 Coming up on DTNs, Microsoft makes a play for domination of mixed reality at its ignite conference. Flipboard wants to help local news thrive and why Apple security policies may help the more sophisticated attackers. This is the Daily Tech News for Tuesday, March 2nd, 2021 in Los Angeles. I'm Tom Merritt. I'm the show's producer Roger Chang and joining us Chris Ashley, host of the SMR podcast. Welcome back Chris. Thank you. Thank you. Thank you. What it do my people's good to have you. Sarah Lane off today, but she's good. She'll be back. We were talking a little earlier on good day internet about Chris changing his desktop. And by that, I mean using a chainsaw to make a new desktop. We're not talking right clicking here. If you want that wider conversation, become a member at patreon.com slash DTNs. Let's start with a few tech things you should know. Cysto's WebEx teleconferencing platform now supports free real time translation of English into captions for more than 100 languages. Feature is available as a public preview now and will be generally available in May. Apple announced after a year's worth of results from the hearing study in its research app conducted in collaboration with the University of Michigan School of Public Health, average weekly headphone exposure for one in 10 participants is higher than what the World Health Organization recommends. 25% of participants experience ringing in their ears multiple times a week. 10% of those in the study have been diagnosed with hearing loss and 20% have experienced hearing loss by WHO standards, 50% of which is a result of noise exposure. DJI launched the DJI FPV, a new drone model for customers that adds a head mounted display to your flying experience. Beginner modes and a new optional motion control to help are included. However, it'll cost you $1,299 for the drone. The second gen FPV goggles, a controller and a battery though come as part of that price. A motion controller is another $199 with additional batteries available through the fly more bundle. Microsoft warned that a group it calls hafnium is exploiting previously undisclosed security flaws. Four of them in exchange server in order to steal information from US based organizations like infectious disease researchers, defense contractors, law firms and more. The vulnerabilities can be exploited to access email accounts and address books. Microsoft said limited successful attacks have been executed and patches are available now a week ahead of the usual patch Tuesday. And workers for Glitch have signed a collective bargaining agreement for 11 months. According to a press release from the communication workers of America, it's the first agreement signed by white color tech workers in the US going into effect February 28. The agreement does not include higher wages, but does include codifying benefits that currently exist. Agreement also ensures just cause protection for Glitch employees, which means workers can only be fired or disciplined through a specific process. Alright, let's talk Apple security MIT technology review talked to the senior researchers at Citizen Lab, senior researcher Bill Marchak, who helped to identify a no click exploit in iMessage that Apple recently re architected iMessage to fix. If you remember us talking about that, it was a no click thing. Somebody just sent you a text message you'd never know it and they could actually take over a lot of your machine Apple re architected how iMessage works so that it's not vulnerable. But Marchek who identified it never found what how the exploit actually worked because Apple is so locked down and it didn't want to share that level of code specificity with them. And that's a problem, according to Marchek. Marchek's argument isn't that iOS security is bad. Apple's ownership of the entire platform means its security is one of the best. But no security is perfect. And when security is really good, but not perfect, that means only the best attackers can get in once they're in. If the code is locked down, it's hard to tell that they're in. And zero click exploits mean the target of the attack doesn't know they're there either. Company called i verify was interviewed for the technology review article authorized by Apple and looks for things like unexplained file modifications to kind of do some detective work and track down like, wait a minute, why is this file being modified? Maybe something's going on. But nobody can see inside memory for directive evidence of malware. Macs are moving this way to Apple doesn't allow software to analyze the memory process of other apps. So malware makers have started developing memory only payloads that can avoid detection because Apple doesn't let you look at the memory. So if you put your malware in a memory only payload, you can't see it. Lots of these operating systems are locked down these days. Chrome OS is even more locked down than Apple Windows s is going to be very similarly walk locked down. Now this cuts down on the damage that malware can do. But it makes it harder for investigators who are looking for these more sophisticated actors. So one idea would be to give approved organizations, the good guys, some extra permissions that you don't give everybody else. But that's a door that malicious actors could try to exploit and a door government would want to access as well. And so that's a door that Apple and others don't want to open up. Ryan Stortz who leads development for i verify says quote, we are going to a place where any outliers will have computers. People who need them like developers, but the general population are going to have mobile devices which are already in the walled garden paradigm that will expand. You'll be an outlier if you're not in the walled garden. So you know folks like us around here are going to be the outlier in the future and they'll be more and more of these iPad Chrome OS like devices that more and more people are using and Chris the advantage is they're safe from most things. So most users will be safer. Unless you're a journalist, you know, investigating corruption or something and a sophisticated actor can target you. And this is such an important debate and conversation to be had. And I hope that whatever results come from it is something that's nuanced, right? Because this is definitely won't be a situation where you can put something in place where one size fits all. So on one hand, you have the lockdown OS which would appear would be the safest thing because you don't allow access to a lot of people to be able to write code to exploit issues within it. On the other hand, the more eyes you have on something, the faster and more vast scenarios you can detect. You can see this in gaming. All these game manufacturers put out these games and all of a sudden they start seeing all these bugs and issues and exploits. You know, there's something going on in Destiny right now where the hardest competition in the game is completely being exploited because they added one feature. They added the ability for people to rejoin matches and all of a sudden you have people that are communicating in mass to help each other win that content. So you cannot plan for every scenario. You'll never, as long as you have that closed garden, think of every scenario. So you know, I can appreciate it. And if you look at a lot of the biggest hacks that have happened, they've all been like zero day hacks that have occurred where they just had no idea these things existed. And boom, all of a sudden you have all this stuff running and executing code and you have no idea that the capability was there in the first place. Yeah, I think it's easy to get confused about this sort of thing between, you know, options and customizations like you have an Android in Windows versus, you know, things that are more locked down. So the user is forced not to do things. I don't think it has to be that way. You can you can lock down, you can sandbox, you can have all kinds of security precautions and still have open source code. And I feel like I don't expect Apple to do that, of course, but I feel like that's the best balance to say, like, we'll leave the code open so the so we got more eyes on it. But we'll make it work so that you can't, you know, bust out from one thing to another. Granted, even one of the situations where a lot of the tech folks like us are to blame, right? Because when we describe the difference between Apple and Android, we would always say, well, Android's more open and you can do more things with it personally. And Apple's not when in fact, that's not really that important, like you just stated, right? You know, okay, you can change your background a lot easier or you can change your browser who cares. That's not an important security aspect that needs that needs to be locked down. All right, tell me what's going on with local news here. So just, you know, if I say Flipboard and local news, you might say two things. I thought we're dead, but you'd be wrong. Flipboard introduced the local news in January 2020. It's expanding the coverage from 73 local areas to more than 1000 in Canada and the US. Casper Wyoming, you're in Twin Falls, Idaho. Got you covered. If you want to read news from your region, you need to give Flipboard permissions to see your location and then you can choose up to 15 areas near you to include in your for you page. Now, the idea is you care about more than just your own neighborhood, especially if you commute, have relatives nearby or have kids that go to school somewhere else, or maybe you just live partway in between. The machine learning that picks up the stories doesn't just choose by outlet. If the LA Times covers something in Anne Arundel County, Maryland, next to me, that LA Times story would show up for a Maryland user. Location data is used to serve ads, but Flipboard says it doesn't keep or sell location data. It only needs to zip code level location to serve local news. And I think this is an important piece. And I think you agree with me there is that, you know, we've been so focused on federal news and global news that a lot of local elections and local rules that feed up into what's happening in into the broader stance as being ignored. And you have, you know, a lot of states where, you know, the various laws are being passed and the various rules are being put in place. And people are completely missing the boat because there's nothing really pushing local news and keeping people more informed. And if you talk to anybody, it says, you know, when they ask, how do I get into politics? Or how do I, you know, do more? The first thing they'll tell you is pay attention to what's happening around you locally first. So I think this is a great thing. The question is, I know most people that that I'm friends with have no idea what Flipboard is. So how are they going to get this out? Yeah, Flipboard is surprisingly thriving as a news reading app for a subsection of people, but it's not nearly as big as Facebook, Twitter, etc. So you don't hear about it as lot. So I think this is smart for Flipboard to say, well, what's the gap in that coverage? Local news. It's, you can get your local news on Facebook and Twitter, but it's noisy. And sometimes it's really hard to find. Twitter actually became something that I was using during fire season, during when there were when there were protests in my neighborhood to know, like, OK, are they being contained or is there police action? Are there road closures? But it was really difficult. I had to work to find out about it. And I had to figure out what hashtag to search on Twitter or maybe, you know, look for something on Nextdoor. Whereas if you can encourage good thriving hyper local news, right? Like in Los Angeles, I want news for my area of Los Angeles, which is big. I don't always need LA County wide news. And I'm sure the same goes in the D.C. area. Oh, for sure. Like, you know, one of the biggest things going on here is still, you know, we only have one cable provider. So any news that comes around, you know, these cable, you know, having a single cable provider and, you know, what's going on around rules to add another one and broaden those things, you know, recently, Comcast or Xfinity had to walk back their charging for excessive data, what they consider to be excessive data usage, you know, and that that probably could have happened sooner or never have been the case in the first place had these things been bubbled up and surfaced up ahead of time. Well, folks, we want to hear what news you want to hear us talk about on the show. And one way to let us know is our subreddit. You can submit stories and vote on them at dailytechnewshow.reddit.com. All right, let's talk Ignite. Microsoft has several announcements coming out of the developers conference, starting with Microsoft Teams, probably got the most announcements. Microsoft Teams will now let users share channels with anyone in or out of an organization in a feature called Teams Connect. So you can bring everybody into this channel. You can chat, you can meet, you can collaborate on documents. It's in preview now coming later this year, but it's different than guest access. With guest access, you have to give access to the rest of the work environment to bring somebody in. With this, you're just giving them access to one channel, and that channel will show up in each user's environment for their own team, no matter what organization they're in. So you're not having to let them in the entire organization just to collaborate with them. One-to-one ad hoc voice calls offers end-to-end encryption for one-on-one calls, if your IT department lets you have it. Teams Pro will let you organize a webinar for up to a thousand people with custom registration, host controls, rich presentation options, and post-event reporting. If you need more than a thousand, you can do a broadcast only mode that they're going to allow up to 20,000 people to view through June 30th after which it falls to 10,000. I think the idea is that you won't need as many people. A few other Teams features here. PowerPoint Live adds notes, slides, and chat in a single view and gives each viewer the ability to skip around in a PowerPoint presentation on their own without infecting anybody else. And Presenter Mode lets you be in front of your presentation side-by-side with it, or in Reporter Mode you can have it over the shoulder, you know, like you're doing the TV news. And Dynamic View will choose it for you, will kind of adapt as it goes. What do you think of these new Teams features, Chris? Absolutely fantastic. I do presentations over Teams all the time. I do PowerPoint presentations all the time and so that Reporter Mode sounds kind of interesting. You know, you always want to look for ways to keep the keep folks more engaged, but the probably the biggest one out of there is the addition of the, instead of using guest access to use the connect piece, because I can tell you professionally one of the biggest things that I hear when it comes to management around Teams and organizations is restricting or identifying Teams that exist that allow guest access. It's very important for organizations to understand where these are, what's going on with them, attest them to validate that they're still needed or they no longer need them. So having another stream a way for folks to communicate without having to engage with the guest access, Microsoft is listening. Yeah, yeah. No, that channel thing makes sense. Like I don't want to have to give everybody the keys to the kingdom, just to talk to them about one project and then remember to take them off when it goes away, etc. A bunch of other announcements here. Microsoft announced intelligent speakers, hockey puck like devices that can identify up to 10 voices in a Microsoft Teams meeting and then generate a transcript with each person identified with what they spoke. It can also tell remote listeners who's talking. It can do some live translation. Yelling and Epos are partnering to make the hardware for Microsoft and the Surface Hub will also be able to act as an intelligent speaker. No price are available yet. What do you think of this one? Very cool. I use a speaker phone with Teams all the time and I know more and more folks are recording calls that we have and not just for accountability, but they just want something to reference back without having to come back to me. I have conversations with my developers or asking me questions about how features should be used and how they should look and how they should feel. And they'll just record the call. And so if you now record the call and it's automatically doing transcripts too, I mean you're just making that process a lot easier. So very cool feature. I'd like to see what the price is though. How about a new outlook calendar view? Let's you organize meetings alongside task notes and goals. Very Trello-like. Coming later this month, commercial and education users also getting suggested meeting times on Android and iOS. Interesting piece. You know, I'm transitioning more and more to using the calendar on Teams versus using the calendar inside of Outlook. So the more features they beef to stuff, the easier they make that transition. And ultimately if they want to drop Outlook and get folks into using Teams, then they're going to have to beef it up anyway. On the cloudier side of things, Azure Percept is a platform to bring AI service to the edge. The Azure Percept Vision Hardware Development Kit gives you an intelligent camera and some modules for running models at the edge of your network. It can also connect to the cloud if you want it to. Azure Percept Audio does the same thing for non-visual audio cases. Percept customers get access to Azure Cognitive Services and machine learning models and Microsoft plans to certify third-party devices for the program as well. Yeah, super techie. Or here we'll see what kind of cool things comes out of this. Microsoft's Robotic Process Automation Tool Power Automate Desktop is going to be available for free to all Windows 10 users, even Windows 10 home users. If you don't know, RPAs are sort of the spiritual successor to macros, but with a lot more power. Power Automate Desktop comes with 370 pre-built actions, but you can also make your own sometimes by just doing something and having it watch. It's available now to insiders and will eventually, as I said, show up in Windows 10 for everybody. This one I'm going to keep an eye on because more that I've implemented Apple into my house and done a lot of, recently redid all the lights in the house and added some scenes and stuff like that. So automation is something that I really didn't do a lot of on PC, but I'm having so much fun with it in the house. There may be some tasks on the computer that I want to see as well, or tasks around the house that this could potentially fill the gap for. So this is what I'm going to check out. RPA is often really good for things like payroll processing or account keeping, expense reports, stuff like that. And Microsoft is making progress in the fight against passwords, saying around 200 million people enabled passwordless logins for Microsoft services like Outlook and Xbox Live. That's up 33% from last year's Ignite conference in May. Passwordless login is now a standard feature on Azure Active Directory and a feature called temporary access apps is now out making it easier to enroll in a service without ever setting up a password. Your IT department can have a token sent to you somehow. Yeah, so all of these are very important, especially along the Azure lines. You know, before one of the, you would have to, if you built an application that managed some type of window service, you'd have to give it a service account. That service account password, if you change it, you have to update it in the application. So a lot of organizations don't want to constantly manage the password. So what happens, you now have created an attack vector, right? Because that's an account that never changes. It probably has elevated permissions for that service to function. And yeah, so they can try to attack it if they ever get a hold of it. So this whole temporary access and now it's different, right? You just create this token and the application gets that token, no passwords needed. So that part is pretty cool. Overall, there's, you're starting to see a big push with these passwords. You know, the whole paradigm of, you know, changing your passwords every 30, 60, 90 days has started to go away because if you have a good password, then it's better to stay with that password than to keep changing it. And then, you know, potentially, you know, end up having somebody change it to something that they're never going to remember or that it's easier to crack. So you're starting to see that. I mean, I'm even seeing that at work where, you know, I'm not being asked to change my password as often. So I have a great password. So yeah, I really like Microsoft. I was just saying, I just really like Microsoft's attack on passwords here. Yeah, yeah. With the Fido Alliance and tokens and biometrics, we may not have to even use passwords for too much time. All for it. Microsoft also released reporters from their NDAs to talk about something called Microsoft Mesh. It's Microsoft System for Virtual Telepresence being demonstrated on HoloLens but meant to work with whatever mixed reality headset you're wearing. Microsoft wants all the people, including Oculus, to work with this. Avatars in Microsoft Mesh are mostly cartoons, but you can scan yourself to become something Microsoft is calling a hollow portation. Something that Microsoft technical fellow Alex Kipman actually showed off at the Ignite keynote. Early versions of Mesh were used by Diplo at Burning Man's virtual event, if you remember that. Niantic is working on using Mesh for Pokemon Go where, you know, two people wearing headsets out in the real world could have their Pokemon battles in the real world. Cirque du Soleil founder Guy La Liberté is developing virtual immersive theater spaces with the Hanai World Project. So you wouldn't have to be at the theater to be able to experience the theatrical production. James Cameron's Ocean X is using it for people to experience 3D maps of what deep divers are discovering on the ocean floor. So people can be up in an office on the boat and see what the probe or the divers are seeing down on the floor. Essentially this is Microsoft's play to be the platform for collaborative mixed reality. All of Ignite was conducted on Microsoft Mesh if you had the right equipment. You could access it that way. AltSpace VR apps will get an upgrade to support Mesh and a preview app is coming to HoloLens. Those are the first two ways you'll be able to see it. But it's also planned to come to Teams and Dynamics 365. Developer tools are expected in the coming months for that third party integration that they're hoping to get. But this is a very robust platform, has a lot of promise proofs always in the pudding when you get people actually working on it, how well it actually works and what people use it for. But Microsoft really smart making an early play to say, yeah, we got HoloLens but we want to be the platform that everybody else uses. Very smart, very smart to be the platform versus just the top level provider with a tool. A couple of things come to mind when you hear about all this stuff. First off is how much of this came or pivoted once COVID started, right? You know, they're like, oh, we have all this stuff on the back burner we're working on. Bring that to the front now. As opposed to two, three years down the line, this is going to go immediately. I mean, you can even see this in schools, right? Not every kid is adjusting well to school from home. And so being able to put them in a virtual situation where they're seeing other kids and or seeing the teacher or seeing the board versus just the screen on top. Man, it could be so cool for them. And I've already been a part of multiple conferences that we did virtually that we normally do in person. Even though they went well and were able to present and field questions, it just like, it still seemed like there was a huge gap between being there personally and doing a regular web conference. And I think this is a good way to kind of close that gap a bit in overall. So this is super interesting to me. And it works. This is not just marketing. Like this is something that's why they had so many reporters under NDA to try this out. So the reporters could say, like, yeah, I was actually standing there. I was a goofy cartoon avatar, but the guy from Microsoft was a real person. And I, you know, I got to chat with them in real time. It's it's somewhat limited in its application because you don't have third parties working on it yet. So that that remains to be seen. But I can see this being used for one-on-one consultation where two people want to work on the same thing. So one of them can be virtual and see what the other one's doing or maybe they're both working on something virtual like in the Ocean X example. And and I think this is going to be good for in person where your two people are in the same place, but they need to see extra information on top of what they're looking at. Maybe two people are in a factory and they're trying to figure out how they want to, you know, change things up, lay out some new pipe structures. They could both put on glasses and both see that and it would all run on Microsoft mesh or something like that. So I think there's a there's a lot of actual use that this can be put to. It's it's it's a matter of how well it works, how many people they get to come on board and develop for it and who else comes up with this and competes with them. Right. I don't want to get rid of the bobblehead avatars. That's, you know, I mean that's that's one of those things where they're like, well, you know, until we can get the scanning to work at scale, we're going to have to do something and for now you're going to look like a Fisher price me avatars. Imagine being on a call talking numbers and you're like, okay, this is what we got to do to hit our numbers this year. And while the, you know, the person you talk to his head is just bobbling around. No arms, but their floating hand is pointing against them. Yeah, yeah. Spinning around in circles. It's early days, as they say. All right. Gatorade has released something they call the GX sweat patch. It's a single use fitness wearable single use fitness wearable. So it's a little patch you put on your arm and then your sweat funnels through it into color changing channels which can be scanned by the app after a workout providing insight into how to hydrate, how much water did you lose, how much sodium did you lose and their support for creating profiles for different types of workouts so you can track your data. It's a little pricey though, Chris. GX sweat patch comes in a two pack for $25. So $12.50 each. And as I may have mentioned, single use. So you use it once and you throw it away. So on the first read of this, you're like, this is ridiculous. But when you start thinking about it a bit more and especially in the context of somebody that works out all the time, it actually is something I'm going to try out. I'm not even going to say probably I will try this out and understanding that people digest food differently. They intake nutrients differently. And so if you see a nutritionist, they take, if they're not taking your blood, then you're probably wasting your time because you really need them to identify how your body is using all the fuel that it's getting. This makes sense. Now, the question is, how much can they really get from a phone and a colored thing that's a patch that sits on your arm? But nonetheless, I will spend the $25 to give it a shot. And maybe I would only do it on my heaviest days where I'm like, okay, this is the day and then I'm going to max out and go from there and then see, okay, if I want to perform the best on this day, let's make sure that I'm properly hydrated and because I'm one who catches cramps all the time. Like I can't. At 25 bucks a shot, well, 1250 a shot, I guess, you're not going to want to use it every time you work out, but I can see it being useful. We were like, okay, I don't definitely want to cramp up today because I'm pushing it. Maybe, maybe. Definitely days I've been gaming and had to drop the controller because I couldn't move. I mean, this, I'm all in on this, like telling me how much, how much water I lost and how much sodium I lost. They sound simple, but they're really important in those situations. Sure. It's the, it's the 1250 single use where I'm like, well, that's pricey. Yeah. So hopefully we see that come down or you see Powerade and everybody else jump into this game as well. Then that forces the price down because you got $25 for two uses. I mean, yeah, that's, that's a bit pricey, but the idea of it, being able to do this at home and not having to go out somewhere, that is very, very appealing. All right. Let's check out the mailbag. Jim in South Carolina wrote in and said, I loved your discussion on people with speech issues, using things like Siri. I was in a severe car accident as a child and I have one paralyzed vocal cord. The other is badly deformed. I struggle with volume and hoarseness and usually have to stop and take a breath after a few words, depending on my fatigue, et cetera. So when I use Siri, if it is a long sentence, I need to dictate or sometimes my voice just gives out and need to repeat a word. It can cause issues with using it. With the hoarseness, I struggled to say some sounds. And if I do not speak slowly and clearly, it will auto correct it in strange ways. Being able to take my time while dictating a text with just using, hey, Siri would be wonderful. I know I can just hit the text to speech button and take my time, but sometimes it's less convenient. Yeah, the whole point of Siri is that you don't have to hit that button, right? Siri usually does a pretty good job of transcribing what I'm saying, but when it struggles, it can be very frustrating. So yeah, good stuff, Jim. Thanks for sharing that experience. And then that's why it is important for this work to be done on the voice models to work with not just the most common voices, but... Right, yeah. When you read something like that and if you don't go through it, I can easily see myself looking at that. I'm like, oh, yeah, I feel for you, man. Hopefully they come up with this. But as I am personally dealing with something like this, because my brother, who had a stroke, does not speak well anymore. And I put all of this stuff in my house that uses voice commands and he likes to use voice commands because he doesn't have the dexterity in his fingers to type. So it's a lot easier for him, but it's a catch 22. So the better that these things can understand him, the easier life is for him. So yeah, this is something that's near and dear to me as well. Hey, keep those stories coming, folks. We really appreciate you sharing your personal experiences, your expertise with us. Feedback at DailyTechNewsShow.com. Shout out to the folks who make this show possible, especially the folks who are able to help us at the highest levels, master and grandmaster levels including Steve Aderola, Chris Allen, and Mike Aikens. And thanks to you, Chris Ashley. Appreciate you hanging in here with us as always. What you got going on to tell folks about? So we got another episode of SMR Podcast coming up this week. Who knows what we're going to be talking about because I don't even know, but you can guarantee you that it'll be fun. Check us out at smrpodcast.com. Excellent. We have a new boss here at DailyTechNewsShow. Thank you to Dan Voiles for becoming our brand new boss. We love getting new bosses. The more bosses, the better. So keep it coming. Patreon.com slash DTNS. If you stick with us as a patron, we actually reward you as well. We offer Patreon loyalty rewards. You can get a unique sticker, mug, t-shirt, or hoodie every three months at the four highest levels as long as you stay a patron. Each one has a unique piece of art from Len Peralta featuring the DTNS7 year anniversary logo. One of them's got me on it. One of them's got Roger. One of them's got Sarah. You can get all the details at patreon.com slash DTNS. We're live Monday through Friday. Come join us for 30 p.m. Eastern 2130 UTC. Find out more at DailyTechNewsShow.com slash live back tomorrow with Scott Johnson. Talk to you then. This show is part of the Frog Pants Network. Get more at frogpants.com. Diamond Club hopes you have enjoyed this brover.