Podcast appearances and mentions of Timothy B Lee

The first Ride AI summit, an intimate gathering of top leaders in driving automation technology and related AI-empowered hardtech, is taking place on April 2 at Neuehouse in Hollywood, California. In this episode, our hosts, Edward Niedermeyer and Timothy B. Lee, preview the aspects of the event program they are most excited about. We already have an amazing group of speakers lined up, including Amnon Shashua of Mobileye, Gill Pratt of TRI, and other top decision makers from Waymo, Zoox, Wayve, Apollo Go, Nuro, and more. There's a ton of excitement around the fact that this will be the first event of its kind that people will be able to take a fully driverless Waymo robotaxi to, making it the perfect opportunity to inaugurate the second chapter of this technological space. The on-stage conversations will be focused on this shift, from experiments and ideas to delivering real-world realities, and how to reboot conversations with stakeholders in the public sector, capital markets, media, and beyond.Tickets are currently on sale here. Space is limited.

Tim's got a new podcast, and NonZero is hiring ... Is large language model progress reaching a plateau? ... Some shortcomings of AI today ... Human cognition compared to AI ... The impressive progress of "multimodal" AI ... Heading to Overtime ...

Tim's got a new podcast, and NonZero is hiring ... Is large language model progress reaching a plateau? ... Some shortcomings of AI today ... Human cognition compared to AI ... The impressive progress of "multimodal" AI ... Heading to Overtime ...

The AV trucking company Aurora is spending the final days of 2024 busily getting ready to start hauling freight without humans on board, a long-awaited milestone. On the eve of this potentially historic launch, our host Timothy B. Lee catches up with co-founder Sterling Anderson about the long road of technological innovation that led here. Sterling shares his journey from leading Autopilot at Tesla to starting Aurora in late 2016. The conversation covers the technical and strategic decisions behind Aurora's development, emphasizing their shift from robotaxis to autonomous trucking. Sterling highlights key partnerships with OEMs and others that have allowed Aurora scale their operations efficiently. Tim and Sterling discuss Aurora's unique approach of verifiable AI to ensure safety and reliability compared to end-to-end monolithic systems. Finally, Sterling explains the critical regulatory aspects Aurora is navigating as they aim for a driverless trucking launch between Dallas and Houston by April 2025.

The AV trucking company Aurora is spending the final days of 2024 busily getting ready to at last start hauling freight without humans on board. On the eve of this potentially historic launch, our host Timothy B. Lee catches up with co-founder Sterling Anderson about the long road of technological innovation that led here. Sterling shares his journey from leading Autopilot at Tesla to starting Aurora in late 2016. The conversation covers the technical and strategic decisions behind Aurora's development, emphasizing their shift from robotaxis to autonomous trucking. Sterling highlights key partnerships with OEMs and others that have allowed Aurora scale their operations efficiently. Tim and Sterling discuss Aurora's unique approach of verifiable AI to ensure safety and reliability compared to end-to-end monolithic systems. Finally, Sterling explains the critical regulatory aspects Aurora is navigating as they aim for a driverless trucking launch between Dallas and Houston by April 2025.

Timothy B. Lee of the Understanding AI newsletter joins Ed Niedermeyer to unpack Tesla's flashy robotaxi unveil.

Why didn't OpenAI call its new o1 AI GPT? ... Tim's first impressions of o1 ... What's the secret to o1's better reasoning? ... Inspecting AI introspection ... Does o1's capability for deception bring us closer to doom? ... AI doomers' Hollywood problem ... Elon's self-driving speed bumps ... Heading to Overtime ...

Why didn't OpenAI call its new o1 AI GPT? ... Tim's first impressions of o1 ... What's the secret to o1's better reasoning? ... Inspecting AI introspection ... Does o1's capability for deception bring us closer to doom? ... AI doomers' Hollywood problem ... Elon's self-driving speed bumps ... Heading to Overtime ...

Nathan explores the cutting-edge world of autonomous vehicles with industry expert Timothy B. Lee. In this episode of The Cognitive Revolution, we delve into the current state of self-driving technology, comparing industry leaders like Waymo and Tesla. Join us for an in-depth discussion on technical challenges, safety statistics, regulatory landscapes, and the potential future of transportation. Apply to join over 400 founders and execs in the Turpentine Network: https://hmplogxqz0y.typeform.com/to/JCkphVqj RECOMMENDED PODCAST: Second Opinion A new podcast for health-tech insiders from Christina Farr of the Second Opinion newsletter. Join Christina Farr, Luba Greenwood, and Ash Zenooz every week as they challenge industry experts with tough questions about the best bets in health-tech. Apple Podcasts: https://podcasts.apple.com/us/podcast/id1759267211 Spotify: https://open.spotify.com/show/0A8NwQE976s32zdBbZw6bv SPONSORS: Oracle Cloud Infrastructure (OCI) is a single platform for your infrastructure, database, application development, and AI needs. OCI has four to eight times the bandwidth of other clouds; offers one consistent price, and nobody does data better than Oracle. If you want to do more and spend less, take a free test drive of OCI at https://oracle.com/cognitive The Brave search API can be used to assemble a data set to train your AI models and help with retrieval augmentation at the time of inference. All while remaining affordable with developer first pricing, integrating the Brave search API into your workflow translates to more ethical data sourcing and more human representative data sets. Try the Brave search API for free for up to 2000 queries per month at https://bit.ly/BraveTCR Omneky is an omnichannel creative generation platform that lets you launch hundreds of thousands of ad iterations that actually work customized across all platforms, with a click of a button. Omneky combines generative AI and real-time advertising data. Mention "Cog Rev" for 10% off https://www.omneky.com/ Head to Squad to access global engineering without the headache and at a fraction of the cost: head to https://choosesquad.com/ and mention “Turpentine” to skip the waitlist. CHAPTERS: (00:00:00) About the Show (00:00:22) About the Episode (00:03:01) Introduction and Guest Welcome (00:03:48) SAE Levels of Self-Driving (00:04:56) Driver Assistance vs. Fully Driverless (00:07:02) Tesla and Waymo Experiences (00:09:41) Liability and Driver Monitoring (00:11:19) Waymo's Robo-Taxi Experience (00:14:00) Tesla vs. Waymo Strategies (00:15:15) Challenges in Self-Driving Technology (00:17:38) Edge Cases and Safety Concerns (Part 1) (00:18:09) Sponsors: Oracle | Brave (00:20:13) Edge Cases and Safety Concerns (Part 2) (00:23:53) Data Acquisition and Learning Strategies (00:26:43) Technology Stack and Planning (00:31:03) Sponsors: Omneky | Squad (00:32:50) Neural Networks and Perception (00:39:30) Hardware and Sensor Approaches (00:45:46) Camera vs. LiDAR Debate (00:48:20) Data Quality and Business Models (00:52:24) Transparency and Regulation (00:56:52) Role of Maps in Self-Driving (00:59:49) Local vs. Remote Processing (01:01:44) Cruise's Challenges and Future (01:04:58) Global Self-Driving Landscape (01:07:36) Other Notable Players (01:10:56) Safety Statistics and Adoption (01:20:31) Regulatory Environment (01:23:32) Waymo's Safety Data (01:25:39) Cultural and Technological Barriers (01:30:09) Potential Policy Changes (01:33:41) Market and Ownership Models (01:36:37) Future of Self-Driving Services (01:39:26) Unexpected Scenarios and Partnerships (01:42:17) Comparisons to Language Models (01:44:55) Future of AGI and AI Applications (01:47:59) Regional Adoption Predictions (01:49:47) Outro

The other Tim B. Lee ... Unpacking the Elon v. OpenAI case ... How did Google's Gemini go wrong? ... The unsung ingenious side of Gemini ... Is AI a bubble? ... Are some LLM issues insoluble? ... How Sora changes the AI picture ... Heading to Overtime ...

The other Tim B. Lee ... Unpacking the Elon v. OpenAI case ... How did Google's Gemini go wrong? ... The unsung ingenious side of Gemini ... Is AI a bubble? ... Are some LLM issues insoluble? ... How Sora changes the AI picture ... Heading to Overtime ...

def generate_podcast_intro(episode_number, host_name, guest_name, topic):intro = f"On episode {episode_number} of the {host_name} Podcast, budget cuts destroy the introduction and {informal_name} talks to {guest_name} about {topic}."return introepisode_number = 53host_name = "Charles C. W. Cooke"informal_name = "Charles"guest_name = "Timothy B. Lee"topic = "artificial intelligence"podcast_intro = generate_podcast_intro(episode_number, host_name, guest_name, topic)print(podcast_intro)# The dial-up tone in the introduction was recorded by lintphishx and is used under a CC 3.0 License. 

Tim seeks Substack synergy beyond Bob ... Recent contributors to Bob's AI anxiety ... Why “Mamba” matters ... Is AI moving too fast? ... Are fears of an AI “jobocalypse” overblown? ... AI's (potential) next transformation ... Heading to Overtime ...

Tim seeks Substack synergy beyond Bob ... Recent contributors to Bob's AI anxiety ... Why “Mamba” matters ... Is AI moving too fast? ... Are fears of an AI “jobocalypse” overblown? ... AI's (potential) next transformation ... Heading to Overtime ...

Bob and Tim seek Substack synergy ... What was the OpenAI drama really about? ... Viewing the drama through a (cynical) psychological lens ... Were reports of a safety vs speed schism greatly exaggerated? ... Larry Summers joins OpenAI's board… time to panic? ... Superintelligence, Sam Altman, and the singularity ... Altman's not so veiled ignorance ... Overtime preview: superintelligence skepticism, the truth about effective altruism, self-driving car speed bumps, and more ...

Bob and Tim seek Substack synergy ... What was the OpenAI drama really about? ... Viewing the drama through a (cynical) psychological lens ... Were reports of a safety vs speed schism greatly exaggerated? ... Larry Summers joins OpenAI's board… time to panic? ... Superintelligence, Sam Altman, and the singularity ... Altman's not so veiled ignorance ... Overtime preview: superintelligence skepticism, the truth about effective altruism, self-driving car speed bumps, and more ...

AI now has the ability to write convincing spam emails, mimic human voices, create false images and even videos. Have we entered a scary science fiction movie come to life?Next, autonomous vehicles -- think driverless taxis -- are becoming more common in some cities, but do Americans really trust them? Timothy B. Lee from the Understanding AI newsletter joins us to discuss the implications of AI in vehicles.And, we finish with the week's fun fact jumping back in time to see what people of the 60s thought about changes in technology. Were they scared or excited for the future we're now living in?

Moderated by Brent Skorup, experts Timothy B. Lee, Professor Pamela Samuelson, and Kristian Stout discuss the emerging legal issues involving artificial intelligence, and its use of works protected under copyright law. Topics include how artificial intelligence uses intellectual property, whether allegations of violations of intellectual property are analogous to prior historical challenges or are novel, and the tradeoffs involved.Featuring:Timothy B. Lee, Understanding AIPamela Samuelson, Richard M. Sherman Distinguished Professor of Law and Professor of School Information at the UC Berkeley School of Law and Co-Director, Berkeley Center for Law & TechnologyKristian Stout, Director of Innovation Policy, International Center for Law & EconomicsModerator: Brent Skorup, Senior Research Fellow, Mercatus Center at George Mason University*******As always, the Federalist Society takes no position on particular legal or public policy issues; all expressions of opinion are those of the speaker.

Is artificial intelligence going to lead to the extinction of humanity? What would that even look like? Everyone's got an opinion: mostly either “that sounds absolutely ridiculous” or “that sounds absolutely terrifying”.In this episode of The Studies Show, Tom and Stuart do something slightly different. Stuart plays the role of an AI apocalypse sceptic, and grills Tom on all the arguments about the coming AI apocalypse. Happily, Tom has already written a whole book on the subject, so he knows all the answers.The Studies Show is sponsored by Works in Progress magazine, the best place to find insightful essays on science, technology, and human progress. There's a new issue out right now! We're very grateful for their support.Show notes* Tom's book, The Rationalist's Guide to the Galaxy* arXiv preprint on evolving AI* Katja Grace's survey of AI researchers* Timothy B. Lee's Substack post about why he's not worried about the existential risk of AI* Nature editorial arguing that the AI revolution hasn't yet helped chemistry* Nature editorial arguing that worrying about AI doomsday is a distractionCreditsThe Studies Show is produced by Julian Mayers at Yada Yada Productions. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.thestudiesshowpod.com/subscribe

Tim's article explaining large language models ... Do LLMs reverse engineer the human mind? ... GPT's mesmerizing emergent properties ... The ‘T' in Chat-GPT ... How AI models evolve during training ... Human intelligence compared to artificial intelligence ... Heading to Overtime ...

This is a free preview of a paid episode. To hear more, visit nonzero.substack.com(Overtime segment available to paid subscribers below the paywall.)0:33 Tim's article explaining large language models 03:23 Do LLMs reverse engineer the human mind? 11:24 GPT's mesmerizing emergent properties 17:43 The ‘T' in Chat-GPT 30:33 How AI models evolve during training 41:59 Human intelligence compared to artificial intelligence 49:10 Heading to OvertimeRobert Wright (Bloggingheads.tv, The Evolution of God, Nonzero, Why Buddhism Is True) and Timothy B. Lee (Full Stack Economics, Understanding AI). Recorded August 16, 2023.Tim's Substack newsletter: understandingAI.orgTwitter: https://twitter.com/NonzeroPods

Tim's article explaining large language models ... Do LLMs reverse engineer the human mind? ... GPT's mesmerizing emergent properties ... The ‘T' in Chat-GPT ... How AI models evolve during training ... Human intelligence compared to artificial intelligence ... Heading to Overtime ...

John and Craig ponder the nature of words and what gives them meaning. Using new information on how large language models function, they look at the dizzying amount of connections words can create with other words, between humans, and their profound effect on the nature of consciousness. We promise we're not high. We also follow up on racist characters before answering listener questions on balancing deadlines with an artistic process and our ideal press junket questions. In our bonus segment for premium members, John and Craig reflect on the impact left on them by the art and life of Sinéad O'Conner. Links: Scriptnotes LIVE! at Dynasty Typewriter in Los Angeles benefitting HollywoodHEART Weekend Read 2, now available on MacOS. Large language models, explained with a minimum of math and jargon by Timothy B Lee and Sean Trott Word Vectors Decrypto Matt Gaffney's Weekly Crossword Contest This Is How You Lose the Time War by Amal El-Mohtar and Max Gladstone Sinéad O'Connor – Troy (Live At The Dominion Theatre, 1988) Get a Scriptnotes T-shirt! Check out the Inneresting Newsletter Gift a Scriptnotes Subscription or treat yourself to a premium subscription! Craig Mazin on Threads and Instagram John August on Threads, Instagram and Twitter John on Mastodon Outro by Jake Weisblat (send us yours!) Scriptnotes is produced by Drew Marquardt and edited by Matthew Chilelli. Email us at ask@johnaugust.com You can download the episode here.

Meta CEO Mark Zuckerberg posted on Instagram that a Quest 3 VR headset will come out this autumn. A 128 GB version will cost $499.99. BeReal is testing a chat feature available to users in Ireland called RealChat. It lets users send messages, images, and reactions to friends in private whenever they want. Timothy B. Lee of Ars Technica recently published a post arguing that this “death of self-driving cars” is itself greatly exaggerated.Starring Tom Merritt, Rich Stroffolino, Justin Robert Young, Roger Chang, Joe.Link to the Show Notes. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.

Meta CEO Mark Zuckerberg posted on Instagram that a Quest 3 VR headset will come out this autumn. A 128 GB version will cost $499.99. BeReal is testing a chat feature available to users in Ireland called RealChat. It lets users send messages, images, and reactions to friends in private whenever they want. Timothy B. Lee of Ars Technica recently published a post arguing that this “death of self-driving cars” is itself greatly exaggerated. Starring Tom Merritt, Rich Stroffolino, Justin Robert Young, Roger Chang, Joe, Amos To read the show notes in a separate page click here! Support the show on Patreon by becoming a supporter!

A few years ago now, Razib talked to Tim Lee about his new Substack Full Stack Economics, which featured deep dives into economic issues (as well as some on-the-ground-reporting, like when he drove Lyft to get a feel for its economics). But recently, Lee decided to put Full Stack Economics on pause to focus on a new Substack: Understanding AI. Artificial intelligence is hot right now, but Lee covered tech for a decade for Washington Post, Ars Technica, and Vox.com, and has a master's degree in computer science from Princeton, so Razib was curious about what he's learned. Recently two pieces seem to illustrate the alternative faces of generative AI and LLMs, I cloned my voice with AI and my mother couldn't tell the difference and Why I'm not worried about AI causing mass unemployment. On this episode of Unsupervised Learning, Razib and Lee discuss the impact of artificial intelligence, the good, bad and trivial. Lee makes the case that AI might be like the internet, transforming narrow aspects of knowledge-work and enabling a richer culture, but without clear revolutionary implications for the economy. His thesis hinges on the fact that AI cannot operate in the material world due to the primitive state of robotics, though Razib wonders if this barrier too might fall in the near future. Overall, Lee suggests that the AI “hype machine” is being driven by the fact that information workers who set the terms of public discussion are the ones likely to be most impacted; waiters, plumbers and nurses, in contrast, will be just fine. Razib and Lee also discuss the field of existential risk analysis. Lee found Nick Bostrom's Superintelligence: Paths, Dangers, Strategies unimpressive due to the fiat assumption that fields like nanotechnology could be manipulated by AI when nanotechnology itself is in quite a primitive state. Overall, Lee's perception is that the “doomers” in the AI punditry field tend to be science fiction writers who are better at spinning narratives than doing analysis.

Subscribe to The Realignment to access our exclusive Q&A episodes and support the show: https://realignment.supercast.com/.Understanding AI Substack: https://www.understandingai.org/AI Mass Unemployment Post: https://www.understandingai.org/p/software-didnt-eat-the-worldWhy Software Is Eating the World (2011): https://a16z.com/2011/08/20/why-software-is-eating-the-world/REALIGNMENT NEWSLETTER: https://therealignment.substack.com/PURCHASE BOOKS AT OUR BOOKSHOP: https://bookshop.org/shop/therealignmentEmail Us: realignmentpod@gmail.comFoundation for American Innovation: https://www.thefai.org/posts/lincoln-becomes-fai

Tim's tech background and his new newsletter, Understanding AI ... Natural selection and artificial intelligence ... Why Tim is a singularity skeptic ... How exactly would AI take over? And will it even want to? ... The bad AI vs good AI arms race ... What exactly are "AI agents"? ... Why Tim is an AI job-pocalypse skeptic ... Has AI created the biggest tech hype wave ever? ... How Tim thinks AI will actually transform human life ...

This is a free preview of a paid episode. To hear more, visit nonzero.substack.com0:00 Tim's tech background and his new newsletter, Understanding AI 4:12 Natural selection and artificial intelligence 11:12 Why Tim is a singularity skeptic 15:17 How exactly would AI take over? And will it even want to? 24:21 The bad AI vs good AI arms race 36:05 What exactly are "AI agents"? 40:09 Why Tim is an AI job-pocalypse skeptic 51:13 Has AI created the biggest tech hype wave ever? 55:45 How Tim thinks AI will actually transform human lifeRobert Wright (Bloggingheads.tv, The Evolution of God, Nonzero, Why Buddhism Is True) and Timothy B. Lee (Full Stack Economics, Understanding AI) Recorded May 10, 2023.Comments on BhTV: http://bloggingheads.tv/videos/66149 Twitter: https://twitter.com/NonzeroPods

Tim's tech background and his new newsletter, Understanding AI ... Natural selection and artificial intelligence ... Why Tim is a singularity skeptic ... How exactly would AI take over? And will it even want to? ... The bad AI vs good AI arms race ... What exactly are "AI agents"? ... Why Tim is an AI job-pocalypse skeptic ... Has AI created the biggest tech hype wave ever? ... How Tim thinks AI will actually transform human life ...

Timothy B. Lee is a reporter who has written about technology, economics, and public policy for more than a decade. He joined the Washington Post in 2013 to lead a team covering tech policy. The next year he left the Post along with Ezra Klein and several other Post staffers to launch Vox.com. From 2014 to 2017, he led Vox's coverage of technology and business. He also wrote extensively about economic policy, including monetary policy and housing issues. From 2017 to 2021, he covered tech policy, artificial intelligence, and the future of transportation for Ars Technica. Earlier in his career, Tim wrote about policy issues for the Cato Institute and freelanced for a variety of publications, including Reason, Ars Technica, Slate, and the New York Times. He earned a bachelor's degree in computer science from the University of Minnesota and a master's degree in computer science from Princeton. While at Princeton, he was the co-creator of RECAP, a browser extension that helps people share paywalled public documents from the federal judiciary. The software is still widely used by lawyers, journalists, and non-profit organizations. Resources https://fullstackeconomics.com https://twitter.com/binarybits https://fullstackeconomics.com/how-california-plans-to-turn-the-screws-on-nimby-cities/ https://www.vox.com/authors/timothy-b-lee HELP ME CROWDFUND MY GAMESTOP BOOK. Go to https://wen-moon.com to join the crowdfunding campaign and pre-order To The Moon: The GameStop Saga! If you haven’t already and you enjoyed this episode, please subscribe to this podcast and our mailing list, and don’t forget, my book, Brexit: The Establishment Civil War, is now out, you’ll find the links in the description below. Express VPN 12 Months 35% off!! - https://www.xvinlink.com/?a_fid=chatter​ Watch Us On Odysee.com - https://odysee.com/$/invite/@TheJist:4 Sign up and watch videos to earn crypto-currency! Buy Brexit: The Establishment Civil War - https://amzn.to/39XXVjq Mailing List - https://www.getrevue.co/profile/thejist Twitter - https://twitter.com/Give_Me_TheJist Website - https://thejist.co.uk/ Music from Just Jim – https://soundcloud.com/justjim

Welcome!  We have had a very busy week this week so this is a reply of the show aired the end of February.  I'll be back next week. It was also another busy week on the technology front and we are going to delve into what actually caused the energy problems in Texas.  There is a new type of malware that is affecting Macs and it is has a different MO.  Then we are going to discuss Apple and their ventures into automated electric cars and what we can expect. Why are states having issues making appointments for vaccines? In a word, it is bureaucratic incompetence. Then we have a new type of hack out there.  It is called Buy-to-Infect and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: This Basic Math Shows How Wind Energy Failures Contributed To Texas’s Deadly Power Loss An Insider Explains Why Texans Lost Their Power New malware found on 30,000 Macs has security pros stumped Report: Nissan shot down Apple deal to avoid becoming Foxconn of cars N.Y.’s Vaccine Websites Weren’t Working Apple is already working on developing 6G wireless technology Owner of an app that hijacked millions of devices with one update exposes the buy-to-infect scam Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. Hi everybody. Craig Peterson here. I'm so glad to be here. I'm happy you're here as well. There are so many ways to listen. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had been already involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. What I did there was design for Unix systems a way to check for malware, a way to manage them remotely. Yes indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.  I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got a lot of older people who are listening who are saying, yeah, I remember that. It brings back memories.  In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a cool little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. That was made by Timex. If you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course was like an 8080, which was Intel's, big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.  The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties and we had some terrible operating systems that many people were running like Windows, just absolutely horrific. Remember windows three-point 11 and XP and the millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code, it came out in one of the lawsuits, for one of these versions of Windows.  It was a different world and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties and I was hosting email for companies and websites and doing some filtering and things with some kind of precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys and all of a sudden customers started calling me because the email wasn't working.  It turned out it was working, but it was extremely slow and I had to figure out why.  I telneted to my server. I got on, started poking around the servers.  I had a computer room and the first floor of the building that I owned and I was up on the second floor. Off we go looking around trying to figure out what is going on. It was me actually. I said us, but it was really me. Cause I knew the most about this stuff.  There were these processes that just continued to fork and I was trying to figure out why is it creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten rules of the internet about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. You just send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.  I saw some of this stuff going on. I was trying to figure out what it was, but, we trusted everybody. So my mail server was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.  Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't then what they are today. In fact, one of our engineers just had to run out to a client who did something we told them not to do.  They were using the Sonic wall firewall on their network as well as they had our stuff. So we had a really good Cisco firepower firewall sitting there, and then they have this SonicWall so that they're people, remotely could connect to the Sonic wall firewall, because it's good enough. SonicWall says it's compliant. The SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.  So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's been really bad.  Boy, am I wandering all over the place?  Back to this, we would allow people to get onto our network to fix things.  If something was wrong, if we were misconfigured, they could help us and they could get on and do it because Sendmail configuration was not for the faint-hearted. In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. I was trying to run a business where we hosted email for businesses, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.  That's what I wanted to do. That was my business.  Later on, I ended up helping 80% of my clients find the other web hosts after, these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago, went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working he was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He was hosting all of these 150 at a site, the charges, the eight to $10 a month for web hosting.  He had all of these sites on top of a machine that was already split up hundreds of ways. It's just amazing what people do.  Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get cheap, and see what happens to you. Some of them, we still maintain a good relationship with and so we help them out from time to time, right?  What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.  What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That to me makes a ton of sense. Why not do that?  This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added in this basically malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the biggest exploits that are being used by the bad guys right now is the security team's poor relationship with other employees within the organization.  I promise we'll get to this a little bit more and explain the bottom line here. What's going on and it goes back to this customer that we just had to run out to.  Why did they do what we told them not to do?  Stick around. We're getting into the battle between cybersecurity senior officers in companies, owners, business owners, and the, even the employees. There has been such a battle going on.  I saw two examples this week. Hi, everybody, it's a difficult world out there, but I find some comfort in listening to, of course, news radio. It keeps me up to date on what's going on. It helps me to really understand the world a lot better.  I mentioned that one of my guys just had to run out to a client who did something we absolutely told them not to do. They had been using this company that was a break-fix shop, I guess is the way you would put it. They had a business that would respond to problems and they charge by the hour. I think right now their hourly rate is like 160 bucks or something. It is not cheap, but anyhow, That they would sell people equipment and then move on, right? Your problems aren't my problems. Just leave me alone, go away.  It's a beautiful model because their employees at this break-fix shop don't have to understand much. They just have to know more than you do as a customer.  There's one level of understanding that you have, and for someone to appear to be an expert, all they have to do is have slightly more understanding.  That has bothered me so many times listened to the radio and they talk about somebody that's just this great expert, in reality, of course, they are not. But you don't know. That person talking about the expert doesn't know either because they just don't have enough knowledge. Of course, the person that's labeled the expert isn't going to say anything about it.  They were doing what most companies do, which is okay. We know we need a firewall, so let's get a firewall. They went out and they talked to this company and they did their Google research because of course, Dr. Google is an expert on everything.  Even with those differing opinions, you're going to go with the opinion that you like the best.  That's what they did.  They bought a Sonic wall firewall from this vendor, which was a break-fix shop. Now that's all well, and good. The sonic wall is not terrible stuff. They've got some amazing stuff as well. The problem is this device has been out of support for more than two years now. Even though they're not as advanced as some of the systems we can install, not that we always use the most advanced systems. It's not a bad, a little thing for a small business. We warned them that because they were using an out-of-date firewall that they could not get fixes for known vulnerabilities. Now that's a big deal too. Most people are not aware of the vulnerabilities that are on their machines. Do you go out every month and check the firmware versions on your firewall? You should be, even if you're a home user. Are you checking to make sure the firewall that the cable company provided you with is up to date, configured correctly? You've changed the password and the admin username, right? No?  Most people haven't. He hadn't, right. He didn't know. We told them we did a little research and said here's your problem.  That's part of his cyber health assessment. We told them what kind of firewall do you have? What's the version of software on it and we do that. We have a bunch of people that have asked for cyber health assessments. We've got them on a list because we're busy. So we have to schedule these and make them happen.  So we said, do not plug that machine in. Of course, what do they do? They plugged it back in again. So now all of a sudden this morning, we get a wake-up call from our monitors that are running they're on their  Cisco firepower firewall, where we have their extensive suite of additional software. This isn't just an off-shelf, Cisco firewall.  It's telling us that the SonicWall or something through our, via the SonicWall. Is going through all this customer's network. It's actually attacking the Cisco firewall from inside the network. Absolutely amazing. Why does that happen? In this case, the business owner, and it is a  very small business. It has about 5 million in revenue per year, I would guess.  It's a small business by every stretch. The owner just doesn't want to spend the money he doesn't absolutely have to spend. He's not looking at this saying I could lose all my intellectual property. I could get sued by these people. I could lose my clients who find out that their data was released. Their orders were released. Everything was stolen.  He looks at it and says, Oh wow. It's 200 bucks a month. Wait a minute guy, you have how many employees? You're worried about 200 bucks a month. I personally, I don't understand that. Why would you do that?  Now, you're in a poor country. Okay. I get it right. That's a lot of money to spend, but not here in the United States. Doesn't make sense.  A lot of this is really the reason I brought it up. It's showing how there is a disconnect between business owners, C-level people, and cybersecurity people. Basically, if you have less than 200 employees, you cannot afford to have your own cybersecurity team. It's impossible. It's way too expensive.  Then the numbers start to change outsourced cybersecurity, which is what we do.  We do this for this customer and. The in-house cybersecurity people, but we all have the same basic problem. The owner has a problem too, right? He has to weigh the costs of cybersecurity against the risks involved, which is what Equifax did.  What so many of these big companies do, right? There's this, the norm Equifax said it's going to be way cheaper to just pay out $10 million in fines. When we get fined by the federal government for losing everyone in the country's personal financial information then it is to do this or we're not going to bother.  Man, I'd love to see the smoking gun email on that, where they made that final decision, probably doesn't exist. They're smart enough to know that they would get sued and they have been sued because of this.  We've got another problem right now because of people working from home. I mentioned, in fact, this week, you should have gotten an email from me on Thursday. That was a little audio thing that I put together. We call these things, audiograms, and it's a kind of a video that'll play.  This particular one is about part of this problem. We've talked extensively about that water plant in Florida, that was hacked for lack of a better term. It might've been an insider thing. It might've been someone external, et cetera, et cetera. The reason it happened is that business, the water plant for a town of 15,000 people, which would be in a normal world, a small business. That small government operation was all of a sudden faced with lockdowns. What do we do? They didn't have a plan. They didn't have a business continuity plan, which is so important. I talked about it extensively last week as well. They had no way to manage this. So what did they do? They went out and bought team viewer licenses for everybody in the business. That put, well not the business, in this case, the agency, that put the agency at risk. That is putting our businesses at risk too, in such a big way. That's what the audiogram I emailed out on Thursday explaining this a bit.  So stick around. We're going to continue this conversation.   Of course,  you're listening to Craig Peterson online@craigpeterson.com. We have people working from home. We didn't really plan for this. We're doing it because of the lockdown. Maybe, you found that it's actually better for your business, from whatever angle. What are the risks here of people taking computers home? Hello. Everybody Craig, Peterson here. So glad to be with you today. Glad you're taking a few minutes out of your day as well to listen in.  Now I am very concerned about people using computers that they're taking home. I want to make a definition. Maybe there's a better way of saying this, computers that are used at home, home computers should never be used for work.  I'm going to explain why. Computers that are at work probably should not be taken home. We saw the example of this, just this last couple of weeks.  I was talking about this wonderful plugin that I've been using and recommending people use here for a very long time, called the Great Suspender. We've talked at length really about what happened there with the company being bought and then becoming evil, right? Just buying their way into 2 million people's computers.  Sometimes these Chrome extensions that are installed on personal computers get automatically installed and synchronized to your work devices. In fact, that's the default. If you log into Chrome and you're using Google Chrome as your browser and you log into it on your home computer, and when you log into your same account over on your business computer. All of a sudden, now it's syncing. It's syncing things like passwords, which you should not be having Google store for you. You should definitely be using a good password manager and there are a few out there.  If you're not familiar with them or don't know which one to use or how to use them. I have a great little special report on passwords and using password managers. I'd be glad to send it to you. Just email me@craigpeterson.com and I'll send that on-off, right? I'm not making a dime off of that. I want to make you safer.  I don't want to have happened to you what's happened to millions of Americans, including my best buddy who had his information stolen. I've been after him to use password managers. He never did it. I don't know why. Until his paycheck got stolen. Then he came over and I explained it and set it up with them and really helped him out. Maybe we should do a whole webinar showing you how to use these password managers, how to get them set up because it is a little bit tricky. It's certainly different than you're used to. Many people are using their browser Chrome in this example, to save passwords. When you go to a website, you'll automatically have the password there. Maybe you've got it set up so that it'll automatically log you in with all kinds of cool stuff. But there is a very big problem and that is that there is a huge risk with running these extensions, like the Great Suspender. The Great Suspender was approved by Google. It was in the Google store. You could download it from their app store. Absolutely free.   In January of this year in 2021, we had someone out on Twitter, tweet that there was a problem with the security on the Great Suspender. It had been changed. It was being used now to send ads out and other things. That's pretty, pretty bad. The extension wasn't banned until about a month later and you as an end-user had no official notification that this extension was potentially malicious.  Apparently, they could, with this malicious software they embedded, not just show you ad, not just insert their own ads to generate revenue onto the webpage as you were visiting, they could also grab files from your machine. That's a very bad thing.  Now, presumably, if you're at work, you have a team that's helping you outright.  The IT security team, there may be different teams and maybe the same person who also is the office manager, who knows. It does vary. Businesses cannot know what you're doing when you're starting to install those extensions and they are pushing their way onto your office computer because you're using the same Google account in both places. Now, despite the risks, of course, I installed this Great Suspender used it for years and I was pretty happy using it. I know many other people who were in the same boat. Security teams have some great tools. I mentioned my son who's one of our team members got called out to a client. During the break, I was just chatting with him briefly. What had happened is they plugged in this firewall we told them not to plugin. It was apparently hacked from the outside. It had known security vulnerabilities. He had not, this small business owner had not yet paid for maintenance on his little firewall, so he was not getting security updates. In fact, my team member looked at this and found that it had been three years since the firmware on his firewall had been updated. The bad guys got into his network through this secondary firewall, which we told them not to have not to plugin. Our firewall only noticed it because this malware started scanning everything on the network. Of course, it scanned two of our machines, one being the firewall.  Remember this isn't a regular firewall that we put in there. This is a firepower firewall with a whole bunch of extra software on top of it.  In our data center, we have some huge machines that are sitting there watching what's going on remotely. On our client's networks via that firepower firewall.  We started getting all these notices as to what was going on, but this is a great example. We're not updating some of that software. He had a security team and he ignored the security team. We were the security team. We're outsourced cybersecurity that's what we do, but that happens many times.  Many business owners and others look at the cybersecurity situation as having many different shades of gray. What should you do? What shouldn't you do? The teams that are working in these businesses, including us. We have to tell them, Hey, don't use that firewall. Do not plug it in. You don't need it. If you plug it in, it's going to make it way easier for some of your people to work from home.  This is not set up correctly and you're going to have problems. That's a difficult conversation to have with a business owner. We had it and he ignored it much to his peril. In this case, this one is hard to tell how much data was stolen from his business. The impact from this could last for months, and there could be investigations who knows what's going to end up happening here. That business owner and I, because I spoke to him as well about this whole situation before this particular event happened just about two weeks ago. In fact, that was a reminder cause they had plugged it in again. Six months before that we had told the business owner, you can't plug this thing in, you cannot be using it.  How do you do that? How do you let an impacted employee, somebody who's working from home, maybe using their own computer to do work for the business? How can you approach them and tell them, Hey, you cannot use Google Chrome?  You cannot save your passwords on your browser. You cannot install extensions. Even if you had a list of extensions today that were bad, that list is going to be out of date tomorrow, which is going to be a very big problem. Individual users do not have the ability to check this. Frankly, most businesses don't either. Again, that's why a business under 200 employees cannot afford to do this yourself. You just can't. This is a specialty.  We were talking yesterday with a prospect who had been brought to us by a break-fix shop and trying to get this concept through. We're going to talk a little bit more about that. What should you be doing? How can you pay attention? How can you even be safe in this day and age?  Hi everybody. Craig Peterson here. We've been talking about supply chain problems. That's a technical term for it, but the software that we rely on becoming evil, and what can we really do about it? Hello, everybody. You're listening to Craig Peterson.  How do you talk to a business owner and help them understand? That's a problem. Isn't it? Look at what happened a few years back with TJX stores. Them as maybe TJ max, that's one of their stores. They have a number of others. Their cybersecurity guys did something I have seen done before. That is, they went to the management of this massive public company and said, Hey, TJX, we need to get this hardware. We need to get this staffing. The hardware course pretty expensive and it sits there and it does much the same stuff. Even back then. Nowhere as good as today. It's exponential, as to how much better it gets every year, but it was good hardware.  It really could have stopped the hack that happened and it did.  Here's what it did. It noticed the hack was going on. The problem was they were able to say yes to the hardware, the senior management said yes. They got the hardware, but senior management would not get the security technicians that were needed to monitor and run that hardware. They were short-staffed.  That's another problem we're seeing. That's why the companies you're dealing with, whether it's Equifax, with who you do not have a direct business relationship with, and yet have all this information about you and sell that. Or maybe it's just some other website. That's why they lose your data. It's a real bad idea. The bad guys are just waiting out there just siphon all of your data. In many cases, when you're talking about a business and a business website, or even your home computer, they're looking to redirect you to malicious websites. What they'll do is for instance, again, the Great Suspenders' an example, that they claim it's been fixed now. With something like an extension or a plugin that you put in your browser, they could rather easily code it up so that you are going to a website that's malicious. It could look like Bank of America's website and you go there and you enter in your information. You put in your username, you put in your password, it asks you a security question. Maybe maybe not, but your username and password. Then it says incorrect. Then your screen refreshes while your screen just refreshed because you were not at the Bank of America, originally. You were at a malicious website and you entered in your username and password. Now the bad guys have your username and password to your banking system, to your login, to your bank accounts. They got that. That's all they needed. They didn't want you to know that this was going on so they just went ahead and redirected you over to the real bank website. Hence, the supposed reload.  It's a very big weakness here in how IT and security teams operate because too few security teams really can relate with the CEO and vice versa.  I've seen that all of the time with people working for me in cybersecurity, you've got a really good idea of what needs to be done, how it needs to be done when it needs to be done. To you, it's the most important thing in the world, right? You don't want the business to go under, you're going to lose your job, maybe your pension retirement plan is tied to that business. You don't want it to happen, but have you got the trust built up with the senior management?  Then how about the other side of this relationship? How about if you're a cybersecurity person? Even if, again, you're not a professional, you're just the person tasked with it in the office or you're the person tasked with it at home. How do you go to the other employees and tell them you can't use your Google Chrome account here in the office? How are you going to enforce it? How are you going to tell your husband or wife, Hey, that's dangerous? I don't want you installing any of these extensions on your computer. One of the really bad things that people do with their browsers is they put on these real fancy little extensions that give all kinds of extra wonderful information. It ends up as a toolbar and it lets you do searches on this site or that site. Maybe it keeps you up to date on the stocks that you have in your portfolio. You're telling hackers what stocks you own, really? It might be legitimate, right. But who knows? That's the problem. Something like that can really mess you up and send you to malicious sites. You know that your spouse is using that or your kids are using that. How do you talk to them? How do you solve those problems? It's a real problem.  There are some interesting tools that you can use, as professionals. There's a Slack channel I can send you to, if you're interested, actually, it'll be in the newsletter that comes out on Sunday. At least it should be under one of those articles. It is a problem.  Netflix, by the way, is really trying to help you out too. Not only did the Netflix security team provide some feedback for what's called the honest security guide, but it's also made some of its user tools, the tools that you might use at your home to find a movie, et cetera, it might help really to secure you.  Git Hub has this. It is called, this is a Netflix skunkworks, the stethoscope app. It's a desktop application created by Netflix that checks security-related settings and makes recommendations for improving the configuration of your computer. It doesn't require central device management or reporting. You can have a look at that. If you are interested, let me know. I can probably point you in the right direction to the stethoscope app. That's what we want to see in this honest security guide. You'll find it online. At honest security is a guide to your devices, security, which in the biz we call endpoint security and it is cool. You can run through all of this list is a big checklist and talking about why honest, and they're saying dishonesty stops you from doing the right thing.  That's why in my courses, I spend a lot of time, more time in fact, on the why than the how.  I want you to understand honestly, why you should or should not do something. There are so many people who are out there yelling and screaming, jumping up and down. Particularly your antivirus companies. You fake VPN companies who are trying to get you to buy their products that not only do not need in most cases but will actually make your computer less secure.  So we have to be careful about all of this stuff. We have to make sure we are talking. We've got to have a trust relationship set up with the owners of our business. Cause you guys, some of you, I know own businesses, some of you work for a business. We've got people listening to this all over the world and every continent I've even seen a listener down in Antarctica.  I really can say every continent. It's important that we know how to work with our fellow employees, with our management, with our family members, to help them to know what they need to do.  There is no time to wait. We have never seen as many attacks as we're seeing now. We've never seen the government using its resources to attack us more than we have now. We've never seen more billions of dollars stolen per year by the bad guys. There are some basic tenants that you can follow that will make you way more secure. And that's why you're listening. That's why I go through some of these things to help everybody understand.  That's also why I go ahead and make sure that I answer your emails. If you have a question, make sure you go ahead and ask. You can just email me at me@craigpeterson.com. If it's something urgent, I have a form on the bottom of my homepage  @craigpeterson.com. You can give me a little bit more information. I tend to keep an eye on that a little bit better than my general email, although I do use some amazing email software that helps me to keep track of the real email and get rid of the spam and put things in boxes and stuff  craigpeterson.com. It's that simple email me me@craigpeterson.com. If you have questions.  I hope that Google is going to continue to improve itself. I love the fact that they found out that this one extension was malicious. For those of you who might've just tuned in, we're talking about something called the Great Suspender something I've used for years, it became malicious, but they need to do more.  As people who are concerned about security, we just can't wait for the next incident. Just again, this client of mine, who we've been warning about this for months, he's stopped doing what we told him to do, and then decided well it's just too difficult. That's something we hear a lot from businesses. Oh, it just hampers the work. It hampers it because now we have to get permission from it in order to mount this particular drive or gain access to those files or materials. Yes you do, because we have to stop the internal spread of all of this malware and all of these hackers.  It is absolutely worth it.  All right, everybody. Thanks again for joining me today. I really hope you've been enjoying this. I have years' worth of podcasts out there and you'll find all of those at craigpeterson.com/podcast or on your favorite podcast platform.  If you subscribed under iTunes, you might've noticed, ah, yeah, I just released a whole batch there too. I expressed concerns about owning an Apple watch. I held off for a long time. I want to talk about these devices now, the security concerns, but also the amazing health tools that are built right in. Hey, welcome back. This Apple watch is really fascinating. It has been around now for six generations. There are a number of other watches that have had, or tried, I should say, to compete with Apple. They haven't been very successful. You might've noticed that. I have a friend that bought some watches for his family and to him that monitor all of the basic vitals and record them and send them up to his phone. It's a 20-ish dollar watch. He got it from South Korea probably are parts made in China, but it is an inexpensive watch and it does some of the basics at the other end of the scale. Let's have a look right now. I'm going to go to apple.com online, and we're going to click on watch. Here we go, Oh, my they've got special watches so you can buy their watches. It looks like the new one, the Apple watch series six for starting at 400 bucks or they have two different sizes. . They have a more basic watch called the Apple Watch SE that starts at about $300. You can still get the Apple watch series three. Now, these all can monitor high and low heart rates. They can give you irregular heart rhythm notification, but it's only a-fib atrial fibrillation, I think is the only one they can monitor, but all three of those can monitor that. As I said, my buddy's watches, he got for his family at 20 bucks apiece are able to do most of that as well.  These are water-resistant to 50 meters, which is really cool. The series six also has an ECG app. That is very cool. You open the app, you put your finger on the crown of the watch and it gives you an EKG right there on the watch and it feeds it to your phone. On your phone, you can turn it into a PDF. You can share it with your doctor on and on. It's just amazing. It's a three-lead type, I was in emergency medicine, right? A med-tech EMT, EMT-PD can't remember. I had a whole bunch of different certifications back in the day. But it's fantastic for that. It also has a blood oxygen app that monitors your blood oxygen levels. It ties all of this into their new exercise app, which is amazing. That ties into your phone or your iPad.  I will go down in the basement onto the treadmill and I'll select your treadmill workout.  It has dozens of them. Have you seen this really fancy treadmill? A couple of years ago they got in all kinds of trouble because they advertised it around Christmas time and apparently this woman really wanted a treadmill and she got one and she was all excited. All of these people jumped out of the woodwork. All your you're saying she's fat, et cetera. No, she wanted a treadmill. These are amazing treadmills because they have built into them. These streams and you can join classes, et cetera. With the Apple Watch, my iPad, and a subscription to this iHealth app, which you can get as part of this Apple plus thing you can buy for 30 bucks for the whole family, 30 bucks a month.  I don't know how many I have seen probably a hundred different workouts on there.  It has different workouts, different types of weightlifting, running, jogging, treadmills, elliptical machines, everything.  You can pick your pace. You can pick your instructor, you can pick everything. Then your Apple watch is monitoring your body. As you're working out. So it's telling you how many calories you've burned. What's your heart rate is to help keep your heart rate in the best range for you, depending on what kind of a workout you're doing. It also lets you compete against other people. Does this sound like an ad for the Apple watch?  You can compete with other people your age doing the same workout and see where you're at. I was really surprised because typically I am at the front of the pack when it comes to my treadmill workouts. That's really cool as well. Those are some of the basics. There are other things too, that Apple is doing. We've found, right now, that Mount Sinai just came out with an announcement and they said that the Apple watch can predict COVID 19 diagnosis up to a week before testing can detect it. Yes. Isn't that something? Not only can the Apple watch help with certain heart arrhythmias, but it can predict that you have COVID-19 too a week before testing normal testing. Those swabs can find it out.  This is from the journal of medical internet research, which is a peered review journal. And they found that wearable hardware and specifically the Apple watch can effectively predict a positive COVID-19 diagnosis up to a week before the current PCR-based nasal swab tests. They called this the warrior watch study. They had a dedicated Apple watch and the iPhone app, and they had some participants from the Mount Sinai staff and it required, of course, these staff members to use the app to turn on the health and data monitoring and collection, and also asked them to fill out a survey every day to provide some feedback about their potential COVID-19 symptoms. As well as other things like stress can obviously make your heart rate, go up your blood pressure, go up, et cetera. Oh. By the way, Apple, supposedly the rumors are, we'll have a BP sensor in the Apple seven that'll be out later this year, most likely.  So they had several hundred healthcare workers and the primary biometric signal. I know that the studies authors were watching was heart rate variability. This is fascinating to me because it's something that I learned about fairly recently. Then when I got my Apple watch, I read up more about this, but basically, heart rate variability is what it sounds like. It's your heart rate. Let's say your heart is beating at 60 beats per minute. It is not beating once every 10 seconds.  It is not beating once a second. Your heart rate will vary over the course of that minute. If you're healthy.  Obviously, a beat every 10 seconds isn't 60 a minute. Let's use that as an example. Somebody who's almost dead and has six beats per minute. The first heartbeat might be at 10 seconds. The second heartbeat might be at 22 seconds because your heart is supposed to vary its rate of contractions based on immediate feedback. It's not just that you're going out in your running and now you've driven up your heart rate and you're doing your cardio and it or you just walked up a flight of stairs or you stood up, which is another test, by the way, what we're talking about here. You might just be sitting there, but your cells have a different need for oxygen or for the blood. The heart slows down slightly or speeds up slightly.  This heart rate variability is something built into the Apple watch and into the iPhone app that you attach to the Apple watch. Isn't that useful without an iPhone, frankly? Then you can look at your heart rate variability right there.  They said, combining that with the symptoms that people reported, these Mount Sinai staff, that the symptoms that they reported that were associated with COVID-19 including fever, aches, dry cough, gastrointestinal issues, loss of taste and smell corresponded with changes in the heart rate variability. I thought that was just absolutely phenomenal because heart rate variability is considered to be a key indicator of strain on your nervous system. COVID-19 obviously is going to put a strain on the nervous system. Just very neat.  It says here that the study was not only able to predict infections up to a week before tests provided confirmed diagnosis but also revealed that participants' heart rate variability patterns normalized fairly quickly after their diagnosis or turning to normal run about one to two weeks following their positive tests. That's from a TechCrunch, that particular quote.   I am very excited about this, but I am also on the concerned side. I'm concerned because they are collecting vital data from us. All of the major companies, Google and Microsoft and Apple want to be the company that holds all of your personal medical records. We're going to get back to that when we come back here. What is happening? How is your doctor managing your medical records? I was really shocked to find out how that industry is working.  Of course, you're listening to Craig Peterson. Check it out online. Craig peterson.com. Welcome back. What are you doing? Are you asking your doctor how they are handling your medical records? Because I think you probably should based on what I learned just this week. Hi everybody. Craig Peterson here. Thanks for joining me.  We were just talking about health. We're talking about the Apple watch and the fact that there's a lot of competitors out there, some of them, a fraction of the cost. If you buy the Apple watch on terms, you're going to pay less in one month's payment on terms to Apple than you would for some of these other watches out there, but Apple watches do have more features.  Mine even has a built-in cellular modem. Even if I don't have my phone with me, phone calls come through to my watch and text messages, and I can respond and answer. It's really nice. Medically I am very impressed. It has been good at motivating me to do some exercise, to get up, and about just to do a bunch of things I had never, ever done before. Consider that.  It is collecting our data. Apple now has potential access to all of my cardiac data. They've got EKGs that I have run on my watch. They know about my heart rate. They know how often I exercise, and how hard I exercise when I exercise. They know all of this stuff about me. I had a conversation with someone just saying why does that matter? Maybe it's Apple, maybe it's somebody else. Why does it matter?  It does matter. Think about an evil genius, right? The thing about somebody that might want to target Americans and might want medical information about Americans. They can gather it in a number of different ways. We're going to talk about medical records here in a little bit. One of the things they could certainly do is grab all of our watch data. Some of these watches, including my Apple watch, have GPS built into them. When you're out running or jogging, you know where you went, you can plan your route and it'll remind you, Hey, turn here, turn there. That's one of the things I love about the Apple Watch when I'm using it with Apple maps out driving, it taps me on the wrist and reminds me, Hey, in 500 feet, you got to turn.  If I look at the watch, it'll even show me the turn I need to make coming up in 500 feet. It's really amazing. All of this information is being compiled and hopefully, it's being compiled by a company that we can trust. At this point, we can probably trust Apple. Hopefully, they're not going to be broken into. Now, their margins or profit is high enough that they certainly can afford a security team, one capable of defending them and defending our data. I hope they are. I suspect that they are for the most part. How about some of these others? We know Google, for instance, is in the business of collecting and selling our information, is having all of our medical information. Not just the stuff from our watches, but the stuff from our doctors. Are they to be trusted with that kind of information? Going back to that bad guy, that mad scientist we can, and probably do engineer viruses that are targeted at specific things. In fact, the Russians have been doing it. The Soviets' started it, they came up with a phage. That can attack certain viruses and it acts like a virus it gets in and does this little thing. We've got right now, these COVID-19 vaccines and they act like a virus they're messing with, well effectively, the DNA. In fact, it's the RNA, but it's pretending, Hey, I got a message from the DNA, here it is.  What if a bad guy knew that are a certain population in a certain area, and that area was right by this important military base or whatever they came up with something that would target them and they'd have all of the data to do it now. That's obviously an extreme example. A more common example would be that your medical data is there. It's being sold to advertisers and you're going to end up with something.  For instance, there's a company, very big company out there and they sell baby products. What they did was they tracked and they bought this information, but they tracked women who were purchasing certain things. Now, they weren't purchasing things that were directly related to having a baby, right? They weren't purchasing diapers or little jumpsuits or whatever it is. They were purchasing things that were not directly related maybe people wouldn't even think they were typically related to having a baby. Yet they were able to figure this out. They got that good with the data.  So they thought, Oh, okay let's get wise here. Let's send out a postcard, congratulating them on their pregnancy and offering them a discount on something. Yeah. Not a bad idea, frankly.  However, in this case, some of these moms I hadn't told anybody that they were pregnant yet and didn't want to tell anybody that they were pregnant yet. It fell on its face. Didn't it?  How about these ambulance-chasing lawyers that are out there? Are they going to want to gain access to this, to your medical records?  How about your employer? Your employer wants to know I'm going to train this person. Hopefully, they'll stick with us for a while, but is he going to be a burden on our medical plan? Keyman insurance, health insurance, life insurance. Have access to everything about you. That's what really concerns me about these, all of these devices.  Right now, pretty confident that I can give Apple this information and they will keep it pretty safe. But, I said the same thing about the Great Suspender, right? I don't know about the future.  Then I found something out this week that was in my mind extremely disturbing. We have a new clinic that we've picked up as a client. They needed to have security. They had a couple of little security issues. They were worried. They knew they were not HIPAA compliant. They approached us because they know that's what we do is cybersecurity and audits and remediation. Fixing the problems. We pick them up. They're a client. We're in there. They had told us in advance that all of their medical record systems were on-line. It was on the web. All they needed was a web browser to run their business. Okay. That could be a problem. It might be okay. The medical records manufacturer might have good security on all of the records. So we may be safe, although in HIPAA unless you have a business process agreement in place with that vendor if that data is lost, it falls back on the doctor's shoulders. Anyhow, what I found out was, first of all, it wasn't completely web-based, which just shocked me. I'm not talking about they have to scan records or they got the x-ray machine or whatever. It really wasn't web-based and secondarily the company they were using for the medical records was a free service.  The doctor, that clinic, was not paying for their medical records management software.  The way it works is this medical records management company when the doctor prescribes something when the doctor performs a procedure and bills and insurance company, it's all done through this one company and that company takes a chunk of their money. In some cases we found seems to have been inflating the bills that went off to the insurance companies and that, as it turns out is a common practice in the industry. According to the doctors at this clinic, I was shocked, amazed.  Something you might want to look at. Ask your doctors where are your records kept and are they secure? Now we had HIPAA. We thought that would secure it, but it doesn't.  Stick around. Hey, we got a name now for what happened to the Great Suspender and QR code scanner apps over on the Google stores. One at Google Play, the other one over on the Google Chrome store. It's become that popular. Hey, everybody, I wanted to mention this whole new category of malware really, and they're calling it, right now, Buy to infect. What happens is a bad guy, a malware guy buys a legitimate app and then starts infecting it.  We know, obviously, about the one that I've been talking about a lot the Google extension that I used to use all of the time, the Great Suspender. I mentioned this one a few weeks ago, it's called QR code scanner. It's been on the Google play store for a long time, had more than 10 million installs and then all of a sudden it became malicious.  This is a little bit of a different angle on it because, with the Great Suspender, the ownership of that software actually transferred to somebody. With QR code scanner, they were working on a deal with a company and this company wanted to verify the Google play account for QR code scanner. This is all according to the owner, the original owner of QR code scanner.  They said that what had happened is part of this purchase deal. I let them have a look and gain access to the software's key and password prior to purchase so they could confirm the purchase, which doesn't sound too bad. Apparently, as soon as they got a hold of the software's key and password, forget about the purchase, we're going to start infecting it right away.  It ended up getting that app, the QR code scanner app, pulled right from the Google play score store. Of course, now you don't need that quite as much because most of the phone apps when you go to take a picture, the camera apps have built into them, a QR code scanner.  I thought that was fascinating what they did. They totally cheated the company. They didn't even bother buying it. So a little word for the wise out there.  Got another Apple story cause this is showing how the computer industry is really shifting. We've talked about some of the shortages of chips and the shortages of computer chips are so bad that General Motors has had to shut down two-thirds of its manufacturing lines in at least one plant.  Every major automobile manufacturer is having problems making cars because they can't get the chips.  Remember nowadays, a car, a truck is essentially just a computer on wheels. Not really actually computer on wheels. It's really dozens of computers all linked together with a network on wheels.  Apple has been worried about that, right? Supply chain. That's one of the things you're supposed to worry about as a public company. What are the risks going forward including to my supply chain? Obviously your supply chain matters. You gotta be able to make something you need parts, right?  Apple has been upset with Intel for a while. You might remember Apple. When it first came out, was using a Motorola chipset, which was exceptional much better than the Intel chipsets.  Of course, that's my opinion, a lot of people agree with me. You had the 68000, 68010, and 20, et cetera. Very good chips.  When Apple started getting into the laptop business, that's when the problems started to happen.  These Motorola chips gave off a lot of heat and used up a lot of electricity.  At the time Apple looked around and said our only real alternative right now is Intel. Intel has a whole line of chips, different speeds, and they have mobile chips.  Those mobile chips use much less power than the Motorola chips for the main CPU.  They also use less battery. Those two go hand in hand and generate less heat. That's it all goes hand in hand. So they said, we'll start working with Intel. They did. Intel really disappointed them more than once, which is a shame. They disappointed them with the 64-bit migration. AMD, advanced micro devices, beat Intel to the punch. Shockingly Intel started making AMD compatible CPUs right. The 64-bit extensions to the CPU were AMD extensions. They had problems with some of their other chips as well. Mobile chips getting the power usage under control, the heat dissipation problems under control, and they never really lived up to what Apple was hoping for. What everybody in the industry was hoping for. In many ways, Intel has been a huge disappointment, which is really a shame.  We'll look at what they did to the industry, with these predictive instructions, the hyper-threading, and stuff. Where bad guys were able to bring a computer to its knees.  What does Intel say? Here's a firmware patch you can apply to our CPU, those little CPUs you pay upwards of $2,000 for a piece for one chip.  Those CPU's and by the way, it's going to, cut its performance by a minimum of 20%, maybe 50%, that's okay. What are you kidding me?  A lot of people were upset with Intel and Apple and Microsoft and everybody released patches that use the new Intel microcode. You might've noticed when this happened a couple of years ago that your computer slowed down. I certainly noticed, actually, it was little more than a year, anyway, I noticed it because I own a data center. That has a lot of Intel chips in it where we're running mostly Unixes, Linux, and BSD, but we're also running Windows. So the only way to work around this bug was to apply the patch and slow everything way, way down.  Imagine how Apple and Google felt with their huge data centers. IBM too. IBM has Intel-based data centers, as well as its own chips, and boy talking about phenomenal chips, as far as processing power goes, IBM, man, they are still the leader with the power chips and their Z series. That just wow. Mind-blowing.  Most of us are stuck in the Intel world. Apple said we can no longer trust Intel. So what are we going to do? Apple said we've been developing this chip for a long time. Apple took the chip design, they licensed it from this open sourcee type of company that has a number of members. They took this arm architecture and were able to improve it, and keep adding to it, et cetera.  They're still part of this Alliance. They started using these in their iPhones. The iPhones have been using these chips the whole time and they started improving them after they released the first iPhones.  Intel didn't really get them upset until a little later on, too. They came up with newer ones, faster ones, better ones, right to all of these A10 their bionic chips. They've got AI chips, machine learning chips, all Apple designed. Chips, of course, manufactured by third parties, but that's what Apple is using.  Apple has now said we expect all of their Macintosh computers to be based on Apple's CPU within the next two years.  There's already some really good ones out there right now that people like a lot. We've been using them with some of our clients that use Apple. Not everybody has had great luck with them, but Apple is not only ditching Intel, that's not the big story here. Apple's got some job listings out there looking to hire engineers.  So when we get back, we'll tell you more about what Apple is doing and what frankly, I think the rest of the industry should look at. Guess what? They are. It's been Intel versus the rest of the world. They've been winning for years in many categories, but now they're starting to lose, as major manufacturers are starting to leave Intel behind. But there's more to the story still. Hi, everybody.. Craig Peterson here. Thanks for tuning in. We're glad you're here.  In the last segment of the day, I want to point everybody to the website, of course. You can get my newsletter. It comes out every Sunday morning and it highlights one of the articles of the week. It gives you a pointer to my podcast. So you can listen right there. There's just a lot of great information. Plus I'm also doing little training. I'm sending out, hopefully, next week, two little training sessions for everybody to help you understand security a little better, and this applies to business. However, it's not. Strictly business, much of what I talk about is also for home users. So if you want to go along for the ride, come along, we'd be glad to have you. There's a lot to understand and to know that you won't get from anywhere else. It's just amazing. Many other of these radio shows where they are just nothing but fluff and commercials and paid promotions. I'm just shocked at it. It goes against my grain when that sort of thing happens. Absolutely.  We were just talking about Apple and how Apple got upset with Intel, but they're not the only ones upset. We also now have seen a lot of manufacturers who have started producing Chromebooks and surface tablets that are based on chip sets other than Intel's. This is going to be a real problem for Intel. Intel has almost always relied, certainly in the later years has relied on Microsoft and people bought Intel because they wanted Windows. That's the way that goes. It's just like in the early days, people bought an Apple too, because they wanted a great little VisiCalc, the spreadsheet program.  Now, what we're seeing are operating systems that do not require a single line of Microsoft software. Google Chrome is a great example of it. Linux is another great example and people are loving their Google Chrome laptops, and you can buy these laptops for as little as 200 bucks. Now you get what you pay for and all the way up to a couple of grand and they don't have a line single line of Microsoft code. Yet you can still edit Word documents and Excel documents, et cetera. They do not contain any Intel hardware. What was called, well, they might have a chip here or there, but not the main CPU. What used to be called the Wintel monopoly. In other words, Windows-Intel monopoly is dying. It's dying very quickly.  Apple is not helping now. Apple, they've had somewhere between seven and 10% market share in the computer business for quite a while. Personally, I far prefer Apple Macintoshes over anything else out there by far.  I use them every day. So that's me.  I don't know about you. There's a little bit of a learning curve. Although people who aren't that computer literate find it easier to learn how to use a Mac than to learn how to use Windows, which makes sense.  Apple has really done a great job. A bang-up job. With these new chips, it's getting even faster. We are now finding out from a report from Bloomberg who first started these, that Apple has been posting job listings, looking for engineers to work on 6G technology. 6G, right now we're rolling out 5g, which hasn't been a huge win because of the fact that if you want really fast 5g, like the type Verizon provides, you have to have a lot of micro-cell sites everywhere. They have to be absolutely everywhere.  Of course, it's just not financially reasonable to put them up in smaller communities. If the Biden administration continues the way they're going with the FCC and the open internet type thing of a-bits-a-bit, then there will be no incentive for any of these carriers to expand their networks because they can't charge more for better service. If you can imagine that. Ajit Pai fought against that for many years, Trump's appointee as chairman to the FCC, but things are changing. The wind has changed down in Washington, so we'll lose some of those jobs and we're not going to get all of the benefits of 5g. If he keeps us up. 6G is coming.   What that means is Qualcomm, who is the manufacturer of record for most of the modems that are in our cell phones. Qualcomm has also missed some deadlines. Apple is tired of dependencies on third parties because Qualcomm might have somebody else that buys way more chips. It might be able to sell the same chip to the military of whatever country for a much, much higher price. They can sell it to consumers. Maybe they just change the label on it and call it a mill spec, and often goes right, who knows? What they're doing out there, but Apple doesn't want to do that anymore. They are looking for engineers to define and perform the research for the next generation standards of wireless communications, such as 6G The ads say you will research and design next-generation 6G wireless communication systems for radio access networks with emphasis on the physical Mac L two and L three layers. Fascinating, eh? What do you think?  I think a huge deal as Apple continues to ditch, many of its vendors that have not been living up to the standards Apple has set.  Apple has moved some of the manufacturing back to the United States. More of the assembly has been moved here. The manufacturing, it's starting to come back again. We'll see the Trump administration really wanted it here.  We need it here, not just for jobs, we needed it here for our security. We've talked about that before, too, right? I want to also point out speaking of Apple and manufacturing, China, of course, does most of it for Apple and Foxconn is the company in China that makes almost all of this stuff for Apple. It's huge. Foxconn owns cities. Huge cities. They have high rises where people basically don't see the light of day, these high rise factories. You live there, you eat there, you shop there, you work there.  Like the old company store who is it, Tennessee Ernie, right? Owe my soul to the company store. That's what's happening over there. And Foxconn has kept its costs low by bringing people in from the fields, if you will, out there being farmers and paying them extremely low wages. On top of all of that, in some cases they're using slave labor. I found this article very interesting, from Ars Technica's, Timothy B. Lee. He's talking about a potential partnership between Apple and Nissan. Let me remember. I mentioned Apple talking with Kia and Kia is denying it. The financial times reported on Sunday that this potential deal between Apple and Nissan fell apart because Apple wanted Nissan to build Apple cars, they would have the Apple logo on them. They all be branded Apple. It wouldn't say Nissan unless you took something seriously apart you might find it inside.  Nissan wanted to keep the Nissan brand on its own vehicles. Bloomberg reported last week that the negotiations with Kia and of course its parent companies Huyndaiin South Korea had ended without a deal. The Financial Times said that Apple has also sounded out BMW as a potential partner because Apple doesn't make cars. So how are they going to do this? Apparently the talks faltered with Apple and Nissan because Nissan had a fear and apparently this is true of Kia too, of becoming quote the Foxconn of the auto industry, unquote, which is a reference to this Chinese well it's Taiwanese technically, but a group that manufacturers are while actually assembles the iPhones. Fascinating. Isn't it fascinating.  When you start to dig into this self-driving technology and the numbers behind it, that's where you wonder, why is Apple even trying at this point, Apple's test vehicles only traveled 18,000 miles on California roads. Between 2019 and 2020, or over the course of about a year, late in both years. 18,000 miles in a year.

Welcome!   It was also another busy week on the technology front and we are going to delve into what actually caused the energy problems in Texas.  There is a new type of malware that is affecting Macs and it is has a different MO.  Then we are going to discuss Apple and their ventures into automated electric cars and what we can expect. Why are states having issues making appointments for vaccines? In a word, it is bureaucratic incompetence. Then we have a new type of hack out there.  It is called Buy-to-Infect and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: This Basic Math Shows How Wind Energy Failures Contributed To Texas’s Deadly Power Loss An Insider Explains Why Texans Lost Their Power New malware found on 30,000 Macs has security pros stumped Report: Nissan shot down Apple deal to avoid becoming Foxconn of cars N.Y.’s Vaccine Websites Weren’t Working Apple is already working on developing 6G wireless technology Owner of an app that hijacked millions of devices with one update exposes the buy-to-infect scam Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees. Hi everybody. Craig Peterson here. I'm so glad to be here. I'm happy your here as well. There are so many ways to listen. I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had been already involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems. What I did there was design for Unix systems a way to check for malware, a way to manage them remotely. Yes indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.  I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got a lot of older people who are listening who are saying, yeah, I remember that. It brings back memories.  In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a cool little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. That was made by Timex. If you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course was like an 8080, which was Intel's, big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.  The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties and we had some terrible operating systems that many people were running like Windows, just absolutely horrific. Remember windows three-point 11 and XP and the millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code, it came out in one of the lawsuits, for one of these versions of Windows.  It was a different world and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties and I was hosting email for companies and websites and doing some filtering and things with some kind of precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys and all of a sudden customers started calling me because the email wasn't working.  It turned out it was working, but it was extremely slow and I had to figure out why.  I telneted to my server. I got on, started poking around the servers.  I had a computer room and the first floor of the building that I owned and I was up on the second floor. Off we go looking around trying to figure out what is going on. It was me actually. I said us, but it was really me. Cause I knew the most about this stuff.  There were these processes that just continued to fork and I was trying to figure out why is it creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten rules of the internet about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine. You just send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.  I saw some of this stuff going on. I was trying to figure out what it was, but, we trusted everybody. So my mail server was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.  Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't then what they are today. In fact, one of our engineers just had to run out to a client who did something we told them not to do.  They were using the Sonic wall firewall on their network as well as they had our stuff. So we had a really good Cisco firepower firewall sitting there, and then they have this SonicWall so that they're people, remotely could connect to the Sonic wall firewall, because it's good enough. SonicWall says it's compliant. The SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.  So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's been really bad.  Boy, am I wandering all over the place?  Back to this, we would allow people to get onto our network to fix things.  If something was wrong, if we were misconfigured, they could help us and they could get on and do it because Sendmail configuration was not for the faint-hearted. In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story. I was trying to run a business where we hosted email for businesses, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.  That's what I wanted to do. That was my business.  Later on, I ended up helping 80% of my clients find the other web hosts after, these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago, went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working he was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He was hosting all of these 150 at a site, the charges, the eight to $10 a month for web hosting.  He had all of these sites on top of a machine that was already split up hundreds of ways. It's just amazing what people do.  Man alive.  We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get cheap, and see what happens to you. Some of them, we still maintain a good relationship with and so we help them out from time to time, right?  What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.  What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That to me makes a ton of sense. Why not do that?  This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added in this basically malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the biggest exploits that are being used by the bad guys right now is the security team's poor relationship with other employees within the organization.  I promise we'll get to this a little bit more and explain the bottom line here. What's going on and it goes back to this customer that we just had to run out to.  Why did they do what we told them not to do?  Stick around. We're getting into the battle between cybersecurity senior officers in companies, owners, business owners, and the, even the employees. There has been such a battle going on.  I saw two examples this week. Hi, everybody, it's a difficult world out there, but I find some comfort in listening to, of course, news radio. It keeps me up to date on what's going on. It helps me to really understand the world a lot better.  I mentioned that one of my guys just had to run out to a client who did something we absolutely told them not to do. They had been using this company that was a break-fix shop, I guess is the way you would put it. They had a business that would respond to problems and they charge by the hour. I think right now their hourly rate is like 160 bucks or something. It is not cheap, but anyhow, That they would sell people equipment and then move on, right? Your problems aren't my problems. Just leave me alone, go away.  It's a beautiful model because their employees at this break-fix shop don't have to understand much. They just have to know more than you do as a customer.  There's one level of understanding that you have, and for someone to appear to be an expert, all they have to do is have slightly more understanding.  That has bothered me so many times listened to the radio and they talk about somebody that's just this great expert, in reality, of course, they are not. But you don't know. That person talking about the expert doesn't know either because they just don't have enough knowledge. Of course, the person that's labeled the expert isn't going to say anything about it.  They were doing what most companies do, which is okay. We know we need a firewall, so let's get a firewall. They went out and they talked to this company and they did their Google research because of course, Dr. Google is an expert on everything.  Even with those differing opinions, you're going to go with the opinion that you like the best.  That's what they did.  They bought a Sonic wall firewall from this vendor, which was a break-fix shop. Now that's all well, and good. The sonic wall is not terrible stuff. They've got some amazing stuff as well. The problem is this device has been out of support for more than two years now. Even though they're not as advanced as some of the systems we can install, not that we always use the most advanced systems. It's not a bad, a little thing for a small business. We warned them that because they were using an out-of-date firewall that they could not get fixes for known vulnerabilities. Now that's a big deal too. Most people are not aware of the vulnerabilities that are on their machines. Do you go out every month and check the firmware versions on your firewall? You should be, even if you're a home user. Are you checking to make sure the firewall that the cable company provided you with is up to date, configured correctly? You've changed the password and the admin username, right? No?  Most people haven't. He hadn't, right. He didn't know. We told them we did a little research and said here's your problem.  That's part of his cyber health assessment. We told them what kind of firewall do you have? What's the version of software on it and we do that. We have a bunch of people that have asked for cyber health assessments. We've got them on a list because we're busy. So we have to schedule these and make them happen.  So we said, do not plug that machine in. Of course, what do they do? They plugged it back in again. So now all of a sudden this morning, we get a wake-up call from our monitors that are running they're on their  Cisco firepower firewall, where we have their extensive suite of additional software. This isn't just an off-shelf, Cisco firewall.  It's telling us that the SonicWall or something through our, via the SonicWall. Is going through all this customer's network. It's actually attacking the Cisco firewall from inside the network. Absolutely amazing. Why does that happen? In this case, the business owner, and it is a  very small business. It has about 5 million in revenue per year, I would guess.  It's a small business by every stretch. The owner just doesn't want to spend the money he doesn't absolutely have to spend. He's not looking at this saying I could lose all my intellectual property. I could get sued by these people. I could lose my clients who find out that their data was released. Their orders were released. Everything was stolen.  He looks at it and says, Oh wow. It's 200 bucks a month. Wait a minute guy, you have how many employees? You're worried about 200 bucks a month. I personally, I don't understand that. Why would you do that?  Now, you're in a poor country. Okay. I get it right. That's a lot of money to spend, but not here in the United States. Doesn't make sense.  A lot of this is really the reason I brought it up. It's showing how there is a disconnect between business owners, C-level people, and cybersecurity people. Basically, if you have less than 200 employees, you cannot afford to have your own cybersecurity team. It's impossible. It's way too expensive.  Then the numbers start to change outsourced cybersecurity, which is what we do.  We do this for this customer and. The in-house cybersecurity people, but we all have the same basic problem. The owner has a problem too, right? He has to weigh the costs of cybersecurity against the risks involved, which is what Equifax did.  What so many of these big companies do, right? There's this, the norm Equifax said it's going to be way cheaper to just pay out $10 million in fines. When we get fined by the federal government for losing everyone in the country's personal financial information then it is to do this or we're not going to bother.  Man, I'd love to see the smoking gun email on that, where they made that final decision, probably doesn't exist. They're smart enough to know that they would get sued and they have been sued because of this.  We've got another problem right now because of people working from home. I mentioned, in fact, this week, you should have gotten an email from me on Thursday. That was a little audio thing that I put together. We call these things, audiograms, and it's a kind of a video that'll play.  This particular one is about part of this problem. We've talked extensively about that water plant in Florida, that was hacked for lack of a better term. It might've been an insider thing. It might've been someone external, et cetera, et cetera. The reason it happened is that business, the water plant for a town of 15,000 people, which would be in a normal world, a small business. That small government operation was all of a sudden faced with lockdowns. What do we do? They didn't have a plan. They didn't have a business continuity plan, which is so important. I talked about it extensively last week as well. They had no way to manage this. So what did they do? They went out and bought team viewer licenses for everybody in the business. That put, well not the business, in this case, the agency, that put the agency at risk. That is putting our businesses at risk too, in such a big way. That's what the audiogram I emailed out on Thursday explaining this a bit.  So stick around. We're going to continue this conversation.   Of course,  you're listening to Craig Peterson online@craigpeterson.com. We have people working from home. We didn't really plan for this. We're doing it because of the lockdown. Maybe, you found that it's actually better for your business, from whatever angle. What are the risks here of people taking computers home? Hello. Everybody Craig, Peterson here. So glad to be with you today. Glad you're taking a few minutes out of your day as well to listen in.  Now I am very concerned about people using computers that they're taking home. I want to make a definition. Maybe there's a better way of saying this, computers that are used at home, home computers should never be used for work.  I'm going to explain why. Computers that are at work probably should not be taken home. We saw the example of this, just this last couple of weeks.  I was talking about this wonderful plugin that I've been using and recommending people use here for a very long time, called the Great Suspender. We've talked at length really about what happened there with the company being bought and then becoming evil, right? Just buying their way into 2 million people's computers.  Sometimes these Chrome extensions that are installed on personal computers get automatically installed and synchronized to your work devices. In fact, that's the default. If you log into Chrome and you're using Google Chrome as your browser and you log into it on your home computer, and when you log into your same account over on your business computer. All of a sudden, now it's syncing. It's syncing things like passwords, which you should not be having Google store for you. You should definitely be using a good password manager and there are a few out there.  If you're not familiar with them or don't know which one to use or how to use them. I have a great little special report on passwords and using password managers. I'd be glad to send it to you. Just email me@craigpeterson.com and I'll send that on-off, right? I'm not making a dime off of that. I want to make you safer.  I don't want to have happened to you what's happened to millions of Americans, including my best buddy who had his information stolen. I've been after him to use password managers. He never did it. I don't know why. Until his paycheck got stolen. Then he came over and I explained it and set it up with them and really helped him out. Maybe we should do a whole webinar showing you how to use these password managers, how to get them set up because it is a little bit tricky. It's certainly different than you're used to. Many people are using their browser Chrome in this example, to save passwords. When you go to a website, you'll automatically have the password there. Maybe you've got it set up so that it'll automatically log you in with all kinds of cool stuff. But there is a very big problem and that is that there is a huge risk with running these extensions, like the Great Suspender. The Great Suspender was approved by Google. It was in the Google store. You could download it from their app store. Absolutely free.   In January of this year in 2021, we had someone out on Twitter, tweet that there was a problem with the security on the Great Suspender. It had been changed. It was being used now to send ads out and other things. That's pretty, pretty bad. The extension wasn't banned until about a month later and you as an end-user had no official notification that this extension was potentially malicious.  Apparently, they could, with this malicious software they embedded, not just show you ad, not just insert their own ads to generate revenue onto the webpage as you were visiting, they could also grab files from your machine. That's a very bad thing.  Now, presumably, if you're at work, you have a team that's helping you outright.  The IT security team, there may be different teams and maybe the same person who also is the office manager, who knows. It does vary. Businesses cannot know what you're doing when you're starting to install those extensions and they are pushing their way onto your office computer because you're using the same Google account in both places. Now, despite the risks, of course, I installed this Great Suspender used it for years and I was pretty happy using it. I know many other people who were in the same boat. Security teams have some great tools. I mentioned my son who's one of our team members got called out to a client. During the break, I was just chatting with him briefly. What had happened is they plugged in this firewall we told them not to plugin. It was apparently hacked from the outside. It had known security vulnerabilities. He had not, this small business owner had not yet paid for maintenance on his little firewall, so he was not getting security updates. In fact, my team member looked at this and found that it had been three years since the firmware on his firewall had been updated. The bad guys got into his network through this secondary firewall, which we told them not to have not to plugin. Our firewall only noticed it because this malware started scanning everything on the network. Of course, it scanned two of our machines, one being the firewall.  Remember this isn't a regular firewall that we put in there. This is a firepower firewall with a whole bunch of extra software on top of it.  In our data center, we have some huge machines that are sitting there watching what's going on remotely. On our client's networks via that firepower firewall.  We started getting all these notices as to what was going on, but this is a great example. We're not updating some of that software. He had a security team and he ignored the security team. We were the security team. We're outsourced cybersecurity that's what we do, but that happens many times.  Many business owners and others look at the cybersecurity situation as having many different shades of gray. What should you do? What shouldn't you do? The teams that are working in these businesses, including us. We have to tell them, Hey, don't use that firewall. Do not plug it in. You don't need it. If you plug it in, it's going to make it way easier for some of your people to work from home.  This is not set up correctly and you're going to have problems. That's a difficult conversation to have with a business owner. We had it and he ignored it much to his peril. In this case, this one is hard to tell how much data was stolen from his business. The impact from this could last for months, and there could be investigations who knows what's going to end up happening here. That business owner and I, because I spoke to him as well about this whole situation before this particular event happened just about two weeks ago. In fact, that was a reminder cause they had plugged it in again. Six months before that we had told the business owner, you can't plug this thing in, you cannot be using it.  How do you do that? How do you let an impacted employee, somebody who's working from home, maybe using their own computer to do work for the business? How can you approach them and tell them, Hey, you cannot use Google Chrome?  You cannot save your passwords on your browser. You cannot install extensions. Even if you had a list of extensions today that were bad, that list is going to be out of date tomorrow, which is going to be a very big problem. Individual users do not have the ability to check this. Frankly, most businesses don't either. Again, that's why a business under 200 employees cannot afford to do this yourself. You just can't. This is a specialty.  We were talking yesterday with a prospect who had been brought to us by a break-fix shop and trying to get this concept through. We're going to talk a little bit more about that. What should you be doing? How can you pay attention? How can you even be safe in this day and age?  Hi everybody. Craig Peterson here. We've been talking about supply chain problems. That's a technical term for it, but the software that we rely on becoming evil, and what can we really do about it? Hello, everybody. You're listening to Craig Peterson.  How do you talk to a business owner and help them understand? That's a problem. Isn't it? Look at what happened a few years back with TJX stores. Them as maybe TJ max, that's one of their stores. They have a number of others. Their cybersecurity guys did something I have seen done before. That is, they went to the management of this massive public company and said, Hey, TJX, we need to get this hardware. We need to get this staffing. The hardware course pretty expensive and it sits there and it does much the same stuff. Even back then. Nowhere as good as today. It's exponential, as to how much better it gets every year, but it was good hardware.  It really could have stopped the hack that happened and it did.  Here's what it did. It noticed the hack was going on. The problem was they were able to say yes to the hardware, the senior management said yes. They got the hardware, but senior management would not get the security technicians that were needed to monitor and run that hardware. They were short-staffed.  That's another problem we're seeing. That's why the companies you're dealing with, whether it's Equifax, with who you do not have a direct business relationship with, and yet have all this information about you and sell that. Or maybe it's just some other website. That's why they lose your data. It's a real bad idea. The bad guys are just waiting out there just siphon all of your data. In many cases, when you're talking about a business and a business website, or even your home computer, they're looking to redirect you to malicious websites. What they'll do is for instance, again, the Great Suspenders' an example, that they claim it's been fixed now. With something like an extension or a plugin that you put in your browser, they could rather easily code it up so that you are going to a website that's malicious. It could look like Bank of America's website and you go there and you enter in your information. You put in your username, you put in your password, it asks you a security question. Maybe maybe not, but your username and password. Then it says incorrect. Then your screen refreshes while your screen just refreshed because you were not at the Bank of America, originally. You were at a malicious website and you entered in your username and password. Now the bad guys have your username and password to your banking system, to your login, to your bank accounts. They got that. That's all they needed. They didn't want you to know that this was going on so they just went ahead and redirected you over to the real bank website. Hence, the supposed reload.  It's a very big weakness here in how IT and security teams operate because too few security teams really can relate with the CEO and vice versa.  I've seen that all of the time with people working for me in cybersecurity, you've got a really good idea of what needs to be done, how it needs to be done when it needs to be done. To you, it's the most important thing in the world, right? You don't want the business to go under, you're going to lose your job, maybe your pension retirement plan is tied to that business. You don't want it to happen, but have you got the trust built up with the senior management?  Then how about the other side of this relationship? How about if you're a cybersecurity person? Even if, again, you're not a professional, you're just the person tasked with it in the office or you're the person tasked with it at home. How do you go to the other employees and tell them you can't use your Google Chrome account here in the office? How are you going to enforce it? How are you going to tell your husband or wife, Hey, that's dangerous? I don't want you installing any of these extensions on your computer. One of the really bad things that people do with their browsers is they put on these real fancy little extensions that give all kinds of extra wonderful information. It ends up as a toolbar and it lets you do searches on this site or that site. Maybe it keeps you up to date on the stocks that you have in your portfolio. You're telling hackers what stocks you own, really? It might be legitimate, right. But who knows? That's the problem. Something like that can really mess you up and send you to malicious sites. You know that your spouse is using that or your kids are using that. How do you talk to them? How do you solve those problems? It's a real problem.  There are some interesting tools that you can use, as professionals. There's a Slack channel I can send you to, if you're interested, actually, it'll be in the newsletter that comes out on Sunday. At least it should be under one of those articles. It is a problem.  Netflix, by the way, is really trying to help you out too. Not only did the Netflix security team provide some feedback for what's called the honest security guide, but it's also made some of its user tools, the tools that you might use at your home to find a movie, et cetera, it might help really to secure you.  Git Hub has this. It is called, this is a Netflix skunkworks, the stethoscope app. It's a desktop application created by Netflix that checks security-related settings and makes recommendations for improving the configuration of your computer. It doesn't require central device management or reporting. You can have a look at that. If you are interested, let me know. I can probably point you in the right direction to the stethoscope app. That's what we want to see in this honest security guide. You'll find it online. At honest security is a guide to your devices, security, which in the biz we call endpoint security and it is cool. You can run through all of this list is a big checklist and talking about why honest, and they're saying dishonesty stops you from doing the right thing.  That's why in my courses, I spend a lot of time, more time in fact, on the why than the how.  I want you to understand honestly, why you should or should not do something. There are so many people who are out there yelling and screaming, jumping up and down. Particularly your antivirus companies. You fake VPN companies who are trying to get you to buy their products that not only do not need in most cases but will actually make your computer less secure.  So we have to be careful about all of this stuff. We have to make sure we are talking. We've got to have a trust relationship set up with the owners of our business. Cause you guys, some of you, I know own businesses, some of you work for a business. We've got people listening to this all over the world and every continent I've even seen a listener down in Antarctica.  I really can say every continent. It's important that we know how to work with our fellow employees, with our management, with our family members, to help them to know what they need to do.  There is no time to wait. We have never seen as many attacks as we're seeing now. We've never seen the government using its resources to attack us more than we have now. We've never seen more billions of dollars stolen per year by the bad guys. There are some basic tenants that you can follow that will make you way more secure. And that's why you're listening. That's why I go through some of these things to help everybody understand.  That's also why I go ahead and make sure that I answer your emails. If you have a question, make sure you go ahead and ask. You can just email me at me@craigpeterson.com. If it's something urgent, I have a form on the bottom of my homepage  @craigpeterson.com. You can give me a little bit more information. I tend to keep an eye on that a little bit better than my general email, although I do use some amazing email software that helps me to keep track of the real email and get rid of the spam and put things in boxes and stuff  craigpeterson.com. It's that simple email me me@craigpeterson.com. If you have questions.  I hope that Google is going to continue to improve itself. I love the fact that they found out that this one extension was malicious. For those of you who might've just tuned in, we're talking about something called the Great Suspender something I've used for years, it became malicious, but they need to do more.  As people who are concerned about security, we just can't wait for the next incident. Just again, this client of mine, who we've been warning about this for months, he's stopped doing what we told him to do, and then decided well it's just too difficult. That's something we hear a lot from businesses. Oh, it just hampers the work. It hampers it because now we have to get permission from it in order to mount this particular drive or gain access to those files or materials. Yes you do, because we have to stop the internal spread of all of this malware and all of these hackers.  It is absolutely worth it.  All right, everybody. Thanks again for joining me today. I really hope you've been enjoying this. I have years' worth of podcasts out there and you'll find all of those at craigpeterson.com/podcast or on your favorite podcast platform.  If you subscribed under iTunes, you might've noticed, ah, yeah, I just released a whole batch there too. I expressed concerns about owning an Apple watch. I held off for a long time. I want to talk about these devices now, the security concerns, but also the amazing health tools that are built right in. Hey, welcome back. This Apple watch is really fascinating. It has been around now for six generations. There are a number of other watches that have had, or tried, I should say, to compete with Apple. They haven't been very successful. You might've noticed that. I have a friend that bought some watches for his family and to him that monitor all of the basic vitals and record them and send them up to his phone. It's a 20-ish dollar watch. He got it from South Korea probably are parts made in China, but it is an inexpensive watch and it does some of the basics at the other end of the scale. Let's have a look right now. I'm going to go to apple.com online, and we're going to click on watch. Here we go, Oh, my they've got special watches so you can buy their watches. It looks like the new one, the Apple watch series six for starting at 400 bucks or they have two different sizes. . They have a more basic watch called the Apple Watch SE that starts at about $300. You can still get the Apple watch series three. Now, these all can monitor high and low heart rates. They can give you irregular heart rhythm notification, but it's only a-fib atrial fibrillation, I think is the only one they can monitor, but all three of those can monitor that. As I said, my buddy's watches, he got for his family at 20 bucks apiece are able to do most of that as well.  These are water-resistant to 50 meters, which is really cool. The series six also has an ECG app. That is very cool. You open the app, you put your finger on the crown of the watch and it gives you an EKG right there on the watch and it feeds it to your phone. On your phone, you can turn it into a PDF. You can share it with your doctor on and on. It's just amazing. It's a three-lead type, I was in emergency medicine, right? A med-tech EMT, EMT-PD can't remember. I had a whole bunch of different certifications back in the day. But it's fantastic for that. It also has a blood oxygen app that monitors your blood oxygen levels. It ties all of this into their new exercise app, which is amazing. That ties into your phone or your iPad.  I will go down in the basement onto the treadmill and I'll select your treadmill workout.  It has dozens of them. Have you seen this really fancy treadmill? A couple of years ago they got in all kinds of trouble because they advertised it around Christmas time and apparently this woman really wanted a treadmill and she got one and she was all excited. All of these people jumped out of the woodwork. All your you're saying she's fat, et cetera. No, she wanted a treadmill. These are amazing treadmills because they have built into them. These streams and you can join classes, et cetera. With the Apple Watch, my iPad, and a subscription to this iHealth app, which you can get as part of this Apple plus thing you can buy for 30 bucks for the whole family, 30 bucks a month.  I don't know how many I have seen probably a hundred different workouts on there.  It has different workouts, different types of weightlifting, running, jogging, treadmills, elliptical machines, everything.  You can pick your pace. You can pick your instructor, you can pick everything. Then your Apple watch is monitoring your body. As you're working out. So it's telling you how many calories you've burned. What's your heart rate is to help keep your heart rate in the best range for you, depending on what kind of a workout you're doing. It also lets you compete against other people. Does this sound like an ad for the Apple watch?  You can compete with other people your age doing the same workout and see where you're at. I was really surprised because typically I am at the front of the pack when it comes to my treadmill workouts. That's really cool as well. Those are some of the basics. There are other things too, that Apple is doing. We've found, right now, that Mount Sinai just came out with an announcement and they said that the Apple watch can predict COVID 19 diagnosis up to a week before testing can detect it. Yes. Isn't that something? Not only can the Apple watch help with certain heart arrhythmias, but it can predict that you have COVID-19 too a week before testing normal testing. Those swabs can find it out.  This is from the journal of medical internet research, which is a peered review journal. And they found that wearable hardware and specifically the Apple watch can effectively predict a positive COVID-19 diagnosis up to a week before the current PCR-based nasal swab tests. They called this the warrior watch study. They had a dedicated Apple watch and the iPhone app, and they had some participants from the Mount Sinai staff and it required, of course, these staff members to use the app to turn on the health and data monitoring and collection, and also asked them to fill out a survey every day to provide some feedback about their potential COVID-19 symptoms. As well as other things like stress can obviously make your heart rate, go up your blood pressure, go up, et cetera. Oh. By the way, Apple, supposedly the rumors are, we'll have a BP sensor in the Apple seven that'll be out later this year, most likely.  So they had several hundred healthcare workers and the primary biometric signal. I know that the studies authors were watching was heart rate variability. This is fascinating to me because it's something that I learned about fairly recently. Then when I got my Apple watch, I read up more about this, but basically, heart rate variability is what it sounds like. It's your heart rate. Let's say your heart is beating at 60 beats per minute. It is not beating once every 10 seconds.  It is not beating once a second. Your heart rate will vary over the course of that minute. If you're healthy.  Obviously, a beat every 10 seconds isn't 60 a minute. Let's use that as an example. Somebody who's almost dead and has six beats per minute. The first heartbeat might be at 10 seconds. The second heartbeat might be at 22 seconds because your heart is supposed to vary its rate of contractions based on immediate feedback. It's not just that you're going out in your running and now you've driven up your heart rate and you're doing your cardio and it or you just walked up a flight of stairs or you stood up, which is another test, by the way, what we're talking about here. You might just be sitting there, but your cells have a different need for oxygen or for the blood. The heart slows down slightly or speeds up slightly.  This heart rate variability is something built into the Apple watch and into the iPhone app that you attach to the Apple watch. Isn't that useful without an iPhone, frankly? Then you can look at your heart rate variability right there.  They said, combining that with the symptoms that people reported, these Mount Sinai staff, that the symptoms that they reported that were associated with COVID-19 including fever, aches, dry cough, gastrointestinal issues, loss of taste and smell corresponded with changes in the heart rate variability. I thought that was just absolutely phenomenal because heart rate variability is considered to be a key indicator of strain on your nervous system. COVID-19 obviously is going to put a strain on the nervous system. Just very neat.  It says here that the study was not only able to predict infections up to a week before tests provided confirmed diagnosis but also revealed that participants' heart rate variability patterns normalized fairly quickly after their diagnosis or turning to normal run about one to two weeks following their positive tests. That's from a TechCrunch, that particular quote.   I am very excited about this, but I am also on the concerned side. I'm concerned because they are collecting vital data from us. All of the major companies, Google and Microsoft and Apple want to be the company that holds all of your personal medical records. We're going to get back to that when we come back here. What is happening? How is your doctor managing your medical records? I was really shocked to find out how that industry is working.  Of course, you're listening to Craig Peterson. Check it out online. Craig peterson.com. Welcome back. What are you doing? Are you asking your doctor how they are handling your medical records? Because I think you probably should based on what I learned just this week. Hi everybody. Craig Peterson here. Thanks for joining me.  We were just talking about health. We're talking about the Apple watch and the fact that there's a lot of competitors out there, some of them, a fraction of the cost. If you buy the Apple watch on terms, you're going to pay less in one month's payment on terms to Apple than you would for some of these other watches out there, but Apple watches do have more features.  Mine even has a built-in cellular modem. Even if I don't have my phone with me, phone calls come through to my watch and text messages, and I can respond and answer. It's really nice. Medically I am very impressed. It has been good at motivating me to do some exercise, to get up, and about just to do a bunch of things I had never, ever done before. Consider that.  It is collecting our data. Apple now has potential access to all of my cardiac data. They've got EKGs that I have run on my watch. They know about my heart rate. They know how often I exercise, and how hard I exercise when I exercise. They know all of this stuff about me. I had a conversation with someone just saying why does that matter? Maybe it's Apple, maybe it's somebody else. Why does it matter?  It does matter. Think about an evil genius, right? The thing about somebody that might want to target Americans and might want medical information about Americans. They can gather it in a number of different ways. We're going to talk about medical records here in a little bit. One of the things they could certainly do is grab all of our watch data. Some of these watches, including my Apple watch, have GPS built into them. When you're out running or jogging, you know where you went, you can plan your route and it'll remind you, Hey, turn here, turn there. That's one of the things I love about the Apple Watch when I'm using it with Apple maps out driving, it taps me on the wrist and reminds me, Hey, in 500 feet, you got to turn.  If I look at the watch, it'll even show me the turn I need to make coming up in 500 feet. It's really amazing. All of this information is being compiled and hopefully, it's being compiled by a company that we can trust. At this point, we can probably trust Apple. Hopefully, they're not going to be broken into. Now, their margins or profit is high enough that they certainly can afford a security team, one capable of defending them and defending our data. I hope they are. I suspect that they are for the most part. How about some of these others? We know Google, for instance, is in the business of collecting and selling our information, is having all of our medical information. Not just the stuff from our watches, but the stuff from our doctors. Are they to be trusted with that kind of information? Going back to that bad guy, that mad scientist we can, and probably do engineer viruses that are targeted at specific things. In fact, the Russians have been doing it. The Soviets' started it, they came up with a phage. That can attack certain viruses and it acts like a virus it gets in and does this little thing. We've got right now, these COVID-19 vaccines and they act like a virus they're messing with, well effectively, the DNA. In fact, it's the RNA, but it's pretending, Hey, I got a message from the DNA, here it is.  What if a bad guy knew that are a certain population in a certain area, and that area was right by this important military base or whatever they came up with something that would target them and they'd have all of the data to do it now. That's obviously an extreme example. A more common example would be that your medical data is there. It's being sold to advertisers and you're going to end up with something.  For instance, there's a company, very big company out there and they sell baby products. What they did was they tracked and they bought this information, but they tracked women who were purchasing certain things. Now, they weren't purchasing things that were directly related to having a baby, right? They weren't purchasing diapers or little jumpsuits or whatever it is. They were purchasing things that were not directly related maybe people wouldn't even think they were typically related to having a baby. Yet they were able to figure this out. They got that good with the data.  So they thought, Oh, okay let's get wise here. Let's send out a postcard, congratulating them on their pregnancy and offering them a discount on something. Yeah. Not a bad idea, frankly.  However, in this case, some of these moms I hadn't told anybody that they were pregnant yet and didn't want to tell anybody that they were pregnant yet. It fell on its face. Didn't it?  How about these ambulance-chasing lawyers that are out there? Are they going to want to gain access to this, to your medical records?  How about your employer? Your employer wants to know I'm going to train this person. Hopefully, they'll stick with us for a while, but is he going to be a burden on our medical plan? Keyman insurance, health insurance, life insurance. Have access to everything about you. That's what really concerns me about these, all of these devices.  Right now, pretty confident that I can give Apple this information and they will keep it pretty safe. But, I said the same thing about the Great Suspender, right? I don't know about the future.  Then I found something out this week that was in my mind extremely disturbing. We have a new clinic that we've picked up as a client. They needed to have security. They had a couple of little security issues. They were worried. They knew they were not HIPAA compliant. They approached us because they know that's what we do is cybersecurity and audits and remediation. Fixing the problems. We pick them up. They're a client. We're in there. They had told us in advance that all of their medical record systems were on-line. It was on the web. All they needed was a web browser to run their business. Okay. That could be a problem. It might be okay. The medical records manufacturer might have good security on all of the records. So we may be safe, although in HIPAA unless you have a business process agreement in place with that vendor if that data is lost, it falls back on the doctor's shoulders. Anyhow, what I found out was, first of all, it wasn't completely web-based, which just shocked me. I'm not talking about they have to scan records or they got the x-ray machine or whatever. It really wasn't web-based and secondarily the company they were using for the medical records was a free service.  The doctor, that clinic, was not paying for their medical records management software.  The way it works is this medical records management company when the doctor prescribes something when the doctor performs a procedure and bills and insurance company, it's all done through this one company and that company takes a chunk of their money. In some cases we found seems to have been inflating the bills that went off to the insurance companies and that, as it turns out is a common practice in the industry. According to the doctors at this clinic, I was shocked, amazed.  Something you might want to look at. Ask your doctors where are your records kept and are they secure? Now we had HIPAA. We thought that would secure it, but it doesn't.  Stick around. Hey, we got a name now for what happened to the Great Suspender and QR code scanner apps over on the Google stores. One at Google Play, the other one over on the Google Chrome store. It's become that popular. Hey, everybody, I wanted to mention this whole new category of malware really, and they're calling it, right now, Buy to infect. What happens is a bad guy, a malware guy buys a legitimate app and then starts infecting it.  We know, obviously, about the one that I've been talking about a lot the Google extension that I used to use all of the time, the Great Suspender. I mentioned this one a few weeks ago, it's called QR code scanner. It's been on the Google play store for a long time, had more than 10 million installs and then all of a sudden it became malicious.  This is a little bit of a different angle on it because, with the Great Suspender, the ownership of that software actually transferred to somebody. With QR code scanner, they were working on a deal with a company and this company wanted to verify the Google play account for QR code scanner. This is all according to the owner, the original owner of QR code scanner.  They said that what had happened is part of this purchase deal. I let them have a look and gain access to the software's key and password prior to purchase so they could confirm the purchase, which doesn't sound too bad. Apparently, as soon as they got a hold of the software's key and password, forget about the purchase, we're going to start infecting it right away.  It ended up getting that app, the QR code scanner app, pulled right from the Google play score store. Of course, now you don't need that quite as much because most of the phone apps when you go to take a picture, the camera apps have built into them, a QR code scanner.  I thought that was fascinating what they did. They totally cheated the company. They didn't even bother buying it. So a little word for the wise out there.  Got another Apple story cause this is showing how the computer industry is really shifting. We've talked about some of the shortages of chips and the shortages of computer chips are so bad that General Motors has had to shut down two-thirds of its manufacturing lines in at least one plant.  Every major automobile manufacturer is having problems making cars because they can't get the chips.  Remember nowadays, a car, a truck is essentially just a computer on wheels. Not really actually computer on wheels. It's really dozens of computers all linked together with a network on wheels.  Apple has been worried about that, right? Supply chain. That's one of the things you're supposed to worry about as a public company. What are the risks going forward including to my supply chain? Obviously your supply chain matters. You gotta be able to make something you need parts, right?  Apple has been upset with Intel for a while. You might remember Apple. When it first came out, was using a Motorola chipset, which was exceptional much better than the Intel chipsets.  Of course, that's my opinion, a lot of people agree with me. You had the 68000, 68010, and 20, et cetera. Very good chips.  When Apple started getting into the laptop business, that's when the problems started to happen.  These Motorola chips gave off a lot of heat and used up a lot of electricity.  At the time Apple looked around and said our only real alternative right now is Intel. Intel has a whole line of chips, different speeds, and they have mobile chips.  Those mobile chips use much less power than the Motorola chips for the main CPU.  They also use less battery. Those two go hand in hand and generate less heat. That's it all goes hand in hand. So they said, we'll start working with Intel. They did. Intel really disappointed them more than once, which is a shame. They disappointed them with the 64-bit migration. AMD, advanced micro devices, beat Intel to the punch. Shockingly Intel started making AMD compatible CPUs right. The 64-bit extensions to the CPU were AMD extensions. They had problems with some of their other chips as well. Mobile chips getting the power usage under control, the heat dissipation problems under control, and they never really lived up to what Apple was hoping for. What everybody in the industry was hoping for. In many ways, Intel has been a huge disappointment, which is really a shame.  We'll look at what they did to the industry, with these predictive instructions, the hyper-threading, and stuff. Where bad guys were able to bring a computer to its knees.  What does Intel say? Here's a firmware patch you can apply to our CPU, those little CPUs you pay upwards of $2,000 for a piece for one chip.  Those CPU's and by the way, it's going to, cut its performance by a minimum of 20%, maybe 50%, that's okay. What are you kidding me?  A lot of people were upset with Intel and Apple and Microsoft and everybody released patches that use the new Intel microcode. You might've noticed when this happened a couple of years ago that your computer slowed down. I certainly noticed, actually, it was little more than a year, anyway, I noticed it because I own a data center. That has a lot of Intel chips in it where we're running mostly Unixes, Linux, and BSD, but we're also running Windows. So the only way to work around this bug was to apply the patch and slow everything way, way down.  Imagine how Apple and Google felt with their huge data centers. IBM too. IBM has Intel-based data centers, as well as its own chips, and boy talking about phenomenal chips, as far as processing power goes, IBM, man, they are still the leader with the power chips and their Z series. That just wow. Mind-blowing.  Most of us are stuck in the Intel world. Apple said we can no longer trust Intel. So what are we going to do? Apple said we've been developing this chip for a long time. Apple took the chip design, they licensed it from this open sourcee type of company that has a number of members. They took this arm architecture and were able to improve it, and keep adding to it, et cetera.  They're still part of this Alliance. They started using these in their iPhones. The iPhones have been using these chips the whole time and they started improving them after they released the first iPhones.  Intel didn't really get them upset until a little later on, too. They came up with newer ones, faster ones, better ones, right to all of these A10 their bionic chips. They've got AI chips, machine learning chips, all Apple designed. Chips, of course, manufactured by third parties, but that's what Apple is using.  Apple has now said we expect all of their Macintosh computers to be based on Apple's CPU within the next two years.  There's already some really good ones out there right now that people like a lot. We've been using them with some of our clients that use Apple. Not everybody has had great luck with them, but Apple is not only ditching Intel, that's not the big story here. Apple's got some job listings out there looking to hire engineers.  So when we get back, we'll tell you more about what Apple is doing and what frankly, I think the rest of the industry should look at. Guess what? They are. It's been Intel versus the rest of the world. They've been winning for years in many categories, but now they're starting to lose, as major manufacturers are starting to leave Intel behind. But there's more to the story still. Hi, everybody.. Craig Peterson here. Thanks for tuning in. We're glad you're here.  In the last segment of the day, I want to point everybody to the website, of course. You can get my newsletter. It comes out every Sunday morning and it highlights one of the articles of the week. It gives you a pointer to my podcast. So you can listen right there. There's just a lot of great information. Plus I'm also doing little training. I'm sending out, hopefully, next week, two little training sessions for everybody to help you understand security a little better, and this applies to business. However, it's not. Strictly business, much of what I talk about is also for home users. So if you want to go along for the ride, come along, we'd be glad to have you. There's a lot to understand and to know that you won't get from anywhere else. It's just amazing. Many other of these radio shows where they are just nothing but fluff and commercials and paid promotions. I'm just shocked at it. It goes against my grain when that sort of thing happens. Absolutely.  We were just talking about Apple and how Apple got upset with Intel, but they're not the only ones upset. We also now have seen a lot of manufacturers who have started producing Chromebooks and surface tablets that are based on chip sets other than Intel's. This is going to be a real problem for Intel. Intel has almost always relied, certainly in the later years has relied on Microsoft and people bought Intel because they wanted Windows. That's the way that goes. It's just like in the early days, people bought an Apple too, because they wanted a great little VisiCalc, the spreadsheet program.  Now, what we're seeing are operating systems that do not require a single line of Microsoft software. Google Chrome is a great example of it. Linux is another great example and people are loving their Google Chrome laptops, and you can buy these laptops for as little as 200 bucks. Now you get what you pay for and all the way up to a couple of grand and they don't have a line single line of Microsoft code. Yet you can still edit Word documents and Excel documents, et cetera. They do not contain any Intel hardware. What was called, well, they might have a chip here or there, but not the main CPU. What used to be called the Wintel monopoly. In other words, Windows-Intel monopoly is dying. It's dying very quickly.  Apple is not helping now. Apple, they've had somewhere between seven and 10% market share in the computer business for quite a while. Personally, I far prefer Apple Macintoshes over anything else out there by far.  I use them every day. So that's me.  I don't know about you. There's a little bit of a learning curve. Although people who aren't that computer literate find it easier to learn how to use a Mac than to learn how to use Windows, which makes sense.  Apple has really done a great job. A bang-up job. With these new chips, it's getting even faster. We are now finding out from a report from Bloomberg who first started these, that Apple has been posting job listings, looking for engineers to work on 6G technology. 6G, right now we're rolling out 5g, which hasn't been a huge win because of the fact that if you want really fast 5g, like the type Verizon provides, you have to have a lot of micro-cell sites everywhere. They have to be absolutely everywhere.  Of course, it's just not financially reasonable to put them up in smaller communities. If the Biden administration continues the way they're going with the FCC and the open internet type thing of a-bits-a-bit, then there will be no incentive for any of these carriers to expand their networks because they can't charge more for better service. If you can imagine that. Ajit Pai fought against that for many years, Trump's appointee as chairman to the FCC, but things are changing. The wind has changed down in Washington, so we'll lose some of those jobs and we're not going to get all of the benefits of 5g. If he keeps us up. 6G is coming.   What that means is Qualcomm, who is the manufacturer of record for most of the modems that are in our cell phones. Qualcomm has also missed some deadlines. Apple is tired of dependencies on third parties because Qualcomm might have somebody else that buys way more chips. It might be able to sell the same chip to the military of whatever country for a much, much higher price. They can sell it to consumers. Maybe they just change the label on it and call it a mill spec, and often goes right, who knows? What they're doing out there, but Apple doesn't want to do that anymore. They are looking for engineers to define and perform the research for the next generation standards of wireless communications, such as 6G The ads say you will research and design next-generation 6G wireless communication systems for radio access networks with emphasis on the physical Mac L two and L three layers. Fascinating, eh? What do you think?  I think a huge deal as Apple continues to ditch, many of its vendors that have not been living up to the standards Apple has set.  Apple has moved some of the manufacturing back to the United States. More of the assembly has been moved here. The manufacturing, it's starting to come back again. We'll see the Trump administration really wanted it here.  We need it here, not just for jobs, we needed it here for our security. We've talked about that before, too, right? I want to also point out speaking of Apple and manufacturing, China, of course, does most of it for Apple and Foxconn is the company in China that makes almost all of this stuff for Apple. It's huge. Foxconn owns cities. Huge cities. They have high rises where people basically don't see the light of day, these high rise factories. You live there, you eat there, you shop there, you work there.  Like the old company store who is it, Tennessee Ernie, right? Owe my soul to the company store. That's what's happening over there. And Foxconn has kept its costs low by bringing people in from the fields, if you will, out there being farmers and paying them extremely low wages. On top of all of that, in some cases they're using slave labor. I found this article very interesting, from Ars Technica's, Timothy B. Lee. He's talking about a potential partnership between Apple and Nissan. Let me remember. I mentioned Apple talking with Kia and Kia is denying it. The financial times reported on Sunday that this potential deal between Apple and Nissan fell apart because Apple wanted Nissan to build Apple cars, they would have the Apple logo on them. They all be branded Apple. It wouldn't say Nissan unless you took something seriously apart you might find it inside.  Nissan wanted to keep the Nissan brand on its own vehicles. Bloomberg reported last week that the negotiations with Kia and of course its parent companies Huyndaiin South Korea had ended without a deal. The Financial Times said that Apple has also sounded out BMW as a potential partner because Apple doesn't make cars. So how are they going to do this? Apparently the talks faltered with Apple and Nissan because Nissan had a fear and apparently this is true of Kia too, of becoming quote the Foxconn of the auto industry, unquote, which is a reference to this Chinese well it's Taiwanese technically, but a group that manufacturers are while actually assembles the iPhones. Fascinating. Isn't it fascinating.  When you start to dig into this self-driving technology and the numbers behind it, that's where you wonder, why is Apple even trying at this point, Apple's test vehicles only traveled 18,000 miles on California roads. Between 2019 and 2020, or over the course of about a year, late in both years. 18,000 miles in a year. Heck, I've done that before with my own car.  Waymo, which is Google's self-driving project put on more than well, about 6

From smartphones to Teslas; the economics of cheaper batteries and why they're good news for the planet. By Timothy B. Lee.

From smartphones to Teslas; the economics of cheaper batteries and why they're good news for the planet. By Timothy B. Lee.

California remains Ground Zero for autonomous vehicle testing, notwithstanding its regulatory scheme that requires companies that wish to test autonomous vehicles to obtain a permit and to file annual reports of “disengagements” experienced during testing. It’s a thoughtful approach that yields more information than the Department of Transportation’s “encouraged” annual safety report. Host and litigator Zach Adams discusses the just-released disengagement reports for 2018. With over 40 companies now testing, this is a rich field. We unpack the Apple disengagement reports in particular depth and chew on Timothy B. Lee’s provocative article about Waymo’s strategy. Finally, it has been a record-breaking month for autonomous vehicle companies with more than $1.6 billion raised in February 2019, and Tod discusses TuSimple and Nuro’s successful raises.

Ars Technica's Timothy B. Lee gives me odds on my self-driving car wager. Sponsor: Eero.com/ride promocode: ride

Without action by Congress, a whole class of copyrighted works will fall into the public domain next year. And yet, Big Content isn't fighting to stop it. Timothy B. Lee of Ars Technica discusses why. See acast.com/privacy for privacy and opt-out information.

The digital revolution is generating massive amounts of information. And while this big data certainly benefits researchers and consumers, it also poses significant privacy concerns. In this WooCast episode, Tim Lee of Vox interviews Princeton professors Prateek Mittal and Matt Salganik about the benefits, risks and concerns related to big data. This episode is part of a series featuring moderators and panelists who will participate in the Princeton-Fung Global Forum: “Society 3.0+: Can Liberty Survive the Digital Age?” The conference, to be held March 20-21 in Berlin, is being organized by the Woodrow Wilson School of Public and International Affairs. Timothy B. Lee is a senior correspondent at Vox.com, where he covers technology and economics. He previously covered technology policy for The Washington Post and Ars Technica. He holds a master's degree in computer science from Princeton. Follow him on Twitter: @binarybits Prateek Mittal is an assistant professor in the Department of Electrical Engineering at Princeton University, where he is also affiliated with the Center for Information Technology Policy. His research aims to build secure and privacy-preserving communication systems. His research interests include the domains of privacy enhancing technologies, trustworthy social systems and internet/network security. His work has influenced the design of several widely used anonymity systems. Matthew Salganik is professor of sociology at Princeton University, and he is affiliated with several of Princeton's interdisciplinary research centers including the Office for Population Research, the Center for Information Technology Policy, the Center for Health and Wellbeing and the Center for Statistics and Machine Learning. His research interests include social networks and computational social science. He is the author of the forthcoming book "Bit by Bit: Social Research in the Digital Age."

Tesla's real problem isn't that its cars are expensive. It's that they're unreliable. By Timothy B. Lee with Edward Niedermeyer.

Tesla's real problem isn't that its cars are expensive. It's that they're unreliable. By Timothy B. Lee with Edward Niedermeyer.

Elite coastal cities appear at odds with businesses trying to bring in talent. Timothy B. Lee, a writer at Vox, discusses the housing issues that pit homeowners against the demands of industry. See acast.com/privacy for privacy and opt-out information.

In the last GOP debate, Rand Paul discussed the harm the Fed does to the ordinary person. As usual, the Left -- you remember, the people who supposedly "question authority" -- leaped to the defense of an longstanding institution. The prize for the most juvenile and uncomprehending analysis, though, goes to poor Timothy B. Lee of Vox. There is nothing left of Timothy by the end of this episode.

Everyone seems to be talking about Bitcoin these days. But just what is Bitcoin—and what are cryptocurrencies in general? How do they work? Are they money? Will we all be sending and receiving payments in Bitcoin in the near future?Trevor and Aaron sat down with Timothy B. Lee to try to answer these questions.Lee is a senior editor at Vox where he covers technology. Previously he was a technology reporter at the Washington Post. See acast.com/privacy for privacy and opt-out information.