 It's to thepodfeed.com. Tick the holy bucket, put it in the first place like an apple-bias. Today is Sunday. 18 years ago yesterday, I picked up a microphone and I recorded the very first episode of the Nocella cast. I'm very proud of the work I've done here, but you know what? I don't take full credit for keeping the show going with fresh episodes every single week. I absolutely could not do this without the support of Steve. He does nearly every chore around the house, which leaves me free to write the shows, record the shows, be on other people's shows. Basically keeps the podcast going. And of course, where would the shows be without Bart Buschatz? From security bits to taming the terminal to programming by stealth, he provides not just content, but he's a wonderful human being that I really feel honored to get to hang out with every couple of weeks. We have so much fun together. Without Bart and Alistair taking the reins while I'm gallivanting around the world, the streak would not have continued either. And I couldn't do it without all of the Nocella cast ways who provide reviews for the show that lower my workload when things get tight, you know, like when I wanna go play with the grandkids. Oh, I'm not sure I would have kept going all this time if it wasn't for the live show listeners. They make it ever so much more fun to create the shows. They're giving me a hard time right now sending pictures of sausage because we call it get watching the sausage get made. But you know, I know they'd throttle me if I missed a week. So I know that they're important to keeping this show going. And if you're listening, thank you so much for staying subscribed. All right, enough Pats on the back. Let's get into the show. Well, this week, Steve and I both joined Bodigrim on his awesome Kilowatt podcast. We got into a fascinating discussion on the use of deepfakes as a legal defense strategy, including their application by Tesla's legal team. Check out Kilowatt and your podcatcher of choice because it's a great podcast about EV news done by one of the most self-deprecating and hilarious people I've ever met in my life. We both love Bodi and we had a blast with him. So follow the link in the show notes but you can just look for Kilowatt podcast in your podcatcher of choice. When Bart and I recorded programming by Stealth 150 all about bash script terminal plumbing, neither of us was actually happy with what we did. I got very confused in the middle and I mean way more confused than usual. And Bart decided that his original strategy might have been flawed in which he assumed everyone had heard the taming the terminal podcast and remembered everything he taught more than four years ago. So he went back and he completely rewrote the show notes for PBS 150 and we re-recorded the entire episode. I gotta tell you, it was ever so much more fun and I really understood what he was teaching this time through, not because I'd heard it twice but because the show notes are that much better and the explanations were very sequential and he gave us the first principles like when he does that, those are the ones that really work well. Now he also realized after we recorded the first time that there was a bit of information he hadn't taught us which was crucial to being able to complete the challenge that he had set for us. If you understood PBS 150 the first time through and you wanna jump right to the new part in the new recording, I put a chapter mark in the audio file that will take you right to where he explains slash dev slash TTY. We're really proud to have done this a second time because we're both of the same mind that we need to stay committed to the quality of what we're creating here both for the current listeners and for the future listeners. So if you look in your pod catcher of choice for chitchat across the pond 767 or programming by Stealth 150, you will find that the entire episode exists a second time and it's called take two this time through. With any luck if you delete the first one it'll never come back but if you wanna keep it, I don't know if it's a collector's item or something like that, you certainly could. If you're a happy Twitter user, I have no intention of trying to make you sad about that. At the same time, I'd like to tell you why Mastodon is so much more fun for me. I'm sure this is gonna shock you but I'm someone who loves conversation. I know there's a lot of people who just like to lurk and enjoy the contributions of others but I simply have to contribute to the conversation and I want other people to react in some way to the things I post. A Mastodon sounds mysterious but it absolutely is not. I use it exactly the way I use Twitter but I'm getting so much more out of it. Let me explain by example. On Twitter, I have 3,673 followers. Let's call that roughly 4,000. Now that's not Taylor Swift kind of numbers but that's a whole lot of people who could potentially read and enjoy the drivel I post online. On Mastodon, I have only 680 followers which is less than 20% the number of Twitter followers I have. To put that another way, my reach should be five times more on Twitter than on Mastodon. Well a couple of weeks ago, I wrote an article about the app Pop Frame that allows you to add bezel frames to iPhone screenshots. You probably remember it. I sent the exact same post out on both Twitter and Mastodon. Here's what I wrote. I think iPhone screenshots look silly without the frame around them but it's too hard to add it until Pop Frame. And then I put the title of the post, make your iPhone screenshots stand out with Pop Frame and a link to the post. Both services expanded the blog URL nicely to show my pretty featured image. The only difference between the two posts was that on Twitter, I tagged the developer Rameek and his Pop Frame account. Rameek doesn't appear to have a presence yet on Mastodon. I watched the post for seven days on both services to track engagement and the results are in. On Twitter, the post received zero comments. None, nada, nothing. On Mastodon, the same post about Pop Frame received seven comments. Now let's look at likes and reposts. On Mastodon, my post about Pop Frame got 17 reposts and 23 likes. That's great. But on Twitter, it only got two of each. And one of the accounts that liked and reposted it was the Pop Frame account itself. So other than the developer, only one person retweeted it. So think about that. This article got one eighth as many reposts on an account with five times as many followers. That's a factor of 40 on engagement per follower on Mastodon versus Twitter. In just two hours, a photo of my cat got seven times as many likes on Mastodon as my article about Pop Frame did on Twitter in a whole week. Now, sure, of course my cat is lovely, but it wasn't even cat or day, it was on a Tuesday. In 12 hours, it had 14 likes. I've been trying to figure out why I'm getting so much more traction on Mastodon than I've ever gotten on Twitter and have a few ideas. The first thing I was thinking about was that now that I can't use a third-party Twitter client myself and I have to use the official Twitter app or log into the website, I have a lot of trouble finding the content from the people I follow. Perhaps the algorithm simply doesn't surface my content to my nearly 4,000 followers on Twitter. Now, the second thing is it's very possible that the vast majority of my followers on Twitter are actually just bots. Maybe they aren't real people or maybe the followers I have on Twitter aren't really there anymore because they perceive it as being more toxic. Like I said up front, if you're still enjoying Twitter or you want less engagement with your followers, good on ya. But if you're looking for folks a lot more excited to engage with each other and with way less rage, I highly suggest you check out Mastodon. There are tons of beginner how-tos out there now like the one from Mozilla that I linked to in the show notes and they've made picking a server way easier now. When that was one of the big hang-ups a lot of people had. You basically, when you go to sign up, you get two choices. They say, here's one of the main ones or choose one of your own. So if you just pick the main one you're offered, you can go in and start having fun. Start, look for me, look for the people I follow and start poking follow, follow, follow on those and you'll start to find people who are really, really interesting. And I just, I don't know, I find it great. I'm getting so much more fun out of Mastodon today than I do from Twitter. Every once in a while you come across a tech product that has zero value but it just makes you smile. This week I paid $4 for a Mac OS menu bar app called CLAC. It's spelled K-L-A-C-K. CLAC's entire job is to make your normal keyboard sound like a mechanical keyboard. It simulates mechanical switches and it's awesome. You can customize which switch you'd like to simulate choosing between the Everglides, Crystal Purple or Oreo switches or cream from novel keys. You can change the volume of the keys between soft, balanced and loud. That's literally it. I don't know why but this makes me really happy. I used Audio Hijack to capture the sounds of the keyboard as I typed out the classic typing class phrase, now is the time for all good women to come to the aid of their country. Let's listen to all three of them. This is the Crystal Purple switches. Well, that's pretty fun but it has a little too much complexity to it for my taste. There's a lot happening with each keystroke. You can move to hear the switches moving around. This is the Oreo switches. Well, I'm kind of liking that a little bit better or it was a lot less complex sound but the fact that the space bar makes a different sound really kind of distracts my brain. Let's listen to the final one. This is the Cream switches. So I really like the high clear clicks of that Oreo keyboard switches and the space bar isn't very different in sound from any of the other keys. The good news though is that each of us can choose the keyboard we like best. I'm gonna stick with Oreo but you can try the other ones if you like. Now, if you really like clack but sometimes it's not appropriate to make so much noise, you can toggle clack off with a keyboard shortcut defined in settings. I've started to use that a lot because, you know, doing a podcast maybe it's not the best idea to have it going in the background. Now, by default, the shortcut is set to option command K but you can change it to something else if you like. Now, the developer says at triclack.com that clack has a high fidelity sound and even immersive spatial audio. I don't know about immersive spatial audio but sure. Now, I noticed this until I read it on the website but the keys actually make a different sound going down as they do going up. How fun is that? By the way, clack is a native app created in Swift. Clack seems like something people with visual impairments might like because well, it turns out they like everything everyone else likes, right? I ran clack through my usual tests and I was able to interact with the menu bar app without any difficulties changing the volume and keyboard options. However, settings for clack wouldn't let me navigate to the different options. I dropped a note to the developer and I expect they'll get it sorted. There's not that much in settings anyway so you can definitely use clack until it's sorted. I know making your quiet keyboard artificially make noise is a silly thing to enjoy but I really am enjoying it. If you've priced out mechanical keyboards, $4 might sound like a very reasonable price to get you at least a small part of the joy of a mechanical keyboard even if you can't feel it. Now to prove that I'm not the only one who thinks this is fun, this is what Bill Reveal wrote in our Slack shortly after I posted about clack. You are so evil, just spent my money to get it and I'm sitting here just loving the idiocy of hearing my Mac book, clickety clack away. It will drive me crazy every so often but it also lets me know I've actually typed something which is a good thing. Even this post is making me giggle with the sounds of a mechanical keyboard. I swear my keyboard even feels better. So proof, Bill Reveal gives it his sign of approval. You can buy clack in the Mac app store or at triclack.com. A little more than a year ago, I told you about shower power from Ampere which is a hydropowered Bluetooth shower speaker. We bought shower power through Kickstarter in October of 2020 and as often happens with crowdfunded efforts it took forever to get the device you know where forever is defined as about a year and a half. I guess we should counter sales lucky that we got it at all because not everybody gets what they thought they were gonna get when they do these crowdfunded operations. So shower power is a device that you put between the shower head and the pipe to which the shower head normally connects. So it kind of makes your shower head lower. You then connect the Bluetooth speaker to the side of the shower power. The device has an impeller that generates energy from the power of the water coming through to charge the Bluetooth speaker. When we bought shower power we bought an extra droplet which is what they call their Bluetooth speakers. At first we thought the whole system was pretty cool but now over time we've kind of become disenchanted. The device leaked so Steve had to turn it to kind of an illogical angle that made it a little harder to hear the speaker and get to the controls and the device did cause our shower head to be lower than we actually wanted it to be. Since Bluetooth on a speaker is pretty much a nightmare to be used by two different phones I always use the second droplet but just by setting it inside the shower and Steve used the one that was on the impeller that was actually on the shower power. The other thing is that Bluetooth speakers last a long time on battery. So it turned out that having a speaker stay charged from hydroelectric power wasn't actually that big of an advantage. Steve ended up getting rid of the shower power itself and then we just used our droplets as independent devices charging them from the mains. But the audio quality on the droplets isn't quite what we hoped for either. In my original review I wrote, quote, deep voices in spoken podcasts are a bit muddled for our tastes but I didn't expect super high fidelity. Now most tech podcasts are created by men or at least the ones I've chosen to listen to are predominantly male voices and it's often hard to understand what they're saying with the droplet unless I crank the volume way up. My birthday rolled around this year as it seems to do every year so far and my mother and father-in-law sent me an Amazon gift card. I love these gift cards because I save them for something I do not need but I just really want. I wanted a new waterproof Bluetooth speaker appropriate for the shower. I found a terrific site called Rtings.com so R-T-I-N-G-S.com and this is a place where they review a lot of different things. They've got home entertainment, home products like vacuums and blenders, they've got computer peripherals they cover and electronics such as headphones, speakers and cameras. Now the categories for the review are not as broad as say the wire cutter but they go deep and deep in all the good ways. So they have a page dedicated to the six best shower speakers of spring 2023. They categorize the winners as best, best mid-range, best lower mid-range, budget, cheap and smart. They also provide a summary table of 58 of the 113 speakers they tested. That's a lot of speakers. Now the reason I trusted the recommendation is that they test and score by a lot of different qualities. Specifically they rate speakers for music, videos and movies, outdoor sound and most importantly podcast. So they get a rating on all those different types of things you might wanna listen to. You can sort their summary table by how well these devices did by these categories. Now I'm definitely not going to dig into the details of the six speakers they recommended but I do wanna talk about the one I chose and what I learned from the artings review. I ended up going with the best low, let me get this right, best lower mid-range because it was close to my budget at $80. Now that was on Amazon and it's normally $100 so it was 80 bucks. The best lower mid-range speaker is the Ultimate Ears Wonder Boom 3. Now I yelled it like that because it's in all capital letters, Wonder Boom. Anyway, I not only like the price point but it also comes in hyper pink which has value to me, great value because it's a Steve repellent. Keeps him from stealing mine. But the main thing that caught my eye was that it got a 7.9 out of 10 on listening to podcasts. Now that makes it tied for third place of the 58 speakers they reviewed. The only two that rated higher for podcasts were the $400 Sonos move and the other one was the previous generation of the Ultimate Ears which was the Wonder Boom 2. Now those two speakers were rated 8.1 and 8.0 so 7.9 is great for the $80 price of Wonder Boom 3. The Wonder Boom 3 is rated IP67 which according to the specs means completely protected from dust and protection from immersion in water for up to one meter for up to 30 minutes. It floats in water so this could be super fun in a pool and it's supposed to have over 22 hours of play time. I wish it had USB charging but sadly behind a waterproof, a water sealed access door it's still sporting the most annoying connector ever designed micro USB. Now the full review page on Artings has even more information and scoring and edit it just gets super nerdy. You can see the raw frequency response curve for the device and the frequency response accuracy. I don't even know what that second one is but the Wonder Boom 3 gets a slope of 0.76 and standard error of 2.71 dB low frequency extension of 88.5 Hertz and high frequency extension of 16.0 kilohertz. So that's gotta be good, right? I don't know what that means. Anyway, you can see the sound stage of dynamics too if you know what those are. Technically you'd probably see them even if you don't know what those are but you know what I mean. Artings have also detailed sections explaining the scores for style, portability, build quality and controls. I would agree with their assessment on the Wonder Boom 3 as a 9.3 on portability. It looks kind of like a shorter version of a big girl home pod and has a nice fabric hook on it to hang on a shower caddy. They gave the Wonder Boom 3 a 9.0 on build quality which is also great. I'd even agree with their 6.6 rating on the controls on Wonder Boom 3. There are three buttons on the top and I haven't been able to reliably remember to figure out what each one of these buttons do. I know the big center button is a play pause button and I read in the manual that double pushing it will skip forward which is nice for skipping commercials but the other two are more mysterious. I don't understand why they did them this way. One is a small bump with a hole for a light to shine through and the other one is an indented button with a slot for a light to shine through there. And I think the slotted indent is to turn it on and off and I think the bump is to pair it but I've also gotten it in a pairing mode accidentally using the indent button. I swear I did it one time. On the side of the Wonder Boom 3 there are giant plus minus buttons which even I can figure out are to turn the volume up and down. They're harder to push than I would like but at least I can figure them out. On the bottom of the Wonder Boom 3 there's a button with an evergreen tree on it and you use this button to turn on an outdoor mode. They say it's specifically tuned for the great outdoors. I tested this mode outdoors of course and at higher volumes my podcast got louder and more clear. When I did it at lower volumes I couldn't actually tell the difference with and without the evergreen tree button pressed but I am looking forward to annoying my neighbors with outdoor mode. Now if you've got visual impairments all of these buttons are very touchable. You can tell where they are you can feel the difference between them so that's a big advantage I think. Even if I can't figure out which ones which you probably can. Now Wonder Boom 3 makes a lot of different noises to let you know what it's doing. Let me turn it on for you here and see if you can hear it. I'm gonna wait that's the wrong button I pressed the wrong button right away. Let's see. Okay that was turning it on. If I turn it off. I think that was turning it off. Yeah that was turning it off it had extra sounds. And then it's got a different set of noises for pairing and it will turn itself off if you forget about it for a while and you'll actually hear it turn itself off. Now I was originally gonna say that the Wonder Boom 3 doesn't have a battery charge indicator because there's no set of lights to look at but again in something that's better for people with visual impairment or helps people with visual impairments there is a way to do it. In a desperate move I finally read the tiny paper fold manual and it said told down the plus minus buttons at the same time. I did that and here's the sound that it made. Okay that's nice but what does that noise mean? Is that full? Is that empty? Is it somewhere in between? I don't know. So in an even more desperate move I did some of the Googles and I found an ultimate ears webpage with some FAQs one of which expanded to explain the three sounds. The sound we heard meant that the battery was half full. If the battery is fully charged it sounds like this. And if it's running low it makes a sound that I think we're all used to hearing. Yeah we're all used to that sad sound. So the one that kind of goes up with a group at the end that's the one when it's full and the one that's just kind of mediocre kind of sound doesn't seem to convey any information. That's the medium one. So it is actually really good at telling you what these different levels are and don't use lights which drive people who have visual impairments crazy because they can't see the lights but hopefully you can hear the sounds. If you're audio impaired I think you're gonna be out of luck you're actually not gonna know but this has 22 hour battery life which is pretty good so you know plug it in every couple of weeks probably you'll be fine. Probably the most extraordinary feature of the Wonderboom 3 is one that was promised in the R-Ting's testing but I did not believe it before I bought it. This speaker will pair to two devices at the same time. I am not kidding two and it actually works. I paired it to my iPhone first then my iPad and I was able to play on one stop then play on the other all without going into Bluetooth settings to connect. I'm not joking it actually worked. It was miraculous. I remember when we had our accuracy and switching devices was so hard with Bluetooth and so time consuming and it failed a lot that we instituted a rule that the owner of the car got to use Bluetooth but the other person had to use a wired connection in that car and the opposite in the other car. It was the only way to achieve peace in our family. Now Steve paired his iPhone with my new speaker and that pretty much destroyed everything proving that the miracle does not extend to more than two devices. As soon as I disconnected the iPad then we were able to toggle back and forth between the two phones with ease. He thought that's how I was gonna keep things so he could use my new speaker too. He was wrong. I sent him a link to buy a boring Black Wonderboom 3 for himself and he said, oh good, cause that pink is awful. Mission accomplished. So after all this yapping I realized I haven't talked about the sound itself of the speakers. I can say the podcasts are much easier to understand now with Wonderboom 3. My main test is the accidental tech podcast where really often I could not understand John Syracusa when using the shower power droplet. We do have trouble hearing John when we play ATP on the car on road trips too so maybe some of the mix has just got him in a muddled state but with Wonderboom 3 his voice came through really clearly. It was slightly harder to hear Casey Liss who has a higher pitched voice in the cast but I just boosted the volume a little more and I was able to hear the both with ease. Steve is very happy with the audio quality on his as well really happy that he was able to get one. And by the way, he ordered it this morning and I'm holding it in my hand and showing it to the live audience right now. Amazon delivered it to him same day. The ultimate ears Wonderboom 3 meets all of my needs including repelling Steve with Hyper Pink and especially delivering my podcast for ear easy and clear listening. Being able to pair to two devices at once is a dream I did not know would be realized in my lifetime. You can learn more about Wonderboom 3 on the ultimate ears website but if you go there and you buy direct you'll actually pay more. I highly encourage you to check out the detailed reviews of shower speakers on artings.com and use their affiliate links cause we want these people to keep doing this kind of testing and you can go in there and play around and in all of the other categories they review and test. Again, that's artings.com. Well, it's time for pledge break but instead of asking for money this week I'd like to thank all those who support the show financially for making it easier for me to do the show. Keeping going for 18 years I'm telling you it really makes a difference to know that you get enough value out of the show to actually plunk down your hard earned money to support the work we do here. You have made 18 years of podcasting possible. Well, it's that time of the week. Again, it's time for security bits with Bart Boo shots but I am telling you we cannot catch a break. Like nothing's going wrong right now. This is horrible. It's an interesting way to look at the universe. Content creators have the strangest problems. I love security bits. I love chatting with you about the latest disasters and what we can do about it but this might be the shortest one possible unless I could stretch it out by asking dumb questions. We'll see how that works out. Bart only did a small cup of coffee today so I don't have full reign. Well, you say that there may be more hurt than it looks like. There may be more hurt than it looks like. Anyway, we have some follow ups. So I don't think we were off the call for more than a few hours when everyone's phone and computer started to get a notification about the first rapid security response. We had been using about the fact that they had put out 16.4.1 and not as a rapid security response. And then, hey, Presto, our first rapid security response. And I don't know about you but the reboot was real quick. Yeah, yeah. I see that you've got a link to the article by Adam Angst in tidbits and he actually timed it. And I can't believe he did this. That shows you his dedication to the sport as he did it on four devices. And just imagine running a timer, watching a squirrel bar of indeterminate length. Just staring at it knowing this could be an hour, this could be 10 minutes, I don't know. But they were, I think the longest one was something like 13 minutes from door to door doing it. I don't think any more than that long. I guess I have faster machines or something. I was pleasantly surprised. Most of his were shorter, four minutes, those kind of numbers, I think, but I just really applauded his dedication to sit there timing it. I think one of them might have been an older iMac. Yeah, oh yeah, that's what I do. Yeah, I start the timer and then a half hour later, look back and go, oh, well, because you don't, especially because you didn't know how long it would be. Yeah, I mean, I ended up writing sort of like, definitely less than an hour. Could have been two minutes, could have been 58 minutes, but definitely less than an hour. Yeah, one of the cool things that he described exactly how to do is you can actually remove the rapid security response update. And he did it. He went through the process of doing it on two different kinds of devices so that he could prove it could be done because these are little barnacles on the operating system that you can tear off and put back on. Well, yeah, because he actually, I'm almost certain it was his article. One of the articles I read explained very nicely because something I think people haven't realized because Apple have done it so cleverly is that the important parts of your operating system are actually what's called immutable. They are read-only, which is a fantastic protection from malware because if the malware can't change the operating system, it's very hard to infect things. And how do you do a quick update to something that is immutable? So the reason a normal software update takes a long time is because you're actually getting a full image down. You're temporarily throwing out the OS, replacing the old image with the new image and then refreezing it to make it immutable again, which is why it takes so long. But these are actually little disk images that sort of get mounted on the side and because Apple invented the overlay file system, so since I think two OSes back, maybe three, if you go in and you expand all of the views in disk utility, make it hide nothing from you, make it show you everything, you will see that Macintosh HD is two. Right. And that's because Apple developed the technology that allows you to overlay two file systems and they present as one file system, but half of it is read-only and half of it is normal and they sort of, I always think of it like, you're the old transparencies and the overhead projectors. It's like they have two transparencies for your hard disk. One of them is that you can write on as the one where your home directory is and everything. And the other one is the system one and it is immutable and they literally put them on top of each other and you see one file system with one folder structure. And these little software updates are like a third layer on the transparencies. It's just a little small little disk image that gets merged in with the other ones. So are you saying you actually can see it if you go into disk utility? You can see the third one or not? I don't know if you can see the third one, but in terms of how it actually works on the hood is what I'm saying is that it gets layered into the transfer into the overlay file system. Okay, right, right. Yeah, I remember that being really disturbing when there became Macintosh HD data and Macintosh HD volumes and I do notice that they have changed the naming convention from when they first did it. It says Macintosh HD snapshot and it's a snapshot of the real operating system. So it isn't even the real one. Oh, snufflets are a whole different thing. There are so many weeds here to get to. If you read Adam's article, well, but if you read his article, he talks about the fact that it is a snapshot and you wanna read the way Adam describes it, but I was really surprised at that and they actually do denote it as that. So it's funny, it says Apple SSD. Inside that, I've got a container disk three. Inside of that, I've got Macintosh HD volumes. Inside of that, I've got Macintosh HD, which is grayed out and below that, this is now four levels deep from the top. Macintosh HD snapshot and then up one level is Macintosh HD data. So they really have done some interesting chicaneery here to make it more secure. Yeah, and it looks like as far as you're concerned in the finder, it's just have a hard disk, but there's so much going on here. And the snapshotting, which is a copy on write concept is also genius and the overlay file system is genius and the immutable. Like this is really high-end computer science. This, like the Mac isn't just secure by obscurity anymore. The Mac is secure by design, by really good design. Like it's... Yeah, yeah. Not invulnerable, hence rapid security response update one, 16.4.1A and 13.3.1A, right? Precisely, precisely, but it is very impressive computer science. Come a long way from the days when I saw it operating systems. I think it's also important to note one of the reasons these updates are so quick is they're small. So people like Bob Goodrich, who's pretty active in our Slack community and the listener to the show and very security conscious, when there's a big software update, he has to take his iMac and put it in his car and drive it an hour and a half to an Apple store because he doesn't have the bandwidth out in the woods where he lives. So this is, I think these kind of updates will be a happy joy-joy for Bob. Or people who are traveling and who haven't to make use of mobile data and stuff. Oh yeah. It's just a good idea. Yeah, that's a good point. Just make them small, make them what they need to be and no more. So yeah, that's the first follow up. Then we had a conversation about how attackers were turning their mind to the Mac last time and then you and I continued that conversation on Let's Talk Apple and I can't remember what we said where. But I do know that the third, I think we did two stories here last time and that was the third one which we got all three in Let's Talk Apple but one of them, the listeners here, haven't heard. So just to prove that this is a trend that is continuing, there is now another, now it is again a Trojan. I'll preempt your question. Yeah, because I know you're going to ask me how do we catch this? It's still a Trojan. In this case, a... So you have to go get it? You have to go get it or be tricked into getting it. Correct. It's pretending to be a PDF viewer. The malware has been named Rust Bookish by, no, Intigo. We know that it is by a group of attackers called Blue Norov who are a part of the Lazarus Group who we are as certain as one can be that they are the North Korean government and they are targeting actively the Mac. So again, we are on an OS that is really well designed, that is very well looked after, that does security well, but it's never perfect. And the... So what if you are tricked to downloading this PDF viewer? This supposed PDF viewer, what happens to you? Well, you need to be tricked into more than downloading it. You need to be tricked into installing it and then clicking OK to all of the various pop-ups granting access to things. Right, but if you think it's a real PDF viewer, you might do that. Then it does... Basically, they can do whatever they want. What execution is it? They can do whatever they want. So that gets them in the door and it will then phone home and say, so what do you need me to do? Is it might be steal all of your crypto if they're in a money-making mood? It might be spy on you if they're in, if you're a diplomat or something. I mean... Okay. This is a tool that... It's a mechanism. Correct. Yeah, it's the mechanism to get in. And once they're in, they're gonna do whatever it is they are motivated to do to you. And at that time, what's the problem to be solved? Basically, they need access. They need to get in. And this is the front door. Let's get them in. And then bad things happen. We also talked last time about the fact that things were not looking good for MSI. And at that stage, we were still thinking in terms of... Who's MSI again? They are a company that make motherboards. Okay. For big companies, you may have heard of like HP and IBM and those kind of things. So, a home user would be building their own PC, might buy an MSI motherboard is why we would care? Extremely likely to buy an MSI motherboard. And someone who buys a PC is quite likely to have one anyway. They're a major... Oh, okay. So, not home builders just inherently already having it, okay? Yeah, MSI are just a big player in this space. They make good stuff. Unfortunately, they've had a catastrophic security failure. Right, the bottom line stays the same. So, the bottom line we came to last time was only install firmware that you yourself download from MSI's website. And that remains the bottom line for home users. For corporate IT, I think the bottom line is you take all of those PCs and you throw them in the bin. Because... Why? So, your motherboard to protect it from malicious firmware has literally burned into it. It's called a fusing system. It's a write once and it happens with a hardware view. The act of writing, it breaks the circuitry. It can never be rewritten. So, the public key is burned into your motherboard. And that private key is used to sign valid firmware. That is the private key they have lost. There is no way to update your motherboard. But we just said that for home users, you just make sure you get the correct firmware updates from the vendor. Why isn't that true for corporations? It is true for corporations, but for corporations, if you are traveling about and you have corporate information of value on your laptop and you're traveling around, that's not enough. If I'm the CEO of a company, that's not enough. Someone could physically grab my machine in the hotel room or whatever. And download the other firmware. Put any other firmware in it and the machine will accept it as valid and boot. So, not only root kits, but boot kits. So, if you were signing the checks for the throw it in the bin strategy, would you say all laptops? Or would you say all the desktops, too? I would have to do a risk assessment. And what I would probably end up doing is saying that anyone who works in finance or a few, or maybe on research that's pretty sensitive can't have these. Our public access machines for the students or whatever, yeah, that's fine. Machines that are doing customer support, fine. I think you'd probably want to triage it because you don't want the bill to be too huge. But for, if you're a journalist, if you're a lawyer, if you're, basically, if you're someone who knows that you're supposed to be careful, you just can't use one of these motherboards. You can't be careful. That is a huge company, right? I mean, a lot of companies use MSI motherboards. Hey, maybe the PC market will pick up because of this. They've been, they've been lagging. It's not a particularly good way to make people upgrade and feel happy about it, right? Not exactly, probably on other strategies. Yeah, pretty much. And this is actually a really good segue into our first real story. So it has been Patch Tuesday and Microsoft have released patches which include a whole bunch of zero days. And one of those zero days is in the other side of that same firmware functionality we were talking about. So your motherboard has all of these keys baked in and stuff and the operating system can leverage the security from those public keys to boot itself in such a way that it can't be tempered with. There was actually a bug in Windows and Microsoft had to change out some keys and stuff. And so, basically, if you're in corporate IT, you need to apply the latest Windows updates and you have a manual process to perform on every laptop that you need to have secure boot working on. Oh, geez. So again, you're triaging, the same triage process I just described, you're doing the same thing again and you're gonna triage. So Microsoft are promising an automated update within a few months. But for now, if you need to get secure boot re-enabled immediately, you have to visit each machine and manually do it. So again, you're gonna triage and you're gonna start in the finance department, CEO's office and you're gonna apply your resources as appropriate. But again, for us home users, I don't think there's any reason to go and stress out about it because secure boot may not even be enabled. So what exactly is secure boot? Secure boot cryptographically, your iPhone does secure boot. That's why you can't run an OS on your iPhone that isn't from Apple. So it's cryptographically signed from the hardware all the way up to the point of the operating system boot so you can't run non-Apple OSs. The same is possible on a PC. But the Macs don't have that though. They do if they have an M-series processor. If they basically, if they have... So wouldn't the T2 chip didn't have anything to do with it? Basically you need to have a T1, basically you need to have a T-chip or an M-chip. So you can have an Intel machine with the T-chip doing that work or you can have an M-chip which has the function. The T-chip is basically an iPhone chip sitting next to the Intel chip pretending, helping it do its thing. And the M-chip just has that functionality baked right the way in because, hey, it's Apple Silicon all the way down. So if you have a Mac with a T-chip or an M-chip, you have secure boot on your Mac as an option that you can disable in your, it's not called a BIOS, it's UEFI, but you can disable it. So you can actually run Linux on your Mac. On your iPhone, you can't disable it. PCs, if they have a high-end enough motherboard, can have the same kind of cryptographic assurance that your operating system has not been tampered with. It's called secure boot. It's something that you would need to turn on. I don't think typical home computers would come with it turned on because it means you can't install Linux, right? If you have secure boot on, you can't install Linux. So, I don't think it's on all the time. But in corporate IT- Even with the, what is it, Linux subsystem for Windows? Well, that's not installing Linux. That's part of Windows. Oh, okay. You're booting Windows. So they can have Linux if they want to. They don't even with secure boot. True. That's kind of the best of both worlds. But you're still booting Windows, right? So if you think Windows is a big point of bloatware that's eating up way more around than it needs to, you're doing that and running a Linux on it. So that's not really efficient. Well, I suppose. Yeah. But no, so again, also home users, probably not all that relevant, but corporate IT, you're not having a good week of it. But I appreciate you doing the translation and the terminology. I can understand them between Windows and Apple. Okay, where was it? Okay, scrollie, scrollie. Notable news then. So, AI is kind of a thing that we haven't talked a huge amount about because it's sort of background- I bet to the relief of everybody because it's talked about on every single show. It is, but I do think it's worth pointing out that one of, he's described as the godfather of AI. Now, this is a guy who's been researching neural networks since the 1970s. So he has earned some jobs here. Dr. Jeffrey Hinton, he won the Turing Award, just considered to be the Nobel Prize of computer science because obviously when Alfred Nobel was around, there were no computers. They were humans. They were not devices yet. So there is no actual Nobel Prize. But he's pretty big deal on the technologies that we now take for granted. And he's been with Google for some time since Google bought his company. And he stayed very quiet in the last couple of weeks when the various open letters were doing the rounds and stuff because he's one of these people who, old fashioned in the nicest possible way. He was like, well, I'm not criticizing my employer. So he gave Google his notice, worked out his notice, didn't say a word, had apparently a nice conversation with Sundar Pachaya on the way out. And now he has left Google. So now he's saying, and I am now dedicating the rest of my life to campaigning for the proper management of AI to protect us all. He is also still complimentary of Google that they're going slowly. He is. He's just afraid that- Which is interesting. Unless there's an outside regulator to apply the brakes, the inevitable forces of competition, which is usually in our favor, right? We love the fact that Samsung compete with Apple because it makes both of them be better. But if you're afraid that AI is running ahead of our ability to control AI, then at the moment you're panicking because you have chat GPT, you have barred. Like there's real competition here at the moment. And so this is now the time to start raising your voice if you believe it's time to be careful. So- It was very interesting to me to watch Jeffrey Hinton because he, I heard about it first on DTNS because they cover the tech news. And then I blinked and he was everywhere I turned. I mean, he's like on the NBC Nightly News. You know, he's on network TV talking about AI. And I think it just caught fire because people love to talk about the danger of AI. I mean, that's just chum in the water for newscasters who like to get a spun up. So I think his message is certainly getting out there. That's for sure. But it was shocking what detail level nerdiness suddenly made national news or international news. It's funny. If you can tie it to a hot enough story, you can get the most amazing computer scientist onto the most mainstream of news stories. I wonder if we could do that for less terrifying things. Right. Nope, no, no, that's, no, we got to be terrified. That's what we want to watch a train wreck. No, no, there is another one we can be angry either, that's not really any better. Oh, good. Yeah. In fact, I'd rather be terrified than angry. No, I just rather not make that choice. Yeah, never mind. Occasionally, if you do it well enough, it can be a pull at the heartstrings can do it. You know, a story that's just so adorable, you can't stand it. You know, that's why there's all those videos of like a cat raising a duck, duckling or something. Yeah, yeah, there was a gay set of penguins somewhere that made it for a while as well, wasn't there? That was the thing for a while. I don't know. They had funny names. That kind of thing people just love. Staying in the United States, the Federal Trade Commission has started the process of updating their settlement with Facebook slash Metta. So they made it with Facebook, but now it's with Metta. So in 2020, they came to a settlement in their suit against. About what? Privacy invasion. Was this the, oh shoot, I can't remember, which one? The 2020 one. Yeah, I just don't know what the case was. They said that Facebook were not following the rules in terms of people's privacy and they came to settle that. So this wasn't Cambridge Analytica. Don't believe so. It was something after that. 2020's too recent to be Cambridge, isn't it? Yeah, yeah. Anyway. So they started the process to do what then? To update the settlement, to block Facebook from launching any new products until they come into compliance with the settlement because right now they are not in compliance. Whoa. Wait, no new projects or products? No new products. No releasing, no data-based products. Wow, that's great. That's pretty big. That is pretty big. Now Facebook have, sorry, Metta have 30 days to formally respond, but their initial P.O. response has been, how dare you regulate an American company? Look at TikTok over there. And everyone's going, yeah, have you seen what the American government are threatening to do to TikTok? Are you sure that's a good idea? Sorry, I've made you nearly spit your coffee in your screen there. Yep, I was drinking when he said that. So anyway, 30 days we shall see how that develops. And then switching to the good news column. Google and Apple have worked together again. They did this at the start of COVID when they brought out the COVID trackers that never quite lived up to their promise because I think the virus moved too quickly for the idea. But they nonetheless... Oh, can I give you a quick update on that? I got a notification from the state of California saying, yeah, that's over now. Yeah, me too. We've disabled it. We're no longer tracking your phone. Yeah. Yeah, but I think they did it concurrent with the WHO saying that the international health crisis was over. COVID's not over, but the international health crisis is over. I love that announcement because it also said, by the way, just in case you're wondering, it's gonna be with us here until the next one. So just settle in. It is endemic, pandemic, but not an emergency. Yeah, yay. Anyway, so now what have Google and Apple done together? So I have said every time we talk about the topic of how do we deal with these new AirTag-like trackers? And it's not just AirTag, you've Tile, and you've all their companies doing them too. And Apple products are really good at telling you when an Apple tracker is following you because Apple can talk... On an Apple device. Yeah, yeah, Apple products are very good at telling you when an Apple tracker is near you, your iPhone, et cetera, is good at that. But in order for that to work universally, you need to have a protocol that is not vendor-specific. And I sort of expected Apple to open source what they're doing, but that would then involve people who make other trackers sort of agreeing to do things that way. But actually what Apple have done is they've worked with Google to develop a formal standard, and they have now submitted it to the Internet Engineering Task Force, the IETF. So it is now with the IETF or public comment, and if everything goes on schedule, it should become a formal standard by the end of the year. And all the big players are on board. That's pretty cool. I'm sorry, did you say what IETF Internet Engineering Task Force? I'm pretty sure I did. But either way, the IETF are the people, they're the people who do things like HTTP and, you know, TCP, IP, the kind of, you know, slightly important technologies that, yeah, that is a proper standard. I like that because obviously both companies want that to exist. I mean, why would you not? Yeah, exactly. And humanity wants it to exist. So it's just, I just like, this is how it should be. You know, you compete and what makes you different and you work together on what makes, what doesn't make you different and makes everything better. It's grown-up, grown-up behavior, I like it. And then finally, Google have rolled out support for past keys across their large array of services. So that brings us a dramatic step closer to past keys going from hypothetical to practical. That's a lot of humans on planet Earth. Have a Google account. Yeah. So like everybody else, I was super excited about this and I discovered something surprising and it leads me to a change I need to make and it also opens up another question for me. So I was hoping I could just spring this on you without any warning or chance to do any research. When I went to Google, it said, yeah, do you want to use past keys? I said, yes, I would. And it said, okay, here's a QR code, scan this with your phone. Now, right away that concerned me because I don't understand why I had to have a second device in order to do it. That may be something that I would dare implement. That may be because you were not in a position to actually use past keys because of something you haven't turned on yet that we're getting to. I don't think the APIs were working right because it's supposed to be that the browser should immediately go, ah, I see this side is offering you a past key. Yeah, so it said I had to scan this QR code. So I took out my phone and I held it up and it said, tap this to get to your past key and I tapped it and things spun for a little bit. And then it said, no, I can't find anything in iCloud Keychain for this. And I don't use iCloud Keychain because I use one password. Oh, I know. I don't want to use iCloud Keychain. That actually sounds like you tried to log in with, because that's the workflow for logging in with a past key rather than the workflow for creating a past key. That's correct. I'm saying after I said turn on past keys, it said, okay, got it. Now use your phone. And I have to bypass the QR code and tell it, no, get in another way now. So that's not working as designed. It's definitely not working as designed. I don't know what the steps you did to get into this position where you do not have a working past key set up. Yeah, I definitely don't. So I'm reading it right now. It says, Google, use your past key to confirm it's really you. And it gives my Gmail address. It says, your device will ask for your fingerprint, face, or screen lock. And when I tap continue, it does not ask me for my fingerprint, face, or anything else. It says, scan this QR code with a device running iOS 16 or later, or another compatible device to sign into Google.com. So, I have a past key. Did iOS offer you? No, you have half a past key. I'm on my Mac. You're on my Mac. You're on your Mac and you don't have iCloud Keychain enabled. And where did you create this past key? On my Mac. But it's asking me to scan the QR code. And the only thing I know to scan the QR code with would be my phone. I don't think you've created a past key. I think you've told Google you'd like one, but I don't think you have one. OK, it thinks I do. It's saying that I do. It says, you've enabled past keys. OK, well, at a time machine, I can't help you here. But it's not right. So I also don't know how to make it go away. You should be able to log in to Google and remove it. So you know the way in Google, there's a page that lets you set all of your different authentication mechanisms. So whether you have a phone registered, your secondary email. Like Google lets you have many, many doors to the same account. So in there, one of your doors will be your past key. So if you had. You should be able to turn it off. If you had a hardware token, it would be in there. So your past key will be in there and you just remove it from your account. Like you would a phone. So if if I did, I've just sent you the screenshot of what I see just so we can be on the same page. I sent it in telegram. But if if this was working, I shouldn't need my phone to log in with my Mac. But if I wanted to log in with my phone, I would probably have to have iCloud keychanger done. OK, if OK, let's let's keep things simple. So let's start off with you have a Mac and you have a Google account and everything is set up correctly. You go there with your Mac and you turn on past keys and then you will never see that screen because your Mac will be talking the past key APIs and Google will be talking the past key APIs and it will all just magically happen. You then go to you then go to a phone that also has iCloud keychain and then it will also be completely seamless. But then you go to an internet cafe and obviously it's not your computer. So even with everything working perfectly, you wouldn't be able to authenticate on that device because it's not your device. So the mechanism past keys provides is that your phone can do the authentication for you and in order to do that handoff between the device you're on and the device is going to authenticate you, you have to scan a QR code. Yeah, so that makes sense. But but that phone would have to have the past keys as well, which I believe requires iCloud keychain. Now what surprised me about that was I thought we were going to be able to do that with one password, but one password hasn't done it yet, I think. I think you're too early. They've got it where you can create an account with a past key, but you can't store your past keys in one password yet. Yes, you can use the past key to authenticate yourself to your vault on your phone, which is a good way to authenticate yourself on your phone. It's a good, strong authentication on your phone. But they don't have it to the point that they are managing past keys for other websites, which is, that is coming, right? They are going there. We're early, yeah, yeah. So talking about the reason I haven't ever done iCloud keychain, actually no, let me wait one more minute on the Gmail thing and thinking about this in a holistic form. If I've got authentication to a site such as Google with past keys, can that be shared with Steve Sheridan? So Steve uses this account to do some of the live show stuff because this is the account that runs the YouTube videos. So the answer is yes, and you can do it the right way or the wrong way. So with modern authentication, you need to get out. So the way we're used to thinking about things is that an account has a password. That's not the way you should think about things in the 21st century. So the correct thing is that you add to the one Google account, two past keys, your past key and Steve's past key. You don't share the past key, that's your past key, but you want him to share the account. And the way he would do that is on his Mac, log in with the password into my Google account and then say, turn on past keys. Yes, so that when you go to that screen where you get to have your phone and your alternate email address, you would see two past keys and you could then revoke one of them if one of you lost your phone or whatever. Okay, good, that was one of my concerns. Once I got this, I was like, well, wait a minute, how is that ever gonna work? So now stepping back further to the, if I can't use one password yet, and I'm now, I really wanna try this out so I'm gonna turn on iCloud Keychain. The one of the things that's really kept me from doing it is I didn't wanna manage passwords in two places. So if I go to mybank.com and I changed my password, one password goes, hey, do you want me to update that login? And I say, yes, do I now have to go over to iCloud Keychain and manage it there? Only if you wanna store it in two places. Don't store it in your iCloud Keychain. Let the past keys can be in your Keychain, but if you never put a password into your Keychain, if you never put a password into iCloud, it won't be in iCloud. Oh, so you, see, I literally have never used this intentionally, I think I accidentally did some early on, but then I was like, ugh, and I got rid of everything I think. So you have to agree to let something be in iCloud Keychain. So I was afraid that as soon as I turned on and it was gonna go bleh, and then barf everything into iCloud Keychain where I didn't want it to be. No, it's like the standard Safari thing, because it is the standard Safari thing, I'll pop up and say, hi, do you want me to save this password? And if you just say, no, I don't actually, then it won't. Okay, I think I've successfully beaten Safari into submission to stop asking me, but somehow I have to tell it that it's okay to store that pass key. Well, I guess I'll find out when I turn it on. I haven't used pass keys myself. I've seen videos of it in action, but it should be the operating system offering you to do its thing and it should be very automatic. Okay, all right. Well, I will certainly give that a try and I will report back, but yeah, it really does feel like something broke on the day I got in. I don't remember being asked any questions whatsoever about how it was gonna work. I remember going, do you want pass keys? Oh, click, and then I got in that state. The very first thing it did was ask me to scan that barcode. I could be misremembering. That has happened maybe once in the past. It's definitely not right. Not entirely sure how it got wrong, but it's definitely not right. Okay, good. I do see one pass key there. Oh, good Lord. It says I did it on my Motorola Moto G7. Okay, this is confusing. I will do this on another time. Okay. But I appreciate you answering the questions and I think that's a value to people to think about the repercussions and how this works. And also just sort of what occurred to me when you asked me the question, even though you didn't give me a lot of prepped. I mean, I did have some time to noodle. You were very much against turning on iCloud quite a few years ago because back then the reality was very different, right? If you had iCloud Keychain turned on and you had passwords in it and I picked up your phone, you had left your phone down and you hadn't locked it because you put it down for a second and I picked up your phone. I could log into things because- Right. It just took the passwords. But today, even if you had passwords in there and you put your phone down without locking it and I picked your phone up and I tried to log in as you to something, it would do the Face ID thing and it would stop me. And I couldn't go into the Keychain app because it would do the Face ID thing and it would stop me. So the level of access that was implicit, the level of trust that was implicit when you decided against it has changed completely. So you made a very sensible choice when the universe was different. And so my advice is, don't worry too much about turning it back and turning it on now because you were not wrong to turn it off then, but it's then is not now. So don't think that, I'm not sure I'm saying what I'm trying to say very well, but the decision you made then was perfectly sane, perfectly reasonable and doing the opposite now is not choosing insecurity. It's everything's changed. Okay. I do still hate the idea of having to manage passwords in two places though. Don't manage them in two places. I don't understand how people, but I know people who do. I know Dave Hamilton talks about how he does both. I do both. I do too. So you change it in one place, you have to change it in another, but you change it in two separate places for me. Because it'll say, do you want me to update an iCloud and it'll say, and the plugin will do update in the other. Yeah, I just go, yeah. And it just, it's a less frictiony, but there's no, I only do it because I like the safety of having them in two places. I sort of think of it as, I have one secure place and I have another secure place and then they're in two places and I feel better, but I don't think you need to do that. I don't advise people to do that. I do it because it just makes me feel better and I'm not even sure it's wise. I just feel better. Okay. Well, that sounds good. I definitely understand a lot more and I might turn it on. If nothing else, I will try to turn off the Pasky's right now for Google just so that I can get in without having to go through the second step. Yeah, I just removed that authentication mechanism and you should be good to go. Yeah, I haven't found it yet in my poking around while we're talking, but I did find a place where one of your options that is turned on by default is to not show you the password option. So you have a toggle and that's turned on that's saying, don't show me the password option, because, well, because you got a Pasky. Why do you want to bother looking at that? I think it was the idea, except that it's not working. So it always forces me to go an extra step. Ah, yes, of course. Don't I try, I'm not that certain. I know how to get rid of this Pasky. I can see it, that it's there. I don't know how to get rid of it, but I'll find out. Moving on then, oh, there we go. We have a top tip. So we've talked a few times about the importance of having your own email domain, because otherwise it's really easy to get locked out of your everything. And if you're not going to have your own one, probably the worst possible thing you could do would be to use one provided by your ISP. So if you'd like to hear someone else explain exactly the same thing with different words, Apple Insider have a lovely article, why ISP email services are terrible and what you want to use instead. So it's not one for you or I, but it's one to keep in your bank pocket for your family members who send you, oh yeah, no, I have everything connected to my cox dot, whatever. Comcast, yeah. I was really pleased. Steve's mom and dad are just so smart, because they listen to us and they do it. We suggest after we explain it to them, I wouldn't gonna say they do what we tell them to do. We suggest things and they jump on board is they had their email with Comcast. And I explained that that's not portable. If you move, that's not gonna work. And they said, okay, what do we do? So, okay, well, let's start by forwarding your email to Gmail. And when you write to people, write to from your Gmail account. And I got them going on that, and then over time got them to just shut down and go into their services and make sure they switched it all over. And that took them months and months and months to get done, but they went through the work. And about six months later, they decided to move. They didn't have to add that to the worry of, finding a place to live, packing all the horrors of moving and they were fully able to move without losing any contact. Actually Steve's mom said, yeah, anybody I didn't tell, I actually don't care if they ever write to me again. It's been six months, if I haven't heard from you, I don't need to hear from you. They were right, right, right. Yeah, so anyway, I like to have these links in my back pocket. I have a little folder in pocket called for reference. And that one went in and I thought we were sharing with people. Yeah, good one. Another interesting follow-up. So, the internet collectively went mad on telling people about juice checking. And I was pretty cold about it. I just sort of pointed out that there's been no change. There's no added risk. And that just because it was making the media, so again, juice checking is plugging in at the airport to charge, but somebody's actually stealing your data. Yeah. You did say it was a danger though. It just wasn't a danger. It's just the FBI. But at the time, we didn't really talk about it as being merely hypothetical. We talked about it that you really shouldn't do it. Yeah, I didn't throw enough cold water on it. It's garbage. It doesn't actually happen on planet Earth. Yeah, which I did not know until Ars Technica talked about it, that they said, yeah, this doesn't actually happen. Has not happened. There are no reports of it in the wild. It's, the other thing that has changed in the last couple of years is kind of like the iCloud conversation. The reality of the phones have changed. So it used to be the case that if I took your, say your generation one iPhone, and if I plugged it into my computer, I could just get your stuff. I could just download your stuff. So if I replaced that computer with some sort of dongle, I could just have it automatically steal your stuff. And people successfully hid that kind of functionality in a cable, right? They're like hacking cables. But Apple responded to that. And so did Google with Android. So when you plug your phone into a device that it has not been cryptographically paired with, it won't talk to it. It just won't talk to it. So the danger is really, really hypothetical. You would have to have a zero day to work around the blocking that's happening. And then if you're afraid of even the zero day that no one knows about, which has never been found to exist, you can buy a thing called a data blocker, which is like a USB sleeve that goes over your USB port that physically doesn't connect the data cables. So the only pins connected in this little shoe are the power ones. So if you buy one of those little overshoes and the coolest ones are actually transparent. So you can see the gap. You can look through the casing and see that the cables are not connected. And then you're absolutely completely fine because data can't magically... So you're protected by hardware. And even if you weren't, there is a strong firmware level protection. And even if that wasn't there, the actual device itself, it's... There are many layers. You can make your own data-only cable by splicing, cutting a USB cable and peeling back the shielding and then don't connect the data connectors, the data cables and just connect the power and then wrap it back in electrical tape, which by the way is how I met Tom Merritt. I probably told the story the last time we talked about this, but he liked it so much, he put it on his top five many, many, many years ago. And that's why we became friends. Now what I want is the opposite thing. I would like a data-only cable. And I'll tell you the problem to be solved is what's the continuity thing that allows you to use an iPad as a second screen to your Mac? Sidecar. Sidecar. So sidecar is completely unreliable for me on Wi-Fi. I don't know why, but I like to sit outside on the... No, I know why I like to sit outside on the back deck. But if I'm sitting out in the sun, I'm relaxing, I want a second screen. If I try to use my iPad, it'll connect, it'll be all great, I'll be working along and all of a sudden, it's just gone. It just gives up. So I can connect it over USB-C, Thunderbolt, whatever you want to call it that day. And it works great. But the iPad sucks the battery out of the laptop. Now you may have heard me mention that my battery doesn't last on my laptop. And so here's this giant battery in the iPad. So unless I've charged the iPad to 100%, and as it uses power, it starts sucking it out of the Mac and I don't want it to do that. So I want the opposite. So I might need to get out my scissors. Yeah, have a go. I don't know how much more... Because the opposite should be possible. Yeah, but remember the amount of... Remember that USB-C has a... A circuitry and all that. It has a chip in each end of the cable and they negotiate stuff. I don't know how they'd feel about suddenly having some of their connection interrupted. I'm not entirely sure you'll get away with that one. Yeah, I might have to look. I actually did try to look for data only USB-C and I don't think I have yet found that. You'd imagine there's a low level API call somewhere to tell the little controller not to send power. I would imagine that the API is allowed and someone just has to write an app, like juice blocker or something. Because I am almost certain that software-wise that should be conceivably doable, but not with my... You would think so. Yeah, well, I will keep on the hunt. Indeed. Okay, well, that is it. That is all the stories we got. Nope. I came up with a pallet cleanser while we were talking. Oh, good actually, because I forgot one. This is so delightful and it just shows the level of depth of nerdery that we have in the New Silicastways that I just love. So the best channel in Slack is DeleteMe, by far. It's funny, it's clever, it's wonderful. Alistair Jenks basically owns the channel and that's fine, we're all good with it because every once while I get one that's almost as good as something he's posted, but Ian Lessing posted one that was just wonderful. This was a screenshot he took on his computer years and years and years ago from an iPhoto library migration. The screenshot says upgrading thumbnails, time remaining about two, one, four, seven, four, eight, three, six, four, seven hours. I don't know how many digits that was, but we all had a good laugh about it, but that's not where it ended. Alistair, because he is such a nerd, writes back, that number can also be written as two to the 31st minus one, which means it is the largest positive number in a 32-bit integer. In other words, it was not expecting it to take nearly 245 millennia, but in fact, an infinite amount of time. It just couldn't find the, any words, but he crossed it out. It just couldn't find the numbers. Yeah, that is one of those magic numbers. Yeah, I am full. But the fact that he saw it and went, oh yeah, I recognize two, one, four, seven, four, eight, three, six, four, seven hours, that's obviously two to the 31st minus one. I recognize some of those magic numbers, but not as many as Alistair does. I think his mainframe experience helps him out. It does remind me of when I knew a really nerdy guy from Caltech, and he walked into my office one day and he said, do you realize that your office number is the product of the first five prime numbers? No. What's wrong with you? I'm the kind of person who finds myself buying things, and then when I get, only when I get home, do I realize why? It's because they're powers of two. It's like, there were four different loaves of bread I could have bought. Why did I buy the one that cost 256? Oh. Really? Really. Like those are the pleasing numbers. Honestly, I find myself with stuff in my shopping basket that's slightly more expensive because it's 1.28 or 2.56. It's ridiculous, but yeah. And it's a punch, isn't it? That's funny. Do I notice, oh. Well, you know what's gonna really bother you? I read that Mark Gurman is predicting that the new M3 Max, which you're supposed to be announced any day now for maybe end of the year, will have 36 gigabytes of memory, not 32. Why, so how's the extra four? I'm guessing it's like graphics RAM or something. No, you're right. It does have a slightly cranky. No, that's gonna be upsetting. No, it does about by two, but it's not a power of two. Yeah. No, don't like it, don't like it. Mind you, more RAM, more good. All right, well, I managed to stretch out the shortest show notes of all time to 47 minutes. So, and you're probably out of coffee by now, so I will let you go, but that was a lot of fun. Yep, he's showing me his empty mug. I'm out of coffee and I also have the opposite problem. I need to go visit a little room. So wait, this is security bits. Therefore, I need to remind you because it's been so long since we talked about security here. Remember folks to stay patched, so you stay secure. Well, after 18 years, that's gonna wind us up for this week. Did you know you can email me at alison at podfeed.com anytime you like. Lots of people write to me and I love engaging with people. You can tell, remember the whole thing I said about Mastodon, I like people to talk to me. So send me an email anytime you like. If you have questions or a suggestion, just send it on over. You can follow me on Mastodon at podfeed at chaos.social. Of course, there's a link in the show notes. And remember, everything good starts with podfeed.com. If you want to join in the fun of the conversation, you can join our Slack community at podfeed.com slash slack where you can talk to me and all of the other lovely new silly castaways and enjoy Alistair Jenks delete me channel that we were just talking about. You can support the show at podfeed.com slash Patreon or with a one time donation, podfeed.com slash PayPal. And if you want to join in the fun of the live show, head on over to podfeed.com slash live on Sunday nights at 5 p.m. Pacific time. Enjoy the friendly and enthusiastic new silly castaways. Thanks for listening and stay subscribed.