Podcasts about Firefox

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Copy link to clipboard

Free and open-source web browser by Mozilla

  • 1,273PODCASTS
  • 3,601EPISODES
  • 49mAVG DURATION
  • 1DAILY NEW EPISODE
  • Dec 1, 2021LATEST
Firefox

POPULARITY

20112012201320142015201620172018201920202021


Best podcasts about Firefox

Show all podcasts related to firefox

Latest podcast episodes about Firefox

Sixteen:Nine
Niko Sagiadinos, SMILControl

Sixteen:Nine

Play Episode Listen Later Dec 1, 2021 35:06


The 16:9 PODCAST IS SPONSORED BY SCREENFEED – DIGITAL SIGNAGE CONTENT Going back roughly a decade, there were a couple of digital signage vendors talking up and marketing their capabilities for a technology called SMIL. That's short for Synchronized Multimedia Integration Language, but you probably knew that. OK, probably not. It's a bit like HTML, in that it is a programming language developed and supported by the same global entity that developed and continues to support and evolve HTML. If you don't know what HTML is, then this podcast edition is one you may want to pass on. It gets a little nerdy. SMIL, going back 10 years, was being touted as a next big thing for signage, but that didn't happen. However, there are companies using SMIL for managing digital signage networks - particularly companies who have some technical chops in-house and want something that's flexible and in their control. I stumbled recently on a little company in Hannover, Germany that has been squarely focused on SMIL. I had a good, albeit technical, chat with Niko Sagiadinos, one of the two partners in a firm called SmilControl. He walked me through what SMIL is all about, and the advantages he says the technology brings to digital signage. Subscribe to this podcast: iTunes * Google Play * RSS TRANSCRIPT Niko, thank you for joining me. Can you tell me what your company is all about and when it got started?  Niko Sagiadinos: We started in 2011 with a content management system based on SMIL, and I was a developer years before and one day a friend of mine came up with the idea of 101 Signboard and told me that he desperately needs a content management system. So I had at that moment a content management system and I developed two models for this system, one to administer the playlist and one to administer the player, and so it began. I liked SMIL and the open nature of ideas at that time. I often used open source software and that's a concept I personally liked very much and so I stuck with SMIL and I saw that there were a lot of things possible with SMIL, and I liked it and I stayed with it.  So there will be people listening who will already be going, what is he talking about? What is SMIL? Over here, it's sometimes called “smile.” I know it's an acronym for some sort of a language. Can you explain?  Niko Sagiadinos: Yes. SMIL is an acronym for synchronized multimedia integration language. You can also call it the HTML for digital signage or multimedia presentations and SMIL makes it possible to create a multimedia presentation, interaction with time synchronization. That's where the first word synchronized comes from, and just like you can build websites with HTML, you can build presentations or digital signage presentations with SMIL.  So I know that SMIL has been around for several years. I can remember a competitor of yours, SignageLive, talking about SMIL and working with ideas over in Taiwan, on their devices as well. They made a fair amount of noise about it, and then it just dropped off, and Jason and his team moved on to other stuff seemingly. What's the distinction between SMIL and HTML5?  Niko Sagiadinos: SMIL is focused on presentations and the arrangement of media, while HTML is more focused on the arrangement of information and the implementation for the media, but SMIL can synchronize them. So you can position a media to play first, then second, then the third, then repeat, go to one and then continue. These are things which are not natively possible with HTML. You can do it with HTML, but you need to program with JavaScript, and that's easier to do with SMIL. SMIL also has some orders to control how a presentation runs and the presentation is not the thing for HTML. With websites, you can do interactions with the website but you cannot synchronize media sequentially, parallelly, or what happens when a special time comes, for example, at 5 o'clock, a video has to run an, and then another playlist starts. There are a lot more complicated things focused on presentation which are better solved by SMIL. So why has the digital signage industry migrated more to HTML5 and those kinds of web services and JavaScript as opposed to SMIL?  Niko Sagiadinos: Now I have two theories. The first is it is easier for most to make a web design and it seems to be easier to make its own thing. This is one, it seems to be easier to make a website, but it has some disadvantages because it's a browser, you need a digital signage player. You can integrate a browser in a digital signage player, but you also need commands to administer this player and this is with the browser a little bit more complicated.  The second thing is that every company wants to do his own thing. So you need to buy a software from company X and you need to buy a digital signage player software or hardware from company X, and this is what we call a window lock in. Every company wants to lock in their customers to use their product and so they have established this connection between an authoring system and the player system, and with SMIL, this connection can break up so you can use any player from any company or even my open source player, and you can write your own SMIL authoring software, if you like, and that's something companies don't want. They want to have it all together and sell a solution, and that's the reason, in my opinion, they stuck more on this product.  In the early days, they tried to establish SMIL as low-cost signage also, but it was a mistake from my point of view, because SMIL can do much more than what they were focused on. They focused on the media player only and said, okay, this is only low cost signage, but you can run a SMIL software even under a mobile and computer, and this is a way to do more high cost signage for example, and there's another reason. Companies don't want to cannibalize their own product. For example, if you get a market leader and they have their own system, and now you come to SMIL, and they have a feature that has low cost signage, because if they said, okay, they can do the same things like our enterprise product with SMIL, they'll lose money.  So your company is SMIL Control. What do you offer? I know that recently you introduced a free software player as well that works with SMIL.  Niko Sagiadinos: We started in 2012 officially with only a content management system and most of our customers used players from IAdea but some of our customers wanted to create their own player. They were not satisfied with the player from IAdea for various reasons, because there was no company, they wanted to have more control, maybe they got some cheaper devices from Asian manufacturers and so they started to write their own SMIL software and that caused some problems. When three or four of our resellers started to write software, and put a lot of resources to develop this player, but they didn't focus on marketing and to make sales, and just focused on developing and in 2015-16, I decided, okay, we have now some success with our content management system, I tried to develop a player for those who want to create their own hardware. And the only target for me is to create an open source player, and this player is the Garlic Player, and now after five years, increasing companies are showing interest in this player to brand it under their name or to use it in their player and to make their own hardware around this player. That's the goal. To be clear, this is the software that plays out the media and there's a hardware player, which is not what we're talking about here?  Niko Sagiadinos: At SMIL Control, our focus is only on software. You can take our software and use it as you want and this is the same with the  . The Garlic Player is a piece of software that you can use on a Windows PC, on a Linux PC or an Android device. You can even name it on Android as X Player, and you can sell it at X Player by making a service out of this, and that's the goal. You can use our software, and the only consistent way to publish the software is to open source the player software so everybody can take part of it.  I apologize, I'm not overly technical. I'm probably more technical than a lot of people, but I have my limits, sometimes severe.  You were describing how IAdea, a great little company from Taiwan. I'm good friends with them, they had a SMIL based hardware player, and I think you mentioned that there are some other companies that also have SMIL based hardware players, but you're saying, your garlic player doesn't need to be on one of those devices, it could run on a Windows or Linux box, or even on an Android box and I think I read that it doesn't even need to be rooted, right?  Niko Sagiadinos: You can use this on an Android together with a launcher, and the launcher is another software which works together with the player and the launcher does not need the device to be rooted. I know this is a little tech focused discussion, but yes, at the end of the day, there's only software running on hardware. Even with IAdea and the other players, there's just software which is running on the hardware, and the goal is that if someone wants to offer his own hardware, they can use our software.  So if I'm an end-user or a solutions provider, I'm listening to this and getting the explanations around the advantages of SMIL over HTML5 and so on. I'm wondering if they're listening and thinking, “This sounds interesting, but I don't know anything about that particular programming language and how much of a curve do I have to get up,” or is if I'm an end-user, is it invisible and you don't need to know anything about it?  Niko Sagiadinos: This is a valid point. Our products are not for end users. They are for resellers who have a technical background and know what they have to do. For example, there are a lot of companies in Germany who want to offer digital signage products and have tech support, but they don't have knowledge in digital signage and have possibly two opportunities.  The first opportunity is to build everything from scratch by themselves, or to get someone who sells them a complete package, a full service but if you are between that, you will have your own hardware maybe, and you want to use your own hardware, but you don't have the software for it. You have knowledge of hardware and PC, but you don't have the software and you need software. That's our customer.  The end users will be totally overwhelmed because they will run into problems because of the technical nature because you have to know a lot of things, but a company which has a technical background, like a solutions provider for PCs or someone else that has this technical background, and so they can work together.  And would there be a lot that they need to learn or would it be pretty straightforward if they're already working with web technologies? Niko Sagiadinos: They won't have much to learn because the software is from us, and the only thing they have to learn is how to control the software. Of course we can offer bandwidth with this. We can offer that you can take it and use it or maybe you can do more things. If you need your own CMS, and you want to use only the player, we can help you, and the two documentation for SMIL and everything is open so there is no need for NDAs and things like that and we'll make the things to learn much easier, so you can learn, but you can only start to use it and install it.  So you could be trained on it. It's just like any other piece of software, you just might need some training?  Niko Sagiadinos: Exactly. We are computer nerds and we can show them how to use this software,  how they can use these concepts. So if this is for our solutions providers/resellers, that sort of thing, I gather something about what you're saying is this gives them the ability to control it, maybe put their own front-end skin on it so it looks like their product, and as you say, you're the nerds, you guys are just sitting in the background. Niko Sagiadinos: It can be digital signage companies too, or companies who want to be digital signage companies, but they don't want to reinvent the wheel and they get used in other industries.  We are something intermediate. You can take a full service provider, that's okay. But if you don't want this full service provider and you don't want to develop everything by yourself, you can use our products. So we are in the middle.  Do you get pushback from companies who say, this sounds really interesting, but I don't know much about this language. I know I asked this already, but this makes me a little nervous in that it's unfamiliar to me. Why wouldn't I just go with something with one of the established products out there that's using more familiar technology?  Niko Sagiadinos: Yes, of course, we get this feedback, but for me, it's a matter of time. There are customers for this because we get requests and these requests started coming in even a year before I started marketing. The last few years we got some big customers and we didn't even need to get out. So it was a secret. We had no real website and my partner and I know how to get customers and they have commissions for software, and so we started last year to make websites to do marketing. And in this year, the requests began to increase from other companies, and we have started to work with companies in Eastern Europe, for example, who use the Garlic Player and even join the programming and the coding.  To go back to your question, there are companies that say, okay, that's too complicated for us. We want to use some other things. But our goal is to get these companies who want to do these complicated things, because they see more effort to do this, then using something from someone else, which they can't control. And it sounds like what you're saying as well as it could be complicated to people who aren't around programming, don't do coding or anything like that, they are end-users or whatever it may be. If you are a technical company by nature and have software developers within your staffing, this is not complicated. It's just another way of going at it?  Niko Sagiadinos: Yes. For example, with a room booking software. If you want to have room booking software, you can develop your own room booking software and implement it transparently in our system via a widget which is a bit technical, but you are able to control and make use of what you have written with our infrastructure. So you can use a software like a media player, for example, and say, okay I will run a playlist from 10 to 3 o'clock, and from 3 o'clock, this room booking software will run on this or any other kind of software, and that's possible because we have these open technical features. So is it a bit like the kind of emerging idea of headless CMSs? Niko Sagiadinos: Yes, a little bit. You can compare it to a headless CMS a little bit.  Because you're the control platform and distribution platform, but somebody could write a front end and use their existing room booking tools or whatever and it's going to flow through there? Niko Sagiadinos: Exactly, and another thing to say is that we are at the beginning at the moment. We started to get open, to get published and to imagine the SMIL player, the garlic player which I have written in 2016, the first three years did not even get any interest, because we are a small company in Germany, but we try to make our infrastructure step by step and build a SMIL based ecosystem and this ecosystem will grow.  At first, we had only the content management system. Now we have a player, a launcher, even the proxy, and this ecosystem grows and grows. The next step we have to do is to deliver more information on how to use SMIL?  There is a website from IAdea, but it hasn't been maintained for over six and seven years and so we have to do something to teach people. That's our goal.  Not only we have to teach people how they can use these things for their businesses, and this is a way we have to go. At the moment, we can not give a solution for everything, but we are on a way and time by time we can offer more and more solutions, more and more information, and the product gets “round” so to say in German.  I would imagine it's important to stress that this is not some little side project on GitHub or whatever. SMIL is something that was developed by the world wide web consortium, they are the same people who came up with HTML, right? Niko Sagiadinos: Yes, and it is used in industry. The HD-DVD started with SMIL, the MMS also uses SMIL, a new eBook standard also uses SMIL. That's not something we developed with a few students. This is an industry standard. It's no joke. It's global and I'm wondering why IAdea ten years ago didn't put more power to show the world that it's possible to make amazing playlists, produce amazing products with this language, and accept it as low-cost signage and went with that if you want to do real signage, you have to get other products and that's, for me, a reason why SMIL in the last 10 years did not get accepted. And is this a standard that's standing still or is it evolving just in the same way that HTML is evolving?  Niko Sagiadinos: It's now standing still, it's not evolving at the moment. It's stuck on SMIL 3.0, which is from 2008, but I've contacted the inventors of SMIL in the Netherlands, some professors and I contacted them because we need to evolve. There are some features that are missing in SMIL, and we tried to wake them up.  The standard is okay, but since 2008, nothing has happened like HTML, but on the other side there are many things you can do. HTML evolves because a lot of things have to come in, for example, 50 years ago HTML was not able to play video without plug-ins and things changed a lot. Internet Explorer was a market leader for much too long and had blocked the evolution of HTML for years and now with other browsers, Firefox, Chrome and Safari, there's much more moving in the web browser markets. And we are trying the same thing for SMIL. At the moment, it fulfills our needs more than we expected. My partner at first was skeptical too. But when I developed more and more features into the Garlic Player, he was stunned seeing what is possible and what only expensive digital signage systems are able to do, we can do with SMIL. So there is no reason to call it low cost signage.  Okay. What are the business arguments around working with SMIL versus an HTML5 based platform or some other developed platforms. Are they going to be more reliable? Is it gonna be less expensive? Is it gonna last longer? Niko Sagiadinos: Well, you are asking a developer a business question. (Laughter) You gotta sell it down the stream.  Niko Sagiadinos: Selling is more my partner's job, but I will try. The interesting thing is that HTML is okay for what it has to do. SMIL is another part and the web browser is not a digital signage player so as we say in German, we are comparing an apple with a pear and those are two different things. You can do digital signage with HTML, but you can even ride a bicycle to Tokyo. That's possible too.  I think SMIL is much more of a fit for the digital signage age than HTML. The business side is that with SMIL, you don't have any dependencies and HTML won't fulfill the needs of digital signage.  Your company's based in Hanover, Germany, and it's privately held, I assume? You guys own it. You're not owned by a larger company or a venture capital company? Niko Sagiadinos: We are a bootstrapped company, we started as two people and now we are a kind of German limited, GmbH, because we want to expand next year.  How many people work for SMIL Control? Niko Sagiadinos: At the moment, we are two people. My business partner and I so yes, we are a little company, but we also use external developer, and last time I started to work with Bulgarian developers and Greek developers, and because I'm a digital nomad, I'm commuting between Germany and Greece, because I like the weather in Greece much more and the food. You don't like Hanover or Northern Germany in February? Niko Sagiadinos: No, it's extremely cold and to be honest, November and December are the ugliest months because in Germany, everything is gray here and cold and Greece is so much better.  If somebody wants to find out more about your company, where would they find you online now that you have a website? Niko Sagiadinos: Yes, we have a website, smil-control.com. But the company name is Camel case. All right, that was terrific. Thank you for spending some time with me and explaining what SMIL is all about.  Niko Sagiadinos: Thank you for allowing me. I hope it was understandable. I know I was a little nervous and that's complicated because I'm not a salesman or a businessman. We are technically focused and I'm very stuck on this technical thing and I have grown up in 30 years of technology. So maybe for one or the other, it was a little bit hard. Sorry!  Oh, that's okay. There's lots of technical people who will be intrigued by this and want to know more, so I'm sure it'll work out. Thanks again.  Niko Sagiadinos: Thank you very much, Dave.

Technado from ITProTV
Technado, Ep. 231: Reflectiz's Idan Cohen

Technado from ITProTV

Play Episode Listen Later Nov 25, 2021 51:54


Idan Cohen, Co-founder and CEO of Reflectiz, joined the crew to share how they detect website vulnerabilities and threats. He also discussed the risks of third and fourth-party code. In the news, the guys covered the Windows 10 21H2 release, Apple's move to let you fix your own devices, and Twitter stopping AMP support. Then two groups were pwned last week, with GoDaddy exposing WordPress data and Firefox users sharing login cookies on GitHub. Oops.

Technado from ITProTV (Audio)
Technado, Ep. 231: Reflectiz's Idan Cohen

Technado from ITProTV (Audio)

Play Episode Listen Later Nov 25, 2021 51:50


Idan Cohen, Co-founder and CEO of Reflectiz, joined the crew to share how they detect website vulnerabilities and threats. He also discussed the risks of third and fourth-party code. In the news, the guys covered the Windows 10 21H2 release, Apple's move to let you fix your own devices, and Twitter stopping AMP support. Then two groups were pwned last week, with GoDaddy exposing WordPress data and Firefox users sharing login cookies on GitHub. Oops.

The History of Computing
An Abridged History of Free And Open Source Software

The History of Computing

Play Episode Listen Later Nov 24, 2021 22:34


In the previous episodes, we looked at the rise of patents and software and their impact on the nascent computer industry. But a copyright is a right. And that right can be given to others in whole or in part. We have all benefited from software where the right to copy was waved and it's shaped the computing industry as much, if not more, than proprietary software. The term Free and Open Source Software (FOSS for short) is a blanket term to describe software that's free and/or whose source code is distributed for varying degrees of tinkeration. It's a movement and a choice. Programmers can commercialize our software. But we can also distribute it free of copy protections. And there are about as many licenses as there are opinions about what is unique, types of software, underlying components, etc. But given that many choose to commercialize their work products, how did a movement arise that specifically didn't? The early computers were custom-built to perform various tasks. Then computers and software were bought as a bundle and organizations could edit the source code. But as operating systems and languages evolved and businesses wanted their own custom logic, a cottage industry for software started to emerge. We see this in every industry - as an innovation becomes more mainstream, the expectations and needs of customers progress at an accelerated rate. That evolution took about 20 years to happen following World War II and by 1969, the software industry had evolved to the point that IBM faced antitrust charges for bundling software with hardware. And after that, the world of software would never be the same. The knock-on effect was that in the 1970s, Bell Labs pushed away from MULTICS and developed Unix, which AT&T then gave away as compiled code to researchers. And so proprietary software was a growing industry, which AT&T began charging for commercial licenses as the bushy hair and sideburns of the 70s were traded for the yuppy culture of the 80s. In the meantime, software had become copyrightable due to the findings of CONTU and the codifying of the Copyright Act of 1976. Bill Gates sent his infamous “Open Letter to Hobbyists” in 1976 as well, defending the right to charge for software in an exploding hobbyist market. And then Apple v Franklin led to the ability to copyright compiled code in 1983. There was a growing divide between those who'd been accustomed to being able to copy software freely and edit source code and those who in an up-market sense just needed supported software that worked - and were willing to pay for it, seeing the benefits that automation was having on the capabilities to scale an organization. And yet there were plenty who considered copyright software immoral. One of the best remembered is Richard Stallman, or RMS for short. Steven Levy described Stallman as “The Last of the True Hackers” in his epic book “Hackers: Heroes of the Computer Revolution.” In the book, he describes the MIT Stallman joined where there weren't passwords and we didn't yet pay for software and then goes through the emergence of the LISP language and the divide that formed between Richard Greenblatt, who wanted to keep The Hacker Ethic alive and those who wanted to commercialize LISP. The Hacker Ethic was born from the young MIT students who freely shared information and ideas with one another and help push forward computing in an era they thought was purer in a way, as though it hadn't yet been commercialized. The schism saw the death of the hacker culture and two projects came out of Stallman's technical work: emacs, which is a text editor that is still included freely in most modern Unix variants and the GNU project. Here's the thing, MIT was sitting on patents for things like core memory and thrived in part due to the commercialization or weaponization of the technology they were producing. The industry was maturing and since the days when kings granted patents, maturing technology would be commercialized using that system. And so Stallman's nostalgia gave us the GNU project, born from an idea that the industry moved faster in the days when information was freely shared and that knowledge was meant to be set free. For example, he wanted the source code for a printer driver so he could fix it and was told it was protected by an NDAQ and so couldn't have it. A couple of years later he announced GNU, a recursive acronym for GNU's Not Unix. The next year he built a compiler called GCC and the next year released the GNU Manifesto, launching the Free Software Foundation, often considered the charter of the free and open source software movement. Over the next few years as he worked on GNU, he found emacs had a license, GCC had a license, and the rising tide of free software was all distributed with unique licenses. And so the GNU General Public License was born in 1989 - allowing organizations and individuals to copy, distribute, and modify software covered under the license but with a small change, that if someone modified the source, they had to release that with any binaries they distributed as well. The University of California, Berkley had benefited from a lot of research grants over the years and many of their works could be put into the public domain. They had brought Unix in from Bell Labs in the 70s and Sun cofounder and Java author Bill Joy worked under professor Fabry, who brought Unix in. After working on a Pascal compiler that Unix coauthor Ken Thompson left for Berkeley, Joy and others started working on what would become BSD, not exactly a clone of Unix but with interchangeable parts. They bolted on the OSI model to get networking and through the 80s as Joy left for Sun and DEC got ahold of that source code there were variants and derivatives like FreeBSD, NetBSD, Darwin, and others. The licensing was pretty permissive and simple to understand: Copyright (c) . All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by the . The name of the may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. By 1990 the Board of Regents at Berkley accepted a four clause BSD license that spawned a class of licenses. While it's matured into other formats like a 0 clause license it's one of my favorites as it is truest to the FOSS cause. And the 90s gave us the Apache License, from the Apache Group, loosely based on the BSD License and then in 2004 leaning away from that with the release of the Apache License 2 that was more compatible with the GPL license. Given the modding nature of Apache they didn't require derivative works to also be open sourced but did require leaving the license in place for unmodified parts of the original work. GNU never really caught on as an OS in the mainstream, although a collection of tools did. The main reason the OS didn't go far is probably because Linus Torvalds started releasing prototypes of his Linux operating system in 1991. Torvalds used The GNU General Public License v2, or GPLv2 to license his kernel, having been inspired by a talk given by Stallman. GPL 2 had been released in 1991 and something else was happening as we turned into the 1990s: the Internet. Suddenly the software projects being worked on weren't just distributed on paper tape or floppy disks; they could be downloaded. The rise of Linux and Apache coincided and so many a web server and site ran that LAMP stack with MySQL and PHP added in there. All open source in varying flavors of what open source was at the time. And collaboration in the industry was at an all-time high. We got the rise of teams of developers who would edit and contribute to projects. One of these was a tool for another aspect of the Internet, email. It was called popclient, Here Eric S Raymond, or ESR for short, picked it up and renamed it to fetchmail, releasing it as an open source project. Raymond presented on his work at the Linux Congress in 1997, expanded that work into an essay and then the essay into “The Cathedral and the Bazaar” where bazaar is meant to be like an open market. That inspired many to open source their own works, including the Netscape team, which resulted in Mozilla and so Firefox - and another book called “Freeing the Source: The Story of Mozilla” from O'Reilly. By then, Tim O'Reilly was a huge proponent of this free or source code available type of software as it was known. And companies like VA Linux were growing fast. And many wanted to congeal around some common themes. So in 1998, Christine Peterson came up with the term “open source” in a meeting with Raymond, Todd Anderson, Larry Augustin, Sam Ockman, and Jon “Maddog” Hall, author of the first book I read on Linux. Free software it may or may not be but open source as a term quickly proliferated throughout the lands. By 1998 there was this funny little company called Tivo that was doing a public beta of a little box with a Linux kernel running on it that bootstrapped a pretty GUI to record TV shows on a hard drive on the box and play them back. You remember when we had to wait for a TV show, right? Or back when some super-fancy VCRs could record a show at a specific time to VHS (but mostly failed for one reason or another)? Well, Tivo meant to fix that. We did an episode on them a couple of years ago but we skipped the term Tivoization and the impact they had on GPL. As the 90s came to a close, VA Linux and Red Hat went through great IPOs, bringing about an era where open source could mean big business. And true to the cause, they shared enough stock with Linus Torvalds to make him a millionaire as well. And IBM pumped a billion dollars into open source, with Sun moving to open source openoffice.org. Now, what really happened there might be that by then Microsoft had become too big for anyone to effectively compete with and so they all tried to pivot around to find a niche, but it still benefited the world and open source in general. By Y2K there was a rapidly growing number of vendors out there putting Linux kernels onto embedded devices. TiVo happened to be one of the most visible. Some in the Linux community felt like they were being taken advantage of because suddenly you had a vendor making changes to the kernel but their changes only worked on their hardware and they blocked users from modifying the software. So The Free Software Foundation updated GPL, bundling in some other minor changes and we got the GNU General Public License (Version 3) in 2006. There was a lot more in GPL 3, given that so many organizations were involved in open source software by then. Here, the full license text and original copyright notice had to be included along with a statement of significant changes and making source code available with binaries. And commercial Unix variants struggled with SGI going bankrupt in 2006 and use of AIX and HP-UX Many of these open source projects flourished because of version control systems and the web. SourceForge was created by VA Software in 1999 and is a free service that can be used to host open source projects. Concurrent Versions System, or CVS had been written by Dick Grune back in 1986 and quickly became a popular way to have multiple developers work on projects, merging diffs of code repositories. That gave way to git in the hearts of many a programmer after Linus Torvalds wrote a new versioning system called git in 2005. GitHub came along in 2008 and was bought by Microsoft in 2018 for 2018. Seeing a need for people to ask questions about coding, Stack Overflow was created by Jeff Atwood and Joel Spolsky in 2008. Now, we could trade projects on one of the versioning tools, get help with projects or find smaller snippets of sample code on Stack Overflow, or even Google random things (and often find answers on Stack Overflow). And so social coding became a large part of many a programmers day. As did dependency management, given how many tools are used to compile a modern web app or app. I often wonder how much of the code in many of our favorite tools is actually original. Another thought is that in an industry dominated by white males, it's no surprise that we often gloss over previous contributions. It was actually Grace Hopper's A-2 compiler that was the first software that was released freely with source for all the world to adapt. Sure, you needed a UNIVAC to run it, and so it might fall into the mainframe era and with the emergence of minicomputers we got Digital Equipment's DECUS for sharing software, leading in part to the PDP-inspired need for source that Stallman was so adamant about. General Motors developed SHARE Operating System for the IBM 701 and made it available through the IBM user group called SHARE. The ARPAnet was free if you could get to it. TeX from Donald Knuth was free. The BASIC distribution from Dartmouth was academic and yet Microsoft sold it for up to $100,000 a license (see Commodore ). So it's no surprise that people avoided paying upstarts like Microsoft for their software or that it took until the late 70s to get copyright legislation and common law. But Hopper's contributions were kinda' like open source v1, the work from RMS to Linux was kinda' like open source v2, and once the term was coined and we got the rise of a name and more social coding platforms from SourceForge to git, we moved into a third version of the FOSS movement. Today, some tools are free, some are open source, some are free as in beer (as you find in many a gist), some are proprietary. All are valid. Today there are also about as many licenses as there are programmers putting software out there. And here's the thing, they're all valid. You see, every creator has the right to restrict the ability to copy their software. After all, it's their intellectual property. Anyone who chooses to charge for their software is well within their rights. Anyone choosing to eschew commercialization also has that right. And every derivative in between. I wouldn't judge anyone based on any model those choose. Just as those who distribute proprietary software shouldn't be judged for retaining their rights to do so. Why not just post things we want to make free? Patents, copyrights, and trademarks are all a part of intellectual property - but as developers of tools we also need to limit our liability as we're probably not out there buying large errors and omissions insurance policies for every script or project we make freely available. Also, we might want to limit the abuse of our marks. For example, Linus Torvalds monitors the use of the Linux mark through the Linux Mark Institute. Apparently some William Dell Croce Jr tried to register the Linux trademark in 1995 and Torvalds had to sue to get it back. He provides use of the mark using a free and perpetual global sublicense. Given that his wife won the Finnish karate championship six times I wouldn't be messing with his trademarks. Thank you to all the creators out there. Thank you for your contributions. And thank you for tuning in to this episode of the History of Computing Podcast. Have a great day.

Fluent Spanish Express Podcast
122. Language Reactor para practicar español con Netflix y YouTube

Fluent Spanish Express Podcast

Play Episode Listen Later Nov 24, 2021 11:25


En el episodio de hoy, una nueva recomendación para practicar vuestro español. En este caso, una herramienta o aplicación para añadir dobles subtítulos a los vídeos de YouTube y a las películas o las series en Netflix. Se llama Language Reactor, anteriormente conocida como Language Learning with Netflix. Es una extensión del navegador Google Chrome que, como decía, sirve para añadir doble subtítulos en los vídeos de YouTube y Netflix. Pronto estará disponible para Firefox y Edge. Una herramienta súper interesante ya que, además, te permite consultar mientras reproduces el vídeo el significado a través de un diccionario incorporado y la pronunciación. También, tiene varias funcionalidades en fase beta muy útiles para la traducción de textos o el uso de flashcards. Echadle un vistazo porque está genial. Espero que os guste tanto como a mí y, sobre todo, que os sirva como herramienta para practicar y mejorar vuestro español. Muchas gracias por vuestras valoraciones de 5 estrellas en iTunes, Google Podcasts y Spotify. Nos vemos en el próximo episodio.

Hacker Public Radio
HPR3472: consuming an AQI API

Hacker Public Radio

Play Episode Listen Later Nov 23, 2021


AQI Air Quality Index - measures particles in the air Ozone good at high altitudes bad on the earth surface https://en.wikipedia.org/wiki/Ozone#Low_level_ozone PM2.5 Particulate Matter, 2.5 micrometers https://en.wikipedia.org/wiki/Particulates#Size,_shape_and_solubility_matter https://en.wikipedia.org/wiki/Particulates#Wildfire_smoke_risk Getting AQI data Determining air quality in my area is as simple as visiting https://www.airnow.gov and entering my zip code. Although my zip code covers 139.56 square miles, the result is accurate enough for my needs. When my zip code was submitted, the web page did not refresh. This means that the client interface made an API call to the backend server. It sure would be nice if the AQI status was emailed to my phone every hour, if the AQI was above a certain threshold. In order to get the data from the API, it is necessary to emulate the request made by the client to the API. This can be accomplished using Firefox. open Firefox go to https://www.airnow.gov open the Firefox developer tools, either through the menu or with CTRL+SHIFT+i in the dev tools, select the Network tab enter the zip code in the form and submit watch the Network tab for a POST request to https://airnowgovapi.com/reportingarea/get click on the request in the network tab Another set of tabs are now available to display various bits of information regarding the request. From this data, it is possible to recreate the query. However, I took an even easier route, and right-clicked on the query in the Network tab, and selected Copy > Copy as cURL to get the request as a curl command complete with all necessary arguments prefilled. Since I didn't want to write my entire AQI fetching script in bash, I copied the curl command into a text file and ported the request to Ruby. The Finished Script #!/usr/bin/env ruby require 'net/http' require 'uri' require 'json' uri ="https://airnowgovapi.com/reportingarea/get" parsed_uri = URI.parse(uri) payload={latitude:39.88,longitude:-120.76,stateCode:'CA',maxDistance:50} response = Net::HTTP.post_form(parsed_uri, payload) data = JSON.parse(response.body)[0] aqi=data["aqi"].to_i category=data['category'] parameter=data['parameter'] output= "#{parameter}: #{aqi} - #{category}" puts output /opt/textjezra "#{output}"` if aqi > 70

Kenneth Wajda Photography Talks
WAJDA Photography Blog - 11.20.21 - Paul Kessel's Wonderful Photo of a Mom and Two Kids

Kenneth Wajda Photography Talks

Play Episode Listen Later Nov 20, 2021 4:32


Read Dina's article. https://dinalitovsky.bulletin.com/312411763768865/ (Opens in Chrome, but not Firefox.) Want to support my shows? You can, just visit this link at Paypal, or go to SupportKenneth.com to add your monthly contribution to keep the lights on! Check out my YouTube Channel of Photography Talks, my 6x6 Portraits Blog and my Daily Photography Podcast. Thanks! --- Send in a voice message: https://anchor.fm/kenneth-wajda/message Support this podcast: https://anchor.fm/kenneth-wajda/support

mixxio — podcast diario de tecnología
Volver, con la frente marchita

mixxio — podcast diario de tecnología

Play Episode Listen Later Nov 20, 2021 15:53


Privacidad máxima con DuckDuckGo / Winamp vuelve / MediTek 9000 impacta / Marco legal para emuladores / Shinkansen operado por ordenador / Autofiltrado de cookies en Git / RPi con 48 TB Patrocinador: La gala de premios Huawei Next Image son el mayor concurso de fotografía móvil https://consumer.huawei.com/es/community/next-image/ del mundo. Más de dos millones de personas de todo el mundo han participado, y este año viene con más premios que nunca. — Las inscripciones están abiertas https://consumer.huawei.com/es/community/next-image/ hasta el 30 de noviembre, y puedes participar en múltiples categorías. Si algún lector gana que lo comparta conmigo, ¿eh? Privacidad máxima con DuckDuckGo / Winamp vuelve / MediTek 9000 impacta / Marco legal para emuladores / Shinkansen operado por ordenador / Autofiltrado de cookies en Git / RPi con 48 TB

MP3 – mintCast
374 – Mounted Archery

MP3 – mintCast

Play Episode Listen Later Nov 17, 2021 45:14


First up in the news, Linux Mint Monthly News, Firefox 94 released, Steam OS announcement, System76 Desktop announcement, Intel has been doing this for a long time and Nvidia released a fix In security, A Dutch newspaper gets hacked, Azure is vulnerable, and AMD and Intel have more security flaws Then in our Wanderings, Joe works on an xbox, Josh remodels a bathroom, Tony got a new phone and Norbert tells us about running arch Download

mixxio — podcast diario de tecnología
Dos nuevas viejas ideas

mixxio — podcast diario de tecnología

Play Episode Listen Later Nov 10, 2021 15:06


¿Prefieres un avión con motor de amoniaco o aluminio? / SSD de 26 GBps / 64 GB de RAM en móviles / Niantic presenta SDK AR / IMAX Enhanced en Disney+ / Firefox en la Windows Store / Timadores declaran muerto al fundador de Instagram Patrocinador: Pásate a TotalEnergies https://www.totalenergies.es/es/hogares y reduce tu factura de la luz y del gas. En su web https://www.totalenergies.es/es/hogares podrás ver directamente cuánto podrás ahorrar. Tienen un servicio de atención al cliente gratuito y con personas que te entienden. Si te apuntas estos días te ahorrarás un 10% extra en el precio de tu factura https://www.totalenergies.es/es/hogares. ¿Prefieres un avión con motor de amoniaco o aluminio? / SSD de 26 GBps / 64 GB de RAM en móviles / Niantic presenta SDK AR / IMAX Enhanced en Disney+ / Firefox en la Windows Store / Timadores declaran muerto al fundador de Instagram ⚛️ Dos nuevas-viejas ideas para hacer los vuelos más ecológicos. Un modelo interesante de almacenamiento de energía para aviones de largo recorrido propuesto por Reaction Engines que usaría tanques de amoniaco que es convertido a una mezcla de amoniaco e hidrógeno usando el calor de los propios motores https://newatlas.com/aircraft/reaction-engines-ammonia-aviation/.

Loop Matinal
Quarta-feira, 10/11/2021

Loop Matinal

Play Episode Listen Later Nov 10, 2021 10:08


Apoio: Peduti Advogados Acelere a adequação da sua empresa à LGPD com quem sabe o que está fazendo. Acesse https://www.peduti.com.br/. -------------------------------- Sobre o Podcast O Loop Matinal é um podcast do Loop Infinito que traz as notícias mais importantes do mundo da tecnologia para quem não tem tempo de ler sites e blogs de tecnologia. Marcus Mendes apresenta um resumo rápido e conciso das notícias mais importantes, sempre com bom-humor e um toque de acidez. Confira as notícias das últimas 24h, e até amanhã! -------------------------------- Apoie o Loop Matinal! O Loop Matinal está no apoia.se/loopmatinal e no picpay.me/loopmatinal! Se você quiser ajudar a manter o podcast no ar, é só escolher a categoria que você preferir e definir seu apoio mensal. Obrigado em especial aos ouvintes Advogado Junio Araujo, Alexsandra Romio, Alisson Rocha, Anderson Barbosa, Anderson Cazarotti, Angelo Almiento, Arthur Givigir, Breno Farber, Caio Santos, Carolina Vieira, Christophe Trevisani, Claudio Souza, Dan Fujita, Daniel Ivasse, Daniel Cardoso, Diogo Silva, Edgard Contente, Edson  Pieczarka Jr, Fabian Umpierre, Fabio Brasileiro, Felipe, Francisco Neto, Frederico Souza, Gabriel Souza, Guilherme Santos, Henrique Orçati, Horacio Monteiro, Igor Antonio, Igor Silva, Ismael Cunha, Jeadilson Bezerra, Jorge Fleming, Jose Junior, Juliana Majikina, Juliano Cezar, Juliano Marcon, Leandro Bodo, Luis Carvalho, Luiz Mota, Marcus Coufal, Mauricio Junior, Messias Oliveira, Nilton Vivacqua, Otavio Tognolo, Paulo Sousa, Ricardo Mello, Ricardo Berjeaut, Ricardo Soares, Rickybell, Roberto Chiaratti, Rodrigo Rosa, Rodrigo Rezende, Samir da Converta Mais, Teresa Borges, Tiago Soares, Victor Souza, Vinícius Lima, Vinícius Ghise e Wilson Pimentel pelo apoio! -------------------------------- Netflix para iOS ganha recurso igual ao TikTok: 
https://www.bloomberg.com/news/articles/2021-11-09/netflix-to-roll-out-tiktok-like-short-clip-feature-aimed-at-kids Netflix lança jogos para iOS: https://9to5mac.com/2021/11/09/netflix-games-iphone-ipad/ Disney+ está em promoção: 
https://www.disneyplus.com/pt-br Multilaser anuncia notebooks: https://tecnoblog.net/530382/multilaser-lanca-notebooks-ultra-com-windows-11-e-ssd-veja-precos/ Procon-RJ notifica apps de carros: 
https://tecnoblog.net/530321/procon-carioca-notifica-99-e-uber-por-cancelamento-de-corridas/ Clubhouse libera Replay: https://techcrunch.com/2021/11/08/clubhouse-record-room-replay/ Instagram terá apoios diretos: https://9to5mac.com/2021/11/08/instagram-will-soon-let-users-support-creators-through-subscriptions/ Firefox chega à Windows Store: https://www.theverge.com/2021/11/9/22771845/mozilla-firefox-microsoft-store-windows-download McAfee é vendida por US$14 B: 
https://www.theverge.com/2021/11/8/22769910/mcafee-private-investor-group-acquisition-software Robinhood sofre vazamento: 
https://blog.robinhood.com/news/2021/11/8/data-security-incident Xiaomi lança o Poco M4 Pro 5G: https://tecnoblog.net/530400/xiaomi-lanca-poco-m4-pro-5g-com-camera-de-50-mp-e-bateria-grande/ Vazam fotos do Galaxy S22 Ultra: https://tecnoblog.net/530054/galaxy-s22-ultra-deve-ser-novo-note-fotos-vazadas-mostram-espaco-para-s-pen/ PayPal divulga resultados financeiros: https://www.cnbc.com/2021/11/08/paypal-pypl-earnings-q3-2021.html Niantic anuncia ferramenta de criação de mundo imersivo: 
https://www.theverge.com/2021/11/8/22768925/niantic-lightship-developer-platform-john-hanke-pokemon-go Nvidia lança ferramenta Omniverse: 
https://siliconangle.com/2021/11/09/nvidia-brings-highly-realistic-walking-talking-ai-avatars-omniverse-design-tool/ Apple divulga relatório de transparência: 
https://9to5mac.com/2021/11/08/apple-transparency-report-covering-h2-2020/ Apple não fechará App Store durante o Natal: 
https://www.macrumors.com/2021/11/08/app-store-connect-open-this-holiday-season/?scrolla=5eb6d68b7fedc32c19ef33b4 -------------------------------- Site do Loop Matinal: http://www.loopmatinal.com Anuncie no Loop Matinal: comercial@loopinfinito.net Marcus Mendes: https://www.twitter.com/mvcmendes Loop Infinito: https://www.youtube.com/oloopinfinito

This is Today
Scrapple

This is Today

Play Episode Listen Later Nov 9, 2021 2:00


This is Today features the stories that make this day unique. It's Tuesday, November 9, 2021, and here is what we talk about today:National Scrapple DayFirefox 1.0 is releasedHelp to support this podcast:Become a Patron!Subscribe to Learning More Get bonus content on Patreon See acast.com/privacy for privacy and opt-out information.

Destination Linux
251: Why We Became Linux Enthusiasts

Destination Linux

Play Episode Listen Later Nov 9, 2021 68:10


This week's episode of Destination Linux, we are going to discuss what made us Linux Enthusiasts! Then we're going to discuss some good news with Firefox's latest release . . . it seems that the have been listening to DL. Plus we've also got our famous tips, tricks and software picks. All of this and […]

Late Night Linux
Late Night Linux – Episode 150

Late Night Linux

Play Episode Listen Later Nov 9, 2021 31:54


A new cheap Pi and a new version of Raspberry Pi OS, Firefox gets pretty new colours, a management shakeup at GitHub, Red Hat's new dev hiring policy, KDE Korner, and more. With guest host Jim Salter from 2.5 Admins.   News Raspberry Pi Zero 2 W on sale now at $15 The Pi Zero... Read More

Late Night Linux All Episodes
Late Night Linux – Episode 150

Late Night Linux All Episodes

Play Episode Listen Later Nov 9, 2021 31:54


A new cheap Pi and a new version of Raspberry Pi OS, Firefox gets pretty new colours, a management shakeup at GitHub, Red Hat's new dev hiring policy, KDE Korner, and more. With guest host Jim Salter from 2.5 Admins.   News Raspberry Pi Zero 2 W on sale now at $15 The Pi Zero... Read More

Linux User Space
Episode 2:10: Watch_OUT!

Linux User Space

Play Episode Listen Later Nov 8, 2021 84:24


0:00 Cold Open 1:34 Banter: IP Bloggin 12:04 Topic: Ubuntu's Flutter Installer 17:59 Topic: Fedora 35 21:15 Topic: Linux Kernel 5.15 24:51 Topic: Edge Watch! 29:48 Topic: TOK 32:43 Topic: Mozilla Watch! 54:47 Topic: Brave Watch! 1:02:35 Topic: Trojan Source 1:08:54 Housekeeping 1:14:04 App Focus: Fragments 1:19:29 Next Time 1:22:57 Stinger Coming up in this episode 1. Some ip peeking 2. Installing with Flutter 3. Edge Watch 4. Mozilla Watch 5. Brave Watch 6. And fragmented downloads Banter - Leo is working on a blog (https://leochavez.org) post about some basic ip commands. ip -c a ip -br -c a ip -br -c l ip -br -c n ip -c r resolvectl dns Ubuntu Flutter Installer It is in the daily test isos (https://discourse.ubuntu.com/t/new-desktop-installer-preview-build/24765) Look for the Canary builds. Fedora 35 Release Party! (https://fedoramagazine.org/announcing-fedora-35/) What's new (https://fedoramagazine.org/whats-new-fedora-35-workstation/) November 12–13 is the release party - registration required (https://hopin.com/events/fedora-linux-35-release-party/registration) Linux Kernel 5.15 released (https://9to5linux.com/linux-kernel-5-15-released-with-new-ntfs-file-system-in-kernel-smb-server-and-more) Edge Watch Microsoft Edge Now Stable on Linux (https://www.microsoft.com/en-us/edge#linux) Official announcement in there somewhere (https://blogs.windows.com/msedgedev/2021/11/02/edge-ignite-nov-2021/) TOK, a KDE-Telegram Client Niccolò Ve's recent video (https://tube.kockatoo.org/w/kmsaS5tJTaB5AZNRujdRAd) TOK (https://invent.kde.org/network/tok) Mozilla Watch Firefox turns 94 (https://www.mozilla.org/en-US/firefox/94.0/releasenotes/) With EGL in tow (https://mastransky.wordpress.com/2021/10/30/firefox-94-comes-with-egl-on-x11/) more on EGL (https://mozillagfx.wordpress.com/2021/10/30/switching-the-linux-graphics-stack-from-glx-to-egl/) And Side Channel Attack Prevention (https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture/) configure which tabs are unloaded manually in about:unload (https://support.mozilla.org/kb/unload-inactive-tabs-save-system-memory-firefox) Mozilla kills malicious addons used by 455k Firefox users (https://www.bleepingcomputer.com/news/security/mozilla-blocks-malicious-add-ons-installed-by-455k-firefox-users/) Plasma Browser Integration Unavailable because of MFA Requirement (https://blog.broulik.de/2021/10/psa-plasma-browser-integration-currently-unavailable/) The delayed commit (https://invent.kde.org/plasma/plasma-browser-integration/-/commit/7f3bc46f90440dd6baccb3e2b9b29212338d2b00) More useful mobile Home page (https://blog.mozilla.org/en/mozilla/news/firefox-brings-you-a-new-homepage/) Brave Watch Brave Ditches Google, Qwant and DuckDuckGo by Default (https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/) Unicode's Bidi Algorithm Breaks All Code Forever (https://www.trojansource.codes/) Rust is the first to patch (that Leo found) (https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html) Housekeeping Ubuntu Security Podcast (https://ubuntusecuritypodcast.org) Reddit subreddit - https://reddit.com/r/LinuxUserSpace/ Email us - contact@linuxuserspace.show Linux User Space Discord Server (https://linuxuserspace.show/discord) Our Matrix room (https://linuxuserspace.show/matrix) Support us at Patreon (https://patreon.com/linuxuserspace) Join us on Telegram (https://linuxuserspace.show/telegram) Follow us on Twitter (https://twitter.com/LinuxUserSpace) Watch us on YouTube (https://linuxuserspace.show/youtube) Or Watch us on Odysee (https://linuxuserspace.show/odysee) Check out our website https://linuxuserspace.show App Focus Gnome Fragments Gnome Fragments (https://gitlab.gnome.org/World/Fragments) Next Time We wrap up our thoughts on Zorin OS Zorin OS (https://zorin.com/os/) Join us in two weeks when we return to the Linux User Space Stay tuned on Twitter, Telegram, Matrix, Discord whatever. Give us your suggestions on our new subreddit r/LinuxUserSpace Join the conversation. Talk to us, and give us more ideas. We would like to acknowledge our top patrons. Thank you for your support! Contributor Nicholas CubicleNate LiNuXsys666 Jill and Steve WalrusZ sleepyeyesvince Co-Producer Donnie Johnny Producer Bruno John

Craig Peterson's Tech Talk
You Know How To Use Fake Email Addresses to Stay Safe?

Craig Peterson's Tech Talk

Play Episode Listen Later Nov 5, 2021 64:01


If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [Automated transcript follows] [00:00:16] Email is something that we've had for a long time. [00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control. [00:00:46] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and it gets sort of almost all of the fishing and a lot of the spam and other things that are coming. [00:01:09] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it. [00:01:34] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp. [00:01:55] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail. [00:02:20] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account. [00:02:42] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular. [00:03:10] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature. [00:03:30] This lets you create random email addresses and those email addresses. And up in your regular, uh, icloud.com or me.com, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing. [00:03:57] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I cloud.com that doesn't tell anybody. Who you are, and you can put a label in there. [00:04:21] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an account@jamwirebeats.com. [00:04:45] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, cobb.com. Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, two6@icloud.com and it's supposedly from bank of America, you instantly know that is spam. [00:05:23] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire beats.com. This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it. [00:05:53] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an example@craigpeterson.com and now emails that Libson wants to send me. I'll go to Craig. Libsyn@craigpeterson.com. Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right. [00:06:28] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out. [00:06:55] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy. [00:07:17] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at is Firefox. [00:07:37] Have a look@fastmail.com. And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there. [00:07:57] And then if you're interested, by the way, just send an email to me, me. Craig peterson.com. Please use that email address emmy@craigpeterson.com because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail. [00:08:22] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage. [00:08:45] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man. [00:09:12] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail. [00:09:35] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's temp-mail.org. Don't send anything. That is confidential on this. [00:09:57] Don't include any credit card numbers, nothing. Okay. But temp-mail.org will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool. [00:10:22] It's quite simple. So I'm right there right now. temp-mail.org. And I said, okay, give me email address. So gave me one. five04@datacop.com. Is this temporary email, so you can copy that address. Then you can come back into again, temp-mail.org and read your email for a certain period of time. So it is free. [00:10:48] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts. [00:11:12] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig peterson.com. Make sure you subscribe to my newsletter. [00:11:25] Well, you've all heard is up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed? [00:11:42] Ransomware is terrible. It's crazy. Much of it comes in via email. [00:11:49] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record. [00:12:21] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year. [00:12:50] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your. [00:13:27] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case. [00:13:55] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't productively like some friend, right. And you can go ahead and send them an email with a link in it. [00:14:20] And they click the link and it installs ransomware and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig peterson.com. But this article goes through. What are some of the steps it's by Daniel Clayton? [00:14:48] It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window. You might want to check it out, but he's got a nice little list here of things that you want to do. [00:15:13] So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things. Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving. [00:15:47] And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play. It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years. [00:16:27] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, and. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware. [00:16:50] They had to shut down globally for. Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything. [00:17:14] One of the ladies in one of my mastermind groups basically said that, right? Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling. [00:17:37] So he was just kind of freaking out for good. But I explained, okay, so here's what you do. And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it. [00:18:03] Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero. You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants. [00:18:29] Turn it off one or more systems. I might've gotten ransomware. And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every. [00:18:56] Not just pull the plug. I w I'm talking about the ethernet cable, right? Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has. [00:19:18] Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced. And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense. [00:19:40] You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want. Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing. [00:20:00] You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay. Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away. [00:20:25] But you got to figure that out. There's no one size fits all for all of this. At over $11,000 for an individual ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig Peterson.com and get my newsletter along with all of the free trainings. [00:20:52] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of clever. [00:21:08] By now you must've seen if not used QR codes. [00:21:12] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using. [00:21:35] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows. [00:22:02] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day. [00:22:39] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered? [00:23:01] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now. [00:23:26] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments. [00:24:01] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code. [00:24:26] So even if the mail gateway software is scanning for pictures and looking for a specific QR codes, basically, they're still getting. So the good news is the use of the QR codes in these types of phishing emails is still quite rare. We're not seeing a lot of them yet. We are just starting to see them, uh, hyperlinks to phishing sites, a really common with some of these QR codes. [00:24:58] But this is the first time we've seen an actor embed, a functional QR code into an email is not. Now the better business bureau warned of a recent uptick, ticking complaints from consumers about scams involving QR codes, not just an email here, but because these codes can't really be read by the human eye at all. [00:25:21] The attackers are using them to disguise malicious links so that you know, that vendor that I talked about, that retail establishment that's using the QR codes and hoping people walking by will scan it in order to get some of that information. Well, People are going to be more and more wary of scanning QR codes, right? [00:25:43] Isn't that just make a lot of sense, which is why, again, one of the items in our protection stack that we use filters URLs. Now you can get a free. The filter and I cover this in my workshop, how to do it, but if you go to open DNS, check them out, open DNS, they have a free version. If you're a business, they want you to pay, but we have some business related ones to let you have your own site to. [00:26:15] Based on categories and all that sort of stuff, but the free stuff is pretty generalized. They usually have two types, one for family, which blocks the stuff you might think would be blocked. Uh, and other so that if you scan one of these QR codes and you are using open DNS umbrella, one of these others, you're going to be much, much. [00:26:39] Because it will, most of the time be blocked because again, the umbrella is more up-to-date than open DNS is, but they are constantly monitoring these sites and blocking them as they need to a mobile iron, another security company. I conducted a survey of more than 4,400 people last year. And they found that 84% have used a QR code. [00:27:05] So that's a little better than I thought it was. Twenty-five percent of them said that they had run into situations where a QR code did something they did not expect including taking them to a malicious website. And I don't know, are they like scanning QR codes in the, in the men's room or something in this doll? [00:27:24] I don't know. I've never come across a QR code. That was a malicious that I tried to scan, but maybe I'm a little more cautious. 37% were. Saying that they could spot a malicious QR code. Yeah. Yeah. They can read these things while 70% said they'd be able to spot a URL to a phishing or other malicious website that I can believe. [00:27:50] But part of the problem is when you scan a QR code, it usually comes up and it says, Hey, do you want to open this? And most of that link has invisible is, is not visible because it is on your smartphone and it's not a very big screen. So we'll just show you the very first part of it. And the first part of it, it's going to look pretty darn legit. [00:28:14] So again, that's why you need to make sure you're using open DNS or umbrella. Ideally, you've got it installed right at your edge at your router at whoever's handling DHCP for your organization. Uh, in the phishing campaign at normal had detected with using this QR code, uh, code they're saying the attackers had previously compromised, some outlook, email accounts, belonging to some legitimate organizations. [00:28:43] To send the emails with malicious QR codes. And we've talked about that before they use password stuffing, et cetera. And we're covering all of this stuff in the bootcamp and also, well, some of it in the bootcamp and all of this really in the workshops that are coming up. So keep an eye out for that stuff. [00:29:03] Okay. Soup to nuts here. Uh, it's a, uh, it's a real. Every week, I send out an email and I have been including my show notes in those emails, but I found that most people don't do anything with the show notes. So I'm changing, I'm changing things this week. How some of you have gotten the show notes, some of you haven't gotten the show notes, but what I'm going to be doing is I've got my show notes on my website@craigpeterson.com. [00:29:35] So you'll find them right. And you can get the links for everything I talk about right here on this. I also now have training in every one of my weekly emails. It's usually a little list that we've started calling listicles and it is training on things you can do. It is. And anybody can do this is not high level stuff for people that are in the cybersecurity business, right. [00:30:07] Home users, small businesses, but you got to get the email first, Craig peterson.com and signup. [00:30:14] California is really in trouble with these new environmental laws. And yet, somehow they found a major exception. They're letting the mine lithium in the great salt and sea out in California. We'll tell you why. [00:30:31] There's an Article in the New York times. And this is fantastic. It's just a incredible it talking about the lithium gold rush. [00:30:43] You already know, I'm sure that China has been playing games with some of these minerals. Some of the ones that we really, really need exotic minerals that are used to make. Batteries that are used to power our cars. And now California is banning all small gasoline engine sales. So the, what is it? 55,000 companies out in California that do lawn maintenance are going down. [00:31:13] To drive those big lawnmowers around running on batteries. They're estimating it'll take 30 packs battery packs a day. Now, remember California is one of these places that is having rolling blackouts because they don't have. Power, right. It's not just China. It's not just Europe where they are literally freezing people. [00:31:37] They did it last winter. They expect to do it more. This winter, since we stopped shipping natural gas and oil, they're freezing people middle of winter, turning off electronics. California, at least they're not too likely to freeze unless they're up in the mountains in California. So they don't have enough power to begin with. [00:31:57] And what are they doing there? They're making it mandatory. I think it was by 2035 that every car sold has to be electric. And now they have just gotten rid of all of the small gasoline engines they've already got. Rolling blackouts, come on. People smarten up. So they said, okay, well here's what we're going to do. [00:32:20] We need lithium in order to make these batteries. Right. You've heard of lithium-ion batteries. They're in everything. Now, have you noticed with lithium batteries, you're supposed to take them to a recycling center and I'm sure all of you do. When your battery's dead in your phone, you take it to a recycling center. [00:32:39] Or if you have a battery that you've been using in your Energizer bunny, and it's a lithium battery, of course you take it to the appropriate authorities to be properly disposed of because it's toxic people. It is toxic. So we have to be careful with this. Well, now we're trying to produce lithium in the United States. [00:33:06] There are different projects in different parts of the country, all the way from Maine through of course, California, in order to try and pull the lithium out of the ground and all. Let me tell you, this is not very green at all. So novel. Peppa Northern Nevada. They've started here blasting and digging out a giant pit in this dormant volcano. [00:33:38] That's going to serve as the first large scale, lithium mine in the United States and more than a decade. Well, that's good. Cause we need it. And do you know about the supply chain problems? Right. You've probably heard about that sort of thing, but that's good. This mine is on least federal lands. What does that mean? [00:33:59] Well, that means if Bernie Sanders becomes president with the flick of a pen, just like Joe Biden did on his first day, he could close those leads to federal lands. Yeah. And, uh, we're back in trouble again, because we have a heavy reliance on foreign sources of lithium, right. So this project's known as lithium Americas. [00:34:25] There are some native American tribes, first nation as they're called in Canada. Uh, ranchers environmental groups that are really worried, because guess what? In order to mine, the lithium, and to do the basic processing onsite that needs to be done, they will be using. Billions of gallons of groundwater. [00:34:48] Now think of Nevada. Think of California. Uh, you don't normally think of massive lakes of fresh water to. No. Uh, how about those people that are opposed to fracking? Most of them are opposed to fracking because we're pumping the water and something, various chemicals into the ground in order to crack the rock, to get the gas out. [00:35:11] Right. That's what we're doing. They don't like that. But yet, somehow. Contaminating the water for 300 years and leaving behind a giant mound of waste. Isn't a problem for these so-called Greenies. Yeah. A blowing up visit quote here from max Wilbert. This is a guy who has been living in a tent on this proposed mine site. [00:35:38] He's got a. Lawsuits that are going, trying to block the project. He says blowing up a mountain. Isn't green, no matter how much marketing spend people put on it, what have I been saying forever? We're crazy. We are insane. I love electric cars. If they are coolest. Heck I would drive one. If I had one, no problem. [00:35:57] I'm not going to bother to go out and buy one, but, uh, yeah, it's very cool, but it is anything but green. Electric cars and renewable energy are not green, renewable energy. The solar and the wind do not stop the need for nuclear plants or oil or gas burners, or cold burners, et cetera. Because when the sun isn't shining, we still need electricity. [00:36:29] Where are we getting to get it? When the wind isn't blowing or when the windmills are broken, which happens quite frequently. Where are we going to get our power? We have to get it from the same way we always have from maybe some, uh, some old hydro dams. Right. But really we got to start paying a lot more attention to nuclear. [00:36:53] I saw a couple of more nuclear licenses were issued for these six gen nuclear plants that are green people. They are green, but back to our lithium mine. They're producing cobalt and nickel as well as the lithium. And they are ruined this to land, water, wildlife, and. Yeah. Yeah, absolutely. Uh, we have had wars over gold and oil before and now we're looking at minerals. [00:37:27] In fact, there's a race underway between the United States, China, Europe, Russia, and others, looking for economic and technological dominance for decades to come by grabbing many of these precious minerals. So let's get into this a little bit further here. Okay. So they're trying to do good, but really they're not green. [00:37:53] They're they're not doing good. And this is causing friction. Okay. Um, first three months of this year, us lithium miners raise nearly three and a half billion dollars from wall street, seven times the amount raised in the last six months or 36 months. Yeah, huge. Money's going into it. Okay. They're going after lithium from California's largest leak, the Salton sea. [00:38:23] Yeah. Yeah. So they're going to use specially coded beads to extract lithium salt from the hot liquid pumped up from an aquifer more than 4,000 feet below the surface. Hmm. Sounds like drilling aren't they anti drilling to the self-contained systems connected to geothermal power plants generating emission free electricity. [00:38:44] Oh, that's right. They don't have a problem with the ring of fire in California with earthquakes and things. Right. Ah, yeah. Drilling on that and using the, the, uh, It's not going to be a problem. Uh, so, um, yeah, so that you're hoping to generate revenue needed to restore the lake fouled by toxic runoff from area farms for decades. [00:39:08] So they're looking to do more here. Lithium brine, Arkansas, Nevada, North Dakota, as I mentioned already, Maine. Uh, they're using it in every car that's out there, smartphones, et cetera. Uh, the us has some of the world's largest reserves, which is, I guess, a very good thing. Right? A silver peak mine in Nevada is producing 5,000 tons a year, which is less than 2% of the world's supply. [00:39:40] Uh, this is just absolutely amazing going through this. Okay. Um, I know bomb administration official, Ben Steinberg said right now, China decided to cut off the U S for a variety of reasons. We're in trouble. Yeah. You think. Uh, the another thing here in the New York times article is from this rancher and it's a bit of a problem. [00:40:06] He's got 500 cows and calves. Roaming is 50,000 acres and Nevada's high desert is going to have to start buying feed for. This local, mine's going to reach about 370 feet. Uh, here's another kind of interesting thing. This mine one mine is going to consume 3,200 gallons of water. Per minute. Yeah. In, in Baron Nevada, I I'm looking at a picture of this and it is just dead sagebrush. [00:40:37] Oh my gosh. So they're expecting the water table will drop at least 12 feet. They're going to be producing 66,000 tons of battery grade, lithium carbonate a year. But, uh, here we go. They're digging out this mountain side and they're using 5,800 tons of so FERC acid per day. Yeah. They're mixing clay dug out from the ma from the Mount side with 5,800 tons of clay of sulfuric acid. [00:41:10] I should say every day, they're also consuming 354 million cubic yards. Of mining waste. I'm not consuming creating 354 million cubic yards of mining waste loaded with, uh, discharged from this sulfuric acid treatment and may contain. Modest amounts of radioactive uranium. That's according to the permit documents, they're expecting it'll degrade quote unquote 5,000 acres of winter range used by the antelope herd, the habitat of the Sage groves nesting areas for Eagles. [00:41:48] It just goes on and on. It is not. BLM is not, of course stumbled the bureau of land management, but I guess both PLMs are not, and this is a real problem and the tribes are trying to stop it. The farmers are trying to stop it, but Hey, California needs more lithium batteries for their electric cars. [00:42:10] They're electric lawn mowers, leaf blowers, et cetera. So we've got to get that lithium. We've got to get it right away, uh, in order for their green appetite in. Hey get some sanity. Craig peterson.com. Sign up for my newsletter right now. [00:42:28] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next. [00:42:44] The next thing to look for when it comes to the emails and these fake log-in pages is a spelling mistake or grammatical errors. [00:42:56] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the, the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. Right. That's why I use Grammarly. [00:43:17] If you have to ever write anything or which includes anything from an email or a document, uh, you, you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, I guess, to the hackers out there, but the hackers will often use a URL that is very close to. [00:43:41] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be a amazon-aws.com or a TD bank dash. Um, account.com, something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well. [00:44:16] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Uh, make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website. [00:44:38] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security number. So I can validate the someone broke into your account. No, no, no, no, no, they don't. They don't just call you up like that nowadays. They'll send you a message in their app. [00:44:55] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone now. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as you know, it not what's in the email and. [00:45:32] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link. [00:45:57] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left of your. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have not opened them in a while. [00:46:25] And then I will drop you off the list. Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to me@craigpeterson.com and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track who responded to. [00:46:53] And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know that you responded. I know you're interacting, so I know I'm not bothering you. Right. And I know I need to respond to. [00:47:13] Well much the same thing is true with some of these links. When I have a link in my newsletter and I say, Hey, I'm linking to MIT's article. It is not going to be an MIT. Because again, I want to know what are you guys interested in? So anytime you click on a link, I'll know, and I need to know that, so I know why, Hey, wait a minute. [00:47:37] Now, 50% of all of the people that opened the emails are interested in identifying fake login pages. So what do I do? I do something like I'm doing right now. I go into depth on fake login. Pages. I wouldn't have known that if I wasn't able to track it. So just because the link doesn't absolutely look legit doesn't mean it isn't legit, but then again, if it's a bank of it involves financial transactions or some of these other things be more cautious. [00:48:13] So double-check for misspellings or grammatical errors. Next thing to do is to check the certificate, the security certificate on the site. You're on this gets a little bit confusing. If you go to a website, you might notice up in the URL bar, the bar that has the universal resource locator, that's part of the internet. [00:48:40] You might've noticed. There's a. And people might've told you do check for the lock. Well, that lock does not mean that you are saying. All it means is there is a secure VPN from your computer to the computer on the other side. So if it's a hacker on the other side, you're sending your data securely to the hacker, right? [00:49:07] That's not really going to do you a whole lot of good. This is probably one of the least understood things in the whole computer security side, that connect. Maybe secure, but is this really who you think it is? So what you need to do is click on their certificate and the certificate will tell you more detail. [00:49:32] So double-check their certificate and make sure it is for the site. You really. To go to, so when it's a bank site, it's going to say, you know, the bank is going to have the bank information on it. That makes sense. But if you go for instance on now, I'm going to throw a monkey wrench into this whole thing. [00:49:51] If you go to Craig peterson.com, for instance, it's going to say. Connection is secure. The certificate is valid, but if you look at their certificate and the trust in the details, it's going to be issued by some company, but it's going to just say Craig peterson.com. It's not going to give a business name like it would probably do for a bank. [00:50:17] So you know, a little bit of a twist to it, but that's an important thing. Don't just count on the lock, make sure that the certificate is for the place you want to contact. Last, but not least is multi-factor authentication. I can't say this enough. If the bad guys have your username or email address and your password for a site, if you're using multifactor authentication, they cannot get. [00:50:56] So it's going to prevent credential stuffing tactics, or they'll use your email and password combinations that have already been stolen for mothers sites to try and hack in to your online profile. So very important to set up and I advise against using two factor authentication with your, just a cell phone, as in a text message SMS, it is not secure and it's being hacked all of the time. [00:51:26] Get an authorization. App like one password for instance, and you shouldn't be using one password anyways, for all of your password. And then Google has a free one called Google authenticator. Use those instead of your phone number for authentication. [00:51:43] I've been warning about biometric databases. And I, I sat down with a friend of mine who is an attorney, and he's using this clear thing at the airport. I don't know if you've seen it, but it's a biometric database. What are the real world risks? [00:52:00] Well, this " Clear"company uses biometrics. It's using your eye. Brent, if you will, it's using your Iris. [00:52:08] Every one of us has a pretty darn unique Iris, and they're counting on that and they're using it to let you through TSA very quickly. And this attorney, friend of mine thinks it's the best thing since sliced bread, because he can just. Right on through, but the problem here is that we're talking about biometrics. [00:52:30] If your password gets stolen, you can change it. If your email account gets hacked, I have another friend who his account got hacked. You can get a new email account. If your Iris scan that's in this biometric database gets stolen. You cannot replace your eyes unless of course you're Tom cruise and you remember that movie, right. [00:53:00] And it's impossible to replace your fingerprints. It's possible to replace your face print. Well, I guess you could, to a degree or another, right. Some fat injections or other things. Could it be done to change your face sprint, but these Iris scans fingerprints and facial images are something I try not to provide any. [00:53:27] Apple has done a very good job with the security of their face print, as well as their fingerprint, because they do not send any of that information out directly to themselves, or do any database at all. They are stored only on the device itself. And they're in this wonderful little piece of electronics that cannot be physically compromised. [00:53:56] And to date has not been electronically compromised either. They've done a very, very good. Other vendors on other operating systems like Android, again, not so much, but there are also databases that are being kept out there by the federal government. I mentioned this clear database, which isn't the federal government, it's a private company, but the federal government obviously has its fingers into that thing. [00:54:27] The office of personnel. Uh, for the federal government, they had their entire database, at least pretty much the entire database. I think it was 50 million people stolen by the red, Chinese about six years ago. So the communists. Uh, copies of all of the information that the officer personnel management had about people, including background checks and things. [00:54:55] You've probably heard me talk about that before. So having that information in a database is dangerous because it attracts the hackers. It attracts the cybercriminals. They want to get their hands on it. They'll do all kinds of things to try and get their hands. We now have completely quit Afghanistan. [00:55:19] We left in a hurry. We did some incredibly stupid things. I just, I can't believe a president of the United States would do what was done here. And now it's been coming out that president Biden completely ignored. The advice that he was getting from various military intelligence and other agencies out there and just said, no, we're going to be out of there. [00:55:46] You have to limit your troops to this. And that's what causes them to close the airbase bog that we had had for so many years. Apparently the Chinese are talking about taking it over now. Yeah. Isn't that nice. And whereas this wasn't an eternal war, right? We hadn't had anybody die in a year and a half. [00:56:05] Uh, it's crazy. We have troops in south Vietnam. We have troops in Germany. We have troops in countries all over the world, Japan, you name it so that we have a local forest that can keep things calm. And we were keeping things calm. It's just mind blowing. But anyhow, politics aside, we left behind a massive database of biometric database. [00:56:40] Of Afghanis that had been helping us over in Afghanistan, as well as a database that was built using us contractors of everyone in the Afghan military, and basically third genealogy. Who their parents were the grandparents blood type weight, height. I'm looking at it right now. All of the records in here, the sex ID nationality. [00:57:13] Uh, date of exploration, hair color, favorite fruit, favorite vegetables, place of birth, uncle's name marker signature approval. Signature date, place of birth. Date of birth address, permanent address national ID number, place of ISS. Date of ISS native language salary. Date of salary, group of salary, police of salary education. [00:57:38] Father's named graduation date kind of weapon. And service number. These were all in place in Afghanistan. We put them in place because we were worried about ghost soldiers. A gold soldier was someone who we were paying the salary of taxpayers. The United States were paying the salaries of the Afghan military for quite some time. [00:58:06] And we were thinking that about half of the. Payroll checks. We were funding. We're actually not going to people who were in the military, but we're going to people who were high up within the Afghan government and military. So we put this in place to get rid of the ghost soldiers. Everybody had to have all of this stuff. [00:58:33] In the database, 36 pieces of information, just for police recruitment. Now this information we left behind and apparently this database is completely in the hand of the Taliban. Absolutely. So we were talking about Americans who helped construct Afghanistan and the military and the Teleman, the looking for the networks of their Poland supporters. [00:59:07] This is just absolutely amazing. So all of the data doesn't have clear use, like who cares about the favorite fruit or vegetable, but the rest of it does the genealogy. Does they now know who was in the police department, who was in the military, who their family is, what their permanent address is. Okay. [00:59:31] You see the problem here and the biometrics as well in the biometrics are part of this us system that we were using called hide H I D E. And this whole hide thing was a biometric reader. Well, the military could keep with them. There were tens of thousands of these things out in the field. And when they had an encounter with someone, they would look up their biometrics, see if they were already in the database and in the database, it would say, yeah, you know, they're friendly, they're an informant. [01:00:08] Or we found them in this area or w you know, we're watching them. We have concerned about them, et cetera, et cetera. Right. All of their actions were in. Well turns out that this database, which covered about 80% of all Afghans and these devices are now in the hands of the Taliban. Now, the good news with this is that that a lot of this information cannot be easily extracted. [01:00:40] So you're not going to get some regular run of the mill Taliban guide to pick one of these up and start using. But, uh, the what's happening here is that we can really predict that one of these surrounding companies like Pakistan that has been very cooperative with the Taliban. In fact, they gave refuge to Saddam, not Saddam Hussein, but to bin Ladin and also Iran and China and Russia. [01:01:13] Any of those countries should be able to get into that database. Okay. So I think that's really important to remember now, a defense department spokesperson quote here, Eric Faye on says the U S has taken prudent actions to ensure that sensitive data does not fall into the Tolo bonds. And this data is not at risk of misuse. [01:01:38] Misuse that's unfortunately about all I can say, but Thomas Johnson, a research professor at the Naval postgraduate school in Monterey, California says, uh, not so fast. The Taliban may have used biometric information in the Coon dues attack. So instead of taking the data straight from the high devices, he told MIT technology review that it is possible that Tolo bond sympathizers in Kabul provided them. [01:02:11] With databases as a military personnel against which they could verify prints. In other words, even back in 2016, it may have been the databases rather than these high devices themselves pose the greatest risk. This is very concerning big article here in MIT technology review. I'm quoting from it a little bit here, but there are a number of databases. [01:02:39] They are biometric. Many of these, they have geological information. They have information that can be used to round up and track down people. I'm not going to mention world war two, and I'm not going to mention what happened with the government before Hitler took over, because to do that means you lose that government had registered firearms, that government had registered the civilians and the people and Afghanistan. [01:03:13] The government was also as part of our identification papers, registering your religion. If you're Christian, they're hunting you down. If you were working for the military, they're hunting new day. And this is scary. That's part of the reason I do not want biometric information and databases to be kept here in the U S Hey, make sure you get my show notes every week on time, along with free training, I try to help you guys out. [01:03:50] Craig peterson.com. Craig peterson.com. Here I am. Cybersecurity strategist and available to you.

MP3 – mintCast
373 – Ex-SUSE Me, Microsoft?

MP3 – mintCast

Play Episode Listen Later Nov 3, 2021 50:34


First up in the news, Raspberry PI Zero 2 W, Xorg has something new, SUSE goes Edge, A new MX linux, and Microsoft Blunders In security, an NPM library gets hijacked, Proton will not retain your data, Firefox implements GPC, and black Friday scams abound Then in our Wanderings, Joe tries his hand at tv repair, Norbert plays with legos, Tony shops for a new pc, and Josh gets a new throne Download

Security Now (Video HD)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (Video HD)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

Security Now (MP3)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (MP3)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

Security Now (Video LO)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (Video LO)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

Security Now (Video HI)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (Video HI)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

All TWiT.tv Shows (Video LO)
Security Now 843: Trojan Source

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

All TWiT.tv Shows (MP3)
Security Now 843: Trojan Source

All TWiT.tv Shows (MP3)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

mixxio — podcast diario de tecnología

Cuchillos de madera / Mapa galáctico / Pausas en TikTok / Político en apuros por un meme de su perro / Los Power Ranger ahora en NFT / Stargate AI / 20º cumpleaños del iPod Patrocinador: BluaU de Sanitas http://bluau.es/ es el nuevo complemento digital del seguro médico de Sanitas que incorpora la más alta tecnología para ayudarte en el cuidado de tu salud y la de tu familia. — BluaU lanza Conecta con tu Salud http://bluau.es/, un nuevo servicio que te permite comunicar directamente tu actividad y estado físico con tus médicos, psicólogos, nutricionistas y entrenadores personales. Cuchillos de madera / Mapa galáctico / Pausas en TikTok / Político en apuros por un meme de su perro / Los Power Ranger ahora en NFT / Stargate AI / 20º cumpleaños del iPod

Linux User Space
Episode 2:09: Garudians of the Galaxy

Linux User Space

Play Episode Listen Later Oct 25, 2021 98:01


0:00 Cold Open 1:15 Coming Up 1:50 Banter - Gitea in Docker 11:48 History: Garuda 52:27 Thoughts: Garuda 1:15:42 Housekeeping 1:21:36 App Focus 1:33:46 Next Time 1:35:28 Thank You 1:36:24 Stinger Patreon. (https://patreon.com/linuxuserspace) Youtube. (https://linuxuserspace.show/youtube) Twitter. (https://linuxuserspace.show/twitter) Odysee. (https://linuxuserspace.show/odysee) Discord. (https://linuxuserspace.show/discord) Telegram. (https://linuxuserspace.show/telegram) Matrix. (https://linuxuserspace.show/matrix) Reddit. (https://linuxuserspace.show/reddit) Coming up in this episode 1. Leo got tea in Docker 2. We teach you how to train your Dragon 3. We fly like an eagle 4. Our app pick helps Leo install Mac and Windows Banter - Tea Time, come and Git it. Gitea (https://gitea.com) Garuda Linux Garuda Linux (https://garudalinux.org/) Wikipedia page for Garuda (https://en.wikipedia.org/wiki/Garuda_Linux) Gnome was almost officially dropped (https://forum.garudalinux.org/t/dropping-gnome-for-good/77) The site gets its first revamp. (https://forum.garudalinux.org/t/new-look-for-the-website/140) Calamares gets a facelift (https://forum.garudalinux.org/t/new-calamares-outfit/134) The Ultimate Edition is killed (https://forum.garudalinux.org/t/garuda-linux-release-200726/155) performance-tweaks is introduced (https://forum.garudalinux.org/t/performance-tweaks/194) Wayfire is official (https://forum.garudalinux.org/t/garuda-linux-release-200726/155) Distrowatch Review (https://distrowatch.com/weekly.php?issue=20200921#garuda) 9to5 Linux coverage (https://9to5linux.com/arch-linux-based-garuda-linux-gaming-distro-now-supports-snap-and-flatpak-apps) btrfs subvolume layout's current form is finalized (https://forum.garudalinux.org/t/garuda-linux-golden-eagle-iso-refresh-201022/1051) The iconic Garuda look is added. (https://forum.garudalinux.org/t/garuda-linux-imperial-eagle-201205/1774) Starship shell (https://starship.rs/) Firedragon, Librewolf fork which is a Firefox fork, becomes the default browser. (https://forum.garudalinux.org/t/firedragon-librewolf-fork/5018/163) Chaotic AUR turns three! (https://forum.garudalinux.org/t/chaotic-aur-turns-three-years-old/13502) Site: garudalinux.org formerly garudalinux.in Base System: Arch Desktop Environment: Flagship: Plasma File Manager: Flagship: Dolphin Package Manager: pacman Kernel: Most Up To Date Zen Kernel Display Manager: Flagship: SDDM Display Protocol: Wayland or X11 Project Leaders: Librewish, SGS & Dragonfire Other Team Members (https://garudalinux.org/about.html) Housekeeping mintCast (https://mintcast.org) Email us - contact@linuxuserspace.show Linux User Space Discord Server (https://linuxuserspace.show/discord) Our Matrix room (https://linuxuserspace.show/matrix) Support us at Patreon (https://patreon.com/linuxuserspace) Join us on Telegram (https://linuxuserspace.show/telegram) Follow us on Twitter (https://twitter.com/LinuxUserSpace) Watch us on YouTube (https://linuxuserspace.show/youtube) Or Watch us on Odysee (https://linuxuserspace.show/odysee) Our latest social platform reddit (https://linuxuserspace.show/reddit) Check out our website https://linuxuserspace.show App Focus Quickemu This episode's app: * Quickemu (https://github.com/wimpysworld/quickemu) Next Time With us trying out Garuda Linux for this past month, that means our next show will be topic based. We have a few topics planned for you and all of them will affect you in the Linux User Space. Our next distro to check out is Zorin OS (https://zorin.com/os/) Join us in two weeks when we return to the Linux User Space Stay tuned on Twitter, Telegram, Matrix, Discord, Reddit whatever. Join the conversation. Talk to us, and give us more ideas. We would like to acknowledge our top patrons. Thank you for your support! Contributor Nicholas CubicleNate LiNuXsys666 Jill and Steve WalrusZ sleepyeyesvince Co-Producer Donnie Johnny Producer Bruno John

Late Night Linux
Late Night Linux – Episode 147

Late Night Linux

Play Episode Listen Later Oct 18, 2021 29:08


The pros and cons of tiling window managers, and how we nearly use them. Plus your feedback about Flatpak, Firefox as a Snap, a web-based image editor, starting a FOSS career, and why we have a Telegram group instead of IRC or Matrix.   First Impressions We had a look at Regolith, a modern desktop... Read More

Late Night Linux All Episodes
Late Night Linux – Episode 147

Late Night Linux All Episodes

Play Episode Listen Later Oct 18, 2021 29:08


The pros and cons of tiling window managers, and how we nearly use them. Plus your feedback about Flatpak, Firefox as a Snap, a web-based image editor, starting a FOSS career, and why we have a Telegram group instead of IRC or Matrix.   First Impressions We had a look at Regolith, a modern desktop... Read More

Sustain
Episode 95: Marko Saric of Plausible Analytics, the most popular Open Source analytics platform

Sustain

Play Episode Listen Later Oct 18, 2021 43:26


Guest Marko Saric Panelists Eric Berry | Justin Dorfman | Richard Littauer Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. We hope you are as excited as we are to have as our guest today Marko Saric, who is the Co-Founder of Plausible Analytics, which is an open source and privacy friendly alternative to Google Analytics. If you've never heard about Plausible Analytics, then this is your episode to learn all about it. With over 4,000 subscribers in the past year, Marko tells us what they've done to get people to convert. He also gives us his perspective on how he sees the business surviving in the next ten years, what his future game plan is, and why it's so important that Plausible Analytics is open source. Download this episode now to learn so much more from Marko! [00:01:33] Marko tells us what he does as one of the Co-Founders, how long Plausible Analytics has been around, and how many subscribers they have. [00:03:57] Justin asks Marko how he handles the bots and how much of a threat are they in terms of making sure that they don't mess up someone's expectations in terms of traffic. [00:06:15] We find out how Justin found Marko which was from a blog post he wrote and Justin wonders how this issue has converted people that are so Google dependent in terms of Google Analytics to turn over to a paid service like this, and how the shift has been since he was brought on board. [00:10:25] Eric wonders what's to prevent developers from adding blockers to this system and is there a reason why they would or would not. [00:17:59] Marko tells us how he sees his business surviving in the next ten years, and if he sees any big plans that he is trying to push to make it so there is that harmony between advertisers and the consumers. [00:24:12] Richard wonders what Marko's game plan in twenty-five years, where he wants to go in the future, and how to build a more sustainable web for everyone. [00:27:46] Does Marko see Plausible Analytics staying independent or possibly joining a company? [00:30:40] Justin shares a conspiracy theory about what he thinks Brave is doing to Plausible Analytics and Marko shares his thoughts. [00:32:59] Richard asks Marko why it's important that Plausible is open source. [00:35:29] Marko tells us if he's worried about people taking the code and just running another “Pausable” Analytics as a fork. Quotes [00:13:14] “My thinking is let's try to make the devs better by getting website owners to use better tools for people that use ad blockers - the fact is still that most people don't use ad blockers.” [00:15:01] “There's a huge disconnect between people, like all of us here in the chat and the more kind of normal dev user.” [00:22:04] “If you actually give your vote and say no, or no to this and yes to that, you're actually voting to make a change.” [00:22:14] “That's one of the main Key Performance Indicators these days in companies is how many people are saying yes or no to that little banner we have on our sites.” [00:22:23] “I'm going to take my three seconds to click on options and then scroll down and click on reject because I know that it makes a difference.” [00:24:35] “Yeah, I mean GDPR was a great first step and I think if there can be something similar, but actually just going off to the personal data.” [00:24:48] “Many websites that I visit, the newspapers and so on, they will live from the ads.” [00:25:00] “I understand that there is a need for ads while that is the main monetization method of the web.” [00:26:15] “A few weeks ago, Ethical Ads installed Plausible and they wrote a blog post about it and I was like, “Perfect!” [00:27:19] “You can find people doing studies on their own website, and like personal ads versus contextual ads, they're seeing no difference in terms of effectiveness or in the kind of income they get or the conversion rate or whatever.” [00:27:34] “You can actually do good business, both as a publisher but also as an advertiser, just by talking to people contextually or whatever other way they can find out that's not really necessary as part of surveillance capitalism.” [00:28:45] “We just do our own thing and try to kind of do our own little sustainable business.” [00:33:19] “If you're not open source and you're talking about privacy first you will probably be excluded from the conversation. People will not take you serious.” [00:33:58] “And if you're proprietary, a lot of people with technical knowledge and people really deep into this would not trust us because we're just saying things. We don't know who you are. Why would we trust you?” [00:35:08] “I gotta trust that by being open source and having so many eyeballs on it at least if there some kind of sketchy going on or whatever, somebody will kind of flag it.” [00:35:40] “I was completely new to all this licensed system. I had no idea I was using WordPress and stuff.” [00:36:29] “And I was like, again, I was new to the open since I had no idea that this is how it can work, that they will just upfront come to us and tell us, we don't want to do anything to help you, but can you please do something so it helps us so we can kind of complete video and we have tens of thousands more of audience?” [00:37:47] “And we ended up with AGPL and we felt this was a great kind of license for our own situation.” [00:38:41] “Honestly from our perspective, like if we want to make this a thing that could become sustainable in the future, pay our own bills so we can focus on it full-time and then hopefully make a difference.” [00:39:32] “I know that my Co-Founder says that if you're doing like a database and things for developers, you probably want to be MIT because then other companies can use other projects. But I would say if you're coming from my perspective, as somebody who has to communicate the message and kind of differentiate ourselves and try to compete with what else is on the market, I was like, if you're going to sell to consumers and other businesses, like it's going to be really difficult to survive it in IT.” [00:39:57] “Again, as a beginner there are MIT licenses that have worked very well and they're sustainable, but I just don't know how I would compete with a bigger company.” Spotlight [00:40:31] Eric's spotlight is a newsletter he signed up for called Console.dev. [00:40:54] Justin's spotlight is a great read, “Developer, You May Need a Co-Founder in Marketing,” by Rauno Metsa, Microfounder of MicroFounder. [00:41:30] Richard's spotlight is Andre Greig, a Scottish poet and his book called, Getting Higher: The Complete Mountain Poems. [00:41:44] Marko's spotlights are Linux, Firefox, and WordPress. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) Marko Saric Website (https://markosaric.com/) Marko Saric Twitter (https://twitter.com/markosaric) Plausible (https://plausible.io/) The Plausible Blog (https://plausible.io/blog) Ethical Ads Newsletter July 2021 (https://www.ethicalads.io/blog/2021/08/ethicalads-newsletter-july-2021/) “58% of Hacker News, Reddit and tech-savvy audiences block Google Analytics” by Marko Saric (https://plausible.io/blog/google-analytics-adblockers-missing-data) Console (https://console.dev/) “Developer, You May Need a Co-Founder in Marketing” by Rauno Metsa (https://microfounder.com/blog/cofounder-in-marketing) Getting Higher: The Complete Mountain Poems by Andrew Greig (https://www.amazon.com/Getting-Higher-Complete-Mountain-Poems/dp/1846971926) Linux (https://www.kernel.org/category/about.html) Mozilla Firefox (https://www.mozilla.org/en-US/firefox/new/) WordPress (https://wordpress.org/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Marko Saric.

Firewalls Don't Stop Dragons Podcast
Rough Week for Facebook

Firewalls Don't Stop Dragons Podcast

Play Episode Listen Later Oct 18, 2021 69:57


Facebook had a horrible, no-good, very bad week. Not only did Facebook, Instagram and WhatsApp go completely offline for about six hours, a whistleblower came forward to show the world what most of us already knew: Facebook values money over its users' well being. And I have another story that backs that up, as well - one that you almost surely did not hear about. In other news: the FTC tells app makers to fess up when users private data gets loose; the governor of Missouri wants to sue a newspaper for revealing a horrible security flaw that exposed teachers' social security numbers; Apple's attempts to prevent user tracking on iOS are being undermined by unscrupulous apps; a company that you've never heard of with access to almost all cellular text messages was hacked over the course of five years; the VPN maker and VPN review industries are awash in conflicts of interest; Windows 11 is finally out, but it's not clear if and whether you should upgrade to it; and Firefox is searching for more ways to make money and stay alive, including adding more sponsored search suggestions for you to consider. Article Links FTC says health apps must notify consumers about data breaches — or face fines https://techcrunch.com/2021/09/16/ftc-says-health-apps-must-notify-consumers-if-their-data-is-breached-or-face-fines/ Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/ Investigation Finds Apple App Tracking Rules May Be Ineffective; IDFA Blocked, but Apps Frequently Access Other Identifiers https://www.cpomagazine.com/data-privacy/investigation-finds-apple-app-tracking-rules-may-be-ineffective-idfa-blocked-but-apps-frequently-access-other-identifiers/ Company That Routes Billions of Text Messages Quietly Says It Was Hacked https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked Consolidation of the VPN industry spells trouble for the consumer, https://blog.windscribe.com/consolidation-of-the-vpn-industry-spells-trouble-for-the-consumer-57e638634cf0/Facebook has finally given a reason for the six-hour outage Monday https://www.theverge.com/2021/10/4/22709806/facebook-says-the-six-hour-outage Understanding How Facebook Disappeared from the Internet: https://blog.cloudflare.com/october-2021-facebook-outage/ Facebook bans developer behind Unfollow Everything tool https://www.theverge.com/2021/10/8/22716044/facebook-unfollow-everything-tool-louis-barclay-banned-for-lifeFacebook whistleblower Frances Haugen tells lawmakers that meaningful reform is necessary ‘for our common good' https://www.washingtonpost.com/technology/2021/10/05/facebook-senate-hearing-frances-haugen/ Windows 11 compatibility: Check if your PC meets Microsoft's requirements https://www.cnet.com/tech/computing/windows-11-compatibility-check-if-your-pc-meets-microsofts-requirements/ Firefox Now Sends Your Address Bar Keystrokes to Mozilla https://www.howtogeek.com/760425/firefox-now-sends-your-address-bar-keystrokes-to-mozilla/ BONUS: Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week https://www.zdnet.com/article/trust-but-verify-an-in-depth-analysis-of-expressvpns-terrible-horrible-no-good-very-bad-week/  Further Info National Cybersecurity Awareness Month resources: https://www.cisa.gov/cybersecurity-awareness-month-resources Only two weeks left to snag a challenge coin!! https://firewallsdontstopdragons.com/my-challenge-coins-are-back/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

The Swyx Mixtape
[Weekend Drop] Abhi Aiyer & Ward Peeters: Gatsby 4 and the Jamstack Endgame

The Swyx Mixtape

Play Episode Listen Later Oct 17, 2021 51:01


The following is my conversation with Abhi Aiyer and Ward Peeters, two lead engineers behind Gatsby Cloud and the recently announced Gatsby v4, which is at the forefront of what I think is the most significant change in the Jamstack landscape in the past 2 years.Watch the video version here. Links: Gatsby 4 Netlify DPR My blogpost on Smart Clients vs Smart Servers Timestamps:  [00:00:00] Cold Open  [00:00:28] Swyx Intro  [00:01:59] Call Start  [00:03:07] Gatsby v4  [00:06:23] Incremental Builds  [00:07:16] Cache Invalidation  [00:09:03] Gatsby DSG vs Netlify DPR  [00:09:35] Abandoning Redux for LMDB  [00:11:50] Parallel Queries (PQR)  [00:13:32] Gatsby DSG  [00:15:24] Netlify DPR vs Gatsby DSG  [00:19:19] The End of Jamstack  [00:22:12] Tradeoffs and Performance  [00:24:34] Image Processing  [00:27:25] Automatic DSG  [00:29:33] Gatsby Cloud vs Netlify  [00:33:34] Gatsby vs Next.js  [00:35:41] Gatsby and the Content Mesh  [00:37:19] React 18 and Gatsby  [00:39:45] Custom rendering page fragments with React 18  [00:42:10] Server Components in Limbo  [00:43:33] Smart Servers vs Smart Clients  [00:45:21] Apollo and Open Source Startup Strategy  [00:47:06] TMA: Too Many Acronyms  [00:49:16] Gatsby for Docs  Transcript [00:00:00] Cold Open  [00:00:00] Abhi Aiyer: And so with LMDB in place, right? We have workers that can read and write to LMDB, which allows us to run parallel queries. So PQR was a huge advancement for us. I think we saw up to like 40% reduction in query running time. And build times went down. We had a goal, I think it was like, we'd try to look for at least 20% reduction in build times and I think we hit 26%, so all cool wins, you know? [00:00:28] Swyx Intro  [00:00:28] swyx: The following is my conversation with Abhi Aiyer, and Ward Peeters, two lead engineers behind Gatsby Cloud, and the recently announced Gatsby V4, which is at the forefront of what I think is the most significant change in the JAMstack landscape in the past two years. We discussed how parallel query writing PQR and deferred static generation DSG are achieving 40% faster queries and 300% faster overall builds. [00:00:53] And they did a wonderful job handling the most impolite questions I could think of, including whether it Gatsby Cloud is a Netlify clone or the Gatsby should just be a data layer on top of Next.js and how they're dealing with TMA too many acronyms in web development. This conversation should be viewed together with my past discussions, with Sunil Pai and Misko Hevery in considering the cutting-edge of web development today. Online discussions often present a binary split in that your technical choices either have to optimize for developer experience or user experience. [00:01:25] But I find that it is builders like Abhi and Ward and Misko and Sunil who are constantly trying to improve the experience of developers in building great user experiences by default. I hope you enjoy these long form conversations I'm trying to produce with amazing developers. I still don't have a name for it. [00:01:41] And I still don't know what the plan is. I just know that I really enjoy it. And the feedback from you guys have been really great. So if you like this, share with a friend, if you have other requests for guests, tag them on social media, I basically like to make this a space where passionate builders and doers can talk about their craft and where things are going. [00:01:58] So here's the interview.  [00:01:59] Call Start  [00:01:59] Abhi Aiyer: I'm Abhi Aiyer. I'm a principal engineer at Gatsby. Thanks for having us.  [00:02:05] Ward Peeters: My name is Ward Peeters. I'm a staff software engineer at Gatsby and I'm from Belgium. And I've been working mostly on the open source side.  [00:02:15] Abhi Aiyer: I forgot to say where I'm from. I'm from Los Angeles, you know, Hollywood,  [00:02:21] swyx: I'm actually heading down to LA,  [00:02:22] Abhi Aiyer: in a couple of weeks, there's,  [00:02:24] swyx: I'm going to Kubecon, which is like a very interesting thing for a front end engineer to end up at. But that's where my career has taken me.  [00:02:34] So this conversation started because I had a chat with Sunil, on this podcast that I accidentally launched. I don't think we did Gatsby much, a good favor. [00:02:45] Like we both saw the new updates and I didn't get to say the nice things that I thought about Gatsby. I should also say that I used to have my blog on Gatsby and I no longer do. I used to work at Netlify and I no longer do. There's a lot of history here for me with Gatsby. It's been a while since I caught up, and I'm curious to see or get the latest. [00:03:07] Gatsby v4  [00:03:07] swyx: Maybe we should start off with like a quick summary of what's new with Gatsby with Gatsby V4, right?  [00:03:13] Abhi Aiyer: Is that a good place to start? Yeah, I think so. [00:03:17] swyx: So first of all, I think the marketing was really nice. Gatsby camp, it seems like a really big push and qualitatively very different from Gatsby 3. Tell me about what the behind the scenes was like. [00:03:30] Abhi Aiyer: Yeah, it was, we're getting better at the marketing side of what we're doing these days and Gatsby 4 was a big push. It really changed how we approach the framework as a whole.  [00:03:43] For those who don't know, traditionally Gatsby was a static site generator, purely static. We hold ourselves high on our connections to a content management system. [00:03:55] And we provide a really good data layer there, that takes all those requests that you would normally make to a content manager system, turns them into a, like a store of data that you can then use and query from graph QL. And the big thing that we were hitting before gas before was. Company was growing. [00:04:17] And as more customers were using Gatsby cloud, we started realizing that we couldn't scale to really large sites and large sites is like a misnomer. Like you could be, you could be a 50,000 page site and be considered large given the data that you may have. But we're talking like hundreds of thousands of pages. [00:04:38] And the thing that we kind of realized is not all pages are created equal on your site. Especially the ones from like 20, 15, 20 14, where, you know, no one's looking at that people, those pieces of content, if you're a site with a huge archive of content yeah, you should probably go check Google analytics to see how, you know, how, how many people are actually viewing your pages. [00:05:02] And the way gets me. And we'll get into this a little bit later, but today Gatsby isn't as smart as it should be in what pages should be rebuilt. For example, we're looking at the gatsbyjs.com page right here, but there are other data dependencies. This pure content. Like if you look at the nav bar, there's a whole bunch of items there. [00:05:22] And we have this navbar bar on all of our pages, cause that's what a website has, but the problem with Gatsby today and will be changed in the future is. If I change anything about this nav bar, any page, that depends on the nav bar now has a dependency that needs to be invalidated. [00:05:39] And so now I have a hundred thousand pages with this navbar I have 200,000 pages of this nav bar and I spelled Gastby instead of Gatsby or something, the navbar I made a typo and now I'm paying for. A hundred thousand pages of reload to rebuild. And so we just saw that and that this happens a lot, right? [00:05:57] This is a very small example, but this happens a lot to our customers and building a hundred thousand pages is not necessarily easy thing to do. There's memory requirements that come in. There is, what kind of machine are you doing this thing on? And so we had to figure out a way to scale Gatsby and do things differently. [00:06:15] We were traditionally static and now we're trying to be somewhere in between, you can go dynamic or you could go static and it's up to you.  [00:06:23] Incremental Builds  [00:06:23] swyx: So the new rendering options are SSG, DSG and SSR. Is ISR gone?  [00:06:32] Ward Peeters: Well, that's what Next.js has is doing. And I'm like, wait,  [00:06:36] swyx: we never have guessed. [00:06:38] We had an incremental mode.  [00:06:41] Abhi Aiyer: What do you  [00:06:41] Ward Peeters: call it? Yes. And that's still all statically. So when we do it, we have it in open source where we in V3 we enabled it where we only build HTML what's necessary on cloud. We have a more pumped up version of it where When you get the data change, we only update that page more rapidly than in open source, but still when you change your navbar with what Abhi said, you still have to rebuild everything because all the pages get invalidated. [00:07:09] So incremental builds works for data updates, but not so much for code changes.  [00:07:16] Cache Invalidation  [00:07:16] swyx: Right. Okay. Well, I guess, how do you solve cache invalidation? [00:07:26] Ward Peeters: Well, the thing is that because Gatsby owns the data, like the heads of data layer and a source plugins like WordPress, when we source data and to give us a webhook or, we just go to Wordpress and say like, Hey, what has changed? [00:07:40] Data. I was like, okay, these nodes have changed. Or these pieces, like a poster page has been changed. It gets me knows which node is used where, like, for example, this post is used on this section page. It's used in this article and that's all happening already behind the scenes because graph QL shenanigans. [00:07:59] And that's how we can build incremental builds. So we know, okay. Only these spaces need to be built. And that's also where DSG comes in because as a user, you don't have to care about cache invalidation anymore. Cause it's using the same engine as you were used to with like incremental builds. [00:08:15] When you use SSG and I think that's a major benefit of it, where you as a user, don't really have to care about cache control, because it is difficult to manage on a large scale. Like a lot of corporations just say like every 10 minutes we'll remove the cache because it is difficult to get through when change. [00:08:37] Yeah.   [00:08:39] swyx: That's pretty funny. At Netlify, one of the reasons that we constantly talk about for CDN level caching, like people say like, you know, why don't you just enable CDN level caching and then just have a regular server render. One of Matt Billman points that he always makes is that people always turn it off the moment there's a bug, it's like, oh, schedule, call, and turn it off. [00:09:02] And then don't turn it back on again. [00:09:03] Gatsby DSG vs Netlify DPR  [00:09:03] swyx: Okay. So let's, let's talk about like, DSG. That's the fancy new one and DPR, right? So maybe we should, is there. Yeah, there's a graphic. Okay. All right. This is new. So first of all, like what was the inspiration? What's the backstory I'm always interested in how these things come about. [00:09:21] Abhi Aiyer: I think we were inspired by DPR a lot, you know? But where we saw the benefit of our approach is our data layer, you know, and it took those many steps even before getting to DSG.  [00:09:35] Abandoning Redux for LMDB  [00:09:35] Abhi Aiyer: So it started actually in like Gatsby 3.10. We had to redo Gatsby's node store. [00:09:42] So traditionally we were using Redux to persist all these the data that we get from content management systems. And we had a particular customer who could not even persist the cache, like a Gatsby cache between builds, because they had so much data that it would OOM when they try to persist the cache. Right. [00:10:03] So for them, they were running cold builds for every build. Even if you had like a warm cache or you had your pods, you know, we use Kubernetes. So like, if you have your pods up, you're doing like an hour and a half cold build for everything. You could like change the typo and it'd be an hour and a half. [00:10:19] And so from there we were like, We need to reduce peak memory utilization and Redux is not going to help us there. And so we started looking into alternatives. We looked at SQL Lite, we looked at Reddis and we landed on LMDB, which is, Lightning memory, mapped database manager. [00:10:39] It's like a file system DB, which is really cool for us because one, it's pretty fast. It allows you to, to have like a query interface, which is good. You can store more data than available RAM. So for a site like this customer who pretty much is blowing up this pod on every warm build. To try to even have a warm build, we could actually store their data now, which then unlocked warm builds for them. [00:11:05] So an hour and a half, that went to 25 minutes, which is pretty good for them. now we have this thing, now we call it Gatsby DB internally. And so now Gatsby is node store is in LMDB. And the cool thing about LMDB is it's just comprised of a bunch of files. You have a lock file and database files. [00:11:26] And if you have files, that means you can move files around. They don't have to be in one place, right. They could be in storage, they can be in a serverless function. They could be anywhere you, you really want. Right. And so that was step one was we needed to redo the node store. And we did that and memory utilization from a lot of customers went down. Enough to unlock a simple thing as a warm build.  [00:11:50] Parallel Queries (PQR)  [00:11:50] Abhi Aiyer: So then the second thing that this, these other customers were having was like, wow, it takes so long to query, to run queries. Right. And people have like 25,000, 50,000 queries. And I don't know if they should have those that much, but they do. [00:12:05] Right. They do have that much. And it's a huge part of the build time. Right. A lot of people complained that. You know, Gatsby builds are sometimes slow for large sites and we agree. That's totally true. And so our next foray into like improvement was this thing called parallel queries. Which would allow Gatsby to run chunks of queries at a given time and what PQR in his pool, a diagram of it, you know, query running does take a huge percentage of your builds. [00:12:39] But now we can parallelize that across workers in the Gatsby process. But if you were to do this naively with Redux, like a child process can't write to a JavaScript object in the main process. Right. It's hard to maintain state. There's no easy way to communicate between workers to write state and read it. [00:12:59] And so with LMDB in place, we have workers that can read and write to LMDB, which allows us to run parallel queries. Right. We don't need to do things serially, anymore. So PQR was a huge advancement for us. I think we saw up to like 40% reduction in query running time. And build times went down or we had like a goal, like I think it was like, we'd try to look for at least 20% reduction in build times. [00:13:27] And I think we hit 26%, so all cool wins, you know?  [00:13:32] Gatsby DSG  [00:13:32] Abhi Aiyer: And so then Ward and I, and the team were all just like thinking like, okay, we have LMDB. We've got PQR. Alright, well really we have a Gatsby data layer that can be accessed from anywhere, right? Cause if you can access it from a worker, you can access it in a serverless function cloud run, you know, on your somewhere, anywhere you spin up your own machine and your own office, if you want it well  [00:13:56] swyx: steady coast. [00:13:57] How about that? Like an S3  [00:14:00] Abhi Aiyer: bucket, you put it in an S3 bucket, for sure. You know, like you could put those files there and then retrieve them from wherever you want. And so that's when we started thinking like, okay, we have this information now, what can we do to improve the, the life of our users even more. [00:14:19] And then we started thinking about DPR and like, we saw the approach and we were like, wow, this is exactly what we need, but we have Gatsby's data layer that kind of complicates things, but it's not complicated anymore because we can essentially use the data layer wherever we wants. So I'll let ward kind of go from there on like how DSG came about after these like fundamental pieces. [00:14:42] Ward Peeters: Yeah. So then we looked at like ISR DPR and like what's the difference in both of them. And then we saw like ISR that's where you have a refresh timeout and an hour with, in the latest next, you can also being an endpoint to they're getting validated cache, but it's all manual work. And there were many complaints about it's an index. [00:15:02] It's nothing in Gatsby and they complained about stale data, because what Next.js does is you visit the page and then the next time it will update. So I think it's a refresh or something. Yeah. [00:15:15] swyx: Alright. Alright. We don't have to dig through issues on, on the, on our call, but I just wanted to illustrate the problem.  [00:15:24] Ward Peeters: Yeah.   [00:15:24] Netlify DPR vs Gatsby DSG  [00:15:24] Ward Peeters: And then that's where we took it away and then say, okay, DPR. And then I looked at the spec of DPR, like, okay. Can we use the same name or not? And the problem with DPR was they had Atomic deploys. So every change means blow the whole cache away and do everything new and we were like, what do we have incremental builds from there? We don't want to like invalidate the whole cache. We just want to invalidate the pages that got removed. And there's like a GitHub discussion about it, where I commented as well. [00:15:55] And it felt like they didn't want to change the name. Yep. There you go.  [00:16:04] swyx: So you said to me, DPR, doesn't need to be opinionated about if the file is part of the atomic deploy. Can you reiterate why?  [00:16:13] Ward Peeters: Yeah, the thing is basically because they mentioned like everyday glory needs to blow the cache away and needs to be fresh. [00:16:20] And for me, like it shouldn't be in a spec like DPR should just say you built pieces at build-time and you build those pieces at runtime. That's basically what I was trying to say. And then because we have incremental builds, we only want to invalidate like five pages, even if you use SSG or DSG, we still want to say if you only changed five pages for evil dates to cache for five pages, I couldn't get that from the spec. [00:16:46] I think that's also because Netlify does it their way, which is totally fine, but then that's why we created a new acronym called DPR. And I think it's also probably explains. What we offer as well, a little bit better too, because it's Deferred Static Generation. It's like lazy SSG, something like that, because that's what we do. [00:17:08] Like you can mark a page as defer and that just means we don't do it at build time, but the first time you hit a request. We rebuild it in like a Lambda, I could use Cloud Run, we build it and then we give the response to a user and then also we save it to disk. So from there on, the second request, it's technically an SSG page. [00:17:29] We store it like you have the CDN cache, but we also have it inside our bucket. Like, your S3 buckets or whatever you want to call it.  [00:17:37] Abhi Aiyer: Yeah. We're caching responses, but we're also making that file exist as if it existed at build time. And that's a big distinction for us because what that allows us to do in the future would be like, if nothing changed about the data for the given page, then you don't need to DSG again. [00:17:56] Right. Like if nothing changes for, let's say like there's five builds and build a. Something changed in your data dependencies. So now you have a DSG page and then nothing changed for the next five builds, but a user comes and actually visits that page generates the files. It gets cacheed in our data layer or our files storage layer and on build five because nothing changed. [00:18:24] You're not DSGing. Right. You're not going to go through this process again. And so that's we think is the big thing about DSG.  [00:18:31] Yeah. And then I think the extra piece of it is because the date, like you can say it it's a benefit or or a negative point of Gatsby, like we source all the data at the build time. [00:18:41] So even if your APIs go down, even with DSG, you still go to our local database. So debts will never go down. Cause if like your site is down, your database will be down as well, but you, you're not dependent of other API. So let's say GitHub goes down or X go down and you need to get that data. We have it locally in our database, so you're still good to go through, still keep that resilience. [00:19:06] And the security even that you, you used to have with Gatsby, and I think that's a main benefit of the whole datalayer piece of Gatsby and DSG.  [00:19:17] Yeah.   [00:19:18] swyx: Yeah. Perfect.  [00:19:19] The End of Jamstack  [00:19:19] swyx: So something I always wonder about like, is this basically the last stage of JAMstack like, I feel like we have explored all possible varieties of rendering. [00:19:30] And this is like the end. This is like, this is it right? Like we have all the options.  [00:19:34] Ward Peeters: And now it's mixing them together. It's the next step having been static and on bits of your thesis, SSR. Uh,  [00:19:43] swyx: okay. I'll put it this way. Do you think that JAMstack at the end of the day after this, maybe like five-year journey of like, Hey, like a WordPress sucks. [00:19:53] That's everyone moves to static. Right. And then, and then we found like, oh yeah, static. Doesn't scale, big surprise. We were telling you that from the beginning. And now okay. Right. Hybrid. Is that it, like, it was that the Jamstack movement in like a five year period? [00:20:10] Abhi Aiyer: I think it's a yes or no. Like evolution is like, I think we're, you know, we're all coming full circle and I think in engineering, particularly we do the same thing all the time, every 10 years or something. Right. But where DSG came into play is for use cases that we saw, you know, and our customers still prefer static. [00:20:31] So I know we're talking about DSG. Like it's like a great thing and it is, but a lot of our customers prefer static and it's really up to their use case. If you're a small site out of a bunch of top of funnel page, any lag in anything, right? Cause DST is not like instant, right? Like you're doing a runtime build essentially. [00:20:51] Right? So in some cases it could be, you know, it could, it could be a longer response time than what the standards should be. And we have customers that won't DSG anything because they have essentially, most pages are top of funnel or high traffic that they would rather just wait.They don't mind waiting for the performance that they would want. [00:21:11] But we also have customers that have hundreds of thousands of pages, like there's one customer that has like a company handbook or something where like, you can see every employee. And like, if they like dogs and like, you know what I'm saying? Like, Bio's and stuff. And they have a lot of employees worldwide, and there, they can only like before DSG, they can only build their site once a week. [00:21:33] Cause it takes like 24 hours to build. What, and now with DSG, they don't really care about someone who no, one's going to view their profile. No offense to that person, but no one's viewing the non CEO's profile. So then how they can, like, you know, and there are other people that are important too. I'm sure, but like now they can actually, you know, make changes to their site. [00:21:55] You know, we actually had to work with them to make sure that, you know, they can build. I mean, previous to DSG, they can build like, at some cadence that we don't necessarily support, but we help support that. So, so just looking static is still king when it makes sense. For sure.  [00:22:12] Tradeoffs and Performance  [00:22:12] swyx: I feel like it's a bit scary when you tell people like, okay, you're deferring the build. [00:22:16] And then on the first request, someone's going to build that. It's not going to take that long. Yeah. Right. It's not like it's that bad. I think bottom line is, I think people are very scared whenever you say, like, okay, there's a trade off, but you don't quantify the trade-offs. And then they're like, oh, it's bigger in their mind than it really is. [00:22:37] Ward Peeters: Yeah, I think a big problem with the plugin ecosystem is that it's difficult to, to quantify like what's slow and what's not slow. For example, generating an MDX page is more time-consuming because it has to like get some dependencies make sure that they have bundled together, then use react to render and then render again because it's how the Gatsby plugin, is built right now that takes more time than a simple React renderToString with something. [00:23:07] And I think that's the difficult thing to say like, okay, it's some pages will be instant. Some pages might take a second to build or we'll half a second.  [00:23:18] swyx: Yeah. The important thing is that there are not data dependencies that you're waiting on. Right. That's usually the slowest part fetch all the data upfront and then you store it in a LMDB cache. [00:23:28] And that's written to a serverless function or written to I guess your build process or whatever. And then people can render that whenever which I think is great. Like, it should be fairly fast, like we're talking tens of milliseconds difference between like for first render, right? [00:23:44] Like something like that. Like I think, I think when you quantify, like, okay, we're talking tens of milliseconds, not hundreds of milliseconds and not thousands of seconds that really helps me with. Put these things in perspective.  [00:23:56] Abhi Aiyer: Yeah. But then, you know, people always find a way to screw it up. So say that like, of  [00:24:01] swyx: course. [00:24:01] Yeah. But, but you give a realistic benchmark and then you go like, yeah, for these benchmarks, we tested it like a hundred times or something. The median was this, the P 95 was that. That's it like, I mean, people can't really fault you for not accounting for every use case because no one, no one can, but at least you can give a reasonable basis and say like,  [00:24:22] Abhi Aiyer: there's,  [00:24:23] swyx: there's an up, there's an upper bound to you know, how bad, how the, the, the trade-off like, you know, when, whenever you miss channels, I like to quantify it basically. [00:24:32] Um, that's a good, that's a good idea.  [00:24:34] Image Processing  [00:24:34] Abhi Aiyer: And like, one thing to know for DSG is like, your data may be like available and that's cool that that may not be the long pole, but let's say you have a portfolio site that generates 20 different types of images for every image. Now you're getting into image processing at runtime, you know? [00:24:54] And so there, there are ways to kind of not do this properly. Right. And or like, for example, let's say your homepage, I love this example. Your homepage has links like to every other page on your site,and it's all DSG, right? So you load the homepage and because Gatsby does prefetch for link tags are doing Gatsby link to other pages. [00:25:17] We go and prefetch every page on your site. And essentially you're doing your build at runtime. So we're going to try to prevent these cases from happening, but just natively going through DSG everything is not my recommendation. That's for sure. [00:25:32] Not today. At least not today.  [00:25:35] swyx: so a couple of things on that. So, this Gatsby image point is very interesting. So how does Gatsby image work with DSG? [00:25:42] Abhi Aiyer: So yeah it works how it does it in Gatsby build. currently today Gatsby uses Gatsby-plugin-sharp and the sharp transformers to take one image, turn it into another. [00:25:54] And even in Gatsby cloud, before we implemented parallel image processing, images were like the slowest part of the Gatsby build because a lot of time, a lot of memory, et cetera. And so we solved that problem. And so in the DSG runtime, we do image processing there for a particular page. [00:26:15] So you will have to wait for image processing. If you're image heavy on a DSG page.  [00:26:21] swyx: Which I mean, does that mean that you cannot do a DSG in a serverless function?  [00:26:26] Abhi Aiyer: In a total? We do. We actually do DSG in serverless. And that's totally fine. Like you can do image processing, you know? But like, I would say your mileage may vary given what kind of transformations you have going on, how many images you have, right. [00:26:42] But like you said, there's, trade-offs right. If the page makes sense for it, you know, we have a bunch of examples that do have images and they work great, you know? But I don't know if I go full on portfolio with like a, you know, like a masonry thing where like, there's like tons of images and they have sub images and you have to go, like, I'll be like a carousel of images and stuff that may not be good for your. [00:27:06] I don't know, but the choices, the users, that's, what we're trying to get at is like, we're trying to give as many options. We're going to give guidance and like we're having our own opinions, but you, you can choose to listen or not, or, you know, do your own thing and we should try to support you as much as we can. [00:27:25] Automatic DSG  [00:27:25] swyx: Yeah, you give me some thought about like, having sort of like a browsers list type of API where you can say like, okay, top 100 most visited pages. No, this is not it. You know what I mean? Like, as a handholding for what should be DSG and what should be statically generated you know, plug into my Google analytics, tell me like top hundred pages statically render those, everything else, DSG. [00:27:48] I'm sure you've thought about it. And I think like maybe four years ago, Gatsby and Guess.js had someone in collaboration, which I assume went nowhere. But let me know if there's.  [00:27:59] Ward Peeters: Uh, okay.  [00:28:02] For now. Yeah, because there is a new way to do it because now greet guests, it stored everything in one file. So we have to like sometimes download a five megabyte Jason file to make guess.js work. Mondays switching around that you could make, get smarter to say like a guess for this route. You only need the bit of the JSON file. But we never implemented it. So,  [00:28:26] Abhi Aiyer: yeah. And we have this, so I'm speaking from the Gatsby cloud perspective, but like you're right, Shawn. Like, if you can hook into Google analytics, you'll get the same thing. [00:28:36] But if you host with Gatsby cloud, we know what, what routes coming through our hosting layer. We know what routes for your site. Are the most hit, you know, we know the requests per route. I mean, how much bandwidth you're using, like per route. And so we could be smarter and tell people exactly how. How to DSG, right? How should you DSG and get it done that way, for sure.  [00:29:04] swyx: Okay. So like a, to be, to be complete, uh, typical to be  [00:29:08] Abhi Aiyer: complete, you know, we're still in beta forgets before, so I would say like, maybe like after we launched for, for sure, we'll start adding some sugar on.  [00:29:17] swyx: Got it. So first of all I did, so this was my first time trying out Gatsby Cloud. I, I think it was behind like a signup wall, like a private beta in the past. And I never really gave it a spin, but again, you know, the V4 announcement really got me going and And yeah. I mean, I'm pretty impressed.  [00:29:33] Gatsby Cloud vs Netlify  [00:29:33] swyx: So how much of this, you know, the hard question, right? How much of this is a Netlify clone, what are you doing differently? [00:29:40] Abhi Aiyer: Let's talking about that. How much does like DSG is  [00:29:45] swyx: how much of Gatsby Cloud? Isn't it  [00:29:48] Abhi Aiyer: like? 0%. Ooh, okay. Yeah. Probably 0% of it is a Netlify clone. [00:29:56] swyx: I do like when you provision it, it gives me like a really good set of options. Uh, let's see, uh, you know, connect CMS guests. Netlify does not have that. [00:30:07] Abhi Aiyer: Yeah. I mean, I would, yeah. We're far from an elephant clone Mo multiple weeks. We've built our whole system based on the needs of Gatsby. The way our cloud front end and our back ends talk to our customers, Gatsby Sites is a novel way of doing it. We've exposed that in open source and I think Netlify actually did implement something for external jobs or something with Google pub sub I, I saw that, but everything we do in Gatsby cloud is for Gatsby. We have no other framework that we need to maintain nor care about, sorry. Luke's or whatever. Like we don't care about that. On Gatsby cloud, we've optimized our hosting layer with Fastly to be part of the data. And so if Gatsby changes, Gatsby cloud changes, and if we need to get to be framework to change, it will for Gatsby cloud. So, and we use Google cloud, so we're not on AWS.  [00:31:09] I would say we have the similar features though, and that's a valid point to bring out. [00:31:13] We have, we have functions, right. [00:31:15] We have domains and we don't have a purchasing domains or anything yet, but you know, we have the whole hosting product and everything like that. Yeah.  [00:31:27] swyx: Is that, is that what you would need for Gatsby Cloud to come out of beta? Like. Domains or like what, what, what are you waiting  [00:31:35] Abhi Aiyer: for essentially? Well, Gatsby cloud isn't in beta. [00:31:38] It's like a  [00:31:38] Oh Gatsby v4  [00:31:40] swyx: is in beta [00:31:41] Abhi Aiyer: yeah. V4 it's in beta. Yeah. Sorry. Yeah. Yeah, domain like domain registry and all that stuff is more sugar on top that we'll be probably releasing mid next year. But we're just trying to be I mean, Gatsby cloud, from that perspective, we just want to be at the table with all the other JAMstack providers. [00:31:59] But our edge is if you want to build a Gatsby site the best way, you know, you have our support team, that'll help you. Right. As a customer of ours, you're like our family. The Gatsby family, you know, we're, we'll help. We help our customers. We have great support and everything we do on the platform is for Gatsby and making Gatsby better. [00:32:18] So there's like so many things in the framework that we've improved by having Gatsby cloud. Cause we didn't know all the sites that could exist and not do things nicely or have problems or, you know, because of Gatsby cloud that the framework is getting so much better because we have real users feedback and they have a lot of demands and we like to, you know, fulfill them. Yeah.  [00:32:41] swyx: Okay. Actually I should probably clarify this earlier. How much of what we just talked about is Gatsby Cloud-only? [00:32:48] Abhi Aiyer: Pretty much all of it, DSG, SSR, they're all capable, you know, you can run it locally and stuff. And I know Netlify has a Gatsby plugin as well that will allow you to run DSG and SSR as well. [00:33:03] For those who are not using those platforms, it's like maybe you're using Amplify or whatever. You're going to have to implement this yourself. I don't recommend it though, because it was a pain in the ass to put it together. But yeah, it should work the best on Gatsby cloud.  [00:33:19] Ward Peeters: So technically all of that we building with v4 is in open source. [00:33:22] So you could wire it up all yourself, but why bother if you can use, like Gatsby Cloud. Yeah, you don't have to care about it.  [00:33:34] Gatsby vs Next.js  [00:33:34] swyx: That's true. Okay. So, just on the rendering side of things, right? I made this observation that, Gatsby now has SSR, now has serverless rendering. All the different rendering modes, like this looks very similar to next JS. [00:33:48] Is it possible to basically say like, okay, Gatsby is the data layer and is this the best data layer and most advanced or whatever, because this is basically what Next.js does, right? Like it's a very, very constrained rendering layer. Why can't you, I mean, you know, sunk costs aside. Why can't you be a next JS layer? [00:34:08] Ward Peeters: Well, technically we could now, because they like implemented everything too, like they have SSG, they have ISR, they have SSR and we could technically move the data layer out of, and use it with next. That could be a possibility, but. We've been, we've come so far and I think do already have built this. [00:34:31] And then now they're also parity. I think having two separate ones and having different dev experience, and maybe Next.js is winning now and Gatsby will a win in, in two months or vice versa. I think it's just a healthy balance. Like it's and I think it's the same thing as a browser wars, like everyone is going to Chrome or chromium and then there is still like, Firefox and iOS, but how long will they survive? [00:34:58] And I think just the competition is what you need. And I think that's why a good reason why we keep separate. And also, I don't think that Next.js is for like, merging with Gatsby or like having the like the same.  [00:35:13] swyx: Oh, I think I know Next.js, it be super happy about it, because then they, when they, when the server for reacts you know, role, and then you focus on the data role, right? [00:35:22] Like, uh, Makes sense to me, obviously I'm brushing over a lot of the plugins actually have a rendering portion as well. So how much can you separate those things  [00:35:33] Abhi Aiyer: if in the next. No, this is possible. I don't, I mean, we're not going to like say that it's happening or anything.  [00:35:41] Gatsby and the Content Mesh  [00:35:41] Abhi Aiyer: Like if we look at Gatsby's like, this is how it's set up. [00:35:45] It's, it's what we call the content mesh. You have all these different data warehouses that exist. WordPress Drupal, et cetera, can even be a freaking Google Sheets. You know, like whatever, and we assemble this data layer at build time. And in doing DSG and SSR, we build something called the query engine that allows you to query this LMD B store that has like the manifested data in there. [00:36:13] So. It really opens up the gate for yeah. If you want to use our data layer in a Next.js app, like, I mean, go ahead. Like once we expose this API to our customers then you can essentially have Gatsby data in an iOS app or an Android app react native. Like, it's just an API call at that point. And you know, Gatsby cloud hosts, like a graphical API for you that you can just query your data. [00:36:38] I don't know if any data scientists would care for that. They could add that into Looker or something. You know, like I remember they want to do it like that stuff would be available and it's almost like a content data lake versus, you know, traditional data lake I guess. It's purely for content and you would have the benefits of Gatsby because we normalize and we create structures and you like, the user can customize a schema, however you want. [00:37:05] And then now you can use it on multiple platforms, right? It's not an immediate goal for us to do so. It's a logical next step. Yeah. Yeah.  [00:37:15] swyx: Awesome. Awesome. Cool. Yeah, I, I feel like that's a really good and in depth coverage. [00:37:19] React 18 and Gatsby  [00:37:19] swyx: Maybe let's end off with talking about the future of React 18 and your plans there. First of all, what's happening in react 18. Is it out? Like the plan for the react 18 and published in June? Okay. All right. Let's talk about it. What's what's going on? [00:37:35] Ward Peeters: So, yeah, so we are working closely with the React team and we also in the working group to figure out like, okay, how can we help the team, make it more stable and give it in user hands. [00:37:46] So I think from may or something, we have introduced React 18 as part of Gatsby. So you can now install React 18 alpha. And we just moved to the new rendering mode. So the async mode suspense and all those things were. Like what, what we're planning on, at least when you use Gatsby, like we have page queries and we have static queries and there's a big pain point is static queries, cause it's a graph QL query, but you cannot have any variables, which means you're kind of limited to the unit. And then you have to move everything to page queries going to have to know all the content up front and wait the new async rendering bits of React to get into like a useQuery, because you can yield the rendering of React at any time. [00:38:34] Cause async doesn't mean you have to go like, uh, use Apollo Server to get server data tree or something or other pieces, or you kind of have two have React async mode or React Suspense in SSR and we can all move it to the page components or the components of your reactor. So basically look that you're just recreating an react application and then every async bit like using react-fetch or a useQuery, it all just works. [00:39:02] I think that's where, where we activate in benefits a lot where it's. It just removes a lot of cruft or that you have to do now. It gets you where you have to be in the Gatsby mindset when you're developing and, and you basically go to a, creating a react app and you have a data layer, but I think React 18 opens so many doors with the new cache APIs. It just becomes way smarter and when you look at it from a performance perspective with the whole concurrent mode where inputs gets priority over rendering, it's just going to be way smoother than what they had so far. [00:39:39] Abhi Aiyer: And hopefully people stop complaining about lighthouse scores and stuff. That'll be great.  [00:39:45] Custom rendering page fragments with React 18  [00:39:45] Abhi Aiyer: Another cool thing that React 18 kind of unlocked for Gatsby in particular is a concept of fragments. And so we were talking about that nav bar example earlier with the a hundred thousand pages. And we want to leverage react 18 with like custom renderers so that we can essentially create fragments of a page that had beta dependent. [00:40:07] Because there's no page query or static query anymore. That's just a query. Your navbar component has a query and essentially Gatsby can make that nap bar a navbar fragment and your body has a fragment, or maybe your footer has a fragment. Your sidebar has a fragment. And as data changes incrementally, we only rebuild fragments and our hosting layer, stitches, fragments together. This is an old concept called ESI includes like if everyone did PHP back in the day, like, you know, very familiar with this stuff, like I said, every 10 years, things has come back around and we're going to try to do that. We're going to try to build fragments of pages, stitch them together. So a navbar change doesn't break the bank, you know? But we can only do that once react 18. It's like, you know, fully there. I mean, we could do it now, but like why, when we should just like work off the, the, the work of others.  [00:41:02] swyx: So when you say fragments, are you referring to GraphQL Fragments or, or like  [00:41:06] Abhi Aiyer: Asian fragment might be a, maybe we call it like, you know, today, like an HTML page that has specific. [00:41:13] You know, I like to call him like the rectangles that we all draw around are our websites. Right. They all have independent data isolation. Right. And so these are like what maybe a Gatsby slice of a page or a fragment or some type of include, you know, like in the templating days. Right. And that's what I kind of mean there. [00:41:31] So these includes or templates or whatever you want to call them would be independently built. And then independently stitched at the cache layer. And then, you know, the data dependencies don't cross, and now I'm not building a hundred thousand pages because I misspelled Gasby and it should've been, you know,  [00:41:51] swyx: sounds like it happens a lot,  [00:41:54] Abhi Aiyer: but definitely those,  [00:41:56] Ward Peeters: and it looks a lot like donut caching. [00:41:58] If you're more familiar with that piece, like you have a page where I said parks has a different. Limit and another one. So that's more or less the technical piece out of  [00:42:10] Server Components in Limbo  [00:42:10] swyx: a server components. Anything on any implications on that forgets me?  [00:42:15] Ward Peeters: Not yet. I would say because they're not going to ship it with react 18. [00:42:19] We've been talking about it, but it's still very fresh or very new, like even the React team hasn't, hasn't worked more on it, so they did their demo, but then it's got like a little bit  [00:42:31] swyx: stagnated. Oh my God. [00:42:37] Ward Peeters: All the pieces. Like they need to build all the pieces underneath it to make it work. [00:42:45] swyx: They jumped, they jumped the gun, maybe in announcing I got so excited. I was like, wow. Okay. I can cut my Javascript bundle by 40% and run backend functions in my react component. And then nothing, nothing for 10 months,  [00:43:01] Ward Peeters: because we are super excited about it too. Because when you look at especially marketing sites, like marketing pages or blogs, there's only a small piece of JavaScript that you actually need. [00:43:13] Like maybe you need a bit for your newsletter button or you like something like that. And why. 200 kilobytes of JavaScript could bring technically only need maybe 10, 20 kilobytes. So I think it's static or with like marketing pages. Uh, [00:43:33] Smart Servers vs Smart Clients  [00:43:33] Abhi Aiyer: yeah, so the world was server rendered. Then we went client side rendered. Then we went static rendered. Now we're DSG rendered, and then we're going to go back to server run. So, you know, time just keeps spinning. Partially server.  [00:43:47] swyx: I called it smart server versus smart clients is my term for it. So this is the, I think maybe my, my most recent posts, because I have been trying to write more, but then I keep have having real life get in the way. [00:44:01] But why is traditional, which is server rendered, different from the new server rendered. We have essentially is essentially exactly the same, but there's a thin runtime, which I'll ship the stuff that we send over the wires changes. And we actually doing rendering in the browser, but like partial rendering, maybe I should say. [00:44:20] And yeah. I dunno. I think, I think this is a very interesting exploration. Phoenix live view is also the other one that, that gets a lot of love for this. And then rails is also adopting Hotwire. So, I don't know where this goes. I mean, I, I it's, it seems like we fully explored the smart client space and the smart server revolution is just kind of get, getting going. [00:44:41] Ward Peeters: We're going back to Meteor.  [00:44:44] swyx: Back to meteor, but not so opinionated, I think, you know, I was very excited about meteor. Like when I, when I first started as a web dev, I was like, oh yeah. Okay. Everything is in there. I actually mentioned Meteor here because it had the mini Mongo data store, which was I thought it was just such a great experience. [00:44:59] Did you use.  [00:45:02] Abhi Aiyer: Oh, both my last company, we used meteor for our backend, and then we had to kind of migrate slowly off of it. Cause they were just ahead of their time. You know, now all those concepts. Those are like, those are the concepts of today. Right. And that's the beautiful thing they were  [00:45:19] swyx: just ahead of their time. [00:45:21] Apollo and Open Source Startup Strategy  [00:45:21] swyx: I mean, you know, what they did was they became Apollo. They were just like, oh no, one's no, one's handling all the hard parts of GraphQL. Well,  [00:45:29] Abhi Aiyer: okay. We'll do it. Yeah, good job of that too,  [00:45:33] swyx: which is by the way, like in terms of just honestly, I'm interested in startups, entrepreneurship, uh, you know, we worked so hard in web dev stuff. [00:45:41] A lot of this, we never charge a cent for and something I would like to make money on the smart things that we do in tech.  [00:45:47] Taking an under specified spec, which most of the times is intentionally under specified, and then building all the hard parts around it, is a very interesting formula for success. [00:45:58] So essentially React and under specified framework and Next.js came in and went like, oh, okay, well, we'll build the get initial props that you guys forgot. And great, very successful Gatsby, same thing. And then Apollo and Relay by the way, but, but relay was not a serious company, a company effort. [00:46:19] I mean, Relay is a serious effort. It's not a startup that was like existentially relying on like, uh unsuccess. Whereas was Apollo was like, okay, GraphQL was under specified. There's a reference JS implementation, but no one's building the production quality standard. We'll do it. And then, and yeah, like it's really interesting. Cause as the spec grows or as adoption of the thing grows, you're you grow with it and, you serve the audience and you also capture a lot of the value and you essentially have Facebook working for you in the sense of like, oh, there's the spec maintainers, you know, whatever, whatever the spec is, they're working for you because every time they contribute to the spec, you. [00:47:06] TMA: Too Many Acronyms  [00:47:06] Abhi Aiyer: Yeah, maybe that's what the what's going to happen with DPR. Right?  [00:47:10] swyx: The naming socks, too many, three letter acronyms. I'm sure. Like, look like you and I, and everyone in like the WebDev, like Twitter sphere or whatever, we don't mind new things and like understanding the differences in nuances, but anyone who is like just a regular web dev or just like not web dev, but talking to web devs, they think we're crazy. [00:47:36] This is actually bad. Like it, we look like the nerds, uh, who. Talking about all these minor differences and inventing new acronyms for them. I don't know how to fix it. Jargon is important for specialists to understand in a very short amount of time, the differences between what we referring to. Jargon is important, but we don't do ourselves, our industry a favor when we have all these acronyms and then people just throw them on onto a page or a blogpost or a slide deck. [00:48:05] And then. People would just go like, okay. Yeah, the JS ecosystem  [00:48:09] Abhi Aiyer: is crazy. And you ended up explaining the same thing all the time. Right? Cause you use some acronym. It was funny, like on the way to Gatsby camp, like we had, like all of our release had all of the releases and gas before had the acronym. Yeah, like PQR parallel query, running DSE, SSR, SSG, man. [00:48:26] We were like trying to figure it out. How many more acronyms can we fit to, to get like the, the acronym count up, but it's a serious problem for us too, because our, some of our customers have never used Gatsby before they're coming from a WordPress full on WordPress background and our sales team marketing, we all need to be able to convey like, yeah, this is what it really is. [00:48:45] And this is what it means. And maybe. The acronym sticks after they understand it, but that's a really uphill battle to explain right on the way. So I would love if a community we all got together and like, kind of just understood it. You know, it's kind of like the GraphQL spec have a formal definition for what this is. [00:49:02] Don't be too heavy handed on approach, let people implement however they want to. And then there's just a concept that has different flavors. Yeah. Oh, it's different  [00:49:14] swyx: flavors. Okay. That'd be interesting.  [00:49:16] Gatsby for Docs  [00:49:16] swyx: Is there anything else that we haven't covered that you wanted to shout out?  [00:49:21] Abhi Aiyer: This is fun. I really enjoyed talking to you too.  [00:49:24] swyx: Yeah, I love, uh, I love catching up. Um, uh, Fun fact, we're actually at my workplace. We use Docusaurus right now for our docs. We're actually considering moving to Gatsby. [00:49:35] Nice. Not something I thought I would do this year, but we're, we're running into enough limitations to Docusaurus that we're essentially customizing so much that we don't get much benefit anymore. So maybe a good standard docs implementation. It would be interesting for you guys actually, because a lot of the reason that people pick Docusaurus is basically it has docs in the name and it's got a lot of good defaults for docs, right? [00:50:04] And Gatsby, maybe it doesn't have such a developed theme for docs.  [00:50:07] Ward Peeters: We've mostly pushed people to the Apollo team. Like they have a great, like the whole Apolo site is, or docs site is built with Gatsby and a open source. The building blocks up there. So, or you could start from there and then, oh  [00:50:20] Abhi Aiyer: yeah.  [00:50:23] New Relic is with Gatsby and they're working on something similar too.  [00:50:30] swyx: Awesome. Awesome. Yeah. All right. Cool. Well thanks for those pointers. I'm actually going to go explore them. [00:50:38] Abhi Aiyer: Yeah. If you need any help. Yeah, we'll do.  [00:50:41] swyx: And there's no reason why we shouldn't move to Gatsby cloud, if that makes sense for us as well. Okay. Okay.  [00:50:47] Ward and Abhi,thanks so much, and this is really great chatting, thanks for reaching out. And, yeah, I hope  [00:50:52] Abhi Aiyer: people would try out Gatsby. [00:50:54] Thanks for having us.

Craig Peterson's Tech Talk
How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?

Craig Peterson's Tech Talk

Play Episode Listen Later Oct 15, 2021 84:46


How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man. [00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out. [00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. [00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the. [00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end. [00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user. [00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom. [00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack. [00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%. [00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the. [00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints. [00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right? [00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned. [00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things. [00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running. [00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software. [00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself. [00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock. [00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now. [00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news. [00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in. [00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys. [00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions. [00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out. [00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop. [00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with. [00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around. [00:11:25] We'll [00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message. [00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. [00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall. [00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from. [00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay. [00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know. [00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found. [00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years. [00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff. [00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine. [00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information. [00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay. [00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera. [00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network. [00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised. [00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about. [00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment. [00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured. [00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military. [00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with. [00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this. [00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around. [00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? [00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at. [00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush. [00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state. [00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%. [00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's Microsoft digital defense report, and they're highlighting the trends in the nation state threat cyber activity hybrid workforce security. Disinformation and your internet of things, operational technology and supply chain security. [00:23:35] In other words, the whole gambit before, before all of this, now the data is also showing that the Russian nation state attacks are increasingly effective, calming from about a 21% successful compromise rate last year to 32%. So basically 50% better this year at effectiveness there, Russians are also targeting more government agencies for intelligence gathering. [00:24:10] So that jumped from 3% of their victims last year to 53%. This. And the Russian nation state actors are primarily targeting guests who us, right? The United States, Ukraine and the United Kingdom. Now this is all according to the Microsoft data. So why has Russia been attacking us? Why is China been attacking us and why the change this. [00:24:38] Well, Russia has been attacking us primarily to rent some us it's a cash cow for them just like oil and gas. They are making crazy money. Now that president Biden has made us dependent on foreign oil supplies. It's just insanity and even dependent on. Gas coming from other places. Well guess where the number one source of gases now for Europe and oil it's Russia. [00:25:08] So we are no longer going to be selling to Europe. Russia is so they're going to be making a lot of money off of. But before then they were actually counted on ransomware to help fund the Russian federal government, as well as of course, these Russian oligarchs, these people who are incredibly rich that have a substantial influence on the government. [00:25:33] Don't if you're wondering who they might be, just think of people like, oh, I don't know. Bill gates and, uh, w who are on the, some of the other big guys, you know, Tim cook, uh, Amazon's Jeff bayzos Elon Musk, right? Those are by my definition and looking it up in the dictionary, they are all a. They get exemptions to laws. [00:25:58] They get laws passed that, protect them. In fact, most of regulations actually protect these big companies and hurt small companies. So I would call them oligarchs and that's the same sort of thing in Russia in Russia. Okay. They probably have a little bit more underhanded stuff than these guys here do, but that's what Russia has been. [00:26:21] China has been continually going after our national secrets, national defense, the largest database of DNA of Americans DNA, of course, is that unique key. If you will building block for all of us, that's what DNA is. And the largest database of all of that uniquely identifying information is in. China stole from the office of personnel management records of a federal employees, their secret clearance, all of their background check information who was spoken with, what did they have to say? [00:27:03] And on and on. So China has been interested in infiltrating our businesses that provide things to the military and the military themselves and the federal state, and even the local governments that's who they've been targeting. And that's why there's 8% number might seem small. Although, as I just mentioned this year, Russia moved, moved dramatically. [00:27:30] They used to be about 3% of their attacks or against the government agencies. And now it's 53%. So Russia. And China are going after our national secrets and they can use them in a cold war, which as I've said, I think the first shots of the third world war have been fired. And frankly, they're all cyber, it's all online and Russia. [00:27:57] Isn't the only nation state actor who's changing its approaches here as espionage is the most common goal amongst all nation state groups as of this year. Tivity of hackers reveals different motivations in Iran, which quadrupled its targeting of Israel. Surprise, surprise. Over the last year. And Iran has been launching destructive attacks, things that will destroy power, power plants, et cetera, and North Korea, which is targeting cryptocurrency companies for profit. [00:28:29] So they're stealing these various crypto coins again, funding their government. So it's, it's a problem. Absolute problem. Government sectors are some of the most targeted 48%. These NGOs non-government organizations that act kind of a quasi government functions and think tanks are 31%. Uh, and Microsoft, by the way, has been alerting customers of nation, state attack, attack attempts. [00:29:01] Guess how many this year that they had to warn about 20,500 times in the past three years. So that's a lot and Microsoft is not a company that's been out there at the front lines. It never has been it's in behind. So to have them come out and say, this is. And okay, by the way, your stolen username and password run for a buck per thousand, and it's only gonna take you hundreds of hours to get it all cleared up. [00:29:32] Isn't that nice spear fishing for a hire can cost a hundred to a thousand dollars per successful account takeover and denial of service attacks are cheap from protected sites, roughly $300. Per month. And if you want to be ransomware king, it's only going to cost you 66 bucks upfront 30% of the profit. [00:29:54] Okay. Craziness. Hey, visit me online. Sign up Craig, peter.com/subscribe. [00:30:03] I had an interesting mastermind meeting this week. There's six of us. We're all business owners and it opened my eyes pretty dramatically because one of the members got hacked, but that's not what I really want to emphasize. [00:30:20] This whole cybersecurity thing gets pretty complicated, pretty quickly. And a friend of mine who is in one of my mastermind groups had a real problem. And the here's here's what went on. We'll call him Walt for back of a letter, lack of a better name since that is his name. [00:30:40] And he doesn't mind me sharing this with you. Walt has a very small business that he and his wife run, and they have a couple of contractors that help out with some things, but his business is very reliant on advertising and primarily what he does is Facebook advertising. Now I've been talking for two years, I think in this mastermind group about cyber security and the fact that everyone needs good cyber security. [00:31:13] And he always just kind of pole hum to, uh, wow. You know, and it's just too complicated for me. I got to thinking for a, you know, a bit, really a few weeks, what does he mean to complicated? Cause there's some basic things you can do. So this week on Tuesday, I was on our mastermind groups meeting and I explained, okay, so here's what happened to Walt. [00:31:42] He had $40,000 stolen, which by the way, it's a lot of money for a teeny tiny husband wife company. And. Uh, well, here's what we did. He, we helped them. We got the FBI involved and, you know, with our direct ties, cause we work with them on certain types of cases and he got back every dime, which is just totally unheard of. [00:32:06] But um, without going into all of the details there, I spent a problem. 1520 minutes with the whole group and the mastermind explaining the basics of cyber security. And that really kind of woke me up, frankly, because of their responses. Now these are all small business owners and so they're making pretty decent money. [00:32:31] In fact, every one of them and they all have some contractors and some employees all except for Walt and his wife, they had just have contractors and. I had two completely different responses from two members of this group that no. Let me tell you this was really eye opening for me. And this is why you might've heard me in the first segment talking about this, but this is why I have really changed my view of this stuff, this cybersecurity stuff, because I explained. [00:33:08] If you're using things like Norton antivirus or McAfee, antivirus, or really any of them, even the built-in Microsoft defender this year, those standard antivirus system. I have only been able to catch about 30% of the malware out there, 30%, you know, that's like having a house and you've got a security guard posted out front. [00:33:39] He's armed, he's ready to fight. And yet all of your windows are open and all of your doors are unlocked. And all someone has to do is crawl in the side window because that guy that's posted up front, he's not going to be able to stop. So 30% effectiveness. And of course, Walt had all of the basic stuff. [00:33:59] He thought he was good enough. It's not worth spending time or money doing any of this. And of course it turned out to be well worth the time and money if he had done it. But he has a friend who has contacts and, and made things happen for him. So I guess he's kind of, kind of lucky in that regard, but I explained that and I said, do you know the, the way you. [00:34:21] To go. If you're a small business, it's about $997 a month for a small business, with a handful of employees to get the type of security you really need. There's going to catch. 90 something 98%. Maybe if, if things go well of the stuff going on, in other words, you don't just have an armed guard at the front door. [00:34:46] You've got all the windows closed and blocked and the doors closed and locked as well. So yeah, somebody can still get in, but they got to really want to get in and risk getting caught. So that's kind of the analogy that I used now. One of the members of my. Of my mastermind thought, well, okay. Cause you're just being Frank with me. [00:35:09] Right? We're all friends. She said, well, initially I thought, oh Craig, I'm going to have to have you help out with stuff here. Cause my, you know, I'm concerned about my security. I make some good money. Uh, she's the one that has employee. She has a million dollar plus a year business and she wants to keep it safe. [00:35:26] But then she. Uh, you know, but, but you know, you were talking about all of this Norton and stuff and that it doesn't work. So I, I just, I don't have any hope. And that's when the another member jumped in and this other member said, well, Uh, oh, that's not what I got at all. I got the, the normal off the shelf stuff that you buy that you're going to get from Amazon, or you're going to get from PC connection or wherever that stuff is not going to work, but there is stuff that does, but it's only professional stuff. [00:36:02] You can only get it from professionals that are trained in certified. Which is the right message. Right. That was the message I was trying to relay. Yeah. Don't try and do it yourself because you can't even get the right tools that you need. That is frankly a problem. So that really got me to think. In, in a very big way, because here are two people that have heard me talk about cybersecurity and their eyes probably glazed over, but now their eyes, I know at least one of these ladies definitely glazed over. [00:36:36] So I've come to the realization that sometimes I. A little too deep into things. And although I can explain it quite well to many people, sometimes people glaze over and I get emails from you guys saying kind of the same thing. I really appreciate it. I don't understand a lot of what you're saying, Craig, but thanks for being there. [00:36:59] Listen to you every week here on the radio. Uh, then that's good. That's reassuring, but now I've come to realize a few things. One is. The I've got to be a lot clearer in my messaging, because even when talking to my friends, it is a little bit overwhelming for them sometimes. Right. And then the next thing is everybody needs help because you're being lied to. [00:37:29] Right. How are people getting ransomware? If the stuff that they're buying work. Maybe it's just me, but I think there's a disconnect there. So a lot of you guys have gone out and you've hired people and I want to spend just a few minutes right now, going through some red flags that you need to be looking out for in vendor security assessment. [00:37:56] Now I'm putting one together. As well, right yet another one. Uh, and what I'm trying to do is help you out, right? This is not as sales tool. It is trying to help you figure out where you're at. I'm putting together a webinar that I'm going to be holding these what I'm calling bootcamps, where I go through and show you exactly how to do the basic steps that you need to do in order to be safe on. [00:38:25] Okay. If an online, all that means is your, is plugged in, right. Okay. It doesn't mean you're going out and doing a lot of stuff out there on the internet just means it's connected. So those are going to be coming out. I will send an email out as soon as all of that. Stuff's ready. Cause. Absolutely free. And these assessments, I have the basic one that you can do yourself. [00:38:47] It's a self-assessment. And then I have the more advanced ones that I do that are five grand. Okay. So you've got to be a decent sized business for this to make sense where we look for all of the security problem. On all of your computers and your networks, and then give you a list of things you need to do and how to do them. [00:39:10] Okay. So it's well worth it for them, but if you're a very small company and you're trying to do some of this yourself, I want to help you. So that's what these boot camps are going to be all over. And also what the scorecard is going to be all about. So that's coming up, but here are some good red flags and an assessment. [00:39:30] I found this again on dark reading. This is kind of an insider website for those of us in the cybersecurity business, but, um, How can you verify the information that vendors are giving you about their own cybersecurity posture? We've heard in the news and I've talked about them all year, this year, and for years past. [00:39:56] That are we're vendors can be our worst nightmare because some of these hacks come in through our vendors. So you've got yourself, a cybersecurity company. How do you know if they are really telling you the truth? And man, is that hard for you to know? Right. You're going to ask him questions and the salesmen are going to say, oh yeah, yeah, yeah. [00:40:21] That's why we don't have salesmen. Right. We have engineers. You talk to me, you might talk to my son or my daughter, people who have been doing this with me, who I have trained and helped out. So this guy who wrote the article and there's this on attributed, I don't see an attribution on here on this page. [00:40:41] I definitely want to give him, probably I heard is John Babinec wrote this thing and he is a principle threat hunters. What he calls himself over at net and rich. So he says, here's what you got to do. And if you're trying to be cost-effective, he puts it in. What I call an ed month clause. And one of these days I'll tell you that story, but he calls it a validity check question so that an honest vendor would tell you, no, they don't do X and give you a good reason why they don't like it's not cost effective. [00:41:17] It's outside of a reasonable risk model. Does that make sense to you? So when you're trying to evaluate a vendor, who's going to be doing your cyber security put in one of these validity checks put in one of these questions. It doesn't really matter to you, but it's something that would be very hard for one of these cybersecurity companies to do. [00:41:42] And maybe it doesn't fit the risk model that you have. I think it's just absolutely brilliant. Probably one of the better ways when you're trying to evaluate an MSSP as cybersecurity managed or otherwise provider stick in something like that. So you have a red flag that just stands out for you. All right. [00:42:04] Make sure you are registered online. Craig Peter sohn.com/subscribe. So you can find out about all of these trainings coming up. [00:42:17] If you've never heard of the Carrington event, I really hope, frankly, I really, really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the Sun. [00:42:34] Solar storms are something that happens really kind of all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle. [00:42:59] You see what happens is that the sun charges, the atmosphere. You see that if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and kind of getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. [00:43:24] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the battle. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago. [00:43:47] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are. [00:44:20] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change. [00:44:49] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth, long, long. [00:45:15] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. If there's other things too, for instance, eruption can spew all to hold a lot of carbon dioxide. [00:45:40] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, uh, you know, come on, people. Really, and now we're seeing that in, uh, this last year we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls. [00:46:12] Uh, we also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020. [00:46:34] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Well, something called a coronal mass ejection. This is seriously charged particles. That tend to be very, very directional. So when, when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere. [00:47:02] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very, very close shave that we had most newspapers didn't mention it, but this could have been. [00:47:33] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these, these solar flares, if you will, are very, very extreme, they CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere. [00:48:02] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this call back, uh, hit with an E and yeah, here we go. And March 13th, 1989. [00:48:33] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is, uh, looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes. [00:48:57] Of this solar storm. Now they, these storms that I said are quite directional, depending on where it hits and when it hits things can get very, very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cue. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the equals. [00:49:35] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this, this 11 year cycle and possibly another bigger cycle too, that we don't really know much about. [00:50:07] But when this hit us back in the 1850s, what we saw was a, uh, a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that. [00:50:34] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here, knocked out Quebec, uh, electric. Nine hour blackout on Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale. [00:51:13] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that that would be just terrible and we would also lose internet connectivity. [00:51:39] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. [00:52:07] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass. [00:52:32] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. [00:52:59] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared, everything. Of course, you're listening to Craig Peterson, cybersecurity strategist. [00:53:28] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes. [00:53:39] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go. [00:53:55] Google's web browser. Right? It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people kind of leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really, really bad and they have finally completely and totally shot it in the head. [00:54:29] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded. [00:54:52] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome. [00:55:22] Is they released it so they could track you, how does Google make its money? Well, it makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is kind of a standard browser, which is a great. [00:55:43] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. Well, there is what is being called here in Forbes magazine, a shocking new tracking admission from. [00:56:05] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. [00:56:31] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use. The reality is the Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your. [00:57:09] Well, that's not true with Chrome. In fact, it's not protecting you from tracking and Dave up data harvesting. And what Google has done is they've said, okay, well, we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically. [00:57:34] You they'd be able to put you in a bucket. So they'd say, okay, well you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you like dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you. [00:58:04] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. Well, it's the same thing. Right. And in fact, it's easier for Google to put you in a bucket then to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. [00:58:28] It's easier for them to not have to kind of reverse engineer all of the data the Google has gathered in instead of. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding. [00:58:54] It's really what's going on out there. Uh, they are trying to figure out what they should do, why they should do it, how they should do it, but it's, it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time. [00:59:16] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, right. Nobody agrees on everything. Here's a quote from them. [00:59:38] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Uh, Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being. [01:00:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No, no. The answer is 100% of what you do is probably being tracked in some way online. [01:00:41] Even these VPN servers and systems that say that they don't do log. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking, uh, guess what they handed over the IP addresses of some of the users to a foreign government. [01:01:10] So how can you do that? If you're not logging, if you're not tracking. Yeah, right. They are. And the same thing is true for every paid VPN service I can think of. Right. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy and. [01:01:38] Their flagship browser is totally into it. Right? Well, it's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, you know, the buckets that I mentioned, isn't realistic, frankly. Uh, Google's privacy sandbox is supposed to Fitbit fix it. [01:02:00] I should say. The, the whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google's not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others. [01:02:27] I do use Firefox and I use. Which is a fast web browser, that some pretty good shape. Hey, if you sign up for my show's weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using. [01:02:52] Sign up right now. Craig peterson.com. [01:02:57] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers again. [01:03:14] The reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering. [01:03:23] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time. [01:03:51] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are. [01:04:17] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or a windows or tablet, whatever, and you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files. [01:04:47] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that. Not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can, we can document that pretty easily, even in things like Microsoft. [01:05:18] Well, the verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you, uh, yeah. I'm I'm I might've misspoken. Right. Uh, let me see, what does it say? It says, um, users of Azure cloud competing service. [01:05:48] So that's their cloud. Microsoft's big cloud. Okay. Um, their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that sort of exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customers data. [01:06:24] Completely exposed. Okay guys. So this, this, this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, right. Nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB. [01:06:59] Okay. Well, I'm actually familiar with that one and let's see what small companies let's see here. Um, some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Hmm. Let me see. Could any of these people like maybe, maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, right. [01:07:26] About our health and social security numbers and account numbers and credit cards. Names addresses. Right, right. That's again, why I got so upset when these places absolutely insist on taking my social security number, right? It, it, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security. [01:07:53] And the law even said it could not be used for anything other than social security. And then the government started expanding it. Right. And the IRS started using it. To track all of our income and you know, that's one thing right there, the government computers, they gotta be secure. Right. All of these breaches we hear about that. [01:08:12] Can't be true. Uh, so how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead. [01:08:36] That's being used to track me. Is it this isn't a socialist country like China is, or the Soviet union was right. It's not socially. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information? [01:09:00] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, I guess. You missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private. [01:09:35] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? [01:09:54] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database, uh, 3,300 customers looks like some of them are actually kind of big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that that might be yeah, yeah, yeah, yeah. [01:10:22] Y. Why are we trusting these companies? You know it, if you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also, if, if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. [01:10:52] Does that make sense too? Did I say that right? You don't need the information and, and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers. [01:11:16] And maybe, maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Um, yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through, uh, this database hack or a vulnerability anyways. [01:11:47] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time, uh, consumers are the people I help the most, you know, I wish I got a dime for every time I answered a question. [01:12:09] Just email me@craigpeterson.com me@craigpeterson.com and stick around. [01:12:18] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. Uh, there are some other parts of the world that are doing a lot more. [01:12:34] Australia has, I don't know. I think that they went over the deep end. The much, the same thing is true right next door to them. [01:12:45] And I am looking at a report of what they are doing with this new app. Uh, you might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. Uh, it wasn't terribly successful. Some states put some things in place. [01:13:13] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? So, you know, good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown. [01:13:39] They have COVID quarantine orders. Now I think if you are sick, you should stay on. I've always felt that I, you know, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home. [01:14:04] You don't want to get everybody else in the office, sick and spread things around. Right. Doesn't that just kind of make sense. Well, they now in Australia, don't trust people to stay home, to get moving. Remember China, they were, they were taking welders and we're going into apartments in anybody that tested positive. [01:14:22] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada. [01:14:47] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the course now inflated prices for the hotel, because they're a special quarantine hotel. [01:15:14] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you know, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you and. They have pretty hefty find. [01:15:36] Well, what Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location. [01:16:15] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check. [01:16:43] Very very intrusive. Okay. Here's another one. This is a, an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic. [01:17:10] So there you go. People nothing to worry about. It's just a trial. Uh, it will go away. Uh, just like, uh, for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. Right. And we all know that world war one isn't over yet. [01:17:34] Right. So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has, uh, China and Russia have some interesting things going on. [01:17:55] First of all, Russia is no longer saw. Country, they kind of are. They kind of aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics. [01:18:23] Not so much on history, not so much on, on politics. Right. But definitely heavy on the, on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. Well, according to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays. [01:1

44BITS 팟캐스트 - 클라우드, 개발, 가젯
44bits 팟캐스트 126.log : 도커 서울 밋업 종료, 파이어폭스 사용자 감소, 스택오버플로 2021 설문조사

44BITS 팟캐스트 - 클라우드, 개발, 가젯

Play Episode Listen Later Oct 14, 2021 74:04


44bits 팟캐스트 126번째 로그에서는 도커 서울 밋업 종료, 파이어폭스 사용자 감소, 스택오버플로 2021 설문조사에 대해서 이야기를 나누었습니다. 참가자: @nacyo_t, @raccoonyy, @outsideris, @ecleya 정기 후원 - 44bits podcast are creating 프로그래머들의 팟캐스트 녹음일 8월 6일, 공개일 10월 14일 쇼노트: https://stdout.fm/126/ 주제별 바로 듣기 00:00 시작 03:15 쿠버네티스 동양북스 신간 05:57 Docker Seoul Meetup 종료 10:07 Dockerfile heardoc 지원 24:21 스택오버플로 2021 설문조사 결과 57:59 Firefox 사용자 감소 01:04:11 RenderingNG 쇼노트 Dockerfile heardoc 지원 Engineering Update: BuildKit 0.9 and Docker Buildx 0.6 Releases - Docker Blog 스택오버플로 2021 설문조사 결과 Stack Overflow Developer Survey 2021 - Stack Overflow 스택오버플로우의 개발자 설문조사 2021 - GeekNews Firefox 사용자 감소 Firefox Public Data Report RenderingNG Chromium이 발표한 RenderingNG가 무엇인가? - NHN Cloud Meetup

Linux Weekly Daily Wednesday
LWDW 296: Voicemeeter Banana For Linux

Linux Weekly Daily Wednesday

Play Episode Listen Later Oct 13, 2021 50:11


Firefox launches Suggest, Debian 11 gets a point release, a Voicemeeter Banana alternative for Pulseaudio, and the best part of Windows 11 is Windows Subsystem for Linux.

SGGQA Podcast – SomeGadgetGuy
#SGGQA 224: Pixel 6 Leaks, FireFox Ads, Steam Deck Teardown, and SPOOKY Movies!

SGGQA Podcast – SomeGadgetGuy

Play Episode Listen Later Oct 12, 2021


I’m back from a gnarly head cold. I feel like I’m at 85%, but I miss chatting with all you geeks! Breaking down some Pixel 6 leaks. Following up on the Apple vs Epic lawsuit. Firefox is adding contextual ads to the search bar. YouTube kills the Rewind. Steam published a tear down of the … Continue reading "#SGGQA 224: Pixel 6 Leaks, FireFox Ads, Steam Deck Teardown, and SPOOKY Movies!"

Late Night Linux All Episodes
Late Night Linux – Episode 146

Late Night Linux All Episodes

Play Episode Listen Later Oct 12, 2021 29:43


Mozilla disappoints again, a beacon of hope in the mobile world, whether the future of the Internet really is a dystopian nightmare, and the usual KDE goodness in the Korner.   News Fairphone 4 review 10 Year Smartphone Firefox's address bar has ads now, but you can disable them News from Firefox Focus and Firefox... Read More

Late Night Linux
Late Night Linux – Episode 146

Late Night Linux

Play Episode Listen Later Oct 12, 2021 29:43


Mozilla disappoints again, a beacon of hope in the mobile world, whether the future of the Internet really is a dystopian nightmare, and the usual KDE goodness in the Korner.   News Fairphone 4 review 10 Year Smartphone Firefox's address bar has ads now, but you can disable them News from Firefox Focus and Firefox... Read More

Destination Linux
247: Is Firefox Slowly Dying? Can Mozilla Save It?

Destination Linux

Play Episode Listen Later Oct 11, 2021 63:10


This week's episode of Destination Linux, we're going to discuss the topic of Mozilla Firefox and whether we can stop it's continued decline. Then we're going to discuss the literal game changer, and the device that has everyone looking at Linux in a big way. Yes, its Steamy news about the Steam Deck, and there […]

Linux User Space
Episode 2:08: I'mma Snap on You

Linux User Space

Play Episode Listen Later Oct 11, 2021 83:20


0:00 Cold Open 1:51 Preview 2:26 Beta Banter 16:00 Packaging Discussion 41:33 Snapzilla Watch 58:23 Firefox Suggest 1:01:28 Bing Me Up, Scotty 1:07:29 Housekeeping 1:11:24 Extension Focus 1:18:59 Next Time (Garuda!) 1:20:02 Thank you! 1:20:58 Stinger Coming up in this episode 1. Beta Banter 2. Hybrid Packaging Feedback 3. Snapzilla watch From the thumb California Games (https://en.wikipedia.org/wiki/California_Games) Banter - Beta to the Max Ubuntu 21.10 Beta (Now RC) (https://discourse.ubuntu.com/t/impish-indri-release-schedule/18540) edit doh! Dan gets dates wrong, 10/14 is the proposed release date. Fedora 35 Beta (https://fedoramagazine.org/announcing-fedora-35-beta/) MX Linux RC (https://mxlinux.org/blog/mx-21-release-candidate-1-now-available-for-testing-purposes/) Distro Packaging vs Snap/Flatpak Drew Devault, Original post from 2019 (https://drewdevault.com/2019/12/09/Developers-shouldnt-distribute.html) New post in September (https://drewdevault.com/2021/09/27/Let-distros-do-their-job.html) Mozilla Watch, Snap Watch, Snapzilla Watch?! Ubuntu to switch to snap of Firefox (https://discourse.ubuntu.com/t/feature-freeze-exception-seeding-the-official-firefox-snap-in-ubuntu-desktop/24210) Firefox Suggest (https://blog.mozilla.org/en/products/firefox/firefox-news/firefox-suggest/) Firefox Tests Bing on the 1% (https://www.ghacks.net/2021/09/17/firefox-experiment-is-testing-bing-as-the-default-search-engine/) Brave search (https://brave.com/search/) Firefox 93 Out, too! (https://www.zdnet.com/article/firefox-93-arrives-with-tab-unloading-insecure-download-blocks-and-enforced-referrer-trim/) Housekeeping Linux Cast podcast (https://anchor.fm/thelinuxcast) Linux Cast YouTube (https://www.youtube.com/c/TheLinuxCast) NEW Reddit subreddit - https://reddit.com/r/LinuxUserSpace/ Email us - contact@linuxuserspace.show Linux User Space Discord Server (https://linuxuserspace.show/discord) Our Matrix room (https://linuxuserspace.show/matrix) Support us at Patreon (https://patreon.com/linuxuserspace) Join us on Telegram (https://linuxuserspace.show/telegram) Follow us on Twitter (https://twitter.com/LinuxUserSpace) Watch us on YouTube (https://linuxuserspace.show/youtube) Or Watch us on Odysee (https://linuxuserspace.show/odysee) Check out our website https://linuxuserspace.show App Focus Firefox Multi-Account Containers This episode's app: * Firefox Multi-Account Containers. (https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/) Next Time We wrap up our thoughts on Garuda Linux. Garuda Linux (https://garudalinux.org) Join us in two weeks when we return to the Linux User Space Stay tuned on Twitter, Telegram, Matrix, Discord whatever. Give us your suggestions on our new subreddit r/LinuxUserSpace Join the conversation. Talk to us, and give us more ideas. We would like to acknowledge our top patrons. Thank you for your support! Contributor Nicholas CubicleNate LiNuXsys666 Jill and Steve Co-Producer Donnie Johnny Producer Bruno John

SOVRYN TECH
Sovryn Shorts: ”The Firefox Problem”

SOVRYN TECH

Play Episode Listen Later Oct 10, 2021 20:55


It's time for Sovryn Shorts! Quick takes on the quick breaks in the news cycle, and sometimes even reviews! If you can't get enough of Dr. Brian Sovryn, these hot shots are for you! In this episode, the Man of Tomorrow discusses the latest from Mozilla Firefox in v 93...ads in your freaking address bar! Don't fire up your "what-about-ism" yet until your hear what he thinks! Sovryn Shorts is on!   SHOW NOTES: --"Firefox's address bar has ads now, but you can disable them" Link: https://bit.ly/3iMFYrS    APPENDIX & SPONSORS: --”Sovryn Tech Polytechnic Telegram Group” Link: https://bit.ly/2vrgcnr --”The Sovryn Tech Amazon Wishlist” Link: http://wishlist.sovryntech.com --”Listen to Free Talk Live” Link: https://www.freetalklive.com --”Use Fastmail!” Link: https://fastmail.sovryntech.com --”Use Booking.com and Earn $25!” Link: https://booking.sovryntech.com --"Buy the Insurgo PrivacyBeast X230!” Link: http://bit.ly/2GoFjdj --"Surveillance Self-Defense" Link: https://ssd.eff.org/ --"RetroShare" Link: http://retroshare.net/ --“Books of Liberty” Link: http://booksofliberty.com/ --"Dark Android: 2017 Edition" Link: http://darkandroid.info --”Sovryn Universe, Vol. 1” Link: https://amzn.to/2MrvfEy ------------------------------------------------------------------------- Donate with BTC: 3GYKVWkVE6iAYEnExfiNfCHJkSDFYWEs43 Donate with CashApp: $sovryntech Donate with Venmo: @bsovryn You can e-mail the show at: questions@sovryntech.com ------------------------------------------------------------------------- https://t.me/joinchat/Amg5yBMU608MIsbOSa3wew http://sovryntech.com

This Week in Linux
171: Android 12, Linux on Apple M1, RHEL, Twitch Leak, Sony, Fairphone 4 | This Week in Linux

This Week in Linux

Play Episode Listen Later Oct 10, 2021 41:27


On this episode of This Week in Linux, Google has released Android 12 and Desktop Linux is working on Apple M1 Mac thanks to Asahi Linux. Mozilla has announced the release of Firefox 93. In the Enterprise Linux world, Red Hat Enterprise Linux 8.5 Beta is out, CERN Reveals their opinion of CentOS Stream and […]

Computer Talk with TAB
Computer Talk 10/9/21 Hr 1

Computer Talk with TAB

Play Episode Listen Later Oct 9, 2021 34:38


Your SMS txts may have been read by hackers for 5 years!, Facebook outage – they locked themselves out of their systems, Firefox has built in paid search into the browser, Setting up a Website, HP update the BIOS?, Facebook bands Unfollow-everything developer, Dead Printer, Facebook outage my phone is listening how do I stop it? See omnystudio.com/listener for privacy information.

Remote Ruby
Propshaft, Engines, and Turbo | Uh This Isn't a Car Repair Podcast

Remote Ruby

Play Episode Listen Later Oct 8, 2021 48:04


[00:00:50] The guys chat about the new release of Turbo 7.0.1.[00:01:46] Chris tells us how he moved all of the GoRails, CSS, and JavaScript from Webpacker into CSS and JS bundling, and it went pretty smooth except for something dumb he did. [00:04:50] Propshaft is brought up and we learn what it does.  [00:08:44] Why do we need the hashes at the end? Andrew explains why it's all about caching. [00:11:08] Ryan Bates is mentioned since he commented on the Propshaft repo. Also, Ryan, if you are listening, we would love for you to be a guest on our show!  ☺[00:12:39] Hotwire is the topic here, and although it's been released, but not officially, Chris tells us some things that are noteworthy. Jason tells us more about the Stimulus 3 stuff and the ability to the callbacks on targets.[00:20:33] Chris shares something that happened when he was looking at fixing a few things with madmin.[00:24:41] Chris asks the guys if they've ever gone into the weeds on engines and initializers in them and all the different callbacks. [00:30:22] Andrew fills us in on what his experience has been like working with Engines in the past month and Chris tells us what his approach for Jumpstart Pro has been.[00:35:33] We hear a story from Chris when he was learning Rails, and he mentions using Lockbox.[00:38:46] Chris wonders if the guys started a PR for Rails 7, and Andrew tells us how it's going. [00:41:30] Since Jason is a Safari user, Chris wonders if he has run into the bug where the CSRF token or the hidden fields can get overridden by Safari and the guys chat about it. [00:45:52] Jason really wanted to talk about Phoenix LiveView because he read a bunch about it and he's super interested in it, but he's saving it for the next episode. Panelists:Jason CharnesChris OliverAndrew MasonSponsor:HoneybadgerLinks:Ruby Radar NewsletterRuby Radar TwitterTurbo 7.0.1 Propshaft-GitHubLockbox-GitHubAdd autocomplete= “OFF” to Firefox-proof automagically added hidden fields like _method #42610-GitHub

Canaltech Podcast
CT News em Podcast - Celular com bateria que dura dois dias e mais!

Canaltech Podcast

Play Episode Listen Later Oct 7, 2021 7:27


No CT News de hoje: celular com dois dias de bateria, atualização do Firefox, desdobramentos do Windows 11 e mais.  Entre em contato por: podcast@canaltech.com.br Vote no Canaltech no prêmio iBest: https://canalte.ch/c/p5oez Inscreva-se no vestibular da Mauá em: https://maua.br/vestibular Este episódio foi roteirizado, editado e apresentado por Wagner Wakka, com a coordenação de Victor Carvalho, Alveni Lisboa, e Vinicius Moschen. A revisão de áudio é da Mari Capetinga.

Mike Tech Show
MTS-2021-09-23 #798

Mike Tech Show

Play Episode Listen Later Sep 24, 2021


BSOD due to bad RAM, Client move prep, iOS 15 watchOS 8, Firefox extensions, Android messaging issue, Profile Wizard, Proofpoint

mixxio — podcast diario de tecnología
La decisión de SoFBIa

mixxio — podcast diario de tecnología

Play Episode Listen Later Sep 23, 2021 19:49


FBI hackeó a REvil y no lo dijo a nadie / Una consola llavero / Seguros para patinetes eléctricos / Nuevas Microsoft Surface / Gusano elastómero que se mueve solo / Lituania acusa a Xiaomi de censura / Firefox prueba con Bing Patrocinador: El nuevo modo "multimedia/gaming" de Panda Security te ofrece la máxima seguridad contra malware con cero interrupciones mientras juegas https://www.pandasecurity.com/security-promotion/?reg=ES&campaign=gamer2106, para que ni tú ni tu ordenador. Cero molestias, máxima seguridad. Consigue Panda Dome con un 50% de DTO desde su propia página web https://www.pandasecurity.com/security-promotion/?reg=ES&campaign=gamer2106. FBI hackeó a REvil y no lo dijo a nadie / Una consola llavero / Seguros para patinetes eléctricos / Nuevas Microsoft Surface / Gusano elastómero que se mueve solo / Lituania acusa a Xiaomi de censura / Firefox prueba con Bing  El FBI ocultó que tenía una clave "maestra" para descifrar ataques ransomware de REvil. El FBI hackeó los servidores de un grupo criminal de ransomware y obtuvo una clave maestra que permitía desbloquear los archivos en cualquier ordenador infectado. Pero durante tres semanas no se lo dijo a ninguno de los afectados para no "alertar" a los criminales. Un dilema ético, legal y político gigante https://archive.ph/dtTS9 mientras las víctimas perdían sus datos o pagaban millonarios rescates.  Thumby es una mini consola del tamaño de un llavero que puedes programar. Con menos de 3 cm de alto, aspecto de Game Boy y un precio de 19 dólares, Thumby es un interesante nuevo concepto https://thumby.us/pages/press de TinyCircuits que incluye cinco juegos para su pantalla monocromática de 72x40 píxeles.  ¿Seguro de circulación para patinetes eléctricos en España? Tras casi un millón de patinetes vendidos en los últimos años, desde el Ministerio de Transporte adelantan que habrá más campañas de comunicación sobre las normas de los patinetes, y que están a favor de un seguro obligatorio https://www.europapress.es/motor/sector-00644/noticia-pere-navarro-dgt-favor-seguro-obligatorio-patinetes-francia-ya-puesto-20210922134242.html, además de otras posibles normas municipales.  Microsoft renovó la gama Surface por completo con cuatro dispositivos. Acompañando a Windows 11, tenemos la nueva Surface Pro 8 https://es.gizmodo.com/microsoft-acaba-de-lanzar-las-mejores-surface-pro-en-an-1847726727 viene con dos puertos thunderbolt, es más potente y delgada. El Surface Pro X https://microsofters.com/179567/surface-pro-x-2021/ viene con un procesador Microsoft SQ3 (un Snapdragon 8280 ligeramente modificado). Surface Go 3 es algo más barata y potente https://www.xataka.com/tablets/microsoft-surface-go-3-caracteristicas-precio-ficha-tecnica, y el nuevo Surface Laptop Studio con una pantalla abatible https://www.muycomputer.com/2021/09/22/surface-laptop-studio/.  También renovaron el Surface Duo 2, el smartphone con doble pantalla y Android https://www.elespanol.com/elandroidelibre/moviles-android/20210922/nuevo-surface-duo-movil-plegable-microsoft-pantallas/613939821_0.html. Ahora tiene un Snapdragon 888 (así que 5G), refresco de 90 Hz en ambas pantallas, cámaras mejoradas y una bisagra que deja entrever la pantalla para leer notificaciones sin abrirla. — Desde 1.600 euros, pero no se venderá en España ni Latam.  Un gusano impreso en 3D que puede moverse por su cuenta. Dentro del concepto de la "impresión 4D" (materiales 3D que pueden moverse, de ahí la "cuarta dimensión"temporal), este pequeño robotito nace como una pequeña tira de elastómeros que se enrolla sobre sí misma https://www.newscientist.com/article/2291164-4d-printed-robot-self-assembles-into-a-tube-and-rolls-up-hills/ cuando alcanza altas temperaturas (160º C), y que girando es capaz de incluso subir por pequeñas pendientes (vídeo) https://www.youtube.com/watch?v=zQ_iEh7RfoA sin necesidad de motores ni electrónica.  Llegan las reseñas de los nuevos lanzamientos de Apple. Los nuevos iPhone creo que han dejado buenas impresiones https://clipset.com/apple-iphone-13-pro/, especialmente la nueva grabación de vídeo, pantalla y mejoras de batería. El nuevo iPad Mini me parece increíble a ese precio https://www.applesfera.com/ipad/ipad-mini-2021-analisis-review-caracteristicas-precio-especificaciones, lo contrario que un nuevo iPad (a secas) totalmente aburrido https://clipset.com/nuevo-apple-ipad-prueba-novedades/.  Nuestro análisis estará disponible hoy o mañana en Cupertino ../../../cupertino, nuestro podcast semanal sobre Apple.  El gobierno de Lituania acusa a Xiaomi de incorporar herramientas de censura en sus móviles. Un análisis de los procesos https://www.bbc.com/mundo/noticias-internacional-58657590 de un Xiaomi Mi 11 5G por parte lituana revela que el móvil recoge una lista de términos políticos y religiosos prohibidos. Xiaomi responde https://www.reuters.com/world/europe/xiaomi-says-its-devices-do-not-censor-users-following-lithuania-report-2021-09-22/?taid=614b924ba5c42200013c6f11 que no hay ningún tipo de bloqueo.  Podéis ver el PDF del análisis completo https://www.nksc.lt/doc/en/analysis/2021-08-23_5G-CN-analysis_env3.pdf. Mi entendimiento del código es que el listado de términos solo se utiliza fuera de la UE, y para bloquear publicidad en los servicios de Xiaomi. En ningún momento analiza o restringe la navegación web, mensajería, etc. Entiendo pues que no hay "censura" en este caso.  Xiaomi, al igual que otros proveedores digitales chinos, tienen métodos mucho más sólidos y estables de censurar las comunicaciones de sus usuarios en China, que este método de chichinabo. — Lituania y China llevan semanas de acusaciones políticas y diplomáticas https://www.dw.com/es/china-retira-embajador-en-lituania-tras-diferendo-por-taiw%C3%A1n/a-58822175, y este reporte (débil a nivel técnico) creo que simplemente se engloba ahí.  Apple no permitirá que Fortnite vuelva a la App Store. Si ningún tribunal les obliga en el futuro, Fortnite ni otras aplicaciones de Epic Games volverán a estar disponibles para iPad ni iPhone. Así se lo ha comunicado Apple https://www.applesfera.com/app-store-1/no-veremos-fortnite-app-store-que-se-terminen-todos-recursos-sentencia-judicial a la compañía, tras asumir que desde Epic rompieron su contrato unilateralmente.  Sony parchea la PlayStation 4 para solucionar el fallo CBOMB. Solucionan el fallo dual de hardware y software https://vandal.elespanol.com/noticia/1350747919/el-ultimo-firmware-de-ps4-soluciona-el-problema-cbomb-cuando-se-agota-la-pila-cmos/ podría convertir todas las unidades de la consola en ladrillos inservibles en el caso de que fallase la pila del CMOS y la consola no tuviera conexión a Internet, o Sony retirase los servidores de sincronización.  Firefox cambiará el buscador por defecto a Bing para el 1% de usuarios. Mozilla lo denomina un experimento para analizar los comportamientos de los usuarios del navegador al pasar de Google a Bing. Dependiendo de los resultados Mozilla podría cambiarlo de forma completa https://microsofters.com/179598/mozilla-probar-bing-en-lugar-de-google-firefox/ para nuevos usuarios en 2023.

DLN Xtend
75: Battle of the Browsers, they all Lose | DLN Xtend

DLN Xtend

Play Episode Listen Later Sep 22, 2021 45:10


On this episode of DLN Xtend we discuss the battle of the web browsers. Welcome to episode 75 of DLN Xtend. DLN Xtend is a community powered podcast. We take conversations from the DLN Community from places like the DLN Discourse Forums, Telegram group, Discord server and more. We also take topics from other shows around the network to give our takes. 00:00 Introductions 12:38 Topic- Battle of the Browsers 31:00 Host Related Interest 43:19 Wrap Up 44:10 Extras Main Topic Link - https://news.itsfoss.com/firefox-decline/ Host Related Interests Nate - Vintage Computer Festival Midwest - 8-bit Guy / David Murray - LGR / Clint - TexElec - Nibbles and Bytes Wendy - Ennuicaster - https://ecastr.com/ - Wormhole - https://wormhole.app/ Join us in the DLN Community: Discourse: https://discourse.destinationlinux.network/ Telegram: https://destinationlinux.org/telegram Mumble: https://destinationlinux.network/mumble/ Discord: https://destinationlinux.org/discord servers to continue the discussion! Contact info: Matt (Twitter @MattDLN) Wendy (Mastodon @WendyDLN@mastodon.online) Nate (cubiclenate.com)

Greater Than Code
251: Diplomatic Accessibility Advocacy with Todd Libby

Greater Than Code

Play Episode Listen Later Sep 22, 2021 46:41


01:09 - Todd's Superpower: Advocacy For Accessibility * Getting Started * Designing With Web Standards by Jeffrey Zeldman (https://www.amazon.com/Designing-Web-Standards-Jeffrey-Zeldman/dp/0321616952) * The A11Y Project (https://www.a11yproject.com/) * W3C (https://www.w3.org/) 06:18 - Joining The W3C * The W3C Community Page (https://www.w3.org/community/) 07:44 - Getting People/Companies/Stakeholders to Care/Prioritize About Accessibility * Making A Strong Case For Accessibility by Todd Libby (https://www.smashingmagazine.com/2021/07/strong-case-for-accessibility/) * Diplomatic Advocacy * You Don't Want To Get Sued! / $$$ * “We are all temporarily abled.” 15:20 - The Domino's Pizza Story * Supreme Court hands victory to blind man who sued Domino's over site accessibility (https://www.cnbc.com/2019/10/07/dominos-supreme-court.html) 18:21 - Things That Typically Aren't Accessible And Should Be * The WebAIM Million Report (https://webaim.org/projects/million/) * WCAG (https://www.w3.org/WAI/standards-guidelines/wcag/) * Color Contrast * Missing Alt Text on Images * Form Input Labels * What's New in WCAG 2.1: Label in Name by Todd Libby (https://css-tricks.com/whats-new-in-wcag-2-1-label-in-name/) * Empty Links * Not Using Document Language * Triggering GIFS / Flashing Content * Empty Buttons – Use a Button Element!! * Tab Order * Semantic HTML, Heading Structure 26:27 - Accessibility for Mobile Devices * Target Size * Looking at WCAG 2.5.5 for Better Target Sizes (https://css-tricks.com/looking-at-wcag-2-5-5-for-better-target-sizes/) * Dragging Movements 28:08 - Color Contrast * Contrast Ratio (https://contrast-ratio.com/) 33:02 - Designing w/ Accessibility in Mind From the Very Beginning * Accessibility Advocates on Every Team * Accessibility Training 36:22 - Contrast (Cont'd) 38:11 - Automating Accessibility! * axe-core-gems (https://github.com/dequelabs/axe-core-gems) Reflections: Mae: Eyeballing for contrast. John: We are all only temporarily abled and getting the ball rolling on building accessibility in from the beginning of projects going forward and fixing older codebases. Mandy: Using alt-tags going forward on all social media posts. Todd: Accessibility work will never end. Accessibility is a right not a privilege. This episode was brought to you by @therubyrep (https://twitter.com/therubyrep) of DevReps, LLC (http://www.devreps.com/). To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode (https://www.patreon.com/greaterthancode) To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps (https://www.paypal.me/devreps). You will also get an invitation to our Slack community this way as well. Transcript: JOHN: Welcome to Greater Than Code, Episode 251. I'm John Sawers and I'm here with Mae Beale. MAE: Hi, there! And also, Mandy Moore. MANDY: Hi, everyone! I'm Mandy Moore and I'm here today with our guest, Todd Libby. Todd Libby is a professional web developer, designer, and accessibility advocate for 22 years under many different technologies starting with HTML/CSS, Perl, and PHP. Todd has been an avid learner of web technologies for over 40 years starting with many flavors of BASIC all the way to React/Vue. Currently an Accessibility Analyst at Knowbility, Todd is also a member of the W3C. When not coding, you'll usually find Todd tweeting about lobster rolls and accessibility. So before I ask you what your superpower is, I'm going to make a bet and my bet is that I'm 80% positive that your superpower has something to do with lobster rolls. Am I right? [laughter] Am I right? TODD: Well, 80% of the time, you'd be right. I just recently moved to Phoenix, Arizona. So I was actually going to say advocacy for accessibility, but yes, lobster rolls and the consumption of lobster rolls are a big part. MAE: I love it. That's fantastic. MANDY: Okay. Well, tell me about the advocacy. [chuckles] TODD: So it started with seeing family members who are disabled, friends who are disabled, or have family members themselves who are disabled, and the struggles they have with trying to access websites, or web apps on the web and the frustration, the look of like they're about ready to give up. That's when I knew that I would try to not only make my stuff that I made accessible, but to advocate for people in accessibility. MAE: Thank you so much for your work. It is critical. I have personally worked with a number of different populations and started at a camp for children with critical illnesses and currently work at an organization that offers financial services for people with disabilities – well, complex financial needs, which the three target populations that we work with are people with disabilities, people with dementia, and people in recovery. So really excited to talk with you today. Thanks. TODD: You're welcome. JOHN: When you started that journey, did you already have familiarity with accessibility, or was it all just like, “Oh, I get to learn all this stuff so I can start making it better”? TODD: So I fell into it because if you're like me and you started with making table-based layouts way back in the day, because what we had—Mosaic browser, Netscape Navigator, and Internet Explorer—we were making table-based layouts, which were completely inaccessible, but I didn't know that. As the web progressed, I progressed and then I bought a little orange book by Jeffrey Zeldman, Designing with Web Standards, and that pretty much started me on my journey—semantic HTML, progressive enhancement in web standards, and accessibility as well. I tend to stumble into a lot of stuff [laughs] so, and that's a habit of mine. [laughs] MAE: It sounds like it's a good habit and you're using it to help all the other people. So I hate to encourage you to keep stumbling, but by all means. [laughter] Love it. If you were to advise someone wanting to know more about accessibility, would you suggest they start with that same book too, or what would you suggest to someone stumbling around in the dark and not hitting anything yet? TODD: The book is a little outdated. I think the last edition of his book was, I want to say 2018, maybe even further back than that. I would suggest people go on websites like The A11Y project, the a11yproject.com. They have a comprehensive list of resources, links to learning there. Twitter is a good place to learn, to follow people in the accessibility space. The other thing that, if people really want to dive in, is to join The W3C. That's a great place and there's a lot of different groups. You have the CSS Working Group, you have the accessibility side of things, which I'm a part of, the Silver Community Group, which is we're working on the Web Content Accessibility Guidelines 3.0, which is still a little ways down the road, but a lot of great people and a lot of different companies. Some of those companies we've heard of—Google, Apple, companies like that all the way down to individuals. Individuals can join as individuals if your company isn't a member of the W3C. So those are the three things that I mainly point to people. If you don't really want to dive into the W3C side of things, there's a lot of resources on the a11yproject.com website that you can look up. MANDY: So what does being a member entail? What do you have to do? Do you have to pay dues? Do you have to do certain projects, maybe start as an individual level, because I'm sure we have mostly individuals listening to the show. Me as a newbie coder, what would I do to get started as a member of this initiative? TODD: Well, I started out as an individual myself, so I joined and I can get you the link to The W3C Community Page. Go to sign up as an individual and someone will approve the form process that you go through—it's nothing too big, it's nothing complicated—and then that will start you on your way. You can join a sub group, you can join a group, a working group, and it doesn't cost an individual. Companies do pay dues to the W3C and if your company is in the W3C, you get ahold of your company's liaison and there's a process they go through to add you to a certain group. Because with me, it was adding me to The Silver Community Group. But as an individual, you can join in, you can hop right into a meeting from there, and then that's basically it. That's how you start. JOHN: What are the challenges you see in getting not only the goals of a W3C, but I'm assuming specifically around accessibility? TODD: Some of the things that I've seen is buy-in from stakeholders is probably the number one hurdle, or barrier. Companies, stakeholders, and board members, they don't think of, or in some cases, they don't care about accessibility until a company is getting sued and that's a shame. That's one of the things that I wrote about; I have an article on Smashing Magazine. Making A Strong Case for Accessibility, it's called and that is one of few things that I've come across. Getting buy-in from stakeholders and getting buy-in from colleagues as well because you have people that they don't think about accessibility, they think about a number of different things. Mostly what I've come across is they don't think about accessibility because there's no budget, or they don't have the time, or the company doesn't have the time. It's not approved by the company. The other thing that is right up there is it's a process—accessibility—making things accessible and most people think that it's a big this huge mountain to climb. If you incorporate accessibility from the beginning of your project, it's so much easier. You don't have to go back and you don't have to climb that mountain because you've waited until the very end. “Oh, we have time now so we'll do the accessibility stuff,” that makes it more hard. MAE: John, your question actually was similar to something I was thinking about with how you developed this superpower and I was going to ask and still will now. [chuckles] How did you afford all the time in the different places where you were overtime to be able to get this focus? And so, how did you make the case along the way and what things did you learn in that persuasion class of life [chuckles] that was able to allow you to have that be where you could focus and spend more time on and have the places where you work prioritize successful? TODD: It was a lot of, I call it diplomatic advocacy. So for instance, the best example I have is I had been hired to make a website, a public facing website, and a SAAS application accessible. The stakeholder I was directly reporting to, we were sitting down in a meeting one day and I said, “Well, I want to make sure that accessibility is the number one priority on these projects,” and he shot back with, “Well, we don't have the disabled users,” and that nearly knocked me back to my chair. [laughs] So that was a surprise. MAE: There's some groaning inside and I had to [chuckles] do it out loud for a moment. Ooh. TODD: Yeah, I did my internal groaning at the meeting so that just was – [chuckles] Yeah, and I remember that day very vividly and I probably will for the rest of my life that I looked at him and I had to stop and think, and I said, “Well, you never know, there's always a chance that you're able, now you could be disabled at any time.” I also pointed out that his eyeglasses that he wore are an assistive technology. So there was some light shed on that and that propelled me even further into advocacy and the accessibility side of things. That meeting really opened my eyes to not everyone is going to get it, not everyone is going to be on board, not everyone is going to think about disabled users; they really aren't. So from there I used that example. I also use what I call the Domino's Pizza card lately because “Oh, you don't want to get sued.' That's my last resort as far as advocacy goes. Other than that, it's showing a videotape of people using their product that are disabled and they can't use it. That's a huge difference maker, when a stakeholder sees that somebody can't use their product. There's numbers out there now that disabled users in this country alone, the United States, make up 25% of the population, I believe. They have a disposable income of $8 trillion. The visually disabled population alone is, I believe it was $1.6 billion, I think. I would have to check that number again, but it's a big number. So the money side of things really gets through to a stakeholder faster than “Well, your eyeglasses are a assistive technology.” So once they hear the financial side of things, their ears perk up real quick and then they maybe get on board. I've never had other than one stakeholder just saying, “No, we're just going to skip that,” and then that company ended up getting sued. So that says a lot, to me anyways. But that's how I really get into it. And then there was a time where I was working for another company. I was doing consulting for them and I was doing frontend mostly. So it was accessibility, but also at the same time, it was more the code side of things. That was in 2018. 2019, I went to a conference in Burlington, Vermont. I saw a friend of mine speaking and he was very passionate about it and that talk, and there was a couple others there as well, it lit that fire under me again, and I jumped right back in and ever since then, it's just then accessibility. MAE: You reminded me one of the arguments, or what did you say? Diplomatic advocacy statements that I have used is that we are all temporarily abled. [chuckles] Like, that's just how it is and seeing things that way we can really shift how you orient to the idea of as other and reduce the othering. But I was also wondering how long it would be before Pizza Hut came up in our combo. [laughter] MANDY: Yeah, I haven't heard of that. Can you tell us what that is? TODD: [chuckles] So it was Domino's and they had a blind user that tried to use their app. He couldn't use their app; their app wasn't accessible. He tried to use the website; the website wasn't accessible. I have a link that I can send over to the whole story because I'm probably getting bits and pieces wrong. But from what I can recall, basically, this user sued Domino's and instead of Domino's spending, I believe it was $36,000 to fix their website and their app, they decided to drag it out for a number of years through court and of course, spent more money than just $36,000. In the end, they lost. I think they tried to appeal to the Supreme Court because they've gone up as high as federal court, but regardless, they lost. They had to – and I don't know if they still have an inaccessible site, or not, or the app for that matter because I don't go to Domino's. But that's basically the story that they had; a user who tried to access the app and the website, couldn't use it, and they got taken to court. Now Domino's claimed, in the court case, that he could have used the telephone, but he had tried to use the telephone twice and was on hold for 45 minutes. So [laughs] that says a lot. JOHN: Looks like it actually did go to the Supreme Court. TODD: Yeah. Correct me if I'm wrong, I think they did not want to hear it. They just said, “No, we're not going to hear the case.” Yeah, and just think about all these apps we use and all the people that can't access those apps, or the websites. I went to some company websites because I was doing some research, big companies, and a lot of them are inaccessible. A little number that I can throw out there: every year, there's been a little over 2,500 lawsuits in the US. This year, if the rate keeps on going that it has, we're on course for over 4,000 lawsuits in the US alone for inaccessible websites. You've had companies like Target, Bank of America, Winn-Dixie, those kinds of companies have been sued by people because of inaccessible sites. MAE: Okay, but may I say this one thing, which is, I just want to extend my apologies to Pizza Hut. [laughter] MANDY: What kinds of things do you see as not being accessible that should be or easily could be that companies just simply aren't doing? TODD: The big one, still and if you go to webaim.org/projects/million, it's The WebAIM Million report. It's an annual accessibility analysis of the top 1 million home pages on the internet. The number one thing again, this year is color contracts. There are guidelines in place. WCAG, which is the Web Content Accessibility Guidelines, that text should be a 4.5:1 ratio that reaches the minimum contrast for texts. It's a lot of texts out there that doesn't even reach that. So it's color contrast. You'll find a lot of, if you look at—I'm looking at the chart right now—missing alt texts on images. If you have an image that is informative, or you have an image that is conveying something to a user, it has to have alternative text describing what's in the picture. You don't have to go into a long story about what's in the picture and describe it thoroughly; you can just give a quick overview as to what the picture is trying to convey, what is in the picture. And then another one being another failure type a is form input labels; labels that are not labeled correctly. I wrote a article about that [chuckles] on CSS-Tricks and that is, there's programmatic and there's accessible names for form labels that not only help the accessibility side of it, as far as making the site accessible, but also it helps screen reader users read forms and navigate through forms, keyboard users also. Then you have empty links and then a big one that I've seen lately is if you look up in the source code, you see the HTML tag, and the language attribute, a lot of sites now, because they use trademarks, they don't have a document language. I ran across a lot of sites that don't use a document language. They're using a framework. I won't name names because I'm not out to shame, but having that attribute helps screen reader users and I think that's a big thing. A lot of accessibility, people don't understand. People use screen readers, or other assistive technologies, for instance, Dragon NaturallySpeaking voice input. But at the same time, I've got to also add accessibility is more than just deaf, or blind. I suffer from migraines, migraine headaches so animation, or motion from say, parallax scrolling can trigger a migraine. Animations that are too fast, that also trigger migraine headache. You have flashing content that can potentially cause seizures and that's actually happened before where an animated GIF was intentionally sent to someone and it caused a seizure and almost killed the person. So there's those and then the last thing on this list that I'm looking at right now, and these are common failures, empty buttons. You have buttons that don't have labels. Buttons that have Click here. Buttons need to be descriptive. So you want to have – on my site to send me something on the contact form, it's Send this info to Todd, Click here, or something similar like that. MAE: Can you think of any, John that you know of, too? I've got a couple of mind. How about you, Mandy? MANDY: For me, because I'm just starting out, I don't know a whole lot about accessibility. That's why I'm here; I'm trying to learn. But I am really conscious and careful of some of the GIFs that I use, because I do know that some of the motion ones, especially really fast-moving ones, can cause problems, migraines, seizures for people. So when posting those, I'm really, really mindful about it. JOHN: Yeah, the Click here one is always bothers me too, because not only is it bad accessibility, it's bad UX. Like HTML loves you to turn anything into a link so you can make all the words inside the button and it's just fine. [laughs] There's so many other ways to do it that are just – even discounting the accessibility impact, which I don't want it. TODD: Yeah, and touching upon that, I'm glad you brought up the button because I was just going to let that go [chuckles] past me. I have to say and I think it was in the email where it said, “What's bothering you?” What bothers me is people that don't use the button. If you are using a div, or an anchor tag, or a span, stop it. [laughs] Just stop it. There's a button element for that. I read somewhere that anchor tag takes you somewhere, a div is a container, but button is for a button. MAE: I love that. The only other ones I could think of is related to something you said, making sure to have tab order set up properly to allow people to navigate. Again, I liked your point about you don't have to be fully blind to benefit from these things and having keyboard accessibility can benefit a lot of people for all kinds of reasons. The other one is, and I would love to hear everybody's thoughts on this one, I have heard that we're supposed to be using h1, h2, h3 and having proper setup of our HTML and most of us fail just in that basic part. That's another way of supporting people to be able to navigate around and figure out what's about to be on this page and how much should I dig into it? So more on non-visual navigation stuff. TODD: Yeah, heading structure is hugely important for keyboard users and screen reader users as well as tab order and that's where semantic HTML comes into play. If you're running semantic HTML, HTML by default, save for a few caveats, is accessible right out of the box. If your site and somebody can navigate through using let's say, the keyboard turns and they can navigate in a way that is structurally logical, for instance and it has a flow to it that makes sense, then they're going to be able to not only navigate that site, but if you're selling something on that site, you're going to have somebody buying something probably. So that's again, where tab order and heading structure comes into play and it's very important. JOHN: I would assume, and correct me if I'm wrong, or if you know this, that the same sort of accessibility enhancements are available in native mobile applications that aren't using each HTML, is that correct? TODD: Having not delved into the mobile side of things with apps myself, that I really can't answer. I can say, though, that the WCAG guidelines, that does pertain to mobile as well as desktop. There's no certain set of rules. 2.2 is where there are some new features that from mobile, for instance, target size and again, I wrote another article on CSS-Tricks about target size as well. So it's if you ever noticed those little ads that you just want to click off and get off your phone and they have those little tiny Xs and you're sitting there tapping all day? Those are the things target size and dragging movements as well. I did an audit for an app and there was a lot of buttons that were not named. A lot of the accessibility issues I ran into were the same as I would run into doing an audit on a website. I don't know anything about Swift, or Flutter, or anything like that, they pretty much fall into the same category with [inaudible] as far as accessible. JOHN: I also wanted to circle back on the first item that you listed as far as the WebAIM million thing was color contrast, which is one of those ones where a designer comes up with something that looks super cool and sleek, but it's dark gray on a light gray background. It looks great when you've got perfect eyesight, but anybody else, they're just like, “Oh my God, what's that?” That's also one of the things that's probably easiest to change site-wide; it's like you go in and you tweak the CSS and you're done in a half hour and you've got the whole site updated. So it's a great bit of low-hanging fruit that you can attach if you want to start on this process. TODD: Yeah. Color contrast is of course, as the report says, this is the number one thing and let me look back here. It's slowly, the numbers are dropping, but 85.3%, that's still a very high number of failures and there's larger text. If you're using anything over 18 pixels, or the equivalent of 18—it's either 18 points, or 18 pixels—is a 3:1 ratio. With that color contrast is how our brains perceive color. It's not the actual contrast of that color and there are people far more qualified than me going to that, or that can go into that. So what I'll say is I've seen a lot of teams and companies, “Yeah, we'll do a little over 4.5:1 and we'll call it a day.” But I always say, if you can do 7:1, or even 10:1 on your ratios and you can find a way to make your brand, or whatever the same, then go for it. A lot of the time you hear, “Well, we don't want to change the colors of our brand.” Well, your colors of your brand aren't accessible to somebody who that has, for instance, Tritanopia, which is, I think it's blues and greens are very hard to see, or they don't see it at all. Color deficiencies are a thing that design teams aren't going to check for. They're just not. Like you said, all these colors look awesome so let's just, we're going to go with that on our UI. That's one thing that I actually ran into on that SAAS product that I spoke about earlier was there was these colors and these colors were a dark blue, very muted dark blue with orange text. You would think the contrast would be oh yeah, they would be all right, but it was horrible. JOHN: You can get browser plugins, that'll show you what the page looks like. So you can check these things yourself. Like you can go in and say, “Oh, you're right. That's completely illegible.” TODD: Yeah. Firefox, like I have right here on my work machine. I have right here Firefox and it does this. There's a simulator for a visual color deficiencies. It also checks for contrast as well. Chrome has one, which it actually has a very cool eyedropper to check for color contrast. If you use the inspector also in Firefox, that brings up a little contrast thing. The WAVE extension has a contrast tool. There's also a lot of different apps. If you have a Mac, like I do, I have too many color contrast because I love checking out these color contrast apps. So I have about five different color contrast apps on my Mac, but there's also websites, too that you can use at the same time. Just do a search for polar contrast. Contrast Ratio, contrast-ratio.com, is from Lea Verou. I use that one a lot. A lot of people use that one. There's so many of them out there choose from, but they are very handy tool at designer's disposal and at developers' disposal as well. JOHN: So I'm trying to think of, like I was saying earlier, the color contrast one is one of those things that's probably very straightforward; you can upgrade your whole site in a short amount of time. Color contrast is a little trickier because it gets into branding and marketing's going to want to care about it and all that kind of stuff. So you might have a bit more battle around that, but it could probably be done and you might be able to fix, at least the worst parts of the page that have problems around that. So I'm just trying to think of the ways that you could get the ball rolling on this kind of a work. Like if you can get those early easy wins, it's going to get more people on board with the process and not saying like, “Oh, it's going to take us eight months and we have to go through every single page and change it every forum.” That sounds really daunting when you think about it and so, trying to imagine what those easy early wins are that can get people down that road. TODD: Yeah. Starting from the very outset of the project is probably the key one: incorporating accessibility from the start of the project. Like I said earlier, it's a lot easier when you do it from the start rather than waiting till the very end, or even after the product has been launched and you go back and go, “Oh, well, now we need to fix it.” You're not only putting stress on your teams, but it's eating up time and money because you're now paying everybody to go back and look at all these accessibility issues there. Having one person as a dedicated accessibility advocate on each team helps immensely. So you have one person on the development team, one person on the dev side, one person on the marketing team, starting from the top. If somebody goes there to a stakeholder and says, “Listen, we need to start incorporating accessibility from the very start, here's why,” Nine times out of ten, I can guarantee you, you're probably going to get that stakeholder onboard. That tenth time, you'll have to go as far as maybe I did and say, “Well, Domino's Pizza, or Bank of America, or Target.” Again, their ears are going to perk up and they're going to go, “Oh, well, I don't really, we don't want to get sued.” So that, and going back to having one person on each team: training. There are so many resources out there for accessibility training. There are companies out there that train, there are companies that you can bring in to the organization that will train, that'll help train. That's so easier than what are we going to do? A lot of people just sitting there in a room and go, “How are you going to do this?” Having that person in each department getting together with everybody else, that's that advocate for each department, meeting up and saying, “Okay, we're going to coordinate. You're going to put out a fantastic product that's going to be accessible and also, at the same time, the financial aspect is going to make the company money. But most of all, it's going to include a lot of people that are normally not included if you're putting out an accessible product.” Because if you go to a certain website, I can guarantee you it's going to be inaccessible—just about 99% of the web isn't accessible—and it's going to be exclusive as it's going to – somebody is going to get shut out of the site, or app. So this falls on the applications as well. Another thing too, I just wanted to throw in here for color contrast. There are different – you have color contrast text, but you also have non-text contrast, you have texts in images, that kind of contrast as well and it does get a little confusing. Let's face it, the guidelines right now, it's a very technically written – it's like a technical manual. A lot of people come up to me and said, “I can't read this. I can't make sense of this. Can you translate this?” So hopefully, and this is part of the work that I'm doing with a lot of other people in the W3C is where making the language of 3.0 in plain language, basically. It's going to be a lot easier to understand these guidelines instead of all that technical jargon. I look at something right now and I'm scratching my head when I'm doing an audit going, “Okay, what do they mean by this?” All these people come together and we agree on what to write. What is the language that's going to go into this? So when they got together 2.0, which was years and years ago, they said, “Okay, this is going to be how we're going to write this and we're going to publish this,” and then we had a lot of people just like me scratching their heads of not understanding it. So hopefully, and I'm pretty sure, 99.9% sure that it's going to be a lot easier for people to understand. MAE: That sounds awesome. And if you end up needing a bunch of play testers, I bet a lot of our listeners would be totally willing to put in some time. I know I would. Just want to put in one last plug for anybody out there who really loves automating things and is trying to avoid relying on any single developer, or designer, or QA person to remember to check for accessibility is to build it into your CI/CD pipeline. There are a lot of different options. Another approach to couple with that, or do independently is to use the axe core gems, and that link will be in the show notes, where it'll allow you to be able to sprinkle in your tests, accessibility checks on different pieces. So if we've decided we're going to handle color contrast, cool, then it'll check that. But if we're not ready to deal with another point of accessibility, then we can skip it. So it's very similar to Robocop. Anyway, just wanted to offer in some other tips and tricks of the trade to be able to get going on accessibility and then once you get that train rolling, it can do a little better, but it is hard to start from scratch. JOHN: That's a great tip, Mae. Thank you. TODD: Yeah, definitely. MANDY: Okay. Well, with that, I think it's about time we head into reflections; the point of the show, where we talk about something that we thought stood out, that we want to think about more, or a place that we can call for a call of action to our listeners, or even to ourselves. Who wants to go first? MAE: I can go first. I learned something awesome from you, Todd, which I have not thought of before, which is if I am eyeballing for “contrast,” especially color contrast, that's not necessarily what that means. I really appreciate learning that and we'll definitely be applying that in my daily life. [chuckles] So thanks for teaching me a whole bunch of things, including that. TODD: You're welcome. JOHN: I think for me, it's just the continuing reminder to – I do like the thinking that, I think Mae have brought up and also Todd was talking about earlier at the beginning about how we're all of us temporarily not disabled and that I think it helps bring some of that empathy a little closer to us. So it makes it a little more accessible to us to realize that it's going to happen to us at some point, at some level, and to help then bring that empathy to the other people who are currently in that state and really that's, I think is a useful way of thinking about it. Also, the idea that I've been thinking through as we've been talking about this is how do we get the ball rolling on this? We have an existing application that's 10 years old that's going to take a lot to get it there, but how do we get the process started so we feel like we're making progress there rather than just saying, “Oh, we did HTML form 27 out of 163. All right, back at it tomorrow.” It's hard to think about, so feeling like there's progress is a good thing. TODD: Yeah, definitely and as we get older, our eyes, they're one of the first things to go. So I'm going to need assistive technology at some point so, yeah. And then what you touched upon, John. It may be daunting having to go back and do the whole, “Okay, what are we going to do for accessibility now that this project, it's 10 years old, 15 years old?” The SAAS project that I was talking about, it was 15-year-old code, .net. I got people together; one from each department. We all got together and we ended up making that product accessible for them. So it can be done. [laughs] It can be done. JOHN: That's actually a good point. Just hearing about successes in the wild with particularly hard projects is a great thing. Because again, I'm thinking about it at the start of our project and hearing that somebody made it all through and maybe even repeatedly is hard. TODD: Yeah. It's not something that once it's done, it's done. Accessibility, just like the web, is an ever-evolving media. MANDY: For me. I think my reflection is going to be, as a new coder, I do want to say, I'm glad that we talked about a lot of the things that you see that aren't currently accessible that can be accessible. One of those things is using alt tags and right now, I know when I put the social media posts out on Twitter, I don't use the alt tags and I should. So just putting an alt tag saying, “This is a picture of our guest, Todd” and the title of the show would probably be helpful for some of our listeners. So I'm going to start doing that. So thank you. TODD: You're welcome. I'm just reminded of our talk and every talk that I have on a podcast, or with anybody just reminds me of the work that I have to do and the work that is being done by a lot of different people, other than myself as well, as far as advocacy goes in that I don't think it's ever going to be a job that will ever go away. There will always be a need for accessibility advocacy for the web and it's great just to be able to sit down and talk to people about accessibility and what we need to do to make the web better and more inclusive for everybody. Because I tweet out a lot, “Accessibility is a right, not a privilege,” and I really feel that to my core because the UN specifically says that the internet is a basic human and I went as far as to go say, “Well, so as an accessibility of that internet as well.” So that is my reflection. MAE: I'll add an alt tag for me right now is with a fist up and a big smile and a lot of enthusiasm in my heart. MANDY: Awesome. Well, thank you so much for coming on the show, Todd. It's been really great talking with you and I really appreciate you coming on the show to share with us your knowledge and your expertise on the subject of accessibility. So with that, I will close out the show and say we do have a Slack and Todd will be invited to it if he'd like to talk more to us and the rest of the Greater Than Code community. You can visit patreon.com/greaterthancode and pledge to support us monthly and again, if you cannot afford that, or do not want to pledge to help run the show, you can DM anyone of us and we will get you in there for free because we want to make the Slack channel accessible for all. Have a great week and we'll see you next time. Goodbye! Special Guest: Todd Libby.

Late Night Linux
Late Night Linux – Episode 142

Late Night Linux

Play Episode Listen Later Sep 14, 2021 30:23


Manjaro is shipping a proprietary browser and some people are upset, a win for Firefox on Windows, Proton Mail doesn't make you magically impervious to the long arm of the law, Bitcoin becomes an official currency in El Salvador, influential friends call it a day, and more.   News Mozilla has defeated Microsoft's default browser... Read More

Security Now (MP3)
SN 833: Microsoft's Reasoned Neglect - T-Mobile's Major Data Leak, Razer Mouse Hack, Overlay Networks

Security Now (MP3)

Play Episode Listen Later Aug 25, 2021 119:07


Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor