Podcasts about Sendmail

FreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO's Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines FreeBSD replaces sendmail with dma (https://klarasystems.com/articles/freebsd14-replaces-sendmail-with-dma/?utm_source=BSD%20Now&utm_medium=Podcast) Why We Use FreeBSD Over Linux: A CTO's Perspective (https://dzone.com/articles/why-we-use-freebsd-over-linux-a-ctos-perspective) News Roundup How I fell in love with OpenBSD (https://h3artbl33d.nl/blog/how-i-fell-in-love-with-openbsd) A GDC package for macOS/aarch64 (https://briancallahan.net/blog/) Validate Your FreeBSD rc.conf (https://dev.to/scovl/validate-your-freebsd-rcconf-e94) Replacing Proxmox with FreeBSD and Bhyve (https://abnml.com/blog/2024/11/26/replacing-proxmox-with-freebsd-and-bhyve/) OPNsense 24.7.10 released (https://forum.opnsense.org/index.php?topic=44413.0) Printing With FreeBSD (https://blog.smithfamily.org.uk/posts/2024/11/freebsd_print/) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Christian - Deprecated vs Depreciated (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/593/feedback/Christian%20-%20Deprecated%20vs%20Depreciated.md) Producer Note Once we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that. Also once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

Sendmail e simili ? Quanto tempo per scaricare i files ? Troppo poco ?Usiamo la nostra cloud al contrario: per ricevere invece che per inviare.Con un meccanismo di sicurezza: un link a scadenza temporale.Per controllare se i files arrivano, condividiamo il link sul nostro desktop, in modo aprire il browser sulla cartella e controllare periodicamente cosa arriva.Non utile sempre, ma alcune volte si'.

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Biosecurity Culture, Computer Security Culture, published by jefftk on August 30, 2023 on LessWrong. While I've only worked in biosecurity for about a year and my computer security background consists of things I picked up while working on other aspects of software engineering, the cultures seem incredibly different. Some examples of good computer security culture that would be bad biosecurity culture: Openness and full disclosure. Write blog posts with deep detail on how vulnerabilities were found, with the goal of teaching others how to find similar ones in the future. Keep details quiet for a few months if need be to give vendors time to fix but after, say, 90 days go public. Breaking things to fix them. Given a new system, of course you should try to compromise it. If you succeed manually, make a demo that cracks it in milliseconds. Make (and publish!) fuzzers and other automated vulnerability search tools. Enthusiastic curiosity and exploration. Noticing hints of vulnerabilities and digging into them to figure out how deep they go is great. If someone says "you don't need to know that" ignore them and try to figure it out for yourself. This is not how computer security has always been, or how it is everywhere, and people in the field are often fiercely protective of these ideals against vendors that try to hide flaws or silence researchers. And overall my impression is that this culture has been tremendously positive in computer security. Which means that if you come into the effective altruism corner of biosecurity with a computer security background and see all of these discussions of "information hazards", people discouraging trying to find vulnerabilities, and people staying quiet about dangerous things they've discovered it's going to feel very strange, and potentially rotten. So here's a framing that might help see things from this biosecurity perspective. Imagine that the Morris worm never happened, nor Blaster, nor Samy. A few people independently discovered SQL injection but kept it to themselves. Computer security never developed as a field, even as more and more around us became automated. We have driverless cars, robosurgeons, and simple automated agents acting for us, all with the security of original Sendmail. And it's all been around long enough that the original authors have moved on and no one remembers how any of it works. Someone who put in some serious effort could cause immense distruction, but this doesn't happen because the people who have the expertise to cause havoc have better things to do. Introducing modern computer security culture into this hypothetical world would not go well! Most of the cultural differences trace back to what happens once a vulnerability is known. With computers: The companies responsible for software and hardware are in a position to fix their systems, and disclosure has helped build a norm that they should do this promptly. People who are writing software can make changes to their approach to avoid creating similar vulnerabilities in the future. End users have a wide range of effective and reasonably cheap options for mitigation once the vulnerability is known. But with biology there is no vendor, a specific fix can take years, a fully general fix may not be possible, and mitigation could be incredibly expensive. The culture each field needs is downstream from these key differences. Overall this is sad: we could move faster if we could all just talk about what we're most concerned about, plus cause prioritization would be simpler. I wish we were in a world where we could apply the norms from computer security! But different constraints lead to different solutions, and the level of caution I see in biorisk seems about right given these constraints. (Note that when I talk about "good biosecurity culture" I'm desc...

Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Biosecurity Culture, Computer Security Culture, published by jefftk on August 30, 2023 on LessWrong.While I've only worked in biosecurity for about a year and my computer security background consists of things I picked up while working on other aspects of software engineering, the cultures seem incredibly different. Some examples of good computer security culture that would be bad biosecurity culture:Openness and full disclosure. Write blog posts with deep detail on how vulnerabilities were found, with the goal of teaching others how to find similar ones in the future. Keep details quiet for a few months if need be to give vendors time to fix but after, say, 90 days go public.Breaking things to fix them. Given a new system, of course you should try to compromise it. If you succeed manually, make a demo that cracks it in milliseconds. Make (and publish!) fuzzers and other automated vulnerability search tools.Enthusiastic curiosity and exploration. Noticing hints of vulnerabilities and digging into them to figure out how deep they go is great. If someone says "you don't need to know that" ignore them and try to figure it out for yourself.This is not how computer security has always been, or how it is everywhere, and people in the field are often fiercely protective of these ideals against vendors that try to hide flaws or silence researchers. And overall my impression is that this culture has been tremendously positive in computer security.Which means that if you come into the effective altruism corner of biosecurity with a computer security background and see all of these discussions of "information hazards", people discouraging trying to find vulnerabilities, and people staying quiet about dangerous things they've discovered it's going to feel very strange, and potentially rotten.So here's a framing that might help see things from this biosecurity perspective. Imagine that the Morris worm never happened, nor Blaster, nor Samy. A few people independently discovered SQL injection but kept it to themselves. Computer security never developed as a field, even as more and more around us became automated. We have driverless cars, robosurgeons, and simple automated agents acting for us, all with the security of original Sendmail. And it's all been around long enough that the original authors have moved on and no one remembers how any of it works. Someone who put in some serious effort could cause immense distruction, but this doesn't happen because the people who have the expertise to cause havoc have better things to do. Introducing modern computer security culture into this hypothetical world would not go well!Most of the cultural differences trace back to what happens once a vulnerability is known. With computers:The companies responsible for software and hardware are in a position to fix their systems, and disclosure has helped build a norm that they should do this promptly.People who are writing software can make changes to their approach to avoid creating similar vulnerabilities in the future.End users have a wide range of effective and reasonably cheap options for mitigation once the vulnerability is known.But with biology there is no vendor, a specific fix can take years, a fully general fix may not be possible, and mitigation could be incredibly expensive. The culture each field needs is downstream from these key differences.Overall this is sad: we could move faster if we could all just talk about what we're most concerned about, plus cause prioritization would be simpler. I wish we were in a world where we could apply the norms from computer security! But different constraints lead to different solutions, and the level of caution I see in biorisk seems about right given these constraints.(Note that when I talk about "good biosecurity culture" I'm desc...

Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Biosecurity Culture, Computer Security Culture, published by jefftk on August 30, 2023 on LessWrong. While I've only worked in biosecurity for about a year and my computer security background consists of things I picked up while working on other aspects of software engineering, the cultures seem incredibly different. Some examples of good computer security culture that would be bad biosecurity culture: Openness and full disclosure. Write blog posts with deep detail on how vulnerabilities were found, with the goal of teaching others how to find similar ones in the future. Keep details quiet for a few months if need be to give vendors time to fix but after, say, 90 days go public. Breaking things to fix them. Given a new system, of course you should try to compromise it. If you succeed manually, make a demo that cracks it in milliseconds. Make (and publish!) fuzzers and other automated vulnerability search tools. Enthusiastic curiosity and exploration. Noticing hints of vulnerabilities and digging into them to figure out how deep they go is great. If someone says "you don't need to know that" ignore them and try to figure it out for yourself. This is not how computer security has always been, or how it is everywhere, and people in the field are often fiercely protective of these ideals against vendors that try to hide flaws or silence researchers. And overall my impression is that this culture has been tremendously positive in computer security. Which means that if you come into the effective altruism corner of biosecurity with a computer security background and see all of these discussions of "information hazards", people discouraging trying to find vulnerabilities, and people staying quiet about dangerous things they've discovered it's going to feel very strange, and potentially rotten. So here's a framing that might help see things from this biosecurity perspective. Imagine that the Morris worm never happened, nor Blaster, nor Samy. A few people independently discovered SQL injection but kept it to themselves. Computer security never developed as a field, even as more and more around us became automated. We have driverless cars, robosurgeons, and simple automated agents acting for us, all with the security of original Sendmail. And it's all been around long enough that the original authors have moved on and no one remembers how any of it works. Someone who put in some serious effort could cause immense distruction, but this doesn't happen because the people who have the expertise to cause havoc have better things to do. Introducing modern computer security culture into this hypothetical world would not go well! Most of the cultural differences trace back to what happens once a vulnerability is known. With computers: The companies responsible for software and hardware are in a position to fix their systems, and disclosure has helped build a norm that they should do this promptly. People who are writing software can make changes to their approach to avoid creating similar vulnerabilities in the future. End users have a wide range of effective and reasonably cheap options for mitigation once the vulnerability is known. But with biology there is no vendor, a specific fix can take years, a fully general fix may not be possible, and mitigation could be incredibly expensive. The culture each field needs is downstream from these key differences. Overall this is sad: we could move faster if we could all just talk about what we're most concerned about, plus cause prioritization would be simpler. I wish we were in a world where we could apply the norms from computer security! But different constraints lead to different solutions, and the level of caution I see in biorisk seems about right given these constraints. (Note that when I talk about "good biosecurity culture" I'm desc...

Certyfikaty w branży IT / Security - co dają, czym się różnią, czy warto je zdawać i czy dzięki nim dostaniesz pracę. O tym rozmawiamy w kolejnym odcinku Emacsem przez Sendmail. ======================================================= Czytaj bloga: https://OpenSecurity.pl ======================================================= Jesteś początkujący w branży cybersecurity? Zapisz się na listę: https://OpenSecurity.pl/ementoring ======================================================= Social media: https://www.facebook.com/opensecpl/ https://twitter.com/OpensecurityP https://www.youtube.com/c/OpenSecurityPL =======================================================

About LizLiz Rice is Chief Open Source Officer with cloud native networking and security specialists Isovalent, creators of the Cilium eBPF-based networking project. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift.Links: Isovalent: https://isovalent.com/ Container Security: https://www.amazon.com/Container-Security-Fundamental-Containerized-Applications/dp/1492056707/ Twitter: https://twitter.com/lizrice GitHub: https://github.com/lizrice Cilium and eBPF Slack: http://slack.cilium.io/ CNCF Slack: https://cloud-native.slack.com/join/shared_invite/zt-11yzivnzq-hs12vUAYFZmnqE3r7ILz9A TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Today's episode is brought to you in part by our friends at MinIO the high-performance Kubernetes native object store that's built for the multi-cloud, creating a consistent data storage layer for your public cloud instances, your private cloud instances, and even your edge instances, depending upon what the heck you're defining those as, which depends probably on where you work. It's getting that unified is one of the greatest challenges facing developers and architects today. It requires S3 compatibility, enterprise-grade security and resiliency, the speed to run any workload, and the footprint to run anywhere, and that's exactly what MinIO offers. With superb read speeds in excess of 360 gigs and 100 megabyte binary that doesn't eat all the data you've gotten on the system, it's exactly what you've been looking for. Check it out today at min.io/download, and see for yourself. That's min.io/download, and be sure to tell them that I sent you.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig is the solution for securing DevOps. They have a blog post that went up recently about how an insecure AWS Lambda function could be used as a pivot point to get access into your environment. They've also gone deep in-depth with a bunch of other approaches to how DevOps and security are inextricably linked. To learn more, visit sysdig.com and tell them I sent you. That's S-Y-S-D-I-G dot com. My thanks to them for their continued support of this ridiculous nonsense.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the interesting things about hanging out in the cloud ecosystem as long as I have and as, I guess, closely tied to Amazon as I have been, is that you learned that you never quite are able to pronounce things the way that people pronounce them internally. In-house pronunciations are always a thing. My guest today is Liz Rice, the Chief Open Source Officer at Isovalent, and they're responsible for, among other things, the Cilium open-source project, which is around eBPF, which I can only assume is internally pronounced as ‘Ehbehpf'. Liz, thank you for joining me today and suffering my pronunciation slings and arrows.Liz: I have never heard ‘Ehbehpf' before, but I may have to adopt it. That's great.Corey: You also are currently—in a term that is winding down if I'm not misunderstanding—you were the co-chair of KubeCon and CloudNativeCon at the CNCF, and you are also currently on the technical oversight committee for the foundation.Liz: Yeah, yeah. I'm currently the chair, in fact, of the technical oversight committee.Corey: And now that Amazon has joined, I assumed that they had taken their horrible pronunciation habits, like calling AMIs ‘Ah-mies' and whatnot, and started spreading them throughout the ecosystem with wild abandon.Liz: Are we going to have to start calling CNCF ‘Ka'Nff' or something?Corey: Exactly. They're very frugal, by which I mean they never buy a vowel. So yeah, it tends to be an ongoing challenge. Joking and all the rest aside, let's start, I guess, at the macro view. The CNCF does an awful lot of stuff, where if you look at the CNCF landscape, for example, like, I think some of my jokes on the internet go a bit too far, but you look at this thing and last time I checked, there were something like four or 500 different players in various spaces.And it's a very useful diagram, don't get me wrong by any stretch of the imagination, but it also is one of those things that is so staggeringly vast that I've got a level with you on this one, given my old, ancient sysadmin roots, “The hell with it. I'm going to run some VMs in a three-tiered architecture just like grandma and grandpa used to do,” and call it good. Not really how the industry is evolved, but it's overwhelming.Liz: But that might be the right solution for your use case so, you know, don't knock it if it works.Corey: Oh, yeah. If it's a terrible architecture and it works, is it really that terrible of an architecture? One wonders.Liz: Yeah, yeah. I mean, I'm definitely not one of those people who thinks, you know, every solution has the same—you know, is solved by the same hammer, you know, all problems are not the same nail. So, I am a big fan of a lot of the CNCF projects, but that doesn't mean to say I think those are the only ways to deploy software. You know, there are plenty of things like Lambda are a really great example of something that is super useful and very applicable for lots of applications and for lots of development teams. Not necessarily the right solution for everything. And for other people, they need all the bells and whistles that something like Kubernetes gives them. You know, horses for courses.Corey: It's very easy for me to make fun of just about any company or service or product, but the thing that always makes me set that aside and get down to brass tacks has been, “Okay, great. You can build whatever you want. You can tell whatever glorious marketing narrative you wish to craft, but let's talk to a real customer because once we do that, then if you're solving a problem that someone is having in the wild, okay, now it's no longer just this theoretical exercise and PowerPoint. Now, let's actually figure out how things work when the rubber meets the road.”So, let's start, I guess, with… I'll leave it to you. Isovalent are the creators of the Cilium eBPF-based networking project.Liz: Yeah.Corey: And eBPF is the part of that I think I'm the most familiar with having heard the term. Would you rather start on the company side or on the eBPF side?Liz: Oh, I don't mind. Let's—why don't we start with eBPF? Yeah.Corey: Cool. So easy, ridiculous question. I know that it's extremely important because Brendan Gregg periodically gets on stage and tells amazing stories about this; the last time he did stuff like that, I went stumbling down into the rabbit hole of DTrace, and I have never fully regretted doing that, nor completely forgiven him. What is eBPF?Liz: So, it stands for extended Berkeley Packet Filter, and we can pretty much just throw away those words because it's not terribly helpful. What eBPF allows you to do is to run custom programs inside the kernel. So, we can trigger these programs to run, maybe because a network packet arrived, or because a particular function within the kernel has been called, or a tracepoint has been hit. There are tons of places you can attach these programs to, or events you can attach programs to.And when that event happens, you can run your custom code. And that can change the behavior of the kernel, which is, you know, great power and great responsibility, but incredibly powerful. So Brendan, for example, has done a ton of really great pioneering work showing how you can attach these eBPF programs to events, use that to collect metrics, and lo and behold, you have amazing visibility into what's happening in your system. And he's built tons of different tools for observing everything from, I don't know, memory use to file opens to—there's just endless, dozens and dozens of tools that Brendan, I think, was probably the first to build. And now this sort of new generations of eBPF-based tooling that are kind of taking that legacy, turning them into maybe more, going to say user-friendly interfaces, you know, with GUIs, and hooking them up to metrics platforms, and in the case of Cilium, using it for networking and hooking it into Kubernetes identities, and making the information about network flows meaningful in the context of Kubernetes, where things like IP addresses are ephemeral and not very useful for very long; I mean, they just change at any moment.Corey: I guess I'm trying to figure out what part of the stack this winds up applying to because you talk about, at least to my mind, it sounds like a few different levels all at once: You talk about running code inside of the kernel, which is really close to the hardware—it's oh, great. It's adventures in assembly is almost what I'm hearing here—but then you also talk about using this with GUIs, for example, and operating on individual packets to run custom programs. When you talk about running custom programs, are we talking things that are a bit closer to, “Oh, modify this one field of that packet and then call it good,” or are you talking, “Now, we launch Microsoft Word.”Liz: Much more the former category. So yeah, let's inspect this packet and maybe change it a bit, or send it to a different—you know, maybe it was going to go to one interface, but we're going to send it to a different interface; maybe we're going to modify that packet; maybe we're going to throw the packet on the floor because we don't—there's really great security use cases for inspecting packets and saying, “This is a bad packet, I do not want to see this packet, I'm just going to discard it.” And there's some, what they call ‘Packet of Death' vulnerabilities that have been mitigated in that way. And the real beauty of it is you just load these programs dynamically. So, you can change the kernel or on the fly and affect that behavior, just immediately have an effect.If there are processes already running, they get instrumented immediately. So, maybe you run a BPF program to spot when a file is opened. New processes, existing processes, containerized processes, it doesn't matter; they'll all be detected by your program if it's observing file open events.Corey: Is this primarily used from a security perspective? Is it used for—what are the common use cases for something like this?Liz: There's three main buckets, I would say: Networking, observability, and security. And in Cilium, we're kind of involved in some aspects of all those three things, and there are plenty of other projects that are also focusing on one or other of those aspects.Corey: This is where when, I guess, the challenge I run into the whole CNCF landscape is, it's like, I think the danger is when I started down this path that I'm on now, I realized that, “Oh, I have to learn what all the different AWS services do.” This was widely regarded as a mistake. They are not Pokémon; I do not need to catch them all. The CNCF landscape applies very similarly in that respect. What is the real-world problem space for which eBPF and/or things like Cilium that leverage eBPF—because eBPF does sound fairly low-level—that turn this into something that solves a problem people have? In other words, what is the problem that Cilium should be the go-to answer for when someone says, “I have this thing that hurts.”Liz: So, at one level, Cilium is a networking solution. So, it's Kubernetes CNI. You plug it in to provide connectivity between your applications that are running in pods. Those pods have to talk to each other somehow and Cilium will connect those pods together for you in a very efficient way. One of the really interesting things about eBPF and networking is we can bypass some of the networking stack.So, if we are running in containers, we're running our applications in containers in pods, and those pods usually will have their own networking namespace. And that means they've got their own networking stack. So, a packet that arrives on your machine has to go through the networking stack on that host machine, go across a virtual interface into your pod, and then go through the networking stack in that pod. And that's kind of inefficient. But with eBPF, we can look at the packet the moment it's come into the kernel—in fact in some cases, if you have the right networking interfaces, you can do it while it's still on the network interface card—so you look at that packet and say, “Well, I know what pod that's destined for, I can just send it straight there.” I don't have to go through the whole networking stack in the kernel because I already know exactly where it's going. And that has some real performance improvements.Corey: That makes sense. In my explorations—we'll call it—with Kubernetes, it feels like the universe—at least at the time I went looking into it—was, “Step One, here's how to wind up launching Kubernetes to run a blog.” Which is a bit like using a chainsaw to wind up cutting a sandwich. Okay, massively overpowered but I get the basic idea, like, “Okay, what's project Step Two?” It's like, “Oh, great. Go build Google.”Liz: [laugh].Corey: Okay, great. It feels like there's some intermediary steps that have been sort of glossed over here. And at the small-scale that I kicked the tires on, things like networking performance never even entered the equation; it was more about get the thing up and running. But yeah, at scale, when you start seeing huge numbers of containers being orchestrated across a wide variety of hosts that has serious repercussions and explains an awful lot. Is this the sort of thing that gets leveraged by cloud providers themselves, is it something that gets built in mostly on-prem environments, or is it something that rides in, almost, user-land for most of these use cases that customers coming to bringing to those environments? I'm sorry, users, not customers. I'm too used to the Amazonian phrasing of everyone as a customer. No, no, they are users in an open-source project.Liz: [laugh]. Yeah, so if you're using GKE, the GKE Dataplane V2 is using Cilium. Alibaba Cloud uses Cilium. AWS is using Cilium for EKS Anywhere. So, these are really, I think, great signals that it's super scalable.And it's also not just about the connectivity, but also about being able to see your network flows and debug them. Because, like you say, that day one, your blog is up and running, and day two, you've got some DNS issue that you need to debug, and how are you going to do that? And because Cilium is working with Kubernetes, so it knows about the individual pods, and it's aware of the IP addresses for those pods, and it can map those to, you know, what's the pod, what service is that pod involved with. And we have a component of Cilium called Hubble that gives you the flows, the network flows, between services. So, you know, we've probably all seen diagrams showing Service A talking to Service B, Service C, some external connectivity, and Hubble can show you those flows between services and the outside world, regardless of how the IP addresses may be changing underneath you, and aggregating network flows into those services that make sense to a human who's looking at a Kubernetes deployment.Corey: A running gag that I've had is that one of the drawbacks and appeals of Kubernetes, all at once, is that it lets you cosplay as a cloud provider, even if you don't happen to work for one of them. And there's a bit of truth to it, but let's be serious here, despite what a lot of the cloud providers would wish us to believe via a bunch of marketing, there's a tremendous number of data center environments out there, hybrid environments, and companies that are in those environments are not somehow laggards, or left behind technologically, or struggling to digitally transform. Believe it or not—I know it's not a common narrative—but large companies generally don't employ people who lack critical thinking skills and strategic insight. There's usually a reason that things are the way that they are and when you don't understand that my default approach is that, oh context that gets missing, so I want to preface this with the idea there is nothing wrong in those environments. But in a purely cloud-native environment—which means that I'm very proud about having no single points of failure as I have everything routing to a single credit card that pays the cloud providers—great. What is the story for Cilium if I'm using, effectively, the managed Kubernetes options that Name Any Cloud Provider will provide for me these days? Is it at that point no longer for me or is it something that instead expresses itself in ways I'm not seeing, yet?Liz: Yeah, so I think, as an open-source project—and it is the only CNI that's at incubation level or beyond, so you know, it's CNCF-supported networking solution; you can use it out of the box, you can use it for your tiny blog application if you've decided to run that on Kubernetes, you can do so—things start to get much more interesting at scale. I mean, that… continuum between you know, there are people purely on managed services, there are people who are purely in the cloud, hybrid cloud is a real thing, and there are plenty of businesses who have good reasons to have some things in their own data centers, something's in the public cloud, things distributed around the world, so they need connectivity between those. And Cilium will solve a lot of those problems for you in the open-source, but also, if you're telco scale and you have things like BGP networks between your data centers, then that's where the paid versions of Cilium, the enterprise versions of Cilium, can help you out. And, as Isovalent, that's our business model to have, like—we fully support or we contribute a lot of resources into the open-source Cilium, and we want that to be the best networking solution for anybody, but if you are an enterprise who wants those extra bells and whistles, and the kind of scale that, you know, a telco, or a massive retailer, or a large media organization, or name your vertical, then we have solutions for that as well. And I think it was one of the really interesting things about the eBPF side of it is that, you know, we're not bound to just Kubernetes, you know? We run in the kernel, and it just so happens that we have that Kubernetes interface for allocating IP addresses to endpoints that happened to be pods. But—Corey: So, back to my crappy pile of VMs—because the hell with all this newfangled container nonsense—I can still benefit from something like Cilium?Liz: Exactly, yeah. And there's plenty of people using it for just load-balancing, which, why not have an eBPF-based high-performance load balancer?Corey: Hang on, that's taking me a second to work my way through. What is the programming language for eBPF? It is something custom?Liz: Right. So, when you load your BPF program into the kernel, it's in the form of eBPF bytecode. There are people who write an eBPF bytecode by hand; I am not one of those people.Corey: There are people who used to be able to write Sendmail configs without running through the M four preprocessor, and I don't understand those people either.Liz: [laugh]. So, our choices are—well, it has to be a language that can be compiled into that bytecode, and at the moment, there are two options: C, and more recently, Rust. So, the C code, I'm much more familiar with writing BPF code in C, it's slightly limited. So, because these BPF programs have to be safe to run, they go through a verification process which checks that you're not going to crash the kernel, that you're not going to end up in some hardware loop, and basically make your machine completely unresponsive, we also have to know that BPF programs, you know, they'll only access memory that they're supposed to and that they can't mess up other processes. So, there's this BPF verification step that checks for example that you always check that a pointer isn't nil before you dereference it.And if you try and use a pointer in your C code, it might compile perfectly, but when you come to load it into the kernel, it gets rejected because you forgot to check that it was non-null before.Corey: You try and run it, the whole thing segfaults, you see the word ‘fault' there and well, I guess blameless just went out the window there.Liz: [laugh]. Well, this is the thing: You cannot segfault in the kernel, you know, or at least that's a bad [day 00:19:11]. [laugh].Corey: You say that, but I'm very bad with computers, let's be clear here. There's always a way to misuse things horribly enough.Liz: It's a challenge. It's pretty easy to segfault if you're writing a kernel module. But maybe we should put that out as a challenge for the listener, to try to write something that crashes the kernel from within an eBPF because there's a lot of very smart people.Corey: Right now the blood just drained from anyone who's listening, in the kernel space or the InfoSec space, I imagine.Liz: Exactly. Some of my colleagues at Isovalent are thinking, “Oh, no. What's she brought on here?” [laugh].Corey: What have you done? Please correct me if I'm misunderstanding this. So, eBPF is a very low-level tool that requires certain amounts of braining in order [laugh] to use appropriately. That can be a heavy lift for a lot of us who don't live in those spaces. Cilium distills this down into something that is all a lot more usable and understandable for folks, and then beyond that, you wind up with Isovalent, that winds up effectively productizing and packaging this into something that becomes a lot more closer to turnkey. Is that directionally accurate?Liz: Yes, I would say that's true. And there are also some other intermediate steps, like the CLI tools that Brendan Gregg did, where you can—I mean, a CLI is still fairly low-level, but it's not as low-level as writing the eBPF code yourself. And you can be quite in-dep—you know, if you know what things you want to observe in the kernel, you don't necessarily have to know how to write the eBPF code to do it, but if you've got these fairly low-level tools to do it. You're absolutely right that very few people will need to write their own… BPF code to run in the kernel.Corey: Let's move below the surface level of awareness; the same way that most of us don't need to know how to compile our own kernel in this day and age.Liz: Exactly.Corey: A few people very much do, but because of their hard work, the rest of us do not.Liz: Exactly. And for most of us, we just take the kernel for granted. You know, most people writing applications, it doesn't really matter if—they're just using abstractions that do things like open files for them, or create network connections, or write messages to the screen, you don't need to know exactly how that's accomplished through the kernel. Unless you want to get into the details of how to observe it with eBPF or something like that.Corey: I'm much happier not knowing some of the details. I did a deep dive once into Linux system kernel internals, based on an incredibly well-written but also obnoxiously slash suspiciously thick O'Reilly book, Linux Systems Internalsand it was one of those, like, halfway through, “Can I please be excused? My brain is full.” It's one of those things that I don't use most of it on a day-to-day basis, but it's solidified by understanding of what the computer is actually doing in a way that I will always be grateful for.Liz: Mmm, and there are tens of millions of lines of code in the Linux kernel, so anyone who can internalize any of that is basically a superhero. [laugh].Corey: I have nothing but respect for people who can pull that off.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.In your day job, quote-unquote—which is sort of a weird thing to say, given that you are working at an open-source company; in fact, you are the Chief Open Source Officer, so what you're doing in the community, what you're exploring on the open-source project side of things, it is all interrelated. I tend to have trouble myself figuring out where my job starts and stops most weeks; I'm sympathetic to it. What inspired you folks to launch a company that is, “Ah, we're going to be in the open-source space?” Especially during a time when there's been a lot of pushback, in some respects, about the evolution of open-source and the rise of large cloud providers, where is open-source a viable strategy or a tactic to get to an outcome that is pleasing for all parties?Liz: Mmm. So, I wasn't there at the beginning, for the Isovalent journey, and Cilium has been around for five or six years, now, at this point. I very strongly believe in open-source as an effective way of developing technology—good technology—and getting really good feedback and, kind of, optimizing the speed at which you can innovate. But I think it's very important that businesses don't think—if you're giving away your code, you cannot also sell your code; you have to have some other thing that adds value. Maybe that's some extra code, like in the Isovalent example, the enterprise-related enhancements that we have that aren't part of the open-source distribution.There's plenty of other ways that people can add value to open-source. They can do training, they can do managed services, there's all sorts of different—support was the classic example. But I think it's extremely important that businesses don't just expect that I can write a bunch of open-source code, and somehow magically, through building up a whole load of users, I will find a way to monetize that.Corey: A bunch of nerds will build my product for me on nights and weekends. Yeah, that's a bit of an outmoded way of thinking about these things.Liz: Yeah exactly. And I think it's not like everybody has perfect ability to predict the future and you might start a business—Corey: And I have a lot of sympathy for companies who originally started with the idea of, “Well, we are the project leads. We know this code the best, therefore we are the best people in the world to run this as a service.” The rise of the hyperscale cloud providers has called that into significant question. And I feel for them because it's difficult to completely pivot your business model when you're already a publicly-traded company. That's a very fraught and challenging thing to do. It means that you're left with a bunch of options, none of them great.Cilium as a project is not that old, neither is Isovalent, but it's new enough in the iterative process, that you were able to avoid that particular pitfall. Instead, you're looking at some level of making this understandable and useful to humans, almost the point where it disappears from their level of awareness that they need to think about. There's huge value in something like that. Do you think that there is a future in which projects and companies built upon projects that follow this model are similarly going to be having challenges with hyperscale cloud providers, or other emergent threats to the ecosystem—sorry, ‘threat' is an unfair and unkind word here—but changes to the ecosystem, as we see the world evolving in ways that most of us did not foresee?Liz: Yeah, we've certainly seen some examples in the last year or two, I guess, of companies that maybe didn't anticipate, and who necessarily has a crystal ball to anticipate how cloud providers might use their software? And I think in some cases, the cloud providers has not always been the most generous or most community-minded in their approach to how they've done that. But I think for a company, like Isovalent, our strong point is talent. It would be extremely rare to find the level of expertise in, you know, what is a pretty specialized area. You know, the people at Isovalent who are working on Cilium are also working on eBPF itself, and that level of expertise is, I think, pretty unrivaled.So, we're in such a new space with eBPF, we've only in the last year or so, got to the point where pretty much everyone is running a kernel that's new enough to use eBPF. Startups do have a kind of agility that I think gives them an advantage, which I hope we'll be able to capitalize on. I think sometimes when businesses get upset about their code being used, they probably could have anticipated it. You know, if it's open-source, people will use your software, and you have to think of that.Corey: “What do you mean you're using the thing we gave away for free and you're not paying us to use it?”Liz: Yeah.Corey: “Uh, did you hear what you just said?” Some of this was predictable, let's be fair.Liz: Yeah, and I think you really have to, as a responsible business, think about, well, what does happen if they use all the open-source code? You know, is that a problem? And as far as we're concerned, everybody using Cilium is a fantastic… thing. We fully welcome everyone using Cilium as their data plane because the vast majority of them would use that open-source code, and that would be great, but there will be people who need that extra features and the expertise that I think we're in a unique position to provide. So, I joined Isovalent just about a year ago, and I did that because I believe in the technology, I believe in the company, I believe in, you know, the foundations that it has in open-source.It's a very much an open-source first organization, which I love, and that resonates with me and how I think we can be successful. So, you know, I don't have that crystal ball. I hope I'm right, we'll find out. We should do this again, you know, a couple of years and see how that's panning out. [laugh].Corey: I'll book out the date now.Liz: [laugh].Corey: Looking back at our conversation just now, you talked about open-source, and business strategy and how that's going to be evolving. We talked about the company, we talked about an incredibly in-depth, technical product that honestly goes significantly beyond my current level of technical awareness. And at no point in any of those aspects of the conversation did you talk about it in a way that I did not understand, nor did you come off in any way as condescending. In fact, you wrote an O'Reilly book on Container Security that's written very much the same way. How did you learn to do that? Because it is, frankly, an incredibly rare skill.Liz: Oh, thank you. Yeah, I think I have never been a fan of jargon. I've never liked it when people use a complicated acronym, or really early days in my career, there was a bit of a running joke about how everything was TLAs. And you think, well, I understand why we use an acronym to shorten things, but I don't think we need to assume that everybody knows what everything stands for. Why can't we explain things in simple language? Why can't we just use ordinary terms?And I found that really resonates. You know, if I'm doing a presentation or if I'm writing something, using straightforward language and explaining things, making sure that people understand the, kind of, fundamentals that I'm going to build my explanation on. I just think that has a—it results in people understanding, and that's my whole point. I'm not trying to explain something to—you know, my goal is that they understand it, not that they've been blown away by some kind of magic. I want them to go away going, “Ah, now I understand how this bit fits with that bit,” or, “How this works.” You know?Corey: The reason I bring it up is that it's an incredibly undervalued skill because when people see it, they don't often recognize it for what it is. Because when people don't have that skill—which is common—people just write it off as oh, that person's a bad communicator. Which I think is a little unfair. Being able to explain complex things simply is one of the most valuable yet undervalued skills that I've found in this entire space.Liz: Yeah, I think people sometimes have this sort of wrong idea that vocabulary and complicated terms are somehow inherently smarter. And if you use complicated words, you sound smarter. And I just don't think that's accessible, and I don't think it's true. And sometimes I find myself listening to someone, and they're using complicated terms or analogies that are really obscure, and I'm thinking, but could you explain that to me in words of one syllable? I don't think you could. I think you're… hiding—not you [laugh]. You know, people—Corey: Yeah. No, no, that's fair. I'll take the accusation as [unintelligible 00:31:24] as I can get it.Liz: [laugh]. But I think people hide behind complex words because they don't really understand them sometimes. And yeah, I would rather people understood what I'm saying.Corey: To me—I've done it through conference talks, but the way I generally learn things is by building something with them. But the way I really learn to understand something is I give a conference talk on it because, okay, great. I can now explain Git—which was one of my early technical talks—to folks who built Git. Great. Now, how about I explain it to someone who is not immersed in the space whatsoever? And if I can make it that accessible, great, then I've succeeded. It's a lot harder than it looks.Liz: Yeah, exactly. And one of the reasons why I enjoy building a talk is because I know I've got a pretty good understanding of this, but by the time I've got this talk nailed, I will know this. I might have forgotten it in six months time, you know, but [laugh] while I'm giving that talk, I will have a really good understanding of that because the way I want to put together a talk, I don't want to put anything in a talk that I don't feel I could explain. And that means I have to understand how it works.Corey: It's funny, this whole don't give talks about things you don't understand seems like there's really a nouveau concept, but here we are, we're [working on it 00:32:40].Liz: I mean, I have committed to doing talks that I don't fully understand, knowing that—you know, with the confidence that I can find out between now and the [crosstalk 00:32:48]—Corey: I believe that's called a forcing function.Liz: Yes. [laugh].Corey: It's one of those very high-risk stories, like, “Either I'm going to learn this in the next three months, or else I am going to have some serious egg on my face.”Liz: Yeah, exactly, definitely a forcing function. [laugh].Corey: I really want to thank you for taking so much time to speak with me today. If people want to learn more, where can they find you?Liz: So, I am online pretty much everywhere as lizrice, and I am on Twitter. I'm on GitHub. And if you want to come and hang out, I am on the Cilium and eBPF Slack, and also the CNCF Slack. Yeah. So, come say hello.Corey: There. We will put links to all of that in the [show notes 00:33:28]. Thank you so much for your time. I appreciate it.Liz: Pleasure.Corey: Liz Rice, Chief Open Source Officer at Isovalent. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment containing an eBPF program that on every packet fires off a Lambda function. Yes, it will be extortionately expensive; almost half as much money as a Managed NAT Gateway.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Are You Getting Dragged Into Dealing With Cybersecurity? Craig Peterson: You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had already been involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. [00:00:39]What I did there was design for Unix systems a way to check for malware and manage them remotely. Yes, indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time. [00:01:05] I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not, a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got many older people who are listening saying, yeah, I remember that. It brings back memories. [00:01:32] In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a great little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. Timex made that. Suppose you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course, was like an 8080, which was Intel's big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress. [00:02:22]The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties. We had some terrible operating systems that many people were running like Windows, just absolutely horrific. [00:02:40] Remember windows three-point 11 and XP and millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code came out in one of the lawsuits for one of these versions of Windows. [00:02:55]It was a different world, and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties, and I hosted email for companies and websites and filtered things with some precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys, and suddenly, customers started calling me because the email wasn't working. It turned out it was working, but it was extremely slow, and I had to figure out why. [00:03:37]I telneted to my server. I got on, started poking around the servers. [00:03:43] I had a computer room and the first floor of the building I owned, and I was on the second floor. So off we go looking around, trying to figure out what is going on. It was me, actually. I said we, but it was really me. Cause I knew the most about this stuff. [00:03:59] These processes just continued to fork, and I was trying to figure out why it is creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten internet rules about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. [00:04:37]You send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today. [00:04:48]I saw some of this stuff going on. I was trying to figure out what it was, but we trusted everybody. So my mail server, which was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that. [00:05:04] Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't, then, what they are today. [00:05:29] In fact, one of our engineers just had to run out to a client who did something we told them not to do. They were using the SonicWall firewall on their network, as well as they had our stuff. So we had an excellent Cisco firepower firewall sitting there. So then they have this SonicWall so that they're people, remotely could connect to the SonicWall firewall because it's good enough. SonicWall says it's compliant. So the SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin. [00:06:08] So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's not been very good. [00:06:23]Boy, am I wandering all over the place? [00:06:24]Back to this, we would allow people to get onto our network to fix things. If something was wrong, if we were misconfigured, they could help us and get on and do it because the Sendmail configuration was not for the faint-hearted. [00:06:42]In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. [00:06:56]I was trying to run a business where we hosted email for companies, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth. [00:07:22]That's what I wanted to do. That was my business. [00:07:26] Later on, I ended up helping 80% of my clients find the other web hosts after these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working. He was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research, and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He hosted all of these 150 at a site that charges the eight to $10 a month for Webhosting.   [00:08:29] He had all of these sites on top of a server that already split up hundreds of ways. It's just amazing what people do. [00:08:38]Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get greedy, and see what happens to you. But, some of them still maintain a good relationship with us, so we help them out from time to time, right? [00:08:52] What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem. [00:09:01] What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That, to me, makes a ton of sense. Why not do that? [00:09:18]This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added this basic malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the most significant exploits used by the bad guys right now is the security team's poor relationship with other employees within the organization. [00:09:56]What's going on, and it goes back to this customer that we just had to run out to. [00:10:01] Why did they do what we told them not to do?

Welcome!  We have had a very busy week this week so this is a reply of the show aired the end of February.  I'll be back next week. It was also another busy week on the technology front and we are going to delve into what actually caused the energy problems in Texas.  There is a new type of malware that is affecting Macs and it is has a different MO.  Then we are going to discuss Apple and their ventures into automated electric cars and what we can expect. Why are states having issues making appointments for vaccines? In a word, it is bureaucratic incompetence. Then we have a new type of hack out there.  It is called Buy-to-Infect and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: This Basic Math Shows How Wind Energy Failures Contributed To Texas’s Deadly Power Loss An Insider Explains Why Texans Lost Their Power New malware found on 30,000 Macs has security pros stumped Report: Nissan shot down Apple deal to avoid becoming Foxconn of cars N.Y.’s Vaccine Websites Weren’t Working Apple is already working on developing 6G wireless technology Owner of an app that hijacked millions of devices with one update exposes the buy-to-infect scam Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. Hi everybody. Craig Peterson here. I'm so glad to be here. I'm happy you're here as well. There are so many ways to listen. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had been already involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. What I did there was design for Unix systems a way to check for malware, a way to manage them remotely. Yes indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.  I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got a lot of older people who are listening who are saying, yeah, I remember that. It brings back memories.  In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a cool little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. That was made by Timex. If you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course was like an 8080, which was Intel's, big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.  The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties and we had some terrible operating systems that many people were running like Windows, just absolutely horrific. Remember windows three-point 11 and XP and the millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code, it came out in one of the lawsuits, for one of these versions of Windows.  It was a different world and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties and I was hosting email for companies and websites and doing some filtering and things with some kind of precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys and all of a sudden customers started calling me because the email wasn't working.  It turned out it was working, but it was extremely slow and I had to figure out why.  I telneted to my server. I got on, started poking around the servers.  I had a computer room and the first floor of the building that I owned and I was up on the second floor. Off we go looking around trying to figure out what is going on. It was me actually. I said us, but it was really me. Cause I knew the most about this stuff.  There were these processes that just continued to fork and I was trying to figure out why is it creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten rules of the internet about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. You just send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.  I saw some of this stuff going on. I was trying to figure out what it was, but, we trusted everybody. So my mail server was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.  Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't then what they are today. In fact, one of our engineers just had to run out to a client who did something we told them not to do.  They were using the Sonic wall firewall on their network as well as they had our stuff. So we had a really good Cisco firepower firewall sitting there, and then they have this SonicWall so that they're people, remotely could connect to the Sonic wall firewall, because it's good enough. SonicWall says it's compliant. The SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.  So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's been really bad.  Boy, am I wandering all over the place?  Back to this, we would allow people to get onto our network to fix things.  If something was wrong, if we were misconfigured, they could help us and they could get on and do it because Sendmail configuration was not for the faint-hearted. In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. I was trying to run a business where we hosted email for businesses, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.  That's what I wanted to do. That was my business.  Later on, I ended up helping 80% of my clients find the other web hosts after, these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago, went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working he was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He was hosting all of these 150 at a site, the charges, the eight to $10 a month for web hosting.  He had all of these sites on top of a machine that was already split up hundreds of ways. It's just amazing what people do.  Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get cheap, and see what happens to you. Some of them, we still maintain a good relationship with and so we help them out from time to time, right?  What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.  What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That to me makes a ton of sense. Why not do that?  This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added in this basically malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the biggest exploits that are being used by the bad guys right now is the security team's poor relationship with other employees within the organization.  I promise we'll get to this a little bit more and explain the bottom line here. What's going on and it goes back to this customer that we just had to run out to.  Why did they do what we told them not to do?  Stick around. We're getting into the battle between cybersecurity senior officers in companies, owners, business owners, and the, even the employees. There has been such a battle going on.  I saw two examples this week. Hi, everybody, it's a difficult world out there, but I find some comfort in listening to, of course, news radio. It keeps me up to date on what's going on. It helps me to really understand the world a lot better.  I mentioned that one of my guys just had to run out to a client who did something we absolutely told them not to do. They had been using this company that was a break-fix shop, I guess is the way you would put it. They had a business that would respond to problems and they charge by the hour. I think right now their hourly rate is like 160 bucks or something. It is not cheap, but anyhow, That they would sell people equipment and then move on, right? Your problems aren't my problems. Just leave me alone, go away.  It's a beautiful model because their employees at this break-fix shop don't have to understand much. They just have to know more than you do as a customer.  There's one level of understanding that you have, and for someone to appear to be an expert, all they have to do is have slightly more understanding.  That has bothered me so many times listened to the radio and they talk about somebody that's just this great expert, in reality, of course, they are not. But you don't know. That person talking about the expert doesn't know either because they just don't have enough knowledge. Of course, the person that's labeled the expert isn't going to say anything about it.  They were doing what most companies do, which is okay. We know we need a firewall, so let's get a firewall. They went out and they talked to this company and they did their Google research because of course, Dr. Google is an expert on everything.  Even with those differing opinions, you're going to go with the opinion that you like the best.  That's what they did.  They bought a Sonic wall firewall from this vendor, which was a break-fix shop. Now that's all well, and good. The sonic wall is not terrible stuff. They've got some amazing stuff as well. The problem is this device has been out of support for more than two years now. Even though they're not as advanced as some of the systems we can install, not that we always use the most advanced systems. It's not a bad, a little thing for a small business. We warned them that because they were using an out-of-date firewall that they could not get fixes for known vulnerabilities. Now that's a big deal too. Most people are not aware of the vulnerabilities that are on their machines. Do you go out every month and check the firmware versions on your firewall? You should be, even if you're a home user. Are you checking to make sure the firewall that the cable company provided you with is up to date, configured correctly? You've changed the password and the admin username, right? No?  Most people haven't. He hadn't, right. He didn't know. We told them we did a little research and said here's your problem.  That's part of his cyber health assessment. We told them what kind of firewall do you have? What's the version of software on it and we do that. We have a bunch of people that have asked for cyber health assessments. We've got them on a list because we're busy. So we have to schedule these and make them happen.  So we said, do not plug that machine in. Of course, what do they do? They plugged it back in again. So now all of a sudden this morning, we get a wake-up call from our monitors that are running they're on their  Cisco firepower firewall, where we have their extensive suite of additional software. This isn't just an off-shelf, Cisco firewall.  It's telling us that the SonicWall or something through our, via the SonicWall. Is going through all this customer's network. It's actually attacking the Cisco firewall from inside the network. Absolutely amazing. Why does that happen? In this case, the business owner, and it is a  very small business. It has about 5 million in revenue per year, I would guess.  It's a small business by every stretch. The owner just doesn't want to spend the money he doesn't absolutely have to spend. He's not looking at this saying I could lose all my intellectual property. I could get sued by these people. I could lose my clients who find out that their data was released. Their orders were released. Everything was stolen.  He looks at it and says, Oh wow. It's 200 bucks a month. Wait a minute guy, you have how many employees? You're worried about 200 bucks a month. I personally, I don't understand that. Why would you do that?  Now, you're in a poor country. Okay. I get it right. That's a lot of money to spend, but not here in the United States. Doesn't make sense.  A lot of this is really the reason I brought it up. It's showing how there is a disconnect between business owners, C-level people, and cybersecurity people. Basically, if you have less than 200 employees, you cannot afford to have your own cybersecurity team. It's impossible. It's way too expensive.  Then the numbers start to change outsourced cybersecurity, which is what we do.  We do this for this customer and. The in-house cybersecurity people, but we all have the same basic problem. The owner has a problem too, right? He has to weigh the costs of cybersecurity against the risks involved, which is what Equifax did.  What so many of these big companies do, right? There's this, the norm Equifax said it's going to be way cheaper to just pay out $10 million in fines. When we get fined by the federal government for losing everyone in the country's personal financial information then it is to do this or we're not going to bother.  Man, I'd love to see the smoking gun email on that, where they made that final decision, probably doesn't exist. They're smart enough to know that they would get sued and they have been sued because of this.  We've got another problem right now because of people working from home. I mentioned, in fact, this week, you should have gotten an email from me on Thursday. That was a little audio thing that I put together. We call these things, audiograms, and it's a kind of a video that'll play.  This particular one is about part of this problem. We've talked extensively about that water plant in Florida, that was hacked for lack of a better term. It might've been an insider thing. It might've been someone external, et cetera, et cetera. The reason it happened is that business, the water plant for a town of 15,000 people, which would be in a normal world, a small business. That small government operation was all of a sudden faced with lockdowns. What do we do? They didn't have a plan. They didn't have a business continuity plan, which is so important. I talked about it extensively last week as well. They had no way to manage this. So what did they do? They went out and bought team viewer licenses for everybody in the business. That put, well not the business, in this case, the agency, that put the agency at risk. That is putting our businesses at risk too, in such a big way. That's what the audiogram I emailed out on Thursday explaining this a bit.  So stick around. We're going to continue this conversation.   Of course,  you're listening to Craig Peterson online@craigpeterson.com. We have people working from home. We didn't really plan for this. We're doing it because of the lockdown. Maybe, you found that it's actually better for your business, from whatever angle. What are the risks here of people taking computers home? Hello. Everybody Craig, Peterson here. So glad to be with you today. Glad you're taking a few minutes out of your day as well to listen in.  Now I am very concerned about people using computers that they're taking home. I want to make a definition. Maybe there's a better way of saying this, computers that are used at home, home computers should never be used for work.  I'm going to explain why. Computers that are at work probably should not be taken home. We saw the example of this, just this last couple of weeks.  I was talking about this wonderful plugin that I've been using and recommending people use here for a very long time, called the Great Suspender. We've talked at length really about what happened there with the company being bought and then becoming evil, right? Just buying their way into 2 million people's computers.  Sometimes these Chrome extensions that are installed on personal computers get automatically installed and synchronized to your work devices. In fact, that's the default. If you log into Chrome and you're using Google Chrome as your browser and you log into it on your home computer, and when you log into your same account over on your business computer. All of a sudden, now it's syncing. It's syncing things like passwords, which you should not be having Google store for you. You should definitely be using a good password manager and there are a few out there.  If you're not familiar with them or don't know which one to use or how to use them. I have a great little special report on passwords and using password managers. I'd be glad to send it to you. Just email me@craigpeterson.com and I'll send that on-off, right? I'm not making a dime off of that. I want to make you safer.  I don't want to have happened to you what's happened to millions of Americans, including my best buddy who had his information stolen. I've been after him to use password managers. He never did it. I don't know why. Until his paycheck got stolen. Then he came over and I explained it and set it up with them and really helped him out. Maybe we should do a whole webinar showing you how to use these password managers, how to get them set up because it is a little bit tricky. It's certainly different than you're used to. Many people are using their browser Chrome in this example, to save passwords. When you go to a website, you'll automatically have the password there. Maybe you've got it set up so that it'll automatically log you in with all kinds of cool stuff. But there is a very big problem and that is that there is a huge risk with running these extensions, like the Great Suspender. The Great Suspender was approved by Google. It was in the Google store. You could download it from their app store. Absolutely free.   In January of this year in 2021, we had someone out on Twitter, tweet that there was a problem with the security on the Great Suspender. It had been changed. It was being used now to send ads out and other things. That's pretty, pretty bad. The extension wasn't banned until about a month later and you as an end-user had no official notification that this extension was potentially malicious.  Apparently, they could, with this malicious software they embedded, not just show you ad, not just insert their own ads to generate revenue onto the webpage as you were visiting, they could also grab files from your machine. That's a very bad thing.  Now, presumably, if you're at work, you have a team that's helping you outright.  The IT security team, there may be different teams and maybe the same person who also is the office manager, who knows. It does vary. Businesses cannot know what you're doing when you're starting to install those extensions and they are pushing their way onto your office computer because you're using the same Google account in both places. Now, despite the risks, of course, I installed this Great Suspender used it for years and I was pretty happy using it. I know many other people who were in the same boat. Security teams have some great tools. I mentioned my son who's one of our team members got called out to a client. During the break, I was just chatting with him briefly. What had happened is they plugged in this firewall we told them not to plugin. It was apparently hacked from the outside. It had known security vulnerabilities. He had not, this small business owner had not yet paid for maintenance on his little firewall, so he was not getting security updates. In fact, my team member looked at this and found that it had been three years since the firmware on his firewall had been updated. The bad guys got into his network through this secondary firewall, which we told them not to have not to plugin. Our firewall only noticed it because this malware started scanning everything on the network. Of course, it scanned two of our machines, one being the firewall.  Remember this isn't a regular firewall that we put in there. This is a firepower firewall with a whole bunch of extra software on top of it.  In our data center, we have some huge machines that are sitting there watching what's going on remotely. On our client's networks via that firepower firewall.  We started getting all these notices as to what was going on, but this is a great example. We're not updating some of that software. He had a security team and he ignored the security team. We were the security team. We're outsourced cybersecurity that's what we do, but that happens many times.  Many business owners and others look at the cybersecurity situation as having many different shades of gray. What should you do? What shouldn't you do? The teams that are working in these businesses, including us. We have to tell them, Hey, don't use that firewall. Do not plug it in. You don't need it. If you plug it in, it's going to make it way easier for some of your people to work from home.  This is not set up correctly and you're going to have problems. That's a difficult conversation to have with a business owner. We had it and he ignored it much to his peril. In this case, this one is hard to tell how much data was stolen from his business. The impact from this could last for months, and there could be investigations who knows what's going to end up happening here. That business owner and I, because I spoke to him as well about this whole situation before this particular event happened just about two weeks ago. In fact, that was a reminder cause they had plugged it in again. Six months before that we had told the business owner, you can't plug this thing in, you cannot be using it.  How do you do that? How do you let an impacted employee, somebody who's working from home, maybe using their own computer to do work for the business? How can you approach them and tell them, Hey, you cannot use Google Chrome?  You cannot save your passwords on your browser. You cannot install extensions. Even if you had a list of extensions today that were bad, that list is going to be out of date tomorrow, which is going to be a very big problem. Individual users do not have the ability to check this. Frankly, most businesses don't either. Again, that's why a business under 200 employees cannot afford to do this yourself. You just can't. This is a specialty.  We were talking yesterday with a prospect who had been brought to us by a break-fix shop and trying to get this concept through. We're going to talk a little bit more about that. What should you be doing? How can you pay attention? How can you even be safe in this day and age?  Hi everybody. Craig Peterson here. We've been talking about supply chain problems. That's a technical term for it, but the software that we rely on becoming evil, and what can we really do about it? Hello, everybody. You're listening to Craig Peterson.  How do you talk to a business owner and help them understand? That's a problem. Isn't it? Look at what happened a few years back with TJX stores. Them as maybe TJ max, that's one of their stores. They have a number of others. Their cybersecurity guys did something I have seen done before. That is, they went to the management of this massive public company and said, Hey, TJX, we need to get this hardware. We need to get this staffing. The hardware course pretty expensive and it sits there and it does much the same stuff. Even back then. Nowhere as good as today. It's exponential, as to how much better it gets every year, but it was good hardware.  It really could have stopped the hack that happened and it did.  Here's what it did. It noticed the hack was going on. The problem was they were able to say yes to the hardware, the senior management said yes. They got the hardware, but senior management would not get the security technicians that were needed to monitor and run that hardware. They were short-staffed.  That's another problem we're seeing. That's why the companies you're dealing with, whether it's Equifax, with who you do not have a direct business relationship with, and yet have all this information about you and sell that. Or maybe it's just some other website. That's why they lose your data. It's a real bad idea. The bad guys are just waiting out there just siphon all of your data. In many cases, when you're talking about a business and a business website, or even your home computer, they're looking to redirect you to malicious websites. What they'll do is for instance, again, the Great Suspenders' an example, that they claim it's been fixed now. With something like an extension or a plugin that you put in your browser, they could rather easily code it up so that you are going to a website that's malicious. It could look like Bank of America's website and you go there and you enter in your information. You put in your username, you put in your password, it asks you a security question. Maybe maybe not, but your username and password. Then it says incorrect. Then your screen refreshes while your screen just refreshed because you were not at the Bank of America, originally. You were at a malicious website and you entered in your username and password. Now the bad guys have your username and password to your banking system, to your login, to your bank accounts. They got that. That's all they needed. They didn't want you to know that this was going on so they just went ahead and redirected you over to the real bank website. Hence, the supposed reload.  It's a very big weakness here in how IT and security teams operate because too few security teams really can relate with the CEO and vice versa.  I've seen that all of the time with people working for me in cybersecurity, you've got a really good idea of what needs to be done, how it needs to be done when it needs to be done. To you, it's the most important thing in the world, right? You don't want the business to go under, you're going to lose your job, maybe your pension retirement plan is tied to that business. You don't want it to happen, but have you got the trust built up with the senior management?  Then how about the other side of this relationship? How about if you're a cybersecurity person? Even if, again, you're not a professional, you're just the person tasked with it in the office or you're the person tasked with it at home. How do you go to the other employees and tell them you can't use your Google Chrome account here in the office? How are you going to enforce it? How are you going to tell your husband or wife, Hey, that's dangerous? I don't want you installing any of these extensions on your computer. One of the really bad things that people do with their browsers is they put on these real fancy little extensions that give all kinds of extra wonderful information. It ends up as a toolbar and it lets you do searches on this site or that site. Maybe it keeps you up to date on the stocks that you have in your portfolio. You're telling hackers what stocks you own, really? It might be legitimate, right. But who knows? That's the problem. Something like that can really mess you up and send you to malicious sites. You know that your spouse is using that or your kids are using that. How do you talk to them? How do you solve those problems? It's a real problem.  There are some interesting tools that you can use, as professionals. There's a Slack channel I can send you to, if you're interested, actually, it'll be in the newsletter that comes out on Sunday. At least it should be under one of those articles. It is a problem.  Netflix, by the way, is really trying to help you out too. Not only did the Netflix security team provide some feedback for what's called the honest security guide, but it's also made some of its user tools, the tools that you might use at your home to find a movie, et cetera, it might help really to secure you.  Git Hub has this. It is called, this is a Netflix skunkworks, the stethoscope app. It's a desktop application created by Netflix that checks security-related settings and makes recommendations for improving the configuration of your computer. It doesn't require central device management or reporting. You can have a look at that. If you are interested, let me know. I can probably point you in the right direction to the stethoscope app. That's what we want to see in this honest security guide. You'll find it online. At honest security is a guide to your devices, security, which in the biz we call endpoint security and it is cool. You can run through all of this list is a big checklist and talking about why honest, and they're saying dishonesty stops you from doing the right thing.  That's why in my courses, I spend a lot of time, more time in fact, on the why than the how.  I want you to understand honestly, why you should or should not do something. There are so many people who are out there yelling and screaming, jumping up and down. Particularly your antivirus companies. You fake VPN companies who are trying to get you to buy their products that not only do not need in most cases but will actually make your computer less secure.  So we have to be careful about all of this stuff. We have to make sure we are talking. We've got to have a trust relationship set up with the owners of our business. Cause you guys, some of you, I know own businesses, some of you work for a business. We've got people listening to this all over the world and every continent I've even seen a listener down in Antarctica.  I really can say every continent. It's important that we know how to work with our fellow employees, with our management, with our family members, to help them to know what they need to do.  There is no time to wait. We have never seen as many attacks as we're seeing now. We've never seen the government using its resources to attack us more than we have now. We've never seen more billions of dollars stolen per year by the bad guys. There are some basic tenants that you can follow that will make you way more secure. And that's why you're listening. That's why I go through some of these things to help everybody understand.  That's also why I go ahead and make sure that I answer your emails. If you have a question, make sure you go ahead and ask. You can just email me at me@craigpeterson.com. If it's something urgent, I have a form on the bottom of my homepage  @craigpeterson.com. You can give me a little bit more information. I tend to keep an eye on that a little bit better than my general email, although I do use some amazing email software that helps me to keep track of the real email and get rid of the spam and put things in boxes and stuff  craigpeterson.com. It's that simple email me me@craigpeterson.com. If you have questions.  I hope that Google is going to continue to improve itself. I love the fact that they found out that this one extension was malicious. For those of you who might've just tuned in, we're talking about something called the Great Suspender something I've used for years, it became malicious, but they need to do more.  As people who are concerned about security, we just can't wait for the next incident. Just again, this client of mine, who we've been warning about this for months, he's stopped doing what we told him to do, and then decided well it's just too difficult. That's something we hear a lot from businesses. Oh, it just hampers the work. It hampers it because now we have to get permission from it in order to mount this particular drive or gain access to those files or materials. Yes you do, because we have to stop the internal spread of all of this malware and all of these hackers.  It is absolutely worth it.  All right, everybody. Thanks again for joining me today. I really hope you've been enjoying this. I have years' worth of podcasts out there and you'll find all of those at craigpeterson.com/podcast or on your favorite podcast platform.  If you subscribed under iTunes, you might've noticed, ah, yeah, I just released a whole batch there too. I expressed concerns about owning an Apple watch. I held off for a long time. I want to talk about these devices now, the security concerns, but also the amazing health tools that are built right in. Hey, welcome back. This Apple watch is really fascinating. It has been around now for six generations. There are a number of other watches that have had, or tried, I should say, to compete with Apple. They haven't been very successful. You might've noticed that. I have a friend that bought some watches for his family and to him that monitor all of the basic vitals and record them and send them up to his phone. It's a 20-ish dollar watch. He got it from South Korea probably are parts made in China, but it is an inexpensive watch and it does some of the basics at the other end of the scale. Let's have a look right now. I'm going to go to apple.com online, and we're going to click on watch. Here we go, Oh, my they've got special watches so you can buy their watches. It looks like the new one, the Apple watch series six for starting at 400 bucks or they have two different sizes. . They have a more basic watch called the Apple Watch SE that starts at about $300. You can still get the Apple watch series three. Now, these all can monitor high and low heart rates. They can give you irregular heart rhythm notification, but it's only a-fib atrial fibrillation, I think is the only one they can monitor, but all three of those can monitor that. As I said, my buddy's watches, he got for his family at 20 bucks apiece are able to do most of that as well.  These are water-resistant to 50 meters, which is really cool. The series six also has an ECG app. That is very cool. You open the app, you put your finger on the crown of the watch and it gives you an EKG right there on the watch and it feeds it to your phone. On your phone, you can turn it into a PDF. You can share it with your doctor on and on. It's just amazing. It's a three-lead type, I was in emergency medicine, right? A med-tech EMT, EMT-PD can't remember. I had a whole bunch of different certifications back in the day. But it's fantastic for that. It also has a blood oxygen app that monitors your blood oxygen levels. It ties all of this into their new exercise app, which is amazing. That ties into your phone or your iPad.  I will go down in the basement onto the treadmill and I'll select your treadmill workout.  It has dozens of them. Have you seen this really fancy treadmill? A couple of years ago they got in all kinds of trouble because they advertised it around Christmas time and apparently this woman really wanted a treadmill and she got one and she was all excited. All of these people jumped out of the woodwork. All your you're saying she's fat, et cetera. No, she wanted a treadmill. These are amazing treadmills because they have built into them. These streams and you can join classes, et cetera. With the Apple Watch, my iPad, and a subscription to this iHealth app, which you can get as part of this Apple plus thing you can buy for 30 bucks for the whole family, 30 bucks a month.  I don't know how many I have seen probably a hundred different workouts on there.  It has different workouts, different types of weightlifting, running, jogging, treadmills, elliptical machines, everything.  You can pick your pace. You can pick your instructor, you can pick everything. Then your Apple watch is monitoring your body. As you're working out. So it's telling you how many calories you've burned. What's your heart rate is to help keep your heart rate in the best range for you, depending on what kind of a workout you're doing. It also lets you compete against other people. Does this sound like an ad for the Apple watch?  You can compete with other people your age doing the same workout and see where you're at. I was really surprised because typically I am at the front of the pack when it comes to my treadmill workouts. That's really cool as well. Those are some of the basics. There are other things too, that Apple is doing. We've found, right now, that Mount Sinai just came out with an announcement and they said that the Apple watch can predict COVID 19 diagnosis up to a week before testing can detect it. Yes. Isn't that something? Not only can the Apple watch help with certain heart arrhythmias, but it can predict that you have COVID-19 too a week before testing normal testing. Those swabs can find it out.  This is from the journal of medical internet research, which is a peered review journal. And they found that wearable hardware and specifically the Apple watch can effectively predict a positive COVID-19 diagnosis up to a week before the current PCR-based nasal swab tests. They called this the warrior watch study. They had a dedicated Apple watch and the iPhone app, and they had some participants from the Mount Sinai staff and it required, of course, these staff members to use the app to turn on the health and data monitoring and collection, and also asked them to fill out a survey every day to provide some feedback about their potential COVID-19 symptoms. As well as other things like stress can obviously make your heart rate, go up your blood pressure, go up, et cetera. Oh. By the way, Apple, supposedly the rumors are, we'll have a BP sensor in the Apple seven that'll be out later this year, most likely.  So they had several hundred healthcare workers and the primary biometric signal. I know that the studies authors were watching was heart rate variability. This is fascinating to me because it's something that I learned about fairly recently. Then when I got my Apple watch, I read up more about this, but basically, heart rate variability is what it sounds like. It's your heart rate. Let's say your heart is beating at 60 beats per minute. It is not beating once every 10 seconds.  It is not beating once a second. Your heart rate will vary over the course of that minute. If you're healthy.  Obviously, a beat every 10 seconds isn't 60 a minute. Let's use that as an example. Somebody who's almost dead and has six beats per minute. The first heartbeat might be at 10 seconds. The second heartbeat might be at 22 seconds because your heart is supposed to vary its rate of contractions based on immediate feedback. It's not just that you're going out in your running and now you've driven up your heart rate and you're doing your cardio and it or you just walked up a flight of stairs or you stood up, which is another test, by the way, what we're talking about here. You might just be sitting there, but your cells have a different need for oxygen or for the blood. The heart slows down slightly or speeds up slightly.  This heart rate variability is something built into the Apple watch and into the iPhone app that you attach to the Apple watch. Isn't that useful without an iPhone, frankly? Then you can look at your heart rate variability right there.  They said, combining that with the symptoms that people reported, these Mount Sinai staff, that the symptoms that they reported that were associated with COVID-19 including fever, aches, dry cough, gastrointestinal issues, loss of taste and smell corresponded with changes in the heart rate variability. I thought that was just absolutely phenomenal because heart rate variability is considered to be a key indicator of strain on your nervous system. COVID-19 obviously is going to put a strain on the nervous system. Just very neat.  It says here that the study was not only able to predict infections up to a week before tests provided confirmed diagnosis but also revealed that participants' heart rate variability patterns normalized fairly quickly after their diagnosis or turning to normal run about one to two weeks following their positive tests. That's from a TechCrunch, that particular quote.   I am very excited about this, but I am also on the concerned side. I'm concerned because they are collecting vital data from us. All of the major companies, Google and Microsoft and Apple want to be the company that holds all of your personal medical records. We're going to get back to that when we come back here. What is happening? How is your doctor managing your medical records? I was really shocked to find out how that industry is working.  Of course, you're listening to Craig Peterson. Check it out online. Craig peterson.com. Welcome back. What are you doing? Are you asking your doctor how they are handling your medical records? Because I think you probably should based on what I learned just this week. Hi everybody. Craig Peterson here. Thanks for joining me.  We were just talking about health. We're talking about the Apple watch and the fact that there's a lot of competitors out there, some of them, a fraction of the cost. If you buy the Apple watch on terms, you're going to pay less in one month's payment on terms to Apple than you would for some of these other watches out there, but Apple watches do have more features.  Mine even has a built-in cellular modem. Even if I don't have my phone with me, phone calls come through to my watch and text messages, and I can respond and answer. It's really nice. Medically I am very impressed. It has been good at motivating me to do some exercise, to get up, and about just to do a bunch of things I had never, ever done before. Consider that.  It is collecting our data. Apple now has potential access to all of my cardiac data. They've got EKGs that I have run on my watch. They know about my heart rate. They know how often I exercise, and how hard I exercise when I exercise. They know all of this stuff about me. I had a conversation with someone just saying why does that matter? Maybe it's Apple, maybe it's somebody else. Why does it matter?  It does matter. Think about an evil genius, right? The thing about somebody that might want to target Americans and might want medical information about Americans. They can gather it in a number of different ways. We're going to talk about medical records here in a little bit. One of the things they could certainly do is grab all of our watch data. Some of these watches, including my Apple watch, have GPS built into them. When you're out running or jogging, you know where you went, you can plan your route and it'll remind you, Hey, turn here, turn there. That's one of the things I love about the Apple Watch when I'm using it with Apple maps out driving, it taps me on the wrist and reminds me, Hey, in 500 feet, you got to turn.  If I look at the watch, it'll even show me the turn I need to make coming up in 500 feet. It's really amazing. All of this information is being compiled and hopefully, it's being compiled by a company that we can trust. At this point, we can probably trust Apple. Hopefully, they're not going to be broken into. Now, their margins or profit is high enough that they certainly can afford a security team, one capable of defending them and defending our data. I hope they are. I suspect that they are for the most part. How about some of these others? We know Google, for instance, is in the business of collecting and selling our information, is having all of our medical information. Not just the stuff from our watches, but the stuff from our doctors. Are they to be trusted with that kind of information? Going back to that bad guy, that mad scientist we can, and probably do engineer viruses that are targeted at specific things. In fact, the Russians have been doing it. The Soviets' started it, they came up with a phage. That can attack certain viruses and it acts like a virus it gets in and does this little thing. We've got right now, these COVID-19 vaccines and they act like a virus they're messing with, well effectively, the DNA. In fact, it's the RNA, but it's pretending, Hey, I got a message from the DNA, here it is.  What if a bad guy knew that are a certain population in a certain area, and that area was right by this important military base or whatever they came up with something that would target them and they'd have all of the data to do it now. That's obviously an extreme example. A more common example would be that your medical data is there. It's being sold to advertisers and you're going to end up with something.  For instance, there's a company, very big company out there and they sell baby products. What they did was they tracked and they bought this information, but they tracked women who were purchasing certain things. Now, they weren't purchasing things that were directly related to having a baby, right? They weren't purchasing diapers or little jumpsuits or whatever it is. They were purchasing things that were not directly related maybe people wouldn't even think they were typically related to having a baby. Yet they were able to figure this out. They got that good with the data.  So they thought, Oh, okay let's get wise here. Let's send out a postcard, congratulating them on their pregnancy and offering them a discount on something. Yeah. Not a bad idea, frankly.  However, in this case, some of these moms I hadn't told anybody that they were pregnant yet and didn't want to tell anybody that they were pregnant yet. It fell on its face. Didn't it?  How about these ambulance-chasing lawyers that are out there? Are they going to want to gain access to this, to your medical records?  How about your employer? Your employer wants to know I'm going to train this person. Hopefully, they'll stick with us for a while, but is he going to be a burden on our medical plan? Keyman insurance, health insurance, life insurance. Have access to everything about you. That's what really concerns me about these, all of these devices.  Right now, pretty confident that I can give Apple this information and they will keep it pretty safe. But, I said the same thing about the Great Suspender, right? I don't know about the future.  Then I found something out this week that was in my mind extremely disturbing. We have a new clinic that we've picked up as a client. They needed to have security. They had a couple of little security issues. They were worried. They knew they were not HIPAA compliant. They approached us because they know that's what we do is cybersecurity and audits and remediation. Fixing the problems. We pick them up. They're a client. We're in there. They had told us in advance that all of their medical record systems were on-line. It was on the web. All they needed was a web browser to run their business. Okay. That could be a problem. It might be okay. The medical records manufacturer might have good security on all of the records. So we may be safe, although in HIPAA unless you have a business process agreement in place with that vendor if that data is lost, it falls back on the doctor's shoulders. Anyhow, what I found out was, first of all, it wasn't completely web-based, which just shocked me. I'm not talking about they have to scan records or they got the x-ray machine or whatever. It really wasn't web-based and secondarily the company they were using for the medical records was a free service.  The doctor, that clinic, was not paying for their medical records management software.  The way it works is this medical records management company when the doctor prescribes something when the doctor performs a procedure and bills and insurance company, it's all done through this one company and that company takes a chunk of their money. In some cases we found seems to have been inflating the bills that went off to the insurance companies and that, as it turns out is a common practice in the industry. According to the doctors at this clinic, I was shocked, amazed.  Something you might want to look at. Ask your doctors where are your records kept and are they secure? Now we had HIPAA. We thought that would secure it, but it doesn't.  Stick around. Hey, we got a name now for what happened to the Great Suspender and QR code scanner apps over on the Google stores. One at Google Play, the other one over on the Google Chrome store. It's become that popular. Hey, everybody, I wanted to mention this whole new category of malware really, and they're calling it, right now, Buy to infect. What happens is a bad guy, a malware guy buys a legitimate app and then starts infecting it.  We know, obviously, about the one that I've been talking about a lot the Google extension that I used to use all of the time, the Great Suspender. I mentioned this one a few weeks ago, it's called QR code scanner. It's been on the Google play store for a long time, had more than 10 million installs and then all of a sudden it became malicious.  This is a little bit of a different angle on it because, with the Great Suspender, the ownership of that software actually transferred to somebody. With QR code scanner, they were working on a deal with a company and this company wanted to verify the Google play account for QR code scanner. This is all according to the owner, the original owner of QR code scanner.  They said that what had happened is part of this purchase deal. I let them have a look and gain access to the software's key and password prior to purchase so they could confirm the purchase, which doesn't sound too bad. Apparently, as soon as they got a hold of the software's key and password, forget about the purchase, we're going to start infecting it right away.  It ended up getting that app, the QR code scanner app, pulled right from the Google play score store. Of course, now you don't need that quite as much because most of the phone apps when you go to take a picture, the camera apps have built into them, a QR code scanner.  I thought that was fascinating what they did. They totally cheated the company. They didn't even bother buying it. So a little word for the wise out there.  Got another Apple story cause this is showing how the computer industry is really shifting. We've talked about some of the shortages of chips and the shortages of computer chips are so bad that General Motors has had to shut down two-thirds of its manufacturing lines in at least one plant.  Every major automobile manufacturer is having problems making cars because they can't get the chips.  Remember nowadays, a car, a truck is essentially just a computer on wheels. Not really actually computer on wheels. It's really dozens of computers all linked together with a network on wheels.  Apple has been worried about that, right? Supply chain. That's one of the things you're supposed to worry about as a public company. What are the risks going forward including to my supply chain? Obviously your supply chain matters. You gotta be able to make something you need parts, right?  Apple has been upset with Intel for a while. You might remember Apple. When it first came out, was using a Motorola chipset, which was exceptional much better than the Intel chipsets.  Of course, that's my opinion, a lot of people agree with me. You had the 68000, 68010, and 20, et cetera. Very good chips.  When Apple started getting into the laptop business, that's when the problems started to happen.  These Motorola chips gave off a lot of heat and used up a lot of electricity.  At the time Apple looked around and said our only real alternative right now is Intel. Intel has a whole line of chips, different speeds, and they have mobile chips.  Those mobile chips use much less power than the Motorola chips for the main CPU.  They also use less battery. Those two go hand in hand and generate less heat. That's it all goes hand in hand. So they said, we'll start working with Intel. They did. Intel really disappointed them more than once, which is a shame. They disappointed them with the 64-bit migration. AMD, advanced micro devices, beat Intel to the punch. Shockingly Intel started making AMD compatible CPUs right. The 64-bit extensions to the CPU were AMD extensions. They had problems with some of their other chips as well. Mobile chips getting the power usage under control, the heat dissipation problems under control, and they never really lived up to what Apple was hoping for. What everybody in the industry was hoping for. In many ways, Intel has been a huge disappointment, which is really a shame.  We'll look at what they did to the industry, with these predictive instructions, the hyper-threading, and stuff. Where bad guys were able to bring a computer to its knees.  What does Intel say? Here's a firmware patch you can apply to our CPU, those little CPUs you pay upwards of $2,000 for a piece for one chip.  Those CPU's and by the way, it's going to, cut its performance by a minimum of 20%, maybe 50%, that's okay. What are you kidding me?  A lot of people were upset with Intel and Apple and Microsoft and everybody released patches that use the new Intel microcode. You might've noticed when this happened a couple of years ago that your computer slowed down. I certainly noticed, actually, it was little more than a year, anyway, I noticed it because I own a data center. That has a lot of Intel chips in it where we're running mostly Unixes, Linux, and BSD, but we're also running Windows. So the only way to work around this bug was to apply the patch and slow everything way, way down.  Imagine how Apple and Google felt with their huge data centers. IBM too. IBM has Intel-based data centers, as well as its own chips, and boy talking about phenomenal chips, as far as processing power goes, IBM, man, they are still the leader with the power chips and their Z series. That just wow. Mind-blowing.  Most of us are stuck in the Intel world. Apple said we can no longer trust Intel. So what are we going to do? Apple said we've been developing this chip for a long time. Apple took the chip design, they licensed it from this open sourcee type of company that has a number of members. They took this arm architecture and were able to improve it, and keep adding to it, et cetera.  They're still part of this Alliance. They started using these in their iPhones. The iPhones have been using these chips the whole time and they started improving them after they released the first iPhones.  Intel didn't really get them upset until a little later on, too. They came up with newer ones, faster ones, better ones, right to all of these A10 their bionic chips. They've got AI chips, machine learning chips, all Apple designed. Chips, of course, manufactured by third parties, but that's what Apple is using.  Apple has now said we expect all of their Macintosh computers to be based on Apple's CPU within the next two years.  There's already some really good ones out there right now that people like a lot. We've been using them with some of our clients that use Apple. Not everybody has had great luck with them, but Apple is not only ditching Intel, that's not the big story here. Apple's got some job listings out there looking to hire engineers.  So when we get back, we'll tell you more about what Apple is doing and what frankly, I think the rest of the industry should look at. Guess what? They are. It's been Intel versus the rest of the world. They've been winning for years in many categories, but now they're starting to lose, as major manufacturers are starting to leave Intel behind. But there's more to the story still. Hi, everybody.. Craig Peterson here. Thanks for tuning in. We're glad you're here.  In the last segment of the day, I want to point everybody to the website, of course. You can get my newsletter. It comes out every Sunday morning and it highlights one of the articles of the week. It gives you a pointer to my podcast. So you can listen right there. There's just a lot of great information. Plus I'm also doing little training. I'm sending out, hopefully, next week, two little training sessions for everybody to help you understand security a little better, and this applies to business. However, it's not. Strictly business, much of what I talk about is also for home users. So if you want to go along for the ride, come along, we'd be glad to have you. There's a lot to understand and to know that you won't get from anywhere else. It's just amazing. Many other of these radio shows where they are just nothing but fluff and commercials and paid promotions. I'm just shocked at it. It goes against my grain when that sort of thing happens. Absolutely.  We were just talking about Apple and how Apple got upset with Intel, but they're not the only ones upset. We also now have seen a lot of manufacturers who have started producing Chromebooks and surface tablets that are based on chip sets other than Intel's. This is going to be a real problem for Intel. Intel has almost always relied, certainly in the later years has relied on Microsoft and people bought Intel because they wanted Windows. That's the way that goes. It's just like in the early days, people bought an Apple too, because they wanted a great little VisiCalc, the spreadsheet program.  Now, what we're seeing are operating systems that do not require a single line of Microsoft software. Google Chrome is a great example of it. Linux is another great example and people are loving their Google Chrome laptops, and you can buy these laptops for as little as 200 bucks. Now you get what you pay for and all the way up to a couple of grand and they don't have a line single line of Microsoft code. Yet you can still edit Word documents and Excel documents, et cetera. They do not contain any Intel hardware. What was called, well, they might have a chip here or there, but not the main CPU. What used to be called the Wintel monopoly. In other words, Windows-Intel monopoly is dying. It's dying very quickly.  Apple is not helping now. Apple, they've had somewhere between seven and 10% market share in the computer business for quite a while. Personally, I far prefer Apple Macintoshes over anything else out there by far.  I use them every day. So that's me.  I don't know about you. There's a little bit of a learning curve. Although people who aren't that computer literate find it easier to learn how to use a Mac than to learn how to use Windows, which makes sense.  Apple has really done a great job. A bang-up job. With these new chips, it's getting even faster. We are now finding out from a report from Bloomberg who first started these, that Apple has been posting job listings, looking for engineers to work on 6G technology. 6G, right now we're rolling out 5g, which hasn't been a huge win because of the fact that if you want really fast 5g, like the type Verizon provides, you have to have a lot of micro-cell sites everywhere. They have to be absolutely everywhere.  Of course, it's just not financially reasonable to put them up in smaller communities. If the Biden administration continues the way they're going with the FCC and the open internet type thing of a-bits-a-bit, then there will be no incentive for any of these carriers to expand their networks because they can't charge more for better service. If you can imagine that. Ajit Pai fought against that for many years, Trump's appointee as chairman to the FCC, but things are changing. The wind has changed down in Washington, so we'll lose some of those jobs and we're not going to get all of the benefits of 5g. If he keeps us up. 6G is coming.   What that means is Qualcomm, who is the manufacturer of record for most of the modems that are in our cell phones. Qualcomm has also missed some deadlines. Apple is tired of dependencies on third parties because Qualcomm might have somebody else that buys way more chips. It might be able to sell the same chip to the military of whatever country for a much, much higher price. They can sell it to consumers. Maybe they just change the label on it and call it a mill spec, and often goes right, who knows? What they're doing out there, but Apple doesn't want to do that anymore. They are looking for engineers to define and perform the research for the next generation standards of wireless communications, such as 6G The ads say you will research and design next-generation 6G wireless communication systems for radio access networks with emphasis on the physical Mac L two and L three layers. Fascinating, eh? What do you think?  I think a huge deal as Apple continues to ditch, many of its vendors that have not been living up to the standards Apple has set.  Apple has moved some of the manufacturing back to the United States. More of the assembly has been moved here. The manufacturing, it's starting to come back again. We'll see the Trump administration really wanted it here.  We need it here, not just for jobs, we needed it here for our security. We've talked about that before, too, right? I want to also point out speaking of Apple and manufacturing, China, of course, does most of it for Apple and Foxconn is the company in China that makes almost all of this stuff for Apple. It's huge. Foxconn owns cities. Huge cities. They have high rises where people basically don't see the light of day, these high rise factories. You live there, you eat there, you shop there, you work there.  Like the old company store who is it, Tennessee Ernie, right? Owe my soul to the company store. That's what's happening over there. And Foxconn has kept its costs low by bringing people in from the fields, if you will, out there being farmers and paying them extremely low wages. On top of all of that, in some cases they're using slave labor. I found this article very interesting, from Ars Technica's, Timothy B. Lee. He's talking about a potential partnership between Apple and Nissan. Let me remember. I mentioned Apple talking with Kia and Kia is denying it. The financial times reported on Sunday that this potential deal between Apple and Nissan fell apart because Apple wanted Nissan to build Apple cars, they would have the Apple logo on them. They all be branded Apple. It wouldn't say Nissan unless you took something seriously apart you might find it inside.  Nissan wanted to keep the Nissan brand on its own vehicles. Bloomberg reported last week that the negotiations with Kia and of course its parent companies Huyndaiin South Korea had ended without a deal. The Financial Times said that Apple has also sounded out BMW as a potential partner because Apple doesn't make cars. So how are they going to do this? Apparently the talks faltered with Apple and Nissan because Nissan had a fear and apparently this is true of Kia too, of becoming quote the Foxconn of the auto industry, unquote, which is a reference to this Chinese well it's Taiwanese technically, but a group that manufacturers are while actually assembles the iPhones. Fascinating. Isn't it fascinating.  When you start to dig into this self-driving technology and the numbers behind it, that's where you wonder, why is Apple even trying at this point, Apple's test vehicles only traveled 18,000 miles on California roads. Between 2019 and 2020, or over the course of about a year, late in both years. 18,000 miles in a year.

Welcome!   It was also another busy week on the technology front and we are going to delve into what actually caused the energy problems in Texas.  There is a new type of malware that is affecting Macs and it is has a different MO.  Then we are going to discuss Apple and their ventures into automated electric cars and what we can expect. Why are states having issues making appointments for vaccines? In a word, it is bureaucratic incompetence. Then we have a new type of hack out there.  It is called Buy-to-Infect and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: This Basic Math Shows How Wind Energy Failures Contributed To Texas’s Deadly Power Loss An Insider Explains Why Texans Lost Their Power New malware found on 30,000 Macs has security pros stumped Report: Nissan shot down Apple deal to avoid becoming Foxconn of cars N.Y.’s Vaccine Websites Weren’t Working Apple is already working on developing 6G wireless technology Owner of an app that hijacked millions of devices with one update exposes the buy-to-infect scam Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. Hi everybody. Craig Peterson here. I'm so glad to be here. I'm happy your here as well. There are so many ways to listen. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had been already involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. What I did there was design for Unix systems a way to check for malware, a way to manage them remotely. Yes indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.  I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got a lot of older people who are listening who are saying, yeah, I remember that. It brings back memories.  In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a cool little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. That was made by Timex. If you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course was like an 8080, which was Intel's, big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.  The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties and we had some terrible operating systems that many people were running like Windows, just absolutely horrific. Remember windows three-point 11 and XP and the millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code, it came out in one of the lawsuits, for one of these versions of Windows.  It was a different world and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties and I was hosting email for companies and websites and doing some filtering and things with some kind of precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys and all of a sudden customers started calling me because the email wasn't working.  It turned out it was working, but it was extremely slow and I had to figure out why.  I telneted to my server. I got on, started poking around the servers.  I had a computer room and the first floor of the building that I owned and I was up on the second floor. Off we go looking around trying to figure out what is going on. It was me actually. I said us, but it was really me. Cause I knew the most about this stuff.  There were these processes that just continued to fork and I was trying to figure out why is it creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten rules of the internet about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. You just send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.  I saw some of this stuff going on. I was trying to figure out what it was, but, we trusted everybody. So my mail server was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.  Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't then what they are today. In fact, one of our engineers just had to run out to a client who did something we told them not to do.  They were using the Sonic wall firewall on their network as well as they had our stuff. So we had a really good Cisco firepower firewall sitting there, and then they have this SonicWall so that they're people, remotely could connect to the Sonic wall firewall, because it's good enough. SonicWall says it's compliant. The SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.  So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's been really bad.  Boy, am I wandering all over the place?  Back to this, we would allow people to get onto our network to fix things.  If something was wrong, if we were misconfigured, they could help us and they could get on and do it because Sendmail configuration was not for the faint-hearted. In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. I was trying to run a business where we hosted email for businesses, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.  That's what I wanted to do. That was my business.  Later on, I ended up helping 80% of my clients find the other web hosts after, these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago, went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working he was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He was hosting all of these 150 at a site, the charges, the eight to $10 a month for web hosting.  He had all of these sites on top of a machine that was already split up hundreds of ways. It's just amazing what people do.  Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get cheap, and see what happens to you. Some of them, we still maintain a good relationship with and so we help them out from time to time, right?  What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.  What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That to me makes a ton of sense. Why not do that?  This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added in this basically malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the biggest exploits that are being used by the bad guys right now is the security team's poor relationship with other employees within the organization.  I promise we'll get to this a little bit more and explain the bottom line here. What's going on and it goes back to this customer that we just had to run out to.  Why did they do what we told them not to do?  Stick around. We're getting into the battle between cybersecurity senior officers in companies, owners, business owners, and the, even the employees. There has been such a battle going on.  I saw two examples this week. Hi, everybody, it's a difficult world out there, but I find some comfort in listening to, of course, news radio. It keeps me up to date on what's going on. It helps me to really understand the world a lot better.  I mentioned that one of my guys just had to run out to a client who did something we absolutely told them not to do. They had been using this company that was a break-fix shop, I guess is the way you would put it. They had a business that would respond to problems and they charge by the hour. I think right now their hourly rate is like 160 bucks or something. It is not cheap, but anyhow, That they would sell people equipment and then move on, right? Your problems aren't my problems. Just leave me alone, go away.  It's a beautiful model because their employees at this break-fix shop don't have to understand much. They just have to know more than you do as a customer.  There's one level of understanding that you have, and for someone to appear to be an expert, all they have to do is have slightly more understanding.  That has bothered me so many times listened to the radio and they talk about somebody that's just this great expert, in reality, of course, they are not. But you don't know. That person talking about the expert doesn't know either because they just don't have enough knowledge. Of course, the person that's labeled the expert isn't going to say anything about it.  They were doing what most companies do, which is okay. We know we need a firewall, so let's get a firewall. They went out and they talked to this company and they did their Google research because of course, Dr. Google is an expert on everything.  Even with those differing opinions, you're going to go with the opinion that you like the best.  That's what they did.  They bought a Sonic wall firewall from this vendor, which was a break-fix shop. Now that's all well, and good. The sonic wall is not terrible stuff. They've got some amazing stuff as well. The problem is this device has been out of support for more than two years now. Even though they're not as advanced as some of the systems we can install, not that we always use the most advanced systems. It's not a bad, a little thing for a small business. We warned them that because they were using an out-of-date firewall that they could not get fixes for known vulnerabilities. Now that's a big deal too. Most people are not aware of the vulnerabilities that are on their machines. Do you go out every month and check the firmware versions on your firewall? You should be, even if you're a home user. Are you checking to make sure the firewall that the cable company provided you with is up to date, configured correctly? You've changed the password and the admin username, right? No?  Most people haven't. He hadn't, right. He didn't know. We told them we did a little research and said here's your problem.  That's part of his cyber health assessment. We told them what kind of firewall do you have? What's the version of software on it and we do that. We have a bunch of people that have asked for cyber health assessments. We've got them on a list because we're busy. So we have to schedule these and make them happen.  So we said, do not plug that machine in. Of course, what do they do? They plugged it back in again. So now all of a sudden this morning, we get a wake-up call from our monitors that are running they're on their  Cisco firepower firewall, where we have their extensive suite of additional software. This isn't just an off-shelf, Cisco firewall.  It's telling us that the SonicWall or something through our, via the SonicWall. Is going through all this customer's network. It's actually attacking the Cisco firewall from inside the network. Absolutely amazing. Why does that happen? In this case, the business owner, and it is a  very small business. It has about 5 million in revenue per year, I would guess.  It's a small business by every stretch. The owner just doesn't want to spend the money he doesn't absolutely have to spend. He's not looking at this saying I could lose all my intellectual property. I could get sued by these people. I could lose my clients who find out that their data was released. Their orders were released. Everything was stolen.  He looks at it and says, Oh wow. It's 200 bucks a month. Wait a minute guy, you have how many employees? You're worried about 200 bucks a month. I personally, I don't understand that. Why would you do that?  Now, you're in a poor country. Okay. I get it right. That's a lot of money to spend, but not here in the United States. Doesn't make sense.  A lot of this is really the reason I brought it up. It's showing how there is a disconnect between business owners, C-level people, and cybersecurity people. Basically, if you have less than 200 employees, you cannot afford to have your own cybersecurity team. It's impossible. It's way too expensive.  Then the numbers start to change outsourced cybersecurity, which is what we do.  We do this for this customer and. The in-house cybersecurity people, but we all have the same basic problem. The owner has a problem too, right? He has to weigh the costs of cybersecurity against the risks involved, which is what Equifax did.  What so many of these big companies do, right? There's this, the norm Equifax said it's going to be way cheaper to just pay out $10 million in fines. When we get fined by the federal government for losing everyone in the country's personal financial information then it is to do this or we're not going to bother.  Man, I'd love to see the smoking gun email on that, where they made that final decision, probably doesn't exist. They're smart enough to know that they would get sued and they have been sued because of this.  We've got another problem right now because of people working from home. I mentioned, in fact, this week, you should have gotten an email from me on Thursday. That was a little audio thing that I put together. We call these things, audiograms, and it's a kind of a video that'll play.  This particular one is about part of this problem. We've talked extensively about that water plant in Florida, that was hacked for lack of a better term. It might've been an insider thing. It might've been someone external, et cetera, et cetera. The reason it happened is that business, the water plant for a town of 15,000 people, which would be in a normal world, a small business. That small government operation was all of a sudden faced with lockdowns. What do we do? They didn't have a plan. They didn't have a business continuity plan, which is so important. I talked about it extensively last week as well. They had no way to manage this. So what did they do? They went out and bought team viewer licenses for everybody in the business. That put, well not the business, in this case, the agency, that put the agency at risk. That is putting our businesses at risk too, in such a big way. That's what the audiogram I emailed out on Thursday explaining this a bit.  So stick around. We're going to continue this conversation.   Of course,  you're listening to Craig Peterson online@craigpeterson.com. We have people working from home. We didn't really plan for this. We're doing it because of the lockdown. Maybe, you found that it's actually better for your business, from whatever angle. What are the risks here of people taking computers home? Hello. Everybody Craig, Peterson here. So glad to be with you today. Glad you're taking a few minutes out of your day as well to listen in.  Now I am very concerned about people using computers that they're taking home. I want to make a definition. Maybe there's a better way of saying this, computers that are used at home, home computers should never be used for work.  I'm going to explain why. Computers that are at work probably should not be taken home. We saw the example of this, just this last couple of weeks.  I was talking about this wonderful plugin that I've been using and recommending people use here for a very long time, called the Great Suspender. We've talked at length really about what happened there with the company being bought and then becoming evil, right? Just buying their way into 2 million people's computers.  Sometimes these Chrome extensions that are installed on personal computers get automatically installed and synchronized to your work devices. In fact, that's the default. If you log into Chrome and you're using Google Chrome as your browser and you log into it on your home computer, and when you log into your same account over on your business computer. All of a sudden, now it's syncing. It's syncing things like passwords, which you should not be having Google store for you. You should definitely be using a good password manager and there are a few out there.  If you're not familiar with them or don't know which one to use or how to use them. I have a great little special report on passwords and using password managers. I'd be glad to send it to you. Just email me@craigpeterson.com and I'll send that on-off, right? I'm not making a dime off of that. I want to make you safer.  I don't want to have happened to you what's happened to millions of Americans, including my best buddy who had his information stolen. I've been after him to use password managers. He never did it. I don't know why. Until his paycheck got stolen. Then he came over and I explained it and set it up with them and really helped him out. Maybe we should do a whole webinar showing you how to use these password managers, how to get them set up because it is a little bit tricky. It's certainly different than you're used to. Many people are using their browser Chrome in this example, to save passwords. When you go to a website, you'll automatically have the password there. Maybe you've got it set up so that it'll automatically log you in with all kinds of cool stuff. But there is a very big problem and that is that there is a huge risk with running these extensions, like the Great Suspender. The Great Suspender was approved by Google. It was in the Google store. You could download it from their app store. Absolutely free.   In January of this year in 2021, we had someone out on Twitter, tweet that there was a problem with the security on the Great Suspender. It had been changed. It was being used now to send ads out and other things. That's pretty, pretty bad. The extension wasn't banned until about a month later and you as an end-user had no official notification that this extension was potentially malicious.  Apparently, they could, with this malicious software they embedded, not just show you ad, not just insert their own ads to generate revenue onto the webpage as you were visiting, they could also grab files from your machine. That's a very bad thing.  Now, presumably, if you're at work, you have a team that's helping you outright.  The IT security team, there may be different teams and maybe the same person who also is the office manager, who knows. It does vary. Businesses cannot know what you're doing when you're starting to install those extensions and they are pushing their way onto your office computer because you're using the same Google account in both places. Now, despite the risks, of course, I installed this Great Suspender used it for years and I was pretty happy using it. I know many other people who were in the same boat. Security teams have some great tools. I mentioned my son who's one of our team members got called out to a client. During the break, I was just chatting with him briefly. What had happened is they plugged in this firewall we told them not to plugin. It was apparently hacked from the outside. It had known security vulnerabilities. He had not, this small business owner had not yet paid for maintenance on his little firewall, so he was not getting security updates. In fact, my team member looked at this and found that it had been three years since the firmware on his firewall had been updated. The bad guys got into his network through this secondary firewall, which we told them not to have not to plugin. Our firewall only noticed it because this malware started scanning everything on the network. Of course, it scanned two of our machines, one being the firewall.  Remember this isn't a regular firewall that we put in there. This is a firepower firewall with a whole bunch of extra software on top of it.  In our data center, we have some huge machines that are sitting there watching what's going on remotely. On our client's networks via that firepower firewall.  We started getting all these notices as to what was going on, but this is a great example. We're not updating some of that software. He had a security team and he ignored the security team. We were the security team. We're outsourced cybersecurity that's what we do, but that happens many times.  Many business owners and others look at the cybersecurity situation as having many different shades of gray. What should you do? What shouldn't you do? The teams that are working in these businesses, including us. We have to tell them, Hey, don't use that firewall. Do not plug it in. You don't need it. If you plug it in, it's going to make it way easier for some of your people to work from home.  This is not set up correctly and you're going to have problems. That's a difficult conversation to have with a business owner. We had it and he ignored it much to his peril. In this case, this one is hard to tell how much data was stolen from his business. The impact from this could last for months, and there could be investigations who knows what's going to end up happening here. That business owner and I, because I spoke to him as well about this whole situation before this particular event happened just about two weeks ago. In fact, that was a reminder cause they had plugged it in again. Six months before that we had told the business owner, you can't plug this thing in, you cannot be using it.  How do you do that? How do you let an impacted employee, somebody who's working from home, maybe using their own computer to do work for the business? How can you approach them and tell them, Hey, you cannot use Google Chrome?  You cannot save your passwords on your browser. You cannot install extensions. Even if you had a list of extensions today that were bad, that list is going to be out of date tomorrow, which is going to be a very big problem. Individual users do not have the ability to check this. Frankly, most businesses don't either. Again, that's why a business under 200 employees cannot afford to do this yourself. You just can't. This is a specialty.  We were talking yesterday with a prospect who had been brought to us by a break-fix shop and trying to get this concept through. We're going to talk a little bit more about that. What should you be doing? How can you pay attention? How can you even be safe in this day and age?  Hi everybody. Craig Peterson here. We've been talking about supply chain problems. That's a technical term for it, but the software that we rely on becoming evil, and what can we really do about it? Hello, everybody. You're listening to Craig Peterson.  How do you talk to a business owner and help them understand? That's a problem. Isn't it? Look at what happened a few years back with TJX stores. Them as maybe TJ max, that's one of their stores. They have a number of others. Their cybersecurity guys did something I have seen done before. That is, they went to the management of this massive public company and said, Hey, TJX, we need to get this hardware. We need to get this staffing. The hardware course pretty expensive and it sits there and it does much the same stuff. Even back then. Nowhere as good as today. It's exponential, as to how much better it gets every year, but it was good hardware.  It really could have stopped the hack that happened and it did.  Here's what it did. It noticed the hack was going on. The problem was they were able to say yes to the hardware, the senior management said yes. They got the hardware, but senior management would not get the security technicians that were needed to monitor and run that hardware. They were short-staffed.  That's another problem we're seeing. That's why the companies you're dealing with, whether it's Equifax, with who you do not have a direct business relationship with, and yet have all this information about you and sell that. Or maybe it's just some other website. That's why they lose your data. It's a real bad idea. The bad guys are just waiting out there just siphon all of your data. In many cases, when you're talking about a business and a business website, or even your home computer, they're looking to redirect you to malicious websites. What they'll do is for instance, again, the Great Suspenders' an example, that they claim it's been fixed now. With something like an extension or a plugin that you put in your browser, they could rather easily code it up so that you are going to a website that's malicious. It could look like Bank of America's website and you go there and you enter in your information. You put in your username, you put in your password, it asks you a security question. Maybe maybe not, but your username and password. Then it says incorrect. Then your screen refreshes while your screen just refreshed because you were not at the Bank of America, originally. You were at a malicious website and you entered in your username and password. Now the bad guys have your username and password to your banking system, to your login, to your bank accounts. They got that. That's all they needed. They didn't want you to know that this was going on so they just went ahead and redirected you over to the real bank website. Hence, the supposed reload.  It's a very big weakness here in how IT and security teams operate because too few security teams really can relate with the CEO and vice versa.  I've seen that all of the time with people working for me in cybersecurity, you've got a really good idea of what needs to be done, how it needs to be done when it needs to be done. To you, it's the most important thing in the world, right? You don't want the business to go under, you're going to lose your job, maybe your pension retirement plan is tied to that business. You don't want it to happen, but have you got the trust built up with the senior management?  Then how about the other side of this relationship? How about if you're a cybersecurity person? Even if, again, you're not a professional, you're just the person tasked with it in the office or you're the person tasked with it at home. How do you go to the other employees and tell them you can't use your Google Chrome account here in the office? How are you going to enforce it? How are you going to tell your husband or wife, Hey, that's dangerous? I don't want you installing any of these extensions on your computer. One of the really bad things that people do with their browsers is they put on these real fancy little extensions that give all kinds of extra wonderful information. It ends up as a toolbar and it lets you do searches on this site or that site. Maybe it keeps you up to date on the stocks that you have in your portfolio. You're telling hackers what stocks you own, really? It might be legitimate, right. But who knows? That's the problem. Something like that can really mess you up and send you to malicious sites. You know that your spouse is using that or your kids are using that. How do you talk to them? How do you solve those problems? It's a real problem.  There are some interesting tools that you can use, as professionals. There's a Slack channel I can send you to, if you're interested, actually, it'll be in the newsletter that comes out on Sunday. At least it should be under one of those articles. It is a problem.  Netflix, by the way, is really trying to help you out too. Not only did the Netflix security team provide some feedback for what's called the honest security guide, but it's also made some of its user tools, the tools that you might use at your home to find a movie, et cetera, it might help really to secure you.  Git Hub has this. It is called, this is a Netflix skunkworks, the stethoscope app. It's a desktop application created by Netflix that checks security-related settings and makes recommendations for improving the configuration of your computer. It doesn't require central device management or reporting. You can have a look at that. If you are interested, let me know. I can probably point you in the right direction to the stethoscope app. That's what we want to see in this honest security guide. You'll find it online. At honest security is a guide to your devices, security, which in the biz we call endpoint security and it is cool. You can run through all of this list is a big checklist and talking about why honest, and they're saying dishonesty stops you from doing the right thing.  That's why in my courses, I spend a lot of time, more time in fact, on the why than the how.  I want you to understand honestly, why you should or should not do something. There are so many people who are out there yelling and screaming, jumping up and down. Particularly your antivirus companies. You fake VPN companies who are trying to get you to buy their products that not only do not need in most cases but will actually make your computer less secure.  So we have to be careful about all of this stuff. We have to make sure we are talking. We've got to have a trust relationship set up with the owners of our business. Cause you guys, some of you, I know own businesses, some of you work for a business. We've got people listening to this all over the world and every continent I've even seen a listener down in Antarctica.  I really can say every continent. It's important that we know how to work with our fellow employees, with our management, with our family members, to help them to know what they need to do.  There is no time to wait. We have never seen as many attacks as we're seeing now. We've never seen the government using its resources to attack us more than we have now. We've never seen more billions of dollars stolen per year by the bad guys. There are some basic tenants that you can follow that will make you way more secure. And that's why you're listening. That's why I go through some of these things to help everybody understand.  That's also why I go ahead and make sure that I answer your emails. If you have a question, make sure you go ahead and ask. You can just email me at me@craigpeterson.com. If it's something urgent, I have a form on the bottom of my homepage  @craigpeterson.com. You can give me a little bit more information. I tend to keep an eye on that a little bit better than my general email, although I do use some amazing email software that helps me to keep track of the real email and get rid of the spam and put things in boxes and stuff  craigpeterson.com. It's that simple email me me@craigpeterson.com. If you have questions.  I hope that Google is going to continue to improve itself. I love the fact that they found out that this one extension was malicious. For those of you who might've just tuned in, we're talking about something called the Great Suspender something I've used for years, it became malicious, but they need to do more.  As people who are concerned about security, we just can't wait for the next incident. Just again, this client of mine, who we've been warning about this for months, he's stopped doing what we told him to do, and then decided well it's just too difficult. That's something we hear a lot from businesses. Oh, it just hampers the work. It hampers it because now we have to get permission from it in order to mount this particular drive or gain access to those files or materials. Yes you do, because we have to stop the internal spread of all of this malware and all of these hackers.  It is absolutely worth it.  All right, everybody. Thanks again for joining me today. I really hope you've been enjoying this. I have years' worth of podcasts out there and you'll find all of those at craigpeterson.com/podcast or on your favorite podcast platform.  If you subscribed under iTunes, you might've noticed, ah, yeah, I just released a whole batch there too. I expressed concerns about owning an Apple watch. I held off for a long time. I want to talk about these devices now, the security concerns, but also the amazing health tools that are built right in. Hey, welcome back. This Apple watch is really fascinating. It has been around now for six generations. There are a number of other watches that have had, or tried, I should say, to compete with Apple. They haven't been very successful. You might've noticed that. I have a friend that bought some watches for his family and to him that monitor all of the basic vitals and record them and send them up to his phone. It's a 20-ish dollar watch. He got it from South Korea probably are parts made in China, but it is an inexpensive watch and it does some of the basics at the other end of the scale. Let's have a look right now. I'm going to go to apple.com online, and we're going to click on watch. Here we go, Oh, my they've got special watches so you can buy their watches. It looks like the new one, the Apple watch series six for starting at 400 bucks or they have two different sizes. . They have a more basic watch called the Apple Watch SE that starts at about $300. You can still get the Apple watch series three. Now, these all can monitor high and low heart rates. They can give you irregular heart rhythm notification, but it's only a-fib atrial fibrillation, I think is the only one they can monitor, but all three of those can monitor that. As I said, my buddy's watches, he got for his family at 20 bucks apiece are able to do most of that as well.  These are water-resistant to 50 meters, which is really cool. The series six also has an ECG app. That is very cool. You open the app, you put your finger on the crown of the watch and it gives you an EKG right there on the watch and it feeds it to your phone. On your phone, you can turn it into a PDF. You can share it with your doctor on and on. It's just amazing. It's a three-lead type, I was in emergency medicine, right? A med-tech EMT, EMT-PD can't remember. I had a whole bunch of different certifications back in the day. But it's fantastic for that. It also has a blood oxygen app that monitors your blood oxygen levels. It ties all of this into their new exercise app, which is amazing. That ties into your phone or your iPad.  I will go down in the basement onto the treadmill and I'll select your treadmill workout.  It has dozens of them. Have you seen this really fancy treadmill? A couple of years ago they got in all kinds of trouble because they advertised it around Christmas time and apparently this woman really wanted a treadmill and she got one and she was all excited. All of these people jumped out of the woodwork. All your you're saying she's fat, et cetera. No, she wanted a treadmill. These are amazing treadmills because they have built into them. These streams and you can join classes, et cetera. With the Apple Watch, my iPad, and a subscription to this iHealth app, which you can get as part of this Apple plus thing you can buy for 30 bucks for the whole family, 30 bucks a month.  I don't know how many I have seen probably a hundred different workouts on there.  It has different workouts, different types of weightlifting, running, jogging, treadmills, elliptical machines, everything.  You can pick your pace. You can pick your instructor, you can pick everything. Then your Apple watch is monitoring your body. As you're working out. So it's telling you how many calories you've burned. What's your heart rate is to help keep your heart rate in the best range for you, depending on what kind of a workout you're doing. It also lets you compete against other people. Does this sound like an ad for the Apple watch?  You can compete with other people your age doing the same workout and see where you're at. I was really surprised because typically I am at the front of the pack when it comes to my treadmill workouts. That's really cool as well. Those are some of the basics. There are other things too, that Apple is doing. We've found, right now, that Mount Sinai just came out with an announcement and they said that the Apple watch can predict COVID 19 diagnosis up to a week before testing can detect it. Yes. Isn't that something? Not only can the Apple watch help with certain heart arrhythmias, but it can predict that you have COVID-19 too a week before testing normal testing. Those swabs can find it out.  This is from the journal of medical internet research, which is a peered review journal. And they found that wearable hardware and specifically the Apple watch can effectively predict a positive COVID-19 diagnosis up to a week before the current PCR-based nasal swab tests. They called this the warrior watch study. They had a dedicated Apple watch and the iPhone app, and they had some participants from the Mount Sinai staff and it required, of course, these staff members to use the app to turn on the health and data monitoring and collection, and also asked them to fill out a survey every day to provide some feedback about their potential COVID-19 symptoms. As well as other things like stress can obviously make your heart rate, go up your blood pressure, go up, et cetera. Oh. By the way, Apple, supposedly the rumors are, we'll have a BP sensor in the Apple seven that'll be out later this year, most likely.  So they had several hundred healthcare workers and the primary biometric signal. I know that the studies authors were watching was heart rate variability. This is fascinating to me because it's something that I learned about fairly recently. Then when I got my Apple watch, I read up more about this, but basically, heart rate variability is what it sounds like. It's your heart rate. Let's say your heart is beating at 60 beats per minute. It is not beating once every 10 seconds.  It is not beating once a second. Your heart rate will vary over the course of that minute. If you're healthy.  Obviously, a beat every 10 seconds isn't 60 a minute. Let's use that as an example. Somebody who's almost dead and has six beats per minute. The first heartbeat might be at 10 seconds. The second heartbeat might be at 22 seconds because your heart is supposed to vary its rate of contractions based on immediate feedback. It's not just that you're going out in your running and now you've driven up your heart rate and you're doing your cardio and it or you just walked up a flight of stairs or you stood up, which is another test, by the way, what we're talking about here. You might just be sitting there, but your cells have a different need for oxygen or for the blood. The heart slows down slightly or speeds up slightly.  This heart rate variability is something built into the Apple watch and into the iPhone app that you attach to the Apple watch. Isn't that useful without an iPhone, frankly? Then you can look at your heart rate variability right there.  They said, combining that with the symptoms that people reported, these Mount Sinai staff, that the symptoms that they reported that were associated with COVID-19 including fever, aches, dry cough, gastrointestinal issues, loss of taste and smell corresponded with changes in the heart rate variability. I thought that was just absolutely phenomenal because heart rate variability is considered to be a key indicator of strain on your nervous system. COVID-19 obviously is going to put a strain on the nervous system. Just very neat.  It says here that the study was not only able to predict infections up to a week before tests provided confirmed diagnosis but also revealed that participants' heart rate variability patterns normalized fairly quickly after their diagnosis or turning to normal run about one to two weeks following their positive tests. That's from a TechCrunch, that particular quote.   I am very excited about this, but I am also on the concerned side. I'm concerned because they are collecting vital data from us. All of the major companies, Google and Microsoft and Apple want to be the company that holds all of your personal medical records. We're going to get back to that when we come back here. What is happening? How is your doctor managing your medical records? I was really shocked to find out how that industry is working.  Of course, you're listening to Craig Peterson. Check it out online. Craig peterson.com. Welcome back. What are you doing? Are you asking your doctor how they are handling your medical records? Because I think you probably should based on what I learned just this week. Hi everybody. Craig Peterson here. Thanks for joining me.  We were just talking about health. We're talking about the Apple watch and the fact that there's a lot of competitors out there, some of them, a fraction of the cost. If you buy the Apple watch on terms, you're going to pay less in one month's payment on terms to Apple than you would for some of these other watches out there, but Apple watches do have more features.  Mine even has a built-in cellular modem. Even if I don't have my phone with me, phone calls come through to my watch and text messages, and I can respond and answer. It's really nice. Medically I am very impressed. It has been good at motivating me to do some exercise, to get up, and about just to do a bunch of things I had never, ever done before. Consider that.  It is collecting our data. Apple now has potential access to all of my cardiac data. They've got EKGs that I have run on my watch. They know about my heart rate. They know how often I exercise, and how hard I exercise when I exercise. They know all of this stuff about me. I had a conversation with someone just saying why does that matter? Maybe it's Apple, maybe it's somebody else. Why does it matter?  It does matter. Think about an evil genius, right? The thing about somebody that might want to target Americans and might want medical information about Americans. They can gather it in a number of different ways. We're going to talk about medical records here in a little bit. One of the things they could certainly do is grab all of our watch data. Some of these watches, including my Apple watch, have GPS built into them. When you're out running or jogging, you know where you went, you can plan your route and it'll remind you, Hey, turn here, turn there. That's one of the things I love about the Apple Watch when I'm using it with Apple maps out driving, it taps me on the wrist and reminds me, Hey, in 500 feet, you got to turn.  If I look at the watch, it'll even show me the turn I need to make coming up in 500 feet. It's really amazing. All of this information is being compiled and hopefully, it's being compiled by a company that we can trust. At this point, we can probably trust Apple. Hopefully, they're not going to be broken into. Now, their margins or profit is high enough that they certainly can afford a security team, one capable of defending them and defending our data. I hope they are. I suspect that they are for the most part. How about some of these others? We know Google, for instance, is in the business of collecting and selling our information, is having all of our medical information. Not just the stuff from our watches, but the stuff from our doctors. Are they to be trusted with that kind of information? Going back to that bad guy, that mad scientist we can, and probably do engineer viruses that are targeted at specific things. In fact, the Russians have been doing it. The Soviets' started it, they came up with a phage. That can attack certain viruses and it acts like a virus it gets in and does this little thing. We've got right now, these COVID-19 vaccines and they act like a virus they're messing with, well effectively, the DNA. In fact, it's the RNA, but it's pretending, Hey, I got a message from the DNA, here it is.  What if a bad guy knew that are a certain population in a certain area, and that area was right by this important military base or whatever they came up with something that would target them and they'd have all of the data to do it now. That's obviously an extreme example. A more common example would be that your medical data is there. It's being sold to advertisers and you're going to end up with something.  For instance, there's a company, very big company out there and they sell baby products. What they did was they tracked and they bought this information, but they tracked women who were purchasing certain things. Now, they weren't purchasing things that were directly related to having a baby, right? They weren't purchasing diapers or little jumpsuits or whatever it is. They were purchasing things that were not directly related maybe people wouldn't even think they were typically related to having a baby. Yet they were able to figure this out. They got that good with the data.  So they thought, Oh, okay let's get wise here. Let's send out a postcard, congratulating them on their pregnancy and offering them a discount on something. Yeah. Not a bad idea, frankly.  However, in this case, some of these moms I hadn't told anybody that they were pregnant yet and didn't want to tell anybody that they were pregnant yet. It fell on its face. Didn't it?  How about these ambulance-chasing lawyers that are out there? Are they going to want to gain access to this, to your medical records?  How about your employer? Your employer wants to know I'm going to train this person. Hopefully, they'll stick with us for a while, but is he going to be a burden on our medical plan? Keyman insurance, health insurance, life insurance. Have access to everything about you. That's what really concerns me about these, all of these devices.  Right now, pretty confident that I can give Apple this information and they will keep it pretty safe. But, I said the same thing about the Great Suspender, right? I don't know about the future.  Then I found something out this week that was in my mind extremely disturbing. We have a new clinic that we've picked up as a client. They needed to have security. They had a couple of little security issues. They were worried. They knew they were not HIPAA compliant. They approached us because they know that's what we do is cybersecurity and audits and remediation. Fixing the problems. We pick them up. They're a client. We're in there. They had told us in advance that all of their medical record systems were on-line. It was on the web. All they needed was a web browser to run their business. Okay. That could be a problem. It might be okay. The medical records manufacturer might have good security on all of the records. So we may be safe, although in HIPAA unless you have a business process agreement in place with that vendor if that data is lost, it falls back on the doctor's shoulders. Anyhow, what I found out was, first of all, it wasn't completely web-based, which just shocked me. I'm not talking about they have to scan records or they got the x-ray machine or whatever. It really wasn't web-based and secondarily the company they were using for the medical records was a free service.  The doctor, that clinic, was not paying for their medical records management software.  The way it works is this medical records management company when the doctor prescribes something when the doctor performs a procedure and bills and insurance company, it's all done through this one company and that company takes a chunk of their money. In some cases we found seems to have been inflating the bills that went off to the insurance companies and that, as it turns out is a common practice in the industry. According to the doctors at this clinic, I was shocked, amazed.  Something you might want to look at. Ask your doctors where are your records kept and are they secure? Now we had HIPAA. We thought that would secure it, but it doesn't.  Stick around. Hey, we got a name now for what happened to the Great Suspender and QR code scanner apps over on the Google stores. One at Google Play, the other one over on the Google Chrome store. It's become that popular. Hey, everybody, I wanted to mention this whole new category of malware really, and they're calling it, right now, Buy to infect. What happens is a bad guy, a malware guy buys a legitimate app and then starts infecting it.  We know, obviously, about the one that I've been talking about a lot the Google extension that I used to use all of the time, the Great Suspender. I mentioned this one a few weeks ago, it's called QR code scanner. It's been on the Google play store for a long time, had more than 10 million installs and then all of a sudden it became malicious.  This is a little bit of a different angle on it because, with the Great Suspender, the ownership of that software actually transferred to somebody. With QR code scanner, they were working on a deal with a company and this company wanted to verify the Google play account for QR code scanner. This is all according to the owner, the original owner of QR code scanner.  They said that what had happened is part of this purchase deal. I let them have a look and gain access to the software's key and password prior to purchase so they could confirm the purchase, which doesn't sound too bad. Apparently, as soon as they got a hold of the software's key and password, forget about the purchase, we're going to start infecting it right away.  It ended up getting that app, the QR code scanner app, pulled right from the Google play score store. Of course, now you don't need that quite as much because most of the phone apps when you go to take a picture, the camera apps have built into them, a QR code scanner.  I thought that was fascinating what they did. They totally cheated the company. They didn't even bother buying it. So a little word for the wise out there.  Got another Apple story cause this is showing how the computer industry is really shifting. We've talked about some of the shortages of chips and the shortages of computer chips are so bad that General Motors has had to shut down two-thirds of its manufacturing lines in at least one plant.  Every major automobile manufacturer is having problems making cars because they can't get the chips.  Remember nowadays, a car, a truck is essentially just a computer on wheels. Not really actually computer on wheels. It's really dozens of computers all linked together with a network on wheels.  Apple has been worried about that, right? Supply chain. That's one of the things you're supposed to worry about as a public company. What are the risks going forward including to my supply chain? Obviously your supply chain matters. You gotta be able to make something you need parts, right?  Apple has been upset with Intel for a while. You might remember Apple. When it first came out, was using a Motorola chipset, which was exceptional much better than the Intel chipsets.  Of course, that's my opinion, a lot of people agree with me. You had the 68000, 68010, and 20, et cetera. Very good chips.  When Apple started getting into the laptop business, that's when the problems started to happen.  These Motorola chips gave off a lot of heat and used up a lot of electricity.  At the time Apple looked around and said our only real alternative right now is Intel. Intel has a whole line of chips, different speeds, and they have mobile chips.  Those mobile chips use much less power than the Motorola chips for the main CPU.  They also use less battery. Those two go hand in hand and generate less heat. That's it all goes hand in hand. So they said, we'll start working with Intel. They did. Intel really disappointed them more than once, which is a shame. They disappointed them with the 64-bit migration. AMD, advanced micro devices, beat Intel to the punch. Shockingly Intel started making AMD compatible CPUs right. The 64-bit extensions to the CPU were AMD extensions. They had problems with some of their other chips as well. Mobile chips getting the power usage under control, the heat dissipation problems under control, and they never really lived up to what Apple was hoping for. What everybody in the industry was hoping for. In many ways, Intel has been a huge disappointment, which is really a shame.  We'll look at what they did to the industry, with these predictive instructions, the hyper-threading, and stuff. Where bad guys were able to bring a computer to its knees.  What does Intel say? Here's a firmware patch you can apply to our CPU, those little CPUs you pay upwards of $2,000 for a piece for one chip.  Those CPU's and by the way, it's going to, cut its performance by a minimum of 20%, maybe 50%, that's okay. What are you kidding me?  A lot of people were upset with Intel and Apple and Microsoft and everybody released patches that use the new Intel microcode. You might've noticed when this happened a couple of years ago that your computer slowed down. I certainly noticed, actually, it was little more than a year, anyway, I noticed it because I own a data center. That has a lot of Intel chips in it where we're running mostly Unixes, Linux, and BSD, but we're also running Windows. So the only way to work around this bug was to apply the patch and slow everything way, way down.  Imagine how Apple and Google felt with their huge data centers. IBM too. IBM has Intel-based data centers, as well as its own chips, and boy talking about phenomenal chips, as far as processing power goes, IBM, man, they are still the leader with the power chips and their Z series. That just wow. Mind-blowing.  Most of us are stuck in the Intel world. Apple said we can no longer trust Intel. So what are we going to do? Apple said we've been developing this chip for a long time. Apple took the chip design, they licensed it from this open sourcee type of company that has a number of members. They took this arm architecture and were able to improve it, and keep adding to it, et cetera.  They're still part of this Alliance. They started using these in their iPhones. The iPhones have been using these chips the whole time and they started improving them after they released the first iPhones.  Intel didn't really get them upset until a little later on, too. They came up with newer ones, faster ones, better ones, right to all of these A10 their bionic chips. They've got AI chips, machine learning chips, all Apple designed. Chips, of course, manufactured by third parties, but that's what Apple is using.  Apple has now said we expect all of their Macintosh computers to be based on Apple's CPU within the next two years.  There's already some really good ones out there right now that people like a lot. We've been using them with some of our clients that use Apple. Not everybody has had great luck with them, but Apple is not only ditching Intel, that's not the big story here. Apple's got some job listings out there looking to hire engineers.  So when we get back, we'll tell you more about what Apple is doing and what frankly, I think the rest of the industry should look at. Guess what? They are. It's been Intel versus the rest of the world. They've been winning for years in many categories, but now they're starting to lose, as major manufacturers are starting to leave Intel behind. But there's more to the story still. Hi, everybody.. Craig Peterson here. Thanks for tuning in. We're glad you're here.  In the last segment of the day, I want to point everybody to the website, of course. You can get my newsletter. It comes out every Sunday morning and it highlights one of the articles of the week. It gives you a pointer to my podcast. So you can listen right there. There's just a lot of great information. Plus I'm also doing little training. I'm sending out, hopefully, next week, two little training sessions for everybody to help you understand security a little better, and this applies to business. However, it's not. Strictly business, much of what I talk about is also for home users. So if you want to go along for the ride, come along, we'd be glad to have you. There's a lot to understand and to know that you won't get from anywhere else. It's just amazing. Many other of these radio shows where they are just nothing but fluff and commercials and paid promotions. I'm just shocked at it. It goes against my grain when that sort of thing happens. Absolutely.  We were just talking about Apple and how Apple got upset with Intel, but they're not the only ones upset. We also now have seen a lot of manufacturers who have started producing Chromebooks and surface tablets that are based on chip sets other than Intel's. This is going to be a real problem for Intel. Intel has almost always relied, certainly in the later years has relied on Microsoft and people bought Intel because they wanted Windows. That's the way that goes. It's just like in the early days, people bought an Apple too, because they wanted a great little VisiCalc, the spreadsheet program.  Now, what we're seeing are operating systems that do not require a single line of Microsoft software. Google Chrome is a great example of it. Linux is another great example and people are loving their Google Chrome laptops, and you can buy these laptops for as little as 200 bucks. Now you get what you pay for and all the way up to a couple of grand and they don't have a line single line of Microsoft code. Yet you can still edit Word documents and Excel documents, et cetera. They do not contain any Intel hardware. What was called, well, they might have a chip here or there, but not the main CPU. What used to be called the Wintel monopoly. In other words, Windows-Intel monopoly is dying. It's dying very quickly.  Apple is not helping now. Apple, they've had somewhere between seven and 10% market share in the computer business for quite a while. Personally, I far prefer Apple Macintoshes over anything else out there by far.  I use them every day. So that's me.  I don't know about you. There's a little bit of a learning curve. Although people who aren't that computer literate find it easier to learn how to use a Mac than to learn how to use Windows, which makes sense.  Apple has really done a great job. A bang-up job. With these new chips, it's getting even faster. We are now finding out from a report from Bloomberg who first started these, that Apple has been posting job listings, looking for engineers to work on 6G technology. 6G, right now we're rolling out 5g, which hasn't been a huge win because of the fact that if you want really fast 5g, like the type Verizon provides, you have to have a lot of micro-cell sites everywhere. They have to be absolutely everywhere.  Of course, it's just not financially reasonable to put them up in smaller communities. If the Biden administration continues the way they're going with the FCC and the open internet type thing of a-bits-a-bit, then there will be no incentive for any of these carriers to expand their networks because they can't charge more for better service. If you can imagine that. Ajit Pai fought against that for many years, Trump's appointee as chairman to the FCC, but things are changing. The wind has changed down in Washington, so we'll lose some of those jobs and we're not going to get all of the benefits of 5g. If he keeps us up. 6G is coming.   What that means is Qualcomm, who is the manufacturer of record for most of the modems that are in our cell phones. Qualcomm has also missed some deadlines. Apple is tired of dependencies on third parties because Qualcomm might have somebody else that buys way more chips. It might be able to sell the same chip to the military of whatever country for a much, much higher price. They can sell it to consumers. Maybe they just change the label on it and call it a mill spec, and often goes right, who knows? What they're doing out there, but Apple doesn't want to do that anymore. They are looking for engineers to define and perform the research for the next generation standards of wireless communications, such as 6G The ads say you will research and design next-generation 6G wireless communication systems for radio access networks with emphasis on the physical Mac L two and L three layers. Fascinating, eh? What do you think?  I think a huge deal as Apple continues to ditch, many of its vendors that have not been living up to the standards Apple has set.  Apple has moved some of the manufacturing back to the United States. More of the assembly has been moved here. The manufacturing, it's starting to come back again. We'll see the Trump administration really wanted it here.  We need it here, not just for jobs, we needed it here for our security. We've talked about that before, too, right? I want to also point out speaking of Apple and manufacturing, China, of course, does most of it for Apple and Foxconn is the company in China that makes almost all of this stuff for Apple. It's huge. Foxconn owns cities. Huge cities. They have high rises where people basically don't see the light of day, these high rise factories. You live there, you eat there, you shop there, you work there.  Like the old company store who is it, Tennessee Ernie, right? Owe my soul to the company store. That's what's happening over there. And Foxconn has kept its costs low by bringing people in from the fields, if you will, out there being farmers and paying them extremely low wages. On top of all of that, in some cases they're using slave labor. I found this article very interesting, from Ars Technica's, Timothy B. Lee. He's talking about a potential partnership between Apple and Nissan. Let me remember. I mentioned Apple talking with Kia and Kia is denying it. The financial times reported on Sunday that this potential deal between Apple and Nissan fell apart because Apple wanted Nissan to build Apple cars, they would have the Apple logo on them. They all be branded Apple. It wouldn't say Nissan unless you took something seriously apart you might find it inside.  Nissan wanted to keep the Nissan brand on its own vehicles. Bloomberg reported last week that the negotiations with Kia and of course its parent companies Huyndaiin South Korea had ended without a deal. The Financial Times said that Apple has also sounded out BMW as a potential partner because Apple doesn't make cars. So how are they going to do this? Apparently the talks faltered with Apple and Nissan because Nissan had a fear and apparently this is true of Kia too, of becoming quote the Foxconn of the auto industry, unquote, which is a reference to this Chinese well it's Taiwanese technically, but a group that manufacturers are while actually assembles the iPhones. Fascinating. Isn't it fascinating.  When you start to dig into this self-driving technology and the numbers behind it, that's where you wonder, why is Apple even trying at this point, Apple's test vehicles only traveled 18,000 miles on California roads. Between 2019 and 2020, or over the course of about a year, late in both years. 18,000 miles in a year. Heck, I've done that before with my own car.  Waymo, which is Google's self-driving project put on more than well, about 6

Joe is joined by his nephew Jesse, son of his older brother Ken as Jesse discusses his transitions from UC Berkeley where he majored in Cognitive Science and minored in Music. His career has been in technology which started out while at Berkeley as a part time Unix System Administrator to Installation and architecture design of messaging infrastructure at SendMail then onto Splunk where he has spent time in both Sales and Product Management. These transitions are discussed along with taking a year break in Paris. Music and the journey of mastery ( "an iceberg, you can chip away at it but it's essentially bottomless") has provided balance, confidence and rest from the rigors of the fast paced tech world.Support the show (https://www.buymeacoffee.com/titansot)

Joe is joined by his nephew Jesse, son of his older brother Ken as Jesse discusses his transitions from UC Berkeley where he majored in Cognitive Science and minored in Music. His career has been in technology which started out while at Berkeley as a part time Unix System Administrator to Installation and architecture design of messaging infrastructure at SendMail then onto Splunk where he has spent time in both Sales and Product Management. These transitions are discussed along with taking a year break in Paris. Music and the journey of mastery ( "an iceberg, you can chip away at it but it's essentially bottomless") has provided balance, confidence and rest from the rigors of the fast paced tech world. Jesse's Linkedin Page: https://www.linkedin.com/in/datadingbat/Support the show (https://www.buymeacoffee.com/titansot)

Welcome! Craig discusses problems that businesses can face when using VPNs and why you should be looking to a Zero-trust network if you are running a business today. For more tech tips, news, and updates, visit - CraigPeterson.com --- Traders set to don virtual reality headsets in their home offices What's on Your Enterprise Network? You Might Be Surprised Malware Attacks Declined But Became More Evasive in Q2 One of this year’s most severe Windows bugs is now under active exploit The VPN is dying, long live zero trust Shopify's Employee Data Theft Underscores Risk of Rogue Insiders Microsoft boots apps out of Azure used by China-sponsored hackers WannaCry Has IoT in Its Crosshairs Love in the time of Zoom: Why we’re in the midst of a dating revolution --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] What is going on with malware? There've been some major changes just over the last few months. That's what we're going to talk about right now. What do you need to watch out for? What should you be doing in your business as well as your home? Hey, you're listening to Craig Peterson.  We know that they're here. I have been a lot of attacks over the years. That's what we're trying to stop. Isn't it with our businesses, with our home users? That's why we buy antivirus software or why we have a firewall at the edge. Maybe we even upgraded your firewall. You got rid of that piece of junk that was provided by your internet service providers. Most of them are frankly, pieces of junk, maybe you're lucky and have a great internet service provider that is giving you really what you need. I have yet, by the way, to see any of those internet service providers out there, that are really giving you what you need. So there is a lot to consider here when we're talking about preventing and preventing malware. What we have found is that malware attacks declined this year in the second quarter, but here's what's happening. Right? They are getting through more. Historically, we had things that have hit us that have been various types of malware. I remember when I first got nailed back in 91. I had a Unix server that I was running, as you probably know, I've been using Unix since the early eighties, 81, 82. I was using Unix, and I had my own Unix machines because I was helping to develop the protocols that later on became the internet about a decade or more later. The Unix world was on rather an open world. Was everybody on the internet was pretty friendly. Most people were involved in research, either government research or businesses doing research online, a lot of smart people and we actually had some fun back in the days', puns, and everything. We weren't that worried about security, unlike today, where security really is a top of mind thing for so many people. We weren't worried about who's going to do this to me or that to me. I had a Unix server that I was using, actually at a few of them that I was using for my business. Now, one of those servers was running emails, a program called Sendmail. That's still around today. It was the email package that was ruling the internet back at the time.  I got nailed with something called a worm. It was the Morris Worm. In fact, it got onto my computer through no act of my own. I didn't click on anything. It got onto my computer because it came through the internet. That was back in the days when we really didn't have much in the line of firewalls so it just talked to my mail server. One of these days we'll have to tell some stories about how we really trusted everybody back then. You could query to see if an email address was good. You could get onto the machine and say, Hey guy, I noticed that you had this problem so I went in and fixed it for you, and here's what I did. Much, much different world back then. But that's how malware used to spread. It was something, it was just kind of automated. It went out and they just checked everybody's machine to checked firewalls, to see what they were to see if they were open. We've been doing that for a very long time, haven't, we? We have been nailed with it. That's what the viruses were and are still. Where it gets onto your computer. Maybe you installed some software that you shouldn't have, and that software now takes over part of your computer. It affects other files. It might be something that's part of a Word macro or an Excel macro. And it now spreads through your sharing of that file and other people opening it. Worms are like what I got nailed with, just start crawling around through the internet. So they run some software on your machine and that looks for other machines and today things have changed again.  They are changing pretty frequently out there. What we have seen so far here in 2020 is a decrease in malware detections. Now, just because there's been a decrease in malware detections, I don't want you to think that the threat has diminished because it hasn't. But the signature-based antivirus system is real problems. Now, what's a signature-based antivirus system. That's any antivirus software, like your McAfee's like your Norton's, the Symantec stuff, any antivirus software, that is working like your body's immune system. What happens with your body's immune system? You get a virus and you're your body says, okay, what's going on here? It starts to multiply. Eventually, the body figures it out. It develops antibodies for it. So the next time it sees that particular virus, you're likely to be pretty much immune from it. Your body's going to say, Whoa, that's a virus and it goes in and kills it pretty darn quickly. That's the whole idea behind trying to stop the WuHan virus that is spreading out there. How do we stop it while we stop it, by just developing antibodies? Right? That's herd immunity. We could also develop antibodies by an antivirus shot that is designed to stop that virus from spreading and prevents you from coming down with COVID-19 symptoms. In the computer world, it's much the same as most of the software signature-based antivirus software is exactly the same as the way your body's immune system has been working. In many, many ways. Here's what happens. Someone gets infected with a virus and they reported to Symantec or Norton, or maybe the software reported itself. Usually, it's a third party that reports that and they look at it and they say, okay, so what does this virus look like? There is in this program the developers' names embedded or the name of the hacker group is embedded in it. So we are going to now say any piece of software that it has this hacker group's name in it, we're going to ban. Right?  It recognizes it. So when the file comes onto your computer your computer looks at it. It looks at the signatures. These are called signatures. To say, okay, how does it match? Or it doesn't match at all and it might be through a string that's somewhere embedded in there. So it might be through a name. It might be through a number of other things. That's signature-based. The malware, that was not detectable by signature-based antivirus systems jumped 12%. In the second quarter of 2020. That is amazing. Amazing, absolutely amazing. Seven in 10 attacks that organizations encountered in the second quarter this year. In fact, involved malware designed to circumvent anti-virus signatures. Most cyber-attacks last year and this is probably going to be true in 2020 as well as we get into the fourth quarter. But most cyberattacks in 2019 came about without malware. That means that there were hackers behind this. We're going to talk about that. What's going on some of the data also from CrowdStrike and what they have found CrowdStrike is an anti-malware anti-hacker company. They've got a lot of great people working for them as well. What they have found. It's like the bad old days of hacking and they're back on us right now. So make sure you stick around. Cause we're going to get into that when we get back. And of course, we got a whole lot more, including a major windows bug that's now under exploit and how does this all fit together? You are listening to Craig Peterson. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Läges- och skorapporten Jocke ställer om servermiljön till sommarförbränning Jocke hämtar hem servrar och knäcker nästan Volvon Taket är klart Christian har sett Titanic 2, vi andra har det inte Jocke funderar på en Apple Watch igen. Christian föreslår att han ska ha den till att “fylla ringar” och det är väl rimligt… tror Jocke… Fredrik ringar på Snart fyra månader hemma för oss båda. Statusrapport. Man borde ha surroundljud på kontoret? Jocke jagar stolar, rekommenderar videomaterial om kontors- och hemmajobb Jason Fried: It doesn’t have to be crazy at work Twitter och Facebook låter folk jobba hemma även i framtiden. Vad tänker vi om det? Fredrik har kollat på Jockes Next-video, vilket givetvis leder oss att diskutera Nextmails läskigaste ikon, och spåra en av utvecklarna Fredrik ser Duckduckgo-reklam i köttrymden, leker lite med appen. Kul att få rapporter om hur mycket webbplatser spårar en Fredrik lånar jobbets Galaxy S8+ igen. Oväntat mysig på något sätt Jocke försöker rippa gamla DVD:er på sin Mac med Handbrake. Blir inget bra ju Länkar Titanic II Jason Frieds TED-snack DHH Rework Basecamp It doesn’t have to be crazy at work - intervjun Remote Basecamps podd Ekorrsäkra fågelbord Mördarläpparna Lennart Lövstrand Sendmail Duckduckgo Antennapod tosdr.org Galaxy S8+ Handbrake Två nördar - en podcast. Fredrik Björeman, Joacim Melin diskuterar allt som gör livet värt att leva. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-211-mordarlappar.html.

Couchbase vs. DynamoDB: Better Performance and Deployment Flexibility at Lower Cost Summary Amazon makes sure its own DynamoDB is the most convenient NoSQL database for Amazon Web Services (AWS) customers to choose. But that convenience is often short-lived once the real work begins. DynamoDB setups can run into performance issues and ballooning costs as your workload scales up. You’ll face problems when you need data available in real time. And DynamoDB’s proprietary query language adds yet another AWS service that your programmers and DBAs need to learn. Instead, you can deploy Couchbase on AWS in under 10 minutes and take advantage of the only database that combines the best of NoSQL, like high performance and multi-dimensional scaling, with the power and familiarity of SQL. In this Podcast you will learn how Couchbase can help you: Avoid DynamoDB’s item-size restrictions Speed up performance with in-memory processing and built-in caching Use your team’s existing SQL skills for writing complex queries Easily implement hybrid or multicloud strategies to avoid vendor lock-in Stop over-provisioning resources while cutting license and support costs by up to 50% View our Privacy Policy Jeff Morris is VP, Product and Solution Marketing for Couchbase private software company in California. For over thirty years, Jeff Morris has been a passionate technology marketer and product manager who loves differentiating products and celebrating customer successes. In the past, he helped separate graph databases from the larger NoSQL market at Neo4j, defined "data products" at SaaS analytic provider, GoodData, and worked for two other Open Source Software vendors, starting with Sendmail before the turn of the century.

01:29 - Running a Mail Server qmail (https://cr.yp.to/qmail.html) Sendmail (https://en.wikipedia.org/wiki/Sendmail) Postfix (https://en.wikipedia.org/wiki/Postfix_(software)) Daemon-tools (https://cr.yp.to/daemontools.html) Istio.io (https://istio.io/) 08:49 - Amitai’s Superpower: Squirrel Power! and Orienting Himself in a New Problem Space (And Helping Others to Orient Them in Their Own Problem Spaces) 15:03 - Refactoring 23:15 - Managing Developer Time Global Day of Coderetreat (https://www.coderetreat.org/) Brooklyn November 2018: Global Day of Coderetreat (https://schmonz.com/2018/11/18/brooklyn-november-2018-global-day-of-coderetreat/) Conway’s Game of Life (https://en.wikipedia.org/wiki/Conway%27s_Game_of_Life) 28:57 - Feedback and Systems 33:38 - Email Servers 35:46 - Predictability WeCamp (http://we-camp.us) 40:39 - Quality and Collaboration 45:47 - Orienting and Problem Space Reflections: Jessica: Having useful questions. John: The bounded perfectionism concept and the tests as questions. Rein: What are the minimum possible criteria for progress? Amitai: “Make hidden things visible. Make abstract things concrete. Make implicit things explicit.” ~ Virginia Satir (https://en.wikipedia.org/wiki/Virginia_Satir) This episode was brought to you by @therubyrep (https://twitter.com/therubyrep) of DevReps, LLC (http://www.devreps.com/). To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode (https://www.patreon.com/greaterthancode) To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps (https://www.paypal.me/devreps). You will also get an invitation to our Slack community this way as well. Amazon links may be affiliate links, which means you’re supporting the show when you purchase our recommendations. Thanks! Special Guest: Amitai Schleier.

Ein stilles Feuerwerk der Emotionen.

The Helping Episode: A Tired Mom, The Urge to Help, Not Just Collecting, TIM Help Files, Heat Strick, Users Versus SysOps, Early Website Writing, Google's Eldritch Horror, Sendmail, HTML, Reaching Out, A Better Place, Strick's Language The Internet Archive Unofficial Wiki, my most recent attempt to "Help", is at https://internetarchive.archiveteam.org. My other attempts to "help" are scattered across the wasteland.

Heute mit: Bier heute, Using Lasers to Create Super-hydrophobic Materials, Hamburg walls use hydrophobic paint to pee back, BPG Image format, Introducing Spot, CipherShed, Operation Socialist: The inside story of how British spies hacked Belgium's largest telco, New Sonos logo design pulses like a speaker when scrolled, RFC 20 has been elevated to Internet Standard, Super Mario World Credits Warp, Technobabylon, Day of the Tentacle Special Edition announced, Heroes of the Storm, Cixin Liu: The Three-Body Problem, WhatSim / ChatSim, Paperspace, Donatello, Michelangelo, Leonardo, Raphael VS Leonardo, Michelangelo, Donatello, Raphael

This week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD's IPSEC stack. We'll learn what he's adding, what needed to be fixed and how we'll benefit from the changes. As always, answers to your emails and all of this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSD panel at Phoenix LUG (https://www.youtube.com/watch?v=3AOF7fm-TJ0) The Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD It had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience They covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy It was a good "real world" example of things potential switchers are curious to know about They closed by concluding that more diversity is always better, and even if you've got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea *** Book of PF signed copy auction (http://bsdly.blogspot.com/2014/10/the-book-of-pf-3rd-edition-is-here.html) Peter Hansteen (who we've had on the show (http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall)) is auctioning off the first signed copy of the new Book of PF All the profits from the sale will go to the OpenBSD Foundation (http://www.openbsd.org/donations.html) The updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD's versions (which still use ALTQ, among other differences) If you're interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf - and the money will also go to a good cause Michael Lucas (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop) has challenged Peter (https://www.marc.info/?l=openbsd-misc&m=141429413908567&w=2) to raise more for the foundation than his last book selling - let's see who wins Pause the episode, go bid on it (http://www.ebay.com/itm/321563281902) and then come back! *** FreeBSD Foundation goes to EuroBSDCon (http://freebsdfoundation.blogspot.com/2014/10/freebsd-foundation-goes-to-eurobsdcon.html) Some people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report They also sponsored four other developers to go The foundation was there "to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD" They also have a second report (http://freebsdfoundation.blogspot.com/2014/10/eurobsdcon-trip-report-kamil-czekirda.html) from Kamil Czekirda A total of $2000 was raised at the conference *** OpenBSD 5.6 released (http://www.openbsd.org/56.html) Note: we're doing this story a couple days early - it's actually being released on November 1st (this Saturday), but we have next week off and didn't want to let this one slip through the cracks - it may be out by the time you're watching this Continuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6 It includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features 5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it You can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial (http://www.bsdnow.tv/tutorials/fde) for that) ALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed This will serve as a "transitional" release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd (http://www.bsdnow.tv/episodes/2014_09_03-its_hammer_time) and from BIND to Unbound Sendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions As always, 5.6 comes with its own song and artwork (http://www.openbsd.org/lyrics.html#56) - the theme this time was obviously LibreSSL Be sure to check the full changelog (http://www.openbsd.org/plus56.html) (it's huge) and pick up a CD or tshirt (http://www.openbsd.org/orders.html) to support their efforts If you don't already have the public key releases are signed with, getting a physical CD is a good "out of bounds" way to obtain it safely Here are some cool images of the set (https://imgur.com/a/5PtFe) After you do your installation or upgrade (http://www.openbsd.org/faq/upgrade56.html), don't forget to head over to the errata page (http://www.openbsd.org/errata56.html) and apply any patches listed there *** Interview - John-Mark Gurney - jmg@freebsd.org (mailto:jmg@freebsd.org) / @encthenet (https://twitter.com/encthenet) Updating FreeBSD's IPSEC stack News Roundup Clang in DragonFly BSD (https://www.dragonflydigest.com/2014/10/22/14942.html) As we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang almost exclusively on i386/amd64 Some DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly We'd love to see more BSDs switch to Clang/LLVM eventually, it's a lot more modern than the old GCC most are using *** reallocarray(): integer overflow detection for free (http://lteo.net/blog/2014/10/28/reallocarray-in-openbsd-integer-overflow-detection-for-free/) One of the less obvious features in OpenBSD 5.6 is a new libc function: "reallocarray()" It's a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost Theo and a few other developers have already started (https://secure.freshbsd.org/search?project=openbsd&q=reallocarray) a mass audit of the entire source tree, replacing many instances with this new feature OpenBSD's explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too *** Switching from Linux blog (http://bothsidesofthence.tumblr.com/) A listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux After over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome) So far, he's put up a few posts about his initial thoughts, some documentation he's going through and his experiments so far It'll be an ongoing series, so we may check back in with him again later on *** Owncloud in a FreeNAS jail (https://www.youtube.com/watch?v=z6VQwOl4wE4) One of the most common emails we get is about running Owncloud in FreeNAS Now, finally, someone made a video on how to do just that, and it's even jailed A member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend If you're looking for an easy way to back up and sync your files, this might be worth a watch *** Feedback/Questions Ernõ writes in (http://slexy.org/view/s2XEsQdggZ) David writes in (http://slexy.org/view/s21EizH2aR) Kamil writes in (http://slexy.org/view/s24SAJ5im6) Torsten writes in (http://slexy.org/view/s20ABZe0RD) Dominik writes in (http://slexy.org/view/s208jQs9c6) *** Mailing List Gold That's not our IP (https://mail-index.netbsd.org/source-changes/2014/10/17/msg059564.html) Is this thing on? (https://lists.freebsd.org/pipermail/freebsd-acpi/2014-June/008644.html) ***

On today's show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Tailoring OpenBSD for an old, strange computer (http://multixden.blogspot.com/2014/02/tailoring-openbsd-for-old-strange.html) The author of this article had an OmniBook 800CT (http://hpmuseum.net/display_item.php?hw=233), which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU Obviously he had to install some kind of BSD on it! This post goes through all his efforts of trimming down OpenBSD to work on such a limited device He goes through the trial and error of "compile, break it, rebuild, try again" After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working *** pkgsrcCon and BSDCan (http://www.pkgsrc.org/pkgsrcCon/2014/) pkgsrccon is "a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure" This year it will be on June 21st and 22nd The schedule (http://www.pkgsrc.org/pkgsrcCon/2014/schedule.html) is still being worked out, so if you want to give a talk, submit it BSDCan's schedule (https://www.bsdcan.org/2014/schedule/events.en.html) was also announced We'll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more Kris' presentation was accepted! Tons of topics, look forward to the recorded versions of all of them hopefully! *** Two factor auth with pushover (http://www.tedunangst.com/flak/post/login-pushover) A new write-up from our friend Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) Pushover is "a web hook to smartphone push notification gateway" - you sent a POST to a web server and it sends a code to your phone His post goes through the steps of editing your login.conf and setting it all up to work Now you can get a two factor authenticated login for ssh! *** The status of GNOME 3 on BSD (http://undeadly.org/cgi?action=article&sid=20140219085851) It's no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast (https://www.bsdfrog.org/tmp/undeadly-gnome.webm) A few recent (http://blogs.gnome.org/mclasen/2014/02/19/on-portability/) posts (http://blogs.gnome.org/desrt/2014/02/19/on-portability/) from some GNOME developers show that they're finally working with the BSD guys to improve portability The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us - it's a beautiful thing This goes right along with our interview today! *** Interview - Joe Marcus Clark - marcus@freebsd.org (mailto:marcus@freebsd.org) The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics Tutorial The FreeBSD Ports Collection (http://www.bsdnow.tv/tutorials/ports) News Roundup DragonflyBSD 3.8 goals and 3.6.1 release (http://bugs.dragonflybsd.org/versions/4) The Dragonfly team is thinking about what should be in version 3.8 On their bug tracker, it lists some of the things they'd like to get done before then In the meantime, 3.6.1 (http://lists.dragonflybsd.org/pipermail/commits/2014-February/199294.html) was released with lots of bugfixes *** NYCBSDCon 2014 wrap-up piece (http://www.informit.com/blogs/blog.aspx?uk=NYCBSDCon-2014-Rocked-a-Cold-February-Weekend) We've got a nice wrap-up titled "NYCBSDCon 2014 Heats Up a Cold Winter Weekend" The author also interviews GNN (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) about the conference There's even a little "beginner introduction" to BSD segment Includes a mention of the recently-launched journal and lots of pictures from the event *** FreeBSD and Linux, a comparative analysis (https://www.youtube.com/watch?&v=5mv_oKFzACM#t=418) GNN in yet another story - he gave a presentation at the NYLUG about the differences between FreeBSD and Linux He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs "distros," development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences Serves as a good introduction you can show your Linux friends *** PCBSD CFT and weekly digest (http://blog.pcbsd.org/2014/02/call-for-testers-new-major-upgrade-methodology/) Upgrade tools have gotten a major rewrite You have to help test it, there is no choice! Read more here (http://blog.pcbsd.org/2014/02/pc-bsd-weekly-feature-digest-18/) How dare Kris be "unimpressed with" freebsd-update and pkgng!? Various updates and fixes *** Feedback/Questions Jeffrey writes in (http://slexy.org/view/s213KxUdVj) Shane writes in (http://slexy.org/view/s20lwkjLVK) Ferdinand writes in (http://slexy.org/view/s21DqJs77g) Curtis writes in (http://slexy.org/view/s20eXKEqJc) Clint writes in (http://slexy.org/view/s21XMVFuVu) Peter writes in (http://slexy.org/view/s20Xk05MHe) ***

Episode 44 - How to Roll Your Own Cloud Services For Maximum Privacy                                      Subscribe on iTunes Subscribe to RSS Download MP3 Edward Rudd calls in and Jacob West stops by our studios to discuss alternatives to popular cloud-based services like Dropbox. Listen to us discuss the pros and cons to doing it yourself. We list some of the software that’s out there that will allow you to setup your very own service for personal use. Show notes Why roll your own? Privacy Storage Total control http://zenhabits.net/google-free/ Pros/cons of “Rolling your own {INSERT SERVICE HERE}”? Good option for young kids Cons 1. A dedicated server just for Zimbra with Domain Keys installed 2. A block of 24-32 ip numbers. (49 ip numbers would be ideal, but it’s harder to buy odd blocks like that.) Put your mail server as close to the middle of that range as possible. It sounds like a lot, but most collocation facilities can hook you up with this for 300-500 usd a month. 3. Proactive attention to getting your ip block removed from all spam lists (especially Barracuda, their list is the most annoying for the high number of false positives) before the fact. Just let them know you exist. 4. Pray that all of the hundreds of moving pieces you’ve just put in place don’t break, that bad hackers don’t brute force their way into your server. Strong passwords don’t really help as much as people tell you they do either. That’s now something you have to worry about too. Where to host? Linode Slicehost “Your house” (Business grade internet options) Dropbox Alternatives Owncloud (http://owncloud.org) - Dropbox Alternative + Calendar + Contacts + plugins AeroFS - http://aerofs.com - Dropbox Alternative without a central server Rsync SparkleShare - http://sparkleshare.org/ - just clients and uses git on the server GMail Alternatives qmail, Postfix, Sendmail Horde, IMP, Squirrel Mail, Roundcube http://www.turnkeylinux.org/zimbra Spam filter? Amavisd (runs spamassassin + virus scanning as a pluggable mail filter) hosted service http://ask.slashdot.org/story/11/08/07/1533224/ask-slashdot-self-hosted-gmail-alternatives Google Docs Alternatives http://www.fengoffice.com/web/pricing.php http://etherpad.org/ http://onedrum.com/ Bought by Yammer and integrated with it now ANY Self-hosted WIKI !!! Flickr Alternatives http://www.zenphoto.org/ http://gallery.menalto.com/ YouTube Alternatives Google Voice Alternatives http://www.twilio.com/api/openvbxhttp://pbxinaflash.net/ Full Backup Solutions? Backblaze Carbonite rsync.net LOCAL BACKUP DEVICE! and the Shoe leather express to a remote location!! Security? selinux, disable password login on SSH Talentopoly links - Noteworthy links posted on Talentopoly in the last two weeks Changing times for web developers – 6 Tips You Should Read to survive Workless gem, dynamically scale your Heroku worker dynos Your team should work like an open source project

Neste podcast, o professor Alexander Luz Sperandio – mestre em Ciências pela USP e físico pela UFMS – fala sobre softwares livres e discorre sobre as facilidades e usabilidade do sistema Linux, sugerindo  aplicativos e serviços que rodam neste sistema operacional, que se mostra mais seguro com relação aos ataques de vírus e softwares maliciosos. Distribuições citadas neste podcast: Ubuntu, Debian, Fedora, CentOS, openSUSE. Software para criação de máquinas virtuais: VMWare. Serviços: Apache Web Server, CD Web; Postfix; Sendmail, Qmail; CCH; Bind. Aplicativo: Open Office.Como aprender mais:www.guiafoca.org (www.focalinux.org)www.tldp.orglinuxgazette.net

Was man weiss, und doch nicht kennt. In dieser Folge geht es um einen der ältesten und zugleich populärsten Dienst im Internet, um die elektronische Post, kurz E-Mail. Begleite uns und unsere E-Mail auf der Reise vom Absender, vorbei an Mailservern, Spamfiltern und Virencheckern bis zum Mailprogramm des Empfaengers, und erfahre dabei viele interessante Details über Kopfzeilen, Datenprotokolle und andere sonst verborgene Dinge rund um den Nachrichtenaustausch im Internet. Trackliste D+O – Zensursula Borrachos – Pornostar 7ieben – Sonntags Freibeuter AG – Partytime MZMK – Krzyk Nächste Sendung: 5. September 2009, 19:00 Uhr E-Mail Weg :: Der Weg einer E-Mail von Jens Kubieziel SMTP :: Simple Mail Transfer Protocol POP3 :: Post Office Protocol Version 3 IMAP :: Internet Message Access Protocol SMTP und POP3 :: Wie "sprechen" Server miteinander übers Netz? Greylisting :: Greylisting erklärt. Procmail :: Webseite von Procmail SpamAssassin :: Weitverbreiteter serverseitiger Open Source Spamfilter AMaViS :: A Mail Virus Scanner TLS :: Transport Layer Security, Verschlüsselung während der Uebertragung Postfix :: Postfix Mailserver Sendmail :: Sendmail, das älteste Mailserverprogramm der Welt QMail :: QMail Mailserver Exim :: Exim Mailserver Thunderbird :: Mozilla Thunderbird. Freies grafisches Mailprogramm für alle gängigen Betriebssysteme Mutt :: Exzellentes Mailprogramm für den Textmodus (Konsole) Alpine :: Alpine Mailprogramm. Nachfolger von Pine. YAM :: Yet Another Mailer. Grafisches Mailprogramm für den Commodore Amiga File Download (57:42 min / 61 MB)

Was man weiss, und doch nicht kennt. In dieser Folge geht es um einen der ältesten und zugleich populärsten Dienst im Internet, um die elektronische Post, kurz E-Mail. Begleite uns und unsere E-Mail auf der Reise vom Absender, vorbei an Mailservern, Spamfiltern und Virencheckern bis zum Mailprogramm des Empfaengers, und erfahre dabei viele interessante Details über Kopfzeilen, Datenprotokolle und andere sonst verborgene Dinge rund um den Nachrichtenaustausch im Internet. Trackliste D+O – Zensursula Borrachos – Pornostar 7ieben – Sonntags Freibeuter AG – Partytime MZMK – Krzyk Nächste Sendung: 5. September 2009, 19:00 Uhr E-Mail Weg :: Der Weg einer E-Mail von Jens Kubieziel SMTP :: Simple Mail Transfer Protocol POP3 :: Post Office Protocol Version 3 IMAP :: Internet Message Access Protocol SMTP und POP3 :: Wie "sprechen" Server miteinander übers Netz? Greylisting :: Greylisting erklärt. Procmail :: Webseite von Procmail SpamAssassin :: Weitverbreiteter serverseitiger Open Source Spamfilter AMaViS :: A Mail Virus Scanner TLS :: Transport Layer Security, Verschlüsselung während der Uebertragung Postfix :: Postfix Mailserver Sendmail :: Sendmail, das älteste Mailserverprogramm der Welt QMail :: QMail Mailserver Exim :: Exim Mailserver Thunderbird :: Mozilla Thunderbird. Freies grafisches Mailprogramm für alle gängigen Betriebssysteme Mutt :: Exzellentes Mailprogramm für den Textmodus (Konsole) Alpine :: Alpine Mailprogramm. Nachfolger von Pine. YAM :: Yet Another Mailer. Grafisches Mailprogramm für den Commodore Amiga File Download (57:42 min / 61 MB)

The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoid many difficult bugs down the line. Because such programming errors have been the targets of remote attacks, i.e., buffer overflow attack, prevention of array bound violation is essential for the security and robustness of application programs that provide service on the Internet. This talk proposes a novel approach called CASH to the array bound checking problem that exploits the segmentation feature in the virtual memory hardware of the X86 architecture. The CASH approach allocates a separate segment to each static array or dynamically allocated buffer, and generates the instructions for array references in such a way that the segment limit check in X86's virtual memory protection mechanism performs the necessary array bound checking for free. In those cases that hardware bound checking is not possible, it falls back to software bound checking. As a result, CASH does not need to pay per-reference software checking overhead in most cases. However, the CASH approach incurs a fixed set-up overhead for each use of an array, which may involve multiple array references. The existence of this overhead requires compiler writers to judiciously apply the proposed technique to minimize the performance cost of array bound checking. This talk will describe the detailed design and implementation of the CASH compiler, and a comprehensive evaluation of various performance tradeoffs associated with the proposed array bound checking technique. For the set of production-grade network applications we tested, including Apache, Sendmail, Bind, etc., the latency penalty of CASH's bound checking mechanism is between 2.5% to 9.8% when compared with the baseline case that does not perform any bound checking. Dr. Tzi-cker Chiueh is a Professor in the Computer Science Department of Stony Brook University, and the Chief Scientist of Rether Networks Inc. He received his B.S. in EE from National Taiwan University, M.S. in CS from Stanford University, and Ph.D. in CS from University of California at Berkeley in 1984, 1988, and 1992, respectively. He received an NSF CAREER award in 1995, and has published over 130 technical papers in refereed conferences and journals in the areas of operating systems, networking, and computer security. He has developed several innovative security systems/products in the past several years, including SEES (Secure Mobile Code Execution Service), PAID (Program Semantics-Aware Intrusion Detection), DOFS (Display-Only File Server), and CASH.

The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoid many difficult bugs down the line. Because such programming errors have been the targets of remote attacks, i.e., buffer overflow attack, prevention of array bound violation is essential for the security and robustness of application programs that provide service on the Internet. This talk proposes a novel approach called CASH to the array bound checking problem that exploits the segmentation feature in the virtual memory hardware of the X86 architecture. The CASH approach allocates a separate segment to each static array or dynamically allocated buffer, and generates the instructions for array references in such a way that the segment limit check in X86's virtual memory protection mechanism performs the necessary array bound checking for free. In those cases that hardware bound checking is not possible, it falls back to software bound checking. As a result, CASH does not need to pay per-reference software checking overhead in most cases. However, the CASH approach incurs a fixed set-up overhead for each use of an array, which may involve multiple array references. The existence of this overhead requires compiler writers to judiciously apply the proposed technique to minimize the performance cost of array bound checking. This talk will describe the detailed design and implementation of the CASH compiler, and a comprehensive evaluation of various performance tradeoffs associated with the proposed array bound checking technique. For the set of production-grade network applications we tested, including Apache, Sendmail, Bind, etc., the latency penalty of CASH's bound checking mechanism is between 2.5% to 9.8% when compared with the baseline case that does not perform any bound checking. Dr. Tzi-cker Chiueh is a Professor in the Computer Science Department of Stony Brook University, and the Chief Scientist of Rether Networks Inc. He received his B.S. in EE from National Taiwan University, M.S. in CS from Stanford University, and Ph.D. in CS from University of California at Berkeley in 1984, 1988, and 1992, respectively. He received an NSF CAREER award in 1995, and has published over 130 technical papers in refereed conferences and journals in the areas of operating systems, networking, and computer security. He has developed several innovative security systems/products in the past several years, including SEES (Secure Mobile Code Execution Service), PAID (Program Semantics-Aware Intrusion Detection), DOFS (Display-Only File Server), and CASH.

Geek Muse Frappr Map, SploitCast, Gmail e-mail address dot "feature/bug" confirmed, Sendmail with "plus" signs, Microsoft extends XP Home support to 2008, Windows XP Service Pack 3: Not Until 2007, iMac Intel Core Duo vs iMac PPC, Microsoft Windows Services for UNIX, MacBook Pro vs. PowerBook G4, Expresscard, Digg vs. Slashdot, Newsvine, CS Students Outsource Homework, Rent A Coder