 Hi, this is Allison Sheridan of the NoCillicast Podcast, hosted at podfeed.com, a technology podcast with an ever-so-slight Apple bias. Today is Sunday, November 27, 2022, and this is show number 916. Before I get started, I have to make a correction. Even though I just finished traveling to Iceland and the browser switcher I told you about last week was named after the Icelandic name for the word choose, I neglected to check to see how it was pronounced. Throughout the review I called it Velja with a hard J, but it's actually pronounced as though it's a Y. It's pronounced Velja. I'm embarrassed, but it's at least better to correct it now. In the last installment of Programming by Stealth, Bart taught us all about UML class diagrams for documenting the structure of our code. In this week's installment, Bart teaches us how to use the ASCII diagramming tool Mermaid to make our class diagrams. It might seem funny to be using an ASCII code tool to make pictures, but the advantage of Mermaid over a graphical tool to make these diagrams is that we'll be able to use Git to do version control for them. I think the most important part of this installment was when we learned that we shouldn't ever cuddle the Mermaid. You can find Bart's fabulous tutorial show notes for Chichat across the pond number 752, also known as Programming by Stealth 141 over at PBS.Bartifisher.net. I've been working on smart albums, inside Apple Photos, and I've found out some interesting things. Let's have a problem to be solved. Let's say the next iPhone is coming out and you're trying to decide which model you might need. Perhaps you've always gone top of the line because of the cameras, but this year you're wondering whether that's actually justified. One of the differentiators of high-end iPhones is their optical zoom capabilities, or I should say optical telephoto capabilities. So let's say you have an iPhone 13 Pro and you're considering that upgrade to the 14 or 14 Pro. Well, the 13 Pro has a 3x telephoto, but you're wondering how often you actually really use that. You might think you use it really often, but wouldn't empirical data to make that decision be even better? One way to gather that data on which lenses you really use on your cameras is through smart albums and Apple Photos. The path to do this is much more circuitous than I would have thought, which is why I'm setting up this story. In Apple Photos, if you want to create a smart album, you start by selecting my albums in the left sidebar. Now select File, New Smart Album. Name your smart album something clever. By default, the condition for this new smart album will be Photo is Favorite. In my example, I had 1,417 favorite photos. Now in this example where we want to find out whether we really need the high-end phone, we need to find iPhone 13 Pro photos first, and then we'll narrow it down to find the ones with that telephoto lens. I can change the drop-down of the condition from Photo to Camera Model, change the second drop-down to Is, and then in the third drop-down enter the camera model iPhone 13 Pro. Now if you're spelling it correctly, it should start to auto-fill for you, which helps with getting the spelling and spaces correctly entered. In my photos library, when I did change that filter, I now have a match for 3,825 photos and videos taken with my iPhone 13 Pro. We now want to further filter this down to choose just those taken with the telephoto camera, but we have some work to do before we can figure out how to match the telephoto images only. In order to figure out the filter we're going to have to use, we have to first find a photo taken with the telephoto lens. Scroll through your photos until you find one that you suspect was taken with the telephoto, and then look at the info panel to see if you're right. I found a photo I took off the coast of Iceland that says telephoto camera 77mm f2.8. Now you might know what those numbers mean, but let me elaborate a little bit. The 77mm is the focal length of the lens that took the image, and the f2.8, which is more properly written as a fraction, f slash 2.8, is the aperture which is the opening of the lens. Now in a big girl camera you can change the aperture of the lens even while keeping the focal length fixed, but on iPhones both of these attributes are fixed in the camera. This means we can categorically say that any photo where the camera model is iPhone 13 Pro and focal length is 77mm should be the iPhone 13 Pro photos taken with the 3x optical zoom. Again, I know it's a telephoto, but they always call it a zoom, but it doesn't actually zoom. It's just a telephoto, but just bear with me on that. Alright, if we right-click on that smart album we created that's now in the left sidebar of photos, we can choose Edit Smart Album. To the right of our first condition defining the camera model, there's a plus button to add another condition. The important thing to note as soon as you add a second condition is a drop down above the conditions will show up that now says match and it's set to all of the following conditions. So that kind of means and, right? In our effort, we do want to match photos that were taken with an iPhone 13 Pro and were taken with this telephoto. It's important that you notice that you have this set to all because there could be smart albums where you want to see matches to one or more filters rather than all. The second condition defaults to date added is in the last 30 days. Let's change that first filter drop down from date added to focal length because we know that photos taken with the telephoto will have a focal length of 77mm. Now you are probably expecting me to say, and Bob Jericho, we now have a Smart Album of photos taken with the telephoto lens on an iPhone 13 Pro. Sadly, these conditions we just created match exactly zero images in my library. Alright, so why doesn't this work? We're going to have to get nerdy to explain why it doesn't work. At some point in the history of photography, a convention was born to describe lenses in comparison to a 35mm film camera. This comparison is related to how big this sensor is on the digital camera. Now I am definitely not going to dig into the details of this because it's a complex subject that others have more adeptly explained than I can. But the thing to realize is that when we see the telephoto lens described as 77mm in the info window of Apple Photos, that is not the real focal length. Every photo you take has a giant set of attributes stored with it and what's called the EXIF data, EXIF. In the EXIF data, you can find where it was taken, what time it was taken, what camera took it and more. Apple Photos is exposing you to just a little bit of that EXIF data, but it's only showing you the 35mm equivalent of the focal length. We need to know the real focal length because for some reason they chose not to have the Smart Album conditions look at the 35mm equivalent, it's looking for the real focal length of that camera. Now if you throw a rock at the Mac App Store, you'll find tons of apps offering to expose the full EXIF data of your images, but I'd like to suggest another method. On the surface, it sounds scary and hard, but I promise it's a three-step process and you'll learn a little bit too. These three simple steps will both be executed from the command line in the terminal. The three steps are, install something called Homebrew, then we're going to install EXIF tool using Homebrew and then we're going to run EXIF tool against an image. That's it, just three steps. So Homebrew is what's called a package manager. So it's essentially like an app store, but it's for free, nerdy, often open source command line programs. So open the terminal first and if you've never done that before, it's buried in the Utilities folder within your Applications folder. In a browser, go to brew.sh. On that page, you'll see in Giant Letters, install Homebrew. Below that is a black text area with a giant scary command in it. To the right of it is an icon of a clipboard. If you click that clipboard, the giant scary command will be copied into your clipboard. Now go back to your terminal window and paste the command you just copied and hit Enter. This will install Homebrew on your Mac. Now there's usually a vast amount of globs spit out on your screen, but in the words of Cousin Eddie in Chevy Chase's Christmas Vacation, it's just better to let him finish. Well, when it stops barfing on your screen, you're ready to take step two, installing Exif Tool. This is the simplest installation you will ever do. You're still in the terminal, simply type brew install exif tool. That's it. Again, you might see a lot of glop on screen as it does the installation, but with installations from the Mac App Store, you only get a progress bar or a circle while this kind of glop is actually going on in the background, so don't be afraid while watching it all go by. It gives you more information, it gives you something to look at. All right, we've got two steps down. You've installed Homebrew and you've installed Exif Tool using Homebrew. It wasn't too hard. Now, we're finally ready to use Exif Tool on the image you found that says it's been taken with the telephoto lens on your iPhone 13 Pro. In my case, that was the one that I took in Iceland. So I need to export the image from the finder, let's say onto the desktop. From photos, I'm gonna put it on my desktop. We now need to tell Exif Tool where to look for the image you wanna investigate. In your terminal window, type the Exif Tool command followed by the path to the image. Now, if you put the path on your desktop like I did, the path will simply be the tilde symbol slash desktop. And I never know which one's forward and backwards. It's the one on the right side of the keyboard on a US keyboard under the question mark next to the shift key. I think that's forward slash? I can't remember. Anyway, you know where it is. So it's tilde slash desktop and with a capital D. After that, enter the name of your image including its extension. That might be JPG or JPEG or might even be .heic if it was a live photo. So it's simply Exif Tool, tilde slash desktop and then your image name and its extension. When you hit enter after this command, you will be rewarded with a glorious list of data about your image. I haven't counted, but I think it's over 100 lines of information about your image. Luckily, the true focal length is five lines from the bottom. It says focal length for this image that I'm talking about, mine said focal length colon 9.0 millimeters, 35 millimeter equivalent, 78.0 millimeters. Now the alert amongst you will notice that the info window for this very same image in Apple Photos said it was 77 millimeters. And I cannot explain why it says 78 millimeters in the Exif data, but it says 77 millimeters in Apple Photos. The important thing is that we now know what the real focal length is. In this case, for that 3x camera on the iPhone 13 Pro, the real focal length is really nine millimeters. Now we can edit the smart album and add that the focal length must be nine millimeters. In my Apple Photos, the filter found a match to 315 images. Using the arrow keys, I flipped through the images it found while keeping that info window open and every single image it found was taken on the iPhone 13 Pro and it said it was taken with a telephoto lens. Well, it turns out there was another way we could have found our telephoto iPhone 13 Pro photos. Remember I was talking about the telephoto image had an aperture of f 2.8? It turns out that number is not a 35 millimeter equivalent. It's an absolute number. In our smart album, we could have selected aperture for the match and set it to look for f slash 2.8, which is the correct way to write it, and it would have found the same 315 photos. But if I told you that first, you never would have installed homebrew and XF tool and you would have missed out on the feeling of power having tamed a little bit of the terminal. Now here's another fun fact. Searching for telephoto image on an iPhone 14 Pro is much harder than it is on the 13 Pro. According to XF tool, the focal length of the 3X camera on the iPhone 14 Pro is 6.9 millimeters. But it says the same thing for the 1X camera. And it also says the aperture is f 1.8 for both lenses. I'm gonna leave this one as a geek cat challenge for you. How can I make a smart album in Apple photos that finds just the 2X or just the 3X images taken with an iPhone 14 Pro? Now there's a reasonably good chance that I'm missing something or confusing myself, but I've been working on this for a couple of months on and off and I simply can't figure out how to do it. I bet somebody smart out there is gonna figure it out for me and I'd be really excited if you do. Now one other oddity of the iPhone 14 Pro photos, you can only see the name of the lens if you're in macOS Ventura or on iOS 16. If you're still in macOS Monterey, like most of you probably are, images taken with any one of the back three cameras on an iPhone 14 Pro, if you do that get info window, all it's gonna say is triple back camera. It won't tell you which one's which. I hope you enjoyed learning how to use a command line tool to investigate your photos and to get to a lot more data about them. If you ever need to make a decision based on data about your images, now you have it. The bottom line for me is that out of the thousands of photos I took in a year, what was it, 3,000 something that I took with my iPhone 13 Pro? Only 315 of them were with a 2X telephoto lens. It's a good thing I bought an iPhone 14 Pro so I have a 3X telephoto lens now too. If you've been following along for a while, you might remember that I finally pulled the plug on our Drobo network attached storage. I replaced it with a second Synology because I was worried about depending on such an old technology. Drobo filed Drobo the company, filed for bankruptcy earlier this year and they haven't had anything on sale for a very long time. You can see all their products, but they all say sold out. Having a pair of Synologies will also give me advanced capabilities. I wrote about this extensively in October and I'm not gonna rehash the whole exercise, but there was a really interesting development this week. After I got the new Synology up and running, I conquered using R-Sync to back up the new Synology to the older one and it was time to decommission that Drobo 5N2. Steve asked me, should we try to sell the Drobo? Well, my first reaction was, that would be a big waste of time to even try because surely it wouldn't be worth anything these days. Luckily, Steve didn't listen to me. He went over to eBay, he searched on Drobo 5N2 and he set the filters to look only at sold items. In our surprise, to our surprise I should say, they were selling for around $500 for the previous week. Our 5N2 has an M-SATA accelerator card and we had it populated with five four terabyte hard drives. We could have saved those drives and sold it bare for around $500, but I've moved on to using eight and 12 terabyte drives so the four terabytes would probably sat around gathering dust. Steve said he'd take on the job of selling the Drobo. The first task was to race the drives securely. He has one of those bear drive toasters so he could just stick them in and do it from his computer and it took about three days, wait no, it took about five days to race all three drives. Then he had to put them back into the Drobo and let it reformat them to form a redundant array for the system. He took screenshots of the Drobo dashboard software showing that all five drives were working properly and forming the array and that the M-SATA drive was also functioning. One of the things that increases the sale price on eBay is that there's a lot of photos. So he took photos from every angle possible from the green lights lit up on the front all the way to the bottom with the M-SATA drive bay open so they could see it was in there. He carefully read other items that had sold for good prices and made sure to include all of those appropriate keywords while emphasizing that this model was going to come with disks and that accelerator card. We were leaving on a short trip so he pulled the drives and individually bubble wrapped each one of them so they wouldn't get damaged or damage the Drobo itself in transit. He packaged the whole thing up and weighed it. Knowing the weight and box size was important for selling on eBay where they have better shipping prices than we can get as normal humans. The price to ship was $42, I get it but when he put it up for sale he said it so that the buyer would have to pay for shipping. Now it was time to pick a starting price. I am no eBay expert by any means but I've read that you're better off starting with a low price so Steve set the starting bid for $400 and set the bidding to finish in five days. This was another reason he wanted it all packaged up ahead of time. He figured his rating would be higher if he instantly shipped it after the bidding closed. With breathless anticipation he watched the bid over five days tracking the number of views and the number of people who had it on their watch list. When the final day came, the winning bid was $660. Anyway, eBay takes their fee so his final payout was $605. That's real money. I am astonished by this and I'm so happy Steve took the time and energy to do all of this. You know what, now he's trolling around the house for other things to see what he can sell. On the no silicast we talk often about the new hotness. You know, the phone you won't be able to live without, the charger that must be in your travel bag or the newest note taking app that will finally help you organize all of your thoughts. But we rarely talk about those tools that we've been using for a long time that still bring us joy. I asked the no silicast ways to send in there I'm still using it contributions and I told them I'd read them on the show. What I love about this topic is that I didn't really bound it very much so the answer we've gotten are all over the map. Now I'm gonna read you four of them here and I've got a bunch more coming. Barry Porter started us off by writing, I still have a Mac 2 CX that uses a single scuzzy drive. I fired up every six months. I actually use it to help a client. I'm amazed that it still works so I grin every time I turn it on. It was very expensive in its time. I also have a school client that runs system seven because of one specific long abandoned program. I gotta say Barry, that is crazy. For everybody else, the Macintosh 2 CX came out in 1989 so that machine is 33 years old. For those too young to know, it sports a 16 megahertz, not gigahertz, Motorola 68030 processor. Now, you know Apple uses their own Apple Silicon processors now. Before that they used Intel. Before that they used PowerPC. Before that they used Motorola processors. That's how old this machine is. You might win for the oldest thing still being used Barry. All right, next up, Sandy Foster wrote in. She said, when I bought my first Apple watch waking up in the middle of the night to order that first available version, I used the included charging cable on my nightstand to juice it up overnight. It was pretty easy to do but it was also pretty easy to knock the watch off the charger in the night while reaching for my bottle of water. And then after a couple of years, I think around 2017, I saw the perfect solution online. Alago made the most adorable holder for the charging puck. It was in the shape of the original Mac Plus which happened to be the first Mac I'd ever owned way back when. It's true to the actual design right down to the little hole we used to need to force eject a cranky floppy disk. The watch slips into a slot in the top keeping it in nightstand mode and taking up very little space. That's a real plus for me since I don't have a clock on my nightstand. I still get a kick out of that little stand which explains why I haven't ever purchased an all-in-one charging stand for my iPhone and watch. Surprisingly, the same stand is still available at Alago.com along with several variations and it's very affordable at $14. While Sandy, we are kindred spirits. I still use my Alago Apple watch stand on my desk in my studio. It's just as adorable as you say. Now it might not be as old as Barry's 2CX but it's got that same classic feel. Steve Davidson wrote in next, he wrote, I'm still using an airport extreme 802.11ac that I bought in June, 2013. Now I certainly don't use it as a router as a wifi access point anymore. All that functionality has been turned off but I use it as a network attached storage device to host time machine backup storage of big files that just don't belong on my MacBook Pro. It has attached to it a six terabyte USB drive, used to be two, three terabyte drives through a USB hub. Once upon a time, almost a decade ago, it was our home network router access point but no more. Once Apple abandoned the product, it lost that job but as a networked file server, it still excels. Apple stuff is built to last. Well, I think this one's really cool because it never occurred to me that you could still use an airport extreme as network attached storage. I think I have two or three of them in the closet but this is a great idea because the amazing thing is that 2013 router has gigabit ethernet and the USB port, it's only USB two but for Steve's use, it's probably perfect. All right, finally, we've got a rather long entry and I love the long ones too by Tim Jar. Here's what he writes, I'm still using my early 2011 MacBook Pro laptop. This is pretty amazing when you consider that it means we're coming up on almost 12 years of usage. Okay, to be fair, this has never been my work machine or even my work horse machine. I'm a Windows sys admin by day and have generally had a Windows desktop at home as well for most of these years. I've also bought several Chromebooks and Windows laptops for my wife or for my work machine during those intervening years but my MacBook Pro was always a slick machine. With the 13 inch model, it was incredibly light for 2011 yet with plenty of screen space to get things done. Now it feels kind of bulky compared to the Air or other products and the screen resolution of 1280 by 800 looks toy-like compared to today's display panels. But do you know what? It still works great for most web browsing, email and chat clients like Slack, Teams or Discord and that's why I spend the overwhelming majority of my time on my non-work machines. This is a bit of a throwback for many people today but I love that I can burn a CD for my wife to play in her car that doesn't have Bluetooth or I can rip a CD or a DVD when I get one. Yes, I still buy both and not just those times where certain releases are only available in that format but just because I also love having a copy that's mine and not limited to content deal changing or locker services going away and with full album art and liner notes and such. As a bonus and I swear, I'm not just saying this to get Allison mad at me. You know what I can do with this laptop? I can plug in any number of devices that I already own a mouse or an external keyboard or a flash drive to load up music for my car where there's also a compatible port or a printer that will actually work 100% of the time when I click print. I swear wireless and network printing still stinks in 2022. Or I could plug in a webcam or a gaming headset or even a delightful light up LED Christmas tree in December because this laptop still has a USB-A port more than one of them even. Now I know USB-C is the future but for all of these devices I've just named USB-A is still way more common. I did some research on this to make sure this wasn't just my personal bias talking with the person who does all of the hardware purchasing at my current and former jobs which local government K-12 education and higher education. In each case new MacBooks were the only computers they bought that didn't have a USB-A port and none of them they had carried or purchased mice or keyboards or thumb drives or printers that used anything but USB-A still. Yes, I could do all of these things with a dongle with a new MacBook but it's even nicer and cheaper when it's built in and there's nothing to forget to bring with you when you're away from home. Extra bonus, I can charge my Bluetooth earbuds with the cable they came with too. There's also a full on ethernet jack built in saving me in situations where the wifi is sketchy or I don't have the password. There's a slot for SD cards if I have my digital camera with me and I don't wanna bring extra cords or transfer the photos. It's still one of the best keyboards I've ever used as far as ease of typing and a satisfying amount of travel. It's old enough that it has an awesome sticker on the front because I'm not ruining, worried about ruining the look of a new laptop. Sadly, it hasn't been able to get OS updates for a couple of years now so I no longer feel good about using it for work things or anything financial and I can't put GarageBand on it legally. And I know some of these features and ports have been sacrificed in the name of making the devices thinner and I've come to grips with the fact that even though neither I nor my friends and family care one fig about having our phones and laptops be thinner than they already are, I know I've lost that battle in Apple's case. So I'm sure a new Apple Silicon Mac will be amazing in many ways but I have a feeling this whole thing isn't going into the e-recycling center anytime soon. Well, I think it's awesome, Tim, that you're still finding value in this vintage Mac. I wanna pull back the curtain a little bit here. Tim and I have had numerous, let's call them enthusiastic conversations about USB-C and shockingly, he and I are on the opposite side of the enthusiasm on that topic, hence his gentle jab there. I have to say, I did yet another fist shake this week as I needed to plug in four USB-C devices but I only had three USB ports on my new M1 MacBook Pro. I had four in my previous Mac and four in the Mac before that. The problem was I hadn't carried the extra MagSafe power cable so I had to choose between keeping my laptop charged while recording or having my external USB-C display give me more screen real estate. Well, I also could have carried an extra HDMI cable because I have one of those useless ports and I could have used that on the display. I wonder if someday Tim and I will see eye to eye on this subject. All right, we've still got another half dozen. I'm still using it stories from listeners and even one from me, but I'm gonna save them for the Christmas week. Thank you so much to everyone who wrote in with their stories. I think it's fascinating to hear about these wonderful tools that make you happy. If you have an I'm still using it story, please send it to Allison at podfeed.com with that exact subject so that it goes into my filters, goes right into the right mailbox and then I'll read that on a future show. Barry, Sandy, Steve and Tim all supported the show this week by providing content for me so that I could relax and play with my kids and grandkids for the better part of the Thanksgiving week. It made such a big difference to me to have that content already provided. I really appreciate this kind of support. If you don't have something to contribute, please consider a financial contribution to show the value you think you get out of the shows we produce here. Now, maybe you don't like the idea of a recurring contribution, but you can also make a one-time donation by going to podfeed.com slash PayPal. I know money is tight for a lot of people and do not feel guilty if you can't donate, but if you can, that would sure be swell. Well, it's that time of the week again. It's time for security bits with barpooshots. How bad is it this week, Bart? Not catastrophic. Is that okay? We'll take it. We'll take it. No, it's okay. It's okay. Maybe the baddies were all off for Thanksgiving or something. I don't know. Some feedback and follow-up. It's kind of been a long-running story, but Google have been in trouble with a collection of state attorneys general in the United States. I think it's like 40 out of 52. So it's almost, I almost wonder what the other 12 didn't get that the 40 got. But anyway. Wait, you're saying the United States were united? Pretty darn close. How bad must you be for the United States to agree? Well, they had a button that basically said, don't track me. And when you pushed it, it didn't mean don't track me. Oh, right, right, right. That got a lot of people quite cranky. So they have agreed to a settlement. They will pay $391.5 million, which is the biggest ever settlement. And they have promised to revise their interfaces in early 2023. And they've already changed them a little bit. Okay, who did they pay that money to? Am I getting 38 cents? Oh, it's not a class action suit, right? It's the attorneys general's suing. So I think that means it goes into the state coffers. I think arguably everyone gets a small tax credit, I guess. Except I hope those 12 people didn't. Or those 12 states don't get any of it. Probably do. Yeah. I thought the DOJ gonna vote. I don't know. That is a very interesting question who gets to benefit from it. Google definitely lose it, but I don't know who benefits. Okay. We talked a few weeks ago about One Password buying a company that was all about pass keys and we speculated what it might mean. Well, I'm not saying that this is related because this may well be what One Password are going to do anyway, but we now have a way better idea of what One Password want to do in terms of pass keys. They have released a whole dedicated page on their future.onepassword.com section all about pass keys with FAQs and videos and very shiny graphics. Basically, they're going to synchronize your pass keys across all of your different operating systems, which is the obvious thing that the built-in systems do not provide. If you use an Apple system, it will synchronize between your Mac and your iPhone and your iPad, but it will not sync to your Windows PC. If you use Windows to sync your passwords, it won't sync to your Mac, et cetera, et cetera, et cetera. One Password will rule them all. Windows, if you do it on Windows, it won't sync to your Android phone with the built-in systems? Not with the current systems. No, basically, everyone has figured out sync within themselves. Each vendor has figured out sync within their own ecosystem, but, and that's probably where it's going to stay. Oh, that seems impossible that Microsoft and Google wouldn't get together because that's such a huge market, right? That seems a big miss if they don't. Isn't that what the third parties are for? Isn't that what we have? Last Pass or One Password? Yeah, but how many people actually use One Password and Last Pass and what is it, Bitwarden? Well, aren't they the people who would also be the sliders? Okay, the obvious exception would be the Android. Android and Windows, because... Which is probably the largest percentage of people. If there was going to be a cross-vendor native thing, it will be that one because Microsoft are not in competition with Google. Right, right, exactly. So one thing I wanted to clarify, when Bart said that this explanation from One Password was in their Future.OnePassword section, he meant on their, I think it's blog post probably, it's not in the app. So it's Future.OnePassword.com. I believe that's what I said. Yeah, basically, it's on their website. Yeah, anyway, you're right, yes, it's on their website. Okay. It's only what I wrote on my show once. Good, good. That's what I tried to say. That's how I knew. I'm cheating. We got a little sneak peek at some... So Apple is in the process of suing a company called Corellium, who are selling a thing that has become a lot less important now that Apple have released their own special phone for security researchers to security research on. But they basically hacked iOS and sold a virtualized version of it that could, in theory, they were promising they were only selling it to the good guys. Apple were very cranky. Apple have turned up documents that showed that the claim they were only selling it to the good guys is not so true. One of their customers is a company you may have heard of called the NSO Group. Oh, Irish. Oh, because that seemed like a really clever solution by Corellium. It did. And in the absence of anything better from Apple, it seemed like an important solution. I wasn't particularly on Apple's side on this one and not entirely sure I am at the moment, but Corellium... Corellium can be wrong and Apple can also be wrong. Right. But now Apple's righted it by having the test phones, right? Yes. Correct. For security researchers. And you have to be somewhat vetted, I assume, to get those. You do very... Yes. Yes. Yes. Quite heavily. I guess the argument would be too heavily, but I'm not going to make that argument, but I'm sure others will feel slighted. And since people may be in danger of thinking that I'm anti-Elon Musk or something, I just want... Well, you know, Elon has done something that seems sensible, therefore I'm going to give him credit for it. So one of the biggest issues I've had with the Twitter chaos has been the fact that it is impossible at the moment to tell who the sotting hell is who anymore, because verified has become this meaningless nonsense. Well, you actually turned it off. Because it got to be such a mess. You still have the badges. Yeah, but the badges still exist. You still see the badges, but now you don't know whether they were badges that were earned when it meant something or badges that were bought, or it's just chaos at the moment. But Elon has pre-announced an announcement coming next week with more details. The key takeaway for me... More details about what? So the replacement of the verified system. So there is a new verified system coming. And the key thing is that all badges will be human verified. So there will be actual humans checking every badge. Now, there are going to be three badges available. You can have a blue badge as a human being, and it's not clear whether you'll have to pay for it, but I think you will. I think that's the whole point of the exercise. There will be gold badges for corporations, which I'm assuming means advertisers. And there will be gray badges for government agencies. So I would like to clarify here. What you're saying Elon did was announced he's going to do something, but we can't actually give him credit for doing something because he hasn't done it yet. And he says a lot of stuff he doesn't end up doing. So we'll give him credit for announcing that he's going to do something that looks like it might have... In the right direction. Right. I mean, I didn't say he pre-announced an announcement. Which may or may not happen because he does that a lot. I know. But given that he's actually said something good, I sort of feel like we should all encourage him. Yeah. Oh, good boy. Good boy. You're trying real hard now. The little pat on the head. He doesn't think everyone's always hating him always. You can do something right. Poor Thinskin, little billionaire. No, they're so fragile. Kara Swisher has great fun with how fragile they all are. Oh my gosh. She has gone to town on him. And she actually liked him. Yeah, I know. A deep dive follow-up from our deep dive last time. So last time, one of our... I think I had three deep dives last time, but one of them was about a story that at the time had very little there there about Apple apparently breaching act tracking transparency by doing analytics within one app. It was silly on its face because app tracking transparency is about cross-app tracking. It was all based on iOS 14. So at the time, the story had no... There was just nothing there. There's still not a lot there. There's still not a smoking gun. There's still no reason to set your hair on fire. But there's a little bit more there than there was last time because once someone starts poking, well, everyone starts poking, right? That's how these things go. So what we know since last time is that the analytics that Apple is returning contains an ID which Apple have the power to de-anonymize. So if they wanted to, they could reconstruct your identity from the stuff in the analytics. There's no evidence they are, but they could. And to be honest, being what they, you know, given their whole sales pitch on privacy, that shouldn't be true. Now... Disingenuous at best. I don't even think disingenuous is quite the word for it. I think the best explanation which I've seen quite a few people come to is that this is a mixture of technical debt and carelessness. This is very old code. The app store is particularly old code. And so it doesn't look at first glance like it's your username and stuff because it's not your username, it's a subtle ID. So it will be very easy for that to sneak onto the radar. And since it's not new code, there's a good chance no human being has looked at that code in quite some time. So why do we know this particular piece of the app store is old code? Because security researchers... We don't know that for sure, but we just know that the app store is ancient code. It's built on... Oh, what's that technology Apple have stopped doing ages ago that used to build a body? Web objects or something, was it? I don't know. Yeah, it's built in an ancient stack. It's got technical debt. Okay. Now, you've seen your show notes that last time we thought it was based on iOS 14, but it's not. It's in iOS 16. No, no. Last time it was based on iOS 14. But since then, more research has been done. We said thought it was. It was iOS 14 last time. Okay. But I wanted to make sure you made the point because you didn't refer to it what's in the show notes there. So now what we know from researchers is iOS what? Today, the current... 16. Okay. Yes. Okay. So it... I guess we don't... Because we don't know you're saying... We don't know whether it was intentional or leftover code. It's reasonable to suspect that because this is part of an old code base, that it could be not them being disingenuous. Try to put as many double negatives into that sentence as I could, but you see where I'm trying to go. I was going to say, I'm trying to get around to... It might just be a failure. In fact, it's probably just a failure and it's not a case that it has your actual username tagged into it. It has something which Apple could de-anonymize. And it shouldn't. It just shouldn't. Right. It shouldn't. They should be able... Or they should de-an... Wait. It shouldn't be able to be de-anonymized. There we go again. They should be able... It should be anonymous. It should really be anonymous. Yeah, and it's pseudonymous at the moment. Has Apple responded on this yet? No, and that's the other thing that I think they probably should start doing sometime soon to minimize the damage here. Yeah, a little bit sooner would have been good, right? Right, because people aren't... Now that there's meat here, people are not going to stop digging. This is not the end of the story and this won't be until Apple respond. It seems to me that if you're going to respond quickly to anything, it should be things that damage your reputation because that memory starts to solidify if you take too long. Right. Yeah. And people just assume that if you are forced to respond, then there must be something afoot in the wind. Right, right. If you do it quickly and promptly, people are like, oh, no, they don't have anything to hide. It really is just whatever they said it was. Yeah, TikTok, Apple, TikTok. Moving on then to worthy warnings. The EU are warning people not to download the official apps for the Qatar World Cup because they are, quote, privacy nightmares according to the EU. Wow. Now, I was going to have literally nothing to do with this World Cup because I think the whole thing is despicable and ick in every possible and conceivable way. Although I did end up buying a new Jersey because the Belgian national team made a one love Jersey, their official away Jersey. So it has rainbow stripes on the cuffs of the Jersey. Oh, I saw you posted that on Mastodon. The Qataris were really cranky. I saw you posted that on Mastodon but I didn't catch, I didn't understand from what you wrote what it was about the Jersey that made it be a finger up to Qatar or Qatar. So I'm wearing the old one at the moment, right? So I think you can see me on video and it has this stripe of black and red. That is the rainbow on the New Jersey. OK. And how does that? And it says one love on the back. But what has that got to do with Qatar? Qatar banned players from wearing rainbow armbands. Ah, that's the piece that's not in your message. OK, I got you. OK. Sorry, I thought everyone was up in that scandal. Oh, yeah. No, I was caught up in the no beer at the stadium scandal. That was the thing that caught my attention. Might be the household from which I come. Actually, you're in the brewing industry. Yes, yes, yes, yes, yes. Yeah, between the slavery and the dead workers and the gay hating and the... Oh, yeah. So much. So much. Anyway, don't use the rap. Shock horror. Pressure regimes can't be trusted. Who knew? Wow. I have a story from Brian Krebs that I was tempted not to put in the show notes, but then I realized that it's actually a case study in why we want to pass keys in the future and why we want password managers now. So there is a malware gang who are for reasons I didn't even bother digging into dubbed the Disneyland team, who are registering domains using a standard called puny code that allows you to get URLs that have special characters in them. So the idea for puny code was to have French and so forth where you have accented characters be able to be in domain names. Okay. But of course there are lots of language, there are lots of typesets where there are characters that look like the regular Latin characters but are not the regular Latin characters. So you can register a domain name for Bank of America where the A's are replaced by a character that's almost an A but not quite an A. And to a human eye, that is convincing. And you can get an SSL certificate for this domain because you really do own that domain. Okay. It's just not what it looks like. Right. I think I remember you telling us about that when this first came out. Yeah. And the only reason I'm really putting in the show again is because there's now an active attack ongoing. And really the only advice for defending yourself is to take the human out of the equation because password managers are not confused. It is a different code point. It is a different character. Don't trust your lion eyes. Precisely. Exactly. Let the computer do the donkey work. So if you're using whether it be the built-in Stofa in your operating system or whether it be a third-party manager, it doesn't matter. If you're using the computer to tell you where you are, the computer just will not be fooled by this kind of shenanigans. And with pass keys, it will be even better because the private key simply won't work on the other sites. So the whole thing just can't work with pass keys because it's phishing proof. So again, future even better, but the present, your password manager has your back. And I want to reiterate what I think you already said. If you go to one of these sites, it'll have the password lock because they really do own that. It could really be an HTTPS secure site, but it isn't the site you think it is. So trusting the lock is not going to save you. Right. Because as we've said many times, the lock means that you are where the address bar says you are. The problem is the address bar is effectively lying through subtlety. Yeah. By the way, I've been trying to search for why they call themselves the Disneyland team. And I can't find that, but I did find that they're a financial cyber crime group. So these people are spilling your money. Oh, they focus on impersonating banks? Yeah. Banks and other financial institutions. And so they use all sorts of other spear phishing and stuff to get you to go to a website that you think is really your bank. And the final bit to make that convincing is these puny code URLs. Wow. So this is where their attack comes, where the robber meets the road under attack and it can be really quite effective. Be careful. Okay. Yikes. Now, the next one then almost made its way to a security medium, but I don't quite have enough meat. There is a report from a company called Pixelate who are a company that help you to avoid breaking the law with your ads. So they are an advertisement privacy specialist company. So you hire them to make sure that you're not breaking the law. It is a very niche market, I would imagine. What's the name of the company? Pixelate. Okay. And they have released a report. I say they have released, they've sort of kind of released a report investigating how many child focused apps in Apple and Google's app stores violate COPA, which is an American law, the Children's Online Privacy Protection Act, I believe. Okay. And it's been reported that the apps are breaching COPA because they share IP addresses and geolocation. But the subtlety that's not being reported is that Pixelate only looked at the ads in these apps. So the actual story is that apps for kids with ads are breaching COPA through the metadata that goes away with the ad. So if, imagine you're a developer and you have a space in your app for an ad, you don't fill that space, right? Because you have better things to do with your life than be an ad agency. So you outsource the filling of that space to an ad agency and you use an API to effectively auction your space. Okay. And you give a bunch of metadata with the API. And under COPA, if you have reason to believe the person is not an adult, you're not allowed to include a whole bunch of information in that API call. And it turns out that lots and lots and lots of apps do include that information in their ad requests. Question. So if it's the app developer who is providing that information to the API, it isn't the advertising company's mistake or fiendish move. Correct. It's actually the app developer who is still at fault. Absolutely. Yes, totally. I thought we were going down the line that it was the ads. Okay. So little kids play in the game, they gather some coins and they stick them in a little bank and a bunny pops out. Nothing is being transmitted there, but when the bunny pops out and then an ad pops up, they're giving information about that user's location and IP address to the advertisers. Yes. Interesting. Is that because of the way the APIs are written that they don't realize they're doing? No. The APIs actually have a flag saying COPA true or false. The APIs are written to be entirely compliant with the law, but if you don't get as much value for money if you sell an ad as been for a kid, you pay a lot better for adult ads. So the incentives are basically all misaligned. So the takeaway I took from this is that if you have the choice between giving your kid a game that you pay for or a game that's filled with ads, choose the game without the ads because the ads set up these perverse incentives. I would assume, and we know what that stands for, that if you gave a child access to Arcade that you're probably safe. Yes, because one of Arcade's biggest features is that it is monetized through a subscription. Therefore, there is absolutely no conflict of interest with the developer whatsoever. Okay. However, we've just talked about how the App Store is old, old, old, old, old code, so we don't know that it's doing it correctly, but the Arcade piece is fairly recent. The Arcade piece is recent. Remember, what's happening is analytics while you are browsing the App Store app. Okay, as opposed to... So if you have installed... Well, wait a minute. If you're in Arcade, you have to browse the App Store app to get into... Arcade is through the App Store. Only to install the app once you've installed it? Yes. You have no idea where the app came from. You just said browsing the App Store app. So you have to browse the App Store app to find the Arcade apps. Right, but your kids don't have to go anywhere near there, right? You just... If you want to find some good games for your kids, have a browser on the Arcade, and you're going to be good to go. Okay. So it's not at the point you're playing the game. I guess what I'm saying is it's... That's what you're saying. Okay, I got what you're saying. Yeah, yeah, yeah. Okay. Unless you teach your kid how to buy apps. Well, no, you could search for apps. Well, once you've got Arcade, you could search for apps. Well, with parental controls, I don't have kids, so it's really easy for me to talk here. I just, I don't know... Well, I wouldn't have... If you're already paying for Arcade and you do a search and you find an app that you don't have to pay for, there's no... I wouldn't think there's any parental controls at that point. I don't know either, though. I don't have little kids, and I haven't tested it on my grandson to see what he would do. I also have never actually enabled parental controls because my darling beloved is the only person on our family account. And I don't think I'd be in anyone's good books if I told Apple to start limiting what he can do on his phone. Don't see that ending well. OK, I'll test it on Steve. Excellent. By the way, when I say that they've released the report sort of in a twist of the most amazing irony, the only way to get the full report is to give them your email address, and they'll email it to you. Heck, no. Oh, really? Oh, that's interesting. Yeah. Now, they're a for-profit company. They don't want to give away all their secrets in a free report, but that just cracked me up. Now, thankfully, their methodology is available without a privacy wall. I guess it's not quite a paywall. So I was actually able to read their full methodology, which is amazingly detailed, and they deserve real credit for being so explicit in how they built this report. The bit that's not in public is the list of the 1,000 most popular apps and which of them they found to be naughty, which is kind of what I was hoping to hear the link parents to. Yeah, and it's not in there? It's not in there, which is why my advice is just avoid ads. Yeah. Oh, I'm sure it might be in the full report, but I did not give up my privacy to go get the report. I don't love you guys that much. Man. Sorry. Moving on then to notable news. This is basically, for the most part, this is cops one bad guy zero. Oh. So one of the things that is forcing attackers to up their game is the increased use of multi-factor and two-factor authentication. So that means that the criminals have to work harder to get a lot of people. And one of the things they're now starting to do is to expand their phishing attacks to include phone calls where they appear to be from someone else. Spoofing the caller ID, basically. And like so much in the world today, there was a malware as a service company that you could buy spoofing called iSpoof. There was a massive international crackdown which made headline news in Ireland because one of the countries that was involved is Ireland. We arrested a whole bunch of people as part of this dawn raid. But basically ten countries got together and wrapped this thing up with a hundred arrests. So it was Australia, Canada, France, Germany, Ireland, Lithuania, the Netherlands, Ukraine, the UK, and the United States of America. I just love it. Oh, that's fabulous. How wonderful. And it was nice to get, you know, it's nice to hear Ireland mentioned in there. Yeah, maybe they shouldn't have named it iSpoof. That was probably easier to find. I mean these things, I'm sure it was on the dark web, right? Sure. The issue was that, yeah, because you need to be searchable. You just can't be tied to human beings, right? Because you need the criminals to be able to find you and give you the money. So they're in the advertising business for their crime as a service itself. So next week we're not going to have any spoofed phone calls? Not any, less. Yeah, possibly fewer. All right, well, you got to do it. That's wonderful. You got to do it. Meanwhile, in the United States, the FBI were busy wrapping up a gang that were doing crypto realm scams. So this is a tweak on the really, like, I really hate people who scam the lonely through romance scams. There's a special place in hell for that. But traditionally, the way that has worked is that you befriend these people, make them think that you're romantically interested and then you pretend to have some sort of medical emergency and you pretend to need money and you ask them to send you money and that's how you scam them. A twist on this in recent times is that you offer them investment opportunities in your crypto scam of choice. I heard about that on the news actually here a couple months ago. People losing a lot of money on these investments, quote unquote. Yeah, I was going to say heavy scare quotes on the word investment there. Yeah, a big deal. Well, there's been a big lot of arrests and basically one of the major gangs doing this has been wrapped up in the United States. So well done US law enforcement. And that's a company crypto rom, huh? That's good. Yeah, I don't know which is meaner, targeting the lonely or targeting the elderly. That's a tough toss up of which circle of hell you belong in. But the thing is these two people do both. Oh, good, good. The old and elderly or the old and lonely. That's nice. That's awesome. I know. Oh, just cranky, cranky. And then the final piece of news is a fire extinguisher icon next to it. So I saw this reported as there's a vulnerability in Apple's private relay that is costing advertisers millions of dollars, which implies to me there's something wrong with Apple's private relay. So I started reading and I couldn't find anyone describing what the vulnerability was. So I went more reading and more reading. And I went a long way down the rabbit hole in this life finally found the answer. The answer is that the infrastructure for selling ads cannot handle true privacy. So the vulnerability is not in Apple's private relay. But it works too well. Hang on. But isn't Apple responsible for the ad sales infrastructure? No, no, no, no, no. This is the ad business are complaining that people who are on iPhones, they can't tell who they are and they're ending up with fraudulent ad stuff because it's being rooted through Apple's private relay and they don't know what's behind Apple's private relay. Who's getting the fraudulent ad stuff if the people in using Apple's private relay aren't getting the ads? The fraud is against the people selling the ads, not against the people viewing the ads. Okay, where's the fraud coming from? Who's doing the fraud? Oh, criminals. Criminals are using iPhones to do fraud. Criminals are using Apple's services in their fraud. So if you're browsing the web in Safari and you end up on a site that's doing ad fraud, well then that visit is going to go through Apple's private relay. And the back end of the ab sales industry is so convoluted and twisted that they actually can't track IP addresses properly and they just ended up taking it on faith that it was a reasonable request if it came out of Apple's private relay. And that is just a flawed assumption. So Bad Actor gets me to click somewhere but my private, Apple's private relay kind of bounces it off me somehow but it still goes to the ad company? The company's selling ads? So you visit a website that has a bunch of hidden iframes that show a hundred, that try to show a hundred ad impressions. They're obviously not real. Okay, that's the fraud part. They're not real ad impressions but they are pretending to be, okay. And because it arrives to the ad companies through Apple's private relay and because the whole thing is built around selling the ads in real time and the whole thing is spitting string together they just assume that if it comes out of Apple's private relay it must be fine. And someone was like, is that true? And the answer is, no it isn't. Oh, that's really interesting. How dare somebody call that vulnerability in private relay? That's exactly what private relay is there for. I know. When I finally got to the bottom I spent an hour going down the rabbit hole here trying to figure out where the vulnerability was in the infrastructure for selling the ads. I was so cranky at having been misled. Yeah, well maybe not even a vulnerability just you're doing it wrong. Right. Yeah. You've built your systems wrong. Deal with it. Anyway, so there we go. In case you heard reports of a vulnerability in private relay, no the vulnerability is it works too well. I like this vulnerability. Yeah. More of those. In related news, I found the top tip. There's just a nice little how to over from the people at Apple Insider explaining iOS 16's PASCY support. So if you would like to, I always think it's great to have one of these links to send to friends or family who ask the question. So I heard about PASCY. What's that about? Instead of us having to write our own. Yeah. Yeah. Yeah, that's going to be a good one because I'm having trouble picturing how I explain that. Yeah. Good people over in Apple Insider who are paid to write, they did good job. I link to them. I find this kind of thing interesting to try to explain to Steve's parents because Steve's mom and dad still do a lot on paper and paper is one of the most vulnerable methods. Their mailbox is fairly protected so people can't get in and out of there. It would have to be one of their co-elderly neighbors who would hack into their mailbox so it's not on the side of the curb or anything. But his mom does one password 100% but will not do it on her phone and she keeps a separate credit card for Amazon because she thinks that's probably the most vulnerable thing she has. So she has a credit card that links to a bank balance that's very small so that if she got caught she would only lose X amount of dollars. So she's built this structure that's not based on the facts of what would hurt you or save you. But she's not doing anything wrong. She's just doing these things that don't help and I've tried to start explaining pass keys and it's like, oh no, no, no, no, no. I use one password. I got my passwords in here. I'm good to go. So okay, that's fine. Well, they're doing it right. Hopefully soon. One of the intriguing things in the one password future thing is that they're promising features to help you turn on pass keys on existing accounts. So I think the answer will be when one password offers to make your password more secure, click yes. Okay, yeah. I'm concerned on pass keys because I'm running into so many sites that say, hey, would you like to stop using passwords? And I know it's not pass keys yet so I don't know what it is. Well, okay, but the web author and as a standard is perfectly viable and that's up and running already. But I've no if knowing, right? I guess because they're not really big on telling you the technical detail of what they're doing, are they? Why would they, right? Yeah, but I'm somebody who knows what's going on and I'm like, no, no, no, no, no. No, I don't buy that. I don't buy that. Let me put in my username and password instead. And yet it's probably safer, but I don't know. I don't know who they are. I don't know what they're using behind the under the hood. Yeah. Well, Adobe have switched me over to using their Authenticator app, whether I like it or not until it's actually better. Oh, but no, it's actually better. No, another app. No, no, not doing it. Well, that's why we want pass keys, right? That's why we want the standard instead of another app and another app and another app and another app. Yeah, yeah. Anyway, it is a nice link. It is in my toolkit. It is ready for me to add this whole folder of links for handing to people when they ask me these questions. It's great. And then interesting insights I have two links to give here. So Elastic Security Labs have released their 2022 annual threat report where they basically they explain the security landscape so that you know what's really happening in the real world, right? Because we all know these hypothetical vulnerabilities. But what's actually most interesting is what's really attacking real people in real land. And I always love these threat reports because it's real. So the good news for Mac users is that of all of the malware that was discovered by this company only 6% of it was on a Mac. So Apple's now what? A little over 10%, 12% something like that of the operating system usage out there. Doesn't that kind of make sense? That it would be a small percentage of the infections out there? Perhaps, perhaps. It's... Well, OK, so the second the bet that was much more interesting to me of those 6.2% that are the Mac 85% of those 6.2% is one piece of greyware software called MacKeeper. Oh, wow. So it's mostly people being tricked into installing junkware on their own computers. Wow. So 85% is 6.2. So I guess I think there's like 1% of actual real malware. Wow, that's astonishing. Yeah, and amazing marketing by MacKeeper. Yeah. The other stuff that I think people may be surprised at is 39.4% are on Linux. But remember that servers powering most of the world are running on Linux and servers are where there's lots and lots of data. Attackers love servers. And since most of them are running Linux that means the attackers attack Linux. Which is, I don't think people realize that, so I thought that was interesting. Tell me, it's not the year of Linux on the desktop? I'm sorry, I just covered myself in coffee. No, not yet. I stole that joke. I heard it on another podcast. I think it's a punchline on a few of my Linux podcasts, actually, because someday it might be true, but it ain't today. It certainly ain't today. Could happen. And just because just in case we needed a reminder why we have password managers, NordPass 222, 200 most common passwords lists, we human beings still suck at passwords. It is embarrassing when you see what is on NordPass' list. Let's see. Password. One, two, three, four, five, six. One, two, three, four, five, six, seven, eight, nine. Guest. Quarity. Holy moly, they're still on top. Yep. Still the same old, same old. Okay. Hang on. I'm going to back you up because you forgot your excellent explainer. Did I? Oh, goodness me. Yes, I did. God, that was even as a cool new word I discovered. I like to share new words. So remember, I said that one of the big problems we have is that attackers are now having to go after a multi-factor and two-factor authentication because that's, people are getting better about it. One of the techniques they're using is something called a soft dismount. So if I trick you into doing something dodgy, right? If I succeed in tricking you into giving up your SMS code, if you don't know you've been tricked, you can't stop me. Okay. So one of the things they're trying to do is to stop you realizing you've been hacked. And so the technique now is called a soft dismount. So they send you to a fake page with a fake login where they're asking you for your multi-factor authentication code. They then proceed to present you with a successful login and if they tricked you by saying do you want to cancel this massive purchase you didn't want, they just wrote a page saying order canceled. Thank you very much. And you think you have achieved your end. They tricked you into wanting to do something and they tell you you've done it. And you won't realize you've been scammed until you look at your actual bank statement. Goodness knows when. That's genius. It is evil genius. So as I say it's one of the things I like about Naked Security is that they show you real attacks in the real world. And I always love looking at them for the point of view of educating myself about I know what this looks like in theory. What's happening here on Planet Earth? And so this won't really caught my eye because because we're getting better about multi-factor authentication, the bad guys are getting better about abusing multi-factor authentication, which is why we need Puskies. So one of the I don't know what other credit cards do now because I've been using the Apple Card long enough that technologies moved on. But if you were caught by that your iPhone would immediately tell you you just spent two thousand three hundred forty seven dollars at blah, blah, blah. So you would get a notification immediately and that has made me much more attentive to my credit card because I'm not one of those people who checks the bit the balance every day or just don't do it. But my phone tells me so I knew when somebody tried to hack me recently and Apple blocked it. Excellent. I sometimes get briefly mildly annoyed when I go into a shop and I pay with Apple Pay and 30 seconds later I get a message from my bank saying you just bought something. It's like, I know I just did on this device. But then I think to myself, yeah, but if that notification came up and I hadn't just bought something. So I don't feel cranky then. I thought about the same thing. I was starting to get cranky about constantly having to tell websites. No, I don't want all these cookies. I only want the ones that you have to have to function. And then one day I realized I've just been given the opportunity to protect myself a little bit. Why am I cranky about this? I know it's annoying to do and it'd be better if they just didn't do it. But hey, I should take advantage of it. So I'm still doing it. Excellent. I'm having DuckDuckGo do it for me. Yeah, I've started using the DuckDuckGo browser and it's really fast. It is wicked fast on the Mac. I've said it, well, it's not as my default because I am still using Velia as my password manager. I'm sorry, as my browser picker and it's the default, but I've told it, open everything in DuckDuckGo if you can. Excellent. That's a good choice. I like having an app in front of my URLs to root them intelligently, which is what Velia is doing for you. I'm still using an older one whose name I can't remember, but I attempted to switch over because you made it sound very cool in your review. Velia is just fabulous. The one thing I don't like about DuckDuckGo and I know this isn't the point of what we're talking about at all is when I do a command F to search on the web page, it doesn't highlight and scroll to the spot where it found it. It's scrolling but it's not where it found it. And I can never find anything. So I was just trying to search global desktop market share and I did a command F for macOS and it shows me it's found it five times and every time I hit the next one, nothing is highlighted on screen. So I got a little problem I can figure out with that. But anyway, DuckDuckGo really cool browser. Yeah, and it's in beta still. So maybe send them a book report. Yeah, that's an idea. I didn't know it was in beta. That sounds important to me. Yeah, pretty sure it's in public beta now. Yeah, it was private beta. It's in public beta. Okay, now that I've finished missing my own show notes, let us go on to some palette cleansing. I have two for you. The first one is I loved on my old iPhone. I had an x-ray of the iPhone as my wallpaper and it made me so happy. And I don't have one for the new iPhone 14 Pro. And I briefly thought I did because there's an amazing one available for the iPhone 14. Oh, not pro. The 14 and the 14 Max, but not the pro or the pro Max or 14 plus or whatever they call the big one. So if you have one of the not pro 14s, these beautiful schematic wallpapers are available and they are absolutely gorgeous in multiple colors. I always went with the blue one on my old phone but they're gorgeous. Oh, that's fine. I can't have one yet. Yeah, if you can have one, have one. And then the last one is a podcast recommendation, an amazing episode of Planet Money called How the Cookie Became a Monster, which is the true story of how the browser cookie was invented and I'm not making this up as an attempt to make the web more private. Oh. How well did that work? How sad is that? It's a fascinating story though and it's really well told with interviews with the people of violence. It's a really fun half-hour episode from Planet Money all about cancer cookies. What a great title. How the cookie became a monster. I love it. I love it. Yes. All right. Well, I'm glad you had palate cleansers. There was a lot of rough stuff in there but hey, two big bad guys, bad actors groups got cancelled so got to love that, right? Yeah, I sort of thought it was a good news week all in all. I was pretty happy as I finished writing my show notes. On the balance. There we go. On the balance. Yeah. And it wasn't raining so when I finished writing my show notes, I got to go out on my bike and not get rained on. Which is amazing. It's a great day. It is a great day. Right. Well, I think that is it for now so folks, you know what to do. Until next time stay patched so you stay secure. Well, that is going to wind us up for this week. Did you know you can email me at alisonapodfeed.com? I just mentioned you could do that with your I'm still using it contributions. If you have questions or a suggestion, you can also send those on over. You can follow me on Twitter at podfeed and if you can find me on mastodon, look for podfeed at chaos.social. If you want to join in the fun of the conversation you can join our Slack community at podfeed.com slash slack where you can talk to me and all of the other lovelies, no silicast ways. Or if you get in the pattern here that everything good starts with podfeed.com, you can support the show at podfeed.com slash patreon or if you want to do that one time donation I mentioned, go to podfeed.com slash PayPal. And if you want to join in the fun of the live show, head on over to podfeed.com slash live on Sunday nights at 5 p.m. Pacific time and join the friendly and enthusiastic no silicastaways. Thanks for listening and stay subscribed.