 Hi, this is Allison Sheridan of the No Silicast podcast, hosted at podfeed.com, a technology podcast with an ever so slang Apple bias. Today is Sunday, January 21st, 2024, and this is show number 976. This week's episode of Chitchat Across the Pond is a very meaty episode of Programming My Stealth. Barbara Schatz teaches us how to build data structures using JQ with JSON files. We're not just querying existing data now, we're rebuilding the data the way we wanna see it. We learn how to build strings with interpolation, which I still find a very odd word to describe that process, but it's really more like concatenation and Excel. I don't know, maybe it's just me that has trouble with that wording, but that's how I remember what string interpolation is. We also build arrays using JQ and even convert between strings and arrays with the split and join commands. We build dictionaries in a syntax that is just simple and elegant. We also build dictionaries from strings using capture with regular expressions. We learn how to do string formatting and escaping using the at symbol followed by other stuff. For example, at CSV, can automatically create comma separated values data for us and at URI can escape characters for us in a URL we build using JQ. Like I said, it's a meaty episode, but Bart and I both really enjoyed this at lesson quite a bit. You can find Bart's fabulous tutorial show notes at pbs.bartificer.net. And just in case I've got to mention it earlier, remember that we now have transcripts with chapter breaks. This means you can pretty much jump easily to a topic to reread exactly how Bart explained something, something beyond what's in the show notes. Steve and I read along with the transcript and listened to the show for a little bit and it was really, really accurate. It did misspell his name, he's Bart Bouchard in the show notes in the transcripts I should say, but overall it's a pretty good way to skim the text and maybe get to a portion of the audio where you want to rehear it for clarification. This is all thanks to the magic of alphonic. Okay, it's not magic, but it feels like magic. And you know, it's AI under the hood. And of course you can find programming by stealth in your podcatcher of choice. All right, let's get started with some interviews from CES. Now I do my best during these interviews to make sure the person I'm talking to knows this is for an audio podcast, but that there will also be an audience watching the video. The first interview is about an electric outboard motor and it's really something cool to see. So if you're just listening, it might be fun to also click the link in the show notes to watch the video. We see a lot of things with electric motors, but what I haven't seen before is an electric motor for a powerboat. So what we're in the Kaihei booth here with Christian Allier to talk about the first multifunction electric outboard motor. And that's a crazy concept. We're gonna describe this, but tell us first, what are you building here? First of all, we wanted something pure and electric. Okay, it was the first idea. We want to participate to the decarbonization. So we created, we designed and created electric motor for boats, 100% electric, 100% person with a new generation of battery. It's a nickel friendly battery. It means I changed my words. That's good. Let me describe this for the audience while we're talking. This looks like a little white torpedo. It's really cool looking. He's taken the nose cone off of it. Go ahead and pull it out. Yeah, the best shape is a torpedo. Yeah, of course, of course. It's aerodynamic. And when I talk about electric, it's no order, no reject, carbon reject. And our battery is a new generation one. It means you can repair it and you can recycle it. Oh, good, good. For example, this prototype uses absolutely second life cells, only second life cells. Okay. Which is very important for the recyclability. Oh, gotcha. And we spoke about multifunction because we first started by a boat motor. You can switch immediately in few seconds in snorkeling underwater scooter. So let me describe this. So he's got what looks like a more traditional. It's a torpedo with a propeller on the end. And then it's the same unit, but now it's got handles on it and a GoPro mount so you can be snorkeling and pulling you forward. You can shift it immediately in the water scooter. And you can do the same with this one. All right, you hold this here. I'm gonna pick up the third one. So this is the same unit. I'm holding another torpedo. It's pretty heavy, but it's got a mount on it. What is that for? 9.9 pounds. I'm just really weak. So what's this mount? So we have the traditional motor for the boat, electric motor, the scooter. And what is the third use? For stand-up parallel and kayak. Oh, okay. I might be able to stay up on some if it was actually moving forward with a motor on it. Yeah. That might work. Okay, so he's gonna actually turn it on for the video audience here. Yeah. Let's turn it on. Oh, wow, that's pretty quiet. Yeah, that's quiet. No order. That's right. No noise. No gas. That's awesome. Yeah, it's cool. All right, it's getting heavy, Christian. I gotta set this down and turn it off there. Okay, make it stop. Make it stop. Oh, there we go. Oh, he turned it back on again. There, I got the audio on the right place. Okay, so this is really cool. So the single unit can do this. How far can you go, or how long can you go on a motorboat with the electric motor? Yeah, it depends on the use and on the craft. For example, on the classic boat, you can use it for one hour. We prefer saying one hour. It's one hour and a half, but one hour with the classic boat, three hours and five... Three hours as a snorkeling scooter. Snorkeling scooter and six hours more with tender paddle and kayak. Oh, very, very cool. So when is this gonna be available in the United States? May, May 24. Oh, May 2024. And what's your price point on this? 1,500 boxes. Dollars, that's actually not bad for this. This is really cool. I mean, you could get a couple of those on a powerboat, right? Could you do two of these, two of the electric motors? Two, yeah. Yeah, for sure. Add up two. Go faster. All right. Go faster and longer. All right, and what is the website to find the Cahe? Cahenotic.com. Cahenotic.com. We will definitely write this down and have it in the notes below. Thank you so much. Really appreciate it. You're welcome. Thank you very much. Thank you. Well, I wanna add two more things to that. Grumpy in the chat room pointed out, why do I keep calling it a torpedo when I'm talking about boats? I probably shouldn't have called it that, but that was the shape of it. That's all I meant. The other thing is Steve checked the Cahenotic.com website and it's on sale for $1,000 right now. I don't know whether it's gonna go back up to 1,500, but it was kind of interesting that it's only $1,000. So if you want a portable scooter for your snorkeling adventures, it's a lot less than buying an Apple Vision Pro. The next bit of content you're gonna hear is from a company that had no one authorized to talk to me for an interview. We did meet a lovely gentleman who fed me some information beforehand and you'll hear me explain what I learned. It's quite short, but it's pretty cool stuff. A company called Tier 4 has developed self-driving software that then they gave as an open source donation to the AutoWare Foundation where now other companies are developing full self-driving with that software. They've taken it to level four driving, which means a driver assist. So there's a safety driver there, but not necessarily having to do any driving. And that's done in Japan right now, not in the US. And they partner with companies that build electric vehicles, electric buses. And while I'm standing in front of an example here, that's got a six seater configuration. It looks like a little conference room and you can sit facing each other and this is gonna be full self-driving. It's an interesting concept and I like the idea that this is open source software that can be developed by other companies. And the company again is Tier 4 and hopefully the Kilowatt audience will enjoy learning about this as well as the NoCellicast audience. A lot of people are fans of the ScanSnap scanners and they were from Fujitsu, but I'm standing in a PFU Ricoh company booth and Scott Francis is gonna explain to me what I just said. Yes, Allison. Well, thanks for stopping by. So the former Fujitsu company that has made Fujitsu scanners for over 30 years was acquired by Ricoh. Ricoh now owns a majority, 80% of our company. So now we've gone from the Fujitsu logo to Ricoh. Okay, that's good. But Ricoh's a household name, we're good with that. Ricoh is an excellent name, they make great products so we really found ourselves right at home under the Ricoh badge. Yeah, that sure sounds like it. So you've got a couple of things here. What I'm really excited about is portable displays. I think portable USB-C displays have just revolutionized my life, I think they're cool. So you've got an offering here. I think it's one of the best new products that most people didn't even know existed. Didn't know they even needed. That's right, but when you get one in your hands you'll know right away that you want one and you won't want to give it back. That's for sure. I bought one, I gave my daughter one and then now she's basically like a salesperson at her office for them. What is the offering from Ricoh? So this is our new portable monitor 150. We also have the 150BW, which is a battery and wireless model. So it's one of those to choose from, that's right. Wireless, okay, don't get me too excited. We'll come up on the wireless one. Let's do this one first. Yeah, let's talk about the basic specifications that both models share. First, it's a 15.6 inch OLED display. OLED, okay. That's right, so you're gonna get great brightness, amazing image quality. We have twin speakers on the side to compliment your presentation. This has tempered glass, so it's a very durable design as well. That's important in a portable display. And full HD resolution as well. Okay. Yeah, oh yeah, so what is the resolution? Resolution is full HD, 1920 by 1080. Okay, okay. And then it looks like it might have a kickstand on the back, does it? Great point, Allison, so we can see it from the side. It has an integrated kickstand. This is unique to our model. It's unique because you can have it in different orientations. Let's say I'm a graphics artist and I want to do some digital art. I can have it in any orientation that works. This is a 10 point touch screen display. So for Windows users at least? Windows users, Mac users, even iOS and Android. Oh, that's interesting. So the way he's got it set on the table, it's at an angle like it would be very comfortable to draw on it with ProCreator or something like that. But it's not a, you wouldn't be drawing right on it. You could draw right on this using the stylus. You can use a standard stylus. We also sell a stylus for about $100 that has over 4,000 levels of sensitivity and two function buttons. So if you're using Adobe Photoshop, you can bring out all those extra features. But Mac OS is not a touch operating system, but I guess it's like having a Wacom tablet in the old days? Yeah, I think for driving it with the display itself, it would actually be Windows or Android. Okay, that makes sense. For Mac, you can actually duplicate your display, but to your point, you're not actively driving the session. Okay, that makes more sense. But it can also stand up as a regular stand for using it as a computer device, as an extended display. Or sizes in between. So that's the best part about it. Very nice, very nice. The thing I like about an integrated kickstand is it doesn't take up a lot of room on the desk, too. It's perfect for all those home remote workers that don't have a lot of space. Or road warriors. And in road warriors, you can take it right on the road. If you're an outside salesperson, let your customer see the presentation while you drive it from the other side. This is a much better experience than having everyone huddle around a laptop. Right, right, right. Okay, so now I wanna hear about this wireless version, because that just sounds like sorcery to me. So we're gonna walk down here. Now with both models, I can go USB-C with either model. And it can be powered with USB-C as well for our battery model. So the battery model has a three-hour battery, and it can charge in about two and a half hours. Is this one I've got in my hand right here? Yes, so this is the BW. Okay, I'm lifting this thing, and this thing weighs nothing. This is a three and a half hour battery. It weighs 25 ounces. It's amazing. One hand, maybe even two fingers. I'm telling you, Steve's manning the camera, but you gotta lift this. You gotta see how light this is. That is astonishing. That's so light. Now it's tethered right now to cable. If you can travel around with a portable display, you want the 150, because it is super lightweight, but it's solid design. But that's got a battery in it. It's got a battery in it, a three-hour battery that can recharge in about two and a half hours. It's amazing. And you can use it while it's charging. That's fantastic. So this is the 150 and the 150 BW. Yes. It's just our part number suffix to connotate that we have a battery and wireless. Battery, wireless. Okay, I got that. So what's your price going on these two devices? Street price is $700 for the wireless and battery model. 550 is the street price for the USB-C only. So if you're looking at cheesy USB-C displays and going, well, wait a minute, that's a ridiculous price. These are OLED. That is a huge difference here. You could spend $200 on a portable display, but it's gonna be heavy. It's not gonna have a battery. It's not gonna operate well. These have a reduction of blue light emissions to make it great. You can even use it in lower light settings. If you're gonna use something all of the time, spend a little more and get a lot more value. Very good. This is fantastic. So if people wanna find out more about the 150 and the 150 BW portable displays, where would they go? They can go to RECODocumentscanners.com and that will take you to our RECO site where we have all of our products here, including our document scanners. All right, very good. Thank you very much, Scott. This is fantastic. Thank you, Allison. I got an assignment from Mac Lerker, Dorothy, asking if I would go to the tandem booth and I'm here with Ben Mar to talk about their diabetes pumps and we're gonna learn a little bit about how these work and maybe answer a couple of Dorothy's questions. I've got them up on my phone. So welcome to the show, Ben. Thank you very much for having me. All right, so first of all, what is an insulin pump? What does that do? An insulin pump is essentially, as added, delivers insulin to those who need it, with those with diabetes. Okay, so you've got a tiny little unit in your hand. Let's hold it up for Steve. He's got a little unit in his hand. It's got a display on it. It's smaller, like half the size of a deco card, so I'd say maybe. And it's got a display showing insulin levels and a bunch of other great metrics, I assume. Yeah, correct. It's actually monitoring your insulin. Your continuous glucose monitors your blood sugars and it's showing you the history of that and it's showing you the history of the adjustments that the pump's been making over time to your insulin to keep you in range. So from my limited understanding, I've been taught by Dorothy, a continuous glucose monitor is something that you stick to your arm, for example, a little patch. I can show you one right here. This is called the Freestyle Libre 2 Plus continuous glucose monitor by Abbott. It basically looks like an air tag stuck to his arm. Yeah, correct. But it's a lot more than that. It actually has a sensor just underneath your skin and it measures the sugar levels in your blood and it measures that every one minute to see how your insulin levels need to be. This was a huge advantage over pricking your finger years ago. Not that long ago, like a few minutes ago. Not that long ago and many people still do that today and that's unfortunately you'd have to prick your finger sometimes up to 20 times a day to check your blood sugar levels and give yourself insulin accordingly. What Dorothy's taught me is that it's not just how high your blood sugar goes but maintaining an even keel is what you need. And so having a, we're gonna call it a CGM, continuous glucose monitor, having that is really important. But now what's important about tandem is that you work with, you guys don't make CGMs but you work with other manufacturers. Yeah, correct. And today we just announced, as I said, the Abbott integration which is the first integration with the freestyle Libre sensor. But we actually are the first pump to be able to connect to up to three different CGMs as we call them. Meaning that you can use our pump and no matter what different CGM you use as well. Oh, okay, that's a big advantage. So the product in your hand, what is that? What's the name of that? This is the T-Slim X2 insulin pump. Okay, and now you've got a smaller device here. Can you show us that on screen? Now this looks like, boy, I don't even know, that's smaller than a cigarette lighter but it's got an interesting looking little plastic probe sticking out of the top. What is that? That's actually the cartridge on there. So this is tandem Moby, our insulin pump that we're just in the process of releasing. And this is actually the cartridge that you see. So you actually have the insulin in there and that connects to an infusion set which connects to your body which actually delivers insulin into your body every five minutes based on your CGM readings. Oh, so that's much, much smaller than the one you've got in your hand. So is that in development right now? No, that's actually just recently been cleared by the FDA and we're in the process of actually releasing that to the public starting this year. Very good, very good. Now Dorothy asked me to ask you, will you be able to update the firmware on the Moby? Yes, absolutely. So that's one of the unique things about tandem pumps is you can actually update the software. So today, as I mentioned, you update your software and you can start to use the Abbott Sensor. Both of our pumps will be completely software updateable and the unique thing about this one is there's no ports on there. So it's completely wirelessly updated via the compatible mobile app. Oh, okay. So that's why it doesn't have a display on it or anything. Correct. That's why we can make it so small because it's controlled by a mobile app. Okay, wireless but it's still connected to you. It's still connected to you when you need it for the insulin. So they can magically transport the insulin into you, I guess that's gonna be the case. So the other question she asked was with the continuous glucose monitors, you have to replace those every three days. So it's a big advantage. You're not pricking your finger, I'll get this right, pricking your finger 20 times a day but now every three days that's still annoying. Is there any progress on making those last longer? Yeah, for sure, absolutely. So yeah, I think the great thing about insulin pumps is it saves you about over 2,000 injections of insulin you'd have to do in a year. Oh, I forgot about that part. Yeah, that's a lot, but we are absolutely working on what we call longer wear time. So moving from three days, ultimately up to seven days as well, that means you essentially halve the amount of times you have to change your insulin cycle. I would assume that has to do with infection and things like that, living it in too long. Yeah, there's a lot of technology to make sure because your body essentially doesn't want you to be opening up your skin every few days. So it actually tries to resolve that. But so we're working on the technology means it doesn't get as irritated. All right, and she said the final question is when will we get an artificial pancreas? So you don't have to do any of this. It's all done in a full closed loop system. Yeah, well, essentially that's the holy grail of what we're working on with insulin pumps. I'm very, very hopeful that we'll be able to come out with that soon and hopefully fear-free. Someday, yeah, yeah, yeah. So is this just for type one diabetes or is it type two diabetes? So type one diabetes is not your behavior caused this, you're just, you're born with that or you get this, right? Yep, right now our algorithm, our automated delivery since it is indicated for type one only, but we are actually working on making that available with a regulatory body for type two diabetes as well. Very good, well I thank you for your work keeping my friend Dorothy alive and healthy all these years. Best wishes to Dorothy. Thank you very much. I don't know if you've noticed this, but the PodFeed podcast don't have any ads. When you think about how happy that makes you, I'd like you to consider how the costs of creating this fabulous content are covered. They're covered by the generosity of listeners who choose to either pledge a monthly amount via podfeed.com slash Patreon or single time donations via podfeed.com slash PayPal. Now I'm tired of ads, aren't you? Please consider becoming one of the heroes of the show and supporting this work with your hard earned dollars or yen or Euro. Well it's that time of the week again it's time for security bits with Bart Bushatz. How are you today, Bart? I am good. I got out on my bike and on my walk before the worst of storm Aisha. So yeah, I'm good. I'm all exercised. I won't say I stayed dry. That would be a lie in the extreme. But compared to what's happening out there right now, I did good. Hey, well Tess and I went for a walk in the rain yesterday. It rained nearly a tenth of an inch while I was out there. A half an inch in a day. Oh wow. Did I tell you that carrot weather gives you an annual statistic page? But mid-January it sends you a push notification. I had 76 centimeters of rain. Let's see what is that in freedom units? 76 centimeters, 30 inches. And my hottest temperature. My hottest temperature was 28 Celsius which is probably you on a fairly average summer day. Let's see, that's, wait. Well no, we're really in the high 70s here. That'd be a smidge high. A smidge, yeah, but it's not a hundred. Like it's not the kind of temperatures I hear when Americans talk. Like Bodie gets way more than that, right? Oh yeah, well he does live in the desert, so. True, and my coldest was only minus four which isn't too bad actually but that's definitely colder than you. You don't go minus. All right, well this isn't weather bits we should get stuck in. Indeed, so I have two follow ups of stories we have been following. So a couple of weeks ago we had a whole bunch of security mediums where it was one of those you should be aware that it's possible to blah, blah, blah and you can't protect yourself yet but if you ever can I'll let you know. And one of those flaws was that it was possible to become an attacker in the middle between an Apple Bluetooth keyboard and your Mac and therefore the attackers could see everything you typed or worse still inject keystrokes of their own which is obviously dangerous. And at the time there was no patch. Well, I am happy to say you may know, patchy, patchy, patch, patch. If you update to the latest versions of the Mac operating system, your keyboards will be fine. So do that, hot diggity dog. In other good news related to Pegasus these are not words I often put together but the people in Kaspersky are obviously very interested given that they have literally been attacked by some of these kind of things they're always quite keen to try find better ways of finding this kind of spyware. And they discovered that your iPhone has a log file that it writes every single running process to disk on shutdown. And one of the things you should do if you're afraid you're being targeted is repeatedly reboot your iPhone because nothing can survive a reboot because of secure boot. And so this technique allows them to see what was happening in RAM as they shut their phone down and then when the phone reboots they can read everything in that log file and they have published scripts that anyone can run against their logs. And it will tell you whether or not there is something that looks like a suspicious process running on the device at the point of shutdown. So cool feature. This should make it easier for citizen lab and all of those other people who are finding all of these things that the spyware is up to to find the spyware. So I think that's good. And we have two deep lives and they're both of the category of this isn't good, but it's not catastrophic either. The first one actually is more a case of explaining what everyone was talking about. So there has been a thing I have not been telling you about for about four months because it's never quite been a solid enough story that I could speak to it with any sort of, anything short of massive amounts of hand waving. So there have been cyber criminals offering for sale a version of encryption malware that they claim can resurrect people's Google sessions even after they changed their password. So what the attackers are selling is the ability to get back into someone's Google account after they changed their password because you were in there already. And that's certainly a good big claim, but there was no wood behind the arrow to explain how that might be possible or if it was even true. It was just, it has been reported that this is for sale on the dark web, but no one was, no one had enough actual information for me to put it in these show notes without you being cranky at me. But literally the day after myself and Jill recorded we finally got the detail. I was very cranky with myself because I again passed it over. It was in my RSS reader and I said, no, again. And then Tom Merritt explained it all because he had read a news article I hadn't read yet over on RSS Technica. No, bleeping computer was over on bleeping computer. We finally got the details. So now I can tell you that yes, it is true, but there's lots of caveats and I can explain it. So if you use the desktop version of Google Chrome you can log into the browser, right? You can log into Google Chrome and it will then synchronize your settings with all of your other Google Chrome's and it will act as a single sign-on to all of Google services you may be running on your device, like if you're using Maps or if you're using Google Drive it's all sort of the one login. You log in once and you're into all the Google magic. And to do that, they have a token that is put on your machine and if attackers steal that token they can use that token to re-lug you into things because you're not actually permanently logged in. What you have is a token that lets you re-lug in without needing to do any work. So behind the scenes the token is sent off to an API and the answer from the API is here's a fresh session token and then you appear always to be logged in. So as a user it feels single sign-on, it feels so if you quit Chrome and go back in or you're still, that's still enabled and reboot the computer, still enabled. So the token has a lifetime of a couple of weeks and as long as that token's alive you're magically logged into all of the Google stuff on that computer, which is fine unless your computer's riddled with malware and the malware steals the token. So that's how it was working. They were, if you are hacked then they can start to resurrect your Google sessions and when you change your password on any modern site with multi-factor authentication or not multi-factor authentication, if you have any site where when you have a client you don't enter your username and password the client bounces you to the web, you log in on the web and then you get bounced back to the client, that's called OAuth. So Twitter, Twitter slash X, mastodon, they all do this little dance through the browser and back. What that's actually doing is letting the app log in without your username and password. The app never sees your username and password so the app can't lose your username and password but it means that there's a connection between your account and that app and so when you log into your account on these services you can list all of the apps that are authenticated. And so if you log into your Apple ID you'll see all of your devices, if you log into your Google ID you'll see all of your devices. If you change your password it doesn't affect those connections to those devices. So you may think I have locked everyone out of my account but if you haven't deactivated all of those connections their token is still valid and the token being stolen is one of those tokens. Okay. So the actual lesson is not because it was initially reported as Google have a major bug, it's not. It's everything that's working as designed. If you have an account that allows you to connect devices, whether it be a login with Facebook, a Apple ID, anything that allows you to do that kind of a login through the browser to multiple apps. If you change your password you have to go in and disconnect all of the other apps and things. Otherwise you haven't really changed all of the keys. That makes sense. It does make sense. But you have to think about it. So actually this is a perfect excuse to remind us that changing your password may not be doing everything you think it's doing if you're using modern applications that use OAuth. This, maybe I'm missing a big point here but it seems obvious that you would have to log out of... I guess it's a fact that that token exists in the first place that is the new information. I mean, it's not even new information. Basically, you think it's obvious because you're used to having this idea of connected devices. But I think a lot of people would assume that if I change my Facebook password and everything I logged into Facebook, everything I use login with Facebook it would also be fixed. But it isn't. So that's the reminder. If you do a login as with anything whether it be Google, Microsoft, Facebook, X Twitter, your Apple ID, changing your password doesn't lock all of those things out. Okay. Okay. Anyway, so it's really, it's not a bad new story. It's just bear this in mind. And again, don't get hacked. How do I protect myself from this malware that's being sold? Don't get hacked. Then they can't use this tool against you. Deep dive number two then is less happy, happy. We did include some instructions on how to de-auth or log out of all your devices in one fell swoop. It's a real simple process. Apple has a support article on it. Google. Sorry, Google. Yes. And thank you, Alison, because you actually deserve the credit for digging up that link because I basically went, I don't have a Google account, so I don't know. And you were like, yeah, Bart, you could Google how to do Google. Oh yeah. It was, it was real hard. It took me a split second. Yeah, but it was time I spent de-iccifying the iMac I'm giving away to a good friend of the show. Anyway. Deep dive number two then, there are caveats. This is not the end of the world, but this is not a happy, happy, joy, joy story. And again, this one started off very fuzzy. And a Chinese organization associated with the Chinese government said that they had developed the ability to de-anonymize airdrop. And that immediately makes me suspicious because it's very much in their interest to say that because airdrop is being used to share information without using the internet and these kind of easily policeable channels. And so they want people to be terrified of using airdrop because they can't control airdrop. So there is a, this may not have been true. However, it appears it is true-ish. So there's a couple of facts we now know. Because it is possible with airdrop to say only allow connections from my contacts, there is a mechanism for sharing who is and who isn't your contact, but the intention is that that should be anonymous. But that means you have a need for some sort of hashing and it can't be a salted hash because then the hash will be different every time which defeats the purpose of detecting whether or not it's one of your contacts. So they're just plain old hashes and they have to be. And security researchers have been poking at these hashes for a couple of years because if you listed it over Bluetooth at the point in time when there's an airdrop happening, you can see the traffic flying over and back and you can see these hashes. And so security researchers have been looking at these hashes for years and they have had critiques. Basically it is not infeasible if you are a nation state to throw enough resources at it to start breaking these hashes. And so researchers have even gone so far to suggest to Apple better algorithms they could be using for this. But the researchers have sort of said that would probably break backwards compatibility and so Apple would need to take the bull by the horns and basically say that unless you're running the very latest version of iOS slash Mac OS no more airdrop for you, which they may be forced to do at some stage anyway because this protocol is getting old. But the hashes are not cryptographically as good as they could be. But even at that, that shouldn't make it possible to do what the Chinese government say they can do. So there's another piece of this puzzle and that is, so we know that a hash is easy to go from plain text to hash but hard to go from hash to plain text without spending half the universe calculating it. But of course an attack that's been used for years against hashes is a so-called rainbow table. You start with every possible input and you do the forward calculation and you save all of your results in a giant big lookup table. And so a forward rainbow table of all eight character passwords is not that big because you have eight times seven times, the amount of permutations is not astronomical. But the amount of possible Apple IDs in existence is astronomical because they could be really short or really long, like there are so many possibilities. So no computer could store a rainbow table of every possible Apple ID and no computer could calculate the hashes of every possible Apple ID. So it is physically impossible that the Chinese government have such a rainbow table because it wouldn't fit on the computer and they could never have made it. But they know what phone numbers exist in China. So they didn't have to calculate every possible hash. They just needed to hash every Chinese cell phone number. Wait a minute, how's the Apple ID related to the phone number? Well, when you use airdrop without being signed into Apple ID, you're doing it on your phone number or you can do it based, no, sorry, let me back that. But if you're doing it based on your Apple ID. No, stop, I'm talking wrong, I'm wrong. So they'll be back up before I go any further than the wrong hole. So how does it know you and me are contact? It checks our phone numbers in my address book and the email addresses in my address book. No, you can do it without a phone number. You can just have somebody's Apple ID. I talk to people all the time that I don't have their phone numbers. You need one or the other. So if I have in my address card for you both a phone number and an email address, then the hashes for both your phone number and your email address are going to be involved here because that's how we're detecting each other. Okay, but if I only have your email address then the Chinese government wouldn't be able to find this. No, but if you're using- But most people you probably have both. Yeah, you would have both, exactly. So they know every phone number that exists in China because all of the cell phone companies work closely with the government. So give me a list of your subscribers. This is a very easy ask for the Chinese government. So forward hashing all the phone numbers that actually exist is a way simpler task than every possible Apple ID on planet Earth. Now they also claim they have done email addresses. So they can't have done every email address on planet Earth. They can't have done every possible email address on planet Earth. So my theory is that they have either only hashed forward the email addresses of people already on their list of suspects. So of people that have come to the Chinese government's attention for some other reason, and they're like, hmm, don't like you. You're on the naughty list. So we'll hash the naughty list. Or the great firewall of China is seeing email addresses fly through the air and keeping a master list of all the email addresses actually in use by actual Chinese people, in which case they forward hash that list, or disturbing even more than that. The Chinese government forced Apple to partner with a Chinese company to host the servers for iCloud. Now the actual encryption keys are safe, but the names of the accounts and stuff is not going to be covered in that encryption because you need to have a way of connecting the encrypted blob to a person. So they may have been able to get a list of the actual Apple IDs for China. Anyway, I don't think this affects your typical Silicast away because in order to actually get these logs, the Chinese government either have to be sitting there listening to your Bluetooth or they need to get your phone off you, get you to unlock your phone so they can get the log file so they have the hash. So if I was politically active in China, I would be very worried about this because if they get my phone and force me to unlock it, then they could know who I was air dropping with. But for the rest of us, this isn't as big of a deal. But I do think that at some stage, Apple are going to have to reinvent their hashing algorithm here. And so we all may suffer air drop becoming unreliable because that's never happened before. So yeah, that's kind of all I can think of to say about that. I don't know if you want me to dig into any other aspects of that, or if that makes sense. No, no, that does make sense. Cool. Action alerts then, just two. Patch Tuesday, beat and gone, 49 flaws, 12 remote code execution bugs. So patchy, patchy, patch patch. And Google have had the first zero day of the year on their Chrome browser. So patchy, patchy, patch patch, which for Chrome means turn it off and turn it on again. Do you know whether that's Chromium or Chrome? Since it affects a lot of other devices. Not off the top of my head. That's a really good point. I should have thought to dig into that. Okay, well, we can check the, he's got a link to the bleeping computer article about it. Yes. All of your browsers, frankly, it's a good idea to turn them off regularly. I hate doing it because I'm Mr. 20 kbillion tabs, but it is actually good practice. Now that you've got an M-series processor, you're gonna gotta get over that. I mean, I just like, my camera was looking weird yesterday. It's like, yeah, I just reboot. True. It's like 35 seconds, you know? In fact, you can have it, re-open stuff. Oh, sure, absolutely. It's just, yeah, yeah. Yeah, you're right, you're right, you're right, but yeah. I'm still in the habit of, oh no, my precious browser, I should not restart it. Look at all these tabs, but yeah, it'll be fine. Okay, in December of 2014, according to SF gate, Microsoft refused to hand over data on emails from Irish emails because they were stored in Microsoft's Dublin data center. Absolutely, I did not disagree with that on the slide. It's Microsoft servers everywhere. They do not have to use an Irish company to host their Irish servers. Oh, I never said an Irish company. I never said that. That's put words in my mouth. I said that they insisted that they have servers in country. Maybe that's why we had to disagree. Well, no, they didn't insist they have servers in country, they have servers in country. They weren't forced to, they chose to. Let's move on then. Yeah, there's an important legal distinction. Right, what are the warnings? There is a website called Halara, which apparently sells something called, oh, it was active fashion basically. So I think that means fashionable track suits and things. I, it's fashion, it's beyond me. They have leaked the details of almost a million people and they don't seem particularly keen on figuring out what's going on. So when bleeping computer contacted them, they were very, yeah, we're looking into it, we're thinking about it. So bleeping computer decided to take the data breach and check if the data is real and in their random sampling, it is real. So it appears that the Halara people have not informed the victims, which is annoying, because that's become my new rule here for whether or not stuff goes into the show notes. If the victims have been notified, I don't bother telling people because if it affects you, you have an email. But in this case, they haven't. And there is enough information in here not to steal your credit card and stuff because it thankfully isn't financial data, but it is way more than enough for very convincing phishing, smishing, or phishing emails because it has, it even has basically SMS, so cell phone numbers and stuff so they could do SMS-based phishing or even voice-based phishing with the information they've lost. So if you shop at this place, be aware. It's only 150,000 people, Bart. Yes, in the post-Yahoo breach days, it's tiny. You're right, yeah, tiny. What are we talking about? An interesting wording from Bleeping Computer. It is January. And one of the things that happens in January is a lot of companies give their employees updates on their 401Ks and things like that. And so security companies have observed scams pretending to be your company's H.O.R. department, telling you about changes to your 401K and asking you to log in to verify something. Only the log in page is a fake and they're trying to steal your work credentials because sometimes it's about a pay rise and sometimes it's about a 401K, but they're basically trying to use the start of the year to trick you into going to a page that isn't really your company to do with your salary or your pension. So beware. That's kind of an interesting scam because they'd have to know where your 401K was. I mean, there's some big players like Fidelity, for example, but they'd have to know, or actually they don't have to know. They only have to be right some of the time. Yeah, there you go. That's the magic sauce, right? Yes. So yeah, and it's cheap to send emails so you can be wrong a lot of the time and still make a profit. Another worthy warning, a bleeping computer again doing some original reporting here, which is kind of nice to see them doing that. They are warning that there are Instagram profiles which are duplicates of real Instagram profiles and they are being used to try to do romance scams. They are being reported to meta and meta are not acting. So there are, what? Yeah. I'm shocked, Bart. Again, it's so obvious. There's two profiles, both on meta, one of them is up to fraud and one of them isn't. Anyway, just to remind you. I'm gonna tell me that Twitter isn't blocking bots. Put a pin in that for a minute because we do get to talk about those charming people shortly. And just because I am perpetually amazed at what ransomware crew get up to, there is another new technique. So myself and Jill talked about a different new technique, triple extortion. Well, they've now started to do something else which is slightly clever. They're starting to send fake emails offering hackback services to the victims. Saying, don't pay the ransom, pay us and we'll hack them back and delete your data for you. But they're fake too. Oh my God, it's just, you know, fakery all the way down. So anyway, this is trickery, trickery, trickery. Moving on to notable news. These first two stories, I'm slightly nervous about because I don't have the world's best answers on them but I do think we should mention it. There is another UEFI vulnerability. It's called Pixie Fail. If you're wondering why- Is that what UEFI is again? So UEFI is the follow-on to EOD BIOS. It is the firmware that is the very first thing your motherboard does when you hit the power button on a PC. And Apple are using UEFI which is actually less advanced than UEFI. But yeah, it's the firmware of your computer. And UEFI is now the standard in the PC industry. So this is nothing to do with the operating system. This is there when you boot up. Very, very early in the process. Yeah, it's job is to load your operating system. Before you boot up, I should say. Yeah, it's there to find your operating system and start it. And there is a thing called PXE Boot you may or may not have heard of. Your computer, even before it has an operating system installed, can boot over the network. And that's how you can do things like clone a computer across the network. So if you're working in corporate IT, you can send an image at a whole office full of PCs. Well, the way you do that is by using the UEFI to actually talk straight over the network to some sort of server that hosts a copy of the operating system you want to stamp everywhere. That's called PXE. So PXE fail is because UEFI needs to have a network stack to talk over the network. The network stack they decided to implement is riddled with bugs, which means that over the network, you can trip up a lot of UEFI motherboards to run arbitrary code before your operating system is booted. So that's root kit territory here because it's happening before the operating system. And that's bad. The good news is patches are being rolled out by vendors one by one by one. So an awful lot of PC users are going to have firmware updates for the motherboard. If you have one, apply it because you may well be getting this fix for UEFI. Thankfully, a small silver lining here is that the attacker needs to be on your LAN to attack you. So in a local area network. So in a family environment, unless your kids are out to get you, you're probably fine. And maybe it's a good reason to have a separate guest Wi-Fi network so that they're not all sitting there looking at your computers. But that's kind of the best we can do there. So keep an eye out for motherboard updates. There's an important reason you want one along with the other UEFI problem with the logo being a way to hack your computer that we talked about a few weeks ago. Slightly similar vein. Leftover locals is a bug in a whole bunch of GPUs. And one of the things we use GPUs for these days is AI, machine learning and large language models. And AMD, Apple and Qualcomm have GPUs that all make the same whoopsie. They don't clean up after themselves. So you run some machine learning or you do a large language model and it leaves the answers lying about in the chip. And other people sharing your GPU can read what you've been up to with AI. So that immediately puts us, it's not speculative execution, but it's awfully similar because with speculative execution, if someone else is sharing your CPU, they can steal data. Well, in this case, if someone is sharing your GPU, they can steal data. So for us home users, we can stop panicking even though this has a fancy pants name because this is a problem for cloud providers because you can rent GPU space in the cloud because you use GPUs to do AI. So most GPUs today don't do any graphics ever. Most of the GPUs on planet Earth are now powering GPU on the like, which is kind of weird, but that's the new reality. The other good news for us is that Apple have patched their A17 series of chips and their M3 series of chips. It doesn't affect the older A series chips. It does affect the M2 and they have not patched the M2. So maybe they have not, it doesn't affect the older ones. So your M1 is fine because it's too old, but the M2 is not fine. Even though it's older, even though it's older than the M3, that's still affected. Yeah, so the M2 is older to be affected but hasn't been patched. The M3 was affected but has been patched. So they haven't gone back in time far enough yet. AMD have also patched many of their motherboards, but not all of their motherboards and any, sorry, GPUs and Intel, Nvidia and ARM are unaffected. So if your PC is running an Intel GPU, not your issue. If you're running an Nvidia, not your issue. And if you have a phone running an ARM GPU, you're also fine. So on the whole. GPU in the ARM M2 chips, that's not an ARM GPU? It's not an ARM GPU because Apple do their own. Even though it's an ARM chip. Do you remember that the absolutely fantastic friend of the show, I know a little more. Why is my brain always cool? As soon as I try to credit some of my brain goes blank. Tom Merritt. Thank you. It's funny, out of all of them you picked to know a little more. Yeah, he did a thing on ARM. Yeah, it's complicated. What it means to be an ARM chip is complicated in the extreme. Apple are on the area where they license a bunch of ARM's tech, but they also do a bunch of their own stuff. So an Apple ARM chip is as much Apple sauce. Ooh, that's cool pun, as it is ARM sauce. Okay, so what you really mean in the show notes is discrete ARM GPUs. That works. That would make it more specific. Okay, but backing up a little. Oh, I know what I was gonna say. My first thought here was, I don't know why we even need to talk about Apple because who would use Apple in a server farm. But I happened to see a video yesterday of Christine Warren who is an advocate or something rather for GitHub at Microsoft. And she was going through their server farm that they've built of Apple M series Mac minis in these giant racks and how they take them apart and put them back together into these giant racks. So if they're doing that, they're probably sharing resources, I would think. That seems reasonable. And I know Mac Colo also give you giant big server firms full of Apple stuff. Yeah, did they do shared? If they offer virtualization of some sort that they would. I don't know, to be honest. Once I've seen you just, this one is yours. Oh, okay. You're paying for one to exist, a dedicated server, but I don't see why they couldn't. Because Apple do support virtualization. So you could have a VM. If you had an Apple VM, then that would be an issue. Anyway, for us home users, you may have heard a lot about this and it does mention Apple, which always makes it prone to click bait. But for us home users, I wouldn't stress about this one. Something that's really weird to me because this just kept happening in the news in the last two weeks, major Twitter accounts were getting hacked. Like the Securities and Exchange Commission in the United States is not a small thing. And Mandiant are one of the biggest security companies out there. If you get hacked, you want to employ Mandiant to figure out how you got hacked and how to fix it. And yet the SEC's Twitter account was taken over to push some fake Bitcoin stuff, which drove up the price of Bitcoin. So I think someone succeeded. And Mandiant's account was also taken over. And Matt. You see in the show notes, announced a fake Bitcoin ETF approval, but I thought there was a Bitcoin ETF approval. This was before. I, okay. I know that there were rumors it was going to happen. I don't know if it ever did happen. And I know that before, that definitely before anything actually happened, if it actually happened, then I'm not sure it did. This was fake news. Okay, I'm telling you that it did, but. Okay, cool. Okay. Yeah. I'd be honest. I don't really follow Bitcoin that much. Unless all I saw was spread rumor from that one thing, which I find hard to believe because I wasn't following anything on Twitter anymore. Seems reasonable. There were rumors that an ETF announcement was imminent. So that, I don't know if that got misreported as this is happening. Instead of this is rumored to be happening. That happens a lot in media. But anyway, the way it doesn't matter. The bit that worries me is that major X accounts are being successfully taken over, including by major security vendors. It seems to me something isn't working on X's end. Mandiant say their account was brute forced. Now, X accounts are online. You shouldn't be able to brute force an online account. It should rate limit you. So there's something not quite right on the X end at the moment. Well, I don't know. Something happens when you've fired 85% of your staff. Yeah, okay. Fair, fair point. So the real takeaway here for us in the Silicastways is be careful of everything you read on X because there's a lot of fake stuff on X at the moment because major accounts are being successfully hacked. You should probably be careful of what's on X anyway to be honest, but yeah. Right, so now we get to flip towards the good news column here. So Google settled a $5 billion lawsuit, which isn't really the good news. The reason for the lawsuit was because people were saying incognito mode was being deceptively described because it was promising more privacy than it offers. Google have a solution, which is the good news. The description for incognito mode is being updated to make it clear that Google still track you when you're in incognito mode. And many websites can also successfully track you in incognito mode because actually what incognito mode is doing is stopping your computer from keeping a log on your computer of what you are doing so that your family don't know what you bought them for Christmas. That's all incognito mode is doing. And so the description there reflect that reality. So pause. They're saying that Google still track users while incognito mode is enabled. In what way do they do that? What is it? All the standard tracking built into Chrome. Okay, so incognito mode stops your computer saving a local history so that people you share the computer with can't see what you were doing. That's all incognito mode is for. Okay, so if I'm searching for buying a Windows laptop I can do it in incognito mode and Steve will never find out that I was straying. Exactly. Or if you're buying an anniversary present. Exactly, it's about your computer. It's not about what you're doing online. So the far side doesn't know or care about incognito mode because it's not a far side thing. It's a local logging thing. And so. Would that be true of Apple? Yes, and so what Apple do is they do all of that stuff too. So if you go into private browsing mode it's not keeping a local log and that is true. But what they also do is they turn on the privacy protections that are likely to break websites. So they're blocking of third party cookies is even stricter. Yeah, I mean separate from the third party cookies. The third party cookies is a different issue especially since Google is starting to disable those. When I'm talking about your second sentence you're saying Google still track users while incognito mode is enabled. And many websites do too. I'm talking about part one. What are they, Google is tracking you separately from these third party cookies is what you're saying. Yes, so this is Chrome. So if you're using Chrome it has a whole bunch of tracking stuff built straight into the browser that is not disabled by turning on incognito mode. And do we know whether that's true or false with Apple? With Safari is what I was saying. Safari doesn't track you. Using Safari does not track you with Apple. Like Safari doesn't have a built-in spying. Okay. So it can't be disabled because it doesn't exist. I know they've also disabled things like being able to identify exactly your browser window size and things like that that they disabled a few years ago, right? Yeah, so Apple and Firefox both turn on every single technology they can think of to protect your privacy when you go into private browsing mode. And they do it in private browsing mode because if you break something in there it's not as bad as breaking it in the main browser. So they tend to use their private browser mode as a place to experiment with their more heavy-handed... Aggressive? Aggressive, thank you. Yes, that's a good word. Privacy protections, because if they break something it's not the end of the world. And they then tend to roll them from private mode into their main mode after it's proved to be safe. So in the non-chrome browsers private browsing is more meaningful because they're using it to test their privacy tools. Okay. So yeah, like I say, it's a difficult question to answer. Yeah. You thought it was an easy question. Not an easy question. Where am I in my show notes? Ah, yes. A whopping 71 million new usernames with passwords have gone into have I been pwned. This is the result of a collection of databases from password-sealing malware's having been leaked. So lots of different malware was collecting lots of different usernames and passwords and they were making a master list of their malicious stuff and that master list ended up leaking and then ended up in have I been pwned in the end. So yeah. Yay. It's not a single breach, it's lots of breaches. The reason I mention is because it's... It's not about that. These reporting mechanisms always bother me. We have the protections because of the 78th time we've been hacked in some way that our data, not a hack, that our data has been leaked by somebody or other. We basically will have coverage infinitely because there's always going to be somebody losing our data. And it's always sending me messages going, your address is in this list. Uh-huh. I can't do anything about that. AllisonAndPodFeed.com doesn't tell me where, doesn't tell me what password it thinks it has. It just goes AllisonAndPodFeed.com I say, uh-huh. Okay, thanks. So this would tell me having it in have I been pwned, this would tell me that my email address is in that list. It doesn't tell me which one, what password. It does tell you what password. This one contained, this is a list with passwords. So this case you would be able to know which password it was. So something consuming the have I been pwned API like Watchtower should be able to tell you that the specific password has been leaked in which case Watchtower can give you way more accurate information to tell you which ones to fix. Yeah, so that's an important distinction is that Watchtower in one password, and I don't know whether any of the other services password managers have that, but because it has Watchtower, it's telling you, no, it's this one right here that's in the list. And that's very useful information. If you go to have I been pwned, it goes, uh-huh. You're in it. It doesn't do, it doesn't provide that extra bit of information I think. Last one. It depends on the exact breach. A lot of them in have I been pwned will tell you it's this specific website where you've been breached, which then allows you to use your own password manager to know if you reuse the password there. Because I don't know about you, but when I switched to one password, I had a lot of password reuse on day one because I had many years of baggage. So actually a lot of the have, most of the have I been pwned has a specific site associated with it as well as an email address. So most of the notifications are useful. Again, going to have I been pwned doesn't help you. It really doesn't. It Watchtower helps you a lot. For example, right now it says I've been pwned in 31 data breaches, 500 PX, tracks plus, eight tracks plus. Boy, that's way back. That doesn't help me at all because it doesn't let me know any information. But I had no, but it told you the services. So if you use the same password on 500 PX anywhere else, then you have to change it everywhere, including at 500 PX, so that is very valuable. I don't think you're following me again, so. I'm trying to understand, it's telling you which website and which username. So that is valuable, isn't it? No, it's, well, if you go into one password and you go into Watchtower, it's gonna expose it and say this password has been reused on this site and this site. This doesn't tell me that. This only tells me that 500 PX was compromised. But that also could be compromised so long ago that that's not the address, the password I'm using anymore, because every time I go in here, this list just gets longer and longer. Anyway, let's move on. Absolutely true. No, you're absolutely right. Watchtower is more useful, definitely, but this is not value-less. So I was gonna recommend that people sign up to Have I Been Pwned and make use of the free alerting service, is what I was gonna recommend, but I guess you disagree. It's just, it doesn't give you enough information to take action, that's all I'm saying. In my experience it's proven very useful. It's better than nothing. Yeah, okay, perfect. Yes, yes, yes, yes, there we go. You're absolutely right. Yes, that is the way to summarize it. Then we have some good news. So it has never happened before that the Federal Trade Commission in the United States has taken action against data brokers. And now they've done it twice in the space of two weeks. Two data brokers have been banned for inappropriately selling Americans location data. So the first company, they were called X-Mode Social or now called OutLogic and they were selling location data without removing sensitive locations like healthcare facilities, religious institutions. And also they were ignoring opt-outs by users who had explicitly opted out. They were selling their data anyway, even though they explicitly opted out. So they have been stopped from selling all location data and they've been told they have to wipe all other databases. And another company then a few days later called InMarket was given a similar ban because they had been sharing data without consent and they had been using sensitive categories which is not allowed. They were selling access to things like Christian churchgoers, wealthy and not healthy and parents of preschoolers. You could buy those categories of location data. So they have been shut down. Yeah, great. Yeah, but great, they're shut down. So I'm really happy to see enforcement taking up a notch from zero to two in just a few weeks. Yeah, I was hoping that that title was, it says US Federal Trade Commission has banned data broker. I want that to be has banned data brokers. I know. They'll stop. Yeah, I was rather hoping for a plural on the headline too but hey, it's a start, it's a start. Another piece of strange good news that just went utterly under the radar. Last fall, when Apple released all of their new OSs, they doubled the amount of Find My Items we can have and no one noticed until now because Apple updated a sport article. I found my Apple TV remote the other day with it. Excellent. Excellent. Which I didn't realize I could do. I just went into Find My, I went, wait a minute, what is that doing there? I mean, I actually knew where it was because I keep a little rubber suit on mine so it gets stuck in the cushions instead of falling through. I want to give a big plug for Find My. When we were at CES, you can imagine when you're in the middle of the North Hall of the Consumer Electronics Show with 180,000 people that there's maybe some electronic signals flying around, there's a little bit of EMI, there's possibly a wifi, cellular service and even GPS can't get through. You literally, you can't use GPS. You know what I could use to find Steve? I could use Find My with the ultra wideband. Because we both have iPhone 15 Pros, the new ultra wideband two chip, I believe it is. It now gives you that Find My capability where you get the little kind of sprinkly dots and a closer, closer, farther, farther, you know, hotter color kind of a thing. And it shows me that, no, he's over to my right diagonally and I can walk towards him and I can see it go from, you know, 100 feet to 38 feet. There was a point where we were in a cafeteria and it was this huge area of seating and all these different places you could get food from and I was charged with trying to find a table which was quite difficult and he was charged with trying to get food which was also difficult and we got separated and I couldn't see him but I was able to keep watching when he was starting to get closer and then I could look towards him and start waving my arm so he could find me. So I'm a big fan of ultra wideband two. That is really cool and I have regularly used it to find things. Stop reading the seat cushions actually and it does work really well. There's one small thing I want for ultra wideband three. I want a Z axis because I was one room above where my thing was and I was like, I can't get any closer than this but it still says it's three meters away and then my brain was like, oh, that's about the height of a story. So I went downstairs. I did an article on that on the no-silicast. That was exactly what I had happened where we were looking for something, couldn't find it and all of a sudden I went, wait a minute, what's directly above us if something had fallen in the closet above us? Yeah, so I had the opposite problem. Yeah, anyway, it works and I love it to bits and then the last thing is that the FTC, goodness me, they've gotten a lot of mentions today. They are offering a prize of $25,000 to incentivize research into detecting AI voice cloning which is now a major mechanism for fraud where people phone you with a fake of your relative's voice saying that they're arrested and they need help or something like that or they're traveling and they need help or something like that. That's so mean. It is so mean, but offering a prize for research to detect this stuff is the opposite of mean. So thank you, FTC, because this is a major fraud thing that's happening. So I'm really happy about that. Two top tips then. Facebook announced a new feature which they offered you as a way to never forget the cool links you follow on Facebook. So every link you click on in your feed gets logged into this log if you don't disable it and then they tell you in the terms of service and we use it to target you with ads. So if you'd like to opt out of this new feature, instructions linked in show notes. And then- They do ask you, let me put it this way, it is opt out, but they do ask you, do you want to be in this? You're in it by default. So there is a pop-up that does ask you first. That's a strange mix. That's almost opt in, right? Almost opt in, missing the spirit of opt in, but smelling a little bit like opt in. Yeah. And then the last one I have is just a recommendation for checklist episode number 358. Ken Ray basically gives you three very useful pieces of advice. How to safely dispose of an old device, how to safely set up a new device and some new year's resolutions that might help you with your information security. I like it. Ken Ray's the bomb. I love Ken. He is absolutely good people. And then in terms of pallet cleansing, I failed. I did not find any pallet cleansing, but thankfully you had a bumper week and you have two. I do. The first one is an XKCD cartoon that it's one of those ones that takes a heartbeat to get, but it's a group of people sitting at dinner and the one person says, we don't have house guests often, but we once had six astronauts over for dinner. And the other person says, oh, wow. And then the first person says for seven and a half milliseconds in mid-August, 2012. Caption says, if you spend enough time looking at orbital records and property lines, you can make this claim in a lot of places. Yeah. I'll talk about the International Space Station. They were over for dinner. Yeah. Well, the Huffer text was something to do with, they didn't bring wine or something. I like it. And Bart was just mad that he can't instantaneously get that information of who's over his house, which astronauts are they, right? Yeah, I wish I could go to a website, punch in my address and have a tell me that. In 2012, you were visited by Boobity Boo or whoever. It would just be cool. Then I could make my own cartoon. But yeah, it's fun. It's such a cool idea. I have a second one too. Basic Apple Guy is a great person to follow on Mastodon and they had a post that is an image and it says, how many Apple Vision Pro batteries would it take to watch the following films? And this is hilarious. Saving Private Rhine is 2.49 hours, so it would take one battery. Killers of the Flower Moon being at 3.43 hours is 1.4 batteries. It goes on and on and on. It goes through Lord of the Ring, Extended Editions, Harry Potter, Star Wars, Walker Saga and the winner. All 10 of the Fast and Furious movies would take 9.4 Apple Vision Pro batteries. How are there 10 Fast and Furious movies? I did really enjoy the first one, but I can say it tapered off after that. I didn't know they got to 10. It did a little bit, it did a little bit. But I mean, the fact that Killers of the Flower Moon would take 1.4 batteries, that's interesting. Your movie's too long, Martin, come on. Well, your battery's too short, Apple. By the way, it's interesting metric. Martin Scorsese was mad for, I think it was Scorsese, right? He was mad because some of the theaters were putting an intermission in the movie. Like they used to do. Bio. There's reasons you need to have an intermission. A, biology and B, that was the norm when I was young. It was always an intermission. I think they had to change the film reel or something. I'm sure there was a reason for it, but that was normal to have an intermission. It was a good opportunity to sell things in the cinema. Not that they're short of selling things in cinemas, but anyway, yeah, I need a P, too. So yeah, definitely. How dare you tell them not to have an intermission? Anyway, that's all I got to me, show notes. So I think what that means is I need to tell everyone, yet again, because it's been three weeks I've realized, remember folks, stay patched, so you stay secure. Well, that's gonna wind us up for this week. Did you know you can email me at allisonatpodfeet.com anytime you like, just send a question or a suggestion on over. You can follow me on mastodon at podfeetatchaos.social. Remember, everything good starts with podfeet.com. If you wanna join in the fun of the conversation, you can join our Slack community at podfeet.com slash slack, where you can talk to me in all of the other lovely new silicone castaways. You can support the show at podfeet.com slash Patreon, or with a one-time donation at podfeet.com slash PayPal. And if you wanna join in the fun of the live show, it was hoppin' tonight. Head on over to podfeet.com slash live on Sunday nights at 5 p.m. Pacific time and join the friendly and enthusiastic New Silicastaways. Thanks for listening and stay subscribed.