cool stuff. And like I said, it lets you route your audio from individual apps to different audio devices so you could have your your system beeps happen on your Mac speaker, but you could have your iTunes volume and only your iTunes volume go to like your if you have Bluetooth speakers connected or something else like that makes it so that your system beeps don't come out and shake the house when when you play them through your through your your big system or whatever. So it's a pretty cool little app. Ten bucks. That sounds really cool. Yeah. Ten bucks. Looks like you can download a demo. What does what does a demo do? Is it a trial version or does it just show what it does? It's a trial version, the demo from based on my tests. Yeah, yeah. I'll check it out. I almost started installing it just now, but I don't think that's a good idea. Please, please don't. It might be fine. It just happens that we're recording a show. Yeah, yeah, not a good. I realized almost as soon before I put on the DMG, I said, no, not a good idea. Fun stuff. Cool. All right, we're here. We've talked about certificates in this show. We have Jeff with us. And so we're all three interested in this. John, will you take us to to Brian and then depending on how long Brian takes, maybe we'll stick and wrap up this certificate thing with with Michael. But but if you wouldn't mind taking us to Brian, I would appreciate it, John. Yeah, it's good stuff. So what does Brian have to say? Brian has two questions. All right. So Brian says, all right. First problem on a friend's computer, his wife can sign into their admin user account, but the system falls when they try to use the same password to validate anything else. Say an application update on whether people have suggested permissions, Yasu, things like that. Speak, speak clearly, Mr. Mr. Braun, we need, we need to know what Brian's problem is. OK. The problem is that Brian, the Brian's friend is trying to use their admin password to authenticate the operations within the finder. OK. And it doesn't work. Well, isn't that interesting? All right. But it's so the password that lets them log into their user account does not let them authenticate when the system says, I need you to, to, you know, let me delete this file or install this app. Yes. The only thing I could suggest and a little birdie told me this will probably fix it here is if you go into is that they should be the same, but sometimes they get out of sync. How do you re-sync them or get them back in sync? You go to system preferences, user and groups, click on your admin user and say, change password, change that password. And hopefully the problem will go away. That's that's I've seen that happen where where the passwords get out of sync. And you've got, you know, a different password for your login versus your key chain or whatever. The other thing that this could be is if they're trying to and I realize they ask the question one way, but just to kind of close the loop. If they, if this is not an admin account, they might think it's an admin account, but but going there will let them confirm whether or not it actually is. It might actually be a standard account. Yeah, exactly. Yeah, that's I've I've never seen. On Mac OS, I've never seen the passwords get out of sync like that. It used to be a common problem when I was doing tech support for Youngstone State University, but, you know, there they had multiple. Multiple password servers that would sometimes get out of sync with one another. Right. Huh. Yeah, yeah. Right. So I mean, yeah, and what you should look for. So in users and groups, you're going to see a few things. So you're going to see the user underneath it. It should say admin. Right. And there's also a little check box allow user to administer the computer. That should be checked as well. Just make sure those that just occurred to me looking at this screen here and change the password. Hopefully that'll that'll fix it up. But as Jeff said, if if it's a guest, if it's a user account, then this is expected behavior because certain operations with a guest account or an unadmin account require an admin username and password, right? But shouldn't it allow you? Shouldn't it tell you it needs an admin account and leave the user? Yes, it should. Last I've tried this yet says an administrator username and password is required to authorize this operation or something similar. That's that's what I thought. And I can't test it right now because I'm doing a bad thing and I'm logged in with an admin account. You know, I log in with an admin account all the time. I mean, we say it's a bad thing and I get that lots of people say that, but it is also the default thing. It is. And I do it too. But, you know, my Mac locks after so many minutes. Yeah. And I've got a keyboard shortcut that if I really need to, I can immediately lock it. How did you how did you set up that keyboard shortcut? I don't remember. OK. This was let's see. This is a mid 2010 Mac mini. So this was seven years ago. Got it. OK. Sorry. That's OK. I'm just curious if you're doing that in the system or if you're doing it with an app. So maybe you can follow up. No, it's probably in system preferences. Probably a hot key. A hot key. Yeah. Yeah. And I've also got a hot corner that does it. OK. So that would be set in system preferences, mission control either either with the the hot corners, which is right on that screen or sorry, the the yeah, hot corners and hot corners. Yeah, is is right there in there. So yeah, one one corner starts screensaver and one corner is disabled screensaver. Yeah, because it used to be that watching videos on on OS 10, your Mac would go ahead and go to sleep even while you were watching the video. They finally fixed that. Thank God. Ah, yes. Yeah, cool. All right, John, the other half of Brian's question. Yeah, on my own computer, Keychain Access has a huge list of iMessage Encryption Key public key login entries and continues to add more. I would assume they should automatically be deleted after use, but have found no way of resetting the process. And I'm going to refer to our friend MC Hammer for some advice on the situation, Dave, is don't touch this. They're there for a reason. No, I strongly, strongly, I don't know how strongly I could discourage you from touching anything in Keychain Access. Especially if you don't know what it is. Yeah. Well, I suspect the reason that they keep that they continue to be there is that the keys get changed. And if you want to refer to past messages that used one of those keys to encrypt or decrypt, you want to have those keys present, right? I would say what would happen is the infinitesimal amount of disk space that you would save by getting rid of those entries will be more than offset by your inability to delete messages that were to read messages that use those. Yeah, because you won't be able to read them anymore. I lost I lost one of my private keys for a GPG or a PGP address that or PGP encryption setup that I had years ago. And so there are emails in my in my outbox archive. And I probably some of my inbox archive that I simply cannot decrypt and will never be able to decrypt. And that and that sucks. And that's another piece of advice is don't delete your old certificates. Yep. Because you know what's going to happen if you let your certificates, any emails that were encrypted with them, you won't be able to read them anymore, right? Even even if they're expired, keep them around, keep them around. And I do that at first. I was like, I want to be nice and tidy. It'll show that they're, you know, they're they're old, they're expired. But yeah, in this case, it's good to be a pack rat. So here's the thing, John, I don't think your mom is going to look in your key chain when she comes to check out how clean your house is. She doesn't even know where it is to tell you the truth. I know. While we're here in case we have we are out of time for this episode. But while we're here in key chain access, John, why don't you extend your advice from from from Mr. Hammer and his entourage and his posse. I'm sorry, Mr. Hammer, it's your posse, not your entourage. And and and extend that not just to the keys that are your old keys, but but the system certificates, too. Right. We'll we'll cover that. Yeah. Well, you're saying we don't have time for the second question. But you can give the advice. We don't have to read the question. Just give the advice. We're right here. Well, we got a question and someone said I'm seeing all of these things in my system roots key chain. And what what it seems what that person thought that meant is that those entities could access somehow access their computer. So they started trying to delete them. That's another thing. Mr. Hammer, eat the system roots. Can't touch this. Don't touch this. The system roots are there for a reason. The system roots with S. Mime certificates and website certificates. You get a warning if a certificate doesn't if. If a system route is not there, then when you go to a site that uses a certificate from that authority, it's going to say that it's bad. Or it's going to say that it's going to say verification error, something along those lines. So don't do that. Yeah, yeah. And we've seen this with people that over the years that have, you know, for one reason or another, that deleted these things in here. And, you know, suddenly web pages, secure web pages don't work. This is where those certificate that trust of the of the. What did you call it before, Jeff? Not the not the peer to peer trust, but web of trust. The web of trust. There it is. Thank you. Yeah, I mean, these are provided by the various certificate authorities to Apple and same with other other operating systems. They provide it saying, here's our. We're going to provide this to you. So if someone uses your operating system access a resource, they can. They can be sure that the certificate was from us. Yeah, yeah. Apple put these here for a reason. Leave them alone. Thank you so much for listening, folks. Jeff, thank you so much for coming on and being a part of our geeky discussions today. It was great to have you, man. Yeah, thanks for having me. Cool. I want to thank all of our premium subscribers and as we have started doing, I want to thank those folks whose contributions came in this week. So in the every six month subscription category, we would like to thank Robert H, Ralph F, Paul K, Jonathan G, Kurt T, Michael G, Chris H, Jeremy F, Mark W and David C for your contributions. In the monthly contributions category, I wanted to thank W Abdullah B, David B, James B, Michael B, also Michael L, Mark R, Doug L and John G. And that's the $10 monthly thing. The biannual every six month subscription is 25 every six. Thank you for your contributions. And then we had two one time contributions this week. Richard C with 100 bucks. Thank you so much. You rock and Everett T for seven bucks. Thank you so much. You rock. If you want to learn more about Mackie Cab Premium, go to MackieCab.com slash premium and you can learn all about it right there. Even just MackieCab.com or a link you there. Thank you to everybody. Thank you to our great sponsors this week. Of course, we have away at away travel.com slash MGG bit bucket at bit bucket.org slash for the code and away travel. Of course, coupon code MGG saves you 20 bucks. And then Jamf now at jamf.com slash MGG. I also want to thank our sponsors in the podcast marketplace that includes Smile at SmileSoftware.com slash Geek. Otherworld computing at MaxSales.com, Barebone Software, Barebones.com and Blue Apron at Blue Apron.com slash MGG. You can call us at 224888 Geek. You can find us on Facebook at MackieCab.com slash Facebook. Great little discussion group we have there. It's not so little anymore. It's fun. It's good. All right, so John brought us into this. I'm about to bring us out of this. But, Jeff, is it possible maybe you have three words of advice that you might be able to share with our listeners here? Don't get caught.