 Up on DTNS, Google catches a major iOS exploit in the wild, MacBook Pros banned from airplanes worldwide. And Richard Gunther helps us understand what works with Nest, if anything does anymore. This is the Daily Tech News for Friday, August 30th, 2019 in Los Angeles on Tom Merritt. And from Studio Feline, I'm Sarah Lane. Happy Labor Day weekend from Cleveland, USA. I'm Len Perlton. And I am today's show's producer, Amos. Yeah, Roger Chang has the day off. Amos, no longer an intern, full on producing the show today. Thank you, Amos. And welcome. It's good to have you. We're also welcoming our guest, Richard Gunther. Richard, thanks for joining us, man. It's good to have you here today. I am so glad to be here today. And this is the first time we've all done a show together before. I've done shows with all of you, right? But not all before this combination. Oh, my gosh. So Len will be drawing. Amos will be producing. Sarah and I will be hosting. And Richard will be explaining to us the whole works with Nest Fiasco, because you're on the smart home beat. Yeah, yeah, it's it's a bad weekend. That's all coming up in a second. If you are on the good day internet feed, you already heard us talking about the Disney Plus deals and getting sand in your eyes and all kinds of stuff like that. So please, if you want the extended conversation, we were talking a little bit about Jack Dorsey, getting his Twitter account hacked. That's all on Good Day Internet, patreon.com, slash DTNS. Let's start with a few tech things you should know. A new feature rolling out in Google's G Suite and Hangouts Chat will warn users when somebody that they're about to send an email to might be away or on vacation. A banner will appear at the bottom of the compose panel or the chat window to let senders know when there's an out of office time block on that calendar. And we'll also note when the recipient will be back. That's handy. Disney finalized the sale of its stake in the Yes Network to an investor group that includes the New York Yankees, Sinclair Broadcast Group and Amazon in a deal worth $3.47 billion. Yes Network does the New York Yankees games and the Brooklyn Nets games. The move is the last piece of an agreement between Disney and the Department of Justice to sell off 22 regional sports networks that it acquired when it acquired a large part of 21st Century Fox. The New York Yankees already had 20 percent of the stake in Yes. They keep that and they get a little bit more as part of this deal. Politico and Bloomberg both cite an anonymous source saying that Google has agreed to pay the US FTC between one hundred fifty and two hundred million dollars following an investigation of claims that YouTube violated the Children's Online Privacy Protection Act by collecting personal information about minors and then using it for targeted ads without parental consent. The FTC voted three to two, reportedly, to approve a settlement, which now goes to the Justice Department to review. The FTC has not commented on Politico's or Bloomberg's story. So yeah, when we do the official announcement of this agreement next week, the days of you will be justified because you already. All right, let's talk a little more about Google's Project Zero. That is an effort by Google to just find vulnerabilities anywhere, work with companies to fix them. And then they'll publish their research about those vulnerabilities and an effort to just make the Internet more secure for everybody. Google's Project Zero publishing research about an attack on iOS that seemed to be in the wild from at least 2017 until February of this year. It was in January that Google's threat analysis group or TAG discovered compromised websites out on the Internet. So this is a bad one. A lot of times these things are are theoretical or they're in the lab. This one was in the wild. It was being exploited. These websites, if you visited them, would install malware on an iOS device without your knowledge. Simply visiting the website was enough to get infected. You wouldn't know. You wouldn't have to do anything. There was no best behavior to prevent it. Ian Beer wrote that the on the Google Project Zero publication about this wrote that the attackers used 12 separate security flaws in combination to pull off these attacks. Most were bugs within Safari. These were zero day bugs. They were not bugs that had been discovered and not patched or anything. These were new bugs that no one else was aware of. The malware could access your location info, your contacts, even your passwords stored in the key chain and relayed it to a remote server every 60 seconds. TAG passed this discovery to Apple on February 1st. Apple patched the vulnerability in iOS 12.1.4 on February 7th. So if you don't have iOS 12.1.4 on your iOS device, you need to get it now. Google did not publish which websites were infected. They did say the sites received thousands of visitors a week. So these aren't the New York Times. These aren't massively popular websites. But it does seem most of the security researchers out there seem to think that this was a state sponsored group, probably doing a fishing net situation with some targeted websites that their targets might be likely to visit in order to compromise some cell phones of people they wanted to spy on. Yeah, the the blog post about how this all was discovered and replicated is lengthy, to say the least. The first thing I did was be like, OK, where's the list of websites? Where's the list of websites? They don't say, you know, because I was just curious, right? I mean, is this somewhere that I visited or is it, you know, just stuff that I've never heard of? And they also did allude to the fact that, yes, states sponsored targeting a specific group, whether it's regional, racial or or otherwise seemed very likely. Although they didn't get into too much hypothesis on on what that might be specifically. But the fact that there were so many examples of apps that have extremely personal information, whether it's photos or real time location or text messages or whatever, stored in plain text for a variety of apps that are considered very secure. It was it was quite a wake up call. Richard, does this undermine your faith in iOS any? I don't think it undermines my faith, but it is eye opening, right? I mean, we we have this false belief that on our iOS devices, we're safe because they're walled gardens and the apps can't talk to each other. And this is just one of those things where it's like, you know what? Maybe you should be careful in every device you use and everything that you're doing when you're connecting to the Internet. Yeah, that's my take on this. This is a very sophisticated attack. This is not an attack that happens frequently. And it is a reminder that there is no such thing as 100 percent security. Yes, iOS does a lot of really good security practices to get you closer to 100 percent security, but nothing is 100 percent. And when it's not 100 percent, that means there's a percentage chance that you can have something like this happened. And it did the good news. If there is any good news here is that Google Project Zero or at least the threat analysis group caught it, got it to Apple. Apple fixed it fast within a week and patched it up. And so you you can patch your device if you haven't already and make sure you're not affected by it. It doesn't sound like these are websites that people would would be likely to visit by accident, or at least most people anyway. At the World Artificial Intelligence Conference, DD Xu Xing, CTO Zangbo, announced that the company's autonomous vehicles will start carrying ride hailing passengers in the Zhijing District of Shanghai. The free service will feature 30 different vehicle models capable of level four autonomous driving. That's the top level, but will include a human driver. The company received permits to test a self-driving fleet from the Shanghai government this week. Plans to roll out the service to Beijing, Shanghai and Shenzhen by 2020 and then service outside of China in 2021. Yeah, I mean, we're getting more and more of these. They all have human drivers, you know, for the most part. We haven't heard of anybody just, you know, setting these loose on unplanned routes anywhere. But it's interesting to see the approach of DD, DD being the Uber of China, right? In fact, they even bought Uber in China. Is saying we're going to start in a neighborhood and then we'll expand to most of Shanghai and then we'll expand to other cities. So I don't know, does it make you think that we're getting closer to these becoming something that everybody can take advantage of? No, I mean, I think it's definitely coming. I think the question is like how I guess what's going to be the tipping point? What what is the threshold that they have to meet in terms of safety or reliability or being able to handle exception cases that people are going to feel comfortable in this? Have any of you had an opportunity to drive in a self-driving vehicle yet? I have not. No, no, I would, though. I, you know, I volunteer. But I do think that I mean, that's an interesting question, right, because they need a large amount of people to be interested enough to use the service. But I think there also has to be some sort of and I don't know what the threshold is, but some sort of time period where there's a proven track record that this is no more dangerous than what we're the danger that people already face on roads across the world now. And and that's going to be interpreted by by people in different ways as well. But that's why it's like we seem so on the precipice of this being the norm more in more and more areas. And I mean, Shanghai is a huge city. So a citywide rollout is probably not even possible when you're trying to roll out something like this and get people used to it. But yeah, it's I'd be interested to see how how much this is adopted in its earlier stages. What's the next steps, right? So we've seen Waymo do this in Arizona. We've seen Uber do something and then shut it down in Pittsburgh. You know, we've seen this in Boston and Singapore and London. There's lots of these efforts that are very similar. What's the next step? What's the next thing that gets you excited to be like, ah, we're making progress. It's not just more of these. Now there's one that offers dry. Is it is it not having a human in it? Is that is that what we're waiting on? Well, that would be the I mean, because that's OK. Now it's there's one less thing that has to be part of this experience, right? A fully autonomous autonomous level for a vehicle with a human driver is OK, it's doing it by itself, but we haven't taken any step out of this process. So yeah, I think that's the next step, but that's also a tougher sell. Really tough. Yeah. Waymo probably the farthest along in Arizona with widespread public availability to to to call it at least in in certain suburbs of Phoenix. So I'll keep an eye and see if any of them pull the goalie, as they say. In new Windows Insider builds, Microsoft is testing a redesigned tablet mode for two in one devices running Windows 10. The redesign keeps the desktop in full view. So instead of giving you the start menu, which is what you get in tablet mode, you still see the desktop and your taskbar icons are still visible, but they increase the space between the taskbar icons to make it easier for you to touch because they think, well, you're still going to be using a touch interface on this thing. Some of the tablet features remain. So the search box collapsed into an icon. The touch keyboard appears when you tap on a text field and file explorers, which is to a touch optimized layout. But otherwise, you're getting that desktop look. The changes are limited to two in one devices and are designed to automatically turn on when you remove a keyboard, like on a Surface Pro. So that Surface Pro is kind of the model of the two in one, right? You've got the keyboard. If you want it or you pull it off and you use it as a tablet. And that's when it goes into this kind of modified tablet mode. Now, if you like the old tablet mode with all the tiles, that's still there in settings. You just have to turn it on yourself and dedicated Windows 10 tablets remain unchanged. If it's not a two in one, you still get the tablet mode. I we don't have enough time as much as I want to rant here about this. I am so tired since Windows 8 of Microsoft trying to figure out what Windows is. Is it a desktop? Is it a tablet? Is it a laptop? How can one product serve all of those different devices and still be the same thing? This this whole thing has been a disaster since Windows 8. They came out with a pretty good tablet interface that would have been great on tablets and they forced it on everybody on desktops. And of course, it was a complete failure and they've spent the last six years backpedaling from that. I'm just I'm tired of the back and forth and the change. And then never like it doesn't feel like there's anybody there like Sinovsky did who has a vision for how this needs to be. I'll be honest, I felt like tablet mode and not tablet mode was was a pretty good recovery, right? Like if it's a tablet, you get tablet mode, because like you said, the tiled interface is pretty good on tablets. And if you've got a keyboard attached, then you're not in tablet mode. So I'm curious whether this two and one mode is something that two and one users really want or if it's actually muddying the issue again. I don't use a two and one that office anymore. I used to have a pro, but I stopped using it a while ago. Yeah, I have a tablet. I don't have a two and one either, but I'm a Windows insider and I've just stopped taking the updates. I'm sick of them. Well, feedback at DailyTechNewsShow.com two and ones. Let us let us know two and one users what you think. On June 20th, Apple announced a voluntary recall of 2015 MacBook Pros with retina display due to a fire risk from overheating batteries. Talked about it on the show in the past. The recall covers some, but not all MacBook Pros sold between September 2015 and February of 2017. This week, quite a few airlines starting to take notice and make their own plans. Virgin Australia announced that all 15 inch MacBook Pros, regardless of their model number, must not be put in checked luggage. Qantas said that its policy further requires the laptop to be switched off during the entirety of the flight. Thai Airways and Singapore Airlines won't allow the laptops on flights at all, unless the battery has been verified safe or replaced. And TUI Group Airlines, Thomas Cook Airlines, Air Italy and Air Transit have prohibited effective laptops, affected laptops as well. So when the story broke earlier this week and I saw that originally the story was you can't check your MacBook Pro, I didn't really take much notice because on my recent flight on Air France, in both Dublin and Charles de Gaulle airports, they didn't allow you to put any electronics in your check bag. That was that was a policy and they asked you about it at check-in. You don't have any electronics in this bag that you're checking, right, because we've had problems with that. So I know that not all airlines are doing that. But to me, it's like, well, if you're an airline who doesn't do that, you can look at the airlines that do and say, well, this is still less restrictive than that. So let's just go ahead and do it to make it easy. But to say to someone, hey, you can't bring your MacBook Pro on the plane at all, which a couple of these airlines are doing. Or to say like, you can have it with you on the airplane, but you can't use it on the flight that I get why they're doing it because it's easier than checking all of the serial numbers to see if it's a recalled laptop or not. But it seems to be an untenable situation for everybody here. Yeah, I mean, it's with the OK, not every flight has Wi-Fi or I don't know, maybe I'm lucky enough to sleep on certain flights. I would never check a laptop just because I'm afraid it's going to break because it gets jostled around so much. I like to have the stuff that's expensive and delicate on my person as much as possible. But yeah, I mean, to say you just can't you can't have it on the flight. Is that I don't know how any business traveler would be OK with this. Yeah, this is a big, big black guy for Apple. And it started out kind of curiously enough where you were wondering, well, how really are they going to manage this? Because you're not going to check serial numbers. I mean, that's just ridiculous. You you had people who didn't understand what the difference was from a tablet and a laptop when tablets were starting to become popular. So this this kind of granular filter is just not possible. So this makes sense, but you're absolutely right. I guess the upside is, hey, I'm sorry, I couldn't do any work while I was on the flight. They wouldn't let me open my laptop. Right. I mean, I guess so. There could be worse situations there. But if they wouldn't the airlines who are saying they just won't let you take the laptop on at all. You can't bring your laptop, especially if I've got a 15 inch MacBook Pro. I've checked my serial number. It's not part of the recall, but they're like, it's still a 15 inch MacBook Pro, and we're not going to bother to look at serial numbers. So you can't bring it that. Well, and you can, can you imagine the gate outrage when like four people who would need to be on a flight or just like and they're saying, well, it was in the email with your e-ticket confirmation, you know, that nobody read. That's that is not that's not a process that's going to work for an airline. And I'm like, no, I was sorry, I was going to say unlike a pen knife, it's not like you can drop it in a pen envelope. Yeah, we'll just ship this home. Well, it does fit in an envelope. We saw Steve Jobs do that. Yeah, I don't know. I think this is going to be lax enforcement, but lots of lots of people up front telling you not to bring it or to check or something like that. The airplanes do the airlines will do that lots. But I'm curious. I'm curious to hear if anybody runs into a situation where they are told, no, I'm sorry, you can't bring that with you on this flight. Folks, if you want to get all the tech headlines each day in about five minutes, be sure to subscribe to dailytechheadlines.com. All right, we've talked before about Google's fraught situation with works with nest and how they're they're trying to wrestle works with nest into the the Google assistant land. I get what the goal is, Richard, which is eventually they just want Google Home and Google Assistant and all that to be all of their smart devices, whether they're nest or not. How did we get here? What's going on? Oh, for some reason, I guess Google doesn't want you to explain this because your your connection to me just just dried up right right as I were trying to to to get you to answer this. So Richard, if you can if you can reconnect or turn off your video, yeah, let's see if that that works. Oh, it was fine up until red. Yeah, it was fine until we asked him about works with nest and I have a nest camera on this network. This is this is Google toying with us. Well, we'll give you some of the background and Richard, if you can hear us once you can hear us, just just pipe in basically works with nest launched in 2014 to integrate nest with other products. So do things like lights flashing on your your smoke detector, your CO2 sensor, your when your car gets home, the temperature of your nest thermostat would adjust automatically or up or down as you're leaving. It would, you know, it could turn the air conditioner up so it's not running while you're not there. Appliance is optimized operation time based on energy, supplier info, ceiling fans, syncing with thermostat to save AC, third party apps display and control thermostat. But as DT Nest listeners know, Google announced earlier this year at Google IO that works with nest would end on August 31st. That's tomorrow. That is tomorrow. So take it from there, Richard, where are we now? Yeah, so basically what's happened is in the meantime, nest has really been pushing their customers to switch their accounts to Google accounts. Now, if you've already done this because you've been in your nest app, then you really can't come back from that and we'll talk a little bit about what that means. But if you haven't done it and you have other things connected to your nest ecosystem through works with nest, you don't have to do this conversion. You don't have to migrate your account to the Google account. So just decline to do that and make sure that all the things that you want connected to your nest ecosystem are connected and you can do that just by going into settings in nest and looking under works with nest and it'll show you and it'll be things like IFTTT and maybe a Harmony Remote. If you have a hub, it might be connected like Wink or Lutron or Insteon. These things will all stop working if you disconnect them and if you disconnect them after August 31st, you won't be able to reconnect them even if you leave your nest account. Works with nest isn't going away. It's works with nest new additions of works with nest are going away. Does that make sense? Exactly, exactly. No more integrations, no more connections. So it's really important that you keep the things connected as we go from the 31st to the first so that when you're past that deadline then everything will still keep working the way you might want it to. Now, if you're an IFTTT user, you may already have received a notification from them telling you, don't do this, because it will break. Now, you might be wondering about other integrations like maybe you use your Echo devices to adjust your thermostat. Google has actually worked with Amazon to ensure that if you did already move over to a Google account, then it will still be able to control your thermostat and it will be able to access your cameras. But it won't be able to do everything that you were able to do before through your Amazon Echo devices. So that's something to keep aware of too. And some of those capabilities may kind of deprecate over time. It's likely that the companies that manage these things are at some point in time just gonna say, well, why are we still supporting this? Yeah, right. So, I'm trying to simplify this. If you have connections through works with Nest, don't change anything, because after tomorrow you won't be able to change them back because that would be considered a new connection. But at some point, aren't you going to, aren't they gonna, I mean, at some point don't you need to move to a Google account to get new features and things? Is it gonna be a trade-off where you're like, well, I want this new thing that they only offer if I have a Google account, so I'm gonna have to lose if because that's not supported? Or is it a waiting game where eventually all your features will migrate over to the Google account and you're just waiting for that day? I think it's a waiting game, but this is where I feel like Google really fell down because they didn't give the vendors who provide these services and products enough time to figure out how to migrate. And frankly, they didn't even give their own development teams enough time. A lot of the things that people like to do with these integrations between their smart home products is that, okay, let's say my thermostat knows that I'm away. Well, I'll use IFTTT then to trigger that if I'm away then do some other stuff in the house. That capability to know whether your thermostat thinks it's in away mode or home mode, Google doesn't offer that anymore. It's not there. So a lot of the capabilities that Google might offer just aren't up to speed with what you could do today. And that's why there's so much outcry. Eventually, yeah, it'll probably get there. And they said that they're working to improve things like their version of routines, just like Amazon's assistant has and more robust integration capabilities to mirror what you had before. But this is early days. So my advice is that if you keep things the way they are, keep stuff running as long as it can. And when you get to that point where, you know what? I only have one or two things that are still useful with works with Nest. And now Google does offer the ability to hook up all these other products and make my homework smarter all through my Nest Hub, which is what they call the old home hub, then you can go ahead and make that switch. It's just we're not there yet. And I guess if you have a connection that you really, really want, get it working tonight. Your last chance to add a new one, right? Yeah, exactly. And who knows about tomorrow, right? It says that it ends on 8.31. Now, usually what companies do is that means midnight, the furthest time zone that they support on that last day. But just to be safe, I would advise people to take a look at it tonight. Maybe tomorrow it won't be too late, but by the holiday, you're not gonna be able to make these changes anymore. Why? If I can get in and ask a question, why are they doing this? Why the change? Because security and privacy, that seriously, that's the answer they gave, which concerns me quite a bit because right now the systems already use OAuth to validate and authenticate you against Nest when you're working with their system. So you've explicitly given the vendor access to the information and Nest says what information it's gonna share, but they really wanna pull that in more and be much tighter. I think where I am sympathetic is the smaller your surface area for attack, the less chance you have of a breach. And as we saw in the earlier story about iOS, like nothing is 100%. So I get where they're saying, yeah, we could keep these two systems around, but then that is just inherently more vulnerable to have two systems. Yep, no, you're absolutely right. And it's also inefficient, right? At some point they needed to figure out how to integrate these. I just wish they had done it a little bit more, I don't know, elegantly. Yeah, well, they, I wish so too, but they didn't. So thanks for helping us to figure out what we need to do in response to it, appreciate that. Good news in the elegance department, everybody who participates in our subreddit, you can submit stories and vote on others, dailytechnewshow.reddit.com. We're also on Facebook, join our group, a lot of elegance there as well. Facebook.com slash group slash Daily Tech News Show. All right, let's check out the mail bags, Sarah. Yaru from Malaysia, how did I thought on how Google might help Huawei? Says, I think there might be a way, but it would involve Google giving Huawei preferential treatment and exceptions. As it is now, it's not easy, if not impossible, to side load Google services into open source Android, or phones not part of the Google Android Alliance. This is because of a new policy that Google implemented around a year ago that involves more checks. Yaru says, I think what Google should do is allow Mate 30 phones to side load with fewer checks, or none at all, like kind of look in the other way, it would of course not be the same as having them preloaded, but would still salvage some usability. The issue would mostly be how it's seen by other members of the Alliance as preferential treatment. But I think there's a, not 100%, but a chance that they'd see it as beneficial because they could also get hit by a trade ban, since a few of them are based in China. Yaru says, full disclaimer, I do use the Mate 20X, 7.2 inch version of the Mate 20 series. And he says, I love it very much. I'm really hoping this issue gets solved, or at least bypassed in some way because Huawei really does make good phones. And that's coming from a former iPhone user of nine years. Yeah, that's a good point, Yaru. I don't think Google could do anything without violating trade restrictions. If they take an action, I actually responded to Yaru about this in email, they open themselves up to liability. So I don't think they could turn a blind eye without opening themselves up to liability. But don't forget, Huawei operates without the Google services in China. So they're very familiar with how to get their users apps without actually officially having any kind of Google service there. And the side loading is definitely something that can be done, but like you say, it's harder. And a lot of users aren't gonna wanna mess with that and might choose not to deal with the Huawei phone if they don't get the Google services. So yeah, I hope to get that all figured out as well. Let's check in with Rilla Len Peralta, who has been illustrating the show. Len, what have you drawn for us today? Well, you know, I always love it when companies go ahead and change things in the background and not tell you. And this is sort of my take on that. I think there's gonna be a lot of people who are gonna be acting just like this. If they did not listen to this show or hear anything Richard was talking about with Nest, they could end up like this. This is called leaving the nest. It's an image of Google taking away Nest from a little gentleman who is freaking out saying, no take, nothing works. So there you go. That is, this is called leaving the nest. And if you are one of my Patreons at patreon.com forward slash Len, you have this right now. You can go and download it or if you wanna go the old fashioned way, you can go to LenPeraltaStore.com and just purchase it. You're gonna get a lot of Nest users buying this. I have a feeling. Oh yeah, this is great. I love this, I love this one. I hope so. Thank you so much. I appreciate it. Thank you, Len. And also thanks to Richard Gunther for being with us. Richard, tell the DTNS audience where they can keep up with the rest of your work. Absolutely. So I write over at the digital media zone. That's thedigitalmediazone.com and I host two smart home shows. One called the smart home show and one called Home On. And you can find those everywhere you find great podcasts like this one. Hooray. Also, the reason we have a great podcast like this one is because of the people who support us. We are not a big enterprise. We're an independent voice and if you wanna support that, the easiest and best way to do it is patreon.com slash DTNS. In fact, if you upgrade or join in at the 30 or $50 level, you'll either get a poster or a mug. Mug is at the $50 level. If you stay a patron at that level for three months, that's patreon.com slash DTNS slash merch if you want all the details. Our email address is feedback at dailytechnewshow.com. If you'd like to join us live, that's Monday through Friday, 4.30 p.m. Eastern time, 20.30 UTC and you can find out more at dailytechnewshow.com slash live. No show on Monday because we're honoring those who labor but we'll be back on Tuesday with Patrick Beja. Who's French? Talk to you then. This show is part of the Frog Pants Network. Get more at frogpants.com. The Diamond Club hopes you have enjoyed this brover. Ha, ha, ha, ha, ha, ha.