Podcasts about spamassassin

This is a recap of the top 10 posts on Hacker News on January 2nd, 2023.This podcast was generated by wondercraft.ai(00:35): Salim Kara stole $2M in coins with a magnet and a car antenna (2022)Original post: https://news.ycombinator.com/item?id=38839652&utm_source=wondercraft_ai(02:15): LLMs and Programming in the first days of 2024Original post: https://news.ycombinator.com/item?id=38840626&utm_source=wondercraft_ai(04:13): After 34 years, someone beat Tetris [video]Original post: https://news.ycombinator.com/item?id=38841080&utm_source=wondercraft_ai(05:50): Do It Yourself Blind RepairOriginal post: https://news.ycombinator.com/item?id=38844274&utm_source=wondercraft_ai(07:16): We Could Fix Everything, We Just Don'tOriginal post: https://news.ycombinator.com/item?id=38837888&utm_source=wondercraft_ai(08:55): A Canadian payroll dependency chartOriginal post: https://news.ycombinator.com/item?id=38843388&utm_source=wondercraft_ai(10:52): What I've learned about flow fields so farOriginal post: https://news.ycombinator.com/item?id=38839506&utm_source=wondercraft_ai(12:33): LLM spews nonsense in CVE report for curlOriginal post: https://news.ycombinator.com/item?id=38845878&utm_source=wondercraft_ai(14:06): New Ultra Fast Lossless Audio Codec (HALAC)Original post: https://news.ycombinator.com/item?id=38838531&utm_source=wondercraft_ai(15:50): The funny rules of SpamAssassin in 2023Original post: https://news.ycombinator.com/item?id=38839763&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Uppvärmning/uppföljning Vi testar nya sätt och möblemang, allt för det perfekta ljudet Datormagazin Retro #6: 95% bokat. Jocke har blivit med 11” Macbook Air. Oväntat trevlig återkomst. Jocke säljer sin iMac. Köp och fynda finfin data. Spamflod från en rad nya tld:er. Jocke blockar hårt. Jocke skapar github-repo lajv! Ämnen IOS 16: Tidiga intryck? Fredrik skannar sina öron … och frilägger bilder Stickerclip - det perfekta komplementet Diffusion bee - AI-bilder som tidsfördriv, och Mac-app Film & TV Handmaids Tale säsong fem börjar denna vecka Länkar Zencastr Datormagazin retro #6 är numera i hamn! Nyhetsbrevet Uppsnappat Jockes pappas dator blev kapad - hela historien i avsnitt 323 Elvatums Macbook air När Jocke köpte tolvtummare Köp Jockes iMac Markdown med Github-smak Spamassassin Spamhaus Postfix Jockes Github-repo med blockade tld:er Octocatklistermärken Github-flavored markdown Stickerclip Diffusion bee - AI-bilder som tidsfördriv, och Mac-app DALL-E Stable diffusion Cortex pratar AI som ritar bilder Handmaid's tale, säsong fem Downstream Verge presenterar sin nya design Kollijox Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-325-vi-testar-nagot-annat-som-omvaxling.html

What are the copyright implications for AI? Can artwork created by a machine register for copyright? These are some of the questions we answer in this episode of Deep Dive: AI, an Open Source Initiative that explores how Artificial Intelligence impacts the world around us. Here to help us unravel the complexities of today's topic is Pamela Chestek, an Open Source lawyer, Chair of the OSI License Committee, and OSI Board member. She is an accomplished business attorney with vast experience in free and open source software, trademark law, and copyright law, as well as in advertising, marketing, licensing, and commercial contracting. Pamela is also the author of various scholarly articles and writes a blog focused on analyzing existing intellectual property case law. She is a respected authority on the subject and has given talks concerning Open Source software, copyright, and trademark matters. In today's conversation, we learn the basics of copyright law and delve into its complexities regarding open source material. We also talk about the line between human and machine creations, whether machine learning software can be registered for copyright, how companies monetize Open Source software, the concern of copyright infringement for machine learning datasets, and why understanding copyright is essential for businesses. We also learn about some amazing AI technology that is causing a stir in the design world and hear some real-world examples of copyright law in the technology space. Tune in today to get insider knowledge with expert Pamela Chestek! Full transcript. Key Points From This Episode: Introduction and a brief background about today's guest, Pamela Chestek. Complexities regarding copyright for materials created by machines. Interesting examples of copyright rejection for non-human created materials. An outline of the standards required to register material for copyright. Hear a statement still used as a standard today made by the US copyright office in 1966. The fine line between what a human being is doing versus what the machine is doing. Learn about some remarkable technology creating beautiful artwork. She explains the complexities of copyright for art created by software or machines. We find out if machine learning software like SpamAssassin can register for copyright. Reasons why working hard, time, and resources do not meet copyright requirements. A discussion around the complexities of copyright concerning Open Source software. Pamela untangles the nuance of copyright when using datasets for machine learning. Common issues that her clients experience who are using machine learning. Whether AI will be a force to drive positive or negative change in the future. A rundown of some real-world applications of AI. Why understanding copyright law is essential to a company's business model. How companies make money by creating Open Source software. The move by big social media companies to make their algorithm Open Source. A final takeaway message that Pamela has for listeners. Links Mentioned in Today's Episode: Pamela Chestek on LinkedIn Pamela Chestek on Twitter Chestek Legal Pamela Chestek: Property intangible Blog Debian DALL·E Hacker News SpamAssassin European Pirate Party Open Source Definition Link Free Software Foundation Red Hat Jason Shaw, Audionautix Credits Special thanks to the volunteer producer, Nicole Martinelli.

Are You Using Encrypted Email Yet? Here's How! Security emails aren't something that most people think much about. Yet, they're becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff? [Automated transcript] Email is something that's been around now for quite a while. It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email functionality is something that we've always needed. Usually, it was for just communicating within a group. And then, in the early eighties, when I got on the internet, we could send email to people all over the world, and the email then looked a lot like it did. Now you net email, we use different types of addressing for, but basically, it's the same thing that we're used to today. Many of us have Gmail accounts. I have some Gmail accounts. I use them basically for throw-away stuff that I don't want to have tracked. I don't use Gmail for anything that I consider particularly important, because again, it's not saying. So now there are two types of security. Really. We need to consider, and I got an email from one of the listeners today. Who's on my newsletter? And he said, Hey, I love all of the stuff you put in the newsletter every week. It helps keep me updated on what's happening in cyber security and what things I need to know. But I'm reluctant to click on any of the links in your email because they're all trackers. I do that so that I know what the people who subscribed to the newsletter are interested in. So, for example, I see many people clicking on an email I sent out a few months ago talking about different emails, services, and which ones provide the most WhatsApp security. If a lot of people click on that, Then I know. Oh, okay. Great. People are interested in this. So I'll talk more about it on the radio show. I'll probably put something together for the newsletter so that they have it. It's like the example I've used for a couple of decades now, which is, Hey, if I'm looking to buy a car, I don't mind seeing a car. Because it gives me something to compare. If I'm looking to buy an F150, I don't want to see ads for the latest Chrysler minivan. I'd like to see ads for people who are competing to sell me a Ford pickup truck. Maybe some competitors, maybe Dodge gets in there with the Ram or Chevy. Their truck, but I wanted to focus in it. It just makes sense to me because I don't want to waste time on some shoes when that's not what I'm interested in and the person who's paying to show me this ad for shoes is wasting money and being a small businessman. I hate to see that I know what it's like. It gets really frustrating to be spending a lot of money on advertising. That really is not going in. So you have that type of a monitoring where the advertisers are looking at, what you are looking at, what you're searching for. They know the sites you're going to, they know you're interested in that. F-150. Make sense to you? It certainly does to me as well. So I don't have a big problem at all with a people collecting basic advertising information about me. It starts to go over a line. It's a little bit of a, an obscured thing, frankly, but it starts to go over the line where they're gathering all this information that could be useful for a bad. We don't want hackers to have the information. I want to have a hack free life. I don't want them going out there and finding information about me and, oh, I'm going to be on vacation. I'm going to be out of town for three weeks and unable to be reached. And so that gives them the opportunity to now go in via phishing campaign. Maybe try and get my CFO to write a check to somebody or, do something that's frankly, quite malicious. What do we do? How do we deal with that? What makes sense there? That's a really good question, frankly, and that line has to be drawn by you personally. I draw it as, I don't really care most of the time if someone knows. So here's what I do with my mail client. I turn off the automatic download of photos of pictures, and that way I can see the email. And if it's. Piece of spam, where I don't even want that spammer to know that I opened the email. They're not going to be able to find out because my male client is not downloading photos. The way it works is you as a marketer or as a spammer. In this case, you are giving a unique URL for that. So that unique URL. Now, if that photo's downloaded, tells you that almost certainly that person opened your email. What's a legitimate email address. You can spam it some more in the future, a little bit more about them. The same thing is true with my emails. For instance, if you sign up at Craig peterson.com/subscribe, and you get my weekly email. The training and all the other stuff, that's, all for free in there. You now are telling me when you open it, that you opened my email. Now, why would you want to tell me that? Why would you want to tell anybody that? Nowadays when it comes to email delivery, one of the things we have to face as businesses and as a marketer, who am I using? Mt. Is that you are great. Every email is scored. This has been true for a long time. SpamAssassin the software I've used for. I don't even know how long now, at least a decade, maybe two. And it looks at the content of the email. It looks to see how much of the email is a graphic. How much of it is using these types of words that are often used by spammers or. Maybe crazy marketers. So they will score that email. And if it's above a certain score, if it's accumulated too many bad points that email doesn't get delivered, we have a similar system. We have some real fancy stuff that we use ourselves and we use for our clients from Cisco that compares all of these emails that are being delivered worldwide, millions of the members. And learns from it and automatically blocks them for me, which is really great. But if I'm sending you emails, just like if you're on my email list, I'm going to send you an email at least one a week. Usually not more than two, but basically one email a week. It's not only scored on how my email reads the wording, the. But it's also scored on how old is my domain. Have other people reported my emails as spam and how many people have opened that email sites? Google track that. So if you're on Google, if you're using. It will come up and the email come up and Google says, okay, he read the email. Maybe he downloaded the photos. He was very interested in it. But if people are not opening the emails, you start to develop as a person sending an email, a low-risk. Lower and lower in this case, lowers is bad. Then the case of SpamAssassin hires bad. So what'll happen then is your emails will stop getting delivered. You don't want that. I put a lot of work into these emails. I send out every week. I usually have a number of tips, usually six to eight different ones in each email. I don't want that to go to waste. So if people are not opening my email. Then I'm going to automatically remove them after a period of time from my email list, because I don't want to send email to people who aren't going to open it, because if I do that sites like Google and many others are going to stop delivering my emails to everybody else, the people that do want it, just see how that works. So I am reliant on understanding if you open the. How can I tell? I can tell if you clicked on a link and I can also tell if you've downloaded any of the graphics that might be in that. Otherwise, I have to assume you're not opening that email. And if you're not opening that email, I don't want to send it to you because if I send it to you and you don't open it, it's going to slow down or completely stopped the delivery to other people within the. For instance, gmail.com. And this is true for any of the major mail vendors that are out there. And I don't want that to happen. So what I ended up doing, if you have an open them for awhile, I'll send you an email saying, Hey sorry to be bothering you here. But I wanted to make sure that you did want to get these emails or I'm going to automatically remove them. You might've had that from other people before then. The reason those emails are sent out isn't because I'm being snotty about it. It isn't because I'm upset that you subscribed and you haven't been reading the emails. It's because I don't want my email delivery to other people to be damaged because you have no pundit. Even though I do block images from being downloaded on my emails at the top of the email when I open it up and it has a little button that says load images. And if that email is from someone that I care about it, isn't from just some spammer that stole my email address or bought it from somebody else. If it's a legitimate email, I want to see, I click on that load images. So what happens now is the images in that email or downloaded the whoever sent me the email now knows that email was opened up and I don't also get kicked off for their list. Now, a few of you guys have complained about that with me, just not complained as much as said, why are you kicking me off of your email? I told you it's because you haven't been opened that. Oh, but I haven't opened them. You haven't. But if you turn off the load images on emails, then I don't know that you've been reading them and therefore you're going to automatically end up being re removed. When we come back, I want to talk about secure email providers. I'm going to compare some of them. And that came up this week because what was the number one secure email vendor out there? They no longer are. So we'll talk about that. It's all in the news. Visit me online. Craig peterson.com. You use email, everybody uses email, but which providers provide you with security and what do these different types of security actually mean to you? Of frankly? What is security? What is a secure email?  There are a number of different secure email providers. And there are multiple ways of defining secure email nowadays. All of the email that I send and receive from my company and I send and receive for our client companies is incorrect. There something called TLS. That is basically it's the same as HDDP S it's you know, that secure VPN that set up. No, I don't want you to get confused with these VPM services. It has nothing to do. But if you go into your web browser and you look up in the URL bar, you'll see a little lock. It's typically on the left side of that bar, you click on it and it will come up and say, the connection is secure. What does that mean? It means that the data that you send from your browser. We'll get to that remote server in a secure fashion will be encrypted. So if it's intercepted the third party, won't be able to decrypt it. Now there's exceptions to this, but we'll just keep it nice and simple. When we're talking about email and the two email servers talking to each other, we're talking about the same sort of thing. If you send an email, you have an email provider. It might be my company, but it's not likely, right? Because we only deal with a certain number of small to medium businesses, but the email goes from you to a server. So let's say you're using Microsoft 365. So your email, as you're sending it to me@craigpeterson.com that email. Goes from your browser or your email client over to the Microsoft 365 server. Now I understand there's different ways to do it. In fact, we don't do it quite this way. We always go through an intermediate server that we maintain that helps keep things secure, but the email goes over to Microsoft 365. And that first connection is probably a secured connection also by TLS. Now you're sending it to me@craigpeterson.com. That was the two address in your email. So what happens next is it needs to find out who's handling the email for Craig peterson.com. It finds out, and then it says, A again, TLS session and encrypted session over to my email server. That encrypted session is much the same as what you have on your web browser. It is. Very hard, very unlikely that anyone in between can see your email. And then the email ends up on my server, whatever service I'm using for my server. And then it ends up at my client. It might be on my phone. It might be on my desktop. It could be anywhere. And again, that is using another encrypted session. There's different protocols that might be involved. For instance, I map S SMTP maybe there's TLS over SMTP, whatever. We're not going to get into all of those technical details before you guys all leave me because your eyes just glossed over, but there are a lot of ways to have that all encrypted. So just sending an email from your phone to me@craigpeterson.com means it's going through a minimum. Four machines and each time it gets to one of these machines it's encrypted. That's hopeful, right? I'm going to knock on wood here because in reality, not every one of these points has encryption. Not every email service has that type of encryption, TLS, or other ones. What I want to talk about now is the secure email providers. If you have Microsoft 365 email, you can go to and Microsoft website and send and receive email there. Do your calendar there. You've seen that before. I've used that before, so you can do it all online on the web server. You can also do it on your client on whatever device you have. These secure email providers. I'm going to talk about right now as a rule are using a web front. So what is a secure email? Obviously the first step needs to be the connection from you to the server needs to be encrypted. And if you're using a web based encryption, which again is that HTTPS, which is the TLS nowadays. That is encrypted end to ended choosing public key encryption, the whole RSA patent. And it's just fascinating stuff. It was absolutely amazing what they were able to come up with. I love it. There is also the server itself, which needs to be secured somehow. And then how about the ultimate delivery to the third party? Now we use Cisco again. For our email filters, but that our Cisco server that we have for ourselves here in our very own data center located right here then server also handles emails for some of our other clients. So what happens now is if I want to send a secure email to somebody. Party. So I want to send it to somebody working at the bank or working at the repair shop, whatever it might be. All I have to do is in the subject line, just say secure and the Cisco email, server's going to notice that. And it is then going to send an email off to the recipient saying you need to come to this IP address. And it gives them a link and I, and grab your secure email. So in that way, I know it was delivered to curly because whoever the recipient is had to go to this secure site on this mail server that my company maintains. Okay. So that's another way of doing it. If you don't have the types of equipment that I have here in software that we use for small businesses, then there are still some options. The number one for quite a while has been proton mail, P R O T O N M a I L. And I wrote a big thing about that. You would have got that in my newsletter a few months ago. If you save those things, which you shouldn't do by the way, save them all, just do a search for proton mail in there, and you'll see my detailed explanation of what it is, why you might want to use it. Proton mail is located over in Switzerland. And of course, Swiss has some good privacy laws sodas, the European union, but that was their claim to fame. Hey, we are in Switzerland. We do not do log. We do have self-destructing messages and we have some real neat little features that you can use on your on your device. That's proton mail. It's been very good, but just this month, a Swiss court ordered proton mail to log the attachment. To their service. So now when I say attachments, what I mean is the IP address is the two addresses the, from addresses of any body that's using their service. No, they were specifically looking for this one individual. And so now they are doing some logging. They actually have to change their website. So that's a negative and we'll explain why that's a negative. And we'll talk about a couple of. I of the email services that are out there right now and what you can use, what you might want to use, what the costs are, so that you have a good idea. So stick around because of course we'll be right back. And I want to invite you right now to just take a couple of minutes, go to CraigPeterson.com and subscribe to the newsletter so that you get everything. You'll get my show notes every week. You'll get some of these free trainings I'm in trying to make it so that it's under three minutes to help you understand different concepts and things that are going on. Craig, Peterson.com/subscribe What are the features? These secure email providers are providing, what are the costs? Which ones might you want to consider? We're going to run through the top three right now. What are their features and why would you want to use them?  We started talking a little bit about Proton Mail, some of the real basics here, and it is still the kind of 800 pound gorilla when it comes to secure email, finally they had to capitulate to the Swiss court because they are located in Switzerland. So just goes to show that even being Swiss doesn't mean that it is. Completely secured, then there's a difference too. I want to point out between having a government issue, a subpoena and a court order to have your information revealed. There's a big difference between that and a hacker who's trying to hack you and get into your life. So I think most of us understand that we need to be secure in our documents. We need to have that privacy is guaranteed to us from the constitution, but we also need to have one more level of security, which is okay. How. The hackers. So having a hack free life means you there's a lot of things that you have to be concerned about, email being one of them. So I'm not too worried about Proton Mail and the fact that they had a court order to. Provide IP addresses for a specific group of people. And it was a very small group and I can see that. I can agree with that. Proton Mail does have a free version. That's the one I have because I want to try it out. And it has a 500 megabytes of free. The storage, you can get up to 20 gigabytes and Proton Mail starts at $4 a month. It has end-to-end encryption, which is really important. Again, it means from you all the way to the recipient, all three of these that I'm going to talk about have end-to-end encryption. They also all have. Two-factor authentication. Remember when we're talking about two factor authentication, a lot of places try to pass off this thing where they send you a text message with a number in it. They try and pass that off as two factor authentication. Yeah, it is a type of two factor authentication, but it's not a. If you're already doing something like maybe you've got cryptocurrency, you are potentially not only under attack, but I'm very hackable. If you're using a text message in order to verify who you are. So that's an important thing to remember. Proton Mail has self-destructing messages, which is a very big thing, very positive. It tends to be expensive. Proton Mail being the 800 pound gorilla kinda dictates what kind of price they want to charge and they are on the more expensive. Side the web client is a little bit on the outdated side. It does not support pop three, which I doubt is an issue for any of you guys out there because nowadays the modern email clients aren't using. Anyways, any more now Proton Mail has PGP support. I use PGP, I have a built into my Mac mail and it allows me to send and receive and do end encrypted messages. And that's something you might want to look at a plugin that uses PGP or GPG, which is effectively the same. Which allows you to send and receive encrypted email using your regular email client. However, the person who's receiving it at the far end has to have that PGP client or GPG client as it is. So it might not be the best idea in the world to use that. I use it and I use it for. People within the organization that I know have PGP, because again, we're dealing with third parties information. We have clients and the clients trust us. So we have to be pretty darn careful with some of that stuff. So that's our first one, proton mail. It's something I've used. I know a lot of you are using it. I had so many responses to that email that I sent out to everybody talking about secure email and specifically proton mail. And you guys were all telling me, Hey, listen, I'm switched on I'm away from Google forever because Google is by far the least secure of anybody you could be using out there. Now, the next one is called top-down. Two U T a N OTA. So it gets just what Tatan call 10 town, tow hours, something like that, but a N O T a I'm sure you guys are gonna all send me pronunciation guides and it has again, a free version, one gigabyte. So twice as much as proton mail and it doesn't really offer quite as much storage, but it starts at a dollar 18 month. Down from proton mail's four bucks a month. It also has end to end. Encryption also has two factor authentication. It has an encrypted search function, a calendar function, and aliases. I use aliases not only for my hack free life, but I use aliases because I will. To use a different email address for pretty much everybody I'm dealing with. So these, this way to do that is with an alias. One of the problems here with top I, this is a German company. I bet you it's a German word. Somehow Tottan TOA is that it is injured. Germany is one of those 14 eyes countries. That means it's one of the 14 countries, large countries that share information about people online and spy on each other's citizens. See, that's how the government's gotten around it. The government have preclusions from monitoring citizens. So what did they do while they all get together, serve with the five eyes now once twenty-something eyes, but they're part of the 14 eyes agreement. So Germany, for instance, would spy on us citizens while they're in the U S. And the U S will spy on German citizens while they're in Germany and all over the world. Okay. So that's a negative, however, as a general rule, the European union has pretty good privacy laws, so you're probably safe. And then the third one, which is again, the third in my priorities here too, is called counter mail. Now it has. Interesting features, for instance, they have what are called Ram only servers. So the server boots up, obviously it has to boot off of some sort of a device, but once it's running, everything's in memory. So if that server loses power, it loses everything. Now that's an interesting thing to do and can be a problem if you're trying to store emails, right? It has men in the middle attack protection, which all of these due to one degree or another, but counter male makes that a kind of a big deal. They have a safe box and anonymous payment systems that you can use. And it starts at $3 and 29 cents a month. They have a four gig storage limit. They do not have a free version. So I liked this one counter mail, but I do use proton mail, at least for testing. Some mothers also rans here that allow you to send and receive encrypted mail. Secured mail is Zoho mail, Z O H O mail. The X, Y Z is another one post deal. So I've used Zoho before, by the way post geo P O S T E O. You might want to look@mailbox.org and start mail. So there you go. Top three proton mail. That's still my recommendation. If you want some secure email and it'll cost you a bit, if you want cheaper, look at this T U T A N O T A. All right, everybody make sure you spend right now about a minute. Go to Craig peterson.com and sign up for my weekly newsletter and training. Is there no such an example of Silicon valley and they're a hoity toity attitude of fake it until you make it, or is it the reality of Silicon valley? What's happening out there? WeWork and others.  Theranos. How many of you guys know about Theranos? They had a really great idea and it was started in 2003 by a 19 year old young lady named Elizabeth Holmes. That is pretty young, but her idea was why do we need to have a whole tube or more of blood in order to do blood? With the technology we have nowadays, we should be able to just use a drop of blood and be able to test for hundreds of diseases with just a pinprick of blood. It seemed pretty incredible at the time, but she was able to. Been a yarn that got a lot of people right into investing in her company. We're talking about nearly a billion dollars in capital that was put into their nose. How could she have fooled all of these people or was she fooling them? Was she doing what you expect to have done in Silicon valley? That is in fact the argument that her attorneys are using right now. She is on trial because this company Theranos was never able to produce and tests. They could just take out a drop of blood and run hundreds of tests on it. And there's a lot of evidence that has come out that has shown in fact, a great little documentary that I watched not little on her and the company Theranos. That showed that they had in fact, been taking vials of blood and using other people's equipment, not the Theranos equipment to do the valuations of the blood, to look for diseases, to look for things like vitamin D deficiency that is in fact, something that could have helped with this whole COVID-19 thing. A real quick and cheap check a vitamin D levels in your blood, but what happened? Elizabeth Holmes was really a great talker. She was able to convince a lot of people and a lot of businesses, including Walgreens to invest in her. Not only did she have Walgreens invest in her, but some of the biggest names that you can think of in the investing community, including Rupert Murdoch, he invested in fairness. Now her argument in her. At least her attorney's argument is, Hey, listen, we're not doing anything differently than any other Silicon valley company that's out there. It's this whole creed that they have of fake it until you make it. Is that legit. Is it just one more live from Silicon valley? There's a great article that was in Forbes, talking about some of these, what are called unicorns. These are companies that are startups and are taken under the wing by investors, starting with angels, and then moving into venture capitalist, actually, even before angel. Friends and family and moving into venture capitalist positions, and then eventually public companies, all of these businesses really required proof before they got any funding. So here's an example from Forbes, Airbnb. Obviously they, hadn't what we consider today to be a rather unique business model. But it had been tried before. The whole assumption was that people would rent rooms in their homes on this huge scale, but they didn't have any pre. They were the first to make it in this global trend, they built up this whole idea of becoming a hotelier yourself with your home. But when the founder, Brian Chesky tried to get angel capital, he did not get a dime. He had to prove that renters were interested and people were interested in renting out their homes and that he could pull them together. Once he proved that, then he was able to get the money and prove is you. To have a viable business. First, it's really rare that you don't have to, Facebook was started by Zuckerberg now, all of those stories, but the whole idea was having Harvard students connect with the. And then he expanded it to students and other universities and then expanded it to the world at large, his natural initial investors, like most or friends and family, people who give the money to you because they want to see you successful. Eventually here. Zuckerberg was able to prove it and get money from Silicon valley. And then VCs, I'm not getting into any of the ethics of how he did it or any of these other people that had Google. Google was started by these two Stanford students page and Brin, and they got angel capital from investors. And, but these investors were different than most the investors into Google, where people who were already very successful in the computer industry and could understand the ideas behind the algorithm and believed in page and Brynn and that they could grow this company. Microsoft. Again, another company that started with extremely questionable methods was started by gates. And now. They didn't have any VCs, either. They started by running programs for other people. They convinced IBM that they needed to license an operating system from Microsoft and Microsoft didn't even have the rights to, and then they went out and acquired it on a non-exclusive basis. IBM acquired it from Microsoft and non-excludable exclusive basis. Then they got VC money after they started to take off. Okay. Amazon was started by bayzos with funding from his family and small investors from Seattle. He got a VC from Silicon valley after he launched and was already earning thousands in revenues. Bezos had real proof. Walmart was started by Sam Walton with 25 grand from his father-in-law. He built this business and financing strategy and used his skills to become one of the world's most successful companies as he grew. We work. I don't know if you've seen these. There's a great documentary out there. And we work that I watched too, but again, like Elizabeth Holmes, he was a great guy at standing in front of a group and getting investors to put money. And he was even great at getting people to buy from. We work that he even started this whole, I think it was called wee life thing where he had people who would move into the building. That they were renting this office space from, and they'd all lived there. They all had their own little units and they'd get together every night and they'd eat together and have community and everything again, collapsed when they couldn't sustain the momentum. And it was like a Bernie Madoff thing where he needed more money coming in order to support it. And he got incredible amounts of money from this big Japanese investor. And then we've got Theron. Elizabeth Holmes. She failed when this investigative reporter questioned whether the technology really works, the investigative reporter said, Hey, can you really do hundreds of tests reliably with just a drop of blood? Why did this report, or even have to ask the question at all? How about all of these investors? Huge companies, my including medical field companies. How did all of them get built basically into spending about a billion dollars with her in an investor? It is a real problem. And it's a real question because ultimately what we're talking about is companies and Silicon valley thinking you fake it till you make it, who are bilking investors and everybody else out of it. Now you have to have a certain amount of that. No matter what the company is. Do you think. Faith in yourself. You've gotta be able to stand up and make a presentation to customer or to an investor, an angel investor or friends or family, whatever it might be, but how could you have sold value to customers and convince them? To pay the rent that's needed before you've even shown a profit. And that's a big question. Things have not changed in Silicon valley because of what we work did. And because of their failure, things have not changed because of Elizabeth Holmes and Theranos and the major failure there. These people are investing money. They hope that two times out of 10, one times out of 10, they will actually make money from their investments. We're talking about the venture capitalists and they are jumping on all of these things that are, maybe. Quite legal. That was actually the pitch that was used by the founder of Uber. Yeah. We don't really know if this is quite legal or not, but we're going to let people use their own vehicles to drive their own cars, to pick up strangers and take them places. And it was obviously not legal, especially in big cities where they had laws about all of this. And then all of a sudden now Silicon valley. Really listening closely and say, oh, not quite legal. Okay. That means you are going to completely overturn the whole industry. And that means we could make a whole lot of money on you again, just the knee jerk. So we've got to be careful. The other side of the point and coin is the secret sauce, which is many companies are being careful to not disclose things for very good reason. They don't want an employee to leave and take with them. Their secrets. Look at the lawsuits that have been out there with Google and some of the other self-driving companies. You stole an executive, the executive brought all of this knowledge. Them. And maybe even some documents, this should not be legal. And now you've got the Biden administration issuing an executive order, trying to change this whole thing by saying, while you cannot lock people in to not disclosing or to your secrets or to not compete with you. How well to Silicon valley or any business anywhere. To keep their secrets, their secret sauce, the recipe to Coke. If you will, how are you going to keep it secret if you cannot hold people to these nondisclosure agreement? And so I think again, the Biden administration is going the complete. Wrong direction. I'm going to keep an eye on this whole Theranos thing, this trial that's going on. I didn't have an idea how it's going to turn out, but we do have to change the fake it till you make it. Ideology of Silicon valley. Hey, take a minute and sign up online. Get my free special reports and trainings. Craig peterson.com. Your cybersecurity strategist. It doesn't look like what's app is safe anymore. So what can you use if you want to have a conversation with someone, how many of you have a friend that's in China or Iran or Afghanistan or one of those other countries?  I was warning about our friends at Facebook. Of course they've been buying competition and in fact, they're being sued right now because of that. And they have been going after these companies that look like they are going to eat Facebook's lunch and then they buy them for way more. The market value. So what are the founders supposed to do? If I was offered crazy money for my company, I'd sell it at the drop of a hat. Just like that. It'd be done. Thank you very much. WhatsApp is one of those apps. My Facebook and Facebook bought it, allegedly because it looked like it was going to be serious competition. So our friends at the federal government decided, okay, we'll let this one go and we'll let them know. When Facebook gets their hands on something, it's like Google, getting their hands on, what's going to happen. Ultimately Facebook is going to be using it in order to sell you things. I'm not against having these various websites that we use, online apps and other things going ahead and Colleen us a little bit. What about things we want things to mean might want that we don't even know we want because we don't know they're available. So there's a lot of good reasons from a marketing perspective for them to be able to find out what we're into. They used to be a little bit different than it is today, but not that much. I was in the. Oh, direct marketing business way back in the seventies. It was my second job, really. And I wrote software. That was part of this system that actually put all of our competitors in the country, out of business. Yeah. I wonder if they're still around. It's called marketing electronics of Canada. And let me see if it comes up. Eh, statistics and be okay, so it's not really around anymore. So they master gone out of business. But what we would do for our customers is we'd say, okay, so who should you mail to this? It was direct mail back in the day. And so when we get asked a business, we were in and so they'd say, oh, okay. How about we mail to what 40 year old men who maybe want to buy a pickup truck? So how would we do that? We would look for the magazines that 40 year old men were likely to be. We'd look for anything, the newspaper subscriptions, neighborhoods. It was a real big deal. When, of course the zip code came in. That's not what it is in Canada, but the postal codes came into place because then we could narrow it down based on neighborhoods. So we'd put all of this together and we'd say, okay if someone is getting this magazine, And they're definitely not getting that magazine, but they're getting this newspaper and they live in this part of town. Then we put all of that together and we did the duplicate eliminations and figured out exactly. Okay, this is who we want to be. And then we would do direct mail for the customer to all of those people. So it would be whatever it might be back in the day, it was Grolier encyclopedia was our, one of our customers and Columbia music. You remember, those guys was one of our customers and a few other places out there and we made pretty good money and the, it was pretty easy to do. But back then we were doing almost the same thing. This was what now? 40 plus years ago, as they are doing today. But Facebook of course has way more information. They don't just know what website you might be going to, which is the equivalent of which magazines did you subscribe to back in the day, but they all say. Are in the middle of your conversations, they know who your friends are. They know what your friends have bought. They know what your friends are interested in. So it's not that much different than it used to be, but it's more intrusive because now instead of only having one. A couple of hundred magazines Countrywide that people might subscribe to. We now have millions of websites that we're likely to go to. And we have the conversations, the listen in which frankly, I think is the worst part of all of them. So when they bought WhatsApp, there was a warning of by myself and others saying, be careful, Facebook's going to start to watch you on WhatsApp and Facebook. Good. No. That's never going to happen. There's an article that came out this week. Okay. It's absolutely amazing. This was from pro public. Who looked at the WhatsApp messaging platforms, privacy claims, WhatsApp of course offers quote end-to-end encryption and quote, which most people interpret means that Facebook who owns WhatsApp. Can neither read your messages nor send them off to law enforcement. So some of us are concerned that they're reading it and they're using it from Arcadena et cetera, which okay. I can see, that's a little bit of an invasive invasion of privacy, but it's nothing that hasn't been going on since the 1950s. And the other side of it is what happens if the bad guys get their hands on that information or law enforcement? It reminds me of the old days was stolen, remember stolen. And in his henchmen, they said, Hey, show me the person I'll show you the crime. And the reason he was able to say that is there's so many potential laws that you can bring. If you tell me the person's name, I'll dig into them and watch them, and we'll be able to accuse them of a crime and get them convicted and thrown in prison. So there's those of us who are worried about that potentially happening, then you might say it's not going to happen today. I think frankly, it well could happen today more than it could have, or would have happened just a few years ago, but it keeps getting worse and worse. So I get all. Stuff, but the claim to WhatsApp being safe to say anything on that. No one's monitoring you. No one can see what you're saying is basically false because what they've found a ProPublica is that Facebook employs about a thousand WhatsApp moderators whose entire job is reviewing WhatsApp messages. Now, about some of the censorship this has been going on at Facebook. This is not the same thing because in general, in Facebook, of course, everything is open and available for their computer systems to flag. The automated systems will see it and say, oh, okay. Yeah, this is bad. And they'll just shut you down and then maybe send it off for a person to review. What's happening here with WhatsApp is someone can flag a message that they have received at. Improper now that's where it starts getting to be a little bit crazy here, because with this loophole in WhatsApp's end-to-end encryption, now you don't have that to fall back on that they don't have it, that they can't read. The recipient of any of the WhatsApp messages can flag it once. Flag the messages copied on the recipient's device and sent as a separate message to Facebook for review. Now, the messages are typically flagged for the same reasons they would be on Facebook, but one of the things that's been happening. Is with this content moderation, people who have received the messages from people that they don't like are reporting these messages to Facebook. So they might be in, in a group. You typically is why it works happening. And in, within this group, there's people who are saying things that they just don't like. That is frankly a loophole. Absolutely a loophole. So it's not any different from someone receiving a message screenshot in it or shown their device to another person that's received. But now it's an automated process. Millions of teams every year have found that out too, with their disappearing videos on Snapchat. They don't all just disappear. And that's a problem we're having right now with WhatsApp. So what should you use? What could you use? The number one recommendation that I have for you guys is to use signal. You'll find it online. Signals available for every mobile device out there, pretty much it's available for most desktop operating systems and it is end to end encrypted. And the guy who wrote it who has Mr. Marlin spike has an odd name? He has done this because he wants people to have true privacy in their messages. So signal pretty good. WhatsApp, not so good. You might not want to use it, but by the way, it's huge in use. Hey, take a minute. If you haven't already sign up for my weekly show notes and my trainings that are in them, you'll get them absolutely free. Craig peterson.com. And if you had done that, you'd already know all about WhatsApp and signal and what type of email you should be using. Big data has strikes again in this time it's in Los Angeles. If you get pulled over by the police, would you give them your social media information, your email address, et cetera. Question mark? Huh? Here we go. LAPD has started doing something that most people are saying is unethical and may be illegal is well, they were sued the Los Angeles police department in order to. Some information out of the police department. Cause some people had been reporting things and the Brennan center for justice is what it's called, sued them. Okay. Now this is at the New York school of law. The NYU school of law, the Brennan center is, and they filed a public records request with LAPD and police departments from other major cities. And they were trying to find out what's going on. What kind of data are these police departments collecting and the LAPD resisted making these documents available? I guess that's a clue, right? And so they did ultimately provide over 6,000 pages of documents after the Brennan center. Sued the department. And one of these documents was a memo from the LAPD chief. His name was Charlie. Back in May, 2015. He said that quote one, completing. F I report officers should ask for persons shall social media and email account or information and included in the additional info box. Now, what they're talking about is a, basically a field contact or field interview form, and he was telling them that they need to get all kinds of information, basically anything they can, but more specifically, once or Twitter handle Instagram. Profiles. There's a spot on here for all kinds of information. I'm looking at the report right now. Who are the name your date of birth, your sex, your gang, your or your monitoring moniker? Yeah, not everyone's in a gang guys. And let's see field interview, incident number, the division detail. So the only thing, oh, and by the way, social security number as well. And if you're asking them for their social security number, it tells you they have to read this assess federal law requires that you be in. When asked for your social security number that must be provided for use and identification authority for required. This information is based upon field interview procedures operational prior to January 1st, 1975. Remember the social security number was only going to be used by the treasury department for. Income to verify that you'd been paying and would not be used by any other federal departments or state and local. In fact, it was illegal at the time. Anyways, I guess I'm rambling about this. Cause the social security number thing really upsets me because of. Everybody's collecting it and the bad guys have your social security number and it's being used as some sort of a university universally unique number. We call those UIDs IDs in the computer world, but it's not. And unlike a regular you ID that can easily be regenerated, they will not issue you in a new social security number. If your old one was stolen. It's really crazy. So it may be an unusual policy, even though the LAPD has been doing it for years. Let's see. So a lawyer in the burn-in centers, the library in national security programs wrote, he said, apparently nothing bars officers from filling out field interview forms for each interaction, they engage. On patrol, notably our review of information about the field information cards in 40 other cities did not reveal any other police departments that use the cards to collect social media data though. Details are spars, publicly available documents to try to determine if other police departments are channeling. I collect social media during the field interview were requested, but found that most are not very transparent about their practices. So I guess that's not too surprising. Here's where it starts getting more concerning for me anyways. And that is, they are feeding all of this information from these contact cards into a system that was developed by. Amazon. This is a system called plant Palentier. There you go. Palentier. And in fact, there was an open letter that was written by the staff at Amazon to Jeff. Bayzos asking bayzos to stop selling this technology to law enforcement. Okay. That's how bad it is. Here's an article from ARS Technica. Amazon staff have called on CEO, Jeff Bezos to stop selling facial recognition technology to law enforcement and government agencies. Do the book 10 channel that the tech is used to harm the most marginalized. Microsoft and Google also have done the same thing. Now you hear that and you say, that's really good, kudos to you. I'm glad that you are trying to stop this. And yet at the same time, these same employees don't seem to have a problem with selling this technology to the red, Chinese. At all, they don't seem to have a problem with it in some of these other countries that are using it for just terrible things. Further this letter that they wrote demanded that Amazon stopped selling their cloud services to data analytics from planet here. They have numerous government contracts involved in the operation of ISIS detention and deportation programs goes on and on. So what makes sense to you? The ACL you recently reported that Amazon's recognition facial technology is being sold to police departments. It can identify faces in photos and videos. Amazon pitched in as a way of identifying and tracking suspects. The issue that is raised here by the ECLU is the militarization of the police. How far can it go? Should it go? The targeting of activists and ISIS family separation policy. Now this was in 2018, just so that okay. So back in the day, of course, anything president Trump did was evil. And so this stuff they came out and said was evil. I haven't, I looked and I haven't got anything more reasoned about this. So for some reason, the Biden administration using this, isn't a problem LAPD using this apparently was a problem and continues to be a problem. Keep an eye out for it locally, because here's the other side of this whole thing they say. Are they being the police officer when they pull you over I need this information. I need to inspect your car. I need to search your person, et cetera. They may need to, but that doesn't mean that they have the. Legal right or constitutional right to do it. So typically the police only ask for things that they can constitutionally asked for, that they should ask for. And people, most people know they can refuse a search depending on the circumstances and they, but they don't because you're honoring the police officer. Going on from there honoring the police officer. I also mean that people are allowing the police to gather this information because of, again, the respect that giving to that police officer. And in fact, they apparently do. There's another study in this article that talks about that. It's a problem. We gotta be careful all of this data being fed into a big system that tracks us, that, the bad guys are going to get their hands on that data. Eventually. Hey, visit online Craig peterson.com and check out today's newsletter. You'll find in there links to this and all of today's stories. Do you remember when president Trump was trying to block Tik TOK, this Chinese social site that so many of us were using? Of course now that's all gone. That's all history. And there's another piece of news about them.  Tik TOK is a social media site that really rose a like crazy. It is owned by 10 cent, which is a Chinese company. Now, as all companies in China are controlled by the socialists, the communist party of China, the CC CCC CCP. Remember those initials from back in the day. They are now being given access to location information about Americans, about all kinds of places in the United States, in photos, people's names, their locations, you name it. Through tick talk to Chinese government, the Chinese military, the people's liberation army as they call it. And we're giving all of this information voluntarily. So president Trump had a problem with that. Why should a Chinese company be allowed to track American citizens? Now at the time, took talk was quite popular and was growing in popular. Now we're seeing a news story from the BBC saying the tech talk has overtaken YouTube in the average watch time per user in the United States and the United Kingdom. YouTube is still the bigger video site. They have YouTube as far more users, they have far more video that's watched, but what we're talking about here is something that is specific, but it's still scary, which is the average us tick-tock user watches, more video than the average YouTube view. So if you're a marketer, maybe it's time to get on Tik TOK, but also right now, tick talk is really the younger generations. It's not the older folk. Okay. I expect that eventually just like Facebook started with the college students and it has now really grown to being a an over 40, even over a 50 year old web. At Facebook, the same thing will happen for Tik TOK, but we're getting concerned here because tic talk is upended the streaming and social landscape. With these small videos, it reminds me of how the goldfish, why is the gold fish or the happiest animal in the world? Because it only has a five second. That was just great from Ted lasso. I don't know if you've watched that show at all. That's one of these apple TV shows out there it's really it's really true because these Tik TOK videos are extremely short and the whole goal of it is to have something that's funny and they've had challenges and various other things that they've done too, but they have really gone crazy. Google has tried to counter tic talk. They've had their own little thing. Facebook's had their own little thing with these short videos, but this time spent metric that we're talking about here is from the monitoring from app Annie. That's the name of it. And it only accounts. Android phones because some of this monitoring cannot be done on I-phones. Okay. But it also does not include China where tech talk is a major app in over in China. It's called . I probably didn't pronounce that one quite right either, but it is a massive audience that they have out there and. I'm looking at all of the stat. It's just absolutely amazing. You can see those of course in the newsletter for today, but yeah. Live streaming apps Twitch. For example, viewers can purchase bits virtual currency and send them to cheer for streamers journal, live stream and stuff. This is an interesting business. Tik TOK has definitely taken it over. And we're seeing that that nobody's been able to really do anything. YouTube has it's Tik TOK clone called YouTube short. It was launched in may. This is a 62nd video clips, whole ideas. It's mobile first it's swipe up. Also out there with, I love this. This is ARS Technica, calling it a photocopier, which is what YouTube does, within an upstart video service comes along a Twitch, see YouTube gaming. Anyways, everybody's trying to get into it. No one's being successful at it yet, other than tech talk. And do we really want the red, Chinese having access to all of that? Think what's innovative. You've got GPS information coming from your smartphone. So they know exactly where it's taken. They know who you are. They know information about you as a user. I don't know. It gets scary. And then you think about what happened with the Wu Han lab and what escaped out of there. Could they use that? Might they use that home? My goodness on a very concerned. Okay. From Krebs on security, we have a warranty. For Microsoft users, attackers are now exploiting a windows zero day PLA. So this is a previously unknown vulnerability in windows 10 and many windows server versions. And what it allows them to do is seize control over PCs. When users open a malicious document or. A booby trapped website. There's currently no official patch for it, but Microsoft has released recommendations in order to help mitigate the threat. These mitigations aren't the best, frankly, but we'll see it affects what's called the Ms. HTML component of internet Exploder on windows 10 and many windows servers that are out there. And of course, internet Exploder has been deprecated. For use people should not be using it anymore. So for those of you who are still using internet Explorer, I've got two words for you from the famous Bob new heart, just an amazing guy. So here we go. Okay. Here you're there. That's from an old routine. I couldn't help, but think of it, but yeah, that's the bottom line. You need to stop using internet Explorer. It does not work well. It is bug Laden. Like most Microsoft software seems to be, and it is now under direct attack. So make sure that. Patch had Shirley patch off. And now I am in the middle of putting together. This is another bit of free content for everybody, but two things. One is a cyber health assessment that you can do yourself. And shall I show you how? And I'm going to have a course on that too. A paid course that gets into a lot more detail. But the basics is, I want you guys to understand that. And then the other thing is in the next 90 days, what are the things that you should do and can do to make your computers safer? Now, as usual, this is aimed at businesses, but works great for. Individuals for home users. And we'll see how this ends up going. But frankly, the zero day attacks are going to keep happening. They happen to Microsoft. They happen to apple. They happen to everybody, but they all release patches. The only one that you are going to have trouble with patches on is older versions of windows. And of course Android. What else do I have to say? Any older Android phone? Cause they lose support very quickly. So don't use those, but make sure patch Tuesday. All of those patches are installed from Microsoft and visit me online. Craig peterson.com. Make sure you sign up for my newsletter so you can get these coming up and more.

Today's episode on spam is read by the illustrious Joel Rennich. Spam is irrelevant or inappropriate and unsolicited messages usually sent to a large number of recipients through electronic means. And while we probably think of spam as something new today, it's worth noting that the first documented piece of spam was sent in 1864 - through the telegraph. With the advent of new technologies like the fax machine and telephone, messages and unsolicited calls were quick to show up. Ray Tomlinson is widely accepted as the inventor of email, developing the first mail application in 1971 for the ARPANET. It took longer than one might expect to get abused, likely because it was mostly researchers and people from the military industrial research community. Then in 1978, Gary Thuerk at Digital Equipment Corporation decided to send out a message about the new VAX computer being released by Digital. At the time, there were 2,600 email accounts on ARPANET and his message found its way to 400 of them. That's a little over 15% of the Internet at the time. Can you imagine sending a message to 15% of the Internet today? That would be nearly 600 million people. But it worked. Supposedly he closed $12 million in deals despite rampant complaints back to the Defense Department. But it was too late; the damage was done. He proved that unsolicited junk mail would be a way to sell products. Others caught on. Like Dave Rhodes who popularized MAKE MONEY FAST chains in the 1988. Maybe not a real name but pyramid schemes probably go back to the pyramids so we might as well have them on the Internets. By 1993 unsolicited email was enough of an issue that we started calling it spam. That came from the Monty Python skit where Vikings in a cafe and spam was on everything on the menu. That spam was in reference to canned meat made of pork, sugar, water, salt, potato starch, and sodium nitrate that was originally developed by Jay Hormel in 1937 and due to how cheap and easy it was found itself part of a cultural shift in America. Spam came out of Austin, Minnesota. Jay's dad George incorporated Hormel in 1901 to process hogs and beef and developed canned lunchmeat that evolved into what we think of as Spam today. It was spiced ham, thus spam. During World War II, Spam would find its way to GIs fighting the war and Spam found its way to England and countries the war was being fought in. It was durable and could sit on a shelf for moths. From there it ended up in school lunches, and after fishing sanctions on Japanese-Americans in Hawaii restricted the foods they could haul in, spam found its way there and some countries grew to rely on it due to displaced residents following the war. And yet, it remains a point of scorn in some cases. As the Monty Python sketch mentions, spam was ubiquitous, unavoidable, and repetitive. Same with spam through our email. We rely on email. We need it. Email was the first real, killer app for the Internet. We communicate through it constantly. Despite the gelatinous meat we sometimes get when we expect we're about to land that big deal when we hear the chime that our email client got a new message. It's just unavoidable. That's why a repetitive poster on a list had his messages called spam and the use just grew from there. Spam isn't exclusive to email. Laurence Canter and Martha Siegel sent the first commercial Usenet spam in the “Green Card” just after the NSF allowed commercial activities on the Internet. It was a simple Perl script to sell people on the idea of paying a fee to have them enroll people into the green card lottery. They made over $100,000 and even went so far as to publish a book on guerrilla marketing on the Internet. Canter got disbarred for illegal advertising in 1997. Over the years new ways have come about to try and combat spam. RBLs, or using DNS blacklists to mark hosts as unable to send blacklists and thus having port 25 blocked emerged in 1996 from the Mail Abuse Prevention System, or MAPS. Developed by Dave Rand and Paul Vixie, the list of IP addresses helped for a bit. That is, until spammers realized they could just send from a different IP. Vixie also mentioned the idea of of matching a sender claim to a mail server a message came from as a means of limiting spam, a concept that would later come up again and evolve into the Sender Policy Framework, or SPF for short. That's around the same time Steve Linford founded Spamhaus to block anyone that knowingly spams or provides services to spammers. If you have a cable modem and try to setup an email server on it you've probably had to first get them to unblock your address from their Don't Route list. The next year Mark Jeftovic created a tool called filter.plx to help filter out spam and that project got picked up by Justin Mason who uploaded his new filter to SourceForge in 2001. A filter he called SpamAssassin. Because ninjas are cooler than pirates. Paul Graham, the co-creator of Y Combinator (and author a LISP-like programming language) wrote a paper he called “A Plan for Spam” in 2002. He proposed using a Bayesian filter as antivirus software vendors used to combat spam. That would be embraced and is one of the more common methods still used to block spam. In the paper he would go into detail around how scoring of various words would work and probabilities that compared to the rest of his email that a spam would get flagged. That Bayesian filter would be added to SpamAssassin and others the next year. Dana Valerie Reese came up with the idea for matching sender claims independently and she and Vixie both sparked a conversation and the creation of the Anti-Spam Research Group in the IETF. The European Parliament released the Directive on Privacy and Electronic Communications in the EU criminalizing spam. Australia and Canada followed suit. 2003 also saw the first laws in the US regarding spam. The CAN-SPAM Act of 2003 was signed by President George Bush in 2003 and allowed the FTC to regulate unsolicited commercial emails. Here we got the double-opt-in to receive commercial messages and it didn't take long before the new law was used to prosecute spammers with Nicholas Tombros getting the dubious honor of being the first spammer convicted. What was his spam selling? Porn. He got a $10,000 fine and six months of house arrest. Fighting spam with laws turned international. Christopher Pierson was charged with malicious communication after he sent hoax emails. And even though spammers were getting fined and put in jail all the time, the amount of spam continued to increase. We had pattern filters, Bayesian filters, and even the threat of legal action. But the IETF Anti-Spam Research Group specifications were merged by Meng Weng Wong and by 2006 W. Schlitt joined the paper to form a new Internet standard called the Sender Policy Framework which lives on in RFC 7208. There are a lot of moving parts but at the heart of it, Simple Mail Transfer Protocol, or SMTP, allows sending mail from any connection over port 25 (or others if it's SSL-enabled) and allowing a message to pass requiring very little information - although the sender or sending claim is a requirement. A common troubleshooting technique used to be simply telnetting into port 25 and sending a message from an address to a mailbox on a mail server. Theoretically one could take the MX record, or the DNS record that lists the mail server to deliver mail bound for a domain to and force all outgoing mail to match that. However, due to so much spam, some companies have dedicated outbound mail servers that are different than their MX record and block outgoing mail like people might send if they're using personal mail at work. In order not to disrupt a lot of valid use cases for mail, SPF had administrators create TXT records in DNS that listed which servers could send mail on their behalf. Now a filter could check the header for the SMTP server of a given message and know that it didn't match a server that was allowed to send mail. And so a large chunk of spam was blocked. Yet people still get spam for a variety of reasons. One is that new servers go up all the time just to send junk mail. Another is that email accounts get compromised and used to send mail. Another is that mail servers get compromised. We have filters and even Bayesian and more advanced forms of machine learning. Heck, sometimes we even sign up for a list by giving our email out when buying something from a reputable site or retail vendor. Spam accounts for over 90% of the total email traffic on the Internet. This is despite blacklists, SPF, and filters. And despite the laws and threats spam continues. And it pays well. We mentioned Canter & Sigel. Shane Atkinson was sending 100 million emails per day in 2003. That doesn't happen for free. Nathan Blecharczyk, a co-founder of Airbnb paid his way through Harvard on the back of spam. Some spam sells legitimate products in illegitimate ways, as we saw with early IoT standard X10. Some is used to spread hate and disinformation, going back to Sender Argic, known for denying the Armenian genocide through newsgroups in 1994. Long before infowars existed. Peter Francis-Macrae sent spam to solicit buying domains he didn't own. He was convicted after resorting to blackmail and threats. Jody Michael Smith sold replica watches and served almost a year in prison after he got caught. Some spam is sent to get hosts loaded with malware so they could be controlled as happened with Peter Levashov, the Russian czar of the Kelihos botnet. Oleg Nikolaenko was arrested by the FBI in 2010 for spamming to get hosts in his Mega-D botnet. The Russians are good at this; they even registered the Russian Business Network as a website in 2006 to promote running an ISP for phishing, spam, and the Storm botnet. Maybe Flyman is connected to the Russian oligarchs and so continues to be allowed to operate under the radar. They remain one of the more prolific spammers. Much is sent by a small number of spammers. Khan C. Smith sent a quarter of the spam in the world until he got caught in 2001 and fined $25 million. Again, spam isn't limited to just email. It showed up on Usenet in the early days. And AOL sued Chris “Rizler” Smith for over $5M for his spam on their network. Adam Guerbuez was fined over $800 million dollars for spamming Facebook. And LinkedIn allows people to send me unsolicited messages if they pay extra, probably why Microsoft payed $26 billion for the social network. Spam has been with us since the telegraph; it isn't going anywhere. But we can't allow it to run unchecked. The legitimate organizations that use unsolicited messages to drive business help obfuscate the illegitimate acts where people are looking to steal identities or worse. Gary Thuerk opened a Pandora's box that would have been opened if hadn't of done so. The rise of the commercial Internet and the co-opting of the emerging cyberspace as a place where privacy and so anonymity trump verification hit a global audience of people who are not equal. Inequality breeds crime. And so we continually have to rethink the answers to the question of sovereignty versus the common good. Think about that next time an IRS agent with a thick foreign accent calls asking for your social security number - and remember (if you're old enough) that we used to show our social security cards to grocery store clerks when we wrote checks. Can you imagine?!?!

Are You Getting Dragged Into Dealing With Cybersecurity? Craig Peterson: You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had already been involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. [00:00:39]What I did there was design for Unix systems a way to check for malware and manage them remotely. Yes, indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time. [00:01:05] I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not, a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got many older people who are listening saying, yeah, I remember that. It brings back memories. [00:01:32] In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a great little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. Timex made that. Suppose you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course, was like an 8080, which was Intel's big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress. [00:02:22]The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties. We had some terrible operating systems that many people were running like Windows, just absolutely horrific. [00:02:40] Remember windows three-point 11 and XP and millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code came out in one of the lawsuits for one of these versions of Windows. [00:02:55]It was a different world, and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties, and I hosted email for companies and websites and filtered things with some precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys, and suddenly, customers started calling me because the email wasn't working. It turned out it was working, but it was extremely slow, and I had to figure out why. [00:03:37]I telneted to my server. I got on, started poking around the servers. [00:03:43] I had a computer room and the first floor of the building I owned, and I was on the second floor. So off we go looking around, trying to figure out what is going on. It was me, actually. I said we, but it was really me. Cause I knew the most about this stuff. [00:03:59] These processes just continued to fork, and I was trying to figure out why it is creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten internet rules about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. [00:04:37]You send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today. [00:04:48]I saw some of this stuff going on. I was trying to figure out what it was, but we trusted everybody. So my mail server, which was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that. [00:05:04] Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't, then, what they are today. [00:05:29] In fact, one of our engineers just had to run out to a client who did something we told them not to do. They were using the SonicWall firewall on their network, as well as they had our stuff. So we had an excellent Cisco firepower firewall sitting there. So then they have this SonicWall so that they're people, remotely could connect to the SonicWall firewall because it's good enough. SonicWall says it's compliant. So the SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin. [00:06:08] So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's not been very good. [00:06:23]Boy, am I wandering all over the place? [00:06:24]Back to this, we would allow people to get onto our network to fix things. If something was wrong, if we were misconfigured, they could help us and get on and do it because the Sendmail configuration was not for the faint-hearted. [00:06:42]In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. [00:06:56]I was trying to run a business where we hosted email for companies, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth. [00:07:22]That's what I wanted to do. That was my business. [00:07:26] Later on, I ended up helping 80% of my clients find the other web hosts after these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working. He was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research, and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He hosted all of these 150 at a site that charges the eight to $10 a month for Webhosting.   [00:08:29] He had all of these sites on top of a server that already split up hundreds of ways. It's just amazing what people do. [00:08:38]Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get greedy, and see what happens to you. But, some of them still maintain a good relationship with us, so we help them out from time to time, right? [00:08:52] What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem. [00:09:01] What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That, to me, makes a ton of sense. Why not do that? [00:09:18]This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added this basic malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the most significant exploits used by the bad guys right now is the security team's poor relationship with other employees within the organization. [00:09:56]What's going on, and it goes back to this customer that we just had to run out to. [00:10:01] Why did they do what we told them not to do?

This week we look at how Ubuntu is faring at Pwn2Own 2021 (which still has 1 day and 2 more attempts at pwning Ubuntu 20.10 to go) plus we look at security updates for SpamAssassin, the Linux kernel, Rack and Django, and we cover some open positions on the Ubuntu Security team too.

Welcome!  We have had a very busy week this week so this is a reply of the show aired the end of February.  I'll be back next week. It was also another busy week on the technology front and we are going to delve into what actually caused the energy problems in Texas.  There is a new type of malware that is affecting Macs and it is has a different MO.  Then we are going to discuss Apple and their ventures into automated electric cars and what we can expect. Why are states having issues making appointments for vaccines? In a word, it is bureaucratic incompetence. Then we have a new type of hack out there.  It is called Buy-to-Infect and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: This Basic Math Shows How Wind Energy Failures Contributed To Texas’s Deadly Power Loss An Insider Explains Why Texans Lost Their Power New malware found on 30,000 Macs has security pros stumped Report: Nissan shot down Apple deal to avoid becoming Foxconn of cars N.Y.’s Vaccine Websites Weren’t Working Apple is already working on developing 6G wireless technology Owner of an app that hijacked millions of devices with one update exposes the buy-to-infect scam Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. Hi everybody. Craig Peterson here. I'm so glad to be here. I'm happy you're here as well. There are so many ways to listen. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had been already involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. What I did there was design for Unix systems a way to check for malware, a way to manage them remotely. Yes indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.  I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got a lot of older people who are listening who are saying, yeah, I remember that. It brings back memories.  In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a cool little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. That was made by Timex. If you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course was like an 8080, which was Intel's, big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.  The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties and we had some terrible operating systems that many people were running like Windows, just absolutely horrific. Remember windows three-point 11 and XP and the millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code, it came out in one of the lawsuits, for one of these versions of Windows.  It was a different world and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties and I was hosting email for companies and websites and doing some filtering and things with some kind of precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys and all of a sudden customers started calling me because the email wasn't working.  It turned out it was working, but it was extremely slow and I had to figure out why.  I telneted to my server. I got on, started poking around the servers.  I had a computer room and the first floor of the building that I owned and I was up on the second floor. Off we go looking around trying to figure out what is going on. It was me actually. I said us, but it was really me. Cause I knew the most about this stuff.  There were these processes that just continued to fork and I was trying to figure out why is it creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten rules of the internet about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. You just send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.  I saw some of this stuff going on. I was trying to figure out what it was, but, we trusted everybody. So my mail server was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.  Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't then what they are today. In fact, one of our engineers just had to run out to a client who did something we told them not to do.  They were using the Sonic wall firewall on their network as well as they had our stuff. So we had a really good Cisco firepower firewall sitting there, and then they have this SonicWall so that they're people, remotely could connect to the Sonic wall firewall, because it's good enough. SonicWall says it's compliant. The SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.  So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's been really bad.  Boy, am I wandering all over the place?  Back to this, we would allow people to get onto our network to fix things.  If something was wrong, if we were misconfigured, they could help us and they could get on and do it because Sendmail configuration was not for the faint-hearted. In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. I was trying to run a business where we hosted email for businesses, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.  That's what I wanted to do. That was my business.  Later on, I ended up helping 80% of my clients find the other web hosts after, these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago, went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working he was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He was hosting all of these 150 at a site, the charges, the eight to $10 a month for web hosting.  He had all of these sites on top of a machine that was already split up hundreds of ways. It's just amazing what people do.  Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get cheap, and see what happens to you. Some of them, we still maintain a good relationship with and so we help them out from time to time, right?  What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.  What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That to me makes a ton of sense. Why not do that?  This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added in this basically malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the biggest exploits that are being used by the bad guys right now is the security team's poor relationship with other employees within the organization.  I promise we'll get to this a little bit more and explain the bottom line here. What's going on and it goes back to this customer that we just had to run out to.  Why did they do what we told them not to do?  Stick around. We're getting into the battle between cybersecurity senior officers in companies, owners, business owners, and the, even the employees. There has been such a battle going on.  I saw two examples this week. Hi, everybody, it's a difficult world out there, but I find some comfort in listening to, of course, news radio. It keeps me up to date on what's going on. It helps me to really understand the world a lot better.  I mentioned that one of my guys just had to run out to a client who did something we absolutely told them not to do. They had been using this company that was a break-fix shop, I guess is the way you would put it. They had a business that would respond to problems and they charge by the hour. I think right now their hourly rate is like 160 bucks or something. It is not cheap, but anyhow, That they would sell people equipment and then move on, right? Your problems aren't my problems. Just leave me alone, go away.  It's a beautiful model because their employees at this break-fix shop don't have to understand much. They just have to know more than you do as a customer.  There's one level of understanding that you have, and for someone to appear to be an expert, all they have to do is have slightly more understanding.  That has bothered me so many times listened to the radio and they talk about somebody that's just this great expert, in reality, of course, they are not. But you don't know. That person talking about the expert doesn't know either because they just don't have enough knowledge. Of course, the person that's labeled the expert isn't going to say anything about it.  They were doing what most companies do, which is okay. We know we need a firewall, so let's get a firewall. They went out and they talked to this company and they did their Google research because of course, Dr. Google is an expert on everything.  Even with those differing opinions, you're going to go with the opinion that you like the best.  That's what they did.  They bought a Sonic wall firewall from this vendor, which was a break-fix shop. Now that's all well, and good. The sonic wall is not terrible stuff. They've got some amazing stuff as well. The problem is this device has been out of support for more than two years now. Even though they're not as advanced as some of the systems we can install, not that we always use the most advanced systems. It's not a bad, a little thing for a small business. We warned them that because they were using an out-of-date firewall that they could not get fixes for known vulnerabilities. Now that's a big deal too. Most people are not aware of the vulnerabilities that are on their machines. Do you go out every month and check the firmware versions on your firewall? You should be, even if you're a home user. Are you checking to make sure the firewall that the cable company provided you with is up to date, configured correctly? You've changed the password and the admin username, right? No?  Most people haven't. He hadn't, right. He didn't know. We told them we did a little research and said here's your problem.  That's part of his cyber health assessment. We told them what kind of firewall do you have? What's the version of software on it and we do that. We have a bunch of people that have asked for cyber health assessments. We've got them on a list because we're busy. So we have to schedule these and make them happen.  So we said, do not plug that machine in. Of course, what do they do? They plugged it back in again. So now all of a sudden this morning, we get a wake-up call from our monitors that are running they're on their  Cisco firepower firewall, where we have their extensive suite of additional software. This isn't just an off-shelf, Cisco firewall.  It's telling us that the SonicWall or something through our, via the SonicWall. Is going through all this customer's network. It's actually attacking the Cisco firewall from inside the network. Absolutely amazing. Why does that happen? In this case, the business owner, and it is a  very small business. It has about 5 million in revenue per year, I would guess.  It's a small business by every stretch. The owner just doesn't want to spend the money he doesn't absolutely have to spend. He's not looking at this saying I could lose all my intellectual property. I could get sued by these people. I could lose my clients who find out that their data was released. Their orders were released. Everything was stolen.  He looks at it and says, Oh wow. It's 200 bucks a month. Wait a minute guy, you have how many employees? You're worried about 200 bucks a month. I personally, I don't understand that. Why would you do that?  Now, you're in a poor country. Okay. I get it right. That's a lot of money to spend, but not here in the United States. Doesn't make sense.  A lot of this is really the reason I brought it up. It's showing how there is a disconnect between business owners, C-level people, and cybersecurity people. Basically, if you have less than 200 employees, you cannot afford to have your own cybersecurity team. It's impossible. It's way too expensive.  Then the numbers start to change outsourced cybersecurity, which is what we do.  We do this for this customer and. The in-house cybersecurity people, but we all have the same basic problem. The owner has a problem too, right? He has to weigh the costs of cybersecurity against the risks involved, which is what Equifax did.  What so many of these big companies do, right? There's this, the norm Equifax said it's going to be way cheaper to just pay out $10 million in fines. When we get fined by the federal government for losing everyone in the country's personal financial information then it is to do this or we're not going to bother.  Man, I'd love to see the smoking gun email on that, where they made that final decision, probably doesn't exist. They're smart enough to know that they would get sued and they have been sued because of this.  We've got another problem right now because of people working from home. I mentioned, in fact, this week, you should have gotten an email from me on Thursday. That was a little audio thing that I put together. We call these things, audiograms, and it's a kind of a video that'll play.  This particular one is about part of this problem. We've talked extensively about that water plant in Florida, that was hacked for lack of a better term. It might've been an insider thing. It might've been someone external, et cetera, et cetera. The reason it happened is that business, the water plant for a town of 15,000 people, which would be in a normal world, a small business. That small government operation was all of a sudden faced with lockdowns. What do we do? They didn't have a plan. They didn't have a business continuity plan, which is so important. I talked about it extensively last week as well. They had no way to manage this. So what did they do? They went out and bought team viewer licenses for everybody in the business. That put, well not the business, in this case, the agency, that put the agency at risk. That is putting our businesses at risk too, in such a big way. That's what the audiogram I emailed out on Thursday explaining this a bit.  So stick around. We're going to continue this conversation.   Of course,  you're listening to Craig Peterson online@craigpeterson.com. We have people working from home. We didn't really plan for this. We're doing it because of the lockdown. Maybe, you found that it's actually better for your business, from whatever angle. What are the risks here of people taking computers home? Hello. Everybody Craig, Peterson here. So glad to be with you today. Glad you're taking a few minutes out of your day as well to listen in.  Now I am very concerned about people using computers that they're taking home. I want to make a definition. Maybe there's a better way of saying this, computers that are used at home, home computers should never be used for work.  I'm going to explain why. Computers that are at work probably should not be taken home. We saw the example of this, just this last couple of weeks.  I was talking about this wonderful plugin that I've been using and recommending people use here for a very long time, called the Great Suspender. We've talked at length really about what happened there with the company being bought and then becoming evil, right? Just buying their way into 2 million people's computers.  Sometimes these Chrome extensions that are installed on personal computers get automatically installed and synchronized to your work devices. In fact, that's the default. If you log into Chrome and you're using Google Chrome as your browser and you log into it on your home computer, and when you log into your same account over on your business computer. All of a sudden, now it's syncing. It's syncing things like passwords, which you should not be having Google store for you. You should definitely be using a good password manager and there are a few out there.  If you're not familiar with them or don't know which one to use or how to use them. I have a great little special report on passwords and using password managers. I'd be glad to send it to you. Just email me@craigpeterson.com and I'll send that on-off, right? I'm not making a dime off of that. I want to make you safer.  I don't want to have happened to you what's happened to millions of Americans, including my best buddy who had his information stolen. I've been after him to use password managers. He never did it. I don't know why. Until his paycheck got stolen. Then he came over and I explained it and set it up with them and really helped him out. Maybe we should do a whole webinar showing you how to use these password managers, how to get them set up because it is a little bit tricky. It's certainly different than you're used to. Many people are using their browser Chrome in this example, to save passwords. When you go to a website, you'll automatically have the password there. Maybe you've got it set up so that it'll automatically log you in with all kinds of cool stuff. But there is a very big problem and that is that there is a huge risk with running these extensions, like the Great Suspender. The Great Suspender was approved by Google. It was in the Google store. You could download it from their app store. Absolutely free.   In January of this year in 2021, we had someone out on Twitter, tweet that there was a problem with the security on the Great Suspender. It had been changed. It was being used now to send ads out and other things. That's pretty, pretty bad. The extension wasn't banned until about a month later and you as an end-user had no official notification that this extension was potentially malicious.  Apparently, they could, with this malicious software they embedded, not just show you ad, not just insert their own ads to generate revenue onto the webpage as you were visiting, they could also grab files from your machine. That's a very bad thing.  Now, presumably, if you're at work, you have a team that's helping you outright.  The IT security team, there may be different teams and maybe the same person who also is the office manager, who knows. It does vary. Businesses cannot know what you're doing when you're starting to install those extensions and they are pushing their way onto your office computer because you're using the same Google account in both places. Now, despite the risks, of course, I installed this Great Suspender used it for years and I was pretty happy using it. I know many other people who were in the same boat. Security teams have some great tools. I mentioned my son who's one of our team members got called out to a client. During the break, I was just chatting with him briefly. What had happened is they plugged in this firewall we told them not to plugin. It was apparently hacked from the outside. It had known security vulnerabilities. He had not, this small business owner had not yet paid for maintenance on his little firewall, so he was not getting security updates. In fact, my team member looked at this and found that it had been three years since the firmware on his firewall had been updated. The bad guys got into his network through this secondary firewall, which we told them not to have not to plugin. Our firewall only noticed it because this malware started scanning everything on the network. Of course, it scanned two of our machines, one being the firewall.  Remember this isn't a regular firewall that we put in there. This is a firepower firewall with a whole bunch of extra software on top of it.  In our data center, we have some huge machines that are sitting there watching what's going on remotely. On our client's networks via that firepower firewall.  We started getting all these notices as to what was going on, but this is a great example. We're not updating some of that software. He had a security team and he ignored the security team. We were the security team. We're outsourced cybersecurity that's what we do, but that happens many times.  Many business owners and others look at the cybersecurity situation as having many different shades of gray. What should you do? What shouldn't you do? The teams that are working in these businesses, including us. We have to tell them, Hey, don't use that firewall. Do not plug it in. You don't need it. If you plug it in, it's going to make it way easier for some of your people to work from home.  This is not set up correctly and you're going to have problems. That's a difficult conversation to have with a business owner. We had it and he ignored it much to his peril. In this case, this one is hard to tell how much data was stolen from his business. The impact from this could last for months, and there could be investigations who knows what's going to end up happening here. That business owner and I, because I spoke to him as well about this whole situation before this particular event happened just about two weeks ago. In fact, that was a reminder cause they had plugged it in again. Six months before that we had told the business owner, you can't plug this thing in, you cannot be using it.  How do you do that? How do you let an impacted employee, somebody who's working from home, maybe using their own computer to do work for the business? How can you approach them and tell them, Hey, you cannot use Google Chrome?  You cannot save your passwords on your browser. You cannot install extensions. Even if you had a list of extensions today that were bad, that list is going to be out of date tomorrow, which is going to be a very big problem. Individual users do not have the ability to check this. Frankly, most businesses don't either. Again, that's why a business under 200 employees cannot afford to do this yourself. You just can't. This is a specialty.  We were talking yesterday with a prospect who had been brought to us by a break-fix shop and trying to get this concept through. We're going to talk a little bit more about that. What should you be doing? How can you pay attention? How can you even be safe in this day and age?  Hi everybody. Craig Peterson here. We've been talking about supply chain problems. That's a technical term for it, but the software that we rely on becoming evil, and what can we really do about it? Hello, everybody. You're listening to Craig Peterson.  How do you talk to a business owner and help them understand? That's a problem. Isn't it? Look at what happened a few years back with TJX stores. Them as maybe TJ max, that's one of their stores. They have a number of others. Their cybersecurity guys did something I have seen done before. That is, they went to the management of this massive public company and said, Hey, TJX, we need to get this hardware. We need to get this staffing. The hardware course pretty expensive and it sits there and it does much the same stuff. Even back then. Nowhere as good as today. It's exponential, as to how much better it gets every year, but it was good hardware.  It really could have stopped the hack that happened and it did.  Here's what it did. It noticed the hack was going on. The problem was they were able to say yes to the hardware, the senior management said yes. They got the hardware, but senior management would not get the security technicians that were needed to monitor and run that hardware. They were short-staffed.  That's another problem we're seeing. That's why the companies you're dealing with, whether it's Equifax, with who you do not have a direct business relationship with, and yet have all this information about you and sell that. Or maybe it's just some other website. That's why they lose your data. It's a real bad idea. The bad guys are just waiting out there just siphon all of your data. In many cases, when you're talking about a business and a business website, or even your home computer, they're looking to redirect you to malicious websites. What they'll do is for instance, again, the Great Suspenders' an example, that they claim it's been fixed now. With something like an extension or a plugin that you put in your browser, they could rather easily code it up so that you are going to a website that's malicious. It could look like Bank of America's website and you go there and you enter in your information. You put in your username, you put in your password, it asks you a security question. Maybe maybe not, but your username and password. Then it says incorrect. Then your screen refreshes while your screen just refreshed because you were not at the Bank of America, originally. You were at a malicious website and you entered in your username and password. Now the bad guys have your username and password to your banking system, to your login, to your bank accounts. They got that. That's all they needed. They didn't want you to know that this was going on so they just went ahead and redirected you over to the real bank website. Hence, the supposed reload.  It's a very big weakness here in how IT and security teams operate because too few security teams really can relate with the CEO and vice versa.  I've seen that all of the time with people working for me in cybersecurity, you've got a really good idea of what needs to be done, how it needs to be done when it needs to be done. To you, it's the most important thing in the world, right? You don't want the business to go under, you're going to lose your job, maybe your pension retirement plan is tied to that business. You don't want it to happen, but have you got the trust built up with the senior management?  Then how about the other side of this relationship? How about if you're a cybersecurity person? Even if, again, you're not a professional, you're just the person tasked with it in the office or you're the person tasked with it at home. How do you go to the other employees and tell them you can't use your Google Chrome account here in the office? How are you going to enforce it? How are you going to tell your husband or wife, Hey, that's dangerous? I don't want you installing any of these extensions on your computer. One of the really bad things that people do with their browsers is they put on these real fancy little extensions that give all kinds of extra wonderful information. It ends up as a toolbar and it lets you do searches on this site or that site. Maybe it keeps you up to date on the stocks that you have in your portfolio. You're telling hackers what stocks you own, really? It might be legitimate, right. But who knows? That's the problem. Something like that can really mess you up and send you to malicious sites. You know that your spouse is using that or your kids are using that. How do you talk to them? How do you solve those problems? It's a real problem.  There are some interesting tools that you can use, as professionals. There's a Slack channel I can send you to, if you're interested, actually, it'll be in the newsletter that comes out on Sunday. At least it should be under one of those articles. It is a problem.  Netflix, by the way, is really trying to help you out too. Not only did the Netflix security team provide some feedback for what's called the honest security guide, but it's also made some of its user tools, the tools that you might use at your home to find a movie, et cetera, it might help really to secure you.  Git Hub has this. It is called, this is a Netflix skunkworks, the stethoscope app. It's a desktop application created by Netflix that checks security-related settings and makes recommendations for improving the configuration of your computer. It doesn't require central device management or reporting. You can have a look at that. If you are interested, let me know. I can probably point you in the right direction to the stethoscope app. That's what we want to see in this honest security guide. You'll find it online. At honest security is a guide to your devices, security, which in the biz we call endpoint security and it is cool. You can run through all of this list is a big checklist and talking about why honest, and they're saying dishonesty stops you from doing the right thing.  That's why in my courses, I spend a lot of time, more time in fact, on the why than the how.  I want you to understand honestly, why you should or should not do something. There are so many people who are out there yelling and screaming, jumping up and down. Particularly your antivirus companies. You fake VPN companies who are trying to get you to buy their products that not only do not need in most cases but will actually make your computer less secure.  So we have to be careful about all of this stuff. We have to make sure we are talking. We've got to have a trust relationship set up with the owners of our business. Cause you guys, some of you, I know own businesses, some of you work for a business. We've got people listening to this all over the world and every continent I've even seen a listener down in Antarctica.  I really can say every continent. It's important that we know how to work with our fellow employees, with our management, with our family members, to help them to know what they need to do.  There is no time to wait. We have never seen as many attacks as we're seeing now. We've never seen the government using its resources to attack us more than we have now. We've never seen more billions of dollars stolen per year by the bad guys. There are some basic tenants that you can follow that will make you way more secure. And that's why you're listening. That's why I go through some of these things to help everybody understand.  That's also why I go ahead and make sure that I answer your emails. If you have a question, make sure you go ahead and ask. You can just email me at me@craigpeterson.com. If it's something urgent, I have a form on the bottom of my homepage  @craigpeterson.com. You can give me a little bit more information. I tend to keep an eye on that a little bit better than my general email, although I do use some amazing email software that helps me to keep track of the real email and get rid of the spam and put things in boxes and stuff  craigpeterson.com. It's that simple email me me@craigpeterson.com. If you have questions.  I hope that Google is going to continue to improve itself. I love the fact that they found out that this one extension was malicious. For those of you who might've just tuned in, we're talking about something called the Great Suspender something I've used for years, it became malicious, but they need to do more.  As people who are concerned about security, we just can't wait for the next incident. Just again, this client of mine, who we've been warning about this for months, he's stopped doing what we told him to do, and then decided well it's just too difficult. That's something we hear a lot from businesses. Oh, it just hampers the work. It hampers it because now we have to get permission from it in order to mount this particular drive or gain access to those files or materials. Yes you do, because we have to stop the internal spread of all of this malware and all of these hackers.  It is absolutely worth it.  All right, everybody. Thanks again for joining me today. I really hope you've been enjoying this. I have years' worth of podcasts out there and you'll find all of those at craigpeterson.com/podcast or on your favorite podcast platform.  If you subscribed under iTunes, you might've noticed, ah, yeah, I just released a whole batch there too. I expressed concerns about owning an Apple watch. I held off for a long time. I want to talk about these devices now, the security concerns, but also the amazing health tools that are built right in. Hey, welcome back. This Apple watch is really fascinating. It has been around now for six generations. There are a number of other watches that have had, or tried, I should say, to compete with Apple. They haven't been very successful. You might've noticed that. I have a friend that bought some watches for his family and to him that monitor all of the basic vitals and record them and send them up to his phone. It's a 20-ish dollar watch. He got it from South Korea probably are parts made in China, but it is an inexpensive watch and it does some of the basics at the other end of the scale. Let's have a look right now. I'm going to go to apple.com online, and we're going to click on watch. Here we go, Oh, my they've got special watches so you can buy their watches. It looks like the new one, the Apple watch series six for starting at 400 bucks or they have two different sizes. . They have a more basic watch called the Apple Watch SE that starts at about $300. You can still get the Apple watch series three. Now, these all can monitor high and low heart rates. They can give you irregular heart rhythm notification, but it's only a-fib atrial fibrillation, I think is the only one they can monitor, but all three of those can monitor that. As I said, my buddy's watches, he got for his family at 20 bucks apiece are able to do most of that as well.  These are water-resistant to 50 meters, which is really cool. The series six also has an ECG app. That is very cool. You open the app, you put your finger on the crown of the watch and it gives you an EKG right there on the watch and it feeds it to your phone. On your phone, you can turn it into a PDF. You can share it with your doctor on and on. It's just amazing. It's a three-lead type, I was in emergency medicine, right? A med-tech EMT, EMT-PD can't remember. I had a whole bunch of different certifications back in the day. But it's fantastic for that. It also has a blood oxygen app that monitors your blood oxygen levels. It ties all of this into their new exercise app, which is amazing. That ties into your phone or your iPad.  I will go down in the basement onto the treadmill and I'll select your treadmill workout.  It has dozens of them. Have you seen this really fancy treadmill? A couple of years ago they got in all kinds of trouble because they advertised it around Christmas time and apparently this woman really wanted a treadmill and she got one and she was all excited. All of these people jumped out of the woodwork. All your you're saying she's fat, et cetera. No, she wanted a treadmill. These are amazing treadmills because they have built into them. These streams and you can join classes, et cetera. With the Apple Watch, my iPad, and a subscription to this iHealth app, which you can get as part of this Apple plus thing you can buy for 30 bucks for the whole family, 30 bucks a month.  I don't know how many I have seen probably a hundred different workouts on there.  It has different workouts, different types of weightlifting, running, jogging, treadmills, elliptical machines, everything.  You can pick your pace. You can pick your instructor, you can pick everything. Then your Apple watch is monitoring your body. As you're working out. So it's telling you how many calories you've burned. What's your heart rate is to help keep your heart rate in the best range for you, depending on what kind of a workout you're doing. It also lets you compete against other people. Does this sound like an ad for the Apple watch?  You can compete with other people your age doing the same workout and see where you're at. I was really surprised because typically I am at the front of the pack when it comes to my treadmill workouts. That's really cool as well. Those are some of the basics. There are other things too, that Apple is doing. We've found, right now, that Mount Sinai just came out with an announcement and they said that the Apple watch can predict COVID 19 diagnosis up to a week before testing can detect it. Yes. Isn't that something? Not only can the Apple watch help with certain heart arrhythmias, but it can predict that you have COVID-19 too a week before testing normal testing. Those swabs can find it out.  This is from the journal of medical internet research, which is a peered review journal. And they found that wearable hardware and specifically the Apple watch can effectively predict a positive COVID-19 diagnosis up to a week before the current PCR-based nasal swab tests. They called this the warrior watch study. They had a dedicated Apple watch and the iPhone app, and they had some participants from the Mount Sinai staff and it required, of course, these staff members to use the app to turn on the health and data monitoring and collection, and also asked them to fill out a survey every day to provide some feedback about their potential COVID-19 symptoms. As well as other things like stress can obviously make your heart rate, go up your blood pressure, go up, et cetera. Oh. By the way, Apple, supposedly the rumors are, we'll have a BP sensor in the Apple seven that'll be out later this year, most likely.  So they had several hundred healthcare workers and the primary biometric signal. I know that the studies authors were watching was heart rate variability. This is fascinating to me because it's something that I learned about fairly recently. Then when I got my Apple watch, I read up more about this, but basically, heart rate variability is what it sounds like. It's your heart rate. Let's say your heart is beating at 60 beats per minute. It is not beating once every 10 seconds.  It is not beating once a second. Your heart rate will vary over the course of that minute. If you're healthy.  Obviously, a beat every 10 seconds isn't 60 a minute. Let's use that as an example. Somebody who's almost dead and has six beats per minute. The first heartbeat might be at 10 seconds. The second heartbeat might be at 22 seconds because your heart is supposed to vary its rate of contractions based on immediate feedback. It's not just that you're going out in your running and now you've driven up your heart rate and you're doing your cardio and it or you just walked up a flight of stairs or you stood up, which is another test, by the way, what we're talking about here. You might just be sitting there, but your cells have a different need for oxygen or for the blood. The heart slows down slightly or speeds up slightly.  This heart rate variability is something built into the Apple watch and into the iPhone app that you attach to the Apple watch. Isn't that useful without an iPhone, frankly? Then you can look at your heart rate variability right there.  They said, combining that with the symptoms that people reported, these Mount Sinai staff, that the symptoms that they reported that were associated with COVID-19 including fever, aches, dry cough, gastrointestinal issues, loss of taste and smell corresponded with changes in the heart rate variability. I thought that was just absolutely phenomenal because heart rate variability is considered to be a key indicator of strain on your nervous system. COVID-19 obviously is going to put a strain on the nervous system. Just very neat.  It says here that the study was not only able to predict infections up to a week before tests provided confirmed diagnosis but also revealed that participants' heart rate variability patterns normalized fairly quickly after their diagnosis or turning to normal run about one to two weeks following their positive tests. That's from a TechCrunch, that particular quote.   I am very excited about this, but I am also on the concerned side. I'm concerned because they are collecting vital data from us. All of the major companies, Google and Microsoft and Apple want to be the company that holds all of your personal medical records. We're going to get back to that when we come back here. What is happening? How is your doctor managing your medical records? I was really shocked to find out how that industry is working.  Of course, you're listening to Craig Peterson. Check it out online. Craig peterson.com. Welcome back. What are you doing? Are you asking your doctor how they are handling your medical records? Because I think you probably should based on what I learned just this week. Hi everybody. Craig Peterson here. Thanks for joining me.  We were just talking about health. We're talking about the Apple watch and the fact that there's a lot of competitors out there, some of them, a fraction of the cost. If you buy the Apple watch on terms, you're going to pay less in one month's payment on terms to Apple than you would for some of these other watches out there, but Apple watches do have more features.  Mine even has a built-in cellular modem. Even if I don't have my phone with me, phone calls come through to my watch and text messages, and I can respond and answer. It's really nice. Medically I am very impressed. It has been good at motivating me to do some exercise, to get up, and about just to do a bunch of things I had never, ever done before. Consider that.  It is collecting our data. Apple now has potential access to all of my cardiac data. They've got EKGs that I have run on my watch. They know about my heart rate. They know how often I exercise, and how hard I exercise when I exercise. They know all of this stuff about me. I had a conversation with someone just saying why does that matter? Maybe it's Apple, maybe it's somebody else. Why does it matter?  It does matter. Think about an evil genius, right? The thing about somebody that might want to target Americans and might want medical information about Americans. They can gather it in a number of different ways. We're going to talk about medical records here in a little bit. One of the things they could certainly do is grab all of our watch data. Some of these watches, including my Apple watch, have GPS built into them. When you're out running or jogging, you know where you went, you can plan your route and it'll remind you, Hey, turn here, turn there. That's one of the things I love about the Apple Watch when I'm using it with Apple maps out driving, it taps me on the wrist and reminds me, Hey, in 500 feet, you got to turn.  If I look at the watch, it'll even show me the turn I need to make coming up in 500 feet. It's really amazing. All of this information is being compiled and hopefully, it's being compiled by a company that we can trust. At this point, we can probably trust Apple. Hopefully, they're not going to be broken into. Now, their margins or profit is high enough that they certainly can afford a security team, one capable of defending them and defending our data. I hope they are. I suspect that they are for the most part. How about some of these others? We know Google, for instance, is in the business of collecting and selling our information, is having all of our medical information. Not just the stuff from our watches, but the stuff from our doctors. Are they to be trusted with that kind of information? Going back to that bad guy, that mad scientist we can, and probably do engineer viruses that are targeted at specific things. In fact, the Russians have been doing it. The Soviets' started it, they came up with a phage. That can attack certain viruses and it acts like a virus it gets in and does this little thing. We've got right now, these COVID-19 vaccines and they act like a virus they're messing with, well effectively, the DNA. In fact, it's the RNA, but it's pretending, Hey, I got a message from the DNA, here it is.  What if a bad guy knew that are a certain population in a certain area, and that area was right by this important military base or whatever they came up with something that would target them and they'd have all of the data to do it now. That's obviously an extreme example. A more common example would be that your medical data is there. It's being sold to advertisers and you're going to end up with something.  For instance, there's a company, very big company out there and they sell baby products. What they did was they tracked and they bought this information, but they tracked women who were purchasing certain things. Now, they weren't purchasing things that were directly related to having a baby, right? They weren't purchasing diapers or little jumpsuits or whatever it is. They were purchasing things that were not directly related maybe people wouldn't even think they were typically related to having a baby. Yet they were able to figure this out. They got that good with the data.  So they thought, Oh, okay let's get wise here. Let's send out a postcard, congratulating them on their pregnancy and offering them a discount on something. Yeah. Not a bad idea, frankly.  However, in this case, some of these moms I hadn't told anybody that they were pregnant yet and didn't want to tell anybody that they were pregnant yet. It fell on its face. Didn't it?  How about these ambulance-chasing lawyers that are out there? Are they going to want to gain access to this, to your medical records?  How about your employer? Your employer wants to know I'm going to train this person. Hopefully, they'll stick with us for a while, but is he going to be a burden on our medical plan? Keyman insurance, health insurance, life insurance. Have access to everything about you. That's what really concerns me about these, all of these devices.  Right now, pretty confident that I can give Apple this information and they will keep it pretty safe. But, I said the same thing about the Great Suspender, right? I don't know about the future.  Then I found something out this week that was in my mind extremely disturbing. We have a new clinic that we've picked up as a client. They needed to have security. They had a couple of little security issues. They were worried. They knew they were not HIPAA compliant. They approached us because they know that's what we do is cybersecurity and audits and remediation. Fixing the problems. We pick them up. They're a client. We're in there. They had told us in advance that all of their medical record systems were on-line. It was on the web. All they needed was a web browser to run their business. Okay. That could be a problem. It might be okay. The medical records manufacturer might have good security on all of the records. So we may be safe, although in HIPAA unless you have a business process agreement in place with that vendor if that data is lost, it falls back on the doctor's shoulders. Anyhow, what I found out was, first of all, it wasn't completely web-based, which just shocked me. I'm not talking about they have to scan records or they got the x-ray machine or whatever. It really wasn't web-based and secondarily the company they were using for the medical records was a free service.  The doctor, that clinic, was not paying for their medical records management software.  The way it works is this medical records management company when the doctor prescribes something when the doctor performs a procedure and bills and insurance company, it's all done through this one company and that company takes a chunk of their money. In some cases we found seems to have been inflating the bills that went off to the insurance companies and that, as it turns out is a common practice in the industry. According to the doctors at this clinic, I was shocked, amazed.  Something you might want to look at. Ask your doctors where are your records kept and are they secure? Now we had HIPAA. We thought that would secure it, but it doesn't.  Stick around. Hey, we got a name now for what happened to the Great Suspender and QR code scanner apps over on the Google stores. One at Google Play, the other one over on the Google Chrome store. It's become that popular. Hey, everybody, I wanted to mention this whole new category of malware really, and they're calling it, right now, Buy to infect. What happens is a bad guy, a malware guy buys a legitimate app and then starts infecting it.  We know, obviously, about the one that I've been talking about a lot the Google extension that I used to use all of the time, the Great Suspender. I mentioned this one a few weeks ago, it's called QR code scanner. It's been on the Google play store for a long time, had more than 10 million installs and then all of a sudden it became malicious.  This is a little bit of a different angle on it because, with the Great Suspender, the ownership of that software actually transferred to somebody. With QR code scanner, they were working on a deal with a company and this company wanted to verify the Google play account for QR code scanner. This is all according to the owner, the original owner of QR code scanner.  They said that what had happened is part of this purchase deal. I let them have a look and gain access to the software's key and password prior to purchase so they could confirm the purchase, which doesn't sound too bad. Apparently, as soon as they got a hold of the software's key and password, forget about the purchase, we're going to start infecting it right away.  It ended up getting that app, the QR code scanner app, pulled right from the Google play score store. Of course, now you don't need that quite as much because most of the phone apps when you go to take a picture, the camera apps have built into them, a QR code scanner.  I thought that was fascinating what they did. They totally cheated the company. They didn't even bother buying it. So a little word for the wise out there.  Got another Apple story cause this is showing how the computer industry is really shifting. We've talked about some of the shortages of chips and the shortages of computer chips are so bad that General Motors has had to shut down two-thirds of its manufacturing lines in at least one plant.  Every major automobile manufacturer is having problems making cars because they can't get the chips.  Remember nowadays, a car, a truck is essentially just a computer on wheels. Not really actually computer on wheels. It's really dozens of computers all linked together with a network on wheels.  Apple has been worried about that, right? Supply chain. That's one of the things you're supposed to worry about as a public company. What are the risks going forward including to my supply chain? Obviously your supply chain matters. You gotta be able to make something you need parts, right?  Apple has been upset with Intel for a while. You might remember Apple. When it first came out, was using a Motorola chipset, which was exceptional much better than the Intel chipsets.  Of course, that's my opinion, a lot of people agree with me. You had the 68000, 68010, and 20, et cetera. Very good chips.  When Apple started getting into the laptop business, that's when the problems started to happen.  These Motorola chips gave off a lot of heat and used up a lot of electricity.  At the time Apple looked around and said our only real alternative right now is Intel. Intel has a whole line of chips, different speeds, and they have mobile chips.  Those mobile chips use much less power than the Motorola chips for the main CPU.  They also use less battery. Those two go hand in hand and generate less heat. That's it all goes hand in hand. So they said, we'll start working with Intel. They did. Intel really disappointed them more than once, which is a shame. They disappointed them with the 64-bit migration. AMD, advanced micro devices, beat Intel to the punch. Shockingly Intel started making AMD compatible CPUs right. The 64-bit extensions to the CPU were AMD extensions. They had problems with some of their other chips as well. Mobile chips getting the power usage under control, the heat dissipation problems under control, and they never really lived up to what Apple was hoping for. What everybody in the industry was hoping for. In many ways, Intel has been a huge disappointment, which is really a shame.  We'll look at what they did to the industry, with these predictive instructions, the hyper-threading, and stuff. Where bad guys were able to bring a computer to its knees.  What does Intel say? Here's a firmware patch you can apply to our CPU, those little CPUs you pay upwards of $2,000 for a piece for one chip.  Those CPU's and by the way, it's going to, cut its performance by a minimum of 20%, maybe 50%, that's okay. What are you kidding me?  A lot of people were upset with Intel and Apple and Microsoft and everybody released patches that use the new Intel microcode. You might've noticed when this happened a couple of years ago that your computer slowed down. I certainly noticed, actually, it was little more than a year, anyway, I noticed it because I own a data center. That has a lot of Intel chips in it where we're running mostly Unixes, Linux, and BSD, but we're also running Windows. So the only way to work around this bug was to apply the patch and slow everything way, way down.  Imagine how Apple and Google felt with their huge data centers. IBM too. IBM has Intel-based data centers, as well as its own chips, and boy talking about phenomenal chips, as far as processing power goes, IBM, man, they are still the leader with the power chips and their Z series. That just wow. Mind-blowing.  Most of us are stuck in the Intel world. Apple said we can no longer trust Intel. So what are we going to do? Apple said we've been developing this chip for a long time. Apple took the chip design, they licensed it from this open sourcee type of company that has a number of members. They took this arm architecture and were able to improve it, and keep adding to it, et cetera.  They're still part of this Alliance. They started using these in their iPhones. The iPhones have been using these chips the whole time and they started improving them after they released the first iPhones.  Intel didn't really get them upset until a little later on, too. They came up with newer ones, faster ones, better ones, right to all of these A10 their bionic chips. They've got AI chips, machine learning chips, all Apple designed. Chips, of course, manufactured by third parties, but that's what Apple is using.  Apple has now said we expect all of their Macintosh computers to be based on Apple's CPU within the next two years.  There's already some really good ones out there right now that people like a lot. We've been using them with some of our clients that use Apple. Not everybody has had great luck with them, but Apple is not only ditching Intel, that's not the big story here. Apple's got some job listings out there looking to hire engineers.  So when we get back, we'll tell you more about what Apple is doing and what frankly, I think the rest of the industry should look at. Guess what? They are. It's been Intel versus the rest of the world. They've been winning for years in many categories, but now they're starting to lose, as major manufacturers are starting to leave Intel behind. But there's more to the story still. Hi, everybody.. Craig Peterson here. Thanks for tuning in. We're glad you're here.  In the last segment of the day, I want to point everybody to the website, of course. You can get my newsletter. It comes out every Sunday morning and it highlights one of the articles of the week. It gives you a pointer to my podcast. So you can listen right there. There's just a lot of great information. Plus I'm also doing little training. I'm sending out, hopefully, next week, two little training sessions for everybody to help you understand security a little better, and this applies to business. However, it's not. Strictly business, much of what I talk about is also for home users. So if you want to go along for the ride, come along, we'd be glad to have you. There's a lot to understand and to know that you won't get from anywhere else. It's just amazing. Many other of these radio shows where they are just nothing but fluff and commercials and paid promotions. I'm just shocked at it. It goes against my grain when that sort of thing happens. Absolutely.  We were just talking about Apple and how Apple got upset with Intel, but they're not the only ones upset. We also now have seen a lot of manufacturers who have started producing Chromebooks and surface tablets that are based on chip sets other than Intel's. This is going to be a real problem for Intel. Intel has almost always relied, certainly in the later years has relied on Microsoft and people bought Intel because they wanted Windows. That's the way that goes. It's just like in the early days, people bought an Apple too, because they wanted a great little VisiCalc, the spreadsheet program.  Now, what we're seeing are operating systems that do not require a single line of Microsoft software. Google Chrome is a great example of it. Linux is another great example and people are loving their Google Chrome laptops, and you can buy these laptops for as little as 200 bucks. Now you get what you pay for and all the way up to a couple of grand and they don't have a line single line of Microsoft code. Yet you can still edit Word documents and Excel documents, et cetera. They do not contain any Intel hardware. What was called, well, they might have a chip here or there, but not the main CPU. What used to be called the Wintel monopoly. In other words, Windows-Intel monopoly is dying. It's dying very quickly.  Apple is not helping now. Apple, they've had somewhere between seven and 10% market share in the computer business for quite a while. Personally, I far prefer Apple Macintoshes over anything else out there by far.  I use them every day. So that's me.  I don't know about you. There's a little bit of a learning curve. Although people who aren't that computer literate find it easier to learn how to use a Mac than to learn how to use Windows, which makes sense.  Apple has really done a great job. A bang-up job. With these new chips, it's getting even faster. We are now finding out from a report from Bloomberg who first started these, that Apple has been posting job listings, looking for engineers to work on 6G technology. 6G, right now we're rolling out 5g, which hasn't been a huge win because of the fact that if you want really fast 5g, like the type Verizon provides, you have to have a lot of micro-cell sites everywhere. They have to be absolutely everywhere.  Of course, it's just not financially reasonable to put them up in smaller communities. If the Biden administration continues the way they're going with the FCC and the open internet type thing of a-bits-a-bit, then there will be no incentive for any of these carriers to expand their networks because they can't charge more for better service. If you can imagine that. Ajit Pai fought against that for many years, Trump's appointee as chairman to the FCC, but things are changing. The wind has changed down in Washington, so we'll lose some of those jobs and we're not going to get all of the benefits of 5g. If he keeps us up. 6G is coming.   What that means is Qualcomm, who is the manufacturer of record for most of the modems that are in our cell phones. Qualcomm has also missed some deadlines. Apple is tired of dependencies on third parties because Qualcomm might have somebody else that buys way more chips. It might be able to sell the same chip to the military of whatever country for a much, much higher price. They can sell it to consumers. Maybe they just change the label on it and call it a mill spec, and often goes right, who knows? What they're doing out there, but Apple doesn't want to do that anymore. They are looking for engineers to define and perform the research for the next generation standards of wireless communications, such as 6G The ads say you will research and design next-generation 6G wireless communication systems for radio access networks with emphasis on the physical Mac L two and L three layers. Fascinating, eh? What do you think?  I think a huge deal as Apple continues to ditch, many of its vendors that have not been living up to the standards Apple has set.  Apple has moved some of the manufacturing back to the United States. More of the assembly has been moved here. The manufacturing, it's starting to come back again. We'll see the Trump administration really wanted it here.  We need it here, not just for jobs, we needed it here for our security. We've talked about that before, too, right? I want to also point out speaking of Apple and manufacturing, China, of course, does most of it for Apple and Foxconn is the company in China that makes almost all of this stuff for Apple. It's huge. Foxconn owns cities. Huge cities. They have high rises where people basically don't see the light of day, these high rise factories. You live there, you eat there, you shop there, you work there.  Like the old company store who is it, Tennessee Ernie, right? Owe my soul to the company store. That's what's happening over there. And Foxconn has kept its costs low by bringing people in from the fields, if you will, out there being farmers and paying them extremely low wages. On top of all of that, in some cases they're using slave labor. I found this article very interesting, from Ars Technica's, Timothy B. Lee. He's talking about a potential partnership between Apple and Nissan. Let me remember. I mentioned Apple talking with Kia and Kia is denying it. The financial times reported on Sunday that this potential deal between Apple and Nissan fell apart because Apple wanted Nissan to build Apple cars, they would have the Apple logo on them. They all be branded Apple. It wouldn't say Nissan unless you took something seriously apart you might find it inside.  Nissan wanted to keep the Nissan brand on its own vehicles. Bloomberg reported last week that the negotiations with Kia and of course its parent companies Huyndaiin South Korea had ended without a deal. The Financial Times said that Apple has also sounded out BMW as a potential partner because Apple doesn't make cars. So how are they going to do this? Apparently the talks faltered with Apple and Nissan because Nissan had a fear and apparently this is true of Kia too, of becoming quote the Foxconn of the auto industry, unquote, which is a reference to this Chinese well it's Taiwanese technically, but a group that manufacturers are while actually assembles the iPhones. Fascinating. Isn't it fascinating.  When you start to dig into this self-driving technology and the numbers behind it, that's where you wonder, why is Apple even trying at this point, Apple's test vehicles only traveled 18,000 miles on California roads. Between 2019 and 2020, or over the course of about a year, late in both years. 18,000 miles in a year.

3月30日の情報セキュリティーニュース　＃22 1.コミュニケーションツール「Cisco Jabber」に深刻な脆弱性 2.HTTPサーバのライブラリ「libmicrohttpd」にバッファオーバーフローの脆弱性 3.「SpamAssassin」に脆弱性 - 悪意ある設定ファイルでコード実行のおそれ 4.医療関連用品の通販サイトに不正アクセス - クレカ情報流出の可能性 5.データベース「MariaDB」に脆弱性 - OSコマンド実行のおそれ 6.不正アクセスで個人情報約6.5万件が流出か - 日清製粉関連会社 7.ネットスーパーで無関係の顧客情報が表示される不具合 - ヤオコー 雑談 紹介　2019～2020 年制御システムセキュリティアセスメント報告書 各組織の対策状況①：リスク管理と統制 自組織のインシデントで過去に顕在化した脅威のみについてリスク分析に終始していた ＃サイバーセキュリティ ＃情報セキュリティ

Welcome!   It was also another busy week on the technology front and we are going to delve into what actually caused the energy problems in Texas.  There is a new type of malware that is affecting Macs and it is has a different MO.  Then we are going to discuss Apple and their ventures into automated electric cars and what we can expect. Why are states having issues making appointments for vaccines? In a word, it is bureaucratic incompetence. Then we have a new type of hack out there.  It is called Buy-to-Infect and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: This Basic Math Shows How Wind Energy Failures Contributed To Texas’s Deadly Power Loss An Insider Explains Why Texans Lost Their Power New malware found on 30,000 Macs has security pros stumped Report: Nissan shot down Apple deal to avoid becoming Foxconn of cars N.Y.’s Vaccine Websites Weren’t Working Apple is already working on developing 6G wireless technology Owner of an app that hijacked millions of devices with one update exposes the buy-to-infect scam Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. Hi everybody. Craig Peterson here. I'm so glad to be here. I'm happy your here as well. There are so many ways to listen. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had been already involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. What I did there was design for Unix systems a way to check for malware, a way to manage them remotely. Yes indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.  I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got a lot of older people who are listening who are saying, yeah, I remember that. It brings back memories.  In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a cool little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. That was made by Timex. If you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course was like an 8080, which was Intel's, big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.  The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties and we had some terrible operating systems that many people were running like Windows, just absolutely horrific. Remember windows three-point 11 and XP and the millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code, it came out in one of the lawsuits, for one of these versions of Windows.  It was a different world and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties and I was hosting email for companies and websites and doing some filtering and things with some kind of precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys and all of a sudden customers started calling me because the email wasn't working.  It turned out it was working, but it was extremely slow and I had to figure out why.  I telneted to my server. I got on, started poking around the servers.  I had a computer room and the first floor of the building that I owned and I was up on the second floor. Off we go looking around trying to figure out what is going on. It was me actually. I said us, but it was really me. Cause I knew the most about this stuff.  There were these processes that just continued to fork and I was trying to figure out why is it creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten rules of the internet about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. You just send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.  I saw some of this stuff going on. I was trying to figure out what it was, but, we trusted everybody. So my mail server was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.  Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't then what they are today. In fact, one of our engineers just had to run out to a client who did something we told them not to do.  They were using the Sonic wall firewall on their network as well as they had our stuff. So we had a really good Cisco firepower firewall sitting there, and then they have this SonicWall so that they're people, remotely could connect to the Sonic wall firewall, because it's good enough. SonicWall says it's compliant. The SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.  So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's been really bad.  Boy, am I wandering all over the place?  Back to this, we would allow people to get onto our network to fix things.  If something was wrong, if we were misconfigured, they could help us and they could get on and do it because Sendmail configuration was not for the faint-hearted. In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. I was trying to run a business where we hosted email for businesses, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.  That's what I wanted to do. That was my business.  Later on, I ended up helping 80% of my clients find the other web hosts after, these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago, went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working he was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He was hosting all of these 150 at a site, the charges, the eight to $10 a month for web hosting.  He had all of these sites on top of a machine that was already split up hundreds of ways. It's just amazing what people do.  Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get cheap, and see what happens to you. Some of them, we still maintain a good relationship with and so we help them out from time to time, right?  What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.  What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That to me makes a ton of sense. Why not do that?  This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added in this basically malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the biggest exploits that are being used by the bad guys right now is the security team's poor relationship with other employees within the organization.  I promise we'll get to this a little bit more and explain the bottom line here. What's going on and it goes back to this customer that we just had to run out to.  Why did they do what we told them not to do?  Stick around. We're getting into the battle between cybersecurity senior officers in companies, owners, business owners, and the, even the employees. There has been such a battle going on.  I saw two examples this week. Hi, everybody, it's a difficult world out there, but I find some comfort in listening to, of course, news radio. It keeps me up to date on what's going on. It helps me to really understand the world a lot better.  I mentioned that one of my guys just had to run out to a client who did something we absolutely told them not to do. They had been using this company that was a break-fix shop, I guess is the way you would put it. They had a business that would respond to problems and they charge by the hour. I think right now their hourly rate is like 160 bucks or something. It is not cheap, but anyhow, That they would sell people equipment and then move on, right? Your problems aren't my problems. Just leave me alone, go away.  It's a beautiful model because their employees at this break-fix shop don't have to understand much. They just have to know more than you do as a customer.  There's one level of understanding that you have, and for someone to appear to be an expert, all they have to do is have slightly more understanding.  That has bothered me so many times listened to the radio and they talk about somebody that's just this great expert, in reality, of course, they are not. But you don't know. That person talking about the expert doesn't know either because they just don't have enough knowledge. Of course, the person that's labeled the expert isn't going to say anything about it.  They were doing what most companies do, which is okay. We know we need a firewall, so let's get a firewall. They went out and they talked to this company and they did their Google research because of course, Dr. Google is an expert on everything.  Even with those differing opinions, you're going to go with the opinion that you like the best.  That's what they did.  They bought a Sonic wall firewall from this vendor, which was a break-fix shop. Now that's all well, and good. The sonic wall is not terrible stuff. They've got some amazing stuff as well. The problem is this device has been out of support for more than two years now. Even though they're not as advanced as some of the systems we can install, not that we always use the most advanced systems. It's not a bad, a little thing for a small business. We warned them that because they were using an out-of-date firewall that they could not get fixes for known vulnerabilities. Now that's a big deal too. Most people are not aware of the vulnerabilities that are on their machines. Do you go out every month and check the firmware versions on your firewall? You should be, even if you're a home user. Are you checking to make sure the firewall that the cable company provided you with is up to date, configured correctly? You've changed the password and the admin username, right? No?  Most people haven't. He hadn't, right. He didn't know. We told them we did a little research and said here's your problem.  That's part of his cyber health assessment. We told them what kind of firewall do you have? What's the version of software on it and we do that. We have a bunch of people that have asked for cyber health assessments. We've got them on a list because we're busy. So we have to schedule these and make them happen.  So we said, do not plug that machine in. Of course, what do they do? They plugged it back in again. So now all of a sudden this morning, we get a wake-up call from our monitors that are running they're on their  Cisco firepower firewall, where we have their extensive suite of additional software. This isn't just an off-shelf, Cisco firewall.  It's telling us that the SonicWall or something through our, via the SonicWall. Is going through all this customer's network. It's actually attacking the Cisco firewall from inside the network. Absolutely amazing. Why does that happen? In this case, the business owner, and it is a  very small business. It has about 5 million in revenue per year, I would guess.  It's a small business by every stretch. The owner just doesn't want to spend the money he doesn't absolutely have to spend. He's not looking at this saying I could lose all my intellectual property. I could get sued by these people. I could lose my clients who find out that their data was released. Their orders were released. Everything was stolen.  He looks at it and says, Oh wow. It's 200 bucks a month. Wait a minute guy, you have how many employees? You're worried about 200 bucks a month. I personally, I don't understand that. Why would you do that?  Now, you're in a poor country. Okay. I get it right. That's a lot of money to spend, but not here in the United States. Doesn't make sense.  A lot of this is really the reason I brought it up. It's showing how there is a disconnect between business owners, C-level people, and cybersecurity people. Basically, if you have less than 200 employees, you cannot afford to have your own cybersecurity team. It's impossible. It's way too expensive.  Then the numbers start to change outsourced cybersecurity, which is what we do.  We do this for this customer and. The in-house cybersecurity people, but we all have the same basic problem. The owner has a problem too, right? He has to weigh the costs of cybersecurity against the risks involved, which is what Equifax did.  What so many of these big companies do, right? There's this, the norm Equifax said it's going to be way cheaper to just pay out $10 million in fines. When we get fined by the federal government for losing everyone in the country's personal financial information then it is to do this or we're not going to bother.  Man, I'd love to see the smoking gun email on that, where they made that final decision, probably doesn't exist. They're smart enough to know that they would get sued and they have been sued because of this.  We've got another problem right now because of people working from home. I mentioned, in fact, this week, you should have gotten an email from me on Thursday. That was a little audio thing that I put together. We call these things, audiograms, and it's a kind of a video that'll play.  This particular one is about part of this problem. We've talked extensively about that water plant in Florida, that was hacked for lack of a better term. It might've been an insider thing. It might've been someone external, et cetera, et cetera. The reason it happened is that business, the water plant for a town of 15,000 people, which would be in a normal world, a small business. That small government operation was all of a sudden faced with lockdowns. What do we do? They didn't have a plan. They didn't have a business continuity plan, which is so important. I talked about it extensively last week as well. They had no way to manage this. So what did they do? They went out and bought team viewer licenses for everybody in the business. That put, well not the business, in this case, the agency, that put the agency at risk. That is putting our businesses at risk too, in such a big way. That's what the audiogram I emailed out on Thursday explaining this a bit.  So stick around. We're going to continue this conversation.   Of course,  you're listening to Craig Peterson online@craigpeterson.com. We have people working from home. We didn't really plan for this. We're doing it because of the lockdown. Maybe, you found that it's actually better for your business, from whatever angle. What are the risks here of people taking computers home? Hello. Everybody Craig, Peterson here. So glad to be with you today. Glad you're taking a few minutes out of your day as well to listen in.  Now I am very concerned about people using computers that they're taking home. I want to make a definition. Maybe there's a better way of saying this, computers that are used at home, home computers should never be used for work.  I'm going to explain why. Computers that are at work probably should not be taken home. We saw the example of this, just this last couple of weeks.  I was talking about this wonderful plugin that I've been using and recommending people use here for a very long time, called the Great Suspender. We've talked at length really about what happened there with the company being bought and then becoming evil, right? Just buying their way into 2 million people's computers.  Sometimes these Chrome extensions that are installed on personal computers get automatically installed and synchronized to your work devices. In fact, that's the default. If you log into Chrome and you're using Google Chrome as your browser and you log into it on your home computer, and when you log into your same account over on your business computer. All of a sudden, now it's syncing. It's syncing things like passwords, which you should not be having Google store for you. You should definitely be using a good password manager and there are a few out there.  If you're not familiar with them or don't know which one to use or how to use them. I have a great little special report on passwords and using password managers. I'd be glad to send it to you. Just email me@craigpeterson.com and I'll send that on-off, right? I'm not making a dime off of that. I want to make you safer.  I don't want to have happened to you what's happened to millions of Americans, including my best buddy who had his information stolen. I've been after him to use password managers. He never did it. I don't know why. Until his paycheck got stolen. Then he came over and I explained it and set it up with them and really helped him out. Maybe we should do a whole webinar showing you how to use these password managers, how to get them set up because it is a little bit tricky. It's certainly different than you're used to. Many people are using their browser Chrome in this example, to save passwords. When you go to a website, you'll automatically have the password there. Maybe you've got it set up so that it'll automatically log you in with all kinds of cool stuff. But there is a very big problem and that is that there is a huge risk with running these extensions, like the Great Suspender. The Great Suspender was approved by Google. It was in the Google store. You could download it from their app store. Absolutely free.   In January of this year in 2021, we had someone out on Twitter, tweet that there was a problem with the security on the Great Suspender. It had been changed. It was being used now to send ads out and other things. That's pretty, pretty bad. The extension wasn't banned until about a month later and you as an end-user had no official notification that this extension was potentially malicious.  Apparently, they could, with this malicious software they embedded, not just show you ad, not just insert their own ads to generate revenue onto the webpage as you were visiting, they could also grab files from your machine. That's a very bad thing.  Now, presumably, if you're at work, you have a team that's helping you outright.  The IT security team, there may be different teams and maybe the same person who also is the office manager, who knows. It does vary. Businesses cannot know what you're doing when you're starting to install those extensions and they are pushing their way onto your office computer because you're using the same Google account in both places. Now, despite the risks, of course, I installed this Great Suspender used it for years and I was pretty happy using it. I know many other people who were in the same boat. Security teams have some great tools. I mentioned my son who's one of our team members got called out to a client. During the break, I was just chatting with him briefly. What had happened is they plugged in this firewall we told them not to plugin. It was apparently hacked from the outside. It had known security vulnerabilities. He had not, this small business owner had not yet paid for maintenance on his little firewall, so he was not getting security updates. In fact, my team member looked at this and found that it had been three years since the firmware on his firewall had been updated. The bad guys got into his network through this secondary firewall, which we told them not to have not to plugin. Our firewall only noticed it because this malware started scanning everything on the network. Of course, it scanned two of our machines, one being the firewall.  Remember this isn't a regular firewall that we put in there. This is a firepower firewall with a whole bunch of extra software on top of it.  In our data center, we have some huge machines that are sitting there watching what's going on remotely. On our client's networks via that firepower firewall.  We started getting all these notices as to what was going on, but this is a great example. We're not updating some of that software. He had a security team and he ignored the security team. We were the security team. We're outsourced cybersecurity that's what we do, but that happens many times.  Many business owners and others look at the cybersecurity situation as having many different shades of gray. What should you do? What shouldn't you do? The teams that are working in these businesses, including us. We have to tell them, Hey, don't use that firewall. Do not plug it in. You don't need it. If you plug it in, it's going to make it way easier for some of your people to work from home.  This is not set up correctly and you're going to have problems. That's a difficult conversation to have with a business owner. We had it and he ignored it much to his peril. In this case, this one is hard to tell how much data was stolen from his business. The impact from this could last for months, and there could be investigations who knows what's going to end up happening here. That business owner and I, because I spoke to him as well about this whole situation before this particular event happened just about two weeks ago. In fact, that was a reminder cause they had plugged it in again. Six months before that we had told the business owner, you can't plug this thing in, you cannot be using it.  How do you do that? How do you let an impacted employee, somebody who's working from home, maybe using their own computer to do work for the business? How can you approach them and tell them, Hey, you cannot use Google Chrome?  You cannot save your passwords on your browser. You cannot install extensions. Even if you had a list of extensions today that were bad, that list is going to be out of date tomorrow, which is going to be a very big problem. Individual users do not have the ability to check this. Frankly, most businesses don't either. Again, that's why a business under 200 employees cannot afford to do this yourself. You just can't. This is a specialty.  We were talking yesterday with a prospect who had been brought to us by a break-fix shop and trying to get this concept through. We're going to talk a little bit more about that. What should you be doing? How can you pay attention? How can you even be safe in this day and age?  Hi everybody. Craig Peterson here. We've been talking about supply chain problems. That's a technical term for it, but the software that we rely on becoming evil, and what can we really do about it? Hello, everybody. You're listening to Craig Peterson.  How do you talk to a business owner and help them understand? That's a problem. Isn't it? Look at what happened a few years back with TJX stores. Them as maybe TJ max, that's one of their stores. They have a number of others. Their cybersecurity guys did something I have seen done before. That is, they went to the management of this massive public company and said, Hey, TJX, we need to get this hardware. We need to get this staffing. The hardware course pretty expensive and it sits there and it does much the same stuff. Even back then. Nowhere as good as today. It's exponential, as to how much better it gets every year, but it was good hardware.  It really could have stopped the hack that happened and it did.  Here's what it did. It noticed the hack was going on. The problem was they were able to say yes to the hardware, the senior management said yes. They got the hardware, but senior management would not get the security technicians that were needed to monitor and run that hardware. They were short-staffed.  That's another problem we're seeing. That's why the companies you're dealing with, whether it's Equifax, with who you do not have a direct business relationship with, and yet have all this information about you and sell that. Or maybe it's just some other website. That's why they lose your data. It's a real bad idea. The bad guys are just waiting out there just siphon all of your data. In many cases, when you're talking about a business and a business website, or even your home computer, they're looking to redirect you to malicious websites. What they'll do is for instance, again, the Great Suspenders' an example, that they claim it's been fixed now. With something like an extension or a plugin that you put in your browser, they could rather easily code it up so that you are going to a website that's malicious. It could look like Bank of America's website and you go there and you enter in your information. You put in your username, you put in your password, it asks you a security question. Maybe maybe not, but your username and password. Then it says incorrect. Then your screen refreshes while your screen just refreshed because you were not at the Bank of America, originally. You were at a malicious website and you entered in your username and password. Now the bad guys have your username and password to your banking system, to your login, to your bank accounts. They got that. That's all they needed. They didn't want you to know that this was going on so they just went ahead and redirected you over to the real bank website. Hence, the supposed reload.  It's a very big weakness here in how IT and security teams operate because too few security teams really can relate with the CEO and vice versa.  I've seen that all of the time with people working for me in cybersecurity, you've got a really good idea of what needs to be done, how it needs to be done when it needs to be done. To you, it's the most important thing in the world, right? You don't want the business to go under, you're going to lose your job, maybe your pension retirement plan is tied to that business. You don't want it to happen, but have you got the trust built up with the senior management?  Then how about the other side of this relationship? How about if you're a cybersecurity person? Even if, again, you're not a professional, you're just the person tasked with it in the office or you're the person tasked with it at home. How do you go to the other employees and tell them you can't use your Google Chrome account here in the office? How are you going to enforce it? How are you going to tell your husband or wife, Hey, that's dangerous? I don't want you installing any of these extensions on your computer. One of the really bad things that people do with their browsers is they put on these real fancy little extensions that give all kinds of extra wonderful information. It ends up as a toolbar and it lets you do searches on this site or that site. Maybe it keeps you up to date on the stocks that you have in your portfolio. You're telling hackers what stocks you own, really? It might be legitimate, right. But who knows? That's the problem. Something like that can really mess you up and send you to malicious sites. You know that your spouse is using that or your kids are using that. How do you talk to them? How do you solve those problems? It's a real problem.  There are some interesting tools that you can use, as professionals. There's a Slack channel I can send you to, if you're interested, actually, it'll be in the newsletter that comes out on Sunday. At least it should be under one of those articles. It is a problem.  Netflix, by the way, is really trying to help you out too. Not only did the Netflix security team provide some feedback for what's called the honest security guide, but it's also made some of its user tools, the tools that you might use at your home to find a movie, et cetera, it might help really to secure you.  Git Hub has this. It is called, this is a Netflix skunkworks, the stethoscope app. It's a desktop application created by Netflix that checks security-related settings and makes recommendations for improving the configuration of your computer. It doesn't require central device management or reporting. You can have a look at that. If you are interested, let me know. I can probably point you in the right direction to the stethoscope app. That's what we want to see in this honest security guide. You'll find it online. At honest security is a guide to your devices, security, which in the biz we call endpoint security and it is cool. You can run through all of this list is a big checklist and talking about why honest, and they're saying dishonesty stops you from doing the right thing.  That's why in my courses, I spend a lot of time, more time in fact, on the why than the how.  I want you to understand honestly, why you should or should not do something. There are so many people who are out there yelling and screaming, jumping up and down. Particularly your antivirus companies. You fake VPN companies who are trying to get you to buy their products that not only do not need in most cases but will actually make your computer less secure.  So we have to be careful about all of this stuff. We have to make sure we are talking. We've got to have a trust relationship set up with the owners of our business. Cause you guys, some of you, I know own businesses, some of you work for a business. We've got people listening to this all over the world and every continent I've even seen a listener down in Antarctica.  I really can say every continent. It's important that we know how to work with our fellow employees, with our management, with our family members, to help them to know what they need to do.  There is no time to wait. We have never seen as many attacks as we're seeing now. We've never seen the government using its resources to attack us more than we have now. We've never seen more billions of dollars stolen per year by the bad guys. There are some basic tenants that you can follow that will make you way more secure. And that's why you're listening. That's why I go through some of these things to help everybody understand.  That's also why I go ahead and make sure that I answer your emails. If you have a question, make sure you go ahead and ask. You can just email me at me@craigpeterson.com. If it's something urgent, I have a form on the bottom of my homepage  @craigpeterson.com. You can give me a little bit more information. I tend to keep an eye on that a little bit better than my general email, although I do use some amazing email software that helps me to keep track of the real email and get rid of the spam and put things in boxes and stuff  craigpeterson.com. It's that simple email me me@craigpeterson.com. If you have questions.  I hope that Google is going to continue to improve itself. I love the fact that they found out that this one extension was malicious. For those of you who might've just tuned in, we're talking about something called the Great Suspender something I've used for years, it became malicious, but they need to do more.  As people who are concerned about security, we just can't wait for the next incident. Just again, this client of mine, who we've been warning about this for months, he's stopped doing what we told him to do, and then decided well it's just too difficult. That's something we hear a lot from businesses. Oh, it just hampers the work. It hampers it because now we have to get permission from it in order to mount this particular drive or gain access to those files or materials. Yes you do, because we have to stop the internal spread of all of this malware and all of these hackers.  It is absolutely worth it.  All right, everybody. Thanks again for joining me today. I really hope you've been enjoying this. I have years' worth of podcasts out there and you'll find all of those at craigpeterson.com/podcast or on your favorite podcast platform.  If you subscribed under iTunes, you might've noticed, ah, yeah, I just released a whole batch there too. I expressed concerns about owning an Apple watch. I held off for a long time. I want to talk about these devices now, the security concerns, but also the amazing health tools that are built right in. Hey, welcome back. This Apple watch is really fascinating. It has been around now for six generations. There are a number of other watches that have had, or tried, I should say, to compete with Apple. They haven't been very successful. You might've noticed that. I have a friend that bought some watches for his family and to him that monitor all of the basic vitals and record them and send them up to his phone. It's a 20-ish dollar watch. He got it from South Korea probably are parts made in China, but it is an inexpensive watch and it does some of the basics at the other end of the scale. Let's have a look right now. I'm going to go to apple.com online, and we're going to click on watch. Here we go, Oh, my they've got special watches so you can buy their watches. It looks like the new one, the Apple watch series six for starting at 400 bucks or they have two different sizes. . They have a more basic watch called the Apple Watch SE that starts at about $300. You can still get the Apple watch series three. Now, these all can monitor high and low heart rates. They can give you irregular heart rhythm notification, but it's only a-fib atrial fibrillation, I think is the only one they can monitor, but all three of those can monitor that. As I said, my buddy's watches, he got for his family at 20 bucks apiece are able to do most of that as well.  These are water-resistant to 50 meters, which is really cool. The series six also has an ECG app. That is very cool. You open the app, you put your finger on the crown of the watch and it gives you an EKG right there on the watch and it feeds it to your phone. On your phone, you can turn it into a PDF. You can share it with your doctor on and on. It's just amazing. It's a three-lead type, I was in emergency medicine, right? A med-tech EMT, EMT-PD can't remember. I had a whole bunch of different certifications back in the day. But it's fantastic for that. It also has a blood oxygen app that monitors your blood oxygen levels. It ties all of this into their new exercise app, which is amazing. That ties into your phone or your iPad.  I will go down in the basement onto the treadmill and I'll select your treadmill workout.  It has dozens of them. Have you seen this really fancy treadmill? A couple of years ago they got in all kinds of trouble because they advertised it around Christmas time and apparently this woman really wanted a treadmill and she got one and she was all excited. All of these people jumped out of the woodwork. All your you're saying she's fat, et cetera. No, she wanted a treadmill. These are amazing treadmills because they have built into them. These streams and you can join classes, et cetera. With the Apple Watch, my iPad, and a subscription to this iHealth app, which you can get as part of this Apple plus thing you can buy for 30 bucks for the whole family, 30 bucks a month.  I don't know how many I have seen probably a hundred different workouts on there.  It has different workouts, different types of weightlifting, running, jogging, treadmills, elliptical machines, everything.  You can pick your pace. You can pick your instructor, you can pick everything. Then your Apple watch is monitoring your body. As you're working out. So it's telling you how many calories you've burned. What's your heart rate is to help keep your heart rate in the best range for you, depending on what kind of a workout you're doing. It also lets you compete against other people. Does this sound like an ad for the Apple watch?  You can compete with other people your age doing the same workout and see where you're at. I was really surprised because typically I am at the front of the pack when it comes to my treadmill workouts. That's really cool as well. Those are some of the basics. There are other things too, that Apple is doing. We've found, right now, that Mount Sinai just came out with an announcement and they said that the Apple watch can predict COVID 19 diagnosis up to a week before testing can detect it. Yes. Isn't that something? Not only can the Apple watch help with certain heart arrhythmias, but it can predict that you have COVID-19 too a week before testing normal testing. Those swabs can find it out.  This is from the journal of medical internet research, which is a peered review journal. And they found that wearable hardware and specifically the Apple watch can effectively predict a positive COVID-19 diagnosis up to a week before the current PCR-based nasal swab tests. They called this the warrior watch study. They had a dedicated Apple watch and the iPhone app, and they had some participants from the Mount Sinai staff and it required, of course, these staff members to use the app to turn on the health and data monitoring and collection, and also asked them to fill out a survey every day to provide some feedback about their potential COVID-19 symptoms. As well as other things like stress can obviously make your heart rate, go up your blood pressure, go up, et cetera. Oh. By the way, Apple, supposedly the rumors are, we'll have a BP sensor in the Apple seven that'll be out later this year, most likely.  So they had several hundred healthcare workers and the primary biometric signal. I know that the studies authors were watching was heart rate variability. This is fascinating to me because it's something that I learned about fairly recently. Then when I got my Apple watch, I read up more about this, but basically, heart rate variability is what it sounds like. It's your heart rate. Let's say your heart is beating at 60 beats per minute. It is not beating once every 10 seconds.  It is not beating once a second. Your heart rate will vary over the course of that minute. If you're healthy.  Obviously, a beat every 10 seconds isn't 60 a minute. Let's use that as an example. Somebody who's almost dead and has six beats per minute. The first heartbeat might be at 10 seconds. The second heartbeat might be at 22 seconds because your heart is supposed to vary its rate of contractions based on immediate feedback. It's not just that you're going out in your running and now you've driven up your heart rate and you're doing your cardio and it or you just walked up a flight of stairs or you stood up, which is another test, by the way, what we're talking about here. You might just be sitting there, but your cells have a different need for oxygen or for the blood. The heart slows down slightly or speeds up slightly.  This heart rate variability is something built into the Apple watch and into the iPhone app that you attach to the Apple watch. Isn't that useful without an iPhone, frankly? Then you can look at your heart rate variability right there.  They said, combining that with the symptoms that people reported, these Mount Sinai staff, that the symptoms that they reported that were associated with COVID-19 including fever, aches, dry cough, gastrointestinal issues, loss of taste and smell corresponded with changes in the heart rate variability. I thought that was just absolutely phenomenal because heart rate variability is considered to be a key indicator of strain on your nervous system. COVID-19 obviously is going to put a strain on the nervous system. Just very neat.  It says here that the study was not only able to predict infections up to a week before tests provided confirmed diagnosis but also revealed that participants' heart rate variability patterns normalized fairly quickly after their diagnosis or turning to normal run about one to two weeks following their positive tests. That's from a TechCrunch, that particular quote.   I am very excited about this, but I am also on the concerned side. I'm concerned because they are collecting vital data from us. All of the major companies, Google and Microsoft and Apple want to be the company that holds all of your personal medical records. We're going to get back to that when we come back here. What is happening? How is your doctor managing your medical records? I was really shocked to find out how that industry is working.  Of course, you're listening to Craig Peterson. Check it out online. Craig peterson.com. Welcome back. What are you doing? Are you asking your doctor how they are handling your medical records? Because I think you probably should based on what I learned just this week. Hi everybody. Craig Peterson here. Thanks for joining me.  We were just talking about health. We're talking about the Apple watch and the fact that there's a lot of competitors out there, some of them, a fraction of the cost. If you buy the Apple watch on terms, you're going to pay less in one month's payment on terms to Apple than you would for some of these other watches out there, but Apple watches do have more features.  Mine even has a built-in cellular modem. Even if I don't have my phone with me, phone calls come through to my watch and text messages, and I can respond and answer. It's really nice. Medically I am very impressed. It has been good at motivating me to do some exercise, to get up, and about just to do a bunch of things I had never, ever done before. Consider that.  It is collecting our data. Apple now has potential access to all of my cardiac data. They've got EKGs that I have run on my watch. They know about my heart rate. They know how often I exercise, and how hard I exercise when I exercise. They know all of this stuff about me. I had a conversation with someone just saying why does that matter? Maybe it's Apple, maybe it's somebody else. Why does it matter?  It does matter. Think about an evil genius, right? The thing about somebody that might want to target Americans and might want medical information about Americans. They can gather it in a number of different ways. We're going to talk about medical records here in a little bit. One of the things they could certainly do is grab all of our watch data. Some of these watches, including my Apple watch, have GPS built into them. When you're out running or jogging, you know where you went, you can plan your route and it'll remind you, Hey, turn here, turn there. That's one of the things I love about the Apple Watch when I'm using it with Apple maps out driving, it taps me on the wrist and reminds me, Hey, in 500 feet, you got to turn.  If I look at the watch, it'll even show me the turn I need to make coming up in 500 feet. It's really amazing. All of this information is being compiled and hopefully, it's being compiled by a company that we can trust. At this point, we can probably trust Apple. Hopefully, they're not going to be broken into. Now, their margins or profit is high enough that they certainly can afford a security team, one capable of defending them and defending our data. I hope they are. I suspect that they are for the most part. How about some of these others? We know Google, for instance, is in the business of collecting and selling our information, is having all of our medical information. Not just the stuff from our watches, but the stuff from our doctors. Are they to be trusted with that kind of information? Going back to that bad guy, that mad scientist we can, and probably do engineer viruses that are targeted at specific things. In fact, the Russians have been doing it. The Soviets' started it, they came up with a phage. That can attack certain viruses and it acts like a virus it gets in and does this little thing. We've got right now, these COVID-19 vaccines and they act like a virus they're messing with, well effectively, the DNA. In fact, it's the RNA, but it's pretending, Hey, I got a message from the DNA, here it is.  What if a bad guy knew that are a certain population in a certain area, and that area was right by this important military base or whatever they came up with something that would target them and they'd have all of the data to do it now. That's obviously an extreme example. A more common example would be that your medical data is there. It's being sold to advertisers and you're going to end up with something.  For instance, there's a company, very big company out there and they sell baby products. What they did was they tracked and they bought this information, but they tracked women who were purchasing certain things. Now, they weren't purchasing things that were directly related to having a baby, right? They weren't purchasing diapers or little jumpsuits or whatever it is. They were purchasing things that were not directly related maybe people wouldn't even think they were typically related to having a baby. Yet they were able to figure this out. They got that good with the data.  So they thought, Oh, okay let's get wise here. Let's send out a postcard, congratulating them on their pregnancy and offering them a discount on something. Yeah. Not a bad idea, frankly.  However, in this case, some of these moms I hadn't told anybody that they were pregnant yet and didn't want to tell anybody that they were pregnant yet. It fell on its face. Didn't it?  How about these ambulance-chasing lawyers that are out there? Are they going to want to gain access to this, to your medical records?  How about your employer? Your employer wants to know I'm going to train this person. Hopefully, they'll stick with us for a while, but is he going to be a burden on our medical plan? Keyman insurance, health insurance, life insurance. Have access to everything about you. That's what really concerns me about these, all of these devices.  Right now, pretty confident that I can give Apple this information and they will keep it pretty safe. But, I said the same thing about the Great Suspender, right? I don't know about the future.  Then I found something out this week that was in my mind extremely disturbing. We have a new clinic that we've picked up as a client. They needed to have security. They had a couple of little security issues. They were worried. They knew they were not HIPAA compliant. They approached us because they know that's what we do is cybersecurity and audits and remediation. Fixing the problems. We pick them up. They're a client. We're in there. They had told us in advance that all of their medical record systems were on-line. It was on the web. All they needed was a web browser to run their business. Okay. That could be a problem. It might be okay. The medical records manufacturer might have good security on all of the records. So we may be safe, although in HIPAA unless you have a business process agreement in place with that vendor if that data is lost, it falls back on the doctor's shoulders. Anyhow, what I found out was, first of all, it wasn't completely web-based, which just shocked me. I'm not talking about they have to scan records or they got the x-ray machine or whatever. It really wasn't web-based and secondarily the company they were using for the medical records was a free service.  The doctor, that clinic, was not paying for their medical records management software.  The way it works is this medical records management company when the doctor prescribes something when the doctor performs a procedure and bills and insurance company, it's all done through this one company and that company takes a chunk of their money. In some cases we found seems to have been inflating the bills that went off to the insurance companies and that, as it turns out is a common practice in the industry. According to the doctors at this clinic, I was shocked, amazed.  Something you might want to look at. Ask your doctors where are your records kept and are they secure? Now we had HIPAA. We thought that would secure it, but it doesn't.  Stick around. Hey, we got a name now for what happened to the Great Suspender and QR code scanner apps over on the Google stores. One at Google Play, the other one over on the Google Chrome store. It's become that popular. Hey, everybody, I wanted to mention this whole new category of malware really, and they're calling it, right now, Buy to infect. What happens is a bad guy, a malware guy buys a legitimate app and then starts infecting it.  We know, obviously, about the one that I've been talking about a lot the Google extension that I used to use all of the time, the Great Suspender. I mentioned this one a few weeks ago, it's called QR code scanner. It's been on the Google play store for a long time, had more than 10 million installs and then all of a sudden it became malicious.  This is a little bit of a different angle on it because, with the Great Suspender, the ownership of that software actually transferred to somebody. With QR code scanner, they were working on a deal with a company and this company wanted to verify the Google play account for QR code scanner. This is all according to the owner, the original owner of QR code scanner.  They said that what had happened is part of this purchase deal. I let them have a look and gain access to the software's key and password prior to purchase so they could confirm the purchase, which doesn't sound too bad. Apparently, as soon as they got a hold of the software's key and password, forget about the purchase, we're going to start infecting it right away.  It ended up getting that app, the QR code scanner app, pulled right from the Google play score store. Of course, now you don't need that quite as much because most of the phone apps when you go to take a picture, the camera apps have built into them, a QR code scanner.  I thought that was fascinating what they did. They totally cheated the company. They didn't even bother buying it. So a little word for the wise out there.  Got another Apple story cause this is showing how the computer industry is really shifting. We've talked about some of the shortages of chips and the shortages of computer chips are so bad that General Motors has had to shut down two-thirds of its manufacturing lines in at least one plant.  Every major automobile manufacturer is having problems making cars because they can't get the chips.  Remember nowadays, a car, a truck is essentially just a computer on wheels. Not really actually computer on wheels. It's really dozens of computers all linked together with a network on wheels.  Apple has been worried about that, right? Supply chain. That's one of the things you're supposed to worry about as a public company. What are the risks going forward including to my supply chain? Obviously your supply chain matters. You gotta be able to make something you need parts, right?  Apple has been upset with Intel for a while. You might remember Apple. When it first came out, was using a Motorola chipset, which was exceptional much better than the Intel chipsets.  Of course, that's my opinion, a lot of people agree with me. You had the 68000, 68010, and 20, et cetera. Very good chips.  When Apple started getting into the laptop business, that's when the problems started to happen.  These Motorola chips gave off a lot of heat and used up a lot of electricity.  At the time Apple looked around and said our only real alternative right now is Intel. Intel has a whole line of chips, different speeds, and they have mobile chips.  Those mobile chips use much less power than the Motorola chips for the main CPU.  They also use less battery. Those two go hand in hand and generate less heat. That's it all goes hand in hand. So they said, we'll start working with Intel. They did. Intel really disappointed them more than once, which is a shame. They disappointed them with the 64-bit migration. AMD, advanced micro devices, beat Intel to the punch. Shockingly Intel started making AMD compatible CPUs right. The 64-bit extensions to the CPU were AMD extensions. They had problems with some of their other chips as well. Mobile chips getting the power usage under control, the heat dissipation problems under control, and they never really lived up to what Apple was hoping for. What everybody in the industry was hoping for. In many ways, Intel has been a huge disappointment, which is really a shame.  We'll look at what they did to the industry, with these predictive instructions, the hyper-threading, and stuff. Where bad guys were able to bring a computer to its knees.  What does Intel say? Here's a firmware patch you can apply to our CPU, those little CPUs you pay upwards of $2,000 for a piece for one chip.  Those CPU's and by the way, it's going to, cut its performance by a minimum of 20%, maybe 50%, that's okay. What are you kidding me?  A lot of people were upset with Intel and Apple and Microsoft and everybody released patches that use the new Intel microcode. You might've noticed when this happened a couple of years ago that your computer slowed down. I certainly noticed, actually, it was little more than a year, anyway, I noticed it because I own a data center. That has a lot of Intel chips in it where we're running mostly Unixes, Linux, and BSD, but we're also running Windows. So the only way to work around this bug was to apply the patch and slow everything way, way down.  Imagine how Apple and Google felt with their huge data centers. IBM too. IBM has Intel-based data centers, as well as its own chips, and boy talking about phenomenal chips, as far as processing power goes, IBM, man, they are still the leader with the power chips and their Z series. That just wow. Mind-blowing.  Most of us are stuck in the Intel world. Apple said we can no longer trust Intel. So what are we going to do? Apple said we've been developing this chip for a long time. Apple took the chip design, they licensed it from this open sourcee type of company that has a number of members. They took this arm architecture and were able to improve it, and keep adding to it, et cetera.  They're still part of this Alliance. They started using these in their iPhones. The iPhones have been using these chips the whole time and they started improving them after they released the first iPhones.  Intel didn't really get them upset until a little later on, too. They came up with newer ones, faster ones, better ones, right to all of these A10 their bionic chips. They've got AI chips, machine learning chips, all Apple designed. Chips, of course, manufactured by third parties, but that's what Apple is using.  Apple has now said we expect all of their Macintosh computers to be based on Apple's CPU within the next two years.  There's already some really good ones out there right now that people like a lot. We've been using them with some of our clients that use Apple. Not everybody has had great luck with them, but Apple is not only ditching Intel, that's not the big story here. Apple's got some job listings out there looking to hire engineers.  So when we get back, we'll tell you more about what Apple is doing and what frankly, I think the rest of the industry should look at. Guess what? They are. It's been Intel versus the rest of the world. They've been winning for years in many categories, but now they're starting to lose, as major manufacturers are starting to leave Intel behind. But there's more to the story still. Hi, everybody.. Craig Peterson here. Thanks for tuning in. We're glad you're here.  In the last segment of the day, I want to point everybody to the website, of course. You can get my newsletter. It comes out every Sunday morning and it highlights one of the articles of the week. It gives you a pointer to my podcast. So you can listen right there. There's just a lot of great information. Plus I'm also doing little training. I'm sending out, hopefully, next week, two little training sessions for everybody to help you understand security a little better, and this applies to business. However, it's not. Strictly business, much of what I talk about is also for home users. So if you want to go along for the ride, come along, we'd be glad to have you. There's a lot to understand and to know that you won't get from anywhere else. It's just amazing. Many other of these radio shows where they are just nothing but fluff and commercials and paid promotions. I'm just shocked at it. It goes against my grain when that sort of thing happens. Absolutely.  We were just talking about Apple and how Apple got upset with Intel, but they're not the only ones upset. We also now have seen a lot of manufacturers who have started producing Chromebooks and surface tablets that are based on chip sets other than Intel's. This is going to be a real problem for Intel. Intel has almost always relied, certainly in the later years has relied on Microsoft and people bought Intel because they wanted Windows. That's the way that goes. It's just like in the early days, people bought an Apple too, because they wanted a great little VisiCalc, the spreadsheet program.  Now, what we're seeing are operating systems that do not require a single line of Microsoft software. Google Chrome is a great example of it. Linux is another great example and people are loving their Google Chrome laptops, and you can buy these laptops for as little as 200 bucks. Now you get what you pay for and all the way up to a couple of grand and they don't have a line single line of Microsoft code. Yet you can still edit Word documents and Excel documents, et cetera. They do not contain any Intel hardware. What was called, well, they might have a chip here or there, but not the main CPU. What used to be called the Wintel monopoly. In other words, Windows-Intel monopoly is dying. It's dying very quickly.  Apple is not helping now. Apple, they've had somewhere between seven and 10% market share in the computer business for quite a while. Personally, I far prefer Apple Macintoshes over anything else out there by far.  I use them every day. So that's me.  I don't know about you. There's a little bit of a learning curve. Although people who aren't that computer literate find it easier to learn how to use a Mac than to learn how to use Windows, which makes sense.  Apple has really done a great job. A bang-up job. With these new chips, it's getting even faster. We are now finding out from a report from Bloomberg who first started these, that Apple has been posting job listings, looking for engineers to work on 6G technology. 6G, right now we're rolling out 5g, which hasn't been a huge win because of the fact that if you want really fast 5g, like the type Verizon provides, you have to have a lot of micro-cell sites everywhere. They have to be absolutely everywhere.  Of course, it's just not financially reasonable to put them up in smaller communities. If the Biden administration continues the way they're going with the FCC and the open internet type thing of a-bits-a-bit, then there will be no incentive for any of these carriers to expand their networks because they can't charge more for better service. If you can imagine that. Ajit Pai fought against that for many years, Trump's appointee as chairman to the FCC, but things are changing. The wind has changed down in Washington, so we'll lose some of those jobs and we're not going to get all of the benefits of 5g. If he keeps us up. 6G is coming.   What that means is Qualcomm, who is the manufacturer of record for most of the modems that are in our cell phones. Qualcomm has also missed some deadlines. Apple is tired of dependencies on third parties because Qualcomm might have somebody else that buys way more chips. It might be able to sell the same chip to the military of whatever country for a much, much higher price. They can sell it to consumers. Maybe they just change the label on it and call it a mill spec, and often goes right, who knows? What they're doing out there, but Apple doesn't want to do that anymore. They are looking for engineers to define and perform the research for the next generation standards of wireless communications, such as 6G The ads say you will research and design next-generation 6G wireless communication systems for radio access networks with emphasis on the physical Mac L two and L three layers. Fascinating, eh? What do you think?  I think a huge deal as Apple continues to ditch, many of its vendors that have not been living up to the standards Apple has set.  Apple has moved some of the manufacturing back to the United States. More of the assembly has been moved here. The manufacturing, it's starting to come back again. We'll see the Trump administration really wanted it here.  We need it here, not just for jobs, we needed it here for our security. We've talked about that before, too, right? I want to also point out speaking of Apple and manufacturing, China, of course, does most of it for Apple and Foxconn is the company in China that makes almost all of this stuff for Apple. It's huge. Foxconn owns cities. Huge cities. They have high rises where people basically don't see the light of day, these high rise factories. You live there, you eat there, you shop there, you work there.  Like the old company store who is it, Tennessee Ernie, right? Owe my soul to the company store. That's what's happening over there. And Foxconn has kept its costs low by bringing people in from the fields, if you will, out there being farmers and paying them extremely low wages. On top of all of that, in some cases they're using slave labor. I found this article very interesting, from Ars Technica's, Timothy B. Lee. He's talking about a potential partnership between Apple and Nissan. Let me remember. I mentioned Apple talking with Kia and Kia is denying it. The financial times reported on Sunday that this potential deal between Apple and Nissan fell apart because Apple wanted Nissan to build Apple cars, they would have the Apple logo on them. They all be branded Apple. It wouldn't say Nissan unless you took something seriously apart you might find it inside.  Nissan wanted to keep the Nissan brand on its own vehicles. Bloomberg reported last week that the negotiations with Kia and of course its parent companies Huyndaiin South Korea had ended without a deal. The Financial Times said that Apple has also sounded out BMW as a potential partner because Apple doesn't make cars. So how are they going to do this? Apparently the talks faltered with Apple and Nissan because Nissan had a fear and apparently this is true of Kia too, of becoming quote the Foxconn of the auto industry, unquote, which is a reference to this Chinese well it's Taiwanese technically, but a group that manufacturers are while actually assembles the iPhones. Fascinating. Isn't it fascinating.  When you start to dig into this self-driving technology and the numbers behind it, that's where you wonder, why is Apple even trying at this point, Apple's test vehicles only traveled 18,000 miles on California roads. Between 2019 and 2020, or over the course of about a year, late in both years. 18,000 miles in a year. Heck, I've done that before with my own car.  Waymo, which is Google's self-driving project put on more than well, about 6

We fact check Spamassassin and the end of iPhone 6 support in iOS. The the follow up Apple will give employees paid leave to vote in the Federal Election. Exposure Notification - Apple Developer. iPhone 11 Now Being Manufactured at Foxconn Plant in India. Disabled Lives Matter. Apple targeted by multi-state probe led by Texas AG alleging deceptive trade practices. Epic CEO calls out Apple, Google app store practices ahead of antitrust hearing. Generating automatic placeholders for SwiftUI views. Hands on 2020 iPad Pro with Magic Keyboard first impressions. Can’t read HFS, HFS+ CDs & CDRs on Catalina. Picks: Mac Catalyst Tutorials, Launch screens in Xcode: All the options explained, macintosh.js.

The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more. ##Headlines Open Source Confronts its midlife crisis Midlife is tough: the idealism of youth has faded, as has inevitably some of its fitness and vigor. At the same time, the responsibilities of adulthood have grown. Making things more challenging, while you are navigating the turbulence of teenagers, your own parents are likely entering life’s twilight, needing help in new ways from their adult children. By midlife, in addition to the singular joys of life, you have also likely experienced its terrible sorrows: death, heartbreak, betrayal. Taken together, the fading of youth, the growth in responsibility and the endurance of misfortune can lead to cynicism or (worse) drastic and poorly thought-out choices. Add in a little fear of mortality and some existential dread, and you have the stuff of which midlife crises are made… I raise this not because of my own adventures at midlife, but because it is clear to me that open source — now several decades old and fully adult — is going through its own midlife crisis. This has long been in the making: for years, I (and others) have been critical of service providers’ parasitic relationship with open source, as cloud service providers turn open source software into a service offering without giving back to the communities upon which they implicitly depend. At the same time, open source has been (rightfully) entirely unsympathetic to the proprietary software models that have been burned to the ground — but also seemingly oblivious as to the larger economic waves that have buoyed them. So it seemed like only a matter of time before the companies built around open source software would have to confront their own crisis of confidence: open source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it — and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source — the community, the positivity, the energy, the adoption, the downloads — but they also want to enjoy the fruits of proprietary software companies in software lock-in and its monopolistic rents. If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others (including CockroachDB’s Community License, MongoDB’s Server Side Public License, and Confluent’s Community License) are little better. And in particular, as it apparently needs to be said: no, “community” is not the opposite of “open source” — please stop sullying its good name by attaching it to licenses that are deliberately not open source! But even if they were more aptly named (e.g. “the restricted clause” or “the controlled use license” or — perhaps most honest of all — “the please-don’t-put-me-out-of-business-during-the-next-reInvent-keynote clause”), these licenses suffer from a serious problem: they are almost certainly asserting rights that the copyright holder doesn’t in fact have. If I sell you a book that I wrote, I can restrict your right to read it aloud for an audience, or sell a translation, or write a sequel; these restrictions are rights afforded the copyright holder. I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine. (Lest you think that last example absurd, that’s almost verbatim the language in the new Confluent Community (sic) License.) I personally think that none of these licenses would withstand a court challenge, but I also don’t think it will come to that: because the vendors behind these licenses will surely fear that they wouldn’t survive litigation, they will deliberately avoid inviting such challenges. In some ways, this netherworld is even worse, as the license becomes a vessel for unverifiable fear of arbitrary liability. let me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort. Worse than all of this (and the reason why this madness needs to stop): licenses that are vague with respect to permitted use are corporate toxin. Any company that has been through an acquisition can speak of the peril of the due diligence license audit: the acquiring entity is almost always deep pocketed and (not unrelatedly) risk averse; the last thing that any company wants is for a deal to go sideways because of concern over unbounded liability to some third-party knuckle-head. So companies that engage in license tomfoolery are doing worse than merely not solving their own problem: they are potentially poisoning the wellspring of their own community. in the end, open source will survive its midlife questioning just as people in midlife get through theirs: by returning to its core values and by finding rejuvenation in its communities. Indeed, we can all find solace in the fact that while life is finite, our values and our communities survive us — and that our engagement with them is our most important legacy. See the article for the rest ###Donald Knuth - The Yoda of Silicon Valley For half a century, the Stanford computer scientist Donald Knuth, who bears a slight resemblance to Yoda — albeit standing 6-foot-4 and wearing glasses — has reigned as the spirit-guide of the algorithmic realm. He is the author of “The Art of Computer Programming,” a continuing four-volume opus that is his life’s work. The first volume debuted in 1968, and the collected volumes (sold as a boxed set for about $250) were included by American Scientist in 2013 on its list of books that shaped the last century of science — alongside a special edition of “The Autobiography of Charles Darwin,” Tom Wolfe’s “The Right Stuff,” Rachel Carson’s “Silent Spring” and monographs by Albert Einstein, John von Neumann and Richard Feynman. With more than one million copies in print, “The Art of Computer Programming” is the Bible of its field. “Like an actual bible, it is long and comprehensive; no other book is as comprehensive,” said Peter Norvig, a director of research at Google. After 652 pages, volume one closes with a blurb on the back cover from Bill Gates: “You should definitely send me a résumé if you can read the whole thing.” The volume opens with an excerpt from “McCall’s Cookbook”: Here is your book, the one your thousands of letters have asked us to publish. It has taken us years to do, checking and rechecking countless recipes to bring you only the best, only the interesting, only the perfect. Inside are algorithms, the recipes that feed the digital age — although, as Dr. Knuth likes to point out, algorithms can also be found on Babylonian tablets from 3,800 years ago. He is an esteemed algorithmist; his name is attached to some of the field’s most important specimens, such as the Knuth-Morris-Pratt string-searching algorithm. Devised in 1970, it finds all occurrences of a given word or pattern of letters in a text — for instance, when you hit Command+F to search for a keyword in a document. Now 80, Dr. Knuth usually dresses like the youthful geek he was when he embarked on this odyssey: long-sleeved T-shirt under a short-sleeved T-shirt, with jeans, at least at this time of year. In those early days, he worked close to the machine, writing “in the raw,” tinkering with the zeros and ones. See the article for the rest ##News Roundup Let’s Encrypt: Certbot For OpenBSD’s httpd Intro Let’s Encrypt is “a free, automated, and open Certificate Authority”. Certbot is “an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server”, well known as “the official Let’s Encrypt client”. I remember well how excited I felt when I read Let’s Encrypt’s “Our First Certificate Is Now Live” in 2015. How wonderful the goal of them is; it’s to “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free” “to create a more secure and privacy-respecting Web”! Since this year, they have begun to support even ACME v2 and Wildcard Certificate! Well, in OpenBSD as well as other operating systems, it’s easy and comfortable to have their big help 😊 Environment OS: OpenBSD 6.4 amd64 Web Server: OpenBSD’s httpd Certification: Let’s Encrypt with Certbot 0.27 Reference: OpenBSD’s httpd ###FreeBSD 12 released: Here is how to upgrade FreeBSD 11 to 12 The FreeBSD project announces the availability of FreeBSD 12.0-RELEASE. It is the first release of the stable/12 branch. The new version comes with updated software and features for a wild variety of architectures. The latest release provides performance improvements and better support for FreeBSD jails and more. One can benefit greatly using an upgraded version of FreeBSD. FreeBSD 12.0 supports amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. One can run it on a standalone server or desktop system. Another option is to run it on Raspberry PI computer. FreeBSD 12 also runs on popular cloud service providers such as AWS EC2/Lightsail or Google compute VM. New features and highlights: OpenSSL version 1.1.1a (LTS) OpenSSH server 7.8p1 Unbound server 1.8.1 Clang and co 6.0.1 The FreeBSD installer supports EFI+GELI as an installation option VIMAGE FreeBSD kernel configuration option has been enabled by default. VIMAGE was the main reason I custom compiled FreeBSD for the last few years. No more custom compile for me. Graphics drivers for modern ATI/AMD and Intel graphics cards are now available in the FreeBSD ports collection ZFS has been updated to include new sysctl(s), vfs.zfs.arcminprefetchms and vfs.zfs.arcminprescientprefetchms, which improve performance of the zpool scrub subcommand The pf packet filter is now usable within a jail using vnet KDE updated to version 5.12.5 The NFS version 4.1 includes pNFS server support Perl 5.26.2 The default PAGER now defaults to less for most commands The dd utility has been updated to add the status=progress option to match GNU/Linux dd command to show progress bar while running dd FreeBSD now supports ext4 for read/write operation Python 2.7 much more ###Six Ways to Level Up Your nmap Game nmap is a network exploration tool and security / port scanner. If you’ve heard of it, and you’re like me, you’ve most likely used it like this: ie, you’ve pointed it at an IP address and observed the output which tells you the open ports on a host. I used nmap like this for years, but only recently grokked the manual to see what else it could do. Here’s a quick look and some of the more useful things I found out. Scan a Network Scan All Ports Get service versions Use -A for more data Find out what nmap is up to Script your own scans with NSE ###[NetBSD Desktop] Part 1: Manual NetBSD installation on GPT/UEFI NetBSD desktop pt.2: Set up wireless networking on NetBSD with wpasupplicant and dhcpcd Part 3: Simple stateful firewall with NPF Part 4: 4: The X Display Manager (XDM) Part 5: automounting with Berkeley am-utils ##Beastie Bits Call For Testing: ZFS on FreeBSD Project DragonFlyBSD 5.4.1 release within a week You Can’t Opt Out of the Patent System. That’s Why Patent Pandas Was Created! Announcing Yggdrasil Network v0.3 OpenBSD Network Engineer Job listing FreeBSD 12.0 Stable Version Released! LibreSSL 2.9.0 released Live stream test: Sgi Octane light bar repair / soldering! Configure a FreeBSD Email Server Using Postfix, Dovecot, MySQL, DAVICAL and SpamAssassin Berkeley smorgasbord FOSDEM BSD Devroom schedule ##Feedback/Questions Warren - Ep.273: OpenZFS on OS X cogoman - tarsnap security and using SSDs in raid Andrew - Portland BSD Pizza Night Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Rspamd; Amavis; SpamAssassin; Dings und Influencer; gokrazy; Go; router7; Debian Code Search; Debian Manpages; c128_kasse; Neo-Tastaturbelegung; Dvorak-Tastaturbelegung; Node-RED; IFTTT (If This Than That); Gmail am Mobilbrowser; Skeuomorphismus; HyperCard; Coolest Way to do Aspect Ratio Boxes; SVG (Scalable Vector Graphics); Social Media stirbt; Mattermost; Wiener Linien und die Essverbot-Umfrage Gäste: Bernhard und Ulrich

Denna vecka pratar grabbarna grus om fler datapartaj för gubbar och gummor, allergier, Fredriks kärlek till John Siracusas utläggningar om luftkonditionering, hemmasnickrad backupserver på minimal budget och gamla datorspel. Bland annat. 0: Allergisnack 3:09: Folk som pratar i telefonen hållen framför sig! Anders Håkansson insåg svaret (Fredrik påminns om blåtandsundran) 6:30: Tonar över till hörlurar 12:29: Skärmsladdar, 128D och semesterstiltje (eller ej) 15:30: Datastorm 2017 - Jocke och Datormagazin retro kommer att var där! Förköpt biljett krävs! Även lite fler nyheter om Datormagazin retro, förbeställ och putta sista biten över gränsen! 22:26: Varför Fredrik gillar när Siracusa pratar luftkonditionering, brödrostar och annat “utanför sin kontext”. Plus ljud från grannar och bostadens omgivning. 28:17: Backupserver av en laptop och en eSATA-disk? Jodå. Expresscard - veckans glömda sunkstandard. 35:23: Spamfilter för mailservrar. Scrollout F1. E-postsäkerhet och inställningsproblem i Windows 10. Det Fredrik - med hjälp av farbror Bing - gjorde var att medelst kommandoprompten ta bort alla inställningar för det aktuella trådlösa nätverket och sedan lägga in det igen från början. 48:22: Fredrik spelar Sacrifice och byter uppställning på jobbskrivbordet, påminns om allt som är larvigt med Apples pekdon. Sacrifices grefikmotor har samma tricks för sig som Apples grafikramverk i IOS 11 och High sierra. Länkar Philips SHB9850NC - Jockes beställda hörlurar M3-recensionen av lurarna Kungsgatan i Stockholm Commodore 128D GGS-data Kodsnack Datastorm 2017 David Jacoby 55: Avsnittet av Reconcilable differences där John Siracusa pratar vibrerande luftkonditionering Den makalösa ESATA Externt grafikkort via Expresscard Expresscard PC card Airport-kort - kort för trådlöst nät av Apple för Apple-datorer Inumbo Spamassassin Mailcleaner Jockes test av Scrollout F1 Spamhaus SPF records Sacrifice Shiny entertainment David Perry Messiah GOG Flatout Fredriks Microsoftmus Settlers - ett underbart gammalt spel Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-84-en-riktig-sunkstandard.html.

If you feel like there are holes in your internet marketing knowledge, that maybe you're trying to learn college calculus but can't add two plus two, then this is the podcast episode for you! Many marketers are obsessed with split testing, funnels, and setting up 1-click upsells, but they don't even have a buy button on a sales page. Can I walk you through what I tell someone if they're struggling, can't get a sales page figured out, and just need a quick web page online? The first thing is that you should have a copy of Paper Template (just $7 dollars) installed on WordPress, because you can easily click and create anything you want. But now what do you write on that web page where you want people to enter their email to subscribe? What magic words do you place on a web page where you want people to click and pay you money? Marketer of the Week: Robert Puddy I created a couple of products and launched a couple of services with Robert Puddy back in the day. His big thing then was creating traffic exchanges to bring in lots and lots of hungry traffic. His biggest site is Launch Formula Marketing (now Login Frequency Marketing). Puddy monetizes unsubscribes from his list (link them to SpamAssassin with your affiliate link), even lost password pagees (Roboform). Make them login to your site every day, for example, to watch a webinar. Wise Words This Week When we get overwhelmed, we often use multitasking to get back on track. It often causes more problems than it solves. Usually when you split your attention, you're giving half the effort and producing half the results. The solution is to develop "single-handling" activities. --- S.J. Scott Copywriting Shortcut AIDA/WWHW: Attention, Interest, Desire, Action. Why, What, How-To, What-If. Keep it stoppable stupid, look with fresh eyes, bottlenecks Who Else Wants To... (this headline is my squeeze page starter) Imagine... (starter for emails) What Would Happen If... (starter for webinars) Quick Question... (starter for sales letters) PHASE I: Minimum Viable Product Headline: Who Else Wants To? Ten bullet points: why should I get this? Price and buy button WWHW re-ordering PHASE II: Fundamentals Button, stack, headline (in that order) Product breakdown (individual modules) Problem agitate solve (story) Four objections (no need, I don't believe you) PHASE III: Persuasion Four stages of awareness Cialdini 6 elements Typos and numbers not adding up PHASE IV: Window Dressing Case studies and testimonials Graphics Jump links Resources Paper Template (This is the WordPress plugin I use on all my sites for sales letters, optin pages, webinar replay pages, and more.) Fast Food Copywriting (Here's how I churn out attention-grabbing, high-converting sales pages in just a few minutes on-demand.) Speed Copy (The complete course on how to make a full-time income with money-making web pages)

This week on the show, we'll be starting a two-part series detailing the activities of various BSD foundations. Ed Maste from the FreeBSD foundation will be joining us this time, and we'll talk about what all they've been up to lately. All this week's news and answers to viewer-submitted questions, coming up on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Key rotation in OpenSSH 6.8 (http://blog.djm.net.au/2015/02/key-rotation-in-openssh-68.html) Damien Miller (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) posted a new blog entry about one of the features in the upcoming OpenSSH 6.8 Times changes, key types change, problems are found with old algorithms and we switch to new ones In OpenSSH (and the SSH protocol) however, there hasn't been an easy way to rotate host keys... until now With this change, when you connect to a server, it will log all the server's public keys in your known_hosts file, instead of just the first one used during the key exchange Keys that are in your known_hosts file but not on the server will get automatically removed This fixes the problem of old servers still authenticating with ancient DSA or small RSA keys, as well as providing a way for the server to rotate keys every so often There are some instructions in the blog post for how you'll be able to rotate host keys and eventually phase out the older ones - it's really simple There are a lot of big changes coming in OpenSSH 6.8, so we'll be sure to cover them all when it's released *** NetBSD Banana Pi images (https://mail-index.netbsd.org/port-arm/2015/01/30/msg002809.html) We've talked about the Banana Pi (http://www.bananapi.org/p/product.html) a bit before - it's a small ARM board that's comparable to the popular Raspberry Pi Some NetBSD -current images were posted on the mailing list, so now you can get some BSD action on one of these little devices There are even a set of prebuilt pkgsrc packages, so you won't have to compile everything initially The email includes some steps to get everything working and an overview of what comes with the image Also check the wiki page (https://wiki.netbsd.org/ports/evbarm/allwinner/) for some related boards and further instructions on getting set up On a related note, NetBSD also recently got GPU acceleration working (https://blog.netbsd.org/tnf/entry/raspberry_pi_gpu_acceleration_in) for the Raspberry Pi (which is a first for their ARM port) *** LibreSSL shirts and other BSD goodies (https://www.marc.info/?l=openbsd-misc&m=142255048510669&w=2) If you've been keeping up with the LibreSSL saga and want a shirt to show your support, they're finally available to buy online There are two versions, either "keep calm and use LibreSSL (https://shop.openbsdeurope.com/images/shop_openbsdeurope_com/products/large/TSHIRTLSSL.jpg)" or the slightly more snarky "keep calm and abandon OpenSSL (https://shop.openbsdeurope.com/images/shop_openbsdeurope_com/products/large/TSHIRTOSSL.jpg)" While on the topic, we thought it would be good to make people aware of shirts for other BSD projects too You can get some FreeBSD, PCBSD (https://www.freebsdmall.com/cgi-bin/fm/scan/fi=prod_bsd/se=pc-bsd) and FreeNAS stuff (https://www.freebsdmall.com/cgi-bin/fm/scan/fi=prod_bsd/se=shirts) from the FreeBSD mall site (https://www.freebsdmall.com/cgi-bin/fm/scan/fi=prod_bsd/se=tshirt) OpenBSD recently launched their new store (https://www.openbsdstore.com), but the selection is still a bit limited right now NetBSD has a couple places (https://www.netbsd.org/gallery/devotionalia.html#cafepress) where you can buy shirts and other apparel with the flag logo on it We couldn't find any DragonFlyBSD shirts unfortunately, which is a shame since their logo (http://www.dragonflybsd.org/images/small_logo.png) is pretty cool Profits from the sale of the gear go back to the projects, so pick up some swag and support your BSD of choice (and of course wear them at any Linux events you happen to go to) *** OPNsense 15.1.4 released (https://forum.opnsense.org/index.php?topic=35.0) The OPNsense guys have been hard at work since we spoke to them (http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach), fixing lots of bugs and keeping everything up to date A number of versions have come out since then, with 15.1.4 being the latest (assuming they haven't updated it again by the time this airs) This version includes the latest round of FreeBSD kernel security patches, as well as minor SSL and GUI fixes They're doing a great job of getting upstream fixes pushed out to users quickly, a very welcome change A developer has also posted an interesting write-up titled "Development Workflow in OPNsense (http://lastsummer.de/development-workflow-in-opnsense/)" If any of our listeners are trying OPNsense as their gateway firewall, let us know how you like it *** Interview - Ed Maste - board@freebsdfoundation.org (mailto:board@freebsdfoundation.org) The FreeBSD foundation (https://www.freebsdfoundation.org/donate)'s activities News Roundup Rolling with OpenBSD snapshots (http://homing-on-code.blogspot.com/2015/02/rolling-with-snapshots.html) One of the cool things about the -current branch of OpenBSD is that it doesn't require any compiling There are signed binary snapshots being continuously re-rolled and posted on the FTP sites for every architecture This provides an easy method to get onboard with the latest features, and you can also easily upgrade between them without reformatting or rebuilding This blog post will walk you through the process of using snapshots to stay on the bleeding edge of OpenBSD goodness After using -current for seven weeks, the author comes to the conclusion that it's not as unstable as people might think He's now helping test out patches and new ports since he's running the same code as the developers *** Signing pkgsrc packages (https://mail-index.netbsd.org/tech-pkg/2015/02/02/msg014224.html) As of the time this show airs, the official pkgsrc (http://www.bsdnow.tv/tutorials/pkgsrc) packages aren't cryptographically signed Someone from Joyent has been working on that, since they'd like to sign their pkgsrc packages for SmartOS Using GNUPG pulled in a lot of dependencies, and they're trying to keep the bootstrapping process minimal Instead, they're using netpgpverify, a fork of NetBSD's netpgp (https://en.wikipedia.org/wiki/Netpgp) utility Maybe someday this will become the official way to sign packages in NetBSD? *** FreeBSD support model changes (https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html) Starting with 11.0-RELEASE, which won't be for a few months probably, FreeBSD releases are going to have a different support model The plan is to move "from a point release-based support model to a set of releases from a branch with a guaranteed support lifetime" There will now be a five-year lifespan for each major release, regardless of how many minor point releases it gets This new model should reduce the turnaround time for errata and security patches, since there will be a lot less work involved to build and verify them Lots more detail can be found in the mailing list post, including some important changes to the -STABLE branch, so give it a read *** OpenSMTPD, Dovecot and SpamAssassin (http://guillaumevincent.com/2015/01/31/OpenSMTPD-Dovecot-SpamAssassin.html) We've been talking about setting up your own BSD-based mail server on the last couple episodes Here we have another post from a user setting up OpenSMTPD, including Dovecot for IMAP and SpamAssassin for spam filtering A lot of people regularly ask the developers (http://permalink.gmane.org/gmane.mail.opensmtpd.general/2265) how to combine OpenSMTPD with spam filtering, and this post should finally reveal the dark secrets In addition, it also covers SSL certificates, PKI and setting up MX records - some things that previous posts have lacked Just be sure to replace those "apt-get" commands and "eth0" interface names with something a bit more sane… In related news, OpenSMTPD has got some interesting new features coming soon (http://article.gmane.org/gmane.mail.opensmtpd.general/2272) They're also planning to switch to LibreSSL by default (https://github.com/OpenSMTPD/OpenSMTPD/issues/534) for the portable version *** FreeBSD 10 on the Thinkpad T400 (http://lastsummer.de/freebsd-desktop-on-the-t400/) BSD laptop articles are becoming popular it seems - this one is about FreeBSD on a T400 Like most of the ones we've mentioned before, it shows you how to get a BSD desktop set up with all the little tweaks you might not think to do This one differs in that it takes a more minimal approach to graphics: instead of a full-featured environment like XFCE or KDE, it uses the i3 tiling window manager If you're a commandline junkie that basically just uses X11 to run more than one terminal at once, this might be an ideal setup for you The post also includes some bits about the DRM and KMS in the 10.x branch, as well as vt *** PC-BSD 10.1.1 Released (http://blog.pcbsd.org/2015/02/1810/) Automatic background updater now in Shiny new Qt5 utils OVA files for VM's Full disk encryption with GELI v7 *** Feedback/Questions Camio writes in (http://slexy.org/view/s2MsjllAyU) Sha'ul writes in (http://slexy.org/view/s20eYELsAg) John writes in (http://slexy.org/view/s20Y2GN1az) Sean writes in (http://slexy.org/view/s20ARVQ1T6) (TJ's lengthy reply (http://slexy.org/view/s212XezEYt)) Christopher writes in (http://slexy.org/view/s2DRgEv4j8) *** Mailing List Gold Special Instructions (https://lists.freebsd.org/pipermail/freebsd-questions/2015-February/264010.html) Pretending to be a VT220 (https://mail-index.netbsd.org/netbsd-users/2015/01/19/msg015669.html) ***

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Vixie/DEFCON-22-Paul-Vixie-2014-07-15-botnets.pdf White paper available for download here: https://defcon.org/images/defcon-22/dc-22-presentations/Vixie/DEFCON-22-Paul-Vixie-WP.pdf Domain Name Problems and Solutions Dr. Paul Vixie CEO, FARSIGHT SECURITY Spammers can't use dotted quads or any other literal IP address, since SpamAssassin won't let it through, since it looks too much like spam. So, spammers need cheap and plentiful — dare we say 'too cheap to meter'? — domain names. The DNS industry is only too happy to provide these domain names, cheaply and at massive scale. The end result is that 90% of all domain names are crap, with more on the way. DNS registrars and registries sometimes cooperate with law enforcement and commercial takedown efforts since it results in domains that die sooner thus creating demand for more domains sooner. Spammers and other abusers of the Internet commons sometimes try to keep their domains alive a little longer by changing name server addresses, or changing name server names, many times per day. All of this action and counteraction leaves tracks, and around those tracks, security minded network and server operators can build interesting defenses including DNS RPZ, a firewall that works on DNS names, DNS responses, and DNS metadata; and NOD, a feed of Newly Observed Domains that can be used for brand enforcement, as well as an RPZ that can direct a DNS firewall to treat infant domain names unfairly. Dr. Paul Vixie, long time maintainer of BIND and now CEO of Farsight Security, will explain and demonstrate." Dr. Paul Vixie is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He is considered the primary author and technical architect of BIND 8, and he hired many of the people who wrote BIND 9 and the people now working on BIND 10. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). He earned his Ph.D. from Keio University for work related to the Internet Domain Name System (DNS and DNSSEC).

Diesmal lassen wir die Produktivitäts-Sau raus und treiben sie durchs virtuelle Dorf: Email Management mit Filtern, Regeln, Smart Mailboxen, …. Diese Woche geht es um das Thema Email. Ihr sollt erfahren, welche Programme von uns genutzt werden, und welche Regeln, was für Plugins und Workflows dahinterstecken. Lieber Fluggast, wenn dir das Gehörte gefällt oder dir Sorgenfalten auf die edle Stirn fabriziert, dann haben wir etwas für dich: iTunes Bewertungen. Überbleibsel Letzte Woche gab es ja das erste Ubercast Gewinnspiel. Unsere Gäste von Ojective Development haben uns 4 Lizenzen zur Verfügung gestellt (2 Lizenzen für LittleSnitch, 2 Lizenzen für LaunchBar) und hier gibt’s nun schwarz auf weiß die Gewinner: @tomhelpless Felix / @piXeLixus Paul Kirschmann / @netzpioneer Arnd Gongoll / @cygx1 Und wie angekündigt hat Andreas ein paar LaunchBar Actions zusammengeschraubt für sein GitHub Repository: Down For Everyone Or Just Me Expand URL Überschallneuigkeiten Der Podcatcher “Overcast” von Marco Arment ist nun im App Store erhältlich. Reviews Marco.org: Overcast MacStories: Overcast Review Apple und IBM machen gemeinsame Sachen und planen eine Reihe an Business Applikationen. Link zum Bild: IBM Email Management Hier sind sich noch alle einig: Individuelle und intelligent vergebene Regeln sind neben Shortcuts der Schlüssel zum Erfolg von effizienterem Email-Management. Sven schiebt nach, dass Inbox Zero nicht heißen muss, dass man 2x am Tag seine Inbox leerfegt. Das löst auch direkt schon ein Zögern bei Andreas aus, der seine Inbox noch nicht auch nur einmal unbedingt komplett blank haben muss. Was macht man mit Emails? archivieren oder löschen suchen reagieren schriftlich beantworten eine Tätigkeit ausführen und dann beantworten warten Eine beliebte Herangehensweise ist unter Anderem die 3-Ordner-Taktik, wo nur ein Archivordner benötigt wird, ein Ordner für pausierte Emails (z.B. warten auf eine Antwort) und ein zum dritten ein Aktionsordner der als Todo-Ordner fungiert. Siehe auch: Empty Your Inbox with the Trusted Trio by Gina Trapani. Patrick hat das eine Zeit lang ausprobiert, fand es aber nicht praktikabel, da ihm zum schnelleren und besseren Auffinden von Nachrichten noch Tags fehlen würden. Eine Suche nach Tags wäre wiederum nur auf dem Mac möglich, nicht auf iOS und nicht in Netz. Das will er nicht. Die Taktik kennt Sven auch, er hat aber mittlerweile die Ordnerstruktur weitestgehend durch Tags ersetzt. Überhaupt ist er kein großer Freund von archivieren und fragt kritisch in Runde ob das zwanghafte Archivieren jeglicher Emails überhaupt sein muss. Bei ihm hat sich ein zwei Wochen Grenze herauskristallisiert – länger hebt er die meisten Mails nicht auf. Passend zum Thema: Merlin Manns Inbox Zero Vortrag. Apple Mail Sven ist unser Mail.app Vertreter. Mit seinen Regeln, Plugins und Smartlisten versucht er uns Apples Lösung schmackhaft zu machen. CC und Mailinglisten unter Kontrolle halten: CC Regel um all Emails bei denen man cc ist in einen separaten Order zu schieben, es sei denn nicht Nachricht ist von hoher Priorität Link zum Bild: CC Regel Mailing Lists als gelesen markieren und in einen separaten Order schieben mit der Möglichkeit festgelegte Verteilerlisten von der Regel auszunehmen Link zum Bild: Mailing Listen Regel Die Regeln von Sven sind alle als serverseitige Exchange Regeln mit Microsoft Outlook für Mac implementiert; allerdings können sie in beinahe exaktem Umfang auch serverseitig bei GMail oder iCloud.com implementiert werden (wie auch lokal innerhalb von Mail.app). Das Lob kommt von Patrick an dieser Stelle, da Sven keine separaten Accounts eingerichtet hat, die ihn im Client dazu zwingen würden die Accounts ständig zu wechseln. Sven färbt alle Mails von Kunden grell-orange ein, damit er weiß was wichtig ist. Wir halten fest: Regeln ≥ separate Accounts. Die “unified Inbox” triumphiert. Bei der Yosemite Beta von Andreas läuft Mail.app zurzeit nicht so wirklich rund, aber er mag das Programm auch… so viel schon einmal vorweg. Andreas setzt für jedes Projekt einen Ordner auf und archiviert diese dann alljährlich lokal auf seiner Festplatte (und schafft so wieder mehr Raum in Email-Client). Plugins die Erste: UniversalMailer Behebt den lästigen Mail.app “Bug” durch den Nachrichten auf Windows Outlook standardmäßig in Times New Roman 16pt dargestellt werden egal in welcher Font man sie abgeschickt hat. Svens Workflow mit MailTags und Mail-Act-On Mail Act-On kostenlose Trial Version, dann 24.95 US$ Deferral Workflow mit Tickle Dates, Mail-Act-On Rules und Smart Mailboxes MailTags Integration OmniFocus Eingebaute Wiedervorlage (@Waiting, @Reply) Workflows mit MailTags und Mail-Act-On: Vollständiger Workflow zur Wiedervorlage von Emails als auch zum “Verschieben” von Nachrichten mit denen man sich noch nicht auseinander setzten kann oder will. Link zum Bild: Follow Up & Deferral Zur Wiedervorlage einfach eine Email als “@Waiting” markieren und das Wiedervorlagedatum auf zwei Tage von heute setzten. Link zum Bild: Waiting For Wenn am Wiedervorlagetag kein Antwort da ist, einfach eine Erinnerung schicken und das Wiedervorlagedatum auf Freitag anpassen. Link zum Bild: Tickle on Friday Nicht bereit sich mit einer bestimmen Email in Deiner Inbox auseinanderzusetzen? Mehr Zeit zum Nachdenken von Nöten? Einfach um 2 Tage aufschieben. Link zum Bild: Defer Jegliche Art von Todo-Management im Email-Client selbst ist Andreas fremd, er schreibt wenn wirklich was zu tun ist brav seinen OmniFocus Task, erledigt die Aufgabe und antworten dann. Sven führt zu seiner Verteidigung an, dass er diesen Workflow insbesondere für Micromanagen von Konversationen nutzt die nicht unbedingt Top-Priority sind. Für alles wirklich wichtige nutzt er nach wie vor auch das heißgeliebte OmniFocus. Patrick denkt er kann Sven drankriegen, indem er ihn fragt, ob er auch einen Mac im Berufsleben nutzt, aber weit gefehlt… der Fechner hat/darf/will geschäftlich auch seinen Mac nutzen. Klar, so geht das natürlich alles blendend von der Hand. Anbei, da schon von serverseitigen Regeln gesprochen wird, hier eine kleine Zusammenfassung was mit iCloud Regeln so alles möglich bzw. nicht möglich ist: Limitierung auf max. 99 Regeln. Die Reihenfolge der Regeln ist wichtig. Keine IF/Any Konditionen. Also, einer Regel mehrere Konditionen zuweisen funktioniert in iCloud nicht. In OS X kann man mehreren Emailadressen eine Regeln zuweisen, in iCloud nicht. Apples eigenes Mail Programm kommt für Patrick nicht in Betracht, da es für ihn zu große Unterschiede zwischen den drei Versionen gibt. iCloud Mail ist die abgespeckteste Version geringe Konfigurationsmöglichkeiten bei den Regeln Smartfolders vom Mac werden nicht synchronisiert Mail auf iOS ist ein Mittelding Angewiesen auf die wenigen Regeln die in der iCloud möglich sind Zusatzfeatures wie Thread Notifications und den Today Ordner Smartfolders vom Mac werden nicht synchronisiert Mail auf OS X = super, alles da und erweiterbar Dazu kommt, dass er wie Sven hat er alle Regeln serverseitig angelegt, aber Mail spielt ihm manchmal einen Streich und dupliziert Emails willkürlich. So wurde seine einmonatige Testphase zur Showvorbereitung eine wahre Geduldsprobe. Die Leseempfehlung für schlauere Mailordner gibt’s auf dem Ur-Ur-Ur-43Folders-Blog. Plugins die Zweite: MailPluginFix Behebt das Problem von inkompatiblen Plugins nach einen Systemupdate. MsgFiler Alternative: MailActOn Andere Schmankerl: DockStar - Customize your Mail.app dock icon SpamSieve: Easy-to-use Mac spam filter for Apple Mail, Outlook, Entourage, Postbox, and more Und letzten Endes noch ein Repository mit sämtlichen Plug-ins und Tools: Apple Mail Plugins and Tools MailMate Obgleich Gmail lange Zeit für Patrick der König unter den Mailanbietern und Clients war (… und auch immer noch ist), hat er trotz dem fantastischen Spamfiltering und den Myriaden an Shortcuts seit Oktober 2013 Google den Rücken zugekehrt, um bei Uberspace dann mehr Kontrolle und mehr Privatssphäre zu haben. Altgediente Gmail Regeln Trotz des Absprungs von Gmail hier einmal die genutzten Regeln von Patrick, welche so auch bei Uberspace nachgebaut wurden. Falls ich mich ins BCC Feld eingetragen habe: Matches: from:(here|are|all|my|addresses) ==> Do this: Skip Inbox, Mark as read, Never send it to Spam, Never mark it as important Falls ich mir selbst eine Mail schreibe: Matches: from:(patrick+me@gmail.com) ==> Do this: Star it, Never send it to Spam Falls die Mail was mit einem meiner Arbeitsaccounts zu tun hat: Matches: to:(important|accounts|here) ==> Do this: Mark it as important Unwichtige Mails sofort archivieren: Matches: from:(@itunes.com|do_not_reply@apple.com|usw.) ==> Do this: Skip Inbox Noch unwichtigere Mails sofort archivieren und als gelesen markieren. Das ist praktisch für Mails die mehr einen Archiverungscharakter haben. Eine andere Idee wäre diese direkt per IFTTT nach Evernote zusenden oder diese mit IFTTT zusammenzufassen und in einer Notiz per “append” zu sammenln: Matches: subject:(Cronjob|usw.) ==> Do this: Skip Inbox, Mark as read, Never mark it as important Zu guter letzt hat Patrick noch ca. 50 Regel welche nach dem obigen Schema Mails in verschiedene Ordner sortieren (Design, Audio, Personal, Games, Family, Work, …). Viele Regeln sind doppelt bzw. haben das gleiche Ziel, aber er findet es gut Themengebiete z.B. für Design-Newsletter zu haben. Und noch was… die zwei Spezialadressen für das BBC-Feld: ACT-ON Matches: to:(patrick+acton@gmail.com) ==> Do this: Skip Inbox, Star it, Apply label "1: Act on", Never send it to Spam, Mark it as important HOLD Matches: to:(patrick+hold@gmail.com|patrick+waiting@gmail.com) ==> Do this: Skip Inbox, Star it, Apply label "2: Hold", Never send it to Spam, Mark it as important Patricks Uberspace Setup Patrick nutzt auf Uberspace eine Sammeladresse auf der alle meine Emails ankommen. Alles ist ausgerichtet darauf seine Inbox schnell mit Shortcuts und Swipes auf 0 zu bringen. Die Inbox ist somit der einzige Ort, an dem er was zu tun hat… bis auf das händische kontrollieren des Act-on und Hold Ordners. Eine weitere Besonderheit ist, die archivieren Option in allen Clients zieht jede Email in einen Unterordner vom Archiv. Dieser “Filer” Ordner sortiert dann nach vordefinierten Regel, wohin die Email abgelegt wird, greift keine von Patricks Regeln, so landet die Mail im normalen Archiv. Das ist sein Versuch die extrem guten GMail-Regeln für’s automatische sortieren zu ersetzten. Klappt im übrigen bestens. Das Ziel ist es jede Mail zu überfliegen und nicht ungelesene Mails in Unterordner anzusammeln. Auf iOS muss dann nur noch ins Archiv geswipt werden, oder halt in den Mülleimer. Ein Uberspace Setup ist, wie in der letzten Folge schon angedeutet, etwas ganz Anderes und fernab vom gängigen Einrichten von Emails angesiedelt . Es ist nicht für Jedermann und man muss viel in der Shell rumhüpfen bis es läuft. Bringt man aber das nötige Handwerkszeug mit, so kann man ein Mail-Setup sein eigen nennen, welches einem aus der Hand frisst. Im Grunde muss man sich noch nicht einmal so gut in der Shell auskennen, sondern einfach nur die ausführliche Dokumentation im Uberspace.de Wiki lesen. Uberspace hat zu jedem Feature ausführliche, benutzerfreundliche Anleitungen inklusive Beispiele. Jeder Entwickler weiß, wie schwer es ist eine gute und lückenlose Dokumention zu schreiben. Die Jungs von Uberspace haben das so was von raus. Sollte doch mal eine Frage offen sein, schreibt man eine Email und bekommt meist innerhalb von 6-8 Stunden eine Antwort. Servicetechnisch sind die Jungs Spitze. Bestandteile mail: spamassassin [Uberspace.de Wiki] Regelwerk (basierend auf regulären Ausdrücken) untersucht Mail Inhalte und bewertet diese. Überschreitet eine Email einen bestimmten Schwellenwert an Punkten => Spam. Das ganze ist natürlich erweiterbar. mail: maildrop [Uberspace.de Wiki] Sortiermaschine. Man kann hier regeln schreiben was in welchen Ordner geschickt werden soll, ob es an Spamassassin weitergereicht werden soll, etc. mail: dspam [Uberspace.de Wiki] Wer SpamSieve kennt, es ist im Prinzip dasselbe: Ein lernfähiges Filtern mit der Unterteilung von Nachrichten in Spam und Ham. Wenn ich eine Regel ändern/hinzufügen will öffne ich die Datei auf meinem shared host (dem Uberspace Server) in Sublime Text oder in Prompt/Coda auf iOS. Für den Interessierten Tüftler anbei zwei Links zu wirklich guten Tutorials: Maildrop Revisited Was man mit maildrop alles anstellen kann… Jetzt aber MailMate Patricks Grundvoraussetzungen an einen Emailclient sind, dass es keine reine Client-side Lösung sein darf. Das heißt, wenn ein wichtiges Kernfeature welches alles rund laufen lässt nur auf dem Mac funktioniert, so kommt die jeweilige App oder der Workflow für mich nicht in Frage. Dank der serverseitgen Regeln ist es ihm nun “eigentlich” egal welchen Client er verwendet. Auf iOS sollten Wischgesten für Spam und das Archiv unterstützt sein und auf OS X erlaubt er sich peu à peu MailMate besser kennen zu lernen. Seine Lieblingsfeatures: Send Later (als “Undo Send” Alternative Gmail shortcuts Shortcuts: Move to Mailbox (V), Go to Mailbox (⌘T), Tags (T) Schnelles Umschalten zwischen verschiedenen Layouts (Correspondence!!) keine Plugins schlaue Signaturen basierend auf dem Empfänger Und noch zwei Leseempfehlungen: Macdrifter: MailMate Explorations aptgetupdateDE: Review: MailMate · The email client for the rest of us Abschließende Links MacSparky: Email Field Guide Ars Technica: Rage against the Mail machine: the genesis of Letters Airmail Postbox Dispatch Mailbox Triage Picks Andreas: Revisions von Bayesbits Sven: BuyMeAPie! Patrick: Ultratext von Xether Labs Das war’s. Wir wünschen einen angenehmen Aufenthalt. Bis zum nächsten Mal. In Spenderlaune? Wir haben Flattr und PayPal am Start und würden uns freuen.

Was man weiss, und doch nicht kennt. In dieser Folge geht es um einen der ältesten und zugleich populärsten Dienst im Internet, um die elektronische Post, kurz E-Mail. Begleite uns und unsere E-Mail auf der Reise vom Absender, vorbei an Mailservern, Spamfiltern und Virencheckern bis zum Mailprogramm des Empfaengers, und erfahre dabei viele interessante Details über Kopfzeilen, Datenprotokolle und andere sonst verborgene Dinge rund um den Nachrichtenaustausch im Internet. Trackliste D+O – Zensursula Borrachos – Pornostar 7ieben – Sonntags Freibeuter AG – Partytime MZMK – Krzyk Nächste Sendung: 5. September 2009, 19:00 Uhr E-Mail Weg :: Der Weg einer E-Mail von Jens Kubieziel SMTP :: Simple Mail Transfer Protocol POP3 :: Post Office Protocol Version 3 IMAP :: Internet Message Access Protocol SMTP und POP3 :: Wie "sprechen" Server miteinander übers Netz? Greylisting :: Greylisting erklärt. Procmail :: Webseite von Procmail SpamAssassin :: Weitverbreiteter serverseitiger Open Source Spamfilter AMaViS :: A Mail Virus Scanner TLS :: Transport Layer Security, Verschlüsselung während der Uebertragung Postfix :: Postfix Mailserver Sendmail :: Sendmail, das älteste Mailserverprogramm der Welt QMail :: QMail Mailserver Exim :: Exim Mailserver Thunderbird :: Mozilla Thunderbird. Freies grafisches Mailprogramm für alle gängigen Betriebssysteme Mutt :: Exzellentes Mailprogramm für den Textmodus (Konsole) Alpine :: Alpine Mailprogramm. Nachfolger von Pine. YAM :: Yet Another Mailer. Grafisches Mailprogramm für den Commodore Amiga File Download (57:42 min / 61 MB)

Was man weiss, und doch nicht kennt. In dieser Folge geht es um einen der ältesten und zugleich populärsten Dienst im Internet, um die elektronische Post, kurz E-Mail. Begleite uns und unsere E-Mail auf der Reise vom Absender, vorbei an Mailservern, Spamfiltern und Virencheckern bis zum Mailprogramm des Empfaengers, und erfahre dabei viele interessante Details über Kopfzeilen, Datenprotokolle und andere sonst verborgene Dinge rund um den Nachrichtenaustausch im Internet. Trackliste D+O – Zensursula Borrachos – Pornostar 7ieben – Sonntags Freibeuter AG – Partytime MZMK – Krzyk Nächste Sendung: 5. September 2009, 19:00 Uhr E-Mail Weg :: Der Weg einer E-Mail von Jens Kubieziel SMTP :: Simple Mail Transfer Protocol POP3 :: Post Office Protocol Version 3 IMAP :: Internet Message Access Protocol SMTP und POP3 :: Wie "sprechen" Server miteinander übers Netz? Greylisting :: Greylisting erklärt. Procmail :: Webseite von Procmail SpamAssassin :: Weitverbreiteter serverseitiger Open Source Spamfilter AMaViS :: A Mail Virus Scanner TLS :: Transport Layer Security, Verschlüsselung während der Uebertragung Postfix :: Postfix Mailserver Sendmail :: Sendmail, das älteste Mailserverprogramm der Welt QMail :: QMail Mailserver Exim :: Exim Mailserver Thunderbird :: Mozilla Thunderbird. Freies grafisches Mailprogramm für alle gängigen Betriebssysteme Mutt :: Exzellentes Mailprogramm für den Textmodus (Konsole) Alpine :: Alpine Mailprogramm. Nachfolger von Pine. YAM :: Yet Another Mailer. Grafisches Mailprogramm für den Commodore Amiga File Download (57:42 min / 61 MB)