FLOSS Weekly 713 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Doc Searls (00:00:00):
This is FLOSS Weekly. I'm Doc Searls, and on this show we ring in the new year with a round table of Jonathan Bennett, Catherine Druckman, myself and himself, Leo Laporte, who is fabulous, as we all know, it's a great show. We cover lots and lots of topics, and that is coming up next
Leo Laporte (00:00:23):
Podcasts you love from people you trust. This is TWIT.
Doc Searls (00:00:31):
This is FLOSS Weekly, episode 713, recorded Wednesday, January 4th, 2023. Let's put thoughts on the blockchain. This episode of FLOSS Weekly is brought to you by Fast Mail. Reclaim your privacy, boost productivity, and make email yours with fast mail. Try it free for 30 email@example.com slash twit. Fast Mail is also giving twit listeners a 15% discount on the first year when you sign up today. And by Kolide, that's Kolide with a K Kolide is an end point security solution that gives it Teams a single dashboard for all devices, regardless of their operating system. Visit Kolide.com/floss to learn more and activate a free 14 day trial today. No credit card required. Hello again, everybody everywhere and welcome to the new year. I am Doc Searls. This is FLOSS Weekly, and I am joined today by a bunch of people who appear on the screen now. Jonathan Bennett, Katherine Druckman, and Leo himself. Laport, who <laugh>,
Leo Laporte (00:01:41):
Former host of FLOSS Weekly.
Doc Searls (00:01:43):
Just, just, just just got here
Leo Laporte (00:01:45):
A long time ago, about a hundred years ago, you
Doc Searls (00:01:47):
Recruited me for this gig, which is going, I'm going in my third year now, I think, Leo, isn't
Leo Laporte (00:01:52):
That amazing? Amazing how fast that goes. I, we've been really thrilled. I started it and then brought on Krista Bonna, who is was the open source guy. Oh, yeah. And then I got tired of it. Chris did it for a while, and we brought in Randall Schwartz, who hosted it for many years, I think almost a decade. And then about three years ago, I called on Mr. Surs and what a good choice that was. And you dragged along Catherine and Jonathan with you, which
Doc Searls (00:02:15):
Was, which was, I think Jonathan Brilliant. Was already here. It was brilliant. Jonathan predates me.
Leo Laporte (00:02:20):
Oh, Jonathan was filling in for a Randall, but did That's right.
Doc Searls (00:02:22):
That's right. I did drag Katherine. Yeah. And Sean
Leo Laporte (00:02:26):
Doesn't show. And Sean. Yeah.
Doc Searls (00:02:27):
Yeah. And Sean. Yeah, Sean. Sean came from We're, we're, we're Linux journaled in exile. That's what, that's what this is.
Leo Laporte (00:02:35):
<Laugh> not so much in exile anymore. I mean, Lennox is this is it, the year of the Lennox desktop.
Doc Searls (00:02:43):
<Laugh>. It, it's the, it's the, it's the 25th running year of the Linnux Dress style, I think
Leo Laporte (00:02:50):
Running in dock. How many covers did you do on the Linnux Journal? <Laugh>?
Doc Searls (00:02:55):
I, I have back here. Wait, right over there. There's a stack of Linnux journals. And probably if I started flipping back through them, <laugh>, I'd probably find five of them at least. Absolutely. Something like that. But we, but we have it. And so let, let's get into it. I I'll start with Jonathan, cuz he set the most, I thought, the best prep <laugh> what, what, and I, I'm not so crazy, but certainly, what do we look forward to more than what do we, what just happened in the last year? There are too many retrospectives <laugh>. So, what's prospective we're happening now that we have to live through?
Jonathan Bennett (00:03:31):
Well, the big thing that's happening right now, do we want, do we wanna talk about cryptocurrency right out the gate? Bitcoin and Ethereum and all
Leo Laporte (00:03:39):
That? Oh gosh. I was hoping this would be the year we could stop talking about it. <Laugh>
Jonathan Bennett (00:03:43):
<Laugh>. Well, it may
Doc Searls (00:03:45):
Be the last, first, the next five annual years of the cryptocurrency boom. Yeah. Right. This, yeah.
Jonathan Bennett (00:03:51):
So crash. Actually, I, I have an interesting take on that. There was, there was a crash. There's ftx, which was kind of the poster boy. It, it was, it was the, the big corporation that was doing cryptocurrency. Right. And come to find out, no, it was a pyramid scam and money laundering scheme. And the, the c e o has now been brought up on charges, and there's a lot of kind of fallout from that. And a lot of people wondering what's gonna happen with crypto? It's like some of the shine has been knocked off of it. And then you've got Ethereum moved from proof of work to proof of stake, which I think is probably a really a good thing for cryptocurrency going forward. So, you know, rather than burning billions and billions of CPU and GPU cycles, it's, it's, now it's different. It's, it's the, oh, I forget exactly how it works, but it's like out of the pool of people that own it 10 get chosen for Yeah. They don't do
Leo Laporte (00:04:39):
It. Yeah. They don't do a competition. They do a contract. You know, I to say
Jonathan Bennett (00:04:44):
Just recently this
Leo Laporte (00:04:45):
Year is, the last year was the year we learned that cryptocurrency was used primarily for scams and ransomware. I think.
Jonathan Bennett (00:04:52):
Leo Laporte (00:04:53):
No, I'm serious. Yeah. Yeah. I think that not only is the shine gone, but any sensible inve investor now knows it was purely speculative. And, and really the only thing it empowered were Ponzi schemes and ransomware attacks without that ransomware would be a fraction of what it is. If you still had to go down to the 7-Eleven and buy cash cards to pay up your ransomware, it wouldn't be a problem.
Jonathan Bennett (00:05:20):
Leo Laporte (00:05:22):
And I'll give you another one. I'll give you another one. This whole blockchain thing, cuz people always say this to me, they say, well, yeah, cryptocurrency. Yeah. Okay. But blockchain, or there's some underlying technologies that are great blockchain, and this audience understood stands this better than anybody else. It's just a Postgres you know, distributed, it's a distributed database. And somebody was so big deal, right? And somebody was, somebody was saying, oh, you know yesterday we were, we were talking about oh, I can't remember something. Oh, password management. And they said, why don't we put it on blockchain? I said, oh, what a great idea. Make everybody's passwords permanently public.
Doc Searls (00:05:59):
<Laugh> <laugh>, but encrypted. Encrypted.
Leo Laporte (00:06:03):
Yeah. Right. The only use case I've heard of at all for any of this is collectibles. That it's somehow you could have a immutable providence for that HAIs Wagner card. Woo. Change, changing the world. One, no, no. Leo Facebook
Jonathan Bennett (00:06:18):
Card at time. Blockchain has already changed the world. Blockchain has already changed the world. What do you think Git is? It's a distributed database, but it's
Leo Laporte (00:06:25):
Not blockchains. Yeah. No Git. That's fantastic. And Gitz exactly the right application. Everybody who has a Git you know, repository has a copy of every change on in the repository. Yeah. I think that's a, that's a good way to use it. It's not blockchain though. I mean, I guess it's blockchain
Doc Searls (00:06:45):
Like a get chained or a block get,
Leo Laporte (00:06:47):
It's a distributed database. That's a way to do it. I think that's fine.
Doc Searls (00:06:50):
I know it's a, I, but I wonder ir respect to cryptocurrency, if we're at a moment right now that's a little bit like ancestors were, when somebody says, you know, we're Clay isn't working anymore, we need to use metal. And and stamp it into circles, and, and nobody could agree on exactly what the circles ought to be like. Like, are we going to have cryptocurrency? I mean, is cryptocurrency a a permanent thing? Even if it's just speculative at this point?
Jonathan Bennett (00:07:20):
It's hard to say. So one of the, one of the other stories about this is Luke Dasher, one of the guys that is a Bitcoin developer, lost like 200 Bitcoins to a a theft. All of his Bitcoins. One of the
Leo Laporte (00:07:36):
Original Bitcoins Bitcoin guys. Yeah.
Jonathan Bennett (00:07:37):
Yeah. And he, he can't figure out how, yet they don't know how <laugh>, that's
Doc Searls (00:07:42):
Oh, <laugh>. Wow. That's, this is not the year of the Bitcoin death.
Leo Laporte (00:07:47):
I am happy to be a ludi in this regard. Doc <laugh> you know, sometimes the looms do have to be destroyed. And in this case, there will be digital currencies. Don't, don't get me wrong. I think the you know, reserve banks, the federal reserve banks of many nations plan, there's the Luke story plan to have digital currencies. There will be a digital dollar, but we're virtually digital as it is. How many, when's the last time you pulled a dollar bill outta your wallet? Well, maybe Doc. You did. That's but <laugh> <laugh>,
Doc Searls (00:08:20):
Leo Laporte (00:08:21):
Jonathan Bennett (00:08:21):
Give quarters as
Leo Laporte (00:08:22):
Tips like John d Rockefeller, here's a shiny dime. Young man, <laugh>,
Doc Searls (00:08:27):
Leo Laporte (00:08:27):
Spend it all in one place.
Doc Searls (00:08:29):
The hard places is with tip jars, tip jars. You, you see the empty tip jar at the Starbucks, you know, because Yeah. How do you tip, tip aren't carrying cash anymore? It's kind of pathetic. Yeah.
Leo Laporte (00:08:39):
Well, you, you could tip him in Venmo. Somebody it's a good point because we have a tip jar on the TWIT site, and I got an email yesterday from a guy in Indonesia actually was on the twit forms, on the discourse forms, who said, I can't give you any money, <laugh>. I, I said, yeah, you know, and this is PayPal's restriction. That's fine. <Laugh>, you don't have to give us anything.
Doc Searls (00:08:58):
Yeah, yeah, yeah. If your intent, your intentions are
Leo Laporte (00:09:01):
Good. Your intention. Yeah. The thought, it's the thought
Doc Searls (00:09:03):
That counts. It's the thought that counts. We'll put that in the bank. Yeah. Where whatever that is. Well,
Leo Laporte (00:09:06):
I like the thoughts myself, Lisa, once at least someone wants cold hard cash to pay the light bill. But
Doc Searls (00:09:11):
Yeah, I like, let's put thoughts on the blockchain. <Laugh> <laugh>.
Leo Laporte (00:09:15):
That's a good point though. That GI is a, GI is a, a block. It's a distributed database though. See, it's not, isn't blockchain technology, right, Jonathan? It's not the same.
Jonathan Bennett (00:09:25):
It's, so I say that similar, a little bit of a troll, but at the same time, it's really pretty similar. If you take the idea of blockchain and you take the currency idea out of it, you essentially have Git. It's
Leo Laporte (00:09:37):
Jonathan Bennett (00:09:37):
It's pretty similar. <Laugh>.
Leo Laporte (00:09:39):
And did Subversion put a, I don't think it did put a copy of every commit on your hard drive as well? I don't think so. I think that had a central database. I think
Jonathan Bennett (00:09:50):
I've avoided using Subversion as much as possible.
Katherine Druckman (00:09:53):
I can't remember. That's how long it's been A
Leo Laporte (00:09:55):
Version. What sub
Doc Searls (00:09:56):
Version? I don't remember how it
Jonathan Bennett (00:09:57):
Leo Laporte (00:09:59):
Yeah. Get as far
Jonathan Bennett (00:10:01):
Superior. Pretty much been, get full-time for me. <Laugh>,
Leo Laporte (00:10:03):
That's actually an interesting open source story from the year Gone by Microsoft's what, what, what should we call it? Kind of, I guess they, they've been keeping, they've been taking care of it, their stewardship of open source through Git and GitHub. We, for a long time saw, I think when they first bought GitHub, a lot of people said, oh, get's GitLab for me, or mm-hmm. <Affirmative>, I'm gonna, you know
Jonathan Bennett (00:10:28):
Wash my hands of that. I don't
Leo Laporte (00:10:30):
Think that's, but I don't think that's the case. Right. They've, they've been a good steward.
Jonathan Bennett (00:10:34):
So, yeah, so far I never, there's been a couple of things that have happened that have made people worry. Like one of the big ones was they took down YouTube dl, and a lot of people went, oh, look, that's Microsoft being anti opensource. Right? No, no. That was, that was a D M C A tech down. And, and they backed down Resolved and, yeah. Back up. Yeah. Yeah. I would agree. I think they've done a great job with, with GitHub, but also a lot of other open source projects that Microsoft supports. It's amazing. You go look at like, the Linux kernel, the top 10 companies. Microsoft for years now has been in that top 10 list because they use Linux internally in a bunch of places. It's great.
Katherine Druckman (00:11:12):
Yeah. I have no problem with, with Microsoft and GitHub. I think they've, they've done a great job. I think, you know, GitHub, GitHub is the still people, you know, there was a lot of that talk of, of major projects jumping ship and, and, and hosting their own or going to GitLab or whatever. But it, it's still the place to develop open source software. And that hasn't changed. And I think that's an indication of their stewardship.
Doc Searls (00:11:35):
It's interesting, Sophie, one of the big issues is last year, one of the reasons that that crypto took off as a, as a currency idea is, is decentralization. And I went to a big camp that put on by the internet archive this last, last summer on the decentralized web and wanting to de decentralize everything. Of course, mass is probably even the biggest story from this last year. Mm-Hmm. <affirmative> an open source kind of alternative to to Twitter. Yeah. And, and it's quite aside from the politics of everything that happened with Twitter getting owned by somebody, but but I'm, but I'm wondering whether what we're gonna come up to are the limits of, of decentralization and the advantages of centralization. Cuz in a way, Microsoft being a steward of GitHub and GitHub being, although a distributed database basically centralized the sense that somebody runs it is not a bad thing. It's a good thing. You know, Brian Bellor, who I think we've had on the show Yeah. Talks about minimum viable centralization. What is that? That's, now whether that as an ethos is something that'll take off.
Leo Laporte (00:12:41):
Love that phrase.
Doc Searls (00:12:43):
Yeah. Yeah. Well,
Jonathan Bennett (00:12:44):
That makes sense.
Leo Laporte (00:12:45):
Cause you, yeah,
Jonathan Bennett (00:12:46):
You can't have, so you've got GitHub, you've got GitLab. So there's these two different options. One is very centralized, it is very de decentralized. But even with GitLab, good luck making that work without say, dns. There's gotta be some, you know, everybody on board with the central idea to even make things work.
Leo Laporte (00:13:02):
Although DNS is decentralized, right? Sort of, you have your, your 13 canonical servers, but they're all over the world. They're highly protected. I would say that's an example of minimum viable centralization.
Katherine Druckman (00:13:14):
I say a minimum. Yeah, minimum, but no more,
Leo Laporte (00:13:16):
But no more. And then everybody else is kind of responsible for maintaining their own, you know, DNS cash, including you on your, I, you know, you said I didn't do any prep Doc, but actually <laugh>, in my mind, <laugh>, I was thinking about centralization as being one of the big stories. What was the lesson we learned in 2022 was big centralized social media sites are dangerous. We also learned this from last pass. Centralized password storage is dangerous. I think 2022 was a, a important watershed moment for people who support open and decentralized solutions. And Maston's a very good example. You know, I've been f we've had a Maston server for years before that, we had ICA and status net. And we you know, since 2007 you had Evan PMO on we've used a, you know, variety of different ways of doing this. And I've really been a believer in this idea of fed averse and Federation. It really makes sense to me. But you're right, it's not, as, you know, everybody goes to Twitter and says, well, look, everybody's here in one spot. But we see the downside of that as well. If, if it can be bought by a billionaire, I think it's a bad idea.
Jonathan Bennett (00:14:28):
Doc Searls (00:14:29):
That is. Speaking
Katherine Druckman (00:14:30):
Of Mastodon, I don't, I hope y'all aren't sick of talking about Mastodon, but is anybody else finding the Master on experience? Just, you know, obviously in the last few months when it's, when the user, the user base has grown tremendously, but are you all finding just the, the conversations there to be so much more thoughtful and and deep and interesting and, and it's like, it's like going back to the internet of 15 years ago. Do you, is it, is that just me or is that everybody's experience?
Doc Searls (00:14:58):
A hundred percent. It's not, it's not me. But I, I'm, you disagree, doc. Hold that thought. You don't like Maed on. All right. I'll fight you. I know. I, I actually, I love Maed on. Okay. and I love the two places I I'm out in Mastered in, which is Twit and the other, and we have a very nice journalist that's, but we're trying to make it perfect. Trying to make it all work is a little bit of a, a, a chore for me. But I, I wanna get into the topic, but first we have to pause and let everybody know that this episode of FLOSS Weekly is brought to you by Fast Mail. Free email isn't free. You pay with your privacy for over 20 years. Fast Mail has been a leader at email privacy at Fast Mail, your data stays yours with productivity features for as little as $3 a month.
Fast Mail prioritizes your privacy. Your personal data is kept safe and away from third parties with better spam filters and absolutely no ads while Fast Mail data is stored in the us. And Fast Mail is fully G D P R compliant. Mask email protects your personal data by allowing you to create multiple addresses to use when you sign up for various websites. And privacy isn't all you get with Fast Mail. You can customize your workflow with colors, custom swipes, night mode, and more. You can organize your inbox with scheduled send snooze folders, labels, search bar, and so on. Plus, keep track of all of the important details in your life easily with Fast Mails. Powerful sidebar, it gives you the ability to send and receive emails from your own domain and manage multiple email addresses in one space, which helps keep you organized and protects your personal data.
Works as password managers like Bit Warden and one Password to make it easy for you to create unique passwords for every account and safely store them on your device. It's great on desktop and mobile, especially when you download the Fast Mail app to get the most out of your email. The Fast Mail app is the best place to try all their newest features and will always be the most up to date. Fast Mail has a US-based support team full of email experts that are always within reach to put you first. The Fast Mail team believes in working for customers as people to be cared for, not products to be exploited. Advertisers are left out putting you in your privacy at the center. Check out these reviews. One says, I used Fast Mail because it's super fast and cares deeply about privacy and doing the right thing.
Another says, fast Mail Rocks, it's secure, private, independent, and has a Gmail transfer tool. You wouldn't regret this move. And another says, I test drove several services, but settled on Fast Mail years ago, and I couldn't be happier. I used it for my entire family as well as a separate plan for my business. And don't worry about losing information. It's easy to download your old data and import it into your new Fast mail inbox. No need to, to leave important info behind when you switch. Fast Mail is moving email forward with new internet standards and open source innovations that power many email services under than their own. Don't get left behind by substandard email providers. New year, new you, new email, reclaim your privacy, boost productivity and make email yours with fast mail. Try it free for 30 firstname.lastname@example.org slash twit. That's Fast mail.com/twit. Fast Mail is also giving twit listeners the 15% discount on the first year when you sign up today.
Leo Laporte (00:18:29):
Next time, let me do that one Doc. I can do it in about eight minutes. I,
Doc Searls (00:18:33):
I, I <laugh> I was saying before we started here I am, I'm gonna be reading ads in front of the best ad libber of ads on Earth.
Leo Laporte (00:18:41):
And in the case of Fast Mail, I'm a, I'm a user, been a user for a decade, and I'm a huge fan.
Doc Searls (00:18:47):
So we have, what do we have coming up
Leo Laporte (00:18:49):
Here? <Laugh>, this audience, this audience should use.
Doc Searls (00:18:51):
You do Kolide. You can do Kolide.
Leo Laporte (00:18:52):
You can do, I'll do 'em all. I'll do 'em all for you. Why should you have to do any ads?
Doc Searls (00:18:57):
I, I I'm with you.
Leo Laporte (00:18:59):
I'm the ad man. I'm the PT Barnum of podcasting. No, I, I was gonna say, fast Mail is great for geeks because a, it's an open source IMAP server Cyrus, they contribute back to the open source considerably. In fact, they've proposed a new, much better than DKM and Demark male authentication standard, which I hope gets adopted fast. Mail's a big contributor to the open source community. Plus you also get the open source SIV filters. And I have, I have like hundreds of lines of civ script filtering my email. It's if you're, you don't have to be geeky to use it, but if you're geeky, whew. It's kinda like the, well, <laugh>, do you remember the Well sure
Doc Searls (00:19:42):
You did, doc. Oh yeah. I was under, well, yeah.
Leo Laporte (00:19:44):
Yeah. The well was very simple, you know, text-based forms with threads. But if you, if you, I can't remember what the command was, but there was a command to exit and you could drop out of the, well into the, into the early, you know, proto internet and use Gopher and Archie. You got a command line. And so that's what kind of fast mail's like, you know, on the surface, normal <laugh>, but underneath on
Doc Searls (00:20:07):
The surface, go
Leo Laporte (00:20:08):
Deep geeky. Goodness. I
Doc Searls (00:20:09):
Katherine Druckman (00:20:09):
Could probably describe us all
Doc Searls (00:20:11):
Leo Laporte (00:20:11):
Yes, yes, exactly. We seem normal <laugh>, but don't us about Arch cuz you know mm-hmm.
Doc Searls (00:20:19):
Leo Laporte (00:20:20):
It's all over. Or rest or rest
Katherine Druckman (00:20:23):
<Laugh>, Jonathan's case.
Doc Searls (00:20:24):
Well, well, we have a, do
Leo Laporte (00:20:26):
We wanna talk
Doc Searls (00:20:26):
About rust coming up? But let's say, let's stay un master in for a minute because I think, I mean, I,
Katherine Druckman (00:20:31):
It's a good conversation.
Doc Searls (00:20:33):
It's, it, it's a, it's a huge topic. I mean, if you were asking Catherine do you have better conversations there, I think the conversations are better and they're more like conversations. On the other hand, and I'll put this out there, I've, there are several challenges for journalists and journalism in particular, especially going after the hand that feeds you for some of the major pubs that, that accept that do tracking. I mean, the New Yorker, all the ka nas pubs wired, all of them. They track their living crap out of you. And, and they'll run ads, not ads. They'll run stories over and over again about how about here's what Facebook and Google are doing wrong. But unless you're protected and you open any one of those, your, your browser is getting filled with tracking tracking beacons and nobody wants to touch it. It's the third rail. So I've been, every so often, I'll put something in the, in the journal host one, hoping to get a rise. <Laugh>, I haven't seen anything yet.
Leo Laporte (00:21:34):
That's the wrong place to do that.
Doc Searls (00:21:36):
<Laugh> probably is. Those are,
Leo Laporte (00:21:38):
They don't own corporate journalists. They don't have any,
Doc Searls (00:21:40):
Leo Laporte (00:21:41):
Let me, actually, there was a huge story broke yesterday. That the Irish Irish Irish Irish Republic, the Irish, I like it too. The Irish Republic the privacy guards there have find Facebook more than 400 million and forbid them from using your online activities, sell ads, which some interpret as a complete reversal. They're basically telling everybody, you can't track people and then use that to sell advertising. That's huge.
Doc Searls (00:22:17):
Yeah. I could get a new business
Leo Laporte (00:22:19):
Model. Yeah. 400 million fine. 300 million, 90 million euros is huge. Not a lot for Facebook, but it tells every, it's a, it's a flag in the sand saying, Hey, you know what? You can't do this anymore.
Doc Searls (00:22:35):
There's a, somebody I spoke to recently who's seems to know their stuff, said that basically Facebook and Google are just budgeting it in. They're budgeting it in, we're we're gonna be paying big GDPR fines all over Europe. And that's just part of the cost of doing business, but being actually forbid from
Leo Laporte (00:22:53):
From, isn't that interesting?
Doc Searls (00:22:55):
Yeah, that is interesting. Yeah. This is outright against the law. You're not gonna do that. Now. How do they find out? I mean, it, it's interesting. If you look at a, say a nuclear power plant or anything that's a public utility, and there are guys in, maybe it's just guys, but people in white coats with pocket protectors and, and you know, degreed professionals that know what they're doing and go in there and inspect everything. You can't do that with an algorithm. Well, you can't get inside of Google or Facebook.
Leo Laporte (00:23:23):
Remember back in the nineties when Microsoft made a deal with the doj, one of the parts of the DOJ deal was an ombudsman, an outside third party inside Microsoft watching what they did. So it's certainly doable. But even from the outside, all you have to do is go to Facebook and try to buy an ad based on 66 year old men in Petaluma who have, have recently browsed stories about women's underwear. And boom, I show up. So, no, I'm kidding. But you could do that. You could verify whether they're, I think ProPublic and others have done that kind exact kind of you know, stealth research into Facebook and, and they, you know, they've demonstrated Facebook will sell ads against all kinds of information, which they clearly don't know from just what you've put on Facebook.
Doc Searls (00:24:12):
So, so Google has a gigantic backend that is the plumbing for much of the advertising feco system. That's tracking based. And could
Leo Laporte (00:24:22):
You say fecal system?
Doc Searls (00:24:24):
I did fee feco Feco system. Yeah.
Leo Laporte (00:24:26):
Oh, oh, FICO scores. Not fecals scores. Okay.
Doc Searls (00:24:28):
<Laugh>, no, no, no. As in, as in feces as they say. I'm just trying not to, to use was a psychological reference.
Leo Laporte (00:24:34):
Doc Searls (00:24:34):
Was Okay. Yeah. It's a scatological reference.
Leo Laporte (00:24:36):
I'm new here. I didn't know. Okay, good. Okay.
Doc Searls (00:24:39):
<Laugh>. But the so what are, I mean, if they forbid Google in particular, but if they're forgetting like your, your J random blog and, and you know, your, your ads are being placed by Google and they're based on the tracking that's in your browser. How does, are they gonna come after the whole plumbing system? That's, that, that's, well,
Leo Laporte (00:25:07):
That's interesting. I wonder if the Irish regulator, I mean, that's what they imply is that if you can't do a Facebook, no one is allowed to do it. And Google would be the biggest violator they could be saying to Google. Yeah. You know, all that information you get from people's searches, that's private. Holy cow.
Doc Searls (00:25:26):
Yeah. Wow. Well, but so
Katherine Druckman (00:25:30):
I, I wonder though, you know, I wonder
Doc Searls (00:25:33):
Ahead ahead, Catherine. Sorry.
Katherine Druckman (00:25:34):
Well, I was gonna say, I wonder, you know, legislating things like that without the ability to truly enforce it, without the abil, without the ability to go and look under Facebook's hood and verify that that's actually how things are working. You know, I, I don't know. It, it strikes me as, it, it reminds me of something else that I thought we might talk about you know, the, the year in security or something. But there are things like the open source Security act, for example, that's out there. But it just strikes me as, okay, we, we can, we can make these broad declarations using legislation or regulation and whatever, but it's almost like wishful thinking <laugh>, you know, it's like, well, well, we're gonna just legislate security to be into, into software. And that, you know, obviously doesn't work. So I, I, I kind of, the, these things are similar in my mind in that it's a nice gesture and it's a nice thought, but I, is it really, is there a lot of does it pack a punch, I guess is what I'm asking?
Leo Laporte (00:26:28):
Did that pass, by the way, the, the securing open source software app? I don't, don't think so. I think
Katherine Druckman (00:26:33):
So. No. I think it's still out there, you know, and running, going through
Leo Laporte (00:26:37):
The, well, it's dead now because of course, Congress has
Katherine Druckman (00:26:40):
Been, is it dead? Right? Of course. Yeah. Nothing's gonna happen
Leo Laporte (00:26:42):
<Laugh>. So it's gone, gone. Well, there's just a new Congress, so they start over. I, I was gonna submit <laugh> as one of my prepared bits. The notion that the fact that we've seen at least two or three Linux vulnerabilities emerge this past year is more further proof that Linux on the desktop has finally arrived, cuz the bad guys are going after it.
Jonathan Bennett (00:27:06):
How many of those vulnerabilities are really desktop, desktop
Leo Laporte (00:27:09):
Oriented? They're all server focused. There were a couple of kernel is errors, right? Issues that you could use to go after desktops?
Jonathan Bennett (00:27:17):
Y you could, yeah. I think most of those though were elevation of privilege. So in know, really somebody getting into it, it's still going to be you know, vulnerability in Chrome, you pop Chrome and then you use one of these others to actually get to root.
Leo Laporte (00:27:30):
Sounds bad to me, but
Jonathan Bennett (00:27:32):
It well, I mean, that's, that's true. But I, I, I just don't know that there's a, a real line you can draw from any of these vulnerabilities to Linux on the desktop. But it's, you're
Leo Laporte (00:27:45):
Right. When we see Linux ransomware, then we'll know
Jonathan Bennett (00:27:49):
<Laugh> Lennox Desktop Ransomware. Yeah, yeah, yeah. That's true. Ransomware for Linux. It's not just, we've got your website encrypted
Leo Laporte (00:27:57):
<Laugh>. Actually there is I'm just, there's a Google search. There is Linux ransomware.
Jonathan Bennett (00:28:05):
Oh, I'm sure. But it's still, it's encrypting your website,
Leo Laporte (00:28:08):
<Laugh>. Yeah, I mean, I think as more and more people use Linux backends, look at Microsoft actually embracing Linux. So Azure supports Linux as well as aws Google the clouds
Jonathan Bennett (00:28:23):
Of Azure runs on Linux
Leo Laporte (00:28:24):
Too. Yeah. The cloud is Linux based. Well, I understand. Yeah. Yeah.
Jonathan Bennett (00:28:29):
So one of the, one of the stories I've been following this year thinks really interesting ties into that is Valve. And we now have an open source and Linux-based gaming console with the Steam deck. And if you, if you follow like, gaming consoles for the last 10, 20 years, it's kind of mind blowing to actually have one that is this popular. I think they've shipped a million units now, and it's open source. You can go install another distro on it if you want to. You can do pretty much whatever you want to with it. And it is incredible. So you talk about Linux on the desktop. Well, this may be another place where we have Linux on almost, but not quite the desktop. You know, we've taken over servers, we've taken over phones. Now we're gonna take over gaming consoles, which are really close to desktops, but not quite
Leo Laporte (00:29:12):
<Laugh>. Well, there's an even bigger impact. I'm a Linux gamer, right. I, my gaming machine runs Linux. And because of all these games that have now been adapted to run on the Steam deck you have really good compatibility layers for Lennox, like Proton. Yeah. Which means if they're very few PC games, I can't play on my Linux desktop and they run very well, or even this is new stuff. But they, it looks even like HDR is gonna start coming to PC games on the Linux desktop. So it's huge for a Linux user. I mean, you know, I'm playing, there were, there were so bunch of games that I thought, oh, I can't play these like a factorial and satisfactory. And and then I just installed them and Steam, you know, you installed the Steam with the compatibility layer. I think they're using Proton and just works and it works great.
Jonathan Bennett (00:30:03):
Well, so that's big Two things going on there. Valve has been pushing money towards developers. Mm-Hmm. <affirmative> open source developers. And then the other thing is, because the Seam deck has taken off on popularity, you have a bunch of game creators now going, exactly. Man, it would be nice if we could run on that. It would be another slice of the pie that we could get. So it's kind of a win all around.
Leo Laporte (00:30:22):
Good for me.
Jonathan Bennett (00:30:24):
Yes. Yes. Good for us. <Laugh> those, those of us that have desktops running Linux that we like to game on, it's kind of nice.
Leo Laporte (00:30:31):
Well, in my game of the year for the last two years, Val Heim was developed on Linux and runs beautifully on Linux. So that's another thing I'd love to see is more developers writing natively on Linux. That'd be great. And I think we're starting to see that it's a
Jonathan Bennett (00:30:46):
Good development platform. And now, Leah, I've gotta ask, what do you think it's one of the things that people really predicted with Valve and Proton taking off, is that we would see fewer games with Native Linux ports because Proton just worked so well. Well,
Leo Laporte (00:31:00):
You think that's well, might be, might be. I mean, the Val Heim developers actually it's kind of interesting. Iron Gate chose Linux cause they liked developing on Linux. And I think that that's a very common point of view, right? I, I prefer to develop on Linux than I guess the Mac would be number two. Cuz it's kind of un nixy Windows has gotta be a, a distant third unless you're writing.net or, you know, windows Code. So if I'm a developer, I would choose Linux <laugh>. I'm not a developer, but you know, I play one on tv, <laugh>, Hey, try to install Eemax on Windows. Let me tell you, that is not a pleasant thing.
Jonathan Bennett (00:31:40):
<Laugh> isn't that kind of the point of wsl though? WSL too is
Leo Laporte (00:31:44):
Yeah, you can't run Ex on under wsl. Yeah. But why would you do, look, why <laugh> just, just put Linnux on that machine and you don't
Jonathan Bennett (00:31:53):
Need, isn't that what Microsoft is trying to do though? Yeah. Is isn't that their whole point is Yeah. They, they're going, yes, it's easier to develop on linnux people like doing it, but we want to keep people running on Windows on some regard. Yeah. So we'll give 'em WSL to be able to precise, have the best, best of both worlds. But if
Leo Laporte (00:32:06):
You're, but really it's not the best of both worlds. It's the worst of both worlds.
Jonathan Bennett (00:32:09):
<Laugh>, <laugh>, if
Leo Laporte (00:32:10):
You want Lennox, use Lennox, you could dual boot, I guess if you really had to have Windows.
Doc Searls (00:32:16):
So I'm wondering that in the back channel on a i c there's a suggestion, I'm not looking at it right now, that does Windows end up being another Lytic desktop?
Leo Laporte (00:32:26):
Well, I've wondered that and we've, I've brought this up in Windows Weekly. It only to be dismissed as a fool. <Laugh>. But here I feel I'm amongst friends. I really think Microsoft in the long run's gonna see Windows as an albatross around their neck that they maintaining this ancient ugly code base maintaining legacy compatibility all along. I thought for sure that Microsoft would start moving users to cloud-based PCs by now. I mean, they offer it, but it's very expensive. So they're clearly still hoping to sell copies of Windows, but at some point it's gonna become more expensive to keep Windows running than it is to sell it that they make from selling it. They're clearly a cloud company now, right? That's, that's such an Adela background. Azure is, I think they're Azure. They see that as their future. So why not they, I mean, in a way that's what Nadela said, you know, used to be the Microsoft's mission statement was what a computer on every desktop running Microsoft software.
They even had it on the sidewalk at the campus in Redmond, so you wouldn't forget. But it's changed. When Satya Nadela took over, he said, we want to be where the users are, and we don't, it doesn't have to be on Windows. And in fact, it was a big deal when they make Microsoft the touch version of Microsoft Office appear first on the iPad, not on their touchscreen surface laptops. So I think it's in the future, I don't think it's the near future, but I think, Jonathan, you're absolutely right. That Linux, the Microsoft has no real attachment to Windows in the long run. Why not use
Doc Searls (00:34:05):
That? Don't think so. It's interesting to put it in cost terms that at, at a certain point the economics are, what's the point? We're we're still selling something still. I mean, this is what Neil Stevenson back in the last Millennium wrote great, great book, little book, book called, in the beginning was the Command Line. Love this book. Just a brilliant book. And and it's all online. The whole thing is online. You can find it kicking around or two, a number of copies of it. But basically the whole idea of selling what was box software, you know, is, is long gone now anyway. And, but there's still sort of selling it that way. And that, that you would have a laptop that comes with that little emblem on the bottom that says, this runs windows, you know, but it could say Windows and it's still just a Linux front end. You know, there's no reason it shouldn't be.
Leo Laporte (00:34:53):
I can't remember what show it was. I did a reading of my favorite part of that book where you remember this doc, he talks about the crossroads and there's
Doc Searls (00:35:02):
Yeah, there're four car dealers.
Leo Laporte (00:35:04):
Yeah. Car dealers at the Crossroads is, there's Microsoft, there's Apple, and then there's a bunch of guys, <laugh>,
Doc Searls (00:35:11):
There's selling tanks. Yes. Giving away tanks. Giving
Leo Laporte (00:35:14):
Away tanks. And they can't understand why people are going across the street to buy these, you know, crappy <laugh>. Now of course,
Doc Searls (00:35:21):
Yeah. He did beat up old station wagons. Yeah. Beat up new station wagons and fall apart and don't work. And
Leo Laporte (00:35:27):
Stevenson has since amended it to say, Hey, well actually it turns out Apple isn't that bad. Okay, I'll, I'll, Apple's fine.
Doc Searls (00:35:33):
Yeah. I, one of my few changes with him was about that. He said, I, he said, I'm, I'm, I'm using a Mac now. Sorry, <laugh>. I kinda hate to admit it. If
Leo Laporte (00:35:41):
If you haven't read it, read it. It is,
Doc Searls (00:35:44):
Leo Laporte (00:35:44):
Still worth reading. It's hysterical.
Doc Searls (00:35:46):
It it ha and it mentions what was sh Luga say's company
Leo Laporte (00:35:50):
B os Yeah, this was
Doc Searls (00:35:51):
The Bo Os that dates
Leo Laporte (00:35:53):
It because it was written
Doc Searls (00:35:54):
The corner. Yeah,
Leo Laporte (00:35:55):
It was written when B Os was still around and he was Right. I mean, that was an off awesome operating system. That must have been the late nineties, early two
Doc Searls (00:36:03):
Thousands. Late late nineties. Yeah, yeah, yeah. Just the time for the.com crash
Leo Laporte (00:36:07):
In the beginning was the command line. Fantastic book. I actually bought a doc copy of it.
Katherine Druckman (00:36:15):
Were you there, doc, when we changed Linux Journal to Bos Journal for April 4th.
Doc Searls (00:36:20):
<Laugh>. Oh really? <Laugh>. It's,
Katherine Druckman (00:36:22):
We changed the whole site. Everything.
Leo Laporte (00:36:24):
So here's a question. Funny. Are we now stuck with iOS, Android, Mac, Linux, and Windows? Is that it? Will they not? I mean, are we done with new operating systems? W you know, B os was pretty amazing. There is a kind of open source movement called Haiku to kind of keep it alive. There's fuchsia from Google, but are we done with new operating systems? Is it, is it set?
Doc Searls (00:36:47):
Well, that may be a long term. I would not passwords, because if you told me in 1995, which is to me like the beginning of the internet and, and in the sense that it went commercial the NSF net shut down, suddenly there was this explosion of commercial activity where there were ISPs and sort of, we, we had the, the table of elements that we have now. But if you told me, then we'd still be using passwords in 2023. I think you were nuts. And and we're still lo we're logs and passwords are like more embedded than ever. And, and I wonder whether it's the same way with operating systems. Like Apple's gonna make its own Apple's a what, a multi-trillion dollar company at this point or something like that. Too many people in that ecosystem, too hard to see past the horizon of when that plays out. If it ever does. I think
Leo Laporte (00:37:37):
There's a lesson, I don't know, in windows phone where Microsoft did try to create a third mobile operating system and was rebuffed because I think this might be the case now. You can't really just put out an operating system unless you have software for it. So you've gotta get developers lined up and they couldn't and they didn't, and they just flopped. They had to kill it. And I wonder if at this point, the, the burden of creating an entirely new operating system, and then maybe if you had a, maybe you'd have to put in a compatibility layer so people could run their Windows software on it. Did B os have, I don't remember. Did it have a compatibility layer? I don't think so.
Doc Searls (00:38:19):
I I doubt it. I don't think it was, I don't think it's pretty curious.
Leo Laporte (00:38:22):
It came with a lot of simple apps, so you could do some things, but,
Doc Searls (00:38:28):
So Leo, do you want to handle the Kolide ad or should I stumble? Oh, sure.
Leo Laporte (00:38:33):
Doc Searls (00:38:34):
You want. Okay. Go for it. If you want chewing you up.
Leo Laporte (00:38:36):
All right. I will. I will. I will do the ad. I will do the ad for Kolide. I should put on my Kolide t-shirt while I'm doing the ad. Let me tell you, I am a huge fan of Kolide because I really believe that security can be done better than, you know, the old saying when the only tool you have is a hammer. Everything looks like a nail, right? The traditional approach to device security, that's the hammer. The mdm, a blunt instrument, not great with no answer problems. It also creates this, you know, wall between IT and security and your end users, they become the enemy. You know, as even after installing those clunky, you know, MDM agents that users hate it, teams still have to deal with mountains of support tickets, same old issues, right? No way to address things like, oh, go ahead and try telling a user, you know, your SSH keys unencrypted, huh?
Or you gotta update your operating system, dude, or pretty much anything going on with a Linux device endpoint security done. Right? That's Kolide. And it's not a hammer. It's, it's a Swiss Army knife. It gives your IT teams a single dashboard for all devices. That's one of the things I love about Kolide. Totally. Cross platform, Mac, windows, yes. Linux, and for the IT guys and gals, you can query your entire fleet to check for a common compliance issues, just one command. Or you can write your own custom checks, easy to do. Plus, instead of installing in some intrusive mdm software that creates more work for you, the IT department and scares your users over privacy. Cline's lightweight agent shows end users, I love this. How to fix the problem themselves. And there's two reasons. It's not just, it's not laziness on your part.
It's when they do it themselves, they have ownership. It's the IKEA effect, right? They've fixed it. They are now on your team. They're there to keep, keep your entire network secure, your entire enterprise secure. They're part of the team instead of the end, you know, the enemy. And, and, and users love it. I'm telling you, you will love it. Achieve endpoint compliance, add a new tool to your toolbox. Visit K O L I D e Kolide.com/floss to find out how you can start that 14 day free trial. Right now, no credit card required, Kolide with a k K O l i d e.com/floss. We love Kolide and see all the goodies. You can get your Kolide t-shirt, the coaster for I think Jonathan could use that. The stickers for Katherine to put on her laptop, K O L I D e.com/floss. Thank you. Kolide for support and FLOSS Weekly.
Doc Searls (00:41:24):
So speaking of advertisers, we, there's news around when we don't have now, which is last pass. Yes.
Leo Laporte (00:41:32):
Steve Gibson, I'm a plug for security. Now, yesterday Steve Gibson did a whole, he's of course, he got us all on last pass when he interviewed the creator, Joe c Grist said, you know, thumbs up the way he is doing is perfect. This was 2007, eight, something like that. Mm-Hmm. <affirmative>. And then and then he's been reporting on the breaches. The first one in July, which last pass undersold his stor, his podcast from yesterday, security now from yesterday is called Leaving Last Pass. And I'll leave you to decide what his final
Katherine Druckman (00:42:05):
Yeah, that's <laugh>, that was my holiday. So that title
Leo Laporte (00:42:09):
Was basically my, yeah, I bet A lot of people. Yeah. And one of, how did
Doc Searls (00:42:13):
It hit you, Catherine? What, what, what was, what what,
Katherine Druckman (00:42:16):
Well, I mean, I haven't been impacted in, in the, in the real, in the true sense. And, but I, I just lost faith after the first one. I thought, well, I've been using last test for forever. Mm-Hmm. <affirmative>. I mean, I don't know if it goes back as far as we just said, but it's been a long, long time. And so, and it's really, you know, it's tough to migrate off of something like that. But this last time, I, I thought, well, well, I actually, you know, it, I have to say that this is a sponsor before I mention the name, I believe. But I, I created a new account with Bit Warden. Yes. Because I've all, you know, I've, I've heard great things about Bit Warden for a very long time, and I intended to my migrate there at some point.
Leo Laporte (00:42:55):
And it's open source.
Katherine Druckman (00:42:56):
This is a last straw and it's open source. Mm-Hmm. <affirmative> and I, I just feel better about using it. So I created a new account and all my, let's say my more important stuff, or, or at least the mo more important stuff that I'm willing to put in a password manager is there. And you know, I eventually, I'll probably migrate the whole thing, but I still have some things in last pass. But it's, it's just, you know, it's a bummer because you, you hate to, to ha be let down. And, and when you have that sort of crisis of confidence with, with a brand that you've, you've used for so long and it is a bit sad, but they went through the big war's. Great. So they
Leo Laporte (00:43:30):
Went through, you know, they got purchased a couple of times, sold a couple of times, yeah. Mogged me and bought them. I thought that's maybe a sign of trouble. But I was actually impressed. They, they, they let the team, you know, stay intact and they continue to do good work. Then they were purchased by a private equity company. And always, that's nerve-wracking. That happened a couple years ago that they stopped advertising before that happened, or maybe at the same time. And then the private equity company spun it out as a standalone company just I think a couple of months ago. So, but the problem is, especially with private equity, you get so profit focused and I don't know, I don't have any sources on the inside, but it's my guess that the people running the company started to become more important than the people writing the software and, and, and the security experts.
And so they made some, I think, poor decisions. The worst decision was what they've told people, which has been barely adequate. I, I think the legal minimum that they could tell people, but the impression we got is that all of the password vaults were leaked. And that is the worst thing a password manager can do, right? Yeah. Yeah, yeah, yeah. And because many of these vaults were not as secure as they ought to be, they use something called pbk DF two and the ITER iterations, the more iterations, the harder it is to brute force. Last pass chose 100,100 or 100,001 iterations some years ago. But Steve seems to have figured out that, not that that wasn't done retroactively to everybody's account. So there are people out there who, with last pass vaults that are secured with 5,000 pbk DF two iterations.
And that's far too few for modern G P U brute forcing tools. So those, those vaults are vulnerable. If you used a bad password, they're vulnerable. I said, is it helpful if they use two factor? He said, no, because the two factors only used when you log into your last pass account. It is not used to secure the vault. So that doesn't help. So you better hope you had a very long, strong master password. And then if you did, like Catherine did, and as Steve has done, he moved to bit warden as well after looking at all the others. Although I will say that, you know, there's nothing wrong with one password. Nothing wrong with Dash lane. There are other good choices. If you're on a Mac only, you can use the Mac, apple builtin stuff, the key chain. Those all work.
But any better, any password manager, including last pass than no password manager. But one thing he did point out, and I think's important Catherine for you to know, is even though you have now moved to bid warden, that old last pass vault is sitting out there, somebody's attacking it. Mm-Hmm. <affirmative>, all those passwords may at some time become available to them. So you wanna start with anything that's not, that's, you know, important financially or you know, you can't afford to lose that password and go change those all. If you have two factor turned on your list done, your less two factor will help protect you. Cuz password alone won't get them into your bank account, but still. Yeah. Yeah. And that's a, that's what'll take you all Christmas. That's that's a lot of Yeah.
Katherine Druckman (00:46:43):
Yeah. No, it was miserable. I had so many passwords, so yeah. I was changing passwords and, you know, and prioritizing and deciding, well, you know, if somebody logs into my Pinterest account or I don't know, you know, something that, things that are lower priority I've put off a bit. But yeah, it's, it's just, it's, it's not a fun process,
Leo Laporte (00:47:00):
But Philly, you gotta do what you gotta do. Philly co town and the IRC has it ready, he says, you have one job. Last bet <laugh> job <laugh>.
Jonathan Bennett (00:47:09):
Yeah. Well, I've, I've gotta say though, this is not the worst thing that could happen to a password manager. I have to give credit to Tavis Ormandy over at Google from making this point. The worst thing that could have happened to last pass is they could have accidentally shipped an update to the browser extension with
Leo Laporte (00:47:26):
Malicious code. Yeah. Tavis has been saying this for some time that you shouldn't use those browser extensions. Yeah. Yeah. He wants
Jonathan Bennett (00:47:33):
You use that would've been the nightmare scenario where they would've actually, the, an attacker would've gotten everyone's master password Right. As well. Right. And then it would've been game
Leo Laporte (00:47:41):
Over. Yeah. You really have to make sure that, and, and, and he says you shouldn't be using the, you should be, frankly, he thinks you should use Google Chrome's password manager, which I kind of disagree with for a long time. Google Chrome's kept the password in, in plain text. Their logic was, well, if somebody has access to your computer, you're outta luck anyway. But I don't think they do now encrypt at rest.
Doc Searls (00:48:07):
So, so somebody hear this, right? It, what you're suggesting is like, if you like with Dash Land or one password or any of those, they all have a, a a browser extension that you could use to like generate a password and,
Leo Laporte (00:48:19):
And Tavis says that's dangerous. Yeah.
Doc Searls (00:48:21):
So, yeah. So, so basically don't do that just
Leo Laporte (00:48:23):
Well, I do fine. <Laugh> you're trusting though that they won't, that somebody doesn't come along and inject malicious code into it because it has access to everything in the clear. Mm-Hmm. <affirmative> yeah, Tavis said has been pretty aggressive about that. I'm not sure I fully agree with him cuz I think we want people to use these tools. Mm-Hmm. <affirmative>, you, you want people
Doc Searls (00:48:43):
To use the tools. Jonathan, what do you use? The attack
Jonathan Bennett (00:48:45):
He describes is absolutely a, a real thing. Sure. The idea that hasn't happened, a malicious update happened. Yeah.
Leo Laporte (00:48:50):
Jonathan Bennett (00:48:51):
Happened. It would, it would steal your master password, but yeah, I don't think it's happened anywhere. No. Any of the password managers that use actual real encryption, I don't think any of 'em have fallen into that.
Leo Laporte (00:49:01):
The other thing though that maybe of advantage of bid warden is you can store your own vault. And for a long time I said, oh no, I'm gonna let the companies do it cuz they're experts in security, they'll never let my phone
Jonathan Bennett (00:49:13):
Leo Laporte (00:49:14):
So now, but it is a single point of failure, right? If somebody can get into those vaults, that's a single point of failure. So I think that's another thing you might consider if you know what you're doing is store your last, your bit Warden Vault you know, on a Dropbox or you don't have to run a bit and server, but you could even do that. There's some, there's actually some good third party servers. But just, you know, not having your vault in the big blob of everybody else's vaults is some advantage as well.
Doc Searls (00:49:44):
So. So Jonathan, what do you use right now for passers? I know we know it. The rest of us use it. Well, you have found a paper, right? That, that are
Jonathan Bennett (00:49:53):
About, I have so far actually followed t's advice. So I use I use LastPass for old passwords and most of the new stuff is actually in Google Chrome. Which I, I do recognize that that's a potential problem. I, I will say though, the really important stuff doesn't touch a password manager. Like the, the passwords I really, really care about. That could be a nightmare if somebody got ahold of tho those aren't in any password manager.
Leo Laporte (00:50:21):
You can put, I think on the current Yuba Keys, something like 15 or 25 passwords on those, on some of them, the 5 0 2 cap capable ones. So the really important stuff you could, you could keep on a physical key. I think that would be clearly the best way to do it. I have, I keep a Yuba key on my key chain and every time I do this, by the way, I get an email from somebody said, you know, and they could take a picture of your keys and, and, and get into your house. They said, I know
Doc Searls (00:50:46):
Leo Laporte (00:50:48):
I'm trusting that you're not gonna do that. But I love, I love Yuba Keys and Yuki has said that they're gonna, I also love Yuki. Yeah. They're gonna do, and I, I hope this is soon. They're gonna do a Yuki that will store more passwords. Then this would be a great password manager. Right. You'd have to phy you'd have to, you'd have to rip it from my cold dead fingers.
Doc Searls (00:51:08):
Jonathan Bennett (00:51:09):
So at that point it's become an hsm a a hardware security module. Exactly. Yeah. And if, if they've done everything right, even if somebody gets ahold of it right there, there should be some some second authentication step to be hold passwords off of that, I assume. Yeah, yeah. Yeah. So that's a, that's a really a promising approach. I'm gonna have to look into
Leo Laporte (00:51:28):
That. There are open source hardware keys, like Yuki. I've purchased several of them. Yuki is not open source. So for some people they go, well, I don't know if I trust them. But there are open source ones out there.
Jonathan Bennett (00:51:41):
I can't remember the, do any of the open source ones have any true physical hardening though?
Leo Laporte (00:51:45):
Well, that's the question, you know? Yeah.
Jonathan Bennett (00:51:48):
Yeah. I've looked into several of those and it seems like they don't have the, so, so there, there are certain physical attacks that you could do on a hardware security module, and then there are approaches that people have taken when they actually build the chips to make those difficult. Like someone trying to probe the inside of a chip. If they hit the wrong wire it, fly it, it erases everything. Yeah. Put it very simply. And the open source HSMs that I've looked at. They've not had the money to be able to, that's the problem. Physically design the chips. Yeah.
Leo Laporte (00:52:18):
Cuz you have to do your own v lsi and Yeah. That's the problem I've used. I think you used a solo key nitro Key I think is the one I use most recently. Yeah. A Nitro key. Yeah. but that's a really good question is, is, is the hardware hardened? Yeah. I like ubi. Hey, I'm, I'm, I, I trust them. And you know, even it's not though, it's not open source. I think it's a, it's a good solution.
Jonathan Bennett (00:52:44):
Yeah. Well was all of those
Doc Searls (00:52:48):
Jonathan Bennett (00:52:49):
I was just gonna say
Doc Searls (00:52:50):
Getting down in, in a short row here. So <laugh> and we haven't touched Rust and we haven't touched system 76. Another thing we're was on our list here. Anything we wanna hit real quickly before we, we go out and we need to plug the Twitch survey. Maybe you could do that, Leo. Yeah.
Leo Laporte (00:53:10):
<Laugh> take the Twitch survey. Twit TV slash survey 23. It only takes a few minutes and it helps us better understand you. The audience actually, <laugh>, last year there was a little error made. We didn't mention Linux as one of the operating systems people use. Oh no. And boy, we heard about that. So Linux is now a choice. There are other changes I would've made, but I don't have fully have control over this. So <laugh> but it is really helpful for us. We'd only do it once a year. We don't want to track you. We can't really with rss, so which is the way podcasts work. Let's keep it that way. You know, darn you Spotify, but <laugh>, if you take the survey, it helps us. Yes. We'll say that with advertisers cuz we can say, well, you know, age demographics, so forth like that. But we, of course, it's not about you, it's about as in general, you know young, smart people with lots of disposable income. Listen to FLOSS Weekly. We like to be able to say that. So if you would go to twit TV slash survey 23, just do it quickly. It won't take long. And thanks in advance, it, it runs, I shouldn't say this, but you have till the end of the month. But don't do it now. Just get it over with. It gets a good feeling.
Doc Searls (00:54:22):
We need to know, you know, who we, who
Leo Laporte (00:54:25):
We have. Yeah. Not you specifically, but you in general. <Laugh>.
Doc Searls (00:54:28):
Yeah. The, the, the plural you
Leo Laporte (00:54:31):
Whatever is I fight really hard, you know, advertisers would love to do all sorts of tracking. We have had to give in a little bit in a way that I think is privacy forward to some of them. Cuz they just, you know, we just, they won't advertise. And it's getting worse and worse. And that's primarily because of Spotify, Amazon, and Audible. And Microsoft and iHeart, all of which take these podcasts, put 'em inside an app where they know exactly who you are, what's your credit card number is where you are right now, how much of the show you listen to, how many times you heard the ad, all of that stuff. Advertisers, right? They wrongly love that. And so it gets very hard for us to sell against those platforms. The survey helps, but it's one of the reasons we also really promote club Twit. Cuz I, I think ultimately this is gonna be a real problem for podcasts done in the right way with rss the way we do it. Independent podcasters are I think on the dis endangered list and we would like to stay off that. So that's another plug. Twit TV slash club twit seven bucks a month and it, and it keeps us off the endangered list. <Laugh>, thanks and thanks for that too.
Doc Searls (00:55:45):
That's a really critical thing that
Leo Laporte (00:55:47):
It's a big change and it's not good. Same thing happened, the blogs, right? Doc,
Doc Searls (00:55:52):
It's exactly, it's what's happened to blogs this, you know I get Catherine and I have a have a a sub thing. Sub is sort of like become the non blog blog. Nothing Against Them, nothing against newsletters that made it rather rather easy to write. But it's, it's, you know, I I don't think blogs ever go away, but we are at a moment right now where I think we can bring them back. I think we can, we can save podcasting. I think think RSS is so critical for that. Mm-Hmm. <affirmative> RSS has never gone away. Look up RSS on Google, you get about 20 million, you know, billion results is kind of crazy. RSS is the way the Open Web is, is syndicated and and the at and, and everybody trying to lock it into something. Oh my gosh. Well it's, and I understand why advertisers wanna know it's
Leo Laporte (00:56:45):
Natural. Yeah. Yeah.
Doc Searls (00:56:46):
So I mean they wanna, I mean, quite frankly, when I go to some podcast, they do hit the go 30 seconds forward, whatever, you know, but, but with the way you do ads, <laugh> Leo,
Leo Laporte (00:56:57):
Because you never know. I don't want's gonna happen. Leo might fall off his chair. You don't <laugh> you don't know. Yeah. <laugh>. I try to keep em exciting. <Laugh>. Hey, you said Rust. I just wanna say one thing. I'm glad Rust is in the Linux kernel now. I think Rust is you know, it's nice to have a systems safe Systems Lang memory safe systems language. But I sure wouldn't wanna write anything in Rust. Are you guys Rust users? <Laugh>? No, I don't. It's a lot of boiler plate. It's like Java to me. It's too much typing.
Jonathan Bennett (00:57:28):
It is definitely on my list of languages to take a look at and learn. You've seen the thing that I've seen is a whole bunch of projects getting re-implemented in Rust. Great.
Leo Laporte (00:57:38):
Jonathan Bennett (00:57:38):
We command line, we do the command line tip over on the Untitled Linux show and it hardly goes be a week that we don't mention a command line tip and somebody goes, oh, here's the rust version of it. Yeah.
Leo Laporte (00:57:47):
Goodness. And I would always rather use the rust version. Absolutely. But as a programmer, I'd much rather write, I would much rather write in Lisp. So that's, I'm just a little plug for common lier. You know, you can use a variant like a closure. That's fantastic. Has, if you're crazy. <Laugh> a lot of people like scheme, I think racket's a very good choice. These are, these are languages that have stood the test of time. <Laugh> common list hasn't changed since 1984. <Laugh>. Is
Doc Searls (00:58:16):
That a feature? Everybody loves it. That's
Leo Laporte (00:58:18):
A great feature.
Doc Searls (00:58:19):
There it is. Yeah. Are
Leo Laporte (00:58:21):
You kidding? Just ask a Python user Will, is it Python? Two or three? Are you, are you That's true. You know, or ask a Pearl user. What's Rku? Have you, have you moved to Rku yet? No, it hasn't changed. The common list standard has been a standard for 30 years. 30 plus years. And I like using a languages as old as I am. There you go. There you go. Thank you. Aunt's putting up a picture from a site I'd never heard of, but I It's good <laugh>. It's good. It's good. Learn lisp kids. Your your your your grandchildren will thank you when they're running your command line utility.
Doc Searls (00:58:58):
All oldest, the smart old people loves Lisp. <Laugh>. That's a pretty much story is, you know, one
Jonathan Bennett (00:59:05):
Of the, one of the coolest Rust projects that I'm excited about, I wanna plug this real quick before we go, is System 76 and their cosmic desktop. Yes. They are rewriting their own desktop environment in Rust Bravo. And they've made some big promises about what it's gonna do. Have
Leo Laporte (00:59:21):
Docr. Is it there? Have you used it? Can you use it?
Jonathan Bennett (00:59:24):
It's not usable yet. They're still working on it. They're, they're kind of in they're in cathedral mode if you wanna talk Cathedral and
Leo Laporte (00:59:31):
Bazaar. They're not yet Bizarre
Jonathan Bennett (00:59:31):
Cathedral mode where they're working on it. Oh yeah. And they're not, they haven't pushed it out yet. Yeah. But I'm excited cuz they're, there's some big promises coming and System 76 is a track record of actually delivering on their promises.
Leo Laporte (00:59:42):
I own many of their desktops. I think Papos is a very, very good version of Linux.
Doc Searls (00:59:47):
Maybe that should be closed monastic mode. They're still in the monastery.
Leo Laporte (00:59:51):
<Laugh>, yeah. Monastery, then Cathedral, then Bazaar. Yeah. And then the Crossroads selling tanks. Yeah.
Doc Searls (00:59:58):
<Laugh>. You can, it's in the liturgy. You can go there and hear them singing. <Laugh>. Okay. Well this has been, we're we're actually gone long, but that's okay. You
Leo Laporte (01:00:07):
Have any more ads you want me to do?
Doc Searls (01:00:09):
<Laugh>? I know you already did the last one, which is the which is the survey. Okay. Okay.
Leo Laporte (01:00:14):
So I'm, we're set. We're
Doc Searls (01:00:15):
Good. I just want you to come on the show every week and do this because it's so,
Jonathan Bennett (01:00:20):
Doc Searls (01:00:21):
It's so freaking.
Leo Laporte (01:00:22):
Well this is something I don't have to do if you all join Club to it right now.
Doc Searls (01:00:26):
<Laugh>. <laugh>. Right. Okay. So next week we have Devin Berry and Walter Bender of Sugar Labs and Music Blocks. Our, our guest host is gonna be Dan Lynch. I
Leo Laporte (01:00:40):
Love the music stuff you guys have been doing. That's so great.
Doc Searls (01:00:42):
Yeah. And he always has a guitar instruments behind him, so. Nice. Nice. And he's a Liverpool, so it, it all kind of plays out.
Leo Laporte (01:00:49):
Maybe he'll play his latest record
Doc Searls (01:00:52):
<Laugh>. He might Oh, a little number. I've written Find out maybe he'll, he'll noodle on it a little bit before we, but
Leo Laporte (01:00:58):
I want to thank you Doc, for taking over this show. And you and Jonathan and Catherine and Sean have done such a great job. This show is, is better and better all the time. You get the best people on. And I really hope that the open source world acknowledges and understands what a valuable resource this is. And you have my commitment. Well thank you that we will keep doing this because it's so important. You know, this is Labor of Love. And Jonathan, the Untitled Lennox Show, which is a club twit only, thank you for doing that. People have told us for years you gotta do a Lennox show. I'm so glad you do that. It's, it, it's really important. You and Rob and everybody and thank you. And I'm sorry I, I kind of stopped doing it, but I was trying to get Saturdays off. I finally succeeded. <Laugh>,
Doc Searls (01:01:40):
You deserve it. <Laugh>, you deserve.
Leo Laporte (01:01:42):
I just want to go to brunch Please.
Doc Searls (01:01:44):
Leo Laporte (01:01:46):
19 brunch list years. So, but thank you for the job. All of you do really fantastic. And to, and to get these some great people on is is to me, is the gold of what podcasting can do.
Doc Searls (01:02:00):
Yeah. Right. Thanks for having me. Okay, so <laugh>, we're, we're, we're plugging the heck out of this show. So Jonathan, we already had the Untitled Lennox show, but go ahead and plug it again. Maybe you've got something coming up or, and Hacka Day do your thing.
Jonathan Bennett (01:02:15):
Sure. So the, the two things I like to plug are the Untitled Lennox Show, which we are adding video to that, which is kind of the big deal we've been working on this last couple of
Leo Laporte (01:02:22):
Weeks. And, and you're gonna, you'll do it on Saturday afternoons. You're gonna still do the same time cuz a GIPHYs is gone now. So you could change times if you wanted to.
Jonathan Bennett (01:02:31):
That is good to know. We'll keep it the same for now, but good to know. We have a little flexibility with that. We may go, I don't know I do it right after supper, so I can't really go much earlier unless we go way earlier
Leo Laporte (01:02:42):
And I'll do it right after brunch. I'll have to stop by <laugh>.
Jonathan Bennett (01:02:45):
Yeah, we would love to have you. I
Leo Laporte (01:02:47):
Might be a little woozy on Mimosa, but it's okay. <Laugh>.
Jonathan Bennett (01:02:50):
That's, that's fun. Leo. Sounds like a good, I like to plug plug hacke.com where
Doc Searls (01:02:56):
Jonathan Bennett (01:02:57):
Security column over there on, on every Friday morning. Those are my two things.
Katherine Druckman (01:03:01):
Oh, so good. So good. I would like to plug your Hacka Day column too. It's
Leo Laporte (01:03:05):
Great. <Laugh> Hacka Day's a great site. Really, really fantastic.
Doc Searls (01:03:08):
Yeah. Jonathan Rocks <laugh>. So Catherine, do you wanna just plug our little thing or
Katherine Druckman (01:03:14):
Have anything really to plug? Oh yeah, we, we do that other thing. Doc and I have another podcast we email@example.com. I also oh, hey, it's on the screen. You can find firstname.lastname@example.org. I don't know, did I mention I work for Intel in our open, open ecosystem group. I have some stuff coming up. You might see maybe a podcast series there coming up too. All podcasts all the time. But yeah, visit me anywhere on the internet master on in particular. Yeah, you can find me
Leo Laporte (01:03:42):
There. We didn't talk about risk five, but I am, I'm very excited. I think this might be the year of risk five.
Doc Searls (01:03:48):
We've had a couple of shows. Let me know.
Leo Laporte (01:03:49):
Yes, five good stuff.
Doc Searls (01:03:50):
I know. We should probably bring them back ideally
Jonathan Bennett (01:03:52):
Here in another, another month or two. I'm getting a risk five development board in, that'll be my first time to touch it. So looking forward
Leo Laporte (01:03:58):
To that. That's exciting. <Laugh>.
Doc Searls (01:04:00):
Yeah. Fun. Okay, everybody, this has been awesome. This has been a fabulous show. An awful lot of fun. And and to me do it on almost no sleep.
Leo Laporte (01:04:09):
Best, best ads ever, you know? Yeah.
Doc Searls (01:04:11):
Best ads. Best ads I best ads I've never done. It's just,
Katherine Druckman (01:04:17):
I'm sold. I'm seriously, I'm
Doc Searls (01:04:19):
Gonna go off.
Katherine Druckman (01:04:19):
I'll tell you, sign up for Ka Kolide.
Leo Laporte (01:04:21):
Kall should do it all. I
Doc Searls (01:04:23):
Feel like, I feel like we, we have front row seats to, to, to just hear the Master at work.
Leo Laporte (01:04:28):
It's a lousy thing to be a master am I gotta tell you, I,
Doc Searls (01:04:32):
Leo Laporte (01:04:32):
If I could pick anything in the world, I'd rather be a great uni cyclist, but, okay. All right. Master Van Reads sounds great. That'll be on my tombstone
Doc Searls (01:04:42):
<Laugh>. He, he can sell it. There are worse things
Leo Laporte (01:04:46):
On the Ed McMahon of podcasting.
Doc Searls (01:04:48):
Oh boy. Oh boy. <Laugh>. So more than that, like the Johnny Carson, the Johnny did. Only, only Ed did the ads. Only
Leo Laporte (01:04:56):
Ed did the Alpo ads and yeah. Yeah.
Doc Searls (01:04:59):
Johnny just sat there and smoked <laugh>.
Leo Laporte (01:05:02):
Doc Searls (01:05:04):
Exactly. And has the death to approve it. Anyway, alright everybody, it's been great having you this. See you in a week. Give the plug for that already. We'll be back next time.
Rod Pyle (01:05:16):
Hey, I'm Rod Pile. Editor of Ad Astra magazine. And each week I joined with my co-host to bring you This Week in Space, the latest and greatest news from the Final Frontier. We talk to NASA chiefs, space scientists, engineers, educators and artists. And sometimes we just shoot the breeze over what's hot and what's not in space. Books and tv. And we do it all for you, our fellow true believers. So whether you're an armchair adventurer or waiting for your turn to grab a slot in Elon's Mars Rocket, join us on this weekend space and be part of the greatest adventure of all time.