 Daily Tech News show is made possible by you listening right now. Thank you. Maybe you're Brad or Kevin Morgan or Paul Teeson or our brand new patron, the youngest member of our Patreon family, Daniel. Yay, Daniel. Thank you, Daniel. On this episode of DTNS, a side channel attack on Apple M series chips and how to defend against it. Open AI cozies up to the filmmakers and Nicole Lee shares her experience riding in the robo taxis of San Francisco. This is the Daily Tech News for Friday, March 22nd, 2024 in Los Angeles. I'm Tom Merritt and from studio Redwood adjacent that I didn't think I was going to be at today, but I am. I'm Sarah Lane from San Francisco. I'm Nicole Lee drawing the top tech stories in Cleveland. I'm Len Peralta and I'm the show's producer, Roger Yeah, our our usual thing these days is Studio Animal House. We haven't heard Studio Redwood in a minute. That's crazy. I know, I know. I am back up in NorCal, neck of the woods, long story. If anybody wants to subscribe to have such a good day. I'll tell you a lot more about that. Right. But in the interest of time, let's talk some tech news. Let's start with the quick hits. At Ponte own Vancouver 2024 contestants demoed 19 zero day vulnerabilities in Windows 11, Tesla, Ubuntu, Linux and other services and software in a battle to win 732 $1500 and a Tesla Model 3 car and many awards were actually won Haboob's essays, Abdul Aziz Harari used an Adobe Reader exploit combined with an API restriction bypass and a command injection bug to gain access at execution on Mac OS to earn $50,000, but that's not all French security company sign active won the Tesla Model 3 and also $200,000 after hacking the Tesla ECU with vehicle or VH can bus 200,000 control in other in under 30 seconds using an integer overflow now theory security researchers Guan Zhang Zhang and you know Lee won $130,000 after escaping a VMware workstation VM to gain code execution as system on the host Windows OS using a chain targeting an uninitialized variable buck a UAF week so to speak and a heat bus buffer buffer overflow so you know people want to let it stuff at the 17 years 17 years Ponte owns been going on pretty pretty pretty cool that it's still kicking previously on Daily Tech news show we mentioned that Apple is reportedly in talks with Google and open AI possibly even anthropic to provide cloud AI services for iOS of course in China you have to be vetted to offer AI services and surprise surprise Google and open AI have not been approved weirdly only Chinese companies have been approved to offer AI in China so it should not be a shock that Apple is reportedly talking with China's Baidu about integrating its Ernie bot into iOS in China in the meantime it's good to note that Microsoft has added to a spell check to notepad in Windows 11 misspelled words are underlined in red now you can right click to see suggested fixes just like word has been doing for quite some time decades even there's even an option to autocorrect as you type if you like to live on the edge which you know I mean many of you do the feature is available to select users of Windows Insider build 11.2402.18.0 on May 20th Microsoft will announce consumer versions of its surface laptops consumer versions of the business laptops it announced earlier this week the reliable analysts out there expect those devices to run on ARM processors not the Intel processors that the business models run on that may give you pause about things like software compatibility especially when you're talking about games but Qualcomm told developers at GDC that its Snapdragon X Elite system will have emulation that can run x86 games at full speed they said it's the GPU that's the issue so don't worry about it it's going to be fine you won't even need to tweak any of your code now the exception would be if your game uses kernel level anti cheat codes those won't work at all however developers can of course port their titles to ARM and Qualcomm will also offer support for hybrid ARM development which runs Windows libraries and Qualcomm drivers natively while emulating everything else. A law in the US state of Tennessee goes into force July 1st to protect songwriters performers and other musicians unauthorized imitation by generative models photographs likenesses are considered property right in Tennessee not a publicity right the ensuring likeness voice and image security act or Elvis act Tennessee get it gives vocal likeness the same protection it also makes people liable to civil action if they produce a person's name photograph voice or likeness without proper authorization. It's going to come back up later in the show stick around security pros have developed another side channel attack they call go fetch that works against apples and one and two and three processors this one is a little more complicated however it uses something called a data memory dependent pre-fetch or DMP DMP looks for patterns in memory cache to and tip anticipate data that might be needed and then fetch it in advance so it speeds up operations and theory but Tom how does it actually work. Yeah, how does this vulnerability work apples DMP mixes data and memory access patterns Intel has a version of this as well they call there's a different thing they call it DDP but there's doesn't mix those and that's an important distinction in Apple's case the DMP will activate to access the data when a data pointer fits the pattern is based don't get let that get y'all hung up that means an attacker can feed inputs that look like a data pointer and then watch to see if the DMP activates if it does then that must be part of the cryptographic key do that enough times a computer speed and you can reconstruct a cryptographic key sometimes in as little as a half an hour now you're not supposed to let the DMP mix the data request and the pointers for just this reason the researchers were able to recreate private cryptographic keys of algorithms like open SSL Diffie Hellman go RSA crystals Kyber and I lithium on the M1 the DMP is built into hardware on the M1 M2 and M3 so even though they didn't try it with M2 and M3 there really isn't any reason that the attack wouldn't work on those so Sarah what are they saying a Mac user ought to do well because it is a hardware vulnerability there's no real way to patch it but you can mitigate it through software with the M3 you can turn off DMP for the M1 and M2 you need to flood the DMP's input so the attacker won't be able to interpret the side channel clearly those solutions all slowed down the processor now Apple might not wish to do any of this because of performance hit that Apple will get you know with what I've laid out so in the meantime you should continue to just be real careful about what software you allow to be installed on your macOS devices all right Nicole does this make you kind of I don't know feel weird throw away your Mac somewhere in between you know where I yeah I think like you mentioned the as long as you don't install malicious apps in the first place but I think there's something called Apple's gatekeeper which is a thing you can turn on I think so I think it's on by default and that way you won't likely install malicious apps in the first place I think gatekeeper allows only allows apps from the Mac app store and non app store installations from Apple registered developers so if you want to be you may want to be extra cautious of course manually approving apps that from unregistered developers but I think if you go like sort of the official routes of downloading your apps I think you should be okay and I think I should be okay to cross fingers crossed you're not gonna throw away your back okay yeah I would not recommend throwing away your back this is probably not going to affect most people especially if you are really careful like Nicole's recommending which is a good recommendation and just don't install software unless you're absolutely sure it's safe and a good way to do that is to restrict the software you install to that that has been vetted Willie Scott in our chat room pointing out that you know technically the iPad pro would be vulnerable to this as well any any iPad the iPad air with the M ship would be it's wouldn't affect the iPhone or most iPads that have the A chip but if they have the M chip it might if it has the M1 M2 or M3 obviously Apple can fix this in the M4 I don't think this is devastating but it's good to be aware of right. I would say yeah I mean you know this is you know I think especially Mac users you know we often go like doesn't apply to us you know Windows hacks you know or whatever you know we're we're in a different world now and you know the more we know the better. Yeah and just yeah I think that I think it's a really good point because there is this sort of meme for lack of a better word that oh Mac users don't have to worry because it Apple is secure and that hasn't really been true for a long time. Yeah but this is a situation where even the extra precautions that Apple does take in its software have to be respected and paid attention to in order to keep yourself safe. I don't think most people are going to have you're going to fall victim to this but you know extra reason to continue to follow the safe installation of software practices that you have been following up until now. Yeah. Well let's talk about open AI going to Hollywood everybody open who wants to break into the movie business but you know what you're saying what in the heck you know what can't they do let us explain Bloomberg sources say that open AI has scheduled meetings in Los Angeles that is obviously you know where Hollywood is located although Hollywood is very global at this point next week with content studios media executives and talent agencies in an effort to form partnerships in the industry encouraging filmmakers to integrate open AI's new video generator into their work reportedly in late February last month open AI CEO Brad like cap ran some conversations in Hollywood as well. They have been around the block along with a couple of his colleagues like cap reportedly demonstrated the capabilities of Sora that's the unreleased new service that can generate realistic looking videos short videos but realistic up to a minute in length based on text prompts forum users open AI CEO Sam Altman was seen attending parties in Los Angeles during the weekend of the Academy Awards. So you know besides the fact that you know cool was he gonna are gonna cool cool people gonna cool but otherwise Nicole you know what do you think about this I mean we're obviously in very early days here but what you know what do you think they're going for. I mean to your point is so it's early it's so early days to where like I've seen some very impressive Sora videos obviously but they're only like what five minutes ten minutes maybe that maybe less than that yeah so they're they're you know they're very short clips and there was a some service I've seen they're like horrible just like the mangled faces and mangled bodies so they're not good at all so obviously there's still a need for like human actors and the situation and I think if you use it as a tool perhaps in your production process and not replacing labor per se then I can kind of see it being used but it really depends on what the what executives want this AI to do and whether or not the the the labor unions have a say in all of this as well. Well labor unions had a say in this with a long strike that they they got written into a contract so there there's at least a little bit of protection there. I also imagine that Brad like cap and Sam Altman would deliver a long slow sigh if they hear someone say well I hope you're not going to replace actors with this because while they probably wouldn't want to say it out loud they probably know like yeah this thing isn't anywhere close to being able to do an entire movie. I look at this and I think they are smart to engage the movie studios as a friend to say look look we have not released this public we're trying to do the right thing we're trying to be safe. Let's introduce you to what it can and cannot do and see where it fits in your pre and post production processes because I feel like that's that's what realistically this is good for this is not good for replacing an actor but the kind of thing that we've seen where you can make an act you can de age an actor or you can you can sort of tweak something where an actor only has to deliver the lines things that you would do with motion capture and CG this is not that different than that it just can do it faster and easier. I think also you know there have been some pushback in recent months and maybe years even on how VFX workers have been overworked to the point where like they you know like bringing long hours to do all the things that Marvel and DC wants to do. Yeah so maybe this will help them of course you know obviously they should be given you know full employment rights as well but in addition to perhaps you know. Yeah that's a good point I mean you know we we talk all the time about people saying oh no taken the jobs and we've talked about how we don't think you know here on DTNS that that is always going to be the situation in fact it can make very highly skilled people just be better at their jobs but at the same time you know I think of something like Toy Story you know it's like can AI at some point make you know Toy Story Part 7 I don't know where we're at at this point you know but like but like maybe I mean we might be going to that point and is that going to be a great movie maybe if you're 5 years old you say yeah maybe if you're my age you say well wasn't that good you know it wasn't as smart you know it was different but I think you know that's the conversation that we're having at this point is like what can we make that is considered good content. It can't do any of that stuff yet but that's the thing I keep going back to it's so far away and it's I open eyes in a weird position because they want them they want you to believe that it's capable of doing that or it's going to be capable of doing that with GPT 5 and I think it's getting closer but it's never ever never say never it's going to be a long time before it can do it unsupervised and as soon as you have to supervise it well then you have to bring in a human you have to guide it you have to tweak it you have to polish it and the more I use AI the more I realize man it's really helpful at some things but it always needs me to fix it and always need to polish it right yeah so I think that's that's what's going on here is they're like yeah you could make toy story in half the time you could produce you know three toy stories a year if you want it yeah please don't do it. But you know what you can increase the production level and keep the same employment right like so don't replace the programmers use them to increase the output use them to increase the quality of the output because this tool lets them stop doing groundwork. That's what they should do not saying it's what they will do but it's what they should do and I think that's probably what open AI is pitching here. Yeah least I hope so well folks sometimes you may look at Tom and go like great yeah you have all kinds of great ideas for what open AI should be doing what do you do in a week well I've got 60 seconds worth of video to show you it's Tom's top five this week it's the tech I use in a week you've seen the YouTube means out there food I eat in a week things I do in a week places I go in a week this is tech I use in a week go check out it's only 60 seconds long it's the latest top five you can catch it at daily tech news show on tiktok DTS picks on Instagram and at youtube.com slash daily tech news. Auto week posted a story this week written by Todd Lassa and called forget flying cars where are the robo taxis after several accidents involving self-driving cars there's been some public backlash as well as vandalism Lassa cites a March 2022 Pew survey which found that 20 I'm sorry 44% of people surveyed believe that widespread use of driverless cars would be bad for society 28% felt they were good and 29 were just not sure but not many people have even ridden and autonomous car because you know you have to be in certain places to even be able to do that. Nicole has though and Nicole is with us today to tell her tale after writing them in multiple times in in you know various areas Nicole. Let's talk about autonomous cars how do you feel about them. I I have the same concerns as a lot of people do on safety and whether or not like you know they're there you know they follow traffic rules that kind of thing with their their their safety right on but I was very excited full disclosure I was very excited to ride in an autonomous robo taxi per se I just don't like talking you know whenever I'm in the lift or Uber I don't want to talk to the driver I don't talk to anyone I don't listen to any I just it's like in my zone you know and there was one but it was one point I think last year where I I wrote a lift and the he was it's full on singing he was just full on song and was like I'm happy for you was a good it was just like it was okay I guess I don't know if it was full on singing I'm just like it is 11pm right now and I don't know singing so it was just like I just was not pleased with this whereas with the robo taxi there's just no one there and you can play your own songs you know like it's just you so I'm like one of those people that I just just want to be my own zone and just leave me alone in the car so I I took cruise last year before they got shut down and I also been I wasn't recently been start using Waymo a lot more in San Francisco and the the reason so cruise the way they used to operate in San Francisco was the only operated between the hours of 9pm to like 6am and only within the the confines of San Francisco itself and for Waymo they operate 24 7 but again within the confines of San Francisco and my experiences with both are varied one one one observation I will say is that they are very cautious like almost overly cautious to the point where like they will stop at every intersection every which is which is what you should do but a lot of drivers don't always stop all the way you know at every intersection and but they will stop at every intersection every light they are like almost overly cautious what I would say like to the point where like they're very heavy on the break feel it as a passenger so my mom got it it's a break exactly kind of like that's kind of a good comparison definitely how my mom drove like I'm not saying all moms drive like that I'm saying my mom specifically definitely that yeah very cautious driving which is what you want but also like to the point where you get kind of annoyed as a passenger like well that's a lot of breaking you know but I was fine there were and the two things that I didn't quite like and I think this is same on both crews and Waymo but even more so with crews was that they never picked you up where you that you want them to pick you up you always have to like walk a couple of blocks or something to pick them up which makes sense in certain situations because you don't they don't want to be like blocking traffic and they want to be pick you up at a space at a place where like it's easy for them to like get to the curb so you can go open the door kind of a thing we just fine but like there are some situations where I think they're overly cautious where like there's clearly a space for the car to go there but it's not a big enough space it's too too cramped of a space so they will like find a giant space to park by the curb but that's usually like a block or two away so you have to like travel to the thing so that's so that's one thing the other thing and this is I think within San Francisco I'm not sure how it is in Phoenix I'm not sure how it is how we will be in Los Angeles which is an interesting point is that in San Francisco anyway they're not allowed to go on freeways so what that means for travel within San Francisco anyway is that it's typically a little slower a little longer because you have to avoid freeways and you only have to go on surface trees and I don't know how they'll work in Los Angeles which is an interesting question at rush hour it'll work great because you can't make any progress on the freeway anyway right so yeah I mean I have it all the way down is the thing I have said many times adaptive cruise control I'm like this is pretty great but if I really didn't have to think about it and you know do when work in the backseat type thing I mean that's the dream as long as it works well right the weird the weird thing is that the highway driving is more proven for autonomous systems right it's harder for them to do the surface streets so they're they're doing the harder thing for them which is why I think you were experiencing such like frustration at like oh my god this is taking forever they're being so extra cautious that's really interesting to think about yeah and the other thing is that based on my personal experience again I do agree with cruise with them stopping cruise because the stopping cruises operations because they have been in very serious altercations like there was a pedestrian that was injured severely drag yeah so there was a this I really agree with them stopping cruises operations way more from my experience just does tend to have very good sensors there's a little LCD screen on the back when you when you write again in the car the passenger seat you can see that they have their sensors on their cars they can see like a wide berth around them so they can see vehicles and and and I guess pedestrians even like just way bigger and way larger of a situation that even like a driver would be able to like you know by looking around with their cars coming up can you see what they see when you're in the car when you're as a writer did do they have yeah they they see they will show the sensor view on the display yeah so you can see from a top down view oh there's like two cars two streets away from me and like as a driver I would never be able to see that right but yeah vehicle you can you can sense these oncoming vehicles so that's interesting for me and then this is not really related to the driving capabilities of the cars but the other thing that I found personally annoying is Gawkers Street Gawkers yeah I I find that kind of I'm a really invasive like yeah I'm just trying to get to my place but there are people like there are people like standing well yeah cuz you're you're like in the bridge technology situation right you know where you're like I'm doing a thing that works and people eventually go away right yeah I used to gawk at iPhone users too so but it was like taking photos I'm like okay taking photos like those those one guy that was so brazen he came right to the door but I was it was traffic it was it was behind like a great light at the traffic and this guy just came right to the door and just looked in the window I'm like excuse me it sounds like you never had a negative reaction to the the technology personally it was the it was the humans that caused more problems for you it was the humans it was just like okay just let me let me be by myself so you never had an accident or you were not involved in anything like that anything no there was one again small incident but I think it does show the doubt the pitfalls the flaws of the service so way more whenever it is a stop sign or stop which makes sense right but there was one time when there was it was a construction zone and someone had it like a makeshift stop sign in the middle of the street and it stopped at that it was like that's not a real stop sign that was like some construction makeshift stop sign but it stopped in the middle of the road so that's not good but also like it was just following the it was yeah it was on the on the safer side yeah I think it's I think it's interesting that it's a really good perspective to get from someone like you that that has written these that yes all you hear about are the negative accidents and you don't hear as much about the accidents that happen with human drivers that happen every day but in reality they're trying to be so cautious it's almost frustrating for you just the last thing before we move on to the mailbag what how many rides do you think you took overall so far. Oh more than a dozen. Yeah, okay, I use it a lot. It's basically replaced Uber for me. Wow. Well, that's great. Oh, thank you, Nicole for for sharing that with us and keep keep an eye on what Nicole's doing because I'm sure she's going to keep sharing more of those experiences. All right, let's check out the mailbag. Let's do we got a new one from Rico who sent us an audio message responding to Kevin who sent us a message couple weeks ago about how to play a series of videos sort of like you know the old days of cable kind of like old TV is your Belgian drinking buddy Rico look at back on show 4697 and somewhere around February 1st and a listener by the name of Kevin wrote in to you know ask for some kind of ideas or propose an idea because he missed the days of cable that he could just leave his TV playing stuff and it was kind of just background noise right and you know you guys recommended a Pluto TV or something like this and he remind me of something and I think it was maybe just Robert Young could have been Brian brush would recommend it as many years ago but it stuck with me and I'm surprised that to this day nobody has ever implemented something like this and it is something like this like imagine a Netflix right you have a bunch of stuff bookmarked and instead of next time I open Netflix don't just give me the list just start playing one of those things right away but the trick is don't play from the beginning start from like 1520 minutes into it you know and I noticed that I did this trick myself manually and it's amazing how many of these things I checked off my list because I don't know any time you see the introduction real and all this the opening of anything it's heavy put me 15 minutes into it and I'm like okay I can watch this and next you know it's two hours later and I've watched the whole movie that I've been promising myself since like five years to watch I find I did it thanks thank you Rico he is in fact literally my yeah yeah good to hear from you man and Netflix did have one of their hack hacker day projects where they were trying to do something like you're describing but they never really rolled it out for people to use as part of the regular platform so good good good memory and a good thing to think about all right before we wrap up we should check in with Len Peralta who has been illustrating today's show Len what have you drawn hey do you remember in who framed Roger Rabbit there's that character named Benny he's a taxi you know that that drives around autonomously yeah yeah yeah yeah so the answer to where are the Robotaxies is this Benny is taking him out right because he's that's what I think it's happening yeah poor Benny he's just sort of like you know he's around to town he's into it it's okay well he's not well he's not into it that's the thing he's taking him out he's not he's only into him do it exactly he don't know nothing man if you're a Benny fan and I know many of you are you can go to my patreon patreon.com forward slash Len you get this immediately or I gotta be honest to you guys go to my online store if you're not gonna get this you know commission me for something I'd love to draw something for you so go ahead and do that Len Peralta store.com yeah it's like a I except a human you can prompt to Len and he'll draw something it's crazy it's amazing well and always a pleasure Nicole Lee so nice to see you back it's been too long let folks know what they keep up with your latest. I haven't updated in a while but you can go to Nicole Lee dot news that's my newsletter and you can find what I'm up to there. Nicole's Lee tol newsletter. Patrons stick around for the extended show. Good day Internet Friday means we try to have a little fun we do quizzes we do games at the great GDI debates are back. We are going to be talking about all kinds of cool stuff. So by all means stick around to find out what we debate in the just a reminder though we do the show live you catch a show live Monday to Friday at 4 p.m. Eastern 20 hundred UTC find out more at daily tech news show dot com slash live. We hope you have a wonderful weekend we will be back on Monday with Trisha Hershberger joining us talk to that. This week's episodes of Daily Tech News show were created by the following people host producer and writer Tom Merritt host producer and writer Sarah Lane executive producer and Booker Roger Chang producer writer and co-host Rob Dunwood video producer and Twitch producer Joe Coons technical producer Anthony Lamos Spanish language host writer and producer Dan Campos science correspondent Dr. Nikki Ackerman's social media producer and moderator Zoe Dutterty our mods beatmaster W. Scott is one bio cow Captain Kipper Steve Guadirama Paul Reese Matthew J. Stevens aka Gadget Virtuoso and JD Galloway modern video hosting by Dan Christensen music and art provided by Martin Bell Dan Looters Mustafa a cast and Len Peralta live art performed by Len Peralta a cast ad support from Tatiana Matias Patreon support from Tom McNeil contributors to this week shows included Scott Johnson Chris Christensen Justin Robert Young Patrick Beja and Nicole Lee and thanks to all the patrons who make the show possible. This show is part of the frog pants network get more at frog pants dot com. Hope you have enjoyed this program.