 Hi, this is Allison Sheridan of the NoCillicast podcast, hosted at podfeed.com, a technology geek podcast with an ever-so-slight Apple bias. Today is Sunday, July 30th, 2023, and this is show number 951. Well, I really wanted to take some time to talk about MacStock and what a great conference it was, but I'm going to have to defer that till next week. I want to make sure I tell you in a way that doesn't sound like when your best friend tells you all about their summer vacation in Hawaii, and you have to pretend to be happy for them while you spent the week working in a stuffy cubicle. I want to hopefully make it more interesting than that. All right, this coming weekend we are going to be going off to Mammoth for a week with Lindsay and her family so there will be no live show on Sunday, August 6th. I'm going to release the show early again, probably on Saturday, so Saturday, August 5th, you will get the show, and that'll be your hint not to show up to the live show. We get back on Saturday the 12th, and because of the awesome NoCillicast ways, there will be plenty of content for me to publish another show on Sunday the 13th, even though I won't be working all week at all. We will have the live show on the 13th, but it'll be most of me just chatting with the audience and goofing around because I'm going to rely on the kindness of the NoCillicast ways for that. Now, I'll still have two recordings ready for the trips that are still coming up, so if you've got an idea for something that you're going to record, please go ahead and still do it. Don't hold back, because we've got, during the live show here, I've been waving around a calendar of all the different times we're going to be gone, so I can definitely use some more help. And anyway, let's kick into gear for this week's show, shall we? I'm sure that by now you've watched or listened to my interview with Nobel Prize-winning astrophysicist Andrea Gez. If you haven't yet, stop listening to this now and go check it out, because it is an amazing interview. It's just fantastic. Anyway, in this interview she explains how she and her team determined that there's a supermassive black hole at the center of our galaxy. One of the reasons they were successful was that they discovered a star they call SO2, which has an incredibly short orbit around the center of our galaxy. It's only 16 years. That means that they were able to track its entire orbit during their study, and it means that even more science will come from observing it during its most rapid movement at either end of the elliptical orbit. During the interview, when Andrea said that SO2 was her favorite star, I asked her whether her team has t-shirts. She enthusiastically said, no, but there should be. Well, Steve and I decided to take matters into our own hands, and we designed SO2 t-shirts. Andrea's team already had done the work of mapping several stars orbiting the Milky Way center, so I simply replicated the orbits, making one of the stars' orbits white, or all of them white, except for SO2, which I made in yellow, so it stands out. Now, you too can own one of these coveted t-shirts by ordering them through our online store at Cotton Bureau. Because we believe science should be open source, we removed any profit on the shirts, so the $27 you see is purely the Cotton Bureau pricing. We also wanted to make sure the shirts were inexpensive for Andrea's team as possible. We shipped shirts to her and her assistant, who helped me get the interview, and I can't wait to find out whether she likes hers. Since everything good starts with Podfeet.com, go to Podfeet.com slash shop to buy your very own SO2 as my favorite star t-shirts for $27. We chose tons of different colors. I love the tri-blend shirt options, but you know what? You do you. We also made an iPhone case, and it's $27 for the MagSafe version and $23 for the Slim non-MagSafe version. I can't attest to how those look in real life. I'm kind of tempted to buy myself one, though. Anyway, my favorite thing about the shirts is that pretty much no one will ever know what they mean when you wear them. But if you know, you know. In May, I told you about the amazingly capable and inexpensive screenshot annotation tool called Shutter. I'm so enamored with Shutter that I decided to create a full video tutorial about it for screencasts online. As always, I learned so much more about the tool because I had to really know how to use all of it so the tutorial has even more information than the article I wrote. Let me give my usual disclaimer. Screencasts online is a paid-for tutorial podcast, but it also has a free seven-day trial that gives you access to the current back catalog so you can watch all of you what you can watch. You can binge like crazy for seven days. Now, it's dangerous to do the free trial because the tutorials are incredible. We've got a great cast of characters who do the tutorials, and you'll get hooked on the service if you try it. It is only $8 a month if you subscribe annually, and I challenge you to find training of this quality at that price. I put a link in the show notes to a little teaser video for Shutter. It's kind of just the introduction where I'm just kind of getting it set up so it's really is a cliffhanger teaser kind of video this time, but go check it out on screencastsonline.com. This week's Chit Chat Across the Pond is another installment of Programming by Stealth, and Bart and I have come to the end of our journey with Bash. I'm going to be sad to have it complete because as I tell Bart in this episode, I've really enjoyed this mini series. Next time, he will do a final bow tying episode where he brings everything we learned together in one set of notes as a handy reference guide so we'll be able to know which lesson to go to to remember how to do stuff. I think he wants that reference guide for himself, too. Anyway, in this week's episode, he explains how functions work in Bash, and after about the 12th time he repeated it, I understand that functions we create in Bash work just like built-in functions, such as ls or cat. After walking us through some easy-to-follow scripts to illustrate this and show us the syntax, we go into a harder concept where we talk about scope. We learn that Bash does scope differently from pretty much every other language, so he teaches us how to avoid what he calls spooky action at a distance because of this different way of dealing with scope. Protecting ourselves isn't actually that hard, but it's very important to understand why we need to do this, and of course, Bart is the best person to explain this. You can find Bart's fabulous tutorial show notes at pbs.bartificer.net. I usually try to figure out how a piece of tech will fit into my life before I buy it, but sometimes I buy it on faith that the device will find its own place. I'm easily influenced by my geek friends in this regard, so if a lot of them say something is great, I'll probably give it a try. In 2019, I bought a 5th-gen iPad Mini. I already had a 16-inch MacBook Pro and a 12.9-inch iPad Pro, but everyone told me that the Mini is such a great device and there was room for it in my life. They were wrong. I carried it around for a while, and I even used my Gen 1 Apple Pencil with it. I can tell you that an Apple Pencil sticking out of the side of an iPad Mini looks really silly. I bought the Logitech crayon for it, which required a cable, but didn't look quite as silly. At the time, I was using MyScript, a now discontinued piece of software that would recognize my handwriting and convert it on the fly to text. And, you know, it worked reasonably well. I also tried drawing with it, but I always felt cramped with the iPad Mini and I would continuously reach for my 12.9-inch iPad Pro. I found an article I wrote about the 5th-gen iPad Mini entitled, Does the New iPad Mini Have a Place in Your Digital Life? And my conclusion was yes, but that was evidently well before the honeymoon was over. Sounds like wishful thinking to me. I started realizing the problem. I use the iPad Pro a lot because it has a keyboard that also acts as a stand. The obvious answer was that I needed a keyboard case for my iPad Mini. I set out on a quest to find the perfect keyboard for the iPad Mini. If I could just find that perfect keyboard case, then I would be productive with the iPad Mini. In 2019, I wrote an article entitled, Maybe If I Had a Keyboard for My iPad Mini, I'd Use It More, in which I admitted that the novelty had worn off and described the keyboard cases I'd tried. I'm going to save you the time of reading that old article. They were all awful. And I mean truly terrible. The obvious solution was to upgrade in 2021 to the 6th generation iPad Mini. That's going to solve the problem. This was a sweet little iPad with a flat magnetic side for the Gen 2 pencil to charge. And it sports USB-C, which is so much nicer than lightning. I thought maybe I'd use it as a book reader. But you know, it's so much heavier than the Kindle. The battery only lasts a day or two while the Kindle lasts weeks. It was also too easy to flip over to social media and play around and read books when I really wanted to read books. The new pencil support was nice, but when I would scribble notes on it, I felt like I was always at the end of the page with the mini. I don't have a lot of need to scribble on an iPad, but when I'm programming, I find it a much better way to think things out. I wrote an article called, Write My Hand When You Need to Think, where I described how it works. But it doesn't work for me in the iPad Mini because it's too small. Now I know a lot of people who simply love the iPad Mini, but they all tend to use it as a consumption device. They read Apple News or they idly scroll through social media with it. And my problem is that I simply can't read anything without wanting to contribute. If I see content I like, at the very least, I want to copy the link and send it to someone. If it's social media like Mastodon, I want to reply. I like to engage with content with other people. I was still holding out hope to find a good keyboard solution for the iPad Mini when I heard Andy Anato talk about an interesting solution. He bought a wraparound cover for the Magic Keyboard. When unwrapped, it gives a nice stand for the iPad Mini. Instead of the overly cramped and improperly placed keys of the keyboard case solutions I tried before, the Magic Keyboard has full-size keys, so typing on it would be a dream. After I got the case, I put my Aspire Magic Keyboard in it and I thought I was set. Do you know what? It's a big pain to carry around, not one, but two devices. It was clumsy to open and it was awkward to carry because the keyboard case and the iPad were different shapes and sizes. That poor case? It's been sitting in my closet for years now. I did find a small use for the iPad Mini for a while. I used to use some software for running the live show that had a companion app for iOS. This companion app gave me a nice control surface with big buttons as an audio-video switcher. This let me do things like mute Steve or change what the viewers were seeing on screen. While it was perfect for this use, every single week when I opened it up, the battery was dead. I had to get in the habit of shutting it down every week just so I didn't have to wait for it to charge up for the live show the following week. Now it turns out we don't use that software any longer, so the iPad Mini went back in the drawer again. The end of this story is that I finally found the perfect use for my 6th gen iPad Mini. My son and his wife had a third baby and I gave it to them. See, when they had two babies, they used my first gen 12.9-inch iPad Pro and my second gen 12.9-inch iPad Pro as baby monitors, and it worked great. They could see both babies and hear both babies if anything went wrong. Now, Kyle knew he needed a new solution and he didn't think carrying three giant iPads around would be a good idea, so he was delighted to find out that Wise supported two cameras in view at the same time. He figured he'd have the true baby monitor on the new baby and Wise on my two older and very adorable grandchildren. But when he went to set it up after the new baby was born four weeks early, he discovered you can only hear one of the Apple Icecams at a time. I did a little bit of research and I think this might be a limitation from Apple. I'm not sure it's Wise's fault, but in any case, not being able to hear the baby is a big problem. So I sent Kyle the iPad Mini and he set it up as their third baby monitor and finally my little device has a loving home. On the plane out to Chicago for Mac stock, I finished the book I was reading on my Kindle. One of my favorite things about reading on a Kindle is that I can easily buy another book and just keep on reading. I don't have to wait until I can find a bookstore or drag along several heavy, made-of-wood books. When I got to my hotel, I used my Mac to buy another book from Amazon and I sent it to my Kindle. I turned on the Kindle and I went to Wi-Fi settings and I realized I wasn't going to be able to connect to the hotel Wi-Fi. Connecting to Wi-Fi at the hotel had the typical interstitial pop-up page where you have to enter your hotel room number and your name. The Kindle does have an experimental browser that's been experimental for about 10 years now but connecting to the hotel Wi-Fi did not make that pop-up happen in the experimental browser. No worries, books are just mostly text files so they're wee tiny, which means even the worst cell phone signal over tethering would be good enough to download my book. My iPhone's hotspot was enabled but when I opened up the Wi-Fi section on my Kindle, my iPhone was not visible in the list of available hotspots. I tried rebooting the Kindle, turning off the hotspot on my phone and turning it on again but nothing would make my iPhone's hotspot appear. There's a solution to this problem and that's our tiny tip for today. In settings, Personal Hotspot, you'll see a toggle called Maximize Compatibility. If you toggle it on, the Kindle can immediately see the Wi-Fi created by your phone. As soon as I connected, I was able to download my book in short order. Under the Maximize Compatibility toggle, it says, quote, Internet performance may be reduced for devices connected to your hotspot when turned on. That's nice but I got curious about what it was actually doing under the hood. I don't know why Apple doesn't want us to worry our pretty little heads about such things but I like to understand things. I had a theory about what this toggle might be doing but I wanted to confirm my theory. I looked for an Apple Support article explaining it and while I did explain when to use it, the Support article didn't say what it actually does. I kept digging and I eventually found a tutorial by Apple that says, quote, Personal Hotspot uses a 5 GHz connection by default. On iPhone 12 or later, you can turn on Maximize Compatibility for Personal Hotspot to use a 2.4 GHz connection. That confirmed my theory. I was pleased to be right. Pleased to find the answer in writing from Apple but I was glad I found this for another reason. The place I found this, I stumbled across this, was the Apple Device Support Tutorials at it. I'll get it yet, it-training.apple.com. I put a link in the show notes because you can't actually go to the main URL. You have to start at one of the tutorials. If you're an Apple Certified Support Professional, you probably already know about these tutorials but I sure didn't know they existed. While this series of tutorials is designed to prepare people for the Apple Certified Support Professional Test, the tutorials are available to all of us for free. The tutorials assume you know your way around Apple devices so they get you that deeper knowledge you might have been seeking about how things work. I guess that's two tiny tips in one. While on the road to Macstock, I asked Dave Hamilton a question that's been festering at me for a very long time. What's the difference between a hub and a dock? I've seen a lot of explanations on the web but in every case I could counter their theory with an example that proved the opposite. For example, someone would say docks are powered and hubs are not but there's also powered hubs and unpowered docks. When I asked Dave, I got a very surprising answer. He said he didn't know a definitive way to explain the difference either. I thought he'd know. Well, we just happened to be on our way to go on a tour of Otherworld Computing also known as OWC at maxsales.com. These people make docks and hubs so we decided I should ask them. I'm so glad we did because I got a great answer from Rick in Sales. He prefaced it by saying this is how OWC differentiate the two terms and that he wasn't saying this was everyone's definition. Rick said that a hub multiplies an existing port protocol into more of the same and a dock adds different ports to the machine. It's so simple and it makes perfect sense. So, for example, if you buy the Satechi Type-C multi-port adapter that gives you HDMI, USB-A, SD, microSD slots, and one bus-powered device, that's a dock. But if you buy the Satechi four-port USB-C hub that adds four USB-C 3.0 Gen 1 data ports, that's a hub because it multiplies the existing port. Likewise, the OWC 11 port dock is indeed a dock because it adds a plethora of ports from USB-A to USB-C to Ethernet and more. But if you get more Thunderbolt, to get more Thunderbolt ports, you need to get a hub, like the OWC Thunderbolt hub. Now I'd be remiss if I didn't point out that while I think OWC's explanation is clear and concise, Satechi seemed to use a random set of nouns to describe their devices. Satechi have devices that are clearly docks and they call them hubs and the dock I just described is actually called an adapter in their literature. They sell devices they call docking stations but they only use that term when they're referring to big powered devices appropriate for a desk. It's no wonder we have trouble knowing which one is which but I'm going to stick with OWC's terminology because it makes me happy to have a definitive answer to this question even if it is an official and not everyone's follows this convention. Well, it's that time of the week again. It's time for security bits with Bart Booth shots and we got some deep dives today, huh Bart? They're all quite shallow as deep dives go but you like to get a little deeper into stories and so I've been sort of rebalancing the notes a bit to a few meaty stories and then catch up on the other stuff and there isn't a whole bunch of other stuff so this actually works out quite well. So our first deep dive is one of those stories that's been going on for so long that it's probably worth reminding ourselves how we got here. I guess the big story is in theory it has just gotten easier for US companies to work with European data. So there used to be a thing before the GDPR that was called Safe Harbor where Europe and America had negotiated an agreement to basically say that as far as data privacy was concerned we would consider US law equivalent to European law so don't worry your pre little heads Microsoft and Facebook and everyone else it'll all be fine. I and many others felt that that was a fiction that was there for the purposes of commerce as opposed to reality and in Austrian gentlemen called Max Schrems also felt the same and went to the European Court of Justice and won. Striking down Safe Harbor and meaning that all of a sudden every American company that was using Safe Harbor was in breach of GDPR. So the European Commission using Safe Harbor across the board in its entirety? Probably as an excuse for this. Okay the GDPR Safe Harbor so there are many laws use the term Safe Harbor but this is yeah. Okay I thought you meant the US Safe Harbor okay. No no this is entirely about GDPR so basically it was agreed that there will be they called it Safe Harbor that American companies could just pretend the GDPR didn't exist because American law sure that's fine that's just like the GDPR. Right exactly right. It's really good. Exactly. Don't make those jokes when I'm drinking my coffee bird. I'm sorry I need to watch my camera better. So the European Commission had another go and they negotiated something with the American government that they called oh hang on we'll get this wording right the privacy shield yeah the privacy shield framework. So the idea was that if companies agreed to these extra rules that were above and beyond American law so American law plus a few extra rules then American companies could basically say that yeah or de facto compliant with the GDPR and Max Reims took one look at the privacy shield framework and went I don't think so and he went back to the European Court of Justice and the European Court of Justice went yep you're dead right and struck it down again so that was in 2020. So they've had a third go and they've been very quiet about it probably because they're trying to be productive so there's been a lot of negotiations between the European Commission and the Biden administration and a lot of concessions were made and now they think they have arrived at privacy shield framework Mark II and the Commission have officially ruled that they consider it to be adequate they took a vote and they deemed it adequate so until there's another court case to check their adequacy it is now the case that any American company can sign up to abide by this framework and then that gives them GDPR compliance so they have a mechanism for GDPR compliance huh do we have any idea what's in it that's different yes so the big changes from Mark I is that there is tighter language on US law enforcement access to European data so the language now says it is only quote what is necessary and proportionate okay so no dragnets no dragnets and the obvious question is well who gets it aside necessary and proportionate and the answer is a new court has been created through a treaty that the US signed with the European Union it is called the where is it gone it's in the show it's here it's the court of something I'm sure I I meant to put it in italics so I could find that mid-flow and I guess I forgot justice because you already had that no the ECJ data protection review court there we go so that is now a thing that exists which is what will decide if your American companies are protecting European customers rights and European as I understand that the court is in America but Europeans can use the court so the plaintiffs will be Europeans and the defendants will be American corporations and it will happen in America is my understanding of this court and that is supposed to protect European rights so this will undoubtedly be challenged by Max Schrem and Co the commissioner confident it will stand up to the challenge and for now it is assumed to be legal because that's how it works when a parliament passes a law so for now we have a mechanism again that Facebook etc can use to be compliant with the GDPR and stop getting massive and they have to still agree to it they do and they have to actually implement it oh oh that too yes that too but it should make things a lot easier for American American corporations who want to have European customers with data in American data centers the easy fix has always been to have separate data centers but this is a this is a fix for companies that don't want to do that so on the whole if it stands up this seems like a positive development that could help smaller companies too right who can't afford new servers all over the all over the globe um I don't think that's so much of a cost what it really saves you on is lawyer fees because in the absence of a framework everyone had to do their own paperwork whereas when you have a framework you basically get to go and I accept this framework sign on the dotted line and we're done right instead of having to draft up all of your own policies and everything so again smaller shops do benefit massively actually from not having to have a legal department on retainer so that's our first semi-deep dive next up our friends Apple get to march into the conversation so we've talked a few times about Apple's new rapid security responses which are mini-me little security updates that do one thing and in theory do it well although in practice that doesn't always work out and are undoable yes and that did work out that's another big feature right yes right yeah so they're designed to be quick to roll out and quick to roll back they're very precise in their action they just do one specific thing and therefore they apply very very quickly so if they require a reboot it'll be a normal reboot not one of those weird software update reboots and the intention is to have as few of possible of them require any sort of reboot at all so we had this is now our this was our second and or third depending on how one wants to count them rapid security response and things went awry but arguably it wasn't Apple's fault it's not that Apple broke macOS with the security update or indeed iOS this one was for the Mac and for iOS it affected Safari and it was a zero day in Safari which is never healthy remote code execution by visiting a random website not a good day hate those yeah so worthy of a rapid response but we Apple discovered some teething problems to do with technical debt and the internet I think is the best way to describe it so when Apple update a rapid security response they changed the version number of the operating system so you can tell that you have applied the rapid security response and they don't change the numbers so you have you know you have three numbers 10 points something you know you have three digits and they don't want to add a fourth digit so the rapid security responses appear as bracketed letters so you might have you know macOS 10.15.7a and 10.15.7b and so forth and and and c in this case yes although b never reached us a and c reached us but no b didn't reach us anyway web browsers also tell web servers what operating system they're running so that the web server can theoretically be clever and you may want user agent precisely so the mechanism that's reported yeah the mechanism is a single HTTP header called user dash agent or the user agent string in you'll usually see it in English and this thing is loaded with so much technical debt and history you just would not believe it so i decided it will be fun to show you what i mean by copying and pasting my user agent from my mac today now my mac is an m2 no an m1 series mac but the the user agent string says intel macOS x which is immediately so it hasn't been OS x in a long time and it's not intel yeah now i was using Safari yet the very first word then the user agent is mozilla forward slash 5.0 it also says apple webkit which is the one true thing so far it also then says kml comma like gecko and then finally on the very end we see safari well it's also you're not in sorry 10.15.7 you're probably in like 13.5 are you well technically speaking we call 10.15.15 or something don't we wait what do we yeah what do we call but we're on 13 we're not on 15 we're on you're right we're on macOS ventura 13.4 so why is it yeah okay you should be 13.5 Bart you're you're not patched yeah that's why there's a giant big one i will be after we record this i didn't want to Bart Bart Bart i may have to say our ending line you're ending line for you here so what is going on not 10 10.15.7 which is also in the user agent string yeah so what is going on here well what's going on here is a whole bunch of history so when apple released safari no one knew what safari was so in order to make safari not give you errors all across the internet apple decided that they would make their browser behave the same as firefox so any website that would work on firefox they test it to make sure it would also work in safari so they put mozilla 5 slash 0 on the front so that website to go oh yeah that's a version of firefox yeah sure i know what to do with you but then people you know apple started making their own stuff and they want their own credit so later in the query string you then add the truth which is apple webkit and safari but webkit wasn't written by apple it was an open source project that apple took on and extended that it used to be k html was the open source project so that's what that's still in the query string or sorry in the user agent string but when k html started they had the same problem safari had so they had to pretend to be netscape and netscape's engine was called gecko so that's why that's why it says apple web apple webkit k html like gecko yeah now the the k ml the k html people i think had a sense of humor because they put comma like in front of gecko instead of just pretending to be gecko whereas apple went with mozilla slash 5.0 so this thing is so laden with technical debt it's not even funny right this is this is insane could they take all of that out now and just say apple webkit no because the internet would break that's why that's why so when apple released their their update which included a patch to safari for the first time safari started reporting itself as being 10 underscore 15 underscore 07 bracket a bracket and all the regular expressions used by facebook broke because everyone tries to pull right there's not a separate field for the operating system and a separate field for the browser everything is munched into this user agent i don't know what facebook is doing with this why what do you mean they're queer what does facebook's web server reads the user agent and for reasons probably to do its buying on you tries to extract the information but it's one field right it's not that we have a sensible system where there are a field for where you tell at the operating system and a field for you tell at the browser the only thing is this ridiculous user agent string so everyone's web server that cares about who's what type of web server is visiting whether that be for statistics for spying for giving appropriate like why sometimes when you go to website you see different things on an iphone versus on your mac it's because they're using the user agent string to give you a mobile version of the site and stuff like that so there are so somehow were these queries from uh from facebook expected an integer or a floating point number and and got a letter right exactly so they're using regular expressions to pull information out of this complete mess of a train wreck that is the user to write the query agent string and their regular expression was too tightly tuned and their regular expression didn't match anymore when apple introduced a bracket which meant that their website didn't default to rendering some sort of sensible page their website defaulted to joint big error message I don't know what browser this is go away which is a silly default but that's what they did so it so apple broke facebook is that that should have been the headline dog bites man right so apple went off and proved that you can people can revoke them so apple stopped pushing out the update and told everyone who had a problem that they could roll it back which is what everyone started doing and then apple had to figure out well how do we make our users secure without breaking all these regular expressions built into people's websites all over the planet and the answer they came up with hang on right but cliffhanger the answer they came up with was so did it break on the parentheses a version because I thought it broke on the parentheses b version no that's it broke on the a version which is why the a versions retracted we never saw the b version that was never released to the public and then the c version did what I'm about to describe huh because I mean I installed the a version but I didn't remember seeing it get pulled off is it you may know you wouldn't have pulled it on unless you pulled it off or unless you install the c version later which superseded it if you didn't run into an issue you would never have pulled it off unless you were doing an issue went to a website that broke you would never have removed but I thought you said they pulled it they pulled a they stopped publishing it so they people who hadn't already applied it vanished from their the little plus one sign okay but I applied it right so yeah they didn't retro they didn't reach into your computer and take it away they made it not available I thought they did okay I thought they did no they didn't but they did give instructions for how you roll them back so anyone who had trouble could roll it back themselves instructions if you didn't know that's what it was I'm sure the apple twitter account was tweeting all over at apple support pages were full of it and the internet was full of people saying roll it back roll it back apple's documentation shows how you roll it back support.apple.com gives you instructions for rolling back and also didn't it break more than Facebook it wasn't just it wasn't just face with a couple of other websites I believe I heard someone mentioned certain features in zoom so not not I don't think it was all of zoom but I think there were certain web interfaces for zoom but the the basic cause was web servers failing to interpret the query or the user agent and failing defaulting in a way that broke things as opposed to a more defensive default I kind of so anyway they decided in the end that they still wanted to communicate to people that the version of safari visiting the web server had this newer version because hypothetically they could end up having to disable a feature as part of a rapid security response if some feature is proved to be catastrophically broken they could push out a rapid security response to revoke a feature or change its behavior and then in theory a website could need to know oh if I see safari version whatever I can't do x y or z it doesn't have support for zip encrypt you know whatever it could be right some features they've had to pull back for security reasons so they still want to communicate in the user agent that the browser has updated that is the point of the user agent right sure so where can we add the information without breaking everything and they decided they would update the build number for safari not the mac os number okay so there's no a there's no way at all applied in the user agent it's what the user agent string okay yeah so instead the version number of safari is what changes which communicates the information so when they put c out it changed webkit to a different version number webkit or safari I I thought it was webkit now I know it's the two numbers happen to be the same so actually it's probably a distinction without a difference yeah so the webkit number and the safari number are the same okay so that is your user agent string how did you find that so there are lots of websites that will echo it back to you so if you type into Google you know the way you type into Google what's my IP address if you type into Google what's my user agent it'll you'll get a lot of different websites that show your user agent or you could look at the lot I did not know you could ask I didn't know you could ask Google for your IP address I always go to IP chicken because that's fun to go to it's got a chicken yeah now Google of course being clever that they if they can answer you without sending you to someone else's website to someone else's ads they will answer you with their ads so that's what they do when you say what's my IP so interestingly you and I are both on the same version of safari even though you're not up to date on macOS that is interesting that could be true yeah anyway the the obscurity of user agent strings and changing them broke the internet I kind of like tidbits this summary tidbits guys are always great for getting to the nub of things what's in that chap who runs tidbits who you interviewed who I love this thing too thank you Adam I'm almost certain it was Adam who wrote this while Apple's choice of letter for Rappas' your response updates is questionable Meta and other companies whose websites were affected also bear responsibility for not failing gracefully when encountering unexpected user agent identifiers yep take the blame that's the truth spread it around so anyway ultimately no harm done they'll I'm sure Facebook will take action immediately to fix this problem yeah basically Apple have discovered that when they do rapid fix at the safari they need to do this and not that so this is yeah teething problems nothing catastrophic that's interesting I thought I understood this and I understand it more now excellent so deep dive number three then is some new rules to the app store that have seen a little bit of news coverage but not a lot but I think they're actually important particularly to people who care about their privacy so and I guess to prove that this is a big change it's so big Apple are pushing it out in phases with advanced notification so Apple released new rules this week which say that from the fall which I interpret as from the next version of macOS and iOS that's usually what Apple mean by the fall so from the fall developers who upload an updated or a new app that doesn't comply with these new rules I'm about to describe will get a warning saying by the way your app is in breach of what will become the rules in spring of 2024 when all apps that fail will just be rejected automatically now that's interesting well your notes say that uploads will be blocked if they're non-compliant but if you've already got it up there you're fine yes so they're not reaching in and kicking apps out of the store this is sort of Apple's normal thing that when an app is up whatever rules were there to get it up that's what gets it up and then going forward every time you push out a new update to your app you have to abide by the current rules so it's a bit like housing codes you know you build a new house you have to buy where the newest codes you have a house from the 70s oh okay you wouldn't pass today's codes but they're not going to rip your house down right right so what are the new rules but before I tell you what they are I'm going to tell you the problem to be solved because this is an oscillicast so Apple have spent a lot of effort for a very long time trying to protect users from cross app tracking so this is where a third party can know that you are both a user of app A and a user of app B because somehow they can connect the two use together and this is this is kind of a story over time so in the very early versions of iOS this was very easy because Apple were naive as was everyone this was the early days of these things we didn't know better and there were APIs on the iPhone for all sorts of useful things like say the serial number of the CPU in the iPhone well there's your own changing identifier tada tracking people easy we also had the the IMEI was a big thing too right I don't remember if the IMEI was exposed by official APIs but there were certainly ways to get it which were then later locked down right you could say that yeah I'm not sure that was ever official but it was certainly possible Apple's first attempt at locking it down was was to create a randomly generated identifier on the device which they call the ID for advertising the IDFA and they provided some UI for the owner of the iPhone that they could at any point when they felt that they were uncomfortable reset that ID and because it was a generated ID instead of a piece of hardware on the phone you actually could change it but it was still pretty sticky which meant that was still pretty good for tracking people and that was sort of seen as a reasonable balance where you can change it if you want to but we now have a mechanism that isn't indelible and that isn't as icky as your serial number so on the whole the IDFA was a step forward but it didn't really solve the problem very well so the next major step forward was app tracking transparency which we've definitely talked about a lot and all app tracking transparency did was that when the app makes a call to the operating system saying hi please give me the IDFA the operating system now puts up a pop up to the user and says this app would like to track you across applications do you approve or not and basically you have to explicitly opt in otherwise the answer returned to the app by the API is zero so unless the user opt into sharing to cross out tracking IDFA is zero so that's that's all that's technologically that's what app tracking transparency did it just now I think that you can set it to automatically do that without asking you but I make it ask me just because I like to know who the dirtbags are that are asking me I agree completely and yeah so the point being without explicit consent the operating system won't hand over the IDFA it will just hand back zero so that's really what's changed but the desire to track has not changed right there are incentives and companies to do so now it has always been against Apple's rules but having something in your rules means that you can retroactively kick apps out if they're caught but you kind of want to technical control wherever possible especially when you're dealing with the volume of the app store millions of apps so after app tracking transparency came in a new trend emerged where developers of shady apps that wanted the track started to use a new technique called fingerprinting and this is something that they borrowed from browsers so the web is another place people like tracking and fingerprinting emerged on the web in response to cookie blocking so the idea is instead of having one identifier that clearly identifies you try find as many innocent looking things that are not unique to everyone but do change from computer to computer and if you put enough of them together you will get a unique fingerprint so it doesn't tell me a lot that you're using a Mac but it tells me more that you're using a Mac with a 2018 screen it tells me more that you're using a Mac with a 2018 screen and you have this font installed and not that font installed and you very slowly build up small pieces of arguably irrelevant information but when you have enough pieces the sum total is unique so two things on that one didn't Apple stop the ability to track that through your web browser they stopped it reporting anything but you know you're on a Mac Apple takes steps to make it as difficult as possible and every time they find a way of leaking information they do something to stop it but that there's no guarantee that they haven't found something like a timing delay on a particular JavaScript function okay it is a cat and mouse game and Apple are playing it quite well this is also relevant in the security of information in government security when I was working in that field where I would need to get a piece of information from a classified program about how many people are using X software and they wouldn't tell me and I was like well how could that possibly be classified and they said well it's not but if I tell you the answer to that then you know how many people are doing this kind of work and then you find out about this piece of software and how many people are doing that kind of work now you put those two things together pretty soon you can figure out what we're doing inside here and even though I was actually clear to go in and find out it didn't matter they weren't going to report that to the outside I really think it was a dodge because I was trying to get to I was trying to stop paying for as much software and if they weren't using it I wanted to stop paying the maintenance agreements and so I think they were just being squirrely but it was it was interesting it's this exact same thing little pieces of what appear to be innocuous information if all strung together you can start to figure out who someone is in this case exactly yeah and so a trend has emerged where shady developers were starting to find different APIs in iOS and macOS that gave enough information that if you string enough of it together you can fingerprint the device and get cross-app tracking and anyone Apple caught doing this they kicked out of the store but again that's not a technological fix that is an apply your policy fix which is leaky at best so they have decided to try to make a more robust fix which is where the new policy comes in so they obviously know which API calls have already been abused right the people they caught being naughty they know what they were doing so they already had a short list of APIs that leak some information and then they did a review of the rest of their APIs to see well if I were a malicious person what other APIs might I switch to if we were to do something to block these ones they're already using and so that superset they have now officially in the documentation they have attached a label to those APIs that says that they require justification so any developer every one of them every one of them and so the other thing Apple have added recently to the app store is something called a privacy manifest which is a metadata file it's a plist file if you really care which is used to build up those privacy nutrition labels so what data are we tracking and stuff so there's new fields which I presume this is why it's happening in the fall which I presume is when we get new OS there's new fields being added to that file where you have to give a justification for every API you use that's on the restricted list so basically it's an array being added to the plist and you must name the API and give your justification name the API and give your justification and so when you submit an app from this fall it's very easy to see what API an app uses so Apple will scan the app to see all of its APIs it will then scan the manifest and if the two don't line up it will give a warning to the developer saying warning from next spring this app will begin to be rejected because you use this API without justification you use this API without justification and you basically hand the developer on a platter here's the things you're doing these empty boxes fill them in put them in your privacy manifest okay and so when the app is come was up for review then if they'd have all the justifications they will pass automated review and they then end up with a human and then the human reviewer simply has to go this is a flashed out app it is making use of these APIs and the justification is whatever right they're going to go that's ridiculous reject so the result is going to be that very few apps are going to have a justification for zero APIs but every app is only going to get the APIs they need and no more so the chances of any app legitimately having enough for a fingerprint fall off a cliff it seems that this will probably slow down app review because a lot of people will yeah every time you have to inject a human it becomes and we've seen that the the review sometimes is a little less than logical but Apple have been working hard to automate as much as possible the information gathering so that when it gets to the human the human is not presented with an app and some rules the human is presented with an app and a technical report that says this app has the following nutrition label this app has the following you know descriptions and stuff so what the reviewer gets is now quite a rich piece of information and this automated scanning of the APIs and the justifications means that it won't get to a reviewer until the ducks are in a row so you're making the assumption that the non-human part is unaffected speed-wise and I would I would challenge that I was just listening to Casey Liss on the accidental tech podcast he's got an app that is affectionately referred to as like IMDB but not crappy not all full of ads and everything that's really interesting oh it's fantastic it's called call sheet it's not it's not out yet he has gotten approval finally to get it get it out but the first rejection he got said oh the first rejection was logical it was something he hadn't done and it was like okay I didn't know I had to do that great it was some thing he had to type up but the second one was you can't have a video player in this app because you didn't ask for it he didn't have a video player in his app okay so he wrote back and went but I don't have one and it said oh okay well you can't use copyrighted material from Disney or Pixar well what he had was movie art and every app like this has the movie art right IMDB has the movie art and he ended up having to get a human on the phone who then went oh yeah you're fine but it took it took two rejection cycles through absurd answers from the automated service and then well what he's assuming is automated because a human would look at it and go oh those are just movie posters well I wonder how automated they have yeah yeah I don't know either way either way it was a slowdown that that was ridiculous I mean it had no logic whatsoever so uh automated or not right in this case the automation is a simple binary of here are the fields you're missing right no no it's it's whether or not it's justified based on your justification no no that's what the human requires logic right the automated the automated bit is going to just be to tell you that you're missing fields and then the human review will have your justifications ready so you're right there is a little more work for the human but the automated bit shouldn't it's it's not a difficult ask for automation it isn't whether they'll be good at implementing it I mean having something that says you have a video player when you don't have a video player that should be pretty easy to check too yeah probably isn't because there's probably bad guys using all sorts of obfuscation to sneak video players in maybe maybe anyway I wouldn't put a past it to slow it way down based on what I've learned I don't see it as all in our benefit it absolutely is all in our benefit yes so basically the end result is that you shouldn't lose any functionality because if you have a legitimate reason to use these apis aren't being shut down these apis aren't being turned off there's no functionality being reduced it's just some extra safeguards to make sure that an app that needs your camera can well cameras are already well covered but the apis are sensible it's just it's just a a sensible balance between human knowing you're on a 5s that doesn't have this graphics co-processor that you need in order to play this game that would you know something like that could be in those detailed ones yes that's not for fingerprinting it's I need to know whether they have this graphics card but a human we have to review all of those it is fingerprint to bowl but it's a good reason to have it yes exactly but a human will have to if those are open text fields no they're not drop downs they're drop answer they're drop downs okay and there's a process for requesting exception so there's a form for saying you could still lie right it still has to pass most over the human but they are working to make the report that gets the human as easy to to vet as possible obviously the reason Apple have humans in the process is because humans add value but they are trying enough humans well they are look they are staffing up and then at the same time there's more apps being submitted they are adding automation at the same time there's more to be checked for because the naughty people are discovering new ways to be naughty I don't know if you ever win but anyway but there also aren't enough humans to hire so staffing up is virtually impossible right now that is true and it's true we are in a an employees world so an employers world at the moment right right this is very interesting I appreciate the the explanation excellent well that then brings us on to actual alerts our two big hitters here Apple have patched everything and Microsoft have patched everything in the Apple case it is worth drawing attention to the fact that these are these are not rapid security responses Apple followed up a week or so after the two rapid security responses with full OS updates which include those fixes right because that's always the way with the rapid security response they will be subsumed into the next real update they also contain more than the rapid security responses the updates fix three zero days the rapid response fixes two zero days so there's an extra bonus fixed zero day and obviously the rapid response is only in the very latest operating systems because it's a brand new feature these updates are for all the supported operating systems so back as far as big sir I see in the list there which is now at sirs did we know that was still being supported that's way back is it well all I can tell you is that it's still just two yeah it's gone to 11.7.9 so there you go um and yeah they do about fatigue on these updates you know people are getting this is how many this month well it's the one real one this month I guess you could argue but the rapid updates if they get better at these rapid updates and they genuinely become low friction then actually the fatigue issue should be remediated not made worse but now with these teasing problems yeah you're right it doesn't it didn't feel good this month and it did uh it did require a full reboot which I thought the rapid security responses weren't going to right but not a reboot like with an operating system update right when you do a reboot to install an OS update it's not just and we're back in 30 seconds right they goes into that oh I wasn't back in 30 seconds I was definitely not back in 30 seconds it was significant it was more like a real one that for other people's experience was very different I can't answer why I'm just saying so I heard quite a few people talk about and they all said that they were amazed at how quick it was they turned their back and their machine was you know they went to grab a cup of tea and it was done before they were back and oh well it yeah a cup of tea was there were people who said it was 20 seconds and the look I'm only saying okay I didn't get to it before they pulled it and then I did it last thing as I left the office I was like well I don't know how long this will take hit the button walk away walk away okay well I guess I should I guess I should time them for so I can have these conversations but anyway there was also Microsofty updates 130 bugs squished five actively exploited so patchy patchy patch patch in windows land notable news then and it caught my eye that there were two new initiatives on AI safety so the first one to break and I should say to listeners it's been three weeks since we had a security bit so we've a bit of news to catch up on so I think this happened two weeks ago but the White House released a giant big statement I believe in the Rose Garden to say that they had reached an agreement with seven major companies to get their cooperation on AI safety so they all basically agreed to work together to make AI safer and those seven companies are Amazon, Anthropic, Alphabet, Inflection, Meta, Microsoft and OpenAI okay the next week we had a different announcement from just four companies Google, Microsoft sorry I should rename that to Alphabet, Microsoft, OpenAI and Anthropic and they have created something sort of an industry body that they're hoping will develop its own steering board and all you know a full infrastructure like the W3C looks after standards for web browsers the idea would be that this would be as sort of a full industry body that will grow over time they're calling it the Frontier Model Forum since AI is all about models and so a Frontier Model is a model doing something new so the Frontier Models currently are these generative AIs so the transformers they're currently Frontier because that's at the edge of our knowledge but the idea of calling it Frontier Model is that whatever is the next thing that will be covered too so whatever AI is doing that's new when it's on the Frontier yeah whatever's on the Frontier and so they're going to create bodies to create the idea is that they're going to produce certification, testing best practices all those really boring industry things but if they all agree it together then it's not a competitive disadvantage to do things right what is safety in this context the AI should not violate people's privacy the AI basically anything anything you're afraid of the AI doing it's very broadly defined so that they're not constrained but if you see that I'm lacking my job no that's not safety it's probably not that what about I'm afraid of it taking my intellectual content you know my intellectual property that might be it's not safety that is a different issue that's one for the courts right so that's why I'm asking what's safety so safety is more about we have fears that these AI's will will end up having discriminatory effects where you could end up with systematic racism racism okay I mean we have a long history of AI's doing will they follow the three the three laws I mean that's an important one yeah I mean look I don't know all the details yet right this what we have is a press release saying we are going to set up a body our first step will be to elect a governing council their first step will be to define the procedures it's very bureaucratic but it is a full-on industry body so you know it's forward looking and the idea is that they will invite others but these four companies are doing the the setup they're getting it already and then the idea is that over time others can join this forum and that will become a full industry body there's been a lot of digital ink spent pointing out that neither of these two initiatives involve apple which apparently is some sort of thing that is worthy of clicking on or it has the word apple in the headline and it's clickbait yeah okay it's probably that I just don't understand why people think apple should be on these lists what generative AI that is in any way risky have apple put out into the world without appropriate safeguards none whatsoever so the ios 17 has type ahead stuff but that's about it right yeah which is extremely that's a large language model right it's an LLM but it's not or maybe a mini maybe it's a mini large language model though it's a full large language model but being applied in a very mini capacity so well but it's also on device so it's probably not very large and no no that's not how large language models work so the idea is you spend six or eight months generating a matrix of numbers and then you put that matrix of numbers onto the end device so you use half of the world's computing power to compute this matrix and then that matrix is actually the model and so you've heard apple talk about their bionic chip yeah that chip just receives the answer to a whole bunch of computing power and it stores that model in hardware and then you show data in one side and then the numbers make that data get transformed one way and information pops out the other side and that's all a large language model is so they're quick to apply the work of figuring out those numbers that's the hard part okay okay I learned another thing today AI is fun yeah so basically apple's use of these technologies is very conservative so they are very risk averse they're not doing something like might like google for example putting barred out completely half baked and in their press demo having it lie it's just like fat lie about some astronomical fact that was trivial to check all right apple aren't doing any of that stuff so I don't say any particular need apple are not a glaring omission like you know burger king are not here either so you know I've been worried about that yeah I'm still surprised at how often wrong these are I maybe I'm just why are you surprised about everything I ask it I get a wrong answer everybody's out there going this is the greatest thing since like sliced bread but there's a new another one called finned phind d it's an open source AI that does programming stuff and I asked it to write a shell script that did blah blah blah and it was something super simple like list what's in my current directory and it didn't run it didn't work because I forgot to put quotes around something and it was like that was like I barely know what I'm doing but we're working my way around a shell script after programming by stealth and I looked at it and I went well that's not going to work and I was right and it was just like it was such a simple question I always get wrong answers like every time I don't know why people expect anything better because all the large language model does is it learns the patterns of language and reproduces them so it is a fantastic machine for repeating the mistakes of others exactly it's almost as though it's designed in it now I was listening on on daily tech news show they were talking about that it looks like the models have run out of open source data to be taught on and so now they're learning on themselves it's not clear what's going on people are less happy with the results that is a measurable thing people's feeling that the AI's are answering them well is declining that's measurable there's two hypotheses that are on the go and the data fits both and the answer is probably yes and but the two hypotheses are that while they were training the AI's they were used internally in tech companies with smart people now they are in the world with idiots the other thing is that initially they're on the surface they're very clever these large-angle models at first blush they do amazing things but the more you try to use them for real the more you realize that their answers have always been terrible so they make a great demo but they've actually never been very good and so the other thing that's going on is that people are starting to genuinely use them and realizing that they were never as good as they thought so it's probably both of those things that our initial honeymoon period is over and they're probably getting dumber as well it's probably both and it does matter the context of this whisper AI that's in what is it called shoot I always forget the name of it because when you download it it's a different name but Jill McKinley's got a review coming out in a couple of weeks it's a transcription service and it's it's it's incredibly good I mean phenomenally good now that's taking text and or taking audio and transiting it into text and being able to summarize text you give it it's good at that you know there's there's a lot of things that it's good at it's making when you tell it to make up the answer out of whole cloth it says well my whole cloth just happens to have a bunch of holes in it right and that is again the thing where you can take the same technology and apply it in different ways and get very different outputs so the translation stuff the you know taking sound and turning it into words or taking French and turning it into English those kind of things the AI is getting quite good at but they're a very different problem to here is a blank page fill it with something that does this which is a way more difficult question and the big issue at the moment is that we don't have our AI models are about analyzing language they only understand that these words like to come out of these words they really hate coming before these words they don't understand they have no model of truth they don't have any model of knowledge they literally don't understand now there are ways of representing knowledge and so the next obvious step is that you take AI's design to understand knowledge and you use those to work out an answer and they exist for mathematical equations and stuff and then you use as the communication layer the large language model so its job becomes communicate to this thing we know to be true to the humans using their language which you have learned and that's where I see the power coming in but until there is a back end that understands the relationship of facts it understands that there are facts what those facts are and how fact one is related to fact two like all animals have four legs my cat has four legs therefore my cat is a dog wait no that's wrong right my cat is an animal exactly so that kind of epistemology that has to be modeled one of the ones I'm really excited about I posted this in our Slack at podfee.com slash slack in the programming by stealth channel programmers use a tool a web service called stack overflow people post questions and people post answers then they upvote the right answers and so the good answers all float to the top so it's a fantastic resource to post questions but just to look at that any question I have probably somebody's already asked they are writing their own AI which will go through all of the data they have in stack overflow and give you the answer to the question you ask the stack overflow AI it'll go through all of the answers but it'll show you where the link to the answer is so that you can get the context for the answer so you're going to get this is not released to the idiots right it's exactly the opposite it's released to the smart people so I think it's that's going to be a really exciting one and that's also exciting for another reason is in order for AI to get better it needs to have a good quality signal and one of the best things about stack overflow is their voting model has resulted in them having a database of very good data on this is a good answer this is horse poop and so because they have good data their AI has a very good set to learn from so that's very exciting and that thing about showing your work that's the reason that that is the big differentiator for me between what Microsoft are doing in Bing and what others are doing with just a plane here is the answer and you have no idea why so when you search using the it's open ai's large language model under the hood so it's check it's gpt4 under the hood but it doesn't just show you the search results or it doesn't just show you the summary of whatever you asked it for it gives you the links to say here's where I pulled my information from and that makes it a lot better telling you how much faith you should put in the paragraphs so you've asked it to you know summarize the controversy around section 230 via or vi versus uh vi versus uh emacs oh my god emacs right and it would actually be a good one to test it on exactly so I much prefer this idea where we're the other very interesting thing we're doing is we're making the AI not go straight to the answer another approach is to make the AI make very small steps and tell you each step and so the output will then show you not just an answer but a sequence of logic and you can at any point in time say whoa whoa whoa back up to step two there that was wrong now recalculate and so because it means it's it's not a black box it's a many many smaller black boxes that's easier to tell what it's you know that's easier for you as a human to deal with so there's lots of cool stuff going on to try and make these AIs not quite so actually it's a great word I heard an engineer use he said don't call them hallucinations call them confabulations it is constructing facts that don't exist it's confabulating I like that I like that um great word too yeah yeah that's much better I've never liked the hallucinations because it's not making something up it's it's just wrong it's building it yeah it's building it out of pieces that it doesn't know shouldn't go together it's confabulating the uh name of the application I was trying to remember is whisper transit sorry whisper transcription for the Mac it used to be called Mac whisper and they changed the name and that's why I couldn't remember the one that Jill's going to be reviewing and you'll hear about it then I have a feeling that same engine is used in a lot of places oh it is it's whisper yeah yeah that's what I said it's whisper AI yeah yeah which is which is open source it's the same one that's used it's also used by um uh aphonic so that's where my transcriptions come from on the web someone in the back of my head Microsoft Teams may be using it too but I could be wrong about that I think I know it's popular yeah yeah okay that was a fun diversion that ended up being your deepest deep dive and it wasn't even the show notes um where was I in my show notes though by the way I did ask uh I did ask Bing uh about emacs versus uh vi and it did come up with the rivalry between users the emacs and vi now usually vim or more recently new vim text says it's again I mean during part of hacker culture in the free software community it goes on that's not bad no no it is good the holy war is conducted on usenet groups the flame wars it's great yeah with citations like you said yeah to me that's a big differentiator and if I'm going to use AI I wanted to show me its homework show me your work um okay the next one so that was AI safety initiatives another interesting initiative from the white house they have released a voluntary so it's an opt-in but it's a certification process for smart home devices and if they pass they get to put a little badge on the box that says these devices pass a minimum standard so that will make it a lot easier to find out which stuff isn't likely to be all broken so it's a bit like electronics in europe we look for the kite mark that means it won't electrocute you because it's past EU inspection this will be a similar thing for it has a baseline of security for smart home devices when I heard about this one I just picture you doing a little happy dance in your house because this is what you were looking for this this is great definitely yeah yeah I don't know well how soon people are going to be doing it but it would I mean it seems I could be a differentiator on the box and that's what gets people to do something is you know commerce and even if other people don't I get to that works for me you know sure the next one is a slight personal one here there is a very interesting development in the world of web browsers there's a browser called arc that has basically taken the rule book thrown it away and reinvented web browsing as if it was being invented from scratch today which means no technical debt so it's kind of the inverse of our user agent string which is full of technical debt yeah Tom from Ontario did a review of it back in March on the no silk cast yes I remember listening to that review of being intrigued yeah I also remember listening to that review and asking myself the question and how is this supposed to make money and unfortunately that's what I ended up digging into I spent half an hour on my walk yesterday trying to figure out how actually no it was Friday it might have been Friday anyway I spent some time trying to figure out how this company is making money so this new browser is a very polished product they've just gone 1.0 so it's a longer in beta you no longer need an invite it is now out there you can just get the product now and it's really polished it has taken a significant team of human beings a significant amount of time and they are planning on rolling it out to windows but they're doing something else for free for the community as they go they are writing a windows compiler for Swift so they don't have to rewrite the app so they're basically taking Swift code that works on the Mac and making it compile to windows they're just building the tool chain for that just as an open source project as they go because hey if we want to port a wrap why wouldn't other people want to port the wrap this is not cheap this is not something that's being done on a shoestring this is a for-profit company and ours technically we're unable to find a business model no one I was able to find has been able to find the business model and their website does not in any way shape or form give even a hint of a business model so it's a for-profit company with no road to profit that sets off all of my alarm bells they need to make money how? because they're in a privileged position what incentives is their business model going to set up so until I understand how I am steering clear and I would recommend people think twice before jumping in because we don't understand how this thing is supposed to make money huh so we don't know that it's bad but we don't know what it is and so why are they not telling us yeah and well the biggest thing is incentives drive behavior right Facebook invade your privacy exactly as much as they can get away with without driving you away because if they've invaded too much people run away therefore they lose money and if they don't invade it enough they can't sell as much data so they lose money so the incentive means that they're they balance how icky it is versus how much they can get and so there are incentives for this company and I don't know what they are so I don't know what way their decisions are being driven what it is they're being incentivized to do I don't know I just I can't make a decision on things unless I know where the money's going you know why am I happy to use a free website like Wikipedia well because it's a charitable foundation I can follow it why am I happy to use Firefox because again it's a foundation I understand the model you interviewed their CEO so yeah I'm just very worried we do know what they have gotten their current funding that's that's from investors yeah but investors are going to make money going going forward well how do you pay the investors the investors bought a stake in a company on the expectation of getting their money back that's what it means to invest how so yeah that worries me that deeply worries me so I figured that was a good opportunity to repeat my little follow the money story and in a similar vein there was a lot of new of headlines about the realst Mac malware targeting macOS Sonoma which is a thing and my initial reaction was I'm not going to put this in the show notes because Alanson doesn't want me flooding people with same old same old that happens all the time and on the one hand this is a very boring story there is some Trojan software out there tricking people into installing it and when they install it it does naughty things that is like but I thought it was worth putting in the show notes for two reasons so the first thing is to remind people that even today with all of the attention the Mac has gotten from the bad guys the most common way that icky software gets on your Mac is by tricking you into installing it yourself most Mac malware was installed by the user themselves who were told that it was going to give them some free Bitcoin or that you know something that they wanted it was going to make a picture of a tennis player oh yes precisely all of these things that was that poster yeah that poster sold a lot of malware or distributed a lot of malware and the other thing I think that we haven't said explicitly and this is a really good excuse to so malicious software is software it can do anything other software can do it's built in the same ways other software is built it's built by programmers who do all the same things other programmers do right there's no real difference in malicious software other than the intent it's not technologically different it's being written with an evil it's like a hammer or a hammer build a house murder someone same hammer right software and malicious software it's you know compilers code it's all the same stuff here it's using the same APIs is it using those APIs because it's writing your word document safely to your hard disk or is it using those APIs to read all the files in your home directory find credit card numbers and send them off to someone else right the the pieces are the same so it shouldn't come as a surprise to us that anything a normal app can do malware can do so Apple have released new betas the vast majority of apps who work on those betas right you just take your favorite app and you run it on Sonoma and there's a really good chance it either works fully or mostly which means that most malware works fully or mostly on Mac OS Sonoma Apple have released all of the developer tools to allow you to make your app fully Sonoma compatible well the malware developers have all the same tools so they can make their malware fully Sonoma compatible that's good yeah so basically the big headline that was catching people's eyes was oh my god malware that works on Mac OS Sonoma to which the security community's answer was well of course it does because software works on Sonoma so that's the reminder that if you can use your normal apps the bad guys can make their bad stuff work too so basically if our friends like that wonderful chap who's Steve who does reinvented software if he can make his app go see if Steve Harris can make his app go evil naughty person can make their app go to which is sad but true so anyway I figure that was worth reminding people and because it's been three weeks I've ended up with three palette cleansers and I could have had five but I decided I would give you quality over quantity so the first thing I have is a video that absolutely fascinated me so Bell Labs the kind of important and they had a massive big super computing center at the time not very super now it's hilarious now the Humdell computing center and they had a training video for their new programmers teaching them how to basically first off saying all the fancy things we have like you know we have one megabyte hard drives and you know these ridiculous things right these giant big room size computers and how you submit your program in your you know you have to put it on these punch cards and you hand it to this lady and she'll run it through the computer and it'll be in your inbox four hours later the output from your program and we have these line printers that can print a hundred lines a minute all these kind of things it's amazing to see what has happened to computing infrastructure since the 1970s I can tell this is a good video based on the number of people that sent it to me ah that is a good that is a good metric ah I just yeah what slightly got me a little bit worried is for a long time one of the things that made me cranky and works it was that my official job title before it became cybersecurity specialist was systems programmer that is a title that dates back to the mainframes in that video oh that's so funny I love it I never worked on any of those mainframes but my job title until last year was systems programmer I'm pretty sure at one point the video mentions and you can hand yourself to a systems programmer yeah and I wouldn't know what to do with it but anyway ah that was fun the other thing then is one I've had in my inbox for a while and I've been saying I must get around to reading this I'm sure it's a great article short long story short it's a great article it's from The Verge designing for colorblindness it's the first article that explains in a way that's completely unconfrontational and without being patronizing just goes back to zero and says look I think most people think that colorblindness is a binary thing colorblind people don't see color that's not how it works at all and it has a lot of pictures with sliders to show you this is what you see slide the slider and this is what someone with my type of color blindness sees now for me some of those sliders did nothing which was well I was expected because I am one of the 8% of men who have reduced color sensitivity so yeah I can see colors just not as many of them as other people can or not as saturated and some of them blend together right no it's not about saturation it's about a failure to differentiate between certain parts of the spectrum and it's really confined so in my case it's certain reds and greens blur together it red so you see them as the most common that's the that is the most common my friend Bill his dog used to actually it was his brother they had a red dog who would hide in the grass right in front of him and he couldn't see it so mine isn't to that extent but you know those blood tests I fail an awful lot of those blood tests which are basically colors that are similar but not the same so other people see the pattern in the blobs and I just see blobs and I got very excited when doing the test I was like I recognize what it's the number of 52 and then I read the caption only colorblind people can see this because in reality this number is made up of a pattern where it's actually lots of different shades inside the number so if your eye can detect the different shades the number is lost in the noise but for those of us who can't detect the shade the number jumps out oh that's cool it blends into one yeah it was cool until I was cranky darn but to be honest it was a science teacher who made me take the test because she had a suspicion that I couldn't tell the difference between two different labels and there were old labels in an old lab so they weren't yet properly accessible and there were basically two chemicals that I should have known were different and I couldn't tell the difference nowadays all these things are properly regulated right which is good and she sort of went I think you should look at these tests and I was like oh yeah I can tell that one and she was like oh dear that's not the winning you think it is this is interesting in the context of I was showing off to Bart a diagram I did recently that I'll be talking about later about the layout of all the different tools that I use to create the live show and it's I've got a diagram because I love making diagrams and I wanted to have the audio and video lines be differentiated so I made them different colors and the instant I did it I said okay colorblind people can't tell the difference so don't ever just use color to differentiate something so I made the one of the lines dotted and one of them solid and so if you just always keep that in your head is never differentiate things only by color just don't do that then you're fine yeah I mean you can use color to entertain those who aren't colorblind but don't make that be the difference between you know delete all my files and keep all my files precisely exactly yeah so a classic example is different textures as well as different colors or different pattern different background patterns as well as different colors or different line shapes or different line thicknesses just color and yes and because some people find color really effective like it really helps them see things so you definitely don't want to avoid color you just want to do it in an accessible way so yeah I thought it was a really good article and the reason the article finally got read is because you share that diagram and then I was like I've had an article in my inbox for ages that I think is worth reading and that I think might be worse a palette cleanser and then I saw your diagram and you mentioned explicitly the colorblind thing and I was like okay fine I'm going to read that article and also this gives me an opportunity to tell you in public what I said to you in private I take great pride in in my diagramming skills you your diagrams are better than mine your diagrams are a lot better than mine I sure appreciate that because it takes a long time like I I just put one in my article about my CalDigit doc and the first thing I did was I drew a little rounded rectangle and I wrote CalDigit hub actually hub not doc CalDigit hub and then I drew lines coming out of it saying this one's going to my computer this one's going to my light this one's going to my display that kind of thing and I looked at it and went boy is that boring so instead I spent two days pulling all of the images in of those things making sure that they had transparent background so that the arrows could attach directly to the object instead of going to like some white space around it and making sure the arrows are going the right direction making sure all the data flow arrows are correct hopefully and it takes a lot a lot of time to make them look good but it also makes me understand how they work that I really understand what I'm trying to teach it's a fantastic communication tool but it is a lot of work I think people think that it's easier to draw an essay than to do a diagram it is absolutely not they are both difficult back on the accessibility thing if you do run your own website I've had articles about this before but there's a service called webaim.org and they have a web accessibility evaluation so WCAG is the group that manages the W3C standards for color and for accessibility in general I should say but they have a if you put your own website in there there will be a rating for how you did on color on color contrast so and it'll highlight the pieces of your website that you know you got to increase the contrast in that for people to be able to tell the difference it's one of the hardest things to meet it's really easy to go oh you forgot your alt tags oh okay let me put the alt tag back in but the ones for contrast because they don't tell you the answer they go nope guess again nope guess again right and is there such things right answer arguably not there are a lot of colors with your previous level of contrast there are levels there's double A triple A you know ratings but you don't want a D so you can keep changing it until you get it maybe I think I shopped for double A on mine I didn't say I completely succeeded there's some stuff built into my theme I can't change so that's it oh okay yeah and then the last one I have is just a nice little article from Coulter Mac hidden mac keyboard shortcuts you don't know leaving aside the snarky wrong headline because I knew 80% of them it's a really nicely curated list that's organized into like themes and I'm a keyword nutter so yes I do use almost all of these already but I learned new things I didn't know before and I I am sure that everyone will learn something different to what I learned but I think there's very few mac users who won't learn something from this little nice little curation by Coulter Mac I liked your your masted on toot though where you said sorry Coulter Mac you uh your clickbait title isn't true in this case but but I did learn a few things yeah yeah I figured be snarky you put a smiley on the end and then you get much more pick up and strange enough that toot got retweeted more than anything else I tutored all week yeah I think that's fun okay well that's all I got for giving that I thought there was no content quite a show an hour and 11 minutes wow okay well I don't think you get to say stay you can say do as I say not as I do in this one yeah I think so that's yes yes I will wear my dunces cap do as I say not as I do and what do I say stay patched so you stay secure well that was a lot of fun teasing him there at the end but we are going to wind things up for this week don't forget there is no live show next week we will be back in two weeks but there is no live show next week but in the meantime you can email me at allisonatpodfeed.com anytime you like you can send in questions or suggestions or one of those reviews I've been talking about I still need more content you can follow me on mastodon at pod feet at chaos.social remember everything good starts with pod feet.com if you want to join in the fun of the conversation you can join our Slack community at pod feet.com slash slack where you can talk to me and all of the other lovely no-cellic castaways you can support the show by going to pod feet.com slash patreon even though I didn't do an ad about it this week or if you'd prefer a one time donation go over to pod feet.com slash PayPal and help pay the expenses around here and if you want to join in the fun of the live show do not come here next Sunday but wait another week until I think it's the 13th and head on over to pod feet.com slash live on that Sunday night at 5 p.m. Pacific time and join the friendly and enthusiastic no-cellic castaways thanks for listening and stay subscribed