 Coming up on D T N S. It's not U C S. It's Omicron. Who's responsibility is it not to play solitaire while driving after all? And I'll explain the things you need to know about log for shell as the great December patch March continues. This is the Daily Tech news for Wednesday, December 22nd, 2021 in Los Angeles. I'm Tom Merritt and from studio Redwood. I'm Sarah Lane in the snowbound Salt Lake City. I'm Scott Johnson and I'm the show's producer, Roger There is a longer version of this show where you get our opinions about more than just what's in the show. It's called Good Day Internet. It's available at patreon.com slash D T N S. By the way, big things to our top patrons, including Norm Physikus, Chris Allen and Mark Gibson. Let's start with a few tech things you should know. Sony Pictures Networks India announced a merger with Zee Entertainment that will form the second largest entertainment network in India behind Disney Hot Star. Post merger, the company will have over 75 TV channels, a large collection of film assets and two streaming platforms. Browser maker Vivaldi announced a partnership with Polestar to bring the first browser to Android Automotive OS. The browser will come to the Polestar to include tabbed browsing, support for media streaming and ad blocker and sync with other Vivaldi browsers. Vivaldi plans to expand support to more cars eventually. According to Cloudflare's top domains ranking, tiktok.com was the most popular domain from September to December of 2021, up from the seven spot last year and surpassing google.com. So quite a lift for tiktok.com. Instagram.com fell out of the top 10 in late 2021, not even in it, with fellow domain WhatsApp climbing into the top 10 for the first time. A moment to acknowledge the passing of google.com's lead. The Google Voice web app now lets you create custom rules for responding to incoming calls from specific contacts. This includes forwarding specific contacts to linked numbers or sending contacts directly to voicemail. Last week, Best Buy pulled TCL's Google TV 5 series and 6 series models from store shelves citing performance issues. TCL has since confirmed it's rolling out a software update to its entire Google TV lineup to provide significant performance improvements and as a result, Best Buy resumed sales of the models of the updates. All right, last January, January 2020, CES 2020 was all virtual. Vaccines were just starting to be delivered. Treatments were in their earliest stages. This year's CES is a hybrid. Now there are some virtual events for those who do not wish to attend in person, but in person events in Las Vegas are scheduled as well. And it just got a little more virtual in the face of the spread of the Omicron variant. T-Mobile, Metta, Twitter, Pinterest and iHeart radio all announced this week they will not attend CES in person or at least in large part. T-Mobile CEO Mike Sievert in fact will no longer offer his keynote in person or virtually. Although T-Mobile still intends to be part of CES as a sponsor, they are pulling out of the in-person stuff and I guess they couldn't put it together to do the virtual keynote. Samsung, GM, LG, Panasonic and Sony are all still attending as of now, although LG already plan to use QR codes and augmented reality to show off its products. They did not have a traditional booth. Bloomberg sources say Amazon will not send people though AMD Qualcomm 1 plus an HTC all still plan to attend according to Bloomberg. Samsung and Google have both said officially they are monitoring local conditions, which gives them both a chance to pull out at any time if they decide. The CTA issued a statement Wednesday saying at this point we're very much focused on having this show and doing it safely and putting the right protocols in place to ensure that people feel comfortable with it. CES requires attendees to have two vaccination shots and recommends testing for COVID before departure and within 24 hours of attending a venue in Las Vegas. CES starts with press previews on January 3rd and officially opens on January 5th. I mean it's easy to see this and go ah man just right when we were about to get it better it went weird again and that's kind of where we're at but you know if I remember back here in 2020 CES that year it didn't seem surprising that a lot of you know restrictions are put in place things became virtual like it just felt like well that's the year of 2020 and maybe 2021 because we're talking about January but I think everybody thought in their heart of hearts that maybe a whole year from now we'll have just a better time this will work better we're not going to have to face some whole new outbreak or whatever and it really really bums me out given the the rapidity of this this most recent threat and how quickly people are having to react reading this makes me just a little just a little more sad than I would be usually. Yeah I mean I think last year was a wash um a lot of us felt that way you know as disappointed as we were but this year felt like okay well there's all sorts of ways that everybody can be safe and make sure that you know if they're going to be you know in a place somewhere with a lot of other people you know for the love of technology then we're in we're in a good spot and so I wonder how much the these companies saying you know what we don't feel comfortable and we're going to pull out is going to be any sort of you know an effect to other companies who haven't yet made some sort of you know a line in the sand about it. Yeah we're getting close enough to the holiday break that I feel like this is the crest of that wave right like you you saw on Tuesday basically the end of the avalanche there'd been a few announcements earlier in the week and then T-Mobile came out and and then the Bloomberg reported about Amazon and and so I think this became sort of the the line in the sand I think was Wednesday like that's my guess anyway maybe proved wrong maybe maybe first of the year we'll get a couple more at the last minute pull out but you kind of have to you have to change your plans now uh in order to to really you know be able to like get refunds and cancel contracts and also have these companies you know big companies you know Metta, Twitter, Pinterest uh you know saying it's not worth it and so what is that going to do to a company who's like well we're already sending everybody there and let's still do it anyway and then deal with the repercussions. Well that's what I'm saying I'm saying that has happened and now we've seen who's going to go like yeah no we probably shouldn't do that either and who's saying I think this can be done safely. Omicron appears to be mild uh and and even even so you have to be vaccinated we we feel confident and taking stock with their employees I don't think you're going to see a lot of employees change their minds so then then then the or or companies change their minds so then the question becomes are they making a mistake uh and and to me I'm hoping I don't know neither one none of us know but I'm hoping that it ends up not being a mistake that this ends up being the protocols are are good the attendance is is low enough that you you don't have spread maybe even Omicron turns out not to be as lethal and deadly as as it was feared some of the early research seems to indicate that so you know fingers crossed that this ends up not being a problem on on the practical side of it I don't think it changes anything we're going to get all the announcements and we're going to be covering it and you know we right now we're sending a couple people there we'll we may change our minds on that ourselves we've got a little more flexibility than a large company does but uh but yeah I I don't think it'll change what news comes out of CES well if you're looking for cool display news I have some right now so you don't have to wait for CES although I'm sure this might get shown off it was LG one of the ones that pulled out now I'm losing track of who's who anyway LG announced the 27 inch dual excuse me dual up monitor you guys are going to love this with a unique 16 by 18 aspect ratio that sounds weird because it kind of is it looks like 269 monitors stacked vertically okay so imagine you putting those in that formation except this is one full display it offers 2560 by 2880 resolution 300 nits of brightness and supports usbc power delivery devices of up to 86 watts so that's pretty cool in a daisy chain scenario LG says the dual up will give you the same screen real estate as two 21.5 inch displays and as a vertical split view function that lets the user see more in one glance that's a direct quote and it attaches to LG's included ergo stand which can clamp to some desks and tables as a space saver usually let's let me have to get extra so that's kind of nice LG claims the display also helps quote reduce side to side head movements the main cause of neck pain I can relate to this it also has two hdmi ports one upstream usbc port for your computer of course and two downstream usb usbc ports but they aren't thunderbolt ports it's an important thing to note no word on any pricing or availability but I can tell you somebody's always in the market for cool ways to handle more production with screens and the like this seems pretty neat I like it yeah we were just talking about this uh the dts crew was talking about how you know how how we all look at you know our skype window when we're doing the show for example and also handling discord and you know our twitter feeds and all the other things that you might want to have open I have one very large monitor um it's a 28 inch it's big um but uh what's what's great about the LG monitor is you look at it and you kind of go oh gosh that's totally different um it's longer than it is wide but then you think oh okay if I had a couple of those now I'm really in business because you you basically have now given yourself four monitors and and you know in the event that you need to have something like is super wide that's you know maybe it's not for you but otherwise I think as far as uh like a you know a creative situation is going this is it's pretty cool yeah it's rad if I have my way I would do this this is just Scott's idea no one has to adhere to my ideas but I'd go ultra wide in front of me and I do one of these to the left of me or to the right of me and have that double stacked feature there because so much of the time that's where a second monitor is anyway it's a great place for staging everything and having stuff running that I don't need to mess with or have windows come in front of maybe I'm capturing screen whatever and in many ways it's a scrolling thing right so that the vertical nature of it makes more sense than having some other big monitor that you have to make space for yeah it was it's so funny this news broke shortly after my wife called me and she's like what do you think of this and she she had a two monitor setup two 27 inch monitors I think and she had taken one of them and made it vertical so that it's it's portrait mode and she had her company email and her company slack on that and it was kind of the same idea right it's just narrower because it's a it's a normal monitor but I when as soon as I saw this I'm like oh well she could totally use this for that to have that scrolling like you're talking about you know like your your scrolling slack your scrolling email be compartmentalized separate visually from whatever you're working on whether it's editing or looking at videos or or or whatever else she's doing in there so yeah I it's funny I almost feel like LG's doing themselves a disservice in this view because I know they're showing a video editor and I get it but I think most people look at it and they like well is that two monitors because it's like the big video at the top and the editing controls at the bottom what you may not realize is that that editing control at the bottom isn't a full monitor it's bigger than a full monitor size right and the video is taken up the top of it so yeah I I think this is I I think we're gonna get more and more of this as as displays are somewhat commoditized and usb-c has made it easier to daisy chain them and Thunderbolt too although this isn't Thunderbolt I I think we're gonna see more of this kind of situation and to where what works for you is what you'll be able to do not what monitor you can get well Thunderbolt Thunderbolt ports would work for me um that aside though I I do think that you know I I thought about this for a while that computer monitors are like little TVs they do a lot of other things you can have multiple monitors and when you're sitting at your work station you're probably you could watch TV if you want but you don't have to watch TV but to have just different form factors going forward and it to not be this sort of like oh it's a TV but for your computer is is kind of cool and I you know I'm excited to see where these go well folks if you have a thought about this or anything else on the show uh and you want to email us here's our email address feedback at dailytechnewshow.com an engineer from Alibaba found the log for j vulnerability and reported it to Apache on November 24th so that it could get patched before it became a problem although it is a huge problem anyway uh in response to that early identification China's ministry of industry and information technology has suspended its security partnership with Alibaba for six months because China passed a law in September requiring companies to report vulnerabilities immediately to the product makers which happened and then to a Chinese information sharing platform within two days which did not happen I think this may be getting mis reported in some places as China punishing somebody for for not telling them uh it was for not following the rules they're supposed to make this vulnerability available on this sharing platform now I don't know why they didn't maybe they felt two days was too fast and they and this vulnerability was so bad they wanted to give it more time but that's what happened they didn't follow this rule about a two-day sharing anyway log for j vulnerability which is called log for shell is still making headlines and it is still getting patched and I thought we could use a look at some of the common questions and misconceptions about it if you're seeing the headlines and you're like what is this again one of the biggest issues about log for j is that it is everywhere it's not unusual that something like this would get reused so much but everybody needs logging and this is a really good piece of code for logging developers don't write every piece of code from scratch they frequently reuse blocks of code that have been shown to be fit for purpose log for j is a really big example of that need to log something no need to write a logging tool use log for j that's not the controversial part of the story log for j is a really common component in software packages it isn't in one place that's one thing to remember when you're like what's taking them so long to patch this it's everywhere sometimes a java package doesn't even list log for j as its dependency because it's one of the dependencies in the package of a dependency so the java package may say here's the dependencies and log for j isn't on there because one of those dependencies has logged for j and you don't go down so you have to know it's there to patch it and you might not know unless you dig in and look 80 percent of packages have logged for j more than one dependency deep log for j is in fact present in more than 35863 java packages on the maven central repository where java packages are collected and made available to devs those 35 thousand packages are spread across millions of pieces of software not all of those packages are updated yet either so you have to get the package updated in order to update the software that uses the package it's certainly fun to embarrass big companies by naming them as vulnerable to log for shell but the fact is it would save a lot of time to just list the servers out there that aren't all servers log and I would venture to say almost all servers use log for j to do it certainly a large number of them for example google has 500 engineers going through the company's code looking for all instances and figuring out how to patch them that's one thing it's everywhere the other is it's easy to exploit log for j looks at requests sent to a server and interprets them so it knows how to make a log entry let's say a minecraft user is entering a command it might be useful later to know what the real name of that user is so why not have the log add that so you don't have to do a separate look at when you're troubleshooting to do that you could very easily have log for j take a quick look at your server's directory maybe it's ldap look up the username pull in the associated real name and put it in the log that's not a privacy violation this is all info already on the server you're just arranging it to make it more useful later log for j allows any look up or allowed any look up to be parsed that's where things went wrong i don't guess it was designed that way just that nobody thought about it being used that way so they didn't put in a safeguard that limited the look up however somebody finally did think of that and once it was found out if the user input being logged included a look up to a malicious server log for j just resolved that like any other look up is like oh you want me to look there great that's where i'll look resolving that could then meet a malicious server didn't send a name associated with the username but sent some java code that was executed to install malware a typical remote code execution attack and from there you do ransomware reverse shells botnets etc so what do you do the answer is buy your sys admin or developer a coffee or a beer or seven and thank them profusely because this has to be done at the server end uh and on your end patch patch patch uh keep an eye out for patches and and look for the patch that's coming to whatever device you use so not a ton to add here except you know and you and you went pretty deep into it but this this idea of it being one of the worst ones you see quotes about this the worst vulnerability we've had in two decades or whatever it it really does come down to the very little effort for a lot of damage a lot of potential damage so uh let's hope everybody gets patched and we're past this as soon as possible and yes somebody sys admins in our chat room uh already correcting me on things i know i oversimplified stuff i know there's a lot of servers that aren't java out there but i hope the point is taken like like it being widespread doesn't mean somebody drop the ball it just means hand somebody figured out a vulnerability that nobody thought of ahead of time well moving into car technology teslas cars have a big old touchscreen in the center console that lets you access cabin controls ac put up maps for navigation and select and play music a lot of other cars have adopted the same idea but tesla was the first and arguably still has the biggest panel but a year ago the system added passenger play with solitaire and sky force reloaded as options something as a passenger you might want to play which made it possible for a passenger in the car to play the game when the car was in motion because the driver wasn't playing just the passenger or somebody in the back however the u.s national highway traffic safety administration is investigating now whether 580 000 tesla drivers may be playing the game while the car is in motion and if that also distracts them this past year the administration received one complaint just one about passenger play from a retired reporter who discovered the ability worked for him as a driver with no passenger in the car he said hey this is a bad idea but just the one there have been no reported injuries or crashes related to the feature though yeah it feels like the the administration the traffic safety administration was like okay some some guy decided that we have to investigate this so we do but i don't see anybody using this wrong like sure maybe somebody could but it almost feels like in this particular case people know like yeah don't play solitaire while you're actually driving well that's not deprived the passenger of a little fun just because maybe somebody somewhere won't know that well and you know for anybody who's you know i it's not like i've been like in that many tesla cars but it is jarring if you're not used to that center panel the first time you see it you're like oh it's huge like let's use it i can see as a passenger you'd be like i want all the options afforded to me obviously the driver has to do other things but uh but yeah it it's not weird that you would have more and more you know like fun options like games for passengers but uh but yeah it nobody should be playing games while they're driving but but again it doesn't sound like that's what's going on here no now we had a big discussion about this on core the video game podcast i do and me and my hosts were trying to get her heads around um what you'd actually want in a car and it always came down to well passenger board and you're driving so passenger give them something to do people in the back give them something to do these are all obvious uh answers and it already sort of exists and you know slap dash ways like you know video players hanging on the back of seats for your kids or some built-in options for other cars in this particular case you're talking about such a technological platform for which you can build then build on the entire cars based around the idea that we're rethinking how all of this works so why not that kind of or those kinds of entertainment and until the cars are like 99.99% 100 perficient self-drivers when you're on a long haul drive to california then we should probably talk about it because now that driver's going to be bored we i can't foresee a day when we were we were truly letting the car do all the heavy lifting and we're not having to keep our hands on the wheel when that day comes gotta give that guy something to do and i'm fine with that i just don't think it's now yeah that's all i i think there's two issues here one is oh it's tesla so the immediate headline and controversy and two that center panel is huge and in the middle so i guess there is a fair question of if i the passenger and playing uh sky force reloaded does that distract the driver right not because they're trying to play a game irresponsibly but because it's right there right uh doesn't seem like that has been a complaint yet it's only theoretical but you know now i guess maybe worthwhile to investigate well if you hang out in vr like i do and you think i just wish my favorite celebrity also is hanging out in vr well if you use the app supernatural you might be in luck because supernatural is partnering with comedian tiffany haddish uh also an actress uh you probably know her she's very funny to release a new workout series on the platform is part of its upcoming this year b u campaign which will add four workouts for users featuring haddish in 2022 it's worth noting that within and that's the parent company of supernatural is uh in an ongoing f tc probe which is looking into metas planned to acquire within now that is sort of beside the point here uh you know it could make things a little bit messy in 2022 but i will say as somebody who um you know i'm a supernatural fan you all know i can't stop talking about it i love that app it is so much fun um but what you do get is you know it's it's the equivalent of going into your local gym and one of the coaches is leading a class you know and you got your favorite coaches and that's fun that's great um and they're all really great um there is also a huge supernatural facebook community um the biggest that i've ever seen really um and you know a lot of personal stuff from people that people add and share you know about weight loss or you know health uh journeys or you know all all the reasons that they have decided to start this workout series and uh recently they actually had somebody from the community do like a one-off like okay she's your coach for the day type thing and it was a huge hit and this was just sort of you know somebody who loved supernatural and loved the community and was super active you know in the facebook group and was sort of you know picked out as like a person to say like okay what if we kind of change it up a little bit you know are people still going to have a lot of fun huge success so just the idea that this could also be like somebody that you respect you know and think is funny or you know is you know in your favorite movie type thing i think this and again you know supernatural i know i like i i i don't want to be a spokesperson for it you know and i know i sound like that a at times but for all sorts of apps like this uh this is this is we're getting there yeah here's the thing i would say you really want to get me you get one of the you get one or both of the winchester brothers from the television series supernatural you get them on there so you get Jared Padalecki or that Jensen Ackles guy and those are your two dudes and now they're in supernatural that kind of you know inception is where i'm coming from that's what i want yeah please please within take scott's idea go run with it while you can all right let's check out the mailbag oh we got a good one from Jerome Jerome says i have a handy email signature i'd like to pass along i took the time to enter a signature for my email that is highly personalized this is something that we're going to have on our show nets i don't want to just say it out loud for Jerome's you know privacy purposes but Jerome says my friends know if they don't see this signature it's probably not for me spammers really can't do the individualization needed yeah and we don't won't even put Jerome's signature in the show notes uh but it has uh a quote from Hobbes that he has kind of you know changed so that it's personalized it has a thing about typos with actual typos uh it it it is uh it is it is unique and so the idea you don't even have to really know what's in it but the idea is that Jerome says look everybody sees my crazy weird unique signature and if they don't see it then immediate suspicion because they'll get used to seeing it has it really big type too so that way it stands out i mean it's not a silver bullet obviously if somebody really wanted to get Jerome they could take the signature and copy it and then fish his friends but that's a pretty specific attack so you know it's a nice speed bump along the way of making sure that at least people won't get fished by someone pretending to be Jerome very easily indeed uh Jerome we'd like your gumption um if anybody has life hacks you'd like to share with us please do send them our way feedback at daily tech news show dot com we also have some brand new bosses we'd like to thank them right now Paul Schmidt Dave Gallo Thomas Raphael all started backing us on patreon so thank you Paul thank you Dave thank you Thomas and thank you to you Scott Johnson um we we also you know we clap for you always yeah no look uh i'm used to my own laugh track my own clapping all that stuff follows me everywhere i go not true uh well thanks for having me on i always like to be on and uh if you're this christmas going man you know what i'd really like for christmas i'd like a new podcast in 2022 that focuses entirely on nothing but retro gaming oh boy am i excited to tell you then your wish has come true it's a christmas miracle starting in january of 2022 uh specifically the third i'm launching a new show with my cohort brian doneaway called retro play or play retro rather we had to go the other way because someone else had the other one play retro which you can find over at frogfans.com slash play retro nothing's up yet but uh the beginnings of all of it is there we're all set to launch and if you like retro video games arcade stuff NES super any else all that old stuff uh we're really excited about this so go check that out everything else can be found at frogfans.com including my twitter account which is at scott johnson well we always love to have you on this show speaking of our show we only have one more live show this year and that is tomorrow catch us then at 4 30 p.m eastern 21 30 utc you can find out more at dailytechnewshow.com slash live we'll be back tomorrow with og d tns producer jenny josephson and possibly more friends may pop up as well don't miss it back to you then this show is part of the frog pants network get more at frogpants.com club hopes you have enjoyed this brover