 Coming up on DTNS, the Epic Apple case reaches the heart of the matter. Should you worry about that Wi-Fi vulnerability you may have heard about and Venus flytraps become soft robots. This is the Daily Tech News for Wednesday, May 12th, 2021 in Los Angeles. I'm Tom Merritt. And from Studio Redbud, I'm Sarah Lane. From Salt Lake City, I'm Scott Johnson. And I'm the show's producer, Roger Chang. We were just talking about internet traffic, super glue in your fingers and so much more on Good Day Internet. Get that wider show. Become a member of patreon.com slash DTNS. Let's start with a few tech things you should know. GitHub added support for physical security keys when using Git over SSH, which lets developers send push, fetch and pull requests remotely. GitHub previously allowed passwords, personal access tokens or an SSH key to access Git over SSH, but does plan to remove support for passwords later this year, citing their consistent source of account security challenges. Speaking of standards and connectivity, the Connectivity Standards Alliance made up of hundreds of device manufacturers, including Apple, Amazon, Google and Samsung, announced the Open Smart Home Standard Project Connected Home over IP or CHIP has been rebranded. So if you heard about CHIP, it's now called Matter Devices with Matter, M-A-T-T-E-R branding to go on sale by late 2021. I kind of liked CHIP better, but OK. Amazon updated the Echo Show 8 now with the same 13 megapixel sensor as the Show 10 and also the ability to digitally pan and zoom to follow users, support for AR features and a new octa-core process for the same $130 price. The Echo Show 5 was also refreshed, now offering a two megapixel front camera for $85 and a kids edition available for $95. Also different rear fabric and a two year warranty. TCL has given out pricing information on the XL collection of its 85 inch TVs previously announced at CES. We were talking to Robert Herron yesterday, all the TVs are coming out now. The 4K 4 Series TV is currently on sale for $1,600 and the QLED 85R745 with full array local dimming and Dolby Vision HDR support is $3,000 shipping in the coming weeks. TCL also announced it will launch an 8K mini LED 85 inch TV later this year. They didn't give exact pricing or availability on that yet. In a blog opposed published Wednesday, security researcher Fabian Braun Line demonstrated how Apple's find my network can be exploited to become a data transfer mechanism. By faking the way that an air tag broadcasts its location as an encrypted message, that's the way it works, the hack lets packets of arbitrary data be transmitted over the find my network, which is capable of using the data connection of any nearby Apple device that has find my enabled. And Braun Line's demo short tech strings are sent back over the find my network to a home Mac and it was successful, but it's not clear if this could be used maliciously. Yeah, it just seems like a way to send messages in a weird, weird, odd hack. So, so far it just seems like a cool hack, but I won't keep an eye on it. This one is possibly used maliciously. Let's talk about the Wi-Fi frag attacks. Belgian security researcher, Mati Vanhof published details of the frag attacks, as they call them. The attacks take advantage of newly discovered vulnerabilities in the Wi-Fi standard. Now they're newly discovered, but some of the vulnerabilities appear to have been there all the way back to 1997. There's also some common programming mistakes that Vanhof discovered in Wi-Fi products that can be taken advantage of. The vulnerabilities could be used to inject plain text frames or malicious code into a protected Wi-Fi network. So you've got it encrypted, but this is a way to sneak in. An attacker, however, must be within radio range of the network so they can connect. The user must have some fairly uncommon network settings. So most people wouldn't be vulnerable if they have the standard settings. And the user also has to be tricked into interacting with the attack. It requires you to fool the user. Vanhof disclosed the bugs to the Wi-Fi Alliance about nine months ago. Microsoft has addressed three of the 12 in Windows in the March 9th patch. A patch for the Linux kernel is in the release system working its way through and multiple router makers are developing patches as well. The Wi-Fi Alliance said there's no evidence these vulnerabilities have ever been used and the bugs can be avoided by following recommended security practices. Keep yourself from being tricked, for instance, not using those network settings, for instance, as well as quote, through routine device updates that enable detection of suspect transmissions. So there's a way to like catch them if they're happening through some updates. So yes, patch, but no, don't freak out because you're probably not vulnerable to this. So one of the first things I thought was the headline itself is one of those that seems like it'd be fun to freak out about something as old as 97 or issues going back to 97. Just makes for a fun conversation. But if anything, I'm glad to hear that something was at least so obscure or hard to find that it took this long for it to be detected. And now it's being fixed and talked about and people are updating. And I don't know, it's mostly a feel-good story for me in the security news. I kind of like this one. Yeah, dating back to 1997. I mean, even saying Vanhoef disclosed the bug to the Wi-Fi Alliance nine months ago, you go, okay, well, that was some time ago. We're just now hearing about it. But the fact that Wi-Fi standards constantly being upgraded over the years, updated and upgraded. And yet there are still vulnerabilities that have been there all along. It just took, you know, not that nobody else has ever known about them before, but surprisingly, you know, this stuff was new to a lot of companies because they weren't taken advantage of in any meaningful way. Yeah, it's a good reminder how to think about security. Security is a constant defense trying to minimize your risk as close to zero as possible, but you never get to zero. It's always a race. And when there is a vulnerability, it's tempting to think like, well, somebody should have caught that. But vulnerabilities are discovered by people trying to figure out how to break something. And you don't know they're gonna exist until somebody's tried hard enough and been ingenious enough to figure it out. This vulnerability could have been discovered in 1997, but I think the key point is no one ever did until Vanhof did. And so it wasn't likely to be used. It's also really difficult to implement and all of that. But this is a great story because it shows that like, even something this obscure and hard to figure out is getting discovered by someone who wants to protect us before somebody who could have misused it. Yeah, it blows me away. My daughter was born that year and we still haven't found the proper patch for her. So wish us luck, everybody. Just kidding. That sounded worse than I meant it. She's wonderful. All right, moving on. Hey, YouTube plans to launch a 100 million with an M fund to pay popular creators on its recently launched shorts platform. This is sort of their TikTok slash Reels competitor. In the coming months with plans to fund content through 2022, YouTube will reach out to creators who receive the most engagement and views to offer this funding. They do not need to be part of the YouTube partners program as it's currently constituted. YouTube did not detail the amounts or the metrics or any of that. Snap and TikTok also have programs to pay creators to create content on their platforms. And on Alphabet's latest earnings call, CEO, Senator Pichai said shorts received 6.5 billion daily views globally, which is a lot, but it's also YouTube. And I don't think that's as much as they want yet, but this is a way to do it. Let's start paying out those top creators. I have a big question about this though. If you are a top creator of short form TikTok style content, chances are you're already doing that at TikTok. You're already doing that on Reels over on Instagram or anywhere else. Snap for that matter. YouTube coming to you and saying, hey, come do that over here. They're not saying, or at least we don't think they're saying, come be a part of this exclusively, just make sure your content is here and that it's driving numbers. And that's it, what it seems like. Yeah, cause you're not part of the partners program, which is where the exclusivity things are. I mean, we don't know, they might be trying to make people do exclusives, but it doesn't say. And my guess is YouTube just wants to get that content over. And if it's popular enough on shorts, they don't care if it's also popular somewhere else. They're just going to keep feeding money to the stuff that people are watching the most on YouTube. Well, and this whole $100 million fund, which is sure like, well, that sounds like a lot. Okay, it's two popular creators through the end of next year. So it sounds like YouTube is saying, let's make a real short bet here and kind of see where we are at the end of 2022. Are we paying a million dollars each to 100 creators? It's probably more creators who are getting a lot less money from us. And then at that point, then maybe we reassess, who are the real stars? Then we talk exclusivity and reaching out on a more personal level. YouTube more to me is, I mean, YouTube is just, it's such a video behemoth. And it's so many different kinds of video. I mean, instead of, I don't know, what YouTube was in the very early days where people were just uploading whatever they had on a camera, it's longer form content, it's series, it's tutorials, it's highly produced movies and documentaries, it's all of the things. Shorts has a place on YouTube, but YouTube is still trying to figure out how to be the place where you want to see that kind of content, because that's where TikTok is just raining supreme. And it's like a me too thing, rather than, oh, YouTube's doing something different here. Yeah, and also there's this other side thing that I just remembered. And this happened a lot with reels in the early days, that's smoothed out a little bit for Instagram, but a lot of the content that was showing me up on reels and currently on this new shorts program are repurposed TikTok videos, often with the TikTok logo stamped right on the video, which they have built in when you export a video or download a video, people are just repurposing a lot of content right now. And I would assume that would smooth out over time and anybody they're gonna pay, they're gonna wanna have raw, real, not just a TikTok video re-uploaded to their service, but that's kind of what's happening right now. A lot of this stuff is just repurposed. I think you've both changed my theory on this and I think it will stick. I was thinking this is not gonna work for YouTube, but W. Scottus one in one of our mods and in our chat room says, I like shorts because I don't have to leave YouTube and go to another app to see this content. In my mind, it doesn't matter, but that's just me. And then something Sarah was saying about how, this is content that is often reposted and people are fine with that. I think what's gonna happen here is that, yes, TikTok survives because it's an entire ecosystem, right? You're in TikTok to do TikTok and TikTok is great at showing you things, Snapchat the same way. I do my Snapchat things and I show me and show me Snapchat in context. And I don't think YouTube can beat them at that game, but I do think there are people who are like, yeah, I just don't wanna use TikTok. I don't wanna pick up Snapchat, but I do wanna see some of those funny videos. Shorts may be good at that. It will never beat TikTok or Snapchat or even Reels, but it could just be a persistent window to feature that content to say like, hey, if you wanna see some of the funny stuff on TikTok without having to become a TikTok user, here it is. And that might be successful enough for YouTube, which point, I don't know that you need to pay people for that, I will say. Well, a huge part of it will be the app experience on mobile because part of the reason TikTok is outside the algorithm is the app to beat at the moment. Is it's just flick, flick, flick, bam, bam, boom, follow, don't follow whatever. And in YouTube and Instagram, for that matter, you've got this issue of like, all right, where's the button for the Reels and where's the rest of it? And they try to center it, so that's cool. That mobile experience is gonna have a lot to say about how this sticks more than desktop, but I could see why if you're on desktop or a notebook or something, you just stay and watch them there. Yeah, this is gonna be a weird analogy, but your department-stored restaurant is never gonna drive out your favorite diner. There you go, good point. But it also succeeds within the department store. Shorts is like the department store restaurant. That's a really good comparison. I mean, we don't wanna like put, the creation of the content is the important part here and we all know that can be great and everything, but that's a great analogy. Very nice. All right, Xiaomi and the US Defense Department reached an agreement to remove Xiaomi from a list of firms barred from US investment. The Defense Department put Xiaomi on the list back in November, identifying it as a communist Chinese military company. The listing would have led to Xiaomi being removed from US stock exchanges and also global benchmark indexes. However, Xiaomi challenged the listing in court and US district judge Randolph Contreras issued an initial injunction holding up implementation. A filing in US court said the US and Xiaomi have now agreed to resolve the issue without the need for litigation and will file a joint proposal with the court before May 20th. Earlier this week, the US extended a 2019 executive order barring use of Huawei's networking equipment by US companies. So Xiaomi, Huawei, two different stories also Wednesday, the US Senate's commerce committee will vote whether to send a bipartisan bill targeting Chinese tech to the floor. It would spend $100 billion on domestic research and development at US colleges, universities and regional tech hubs and increased sanctions on China. Yeah, so this is the US recalibrating. Xiaomi was an overreach and the new administration took time to evaluate that and has now decided, yeah, okay, I think we're cool taking Xiaomi off that list but they're not taking a bunch of others off the list. Like you said, Huawei is not going anywhere. It's staying on that list. So I don't think this is the US letting up pressure on China in this way for good or ill. I do think this is the US sort of refocusing and saying, okay, what do we really wanna pursue here? Well, yeah, but also, I mean, this is gonna be misconstrued to somehow a political approval, but I like the idea that not all these companies are the same. Why would they be? It's easy to say, well, one Chinese company in tech is like all Chinese companies. Well, yeah, even the previous administration did not ban every single Chinese company. Exactly, yeah, that kind of... Case by case basis. Yeah, exactly. Discriminating based on whatever the real reasons are seems like the right way to do it. So good on them and maybe the others will see the light of day. I don't know. Some of them are kind of egregious. It'll be hard to, but... And the other side of this, if you were an investor in Xiaomi or a customer of Xiaomi and you were worried because you were worried about this entity list, not making it through court or whatever, that goes away. There's now probably not gonna be a court case. We'll find out for sure May 20th when the settlement is put before the judge, but it sounds like they're gonna resolve that. Hey folks, if you need a little more explanation on big tech topics like 5G or latency in bandwidth or this week, we've got an episode about Wi-Fi 6 coming to our related show, Know A Little More. If you'd like to know a little more about Wi-Fi 6 and a bunch of other things, go subscribe at knowalittlemore.com. Let's check in on the Epic versus Apple trial for the past two days. Epic has been making their central case that Apple is a monopoly because it costs money and it's difficult to switch to another platform. Essentially what Epic's trying to show is that lock-in and a lack of substitutions, in other words, things that are easily swapped out, make Apple a monopoly. Epic also tried to argue that Apple has an aftermarket monopoly in in-app payments. Epic's expert witness was the chairman of the global economics group, David Evans. There's a good breakdown of his testimony on protocol from Ben Brody if you want more on that. Here's essentially what Evans argued though. Apple is a monopoly over the market of getting apps to iOS users. That's what Epic is trying to convince the judge. Yes, it is a monopoly because iOS users are locked in. It's a separate market from Android because of the difficulty and the cost of switching phones. Evans showed data that when Fortnite was removed from the iOS app store, playing time on iOS went down 56 minutes per week but only rose nine minutes per week on other platforms. He says this indicates people found it too hard to switch to another platform. Evans also tried to make an argument for an aftermarket monopoly on in-app payments. That argument relies on a Supreme Court decision that found Kodak was acting as a monopoly in the aftermarket by refusing to sell parts directly to independent service organizations. That decision is generally construed very narrowly and often involves changes of policy. We're not talking about any changes of policy. It's not like Apple gets you as a customer and then ups the price of the app store. So Epic is trying to define iOS users as a market because it's hard for them to switch and therefore Apple is monopolizing the distribution of apps to them and then also making an even harder market that its aftermarket policy is limited to in-app payments and is a monopoly itself. In cross examination, Apple got Evans to admit that Apple does not have a monopoly in the phone business because it only has 47% of the US market share. Apple also challenged Evans's assertion that buying a game on a non-iPhone platform is not a substitution for buying it on the iPhone. They're like, if you get Fortnite on Android, that's a substitution, right? Apple argues that players often play games on multiple platforms. They're not locked into playing just on iOS and people do that. iOS is just one of the ways you can play Fortnite. Apple also argued there is robust competition in games outside of iOS. Judge Gonzalez Rogers, though, is where this all comes down to. Remember, this is a bench trial, so you gotta convince the judge. Judge Gonzalez Rogers challenged Evans on treating in-app purchases as a separate aftermarket from app distribution. Again, that's construed very narrowly, so it didn't sound like that was convincing her. The judge pointed out that Fortnite's in-game currency could be bought on the web and used in the iOS app. She's like, how is that a monopoly if you can just go to your browser and buy it? However, she did indicate she may have issue with Apple prohibiting developers from telling users they could go to the web to get them. So that's something to watch. She may, depending on how she writes the decision, she might wrap Apple on the knuckles for prohibiting you from even telling you to go there. This is where we're at. This is the state of the Apple Epic. We've got more witnesses. This is gonna last in the next week, but that's where we are so far with that argument. The big thing that we didn't get to here is the conversation they're having about other consoles and the argument that Apple is making that how is this any different than consoles, PlayStation, Xbox and anyone else where you have a relatively closed system and it's not easy to switch to somebody else and that's true in all the same ways. At least that's Apple's argument and I think I agree with it. It's getting really interesting. People really wanna laugh and scoff at this trial and laugh that they have to talk about individual gamey things and that banana, stupid banana costume came up in arguments and all this stuff, it's all kind of a riot but at the end of the day, there's really interesting precedent stuff being talked about and I think if you look at it from the broad sense and really pay attention to what's going on, it's fascinating and I'm no lawyer but I am enjoying this back and forth. I hope others are. Yeah, it's all gonna come down whether the judge thinks, yeah, it costs a lot of money to get a new phone and it's a pain to move all your data over and all your apps may not be there. Yeah, that's enough lock in or if the judge says, well, you know, it may not be super easy but you can do it and therefore you're not locked in. Fascinating. Let's jump over to the UK. They introduced an online safety bill which would place a duty of care on social media companies to quickly remove illegal content and some abuse that is not criminal. Sites must also limit the spread of terrorist material, suicide content and child sexual abuse and report such content to authorities. If a company does not meet its duty of care, UK regulator, Ofcom can find companies up to 10% of turnover or 18 million pounds. Let's see, order access to, sorry, order access to sites to be blocked and pursue criminal action against the senior managers involved. That one made a lot of eyebrows raise. The bill also requires companies to protect small or excuse me, protect overall freedom of expression and reinstate unfairly removed material. It forbids discrimination against political viewpoints and prohibits the arbitrary removal of journalistic content. Yeah, so this is a UK bill, it's not finalized yet but so a lot of the devil's in the details here. Like Ofcom gets a lot of power in this and what are the checks on that power? How do they determine when a company hasn't met its duty of care? Because those are big fines and criminal action against senior managers is a big stick to be able to wheel. Yeah, I should this go forward and get defined a little bit, a little bit more, particularly when it comes to that senior management thing. My eyebrows were definitely raised, I just got what I read that because you see this all the time, not just in the UK of course, but large companies who say, all right, well, we're trying really hard, we don't want terrorist material on our platform but it's a game of whack-a-mole and who is at fault and this is a very much an ongoing discussion and depending who you talk to, the answer is different. But once you get people at the top of this very successful social network say, I'm not naming any names but you can connect the dots being in potential criminal liability territory. And again, like you said, Tom, this is a bill, there's a lot more that has to happen before any of this becomes law. That is very interesting because it's less of a, well, we're trying our best and more of a, oh no, we actually need to do things very differently. Yeah, I wonder if at the end of the day, this all comes down to the winner being the companies who figured out the fastest way to get rid of stuff the UK doesn't want you to have on there. In other words, like speed is the kicker here. It's all about who can speed run this process and eliminate this particular content faster than the other guy because then there's your standard, right? And everyone else is gonna have to catch up to that, which is a weird standard. So I'm real torn on that but I'm also kind of fascinated by that. Like whose tools are gonna be better is kind of what's gonna determine who's the most compliant. I'm really curious to see how they define certain elements like terrorist material. What is terrorist material and how do you define that when you also have things that would like to protect overall freedom of expression? If showing support for a particular cause, although it might be aligned with a group that might be considered a terrorist group, you run into a lot of gray areas and this kind of reminds me of what Justin used to say about policing a lot of this stuff is that share a hell portal, right? You're gonna get into the weeds with a lot of this stuff. If you don't want to quote, have arbitrary removal of journalists of content, if someone says like to be a journalist, do you need to be accredited with an actual like newspaper or news organization or can you just get by with being a blogger who reports on stuff they see? I don't know, it feels like there needs to be as the process goes on, it needs to be a little more defined with some of the... Well, it may be defined. Have you read the bill? Because I haven't. So I don't want to say it should be more defined if the bill actually has it defined, but your point is right. The devil is in the details of how it is defined. There are plenty of precedents for calling it for terrorist material that haven't caused problems. So if they're following that to say like, oh, in the past, this has been called terrorist material, we're gonna follow that definition. Great, if it's got a more vague definition, then your concern is absolutely valid. Same with journalism. There are some precedents for how to define journalism. Are they following those? And even, but even then, the duty of care definition is the really important one here. How do you define who has to meet it so that you're not keeping smaller businesses out because they can't afford to do it? And what is the definition of having responded quickly enough? Those are the important questions to ask when you read that bill. Scientists at Singapore's Nanyang Technological University, or NTU, have successfully controlled a Venus flytrap using electric signals from a smartphone. This could introduce a range of uses from robotics to employing the plants as environmental sensors. The NTU's School of Material Science and Engineering Researcher, Luo Yifei, demonstrated how sending a signal from an app to tiny electrodes that are attached to the plant could make its trap close like it does when it catches a fly and also without damaging the plant. The researchers also detached the trap portion of the Venus flytrap and attached it to a robotic arm so that a signal could tell it to grip something very thin and fragile, like a piece of wire. The hope is that plants, as living sensors, could help monitor environmental pollution from gas or water and also act like soft robots. Yeah, the soft robot part of this really caught my eye. Being able to use that material, that sensor, I don't know if you'd have to keep growing Venus flytraps to provide it, but the idea of soft robots is they're able to do things that metal servos can't because they're softer, they're gentler, they don't damage the people who work with them. And on a Venus flytrap, being able to move threads, that could provide a lot of sensitive, manipulative ability to robots that a lot of robots don't have right now. That's a massive potential cool thing when it comes to prosthetics, for example. How much pressure somebody puts on a prosthetic arm and prosthetic fingers, having that gentler take rather than the big, like you said, servo, big awkward robot take that most of robotics seems to be stuck with right now. This is a much cooler, more granular approach to movement and I hope it translates to some of that as well, that would be really cool. It could also be the beginning of what's that musical, you know, where the Venus flytrap eats people. Just be careful. Yeah, Steve Martin and Martin Short. I can't remember the name of the movie. Rick Moranis was in it? A little shop of horrors. A little shop of horrors. A little shop of horrors. We got there, we got there. All right, let's check out the mailbag. Let's do it. We got a nice email from Scott who wrote in, it wasn't you, Scott Johnson, different Scott. Yeah, just in case you thought maybe you had amnesia, different Scott. Scott says, between the possibility of the next Apple Watch having a glucose monitor to the coverage of Bigfoot's connected insulin pens, y'all did a great job explaining and understanding them, especially understanding the lifting of the management burden with Bigfoot. That's a real tangible relief. Thank you so much, Scott. Scott goes on to say, come October, all have lived with type one diabetes for 40 years. And in my time seeing T1D tech covered, rarely is it understood or explained well by those outside the community. Scott also says, as a side note, yes, Sarah's smart lights are still just as valid after the Bigfoot announcement as they were before we can all get along, no problem. Yes, you were saying, my lights don't seem that important in light of this. But Scott says, no, your lights are still important. But thank you, Scott. And a higher compliment, I cannot imagine being paid from someone within a community saying that, because we work hard to try to get this stuff right to saying we did it this time. So thank you, Scott. I really appreciate that. Yeah, thank you so much. Love the feedback. Love all of your feedback. You got questions, you got comments, you can send all of that to us. We read it all. We promise feedback at dailytechnewshow.com. Also shout out to patrons at our master and our grandmaster levels. Today they include Dustin Campbell, Alexander Nasev, and Johnny Hernandez. We'd also like to give a very special Wednesday thank you to Martin James, who is one of our top lifetime supporters for DTNS. Martin, you're the best. Thank you for all the years of support. Also, thanks to Scott Johnson for being with us today. Scott, what have you been up to since we saw you last? Well, busy trying to fulfill that Kickstarter you guys helped me get. And a big thanks to your audience once again. But to keep up with that and everything else I have going on right now, a great place to do it is the newsletter. Go follow me or go follow it and get signed up for it at frogpants.club. And there's cool stuff every week. You get comics and art and shows and information and weird stuff about my own personal life. So go check it out. Feel free to reply to that stuff. Send me your emails back. Let me know what you think. Again, that is frogpants.club. And thanks for having me on as always. Of course, speaking of being on, we're live Monday through Friday for 30 p.m. Eastern. That's 20 30 UTC. Find out more at dailytechnewshow.com slash live and we'll be back here again doing it all tomorrow with Justin, Robert Young. Talk to you that. I hope you have enjoyed this brover.