 Hi, this is Allison Sheridan with the No Silicast podcast, hosted at podfeed.com, a technology podcast with an ever so slight Apple bias. Today is Sunday, June 25th, 2023, and this is show number 946. Guys, guys, guys, guys, guys, I just had the best chichett across the pond interview of all time. Even Bart, who is on all of the great ones, if you take the area under the curve, Bart's interviews have all been better, but this one interview is possibly the pinnacle of my career as a podcaster. Here's the setup. Have you always figured that astrophysics was a subject beyond your grasp? In this week's Chichett Across the Pond, Nobel Prize winner, Dr. Andrea Gez from UCLA joined me to explain how she and her team proved that there is a supermassive black hole at the center of our galaxy. Now, that sounds super nerdy, and I love that it's Chichett Across the Pond light, by the way, but she does it in such a human-friendly way. I mean, we're laughing all through this. It was just so much fun. Now, it's important to note that in 2020, she became only the fourth woman in history to win the Nobel Prize in physics. Seriously, she is a rock star. Anyway, Steve and I were lucky enough to become friends with Andrea on our circumnavigation around Iceland, and then we got to be with her again on our trip to Antarctica. And to be perfectly honest, we actually signed up for Antarctica because we knew Andrea was gonna be lecturing. That's why we chose that trip. So since this was such a momentous interview, we have audio and video of the interview with Dr. Gez, and I gotta give Steve big chops for putting the video together. So if you follow the link in the show notes, you can go watch her and I talking, but it's the same interview if you just listened to us. So either way you wanna do it is gonna be great. There's also a link in the show notes in the episode to go to the UCLA Galactic Center Group where you can look at photos, images, and videos, and even download them of some of the discoveries and the work that they've done. So this is the coolest thing I've ever done. Please, please, please go over and listen to Dr. Andrea Gez on Chitchat Across the Pond, number 770. Now this is gonna be a hard act to follow, but we had another Chitchat Across the Pond this week, episode 777, I'll get it yet, 771, was Bart Bouchotte's I'm Programming by Stealth, and we're calling it 152A. And let me give you the setup on this and why this is A in this case. Now I don't always make the time to pre-read the show notes for programming by Stealth, but I never regret it when I do make the time. I always tell myself I'm gonna make the time, but I don't always do it. When I do it, I'm always happy, and that was especially true this week. In this installment, Bart takes us through his solution to the challenge from PBS 151, which was simply to print a pretty multiplication table using the print F command. We had already written the code earlier in the series on how to do the multiplication, but this was to make it look pretty. So being Bart, he didn't just make the columns line up nicely, like my solution, he took it up a notch and he added ASCII characters that build a nice border and corners around his table. The reason I said it was good, I pre-read the show notes, is that while nearly everything he explains in this lesson was a reuse of things he's taught us before, the commands in Bash are so dense, like a single character means a whole lot of stuff. So you cram a bunch of single characters together to make it incomprehensible is the way I look at it. Anyway, it made it really hard to read and hard to comprehend, and we had also taken four weeks between lessons, so it made it even harder for me to remember what he had taught us before. Now because I told Bart ahead of time that I was gonna be stopping him to ask a lot of questions, we decided to skip the one main new topic that he had planned to explain, which is X-Args. This means that the next installment will start with X-Args as programming by Stealth 152B using the same show notes that you'll be following for 152A. Now I'm really glad we did it this way because instead of you having to listen to a confused, and when I'm confused, I get frustrated, the lessons flows much better with me having time to ask the right questions. Of course, you can find Bart's fabulous tutorial show notes at pbs.bartifice.net, and you can follow this in your pot catcher at Programming by Stealth. One of the problems with jumping straight from an internal combustion engine, also known as ICE vehicle, to a Tesla is that Steve and I have no perspective at all on what normal EVs are like to drive or to charge. On a recent trip to Houston to visit our son, Kyle, we decided to rent an EV. Even though a Tesla Model 3 was available, we chose a Chevy Bolt so that we could have that new experience. Now the first thing we had to do was change our mindset from making any comparisons of the Bolt to our Teslas, because the Bolt starts at 27.5K while the Model 3 can run you closer to $70,000. While they're currently for sale, sadly, GM announced recently that they will be discontinuing the Bolt because they're investing in a new EV platform and have decided to build it out at the factory where the Bolt is currently manufactured. Now, while the Bolt isn't the most attractive car around, it reminds me of when Rob Dunwood of the SMR podcast said he'd buy an EV when they stopped looking like mushrooms, the car's still pretty comfortable inside. With only two of us, we had plenty of room for our luggage and we do not pack light. Now, Steve drove it first and he was super annoyed at the mushy brakes. Many electric vehicles offer something called one-pedal driving. With one-pedal driving, you use the accelerator pedal to accelerate, but when you let off the pedal, the car uses regenerative braking to slow the car down. Not only is this a much more relaxing way to drive, regenerative braking actually puts energy back into the battery, giving you more range for the vehicle. It's actually probably one of my favorite things about driving a Tesla, even above the awesome acceleration. I don't think Steve would put them in that order, but I really do. I love one-pedal driving. Now, I started wondering whether the Bolt might have regenerative braking so Steve wouldn't have to deal with the mushy brakes. I took the drastic measure of looking at the user manual in the glove compartment and that identified a button on the center console that showed a foot pushing a pedal. Get it? One-pedal driving. As soon as we pushed that button to enable one-pedal driving, Steve was much happier driving the Chevy Bolt. He said it was a substantial improvement in his driving pleasure. Now, acceleration on the Tesla is just plain nutty. My car is zero to 60 in 3.1 seconds. I mean, that's crazy pants fast. So anyway, as much as we tried not to set our expectations for the inexpensive Bolt, it was difficult not to make a comparison. Well, the Bolt felt more like an ICE car in terms of its power of acceleration. The reaction of the car to pressing the accelerator was instantaneous, which is one of the joys of driving an EV. I mentioned that the one-pedal driving button was on the center console. That's also where the Bolt has buttons for drive, reverse, and park. Tesla has used what's called the stock, which is this post coming out on the right side of the steering wheel. It takes some getting used to, but now using the stock is ingrained in our muscle memory. The result of this muscle memory is that when driving other rental cars, we constantly flip on the windshield wipers when we wanna change gears. Now, because the Bolt interface was so weird having these buttons, I found it easier to keep remembering not to use muscle memory, but to reach down and hit those buttons when I wanted to go into reverse or back into drive. Now, when we were done with a drive in the Bolt, we actually had to create a little checklist of things to remember to do. This is because when you arrive at your destination in a Tesla, you can simply open the door and walk away. I mean, I pull up to Starbucks, I open the door and I walk away. That's it. Opening the door automatically puts the car in park and walking away with your phone automatically locks the car. Finally, there's simply no concept of turning on or off a Tesla. It just is. Now, in the Bolt, we had to remember to push the Park button first. Then we had to remember to turn off the car. Then we had to remember to lock the Bolt. Luckily, the Bolt would yell at us if we forgot any of those things. Speaking of yelling at us, when we first got into the Bolt at the rental car agency at the airport, it hollered at us that the charge report was open. Steve got out of the car and he pushed on it to make sure it was closed. But the car yelled at us again. He pushed harder and that time the port stayed closed. Now, it's foreign to us to have to manually close the charge report because the Tesla port cover automatically opens and closes for charging sessions. I've said many times that I don't quite get why people are so enamored with car play. The Chevy Bolt has a beautiful 10.2 inch diagonal screen for car play. The experience of car play for us was much better from that perspective versus the tiny screens on other cars that we've rented. It also has wireless car play. However, the interface is still confusing to us and difficult to use. It seemed to have a lot of trouble finding locations on maps, which is pretty much table stakes. We finally resorted to using the search and Apple Maps on Steve's phone first and then car play would display our route. I don't know why the car couldn't find things. It didn't make any sense. I also had trouble figuring out how to see the split screen of maps and a podcast at the same time. I finally phoned a friend and I asked Steven Gatz how to get to it. Turns out in the bottom left corner of the screen there's an icon and you have to poke it repeatedly to cycle through various layouts. I never would have thought to poke it more than once but with Steven's help, I found out that's how you do it. Bart complains bitterly about Tesla's maps in Ireland. I do not doubt that his experiences are legitimate but we had the opposite problem using car play with Apple Maps. At one point it told us to turn into a neighborhood that was near Kyle's house but it was actually a mile too early. We obeyed though because we didn't really know how to get there. We've only been there once before and as soon as we made the turn it got super cranky and it routed us back out of the neighborhood I think like seven turns got us back onto the main drag we've been on before and then into the correct neighborhood. I think all mapping programs have problems from time to time. I mentioned that Tesla's been known to move things around on the screen with updates. Most notably they can't seem to decide the correct location for the garage door opener button so they keep moving it. But one thing they did get right they moved the speed limit from the far right of the screen to top center much closer to the driver's line of vision. I think it's actually like, I'd call it like a third of the way over from the left hand side. It's much, much improved. But in car play the speed limit sign is way over on the far right corner. I suppose if you did the split screen and had the podcast up to the right that would move it over but I think it should be on the left. Why would you put the speed limit way over there? It doesn't make any sense to me. They really need to change that. Now one of my favorite things about the Bolt is the display in front of the steering column. I really wish we had that on the Teslas. The display on the Bolt is super clear and sharp. It's just really crisp. It displays the current range available for driving and it also shows you the possible variation of that range. So it kind of gives you like a high low. In the screenshot I showed we had 215 miles left of range but that could be as high as 254 or as low as 176 depending on what you were doing. And you know as Steve and I talked about last week EV range could be highly dependent on a lot of factors so it's really good to have the visibility to the variability of that range. Speaking of range the Bolt showed the average range to be 255 miles at full charge. That's a lot for a $28,000 car. That's really good. Now the Bolt also shows you your instantaneous kilowatts of power usage and it goes from green to orange to red depending on how aggressive you're driving. With one pedal driving on you also see a little green spinner over a picture of a foot on a pedal to show you when regenerative braking is putting energy back into the battery. It's very satisfying to get this positive feedback in a very non distracting way. Now that I've talked about all the happy happy joy joy that is the Chevy Bolt itself let's talk about what it's like charging with today's American charging networks. We have two competing standards and I'm putting those in quotes for fast charging. We have CCS which is the combined charging standard and that's used by most vehicles other than Teslas. Teslas recently rebranded their proprietary network of chargers. They now call it the North American charging standard or NACS. CCS chargers are huge. They're heavy and their cables are really thick and unwieldy. We'd heard a lot of problems stories about problems of charging with CCS in the US and that's one of the things we hope to understand more intimately by driving the Bolt ourselves. Before we get into our experience of charging with CCS let me explain first what it's like to charge a Tesla so you can see how different our experience is. You drive up to a Tesla supercharger station you back into a stall you pull the charger cable out and you press a button on the handle. This opens the charger port on the car. You plug it in. You get in the car and then you watch Netflix. Now when you buy a Tesla you buy it online so you create an account and you add a credit card. The supercharger will bill you on that card that you have in their website for any energy you use charging your car at a supercharger. The only time we've needed to open the Tesla app was at one station, the Kettleman station where you had to find a double secret code that would allow you access to the rest area where they'd make you a latte and you could sit in cushy chairs, watch TV and enjoy free wifi. We've only found one supercharger like that so far but it was glorious. The Tesla supercharger stations we visited have a lot of stalls. I've seen some with as few as 20 and some we visited have had more like 40 or 50 so we're used to a lot of stalls. Our experience with charging a normal EV using CCS wasn't quite that simple or easy. In Apple Maps on the Bolt we searched for chargers and found that there were four Electrify America stalls at a mall a few miles from Kyle's house. We drove our car over and all four stalls were occupied. I did another search and Apple Maps said that there were 11 EV Go charger stalls on the opposite side of the same mall but Apple Maps said all of them were out of service. Well, we thought, hey, it's a two minute drive so let's just go take a look anyway. We're not quite sure where they got the idea there were 11 stalls because we only found three. They also weren't all out of service and so that was interesting too. Stephen already installed the EV Go app on his phone a while ago and he had added his credit card to the app so we figured this would be easy peasy. The stall we were parked in had a small white box that said EV Go on it and it said tap card here or download the app. Well, we'd already downloaded the app. So we opened the app and it had a map so we searched for our location. It showed an icon indicating our location and below that it had what it looked like three user names. It's a Gerald Colby and somebody with a handle that was C12189. Now a lot of these apps for charging have crowdsource information about which plugs are working and how clean the facility is and that sort of thing. The only button on the screen that we could press said get directions. If we press that it would just show us a map with us sitting at one of the EV Go charging stations. We had no idea how to make the charging go. There was no way that we could see to communicate between our phone and the EV Go system that we were sitting in front of. After 10 minutes or so of quitting and restarting the app and poking the get directions button while standing in 100 degree Fahrenheit weather in Houston. I'm not joking, with the heat index it was 110. Anyway, I'm standing out there boiling to death. I finally gave in and I called the customer support number on the EV Go box. After five minutes and 44 more seconds of standing in 100 degree Fahrenheit sun, the woman from EV Go explained to me that Colby and Gerald and C12189 were not users. They were the names of the individual charging stations. We looked over at the three stations. Two had little black labels with the names Gerald and Colby under them and the plug we were in front of had a sticker on the front that was basically like what you'd make with your label maker that said C12189. Isn't that the silliest thing you've ever heard of? Anyway, the nice support woman told me to look for example, under Gerald's name on the app and I should see three connector types. There was Tesla, CCS and the phased out Chathamow standard. Evidently we were supposed to tap on the one we needed under the name of the charger we were sitting in front of. Well, our little box with a homemade label for C12189 only had the slow charging connector which is yet another standard, if you will. That's called J1772. That's a slow charging connector but we wanted to try doing something faster but I guess they only use their label maker on the slow charging station. Anyway, there was a car parked in front of Gerald so we moved over to Colby and it was out of service. The good news was that it was nearly impossible to read the screen in the sun that was telling us it was out of service. Now, I don't know which charger the other car was using on Gerald but it turned out the CCS charger cable was free. It wasn't being occupied on Gerald so we pulled our car right tight up against their car and then dragged the charging cable from Gerald over to our car not across their hood or anything, it went around. Anyway, we were able to get close enough to plug the CCS charger from Gerald into our car. Now, we only stayed on the charger for 10 minutes or so since we didn't actually need to charge. This was all for science. Now, I wish I could say that our charging difficulties were unusual but I've read a lot about how this is a fairly typical charging experience for non-Tesla charging but there's good news on this subject for everybody. The recent Infrastructure Investment and Jobs Act provides for increasing the US electric vehicle charging infrastructure but in order to get a piece of that money Tesla had to agree to open up their supercharger network to other manufacturers. The surprising news is that just the last couple of weeks Ford, General Motors and Rivian have all announced that they are switching from CCS over to NACS chargers the good ones from Tesla. Not only that, a half dozen or so charging companies as of the time of this writing, including EVGo have announced that they'll start supporting the NACS standard. I don't know if drivers of these cars will have a better experience with the same charging companies but here's hoping if they can at least be on a better connector. After our disappointing experience at EVGo we went to a brewery with Kyle and we noticed a sign in the parking lot that said there was EV charging available. We located the charging station and although it was only a level two slower charger we were willing to give it a try. The company providing the service is called Gravity spelled with an I and it was much easier to figure out how to use it. Download yet another app, scan the QR code plug the charger in and tell the app to start charging. The QR code didn't actually work but we were able to beat the app in a submission without much effort. We also didn't have to talk to Gerald or Colby. After visiting with Kyle and his family for a few days we drove over to bother David Roth and his wife for a day. David has an Audi e-tron which is a gorgeous and luxurious electric vehicle. As soon as we drove up he said told Steve park in the driveway and he connected his level two J1772 charger to the bolt and after a few hours it was full of electrons. The bottom line is that the Chevy Bolt is a really good car for the $28,000 starting price. With a 250 mile range and wireless carplay with a giant beautiful display that's astonishing considering the price of this vehicle and it's got one pedal driving. It's really a shame Chevy's gonna stop making them but they're still available for now. Charging outside of the Tesla supercharger network was challenging. I know Texas is an exactly progressive when it comes to going against the oil companies with electric vehicles but it turns out huge installations of Tesla superchargers have been going into buckeys in the state. Now if you've never heard of buckeys it's the largest refueling stations in the country. They have massive numbers of gas pumps but they've started adding superchargers from Tesla like crazy. With the shift in the industry from CCS to NACS charging we may finally see the advances in charging in the United States that we hope for. Hello fellow castaways, this is Tom from New Hampshire and this here on TV, previously on. Allison mentioned about Mastodon and how she enjoys people there and how she likes the interactions. I enjoy it myself. I think I enjoy it a lot more than I ever did Facebook or Twitter and I've gone through about half a dozen different apps on my iPhone and I found the one I'm gonna keep. The name, Mona. Took a little while to come out but they got it right and they're adding more stuff all the time. You can download it for your iPhone, your Mac or your iPad. You can for free what I call stock people like what your mother might do on Facebook to you or the grandchildren. Never say a word. My mother's been on Facebook for years and she never posted anything. She just stalks the kids in pictures and stuff. If you have one device like I do an iPhone you can pay for Pro which is I believe $9.99. It's one time. It's not once a month. It's a one time purchase. You have one phone and you have one message on account. You can do that. That gets you making able to read, make posts, boost, make lists. You can take certain people that you wanna follow and pin them to your sidebar. That comes in handy. I work all day long. If I come home and I know Allison has posted a great article that we're gonna come back and read. I can go to the bottom of my screen and I can find the tab for pod feet. I can have her into that and go on and go back a few bits instead of trying to go back eight hours in my timeline to find things she did. You can also set up a serious shortcut for people if you wanna say, for instance, Allison Sheridan and that would open up her page and I could send a message for her directly. You can send audio and video messages. You can attach audio and video. In fact, in the share sheet you will get a direct message and a direct link to your page. It will open up your compose with your name filled in and all you have to do is type what you wanna do and hit post. If it's an article, you can do it that way. If it's an audio, you can just share it. It's great. It's perfect. I like it a lot. Now, for the Pro Max, you can get for, and I don't remember how much it was. I wanna say it was $14, it might have been $15. You could have more than one instance. So let's say you have one for yourself and one for an organization. You're with or work. You could have it on multiple devices, so more than one phone. So you're gonna want your phone, your Mac, and your iPad. So if you wanna check on multiple places and they announced today, this being the 8th of June, that they will be coming out with customized sounds. You can change the sounds for different things soon and be an update rolling out slowly. I like that. It's fantastic. Customize your tab at the bottom. So it starts out with 14 tabs. I've added a bunch and you can rearrange these tabs any way you want. So I have people from Twitter I follow, followed by blindness ones. Before the Twitter ones, I have Allison and I have Bart. So Bart likes to post really cool pictures. That way I can save them to my TV. In the Actions, you can select and copy text. Very easy, so if someone does a picture and then they do alt text for the picture, you can press on the picture and you can easily get the text from the picture, copy it, save the picture, and then paste the text into the caption field of the picture. If you don't want all the actions, you can hide all the action or anything that you don't wanna see, you can hide. You can take things off the bar. So if you don't ever wanna see messages, you can take messages off your bar. If you don't wanna see what's trending, you can take that off if you don't wanna see communities. So I'm in Twitter social, so I can tap into that. And now recently they added, you can now also see the main mastodon got social. That's huge. Don't know if I'd ever be going in there, but it's nice to know it's there if I wanna see it. Flicking up and down, you can get your major actions. You can get notifications for anybody. It's thing is amazing. I would highly encourage everybody who wants to check out the really cool app, Mona for mastodon, check it out. You won't be disappointed. It's not a waste of money. Go ahead and get it. So remember, folks, help support this great podcast, send us some money on Patreon or PayPal. And remember, stay subscribed. Well, thanks so much for that, Tom. That was a great review. And thanks for reminding everybody to stay subscribed. I love that. Now I've got a few more thoughts about Mona. I bought both Ivory and Mona because I wanted to support both teams. Over time, I've been using Mona more, but I can't exactly explain why. I think it's because the boost and reply buttons confuse me on Ivory, but I'm not really sure. So Mona seems to think more the way I think. Now, Tom mentioned the pricing and I wanna make sure this is clear. It's $10 for a single device. If you buy the Pro Max version, it's $16 one time. In addition to giving you the app on all three platforms, the Pro Max version also supports family sharing. So if you have fellow mastodonians in your family, you can spread the joy around for only $16 total. Now, after our hearing Tom's review, I realized I'm not exercising Mona to its full potential. I didn't know you could pin people to the tab bar. I didn't know you can edit the tab bar either. Turns out you can remove and rearrange all of the little icons. One of the reasons I don't know everything about Mona is because it's so customizable. For example, Tom referred to the tabs across the bottom, but mine are down the left sidebar. I didn't know they could be on the bottom. By default, Mona slides a new column to the right when you select a conversation or a specific person's profile. I know a lot of people love that multi-column view, but I'm not actually super fond of it. So I'd kinda stopped using Mona because of it. The main thing I didn't like about it was that when you move out of that conversation, it leaves a blank white column to the right that you have to manually drag shut. I mentioned my dislike of that unmasked on and I was quickly informed that you can turn off the multi-column view in settings. I changed the behavior to remove the columns and now I love Mona. Now Tom didn't explicitly mention it, but he's a voiceover user. Mona is beloved by the blind community because it was designed from the ground up with accessibility in mind. It's actually from the accessibility community that I even heard about Mona in the beginning, but as a sightling, I can also give it two thumbs up. Couple of times I've had questions about the Mona interface and the Mona mastodon handle responded to my questions. This week's hero is the glorious Janet Chesney. She sent in a very generous donation by going to potty.com slash PayPal and picking an amount that showed her appreciation for the work we do here. She also wrote in the comments, question, what is this for? Answer my favorite podcast. How sweet is that? Well, do you remember at the end of a couple of weeks ago show I said that I knew someone out there had been waiting for an answer to a question for a really long time? Well, it turns out it was Janet. And when I finally answered her, my answer was, I don't know. And she donated anyway. Well, maybe the rest of you could help me answer her question. She said she's been using iCloud Keychain and OnePassword at the same time and she wondered if there was any reason not to do that. She said the OnePassword folks had told her it was a bad idea, but they didn't really explain why. The only answer I could come up with was that it could get dicey if you change a password on a site or service and updated OnePassword, but didn't update it in Keychain. But then again, I don't know, maybe Keychain figures it out. I don't know. I don't know what Keychain would do with that. In any case, I wasn't much help to Janet. So if you have any thoughts on that, I'd sure like to get her a better answer. If you'd like to be cool like Janet, send in your questions and then when I give you a half baked answer with no information, head on over to potfi.com slash PayPal and send in a donation. Well, it's that time of the week again. It is time for security bits with Bart Bouchotte's and you would think that this is, what is it, the silly season? Everything's gone to sleep. There's no pain, no agony this week. Yeah, it's all gone very, very quiet. It's not free of pain and agony, but it's quiet, it's quiet. Pain and agony, light? Yeah, yeah, light, yeah. And actually we get the third off just a little bit of sort of detail, some follow up from last time because we were talking last time. We recorded shortly after WWDC last time and so we were full of all the highs of all Apple's cool new stuff. And one of the features we talked about was password sharing in the Keychain, which is a big deal, especially since Windows users get to play along now thanks to the iCloud Keychain support in Edge. Oh, okay. So basically anyone apart from Android can get to play along now, which is a lot more people covered now. So we wondered how it would work. And now of course Apple have their betas out there. So people like Apple Insider and Mac Observer have been playing. So we don't have to worry or wonder anymore. There are links in the show notes to how it works on iOS with screenshots and how it works on Mac OS with screenshots. But the bottom line is that to play along everyone needs to have an iCloud account with their iCloud Keychain enabled, shock horror. Let me slow you down. You did say it, but I wanna make sure people know which one we're talking about. We're talking about the ability to share passwords. So let's say Bart and I both need to share a password to podfee.com or I've got it on podfee.com and I wanna share it with him. I could do it through iCloud Keychain. Yes, or you will be able to. Okay, so we'll both, we'll be able to. So we both have to have an iCloud account and we both have to have iCloud Keychain enabled. Makes sense. And we have to have updated to the latest OSes so that we actually have the buttons to push, which obviously none of us have done yet because we don't run betas on our production devices because we're clever people. But in the future, we will. And then the way it will work is that the person who wants to share, who wants to initiate the process will make a group inside the password, inside the Keychain app in iOS or the Mac or in Safari in the Mac, I think. And you add, you invite people to the group via basically you get a link that you can message them or email them. And then you move the passwords into the group. So to me, that sounds awfully like one password vault. So you're effectively up with a shared vault. Right, and I'm glad they did that because I had this vision that it would be all one offs. So let's say you've got a couple who are sharing a bank's bank accounts and you've got three bank accounts knowing, did I remember to do this one? Did I remember to do that one? Having it all in a group, I think that's a better way to go. And if you've got a team of people, you could say this team requires this kind of access. Yeah, and I think last time, I think I may have said it was password by password because I was confused with the sharing of air tags which is tag by tag, but you don't have 200 tags. I had forgotten completely about the sharing of tags until I heard somebody mentioned it, I think on ATP, the accidental tech podcast that we're gonna be able to do that and that's gonna be delightful. It is. That is gonna be such a nice feature. For a start, for us, the one in the Apple TV remote is not mine anymore than the TV you'll be both of ours. Well, actually, your Apple TV remote will already know where it is. You don't need to have an air tag on it now. Well, yes, but that was so long and coming, I bought a really cool neoprene sleeve that A makes it grippy so you don't drop the remote and B hides an air tag, which is really, really clever. Right, but you get a free air tag this way. When you upgrade to iOS 17 and Mac OS Sonoma, you get a free air tag because you get to retrieve that one. I engraved mine with TV. Oh, for God's sake, you couldn't possibly put on a bicycle if it says TV on it, Bart. Fair point, fair point. You're right. You should waste $25 to buy another one because of that. Yeah, I wouldn't put it past me. Anyway, yes, so anyway, yeah, so there we have it. We have some more detail on that. Did they say anything about revoking access? Would the owner of the group be able to revoke access? I guess would you have to describe it? To be honest, I didn't really look for that, so I don't know. Links are in show notes. I don't know. Is the honest answer? Yeah. Moving on to action alerts. This is the bit to pay attention to everyone. So Apple have basically updated everything because we learned in the, I think we just talked about in the previous time we recorded that Kaspersky had discovered exports in the wild against iOS through the Messages app, which were being used by very high end grayware companies, your NSO group type of people. And obviously once the word gets out, you imagine others will start finding it, it becomes an issue quickly. So it's probably not a surprise that what Apple patched in their update to everything is in fact those books Kaspersky found. So we have our fixes. And good for everybody. Update a go-go as Mac OS Ken would say. Indeed, or patchy-patchy-patch patches, we would say, which yes, all of it. And while you're at it, if you're in Microsoft land, it has been patched Tuesday for the first time in quite some time, no zero days. But that doesn't mean don't patch because there are still four critical bugs, which before we had so many zero days, critical was our biggest level of warning. So there's still four of those. Not stab wounds, not access to the head. Yeah, exactly. The bad guys haven't got there first. But of course, once Microsoft released the patches, you reverse engineer the patch. That's what happens as soon as Microsoft released patches or anyone, the malefactors I believe is what we say instead of bad guys these days, they compare the code without the patch to the code with the patch to figure out which DLL has changed and where in the DLL. And then they basically can very often figure out what it is that was fixed and how to abuse it. So that is why if it's patched before it's a zero day, you're pretty safe, even though there's hypothetically vulnerability. But ironically, the moment a patch is released, not patching becomes infinitely more dangerous because the evil people will reverse engineer the patch and it will give them a head start on attacking the vulnerability. So once the patch is out, the race is on, patchy, patchy, patch, patch. I know you said that before, but I think that's a really good thing to keep saying forever. Yes. And they're getting better at it too, right? That's the other thing is the techniques for reverse engineering are not getting dumber, right? This kind of thing you sort of throw AI at as well. Yeah. Well, I shouldn't say forever, Bart, just until people stop making mistakes when they write code. That's all the longer you have to do it. Right, and if you think AI gets the side of it, remember that the AI just learns from our past mistakes. So the AI is just a more efficient way of making our mistakes again. Yeah, yeah. I think the most illustrative example was at Amazon who tried to use AI to fix their hiring so all the human bias would be gone and they trained it on their training data from their previous HR. From their hiring? Yeah, and what they did was train an amazing racist. And sexist, I think the biggest issue was that, yeah, basically gender. The AI immediately zoned in on the fact that gender was a determining factor and just baked it in. There we go, problem solved. Now baked in all of your past biases forevermore anyway. I was just reading an article about how a huge number of people have been hired in countries that have low income to identify things for the training data. So saying for self-driving cars, for example, this is a bicycle, this is a car, this is a curb, this is a person in a wheelchair, identifying things like that and for AR and VR and all the different things that we're training stuff for. And the original thought was, okay, when that's done, we won't need those jobs anymore. It's actually the other way around because it's the edge cases that all matter is finding all of the edge cases. Like they gave the example, the woman that was, a woman was killed by a self-driving car because she was not on a bicycle, she was not a bicycle, she was walking a bicycle. And that had not yet been identified. And so they believe that that job will probably, most likely never go away. Now it's paying like $10 for eight hours of work and it's boring as you can possibly imagine. You're tagging images basically. That is what it is, it's tagging of images. But it's employing a vast number of people while we're worried about losing jobs. There's this vast industry growing of people to do this incredibly boring work. That's a real, I'm wondering that this is, wow, well you just blow my brain a bit here because the conversation keeps on going like, yeah, but you don't need very many AI engineers. But that's looking at the elite jobs in AI, not the vast, vast majority of other jobs created by AI. Because you know, how many people can work for open AI is always the question, you know, when you try to have the argument that, well, this will make new jobs. Yeah, but how many people can work for open AI? But that's not thinking about it the right way. There's all of the more mundane jobs created by AI as well. I will probably end up with AI being used to find the edge cases that AI knows it needs help with. But it's still gonna need help. Right, right. I'm gonna, I'll pop that under interesting insights. Yeah, please. Since we just talked about it. Please do. Okay, so, oh yes, well, we're warning people. Oopsie, we probably shouldn't get distracted in the warnings bit. That's probably a bad idea. Anyway, still in warning land folks, if you have an ASUS router, ASUS have released an advisory telling you to patch your router ASAP or block any service that is facing the world. So if you have some sort of world-facing service on your ASUS router, block it now, or way, way, way better yet, patchy, patchy, patch patch. That's always better. Better to patch than to work around. I'm glad there's a patch. Yeah, and also it's good that they're the ones telling us, right? Not, this isn't like security bits or someone saying, or, you know, or naked security or someone saying, and there's no fix and everyone's doomed. This is ASUS saying, we have fixed this, and now update yourself. That's a better message. Now, worthy warnings is our section where a lot of icky stuff goes. I am sorry to say Stephen Getz and all fellow Canadians, you guys need to be on the lookout. UPS, their Canadian website was a bit icky in terms of information, and you could use their portal that's supposed to be for tracking a package. You know the way if you know the package number, you can see some information about where it is and tell them you won't be in and that kind of stuff. Well, that was unfortunately leaking out the phone numbers associated with the orders, which meant that you could do extremely convincing phishing attacks because you would have an actual tracking number for an actual package. The victim was actually waiting on with the actual phone number of the person, right? Just think of how convincing you can be if as an attacker you have that kind of information. So if someone sends you an SMS message in Canada looking for you to pay some sort of a fee or something, be really, really careful that you are not going to a website that's like bloody, bloody, you know, I'd say ups.someotherwebsite.com or any of these tricks they use are some of the website forward slash ups.com. You know, these kind of tricks where you're not really on UPS's actual website. Because this is a thing. Would it be a true statement that the highest value of this hack would be while those packages that were in transit at the time of the hack are still in transit? That would be true. Let's say a week from now, it'd be less valuable of a hack. I mean, it's not your phone number. But it's not your phone number. So they'll have to change the hacking a bit. But knowing what you've ordered definitely makes you as an attacker seem more plausible. So you may have to change your story instead of saying it's a better package you're expecting. It could be, you know, saying that we've discovered an issue or a safety issue with the package we delivered. And I don't know about you, but I'm not looking at the numbers and knowing which one they are, like ever. And I know there's apps to do this and I never get around to loading them or I load them and then I forget to look at them and I'm always sitting there going, oh, look, UPS says blah, blah, blah, blah, blah. It's coming. Wonder what that is. Guess I'll wait and sit around and find out because, you know, it's coming from Amazon. We know that, but I don't know what it is. That's true. I see I very often get notifications going, well, is it ever a package tomorrow? I said, will you? Oh, okay. Well, I'm waiting for one from the States now. Well, I'm waiting for one from the States now. Steves packages. Oh, yeah. Yeah, you are probably eight days away at this point. Eight days. That's actually good timing. I get messages for Steves too. And so we both go and grab it and fight over who's it is. Well, actually the Amazon app is great because it gives you a push notification telling you what it is with the picture. So that takes a lot of the guesswork out of it. Yeah, but I have to go open the app and I get notifications and email, let's say USPS is coming with a package. There's something coming today. I have no idea what it is. Oh, yeah, I definitely get those too. Why not be for me? Yes, what Bart's referring to is the company is MIFA, I think M-I-F-A. Is that the company that made the watch bands that you recommended? Yeah. Yeah, so they came out with an orange NASA logo watch band. Yes. And so Bart said that is the gift he would like for the work he did last summer taking over. Or was it when I was in... It was autumn or winter. No, it was Antarctic. It was more recent than that. I'm bad. I'm only half a year behind. I'm not a full year behind. I just, for people to know, I do buy a little present for Bart and Alistair each time. Alistair's pretty good at finding some way that I don't have to ship something, but this was too cool for Bart not to pick. And by the way, I bought one for Steve too because orange is his favorite color and NASA. How could it not be, right? Exactly. It's the tactical band with a NASA logo. I was like, yes, yes, yes, yes, yes. And these aren't available in Ireland, which is why it was just perfect timing because they were, I think, yeah, the micro observer, you know, saying, ooh, new cool bands. And I was like, yeah, I want. And they clicked the buy button and it said, we do not ship outside the United States. I was like, no. I want to say it was Mac rumors. It was one of the other ones. Might have been. Yeah, it was definitely one of the Mac sites. Yeah. It might have been Mac rumors. One of the ones that post, oh, Cultabac. Cultabac. Okay. Yeah, they have their own store and stuff and they had like offers and stuff. And they're often really cool stuff, but I couldn't buy. I was very sad. Anyway. I sure hope it's the right size when it gets there. Yeah, you can tell it's a light security bits when we're just faffing about talking about watch bands. But indeed. Now you actually might like this next story because you've read, you actually read the entire NIST standard. So the World Wide Web Consortium, the W3C, have brought a new standard to a major milestone in getting it adopted. Officially, it is, what is it? It's officially a candidate recommendation is what it has officially become. But that is actually a long way in the process of being formalized. So this is something called secure payments confirmation. And this is going to be implemented in browser by the browser manufacturers so that it can't be spoofed by a website. So basically the website will tell the browser, I need you, the browser, to security challenge the user before making this credit card payment. And then it will use technology that's under the FIDO Alliance, which is basically the same technology that powers pass keys, the same APIs that power pass keys for you to say, yes, I want to buy this. And so you'll then have a cryptographic. So this is instead of an SMS or something? Yes. So instead of having to do an SMS or something to confirm a credit card payment, you will do it cryptographically with the browser providing the UI, not the website. So they can't be phished and stuff because it's the browser UI. So build it into the browser. And based on the open standards from the FIDO Alliance. So there's lots of things to love here. W3C standard, FIDO Alliance, Good Strong Crypto. And the end result should be that one of the very common avenues of credit card fraud will be nipped in the bud. Now that doesn't stop credit card over the phone and stuff. But again, the more avenues of fraud you cut down, the better. So this, I really like seeing this as a standard. I'm trying to think about, I don't seem to get challenged with when I try to pay with a credit card on a website. I just put it in the old website. Yeah, you're not in Europe. An SMS or anything. Yeah. In Europe, we have a new law that requires strong authentication. So banks have been forced to implement strong authentication. So for us at the moment, it involves a lot of fapping about with bank specific apps. Because there is no standard. So that's using a bank. But that's a bank. This is using a credit card on a website. Correct. So our credit cards are issued to us by a bank or by a financial institution. The financial institution that issues the card is under legal obligations in Europe to verify every transaction. Which means we have to do a two factor off as part of every time we use our credit card on the web. But because there is no standard built into the browser that involves us having to use bank specific apps or credit card issuer specific apps on our smartphones. To authenticate for going to a website. Oh, yes. So this is why for us, this is going to mean it's just going to happen as easily as a pass key instead of at the moment. Basically on the website, that like by the credit card it says, you know, we are redirecting you to your bank and the website redirects. And then there's a whole big thing that says, now open your phone and then type in this two digit number on your phone. And then your phone says, okay, I got that. Now go back to the website. It feels like doing two FA. Yes. Yeah. So this will be nice. And it also means that chances are you guys will like with chip and pin and stuff. You guys will sneak over the horrible phase. We'll have gone through all the pain. Just skip over. Yeah. You guys will go straight to the good standard. So yay. Thank you. Yes. Speaking of the future, we have pass keys being tested by Apple for signing into Apple products. So the Apple, the iTunes store, the Apple store, the developer website, iCloud.com, those kind of Apple properties in iOS 17 and Mac OS Sonoma. If you're on those betas, you can use pass keys to authenticate those Apple sites. Less I heard it was rolling out. So you may not see it yet, but you will eventually see it. That isn't hurt. That is, that sounds about right. Actually, yes. Because I did say starting to test, I believe is the phraseology I saw. So that certainly sounds like they're being careful, careful. I wonder how that's going to work if you're like, let's say you've got a beta phone. I have my beta phones sitting right here. Let's say you've got a beta phone and you turn on the pass key support and you go in and you do that. Does that mess you up when you try to go to the same site from a non beta website? It's no, no, no, because what you have is multiple methods of authentication associated with the one account. So if you can't have the easy method, then they make you jump through the old multi-factor authentication loops. Okay, good. So I think that's actually one of the biggest it's one of the biggest takeaways from the whole pass keys thing that I think people need to get into the habit of thinking. So we're used to thinking there's a one-to-one mapping between a website and authentication, right? I authenticate to this website in this way. But the new normal is that you have many factors of authentication and you will use whatever one is available to you at the time. And so you may have one pass key that is Steve's and one pass key that's yours and you may have a hardware token and you could have 20 different ways of authenticating to the one account. And that is the future, is a many-to-one relationship. And that also means that pass keys is not the scary thing because you can fall back to the old ways. And what I imagine is going to happen is that the password is going to go away and the fallback will be we email you a one-time code. Okay, okay. Interesting. Yeah, that's what I think we're headed to. Anyway, yeah, so that's a more pass key development. And then you just popped into the show notes one we missed two weeks ago when we were all the high on Apple's shiny newness. So another company that is getting closer to a pass key delivery is one password who have now put pass key support into beta, which is pretty, which is actually perfect timing. If you're someone who uses Google services and you do so cross-platform, well, if you're now using the one password beta, you can now have your pass key go with you between iOS and your Android device and your Windows device, it'll just go everywhere. That's the promise of one password's pass key support is that you get to jump outside of the ecosystems. I'm a big fan of, for myself, of testing things and living on the edge. I always get a little queasy when I think about one password and the word beta together. Like, if there's one thing I don't want to get screwed up, it's going to be my password. So I'm looking at that and I'm jonesing for it, but I just don't know about it. I don't run it either. I don't run it either. I've still, I mentioned weeks ago when Google came out with pass keys for authenticating to Google services that I set it up and then it said, yeah, you sort of did, but you're not on iCloud Keychain, so it's not working. It's gotten weirder. It sort of fixed itself. So when I go to sign in to a Google service, it, no cellicast at gmail.com is my Google authenticating email, but I used to use alicenappodfeed.com as well because my email and everything was routed through Google. When I moved it over to iCloud, that simply has no meaning anymore. And every time I try to authenticate with the pass key, it goes, okay, you want it for alicenappodfeed.com. And I say, no, use another account. Go to my docellicast at gmail.com. It says, okay, you've already got a pass key for this. I say, okay, great, use it. It says, okay, for alicenappodfeed.com. And I'm stuck in this infinite loop I can't get out of. But I think sometimes it does authenticate me. It's very weird. It is, it has not been smooth. Let me put it that way. That's interesting. Somewhere there's a wire cross somewhere. I wonder if deleting all the pass keys and starting over is... Yeah, where is the pass key? So if you're using Apple's key chain, then the pass key is in the key chain. And then, so the private key is the pass key itself. Am I though? Do we know that that's what I'm using? Unless you've installed something else, what else could be doing it? Yeah, I don't know. This is still in the magical method. If you're on iOS and you're using this. I need to do it now. Oh, but it's got a key chain symbol. Yeah, that's what's in your key chain. It just worked. That time it worked. I don't know. It's weird. But I don't want that experience with one password. No, if it's if they're still figuring it out. I think I'll sit on the bench just a wee bit longer on this one. There are people who enjoy these kind of things and let them do their thing. And I'll sit over here and wait for it to be fully cooked. I like like a pie. I want it fully baked. Okay, so that then brings us on to interesting insights. And again, goodness me, I feel like we're on a branding exercise here. So a podcast that one of our Nacilla Castaways put me on two years ago. I wish I was better remembering who to give credit to. But it was definitely one of our Nacilla Castaways. I think it might have been Geeko Supremo. But it was definitely in Slack. I think I'm almost certain it was Caleb who put me on to this podcast years ago called The Change Log. It's very nerdy, very geeky. And I'd say I have a playlist called Dip In and Dip Out. And they're in the Dip In and Dip Out because the pelly on the topic I do or don't listen because they're like an hour and a half long shows. But they had an interview with one password's lead of passkey support. So heck did I listen to that? And it was good to hear that this, the person herself was just a fun person. She was really good at explaining things. And everything she said was chimed with me, sounded right. She was sort of in line with my vision of the universe and the future. And I just thought, okay, this is good. So it's great to see one password thinking the way they are about these things. And it's a good interview. And she was a great guest. So good. I will definitely add that one. Ah, there you go. It was on June 15th for those interested when you're looking for it. There we go. And palette cleanser then. Why do you have your podcasting app open? Um, I think it must be a year and a half. Might even be two years ago. There was a really good podcast from the BBC World Service. It was a, I think it was an eight part series called the Lazarus Heist. And that series focused on one single spectacular, basically malware attack, where the Lazarus group from basically the government of North Korea stole a billion with a B dollars from the Bank of Malaysia. It is to this day, one of the most amazing cyber crimes ever. Now they were able to recover, I think it's 80% of the billion with a B. I remember that. Yeah. But if there's 10, even if there's 10% missing of a billion dollar heist, that's a lot of money that's still missing, right? But of course, the Lazarus group haven't been quiet since. And so the same hosts, including a Korean American lady who was a journalist in Korea for much of her life. She's one of the main drivers of the show. They have continued their reporting on North Korea and specifically on North Korea's hacking group. So season two is, it's not like season one or it was one thing they focused on. They focused on the arc, basically telling us the story of why, how, how it's been evolving. Basically they zoomed out and gave us the big picture view of the Lazarus group, what they're up to, what's motivating them. Absolutely fascinating. And so many of the stories we've talked about week by week by week, they're all in here. Put them all together. But it puts them together into a cohesive story and there is a story and there is an arc and the series tells it very nicely. So I think it's a 10 part series this time rather than an eight part, but it's really good. It's called the Lazarus Heist season two. And it starts off with the story of, and I know we covered it. It was called jackpotting where they found malware in ATM machines that would make them just spit out infinity money and they had managed to arrange for thousands of mules around the world simultaneously on one day to go to ATMs all over the world and take out money and launder it successfully. And that's the starting point. I was going to say that would be, that would be a lot of money pouring out of one machine to get to 10 billion. But yes, but they had literally hundreds of money mules all arranged through a massive, you know, almost like a drug organization where you would have leaders in each country who would have hired out people and everyone gets a cut. But nonetheless on one night, all of these ATMs all over the world were spitting out money and it was all being collected open forward and back to North Korea. It really quite spectacular. And that's where they start and they don't get any more, you know, they don't get less sophisticated from there. Sounds like a great spy movie. Kind of is. I mean, it is. Yeah, it is, especially for a country that you think of like North Korea, who are not particularly the average North Korean is not technologically advanced, but the state sponsored hacking group are. So maybe that's how they funded a lot of stuff there. Not just maybe one of the primary drivers for the Lazarus group is the nuclear program because North Korea is under massive sanctions. Right, right. And of course, cryptocurrency plays a role because, of course, the North Koreans were very interested in crypto. Untraceable money. Do you think so? Yeah. So anyway, fascinating series and BBC World Service do very high quality podcasts. So they're very well researched, very well put together, very well produced. Definitely highly recommended. The Lazarus group, sorry, the Lazarus heist season two. Cool. That does sound that that actually sounds like something something Steve would like. He loves that kind of mystery stuff where you've got a lot of crazy plots and things going on. If you have a road trip coming up, Alison, it's perfect road trip material. Yeah, I don't think we do. I think we're stationary for a few weeks anyway. Oh, OK. No penguins, no polar bears. No, nothing until MaxDoc and then we're flying. Oh, when is MaxDoc? July, late July, sold out, believe it or not. Excellent. They are having a digital version though. You can do a remote watch and all that. So that is July 22nd, 23rd. Oh, that's actually quite interesting. I think it might be an annual leave. Oh, that would be fun. That would be very OK. Cool. This has nothing to do with anything, but I want to tell you about it anyway. When in the early 1980s, I had an office mate named Barry Jinn. We sat together for maybe two years and he's going to be at MaxDoc. Oh, cool. So I literally have not seen this man in 40 years and he's going to be there. The funniest part is I have a toy that we used to play with in my office when we were talking to each other. I had a slinky, a very small diameter slinky with a thing of silly putty in it. And we used to swing this slinky back and forth. You could do it like towards your face and it was this real weird effect because if you swung it correctly, it would come close to your face and go away and not hit you in the face. And we used to play with that thing all the time. I am going to pack it and bring it to MaxDoc. Oh, cool. Excellent. I wonder if he'll remember. The best part was one day, I came in and he said, Allison, have you tried it with the big slinky? And I said, no. And I grabbed the big slinky, put the silly putty in it and swung it and hit myself right in the face. And he said, yeah, that's what happened to me. Anyway. Oh, sounds like our kind of person. Excellent. Cool. I think so. I think so. All right. Well, that's all I got. That's about as light as they get. It is. And I guess we should say that's a good thing given that it's security bits. So even though it's not the world is ending, if there are still plenty of important updates here, so as always, folks, remember to stay patched so you stay secure. All right. I'm going to have to wind up the show for this week, but make sure you go listen or watch Andrea Gues. I mean, she is so amazing. Did I mention that? I'm so excited. It's the coolest interview ever. Anyway, did you know you can email me to tell me how awesome that interview was by sending it to Allison at Potfe.com? If you have a question or a suggestion or you got a question like Janet that I may or may not be able to answer, send it on over. Hey, you can send me the responses to Janet at Allison at Potfe.com. You can follow me on mastodon at potfe.com at chaos.social. Remember, everything good starts with potfe.com. If you want to join in the conversation, you can join our Slack community and you totally should at potfe.com slash slack where you can talk to me and all of the other lovely no-sella castaways. In fact, that would be another great place to tell me what I should have answered to Janet about using one password and keychain at the same time. All right. You can support the show by going to potfe.com slash Patreon or with a one-time donation like Janet did at potfe.com slash PayPal. And if you want to join in the fun of the live show, head on over to potfe.com slash live on Sunday nights at 5 p.m. Pacific time. Enjoy the friendly and enthusiastic no-sella castaways. Thanks for listening and stay subscribed.