 Coming up on DTNS, the attack on Okta might not be as bad as it first looked. Roku has new features, but do we care about TV platforms anymore? And why Apple isn't getting into routers or smart home stuff at all? This is the Daily Tech News for Tuesday, March 22nd, 2022 in Los Angeles on Tom Merritt. And from Studio Redwood, I'm Sarah Lane. I'm the show's producer, Roger Chang. And joining us from the addition newsletter, Charlotte Henry, welcome back. Hello, this is exciting. It's the first time anyone's ever introduced me from that note because maybe it's out in the world. Yes, hello. I feel so honored. Yeah, congrats on going indie. That's great. Yes, going. Yes, a bit like, you know, one of those bands you see at a lo-fi group or something. Yeah, you left the you left the supergroup and gone solo. It's fantastic. Or is this the supergroup? That's the question. Perhaps it is. You're definitely a guest on stage at our concert. This is the point. Before we break this metaphor, let's start with a few tech things you should know. At the AI conference and Nvidia GTC, Nvidia unsurprisingly made a bunch of AI announcements. The next generation of the Hopper GPU architecture is optimized for AI. The Hopper H100 will be the first card on the platform promising to speed up, transform and machine learning model training by six to nine times. Also, Nvidia announced the Grace CPU super chip with 144 ARM cores and a terabyte of secondary memory. Both of these chips are meant for data centers. And if you use them together, you have a Grace Hopper system in honor of the pioneering computer scientists. The omniverse collaborative design tool is now available in the cloud. A product called DriveMap will be available for the automated vehicle industry with ground truth mapping of more than 300,000 miles of roads in North America. Europe and Asia by 2024. And Nvidia is selling its Jetson, A, GX or a developer kit for powering robotics for $1,999. Finally, Nvidia announced it plans to build the world's fastest AI supercomputer called EOS, promising 275 petaflops of compute. A security researcher who goes by Mr. Docs with a zero, of course, in the docs has showed a proof of concept fishing technique you should be aware of. He was able to use HTML and CSS to replicate the pop-up you would get from a third party sign-in from a reputable company like Google or Microsoft. You know, when it says sign in with Google, you click on it, you get a little pop-up. Because it's an embedded element, not an actual pop-up from those companies, you can make it look like the URL is accurate because you're creating it. It's basically an interactive image. So just checking the URL would be not enough for you to detect that there is a fishing attempt in process. You can tell it's a fake pop-up if you try to resize it or move it out of the browser window because it's an embedded element. It can't leave the browser. Ars Technica notes that the technique has been seen once in the wild in 2020 in an attempt to steal steam credentials. Netflix is adding more games to its streaming service, just a few, but still the library grows, including an educational game, This Is a True Story, about water scarcity in sub-Saharan Africa, and Shatter Remastered, which is a mobile version of the breaking game Shatter. Netflix also says that Into the Dead 2 unleashed a sequel to the zombie action game is coming soon, later this month. Alphabet announced it's spinning Sandbox off into an independent company. Not taking it from one part of Alphabet into another, but kicking it out of Alphabet altogether. Alphabet's Quantum Technology Group called Sandbox was launched in 2016 by Jack Hittery, and since then has functioned as a separate group from Alphabet X. A lot of times they incubate these things in the X-Labs, Alphabet X, and then make them separate Alphabet companies. That's what happened with Sandbox, but now they're not just spinning it out of X into other bets. They're spinning it out of Alphabet entirely. Hittery will stay on as CEO of the new independent company Sandbox AQ, and it's 55 employees. Last week, Google announced that Steam was coming to Chromebooks as an alpha test. There was a lot of interest, but not a lot of details. Now Google is releasing instructions on how to get Steam running on Chrome OS. For now, only a handful of devices are supported, and they'll need Intel Iris Z Graphics, 11th generation Core i5 or i7 processors, and at least 8 gigs of RAM. If your Chromebook is supported, Google says you'll need to switch your Chromebook to the dev channel, enable a special flag in Chrome, type a few commands into Chrome OS's cross terminal, but then you can give it a whirl. All right, let's talk about this big data breach. There's a couple of them actually out there, Sarah. What do we got? All right, so the same data extortion group that went after Nvidia, went after Samsung, and other companies is now claiming to have breached Microsoft and Identity and Access Management Company, Okta. Let's start with Okta. The company provides software and services to keep employee login secure for things like single sign-on. Clients include FedEx, T-Mobile, HPE, JetBlue, Siemens, Sterling Bank, big, big companies, and there are others. The attackers claim to have gained super user admin access to Okta.com, and they posted screenshots on Telegram of what they allege or some of Okta's customer data, as well as its back-end admin console. Okta Chief Security Officer David Bradbury wrote in a blog post that there was a five-day window of time between January 16th and January 21st, 2022, just a couple months ago, where an attacker had access to a support engineer's laptop. This is consistent with the screenshots. He says the company terminated the compromise user's active sessions, suspended the account, kind of the end of it. But Bradbury also wrote, These engineers are unable to create or delete users or download customer databases. Support engineers do have access to limited data, and for example, Gira tickets and lists of users that were seen in the screenshots. Support engineers are also able to facilitate the resetting of passwords and MFA factors for users, but are unable to obtain those passwords. Okta CEO Todd McKinnon says there's no evidence of ongoing malicious activity. The worry was whether the attackers had gained access to client systems through Okta. Sounds like Okta is pretty confident that they had not, but that was the worry. The same malicious group also claims it breached Microsoft's Azure DevOps server. The group leaked 37 gigabytes of source code that appears to include code for Bing, Cortana, compliance engineering, and some other Microsoft projects. It doesn't contain references to Windows or Office products specifically, but the group also claimed to have breached LG Electronics for the second time. Yeah, so to kind of knock off some of the usual questions about this, Okta is continuing to investigate when they discovered it in January. They immediately contacted affected clients and have been working with them. The only reason this became public is because the group was claiming responsibility for it. They don't believe that there was any access. In fact, this laptop that the group got into didn't have the authorization to access anything. Like Sarah said, they could only send reset commands. They didn't actually see any of the personal information or were able to log in to personal information. So it does seem like Okta acted responsibly and that this was a limited attack. And the buzz amongst security researchers out there is that this particular group really is just buying people off. They're going and paying disgruntled engineers or sympathetic engineers in order to get access. And that would make sense given that this was a third party support engineer. I feel reassured having sort of read those comments because when I first saw this story this morning, my time in UK, I went, uh-oh, this doesn't sound good. This sounds like someone's going to get access to lots of different services, not just because of the nature of Okta as a business. My worry was we were going to suddenly see a whole load of repercussions from this. But actually reading that blog post from the Chief Security Officer at Okta, kind of, you know, if we take, we have to from the time being take that up face value and seeing that makes you think, okay, they've kind of been pretty transparent. They're not pretending there's no issue, but they've, you know, explained how that issue is contained and how they've discovered it. I guess the question might be why did it take from January the 21st or whatever it was to march the 22nd for this to become public. But as general, it seems to me Okta has behaved kind of in the way we would want a company to in these circumstances and that actually the initial fears that we all had when we're reading about it, about the kind of knock on effect seem like they've been contained. Yeah, I think the reason Okta didn't make it public is possibly because the clients didn't want it to be public and there wasn't any personal information accessed. If it turns out personal information was accessed, then they're in violation of GDPR and a bunch of other stuff. So I feel like they were following client wishes and the law and only because this group made it public where they like, OK, fine, we will tell you as much to calm you down as possible. Because I was like you, Charlotte, when I first saw this, I'm like, oh, man, if they were able to get into FedEx and HPE and all these other companies, you know, this is starting back one of them. Yeah. Yeah. Yeah. So it could have been could have been really bad. So I went from kind of going, oh, my goodness, is this Maria or whatever else to OK, no, they seem to behaved sensibly, which I mean, given the kind of nature of their business, you would both hope and expect. Yeah. Well, let's move on to some sunnier news. Oh, that wasn't terribly cloudy. Roku is fast becoming an advertising company as its revenue for ads continues to grow while its platform business levels off. The Roku Channel app, for instance, is available well outside of Roku's ecosystem on Amazon's FireOS, on iOS, on Android, Android TV, Samsung TVs have it and more. That audience is growing for Roku and they're making money off selling ads on it. On the other hand, more people are tending to use just smart TV interfaces for streaming, though in some TVs that is Roku OS, people just aren't buying the dongles in the set top boxes. And of course, Roku still wants to improve its platform. They're not resting just on the advertising revenue yet. So let's look at what's new in Roku OS 11. You can change your screensaver to use your own photos. The feature is called photo streams and it can connect to your desktop or a mobile device and you can even share your streams with other Roku users. Like maybe you have some family members and then you can all collaborate on a shared stream and add photos to it. There's a new speech clarity setting for dialogue, making dialogue clear and for people who use Roku streaming or speaker devices, like their surround sound, their soundbar, there's new sound modes, standard dialogue, movie, music and night modes. Roku's mobile app will now show more info on TV shows and movies, including where you can stream them for free and any existing paid accounts you have if you can stream them there. A new what to watch on Roku section in the home screen menu will suggest popular and recently released stuff. Voice enabled keyboards are getting Spanish, German and Portuguese support. None of these are the kinds of features where you're like, I've changed my mind. I've got to buy a Roku device, even though I have a Samsung TV. How do we feel, Charlotte, about Roku OS 11 and just the future of streaming platforms in general? It feels like they're becoming kind of commoditized. I feel exactly that, how you just said. I have two Samsung TVs in my apartment. None have anything, any dongles or stuff plugged into them. I do have a cable box in one of them, but everything, all the streaming services I use, just the TV OS that's within the Samsung televisions. In fact, the only example I have to use something different is when I have to plug my Mac mini into one of the TVs because it doesn't have an Apple TV plus app. But I think actually we're going to see that this is a bit like mobile phones, right? And people don't want lots of stuff and peripherals. And actually, if you own, you have to own the actual hardware, in this case, the television. And so if you want people to use your streaming platform to access even other services, you're going to have to build the TV as well. Yeah, I've got an older Samsung TV. It's 10 years old now, but it has some smart capabilities. And I thought, oh, that's kind of fun when I first got it. But no, I'm going to use my Apple TV. That's how I do everything. You know, I don't want to build all this into some TV because then when I have to replace the TV, then I don't have kind of my setup on some separate system. But more and more, particularly recently, you know, I've had friends who, because people are always saying, Sarah, you know, you watch all the streaming, like how do you get in everything? And as people continue to cut cords and figure out what the best situation is, more and more, I don't know how to tell them not to use these apps on their televisions because they've gotten so much better. And it's hard to convince somebody to buy a separate hardware device. I mean, some people want that for sure. But I think more and more, it's just like, oh, well, TVs are smart. So you just figure out something like the Roku platform within this TV because if it's new enough, it would support that. I think this is a highway headed for pain because I have a 16 year old Samsung TV that has no connectivity, but I'm able to use Apple TV, Roku, Android TV on it. And I do. I think the people, I think you're right. People are buying TVs and just thinking like, hey, it's got a smart thing built into it. I'll just use that. But down the road, that's going to stop getting updates. Apps aren't going to be available for it because they can't run on that platform. And then people are going to have to get into the dongle market again. Well, and if something goes wrong, that's a much more expensive replacement. I'm an Apple TV user. I have a Roku. I haven't used it in quite some time just because almost all the apps that I care about are on both platforms. And I just chose one some time ago. But even an Apple TV, which is not a drop in the bucket, is still not the same thing as a $1,200 television. No, of course, I mean, these boxes do get updated and can go out of date. And, you know, any of these companies who are making these apps could go, no, we're only making it available on this platform, not this platform. It's not particularly in there to their advantage to do so. At the moment, the general pattern we're seeing is that people who have streaming services want those services to be in as many places as possible. But, you know, if you're buying into any one thing, you're always slightly susceptible to that in an ecosystem, aren't you? Yeah. And there's always the stories of like, oh, the Netflix app doesn't work on the first gen of Roku anymore. Oh, now it doesn't work on the second gen of Roku anymore because the DRM system can't be supported on that chip. I feel like we're headed towards something like that with TVs in a couple years. So what's going to happen is I'm going to have to splash out on a new TV soon. And Tom's going to be sitting there going, ha, ha, I've got my 16 year old box TV and a nice new box. Just get a Chromecast or something. You don't have to buy a whole new TV, but people are going to have to realize that, yeah. Well, Wired has an article out today, but yet another attempt to make smart glasses. Although this one's a little different. Nemo is a full mini computer that's contained in the glasses frames themselves. It runs a modified version of Android. Doesn't have Google Play store support, but it does support Android apps. So you can run browsers, Microsoft Office, things like that. It also uses a Snapdragon XR1 processor. Importantly, there's no official tethering that is required and that's something that Nemo touts. But if you want to connect to the internet, you would need a solution. So Bluetooth would connect you to a mouse and keyboard. For example, you can also use Bluetooth to connect to a phone. Use that phone as a trackpad. Kind of cool. And it can detect your gaze. So you can tap on the side of the frames to select certain things. So even if you're not tethered, there is some functionality there. The Nemo has dual 720p screens embedded into the sides of each lens that allow for up to six virtual screens. What you see is equivalent to up to 40 to 50-inch displays. So for people like me who need prescription lenses, and I wear contacts, so it's kind of my solution. But if you don't and you need glasses, the company isn't offering lenses. You'd need an optometrist to make lenses that work in the device, unless you've got another solution or you don't need glasses at all. No cameras built into the device. So this is not one of these, okay, I'm going to go out and about and take photos and make people feel weird. It doesn't have speakers either. That is all stuff that you can tether to a Bluetooth device and figure some stuff out. But it's not built into the glasses themselves. And Nemo makes a point to say, that's not really the point of this. This is replacing some sort of portable laptop or something that you might use at a coffee shop or if you're on the move or you're on a train or you're at an airport. Battery life is 2.5 hours and it weighs 120 grams right now, although the Nemo team says they think they can get that down to 90 grams by the shipping date, which is set for the first half of 2023. We've got a little bit of time, but it will come, I think it goes well, to India and US markets for $799. Oh, he lost me. I was in on this. I know. I saved that little nugget for the end. It's not that different from a tablet where you're like, oh, I just need it for word processing and doing some productivity stuff. And it's light and on the go. And I'm like, oh yeah, one of those mobile keyboards like people use and a Bluetooth mouse, I'm sitting in the Sky Lounge at the airport. I could see this being a business tool and maybe that's the enterprise price at $799. Other expecting companies might drop that, but I'm not sure if I'm splashing out that much, although it is a high-end tablet price, I guess, just to try this out. What about you, Charlotte? So everything about smart glasses terrifies me. I felt a bit better when I read that they were not like, it was the Facebook ones that had pictures and video taking on it that freaked everyone out, wasn't it? Yeah. That was a few months back. Well, it was the last before that. Exactly. So they were fairly obvious when someone was wearing those. The Facebook ones and like these Nemo ones look exactly like, pretty much like real eyeglasses. The Facebook ones too, if I recall actually you could get a prescription in them, couldn't you? Like you say, I'm wearing contact lenses. So that would obviously be a solution. I'm not totally sure with your argument, Tom, that a company would be happy to drop $800 instead of buying one of their high-powered executives, a tablet. I think probably the tablet is easier to justify and would go further than the few trips on a plane that may or may not still be happening. I'm just saying that the price point won't turn them away. They might still turn away from the practicality of it, but there's a confidentiality thing. Nobody can look over your shoulder at your screen on this because they're on your face. It's more productive because you have more screens, they're bigger screens. So maybe there's an argument there. I really like this concept though of saying, you know what, let's take the technology we have right now and make glasses that work with that instead of promising something where the technology isn't there yet. There's a place for that, Microsoft, magically, they're all pushing that boundary and maybe someday one of them will get there. But I do like somebody saying, well, we've got technology that can work right now. What can we do with it? And this is obviously a bit of a different play, isn't it, to the metaverse type of play. We want you to be consumed in an alternative world. This is about doing more in the world that you're in. You're reading some email and you have limited space and you can sit up straight and look ahead. That might be pretty nice depending on how your workflow goes. And if you move around a lot, I think that's sort of the key of this is this is not something I want sitting comfortably at my own desk at home. I just don't, I don't need it and I kind of don't want it. But if I were doing a lot more mobile computing, I could, I could see where, especially if you have, yeah, if you have limited space, privacy maybe is an issue, then something like this would be. Sarah, Tom's imagining sitting is desk reading emails in his glasses. No, I'm imagining sitting here right now. And instead of looking down to see the dock and you guys, you just being in front of me and I can look straight at the camera all the time. I mean, the ergonomic factor of this should not be, you know, underestimated. It's like people really do have, have, have issues with this. So that, you know, that's another part of this where I go, still not crazy about the look of these glasses, but I could see where it would be a handy tool to have. Yeah, might be a good travel tool. Might be even good at home. Who knows? Maybe I should try. Folks, what do you think? Tell us in our discord, you can join that by linking a Patreon account at patreon.com slash D T N S earlier this week, Bloomberg's Mark Gurman made a plea for once instead of a prediction. He usually makes predictions, but this time he made a request. He argued that as part of Apple's revitalization of the Mac line, it should start making Wi-Fi routers again. If you don't recall, Apple launched the airport base station way back in 1999 and it kept making Wi-Fi airport models for 15 years until it disbanded the airport team in 2016 and discontinued the entire line for good in 2018. If you go to Apple to buy a router right now, you'll have to buy a Linkus mesh router with home kit support. That's what they sell on the Apple store. Gurman argues that Apple could make routers easier to set up, easy to secure. He suggests you could build it into the home pod, maybe the home pod mini. Google already does this with its latest Nest routers where it can have speakers that have the Wi-Fi built in. The next web's Callum Booth saw this and thought, I think I know why Apple doesn't do this. First, price. Apple always sells above the competitors and the Linkus routers that Apple sells are $500 for a three-pack. More than that might be too steep even for Apple, Callum Booth argues. The other reason Booth gives is that Apple doesn't have the product line to go with it. He argues Google is successful at this because it has the Nest line, smart cams, thermostats, Nest speakers, some with smart screens. Apple has none of that stuff, just the home pod mini, and I guess maybe the Apple TV. In the end, Booth argues that Apple can't control the experience enough in a router to keep its reputation for ease of use. Routers are finicky. Networking is subject to all kinds of reasons for failure beyond the manufacturer's control. Anybody who's tried to troubleshoot a network connection knows. It's really hard to figure out where the problem is coming from. And that makes kind of sense to me, but it does point out that Apple, while making a compelling platform in HomeKit to control your smart home devices, is not doing much to capture the smart home device market. Is that on purpose? Is this part of the pivot to services? Apple wants to be the platform, not the device maker. Or is this a blind spot for the company? While they're pouring resources into cars and mixed reality, they're just leaving the smart home market on the table. Charlotte, what do you think? Yeah, there is something a bit disconnected about Apple's whole smart home play. I'll come onto the routers bit in a minute. But I think it's a very rare point to say, that this is a company that has on its main platform, iOS, a thing called Home. As in, we want our phones to be a place where you control smart home devices. But we basically only make two of them, maybe one and a half. Now, I don't think Apple's ever going to be the company that makes, you know, the thermostats and light bulbs. Exactly. And they sell some third party stuff. I don't think you're ever going to get an Apple security camera, like a ring type thing. But I think it's, there is a bit something a bit disjoint about it. I think that is a fair point to make. As for the router thing, I think, I mean, I'm always loathe to disagree with Mark Gurman. I think that's never a good bet to take. It's a pretty good track record, yeah. Right. But I think the arguments put forward by Callan Booth are actually pretty compelling, that let's put it this way. Does Apple want the genius bar taken up with people complaining about their router at home? You know, I have, it's funny, before before the show, as I was thinking about this, I was like, wait, what did I do with my airport extreme that I had for years? And I'm actually looking at it right now. But it's not actually the the router that I use anymore. But when troubleshooting needed to happen on the network that I was using, and it did occasionally, it was pretty intuitive. I see where this argument is going is if Apple can control, you know, you buy a hardware from Apple, Apple is making plenty of hardware already. Sure, it's trying to boost its services division. But there's, you know, lots of hardware products. And you need networking products to go with those hardware products. But yes, if there's too much propensity for failure, I could see where Apple's like, you know, it's just not worth it. You know, maybe they the support side of their former networking products. We're just like, this is a nightmare. And it just doesn't make sense anymore because other companies are doing it for cheaper and people don't care if Apple makes that router anymore. I think your point about intuition is actually a good one, though, Sarah, and it's kind of the flip side to actually our argument, which is if you're Apple and you can go, well, everyone hates their Wi-Fi routers and it makes everyone mad, but we can do have the thing that makes everyone not mad at Wi-Fi routers. That's obviously a good win for Apple, I guess. Is the is the, you know, the return on that bet worth it? Right. Yeah. I think that I buy Callum's argument that the complexity of supporting it might be keeping Apple away. I don't know that Apple cares about the price point. They I'm I'm sure if it cost a thousand dollars for a pack of three beautiful Apple Wi-Fi routers that were super easy to set up. Apple wouldn't blink at charging people that. Right on the mantle, you know, from center. Let's look at them. But but honestly, I think I think, yeah, it may be that they they just don't want to deal with the the complexity of that. Although Iro has done a great job. I know they're owned by Amazon, but even before that, they had a great job of being easy to manage. They worked really well. I have them. I'm using them right now. They're they're specialist companies, aren't they? Yeah. And I almost feel like maybe Apple wanted to buy Iro and is hoping to buy somebody like them and bring them in. I have. I was looking while you were introducing this segment. Didn't Apple used to stock Iro at the Apple store? I'm sure I've been an Apple store and seen Iro. As soon as as soon as Amazon bought them, that that's got yanked. Yeah. So yeah. All right. Let's check out the mailbag. Let's do it. This one comes from Jeremy, who listened to our conversation we had on the show yesterday about the New Mac Studio. What's going on with onboard storage? Jeremy says, heard a few people talk about the surprise expansion slots for SSDs in that New Mac Studio. The machine has the ability to have up to eight terabytes of storage. Does everybody really think that Apple would put that into one slot? It would be an incredibly expensive drive, especially compared to being able to get two smaller ones in the same machine. It also allows other machines to start with the same base SSD and then just add to the other slots to get the storage that the customer selects. Jeremy says, am I overthinking this? No, Jeremy, you're making complete sense. I think the the surprise wasn't so much that they were that there were slots in there. It was that Apple has gone out of their way to stop you from using them. There's there's they literally designed it in the worst way to possibly upgrade, which maybe you could excuse of like, well, they just weren't designing it to make it easy to upgrade. But then there's software that actually prevents you from putting in your own SSD slots, which is exceptionally obfuscating. So it really does feel like and the policy from Apple is clearly they say on the site, these are not meant to be user upgradeable. We're not providing upgrades. You should buy as much as you need from the start and and from then on, it'll have to be external. So they really did design it not to be upgraded, even though they could be upgraded. I don't understand putting impediments to people wanting to do this themselves. It's crazy. Well, thanks, Jeremy. Yeah, right. Yeah. You know, kind of been we feel like we knew Apple at this point. Yeah, I'm not surprised. Yeah. Yeah, yeah. The the the the limitations on purpose to save us from ourselves. Well, thanks, Jeremy, for the feedback. Do keep that feedback coming. Feedback at Daily Tech News Show dot com is the email address to send it to Doug Photos. Welcome. Hello, Uno. Also, thanks to you, Charlotte Henry, for joining us today. I know you've got some new stuff in the works. Let folks know where they can keep up. Yes, I am now running. Obviously, I've had to maybe I've made the jump to Substack, of course. So I'm over the addition.substack.com. There's lots of tech stuff. There's lots of media, you know, tech stuff, media stuff, culture stuff, all coming together, all added together there. So that's fun. My book is still available, not buying it. I'm putting the topic of fake news continues to feel quite pertinent. So yeah, send me your dog photos on Twitter to outsharlathenry.com. Excellent. Well, good to have you on the show, as always. Want to extend a special thanks also to Anthony Junk, who's one of our top lifetime supporters for DTNS. Thank you for the years of support, Anthony Goldstar. And the crowd goes wild. There is a longer version of the show. It's called Good Day Internet. You might know all about it, but if you don't and you'd like an extended version of the show where we talk about all sorts of stuff, do become a patron at patreon.com slash DTNS. We are live here on DTNS Monday through Friday at 4 p.m. Eastern. Twenty hundred UTC. Find out more at DailyTechNewShow.com slash live. And we're back doing it all again tomorrow. Scott Johnson joining us. Talk to you then. Daily Tech News show is made possible by its listeners. Thanks to all of you, including Chris Benito, Steve Ayaterola and Jeffrey Zilx. This show is part of the Frog Pants Network. Get more at frogpants.com. I hope you have enjoyed this program.