This Week in Tech Episode 1068 Transcript

Please be advised that this transcript is AI-generated and may not be word-for-word. Time codes refer to the approximate times in the ad-supported version of the show.

Leo Laporte [00:00:00]:
It's time for TWiT this Week in Tech. Alex Stamos joins Patrick Beja and Doc Rock. We'll talk about betting on the amount of snowfall that hit New York, Microsoft giving up the keys to BitLocker to the feds, and why I deleted TikTok as soon as I saw the new terms of service. This Week in Tech is next. Podcasts you love from people you trust. This is twit. This is TWiT. This Week in Tech.

Leo Laporte [00:00:37]:
Episode 1068, recorded Sunday, January 25th, 2026. Toto's Electrostatic Chuck. It's time for Twit this Week at Tech, the show. We cover the week's tech news. Hello, everybody. I hope you're staying warm and you're safe and your power's on and you're not listening to this on a battery. If you are, turn it off and save it for when the power comes back. Oh, maybe you don't want to, because we got a great show lined up for you.

Leo Laporte [00:01:07]:
Patrick Beja joins us from Paris, the host of the Phileas Club, and a bunch of stuff in French. Hi, Patrick.

Patrick Beja [00:01:14]:
Hey, Leo. How's it going?

Leo Laporte [00:01:17]:
NotPatrick.com if you want to see them all. It's great to see you.

Patrick Beja [00:01:22]:
Nice to see you, too. You know, we almost. I'm not sure we would have been allowed to talk if. I know, if things had gone differently in the last month.

Leo Laporte [00:01:32]:
My NATO buddy. Yeah, we're still NATO friends.

Patrick Beja [00:01:36]:
We're still able to converse so far.

Leo Laporte [00:01:42]:
We'll talk about that in a little bit because I didn't realize this, but there was real fear in the EU of a Danish invasion, which would have been essentially a war between NATO powers. And I didn't realize how scary that was to people in Europe. But we'll talk about that.

Patrick Beja [00:01:58]:
Yeah, yeah, we can talk about it.

Leo Laporte [00:01:59]:
Yeah, we'll talk about that. I want to introduce the rest of the panel so they can get in on this. Doc Rock is here. He's in Hawaii. We have not yet declared war in Hawaii, but it is one of the islands we own. We kind of took it by force a little while ago, but yeah. Hey, Doc.

Doc Rock [00:02:17]:
How you been?

Leo Laporte [00:02:18]:
Great to see you. I've been.

Doc Rock [00:02:19]:
I feel like I saw you last Tuesday.

Leo Laporte [00:02:21]:
You did, actually. I hope we're not using up our credits with Doc.

Doc Rock [00:02:26]:
Oh, God, no. I love. I love to hang out here.

Leo Laporte [00:02:28]:
Good. Doc Rock is, Of course, on YouTube, Director of Strategic Partnerships at ECAMM, and we always are. Glad to welcome Alan Alex Stamos to the microphones. Alex is chief product officer at corridor.dev, which is a AI security startup. It's great to see you, Alex.

Alex Stamos [00:02:47]:
Hey, Leo, thanks for having me, man.

Leo Laporte [00:02:48]:
I know when I say your name, people go, wait a minute, Alex Stamos. Because, boy, these, you know, you were at Meta, you were at Zoom, brought you in as a consultant when they had that little kerfuffle during the COVID pandemic over end to end encryption. You helped them get that all back together. Then you were at Stanford at the Internet Observatory. We're director of the Internet Observatory, which is all about watching disinformation. But apparently disinformation is all the rage now, so that there's not much future in that anymore.

Alex Stamos [00:03:21]:
It's just called information now.

Leo Laporte [00:03:22]:
It's just information.

Alex Stamos [00:03:23]:
Right, exactly. That's just.

Leo Laporte [00:03:25]:
Oh, Lord, oh, Lord, oh, Lord. Now get me started. And so anyway, it's wonderful to have you, Alex, and I hope you well, I'm glad that you guys are in areas that it's not snowing. Many of our listeners, of course, are in the swath of this terrible freeze. I thought it was kind of interesting, and this is the one tech story, at least so far, having to do with this, that the prediction markets are now huge about any news story, it's all about what you can bet. At Kalshi and Polymarket, you can bet how much snow hit. Well, I probably can't anymore. I think it's over.

Leo Laporte [00:04:08]:
You can bet how much snow will fall in New York City this weekend. But basically now traders on Kalshee bet $900,000 as of yesterday afternoon on weather, 12 inches of snow would fall in New York. On Poly Market, $210,000 on how much snow, the winning category so far, 8 to 10 inches. So if you bet more than 12, you lost your bet. But this is what is going on now. Billions, it seems certainly hundreds of millions are trading hands on these new markets. Betting.

Patrick Beja [00:04:48]:
It's almost like gambling is addictive.

Leo Laporte [00:04:51]:
Almost.

Patrick Beja [00:04:53]:
It sounds that way. I mean, I understand, I understand that it's very difficult to regulate gambling when you have the Internet. I guess that's why sports betting is being allowed now, because you can always go outside of the region where it's illegal and bet there. But it is. Or maybe you don't have to allow it. I don't know. Maybe it's a choice. But I still think it's concerning because it's gambling.

Patrick Beja [00:05:21]:
Right? It's just gambling applied to everything.

Leo Laporte [00:05:26]:
I think what happened, at least in the United States with our American football, the NFL is. It now dominates. In fact, I would say it's all sports. It dominates the coverage. You can't talk about a game without saying the over under, who's the favorite, what the odds are. And you see it in tickers going across the bottom.

Alex Stamos [00:05:47]:
You.

Leo Laporte [00:05:48]:
And there's some concern that that's going to happen to news in America. That you will see the over unders on whether, you know, we're going to invade Greenland and that suddenly it's going to become all about betting on the news instead of the actual impact of the news. You guys, I know Alex and Doc follow sports closely. Do you think this, all of this, you know, DraftKings sport bet has. I think it's tarnished the reputation of major league sports. Yeah.

Doc Rock [00:06:21]:
In a way. You know, it's funny. Sorry. Nowadays, here's what's really, really sad. I was watching AFCON the other day and there was a controversial call. And so there's going to be a penalty kick. And the player who's penalty kick, well, he's like half Moroccan and he. He missed the penalty kick that Leo could make.

Doc Rock [00:06:43]:
And.

Leo Laporte [00:06:44]:
And then the suspicion.

Doc Rock [00:06:46]:
Thank you. The first thought wasn't, oh my God, the pressure or it was a good idea, but kind of dumb place to do this idea because it does work. When it works. Everybody goes, I can't believe they had the balls to do it. It's called the Plinka. It's basically you send it lightly down the center like your sister kicked it. And goalies missed those because they dived left or right?

Leo Laporte [00:07:04]:
Right.

Doc Rock [00:07:04]:
Goalies take a chance, die left, die right.

Leo Laporte [00:07:05]:
So. So he was doing something reasonable.

Doc Rock [00:07:08]:
He was doing something very reasonable. But the first thought that went in my head, and I'm not a conspiracy theorist type person, was, did he do that on purpose? And you know, him being like only half Moroccan, like, you know, is that is like really is this. Is he. Is he on a sports bet? And I can't believe I went there, but as a Raiders fan and knowing Tom Brady's cheating. But yeah, that's the thought that came to my mind. It really is.

Leo Laporte [00:07:30]:
Alex, you're a Kings fan. I know. Does it?

Alex Stamos [00:07:33]:
And then Kings fan and the Cal fan. Cal beat Stanford last night.

Leo Laporte [00:07:37]:
Oh, really?

Alex Stamos [00:07:38]:
They had basketball.

Leo Laporte [00:07:40]:
The axe goes to Berkeley.

Alex Stamos [00:07:42]:
Well, right. So the ax doesn't go with basketball.

Leo Laporte [00:07:43]:
This was football.

Alex Stamos [00:07:44]:
Unfortunately, football is at Stanford. Look.

Doc Rock [00:07:48]:
So a little hatchet.

Alex Stamos [00:07:50]:
There's the famous quote which I think is attributed to Heinlein. I don't know if that's Accurate or not, that every generation thinks it invented sex. And so now every generation thinks they invented gambling. And this is just Gen Z Sportsbook.

Leo Laporte [00:08:06]:
Has always been around, but it was always secretive, it was a bookie.

Alex Stamos [00:08:10]:
Right. Well, so I think there's a couple differences here, right? You know, we've always had gambling, we've always had gambling addiction and we've always had gambling scandals. Right. Everybody here, or at least you and me, are old enough to remember Pete Rose, right?

Leo Laporte [00:08:20]:
Oh, yeah.

Alex Stamos [00:08:21]:
Other, you know, other scandals that happened. I think the couple things are different here. One obviously is with the Internet, you don't have to know a bookie in town or you don't have to go to Vegas. Right? So the fact that young men are doing this on their phones all the time and are getting very aggressively addicted can be a problem. The second is the amount of prop bets that happen, Right. If you're gambling on the outcome of a game in a major sporting league, then there's all kinds of countervailing motivations. We have, even in those cases had people cheating, we've had refs cheating, we've had players trying to shave points and such. But at least you've got a bunch of different.

Alex Stamos [00:09:06]:
In a basketball game, you've got five guys on either side, you've got the refs, you have a lot of actors. So it's not easy for one individual person to swing the game. But now with all these prop bets, you've got how much is this person scoring, you've got how many fouls and you've got these crazy things outside of sports, is this person going to say this thing in a call for the quarterly results, you've got, how long does the press secretary's briefing go? Right? And so you saw that Trump's press secretary call her briefing within seconds of a bunch of people making money. And so when you're talking about the actions of one individual for which there's no actual financial benefit for them one way or another, it is so incredibly gameable that I am shocked, I'm absolutely shocked that these platforms are allowing it to be bet on. Because the ability for those people to self deal or for their friends to self deal is humongous. And the fact that apparently we live in a time for which nothing matters and there's no kind of regulation, but this would normally be called wire fraud for a group of people to work together to then use inside information for hundreds of thousands or millions of dollars to be ripped off. We just had a scandal in the NBA where people actually got Arrested because there are laws around betting, around sports at least. But for all these other prop bets, there seems to be absolutely no regulation at all.

Leo Laporte [00:10:33]:
So to give you some numbers, according to the Financial Times, in early 2024, bets placed on Polymarket and Kalshi were $100 million a month in November of last year, $13 billion in one month. They're betting on everything, as you mentioned. They bet on whether Nicolas Maduro would be captured.

Alex Stamos [00:11:00]:
Right. Somebody made a last second bet and made a ton of money.

Leo Laporte [00:11:02]:
Yeah.

Alex Stamos [00:11:03]:
You know, so you think about how many people in the military knew.

Leo Laporte [00:11:05]:
So somebody knew. Right. Somebody was sitting there and thinking, well, let me just. And so there's risks. There's all kinds of risks. There's risks in the military, there's risks of getting ripped off. Kalshi is worth $11 billion. They raised a billion from Paradigm, Sequoia, Andreessen Horowitz, Capital G, big VC firms in the United States.

Leo Laporte [00:11:28]:
The owner of the New York Stock Exchange said it was going to invest $2 billion in poly market. They're valued now at 8 billion compared to Kalshee's 11 billion. What's interesting is they're calling these financial contracts in order to skirt around gambling laws in many states.

Alex Stamos [00:11:47]:
Yeah.

Doc Rock [00:11:48]:
Yep. But this is gambling anything, Debbie.

Alex Stamos [00:11:54]:
That'S.

Patrick Beja [00:11:55]:
The most surprising like thing to me.

Doc Rock [00:11:58]:
It is.

Patrick Beja [00:11:59]:
Gambling is illegal unless it isn't in specific places. Right. And these kinds of bets would have been considered gambling and would have been illegal until those, you know, first the sports betting apps and now these kind of became allowed. I guess I haven't been following the legislative process on that.

Leo Laporte [00:12:22]:
You know, it's interesting, in the United States, the stakeholders in this are Las Vegas, in Atlantic City, the casinos don't want online gambling. They've put a lot of money into California. There was a California initiative, a referendum last year to make it legal. They put a lot of money into that to try to keep it from becoming legal because they want the punters to come to Vegas to make their bets. The government doesn't seem to really care that much. The government, like the Commodities, Commodities Future Trading Commission, which is the regulator that believe it or not, is responsible for these. Polymarket and Kalshi don't really care that much. It's the casinos that care.

Patrick Beja [00:13:10]:
Have we suddenly decided that gambling is not. Because the reason it can, you know, there are specific places, casinos is that it's not allowed in other places. Right. We're, we're, we're in agreement just to.

Leo Laporte [00:13:26]:
Put up a little speed is illegal Unless.

Patrick Beja [00:13:28]:
So how come no one is mentioning that this is gambling and maybe we shouldn't be like all of a sudden it's everywhere.

Alex Stamos [00:13:36]:
People are. So there's, there's multiple lawsuits happening and effectively there's a bunch of fights happening under state law. There's a bunch of lawsuits. There's a lawsuit from a Nevada. So Nevada, Nevada's gaming commission has sued. There's been in Indian tribes with. Have.

Leo Laporte [00:13:54]:
Yeah, that's the other stakeholder is Indian casinos. Yeah.

Alex Stamos [00:13:57]:
So what's happened is effectively with the switch over, the Trump administration has stopped, you know, I.

Patrick Beja [00:14:05]:
Prosecuting.

Alex Stamos [00:14:06]:
Yeah, stopped prosecuting. Right. So like the federal regulators have stepped back and US Attorneys have stepped back. That's not going to last forever.

Leo Laporte [00:14:12]:
Right.

Alex Stamos [00:14:12]:
Like in three years there'll be a new administration. It will most likely be a party. And I think you're an optimist, aren't you, Alex? I am. So I'm not going to be a doomer. There's all these like blue sky doomers who are like, we're never going to have another election or whatever. That's not right. Like, it is coming. There is going to be a massive change here in the United States.

Alex Stamos [00:14:30]:
I think it will be significant. There will be. And I think the, the tech people who are aligning themselves with the current administration so hard are they're going to hurt themselves and honestly, they're going to hurt tech overall. I think like when I talk to people here in Silicon Valley, Alex, they're.

Leo Laporte [00:14:44]:
Going to make the same U turn they made two years ago.

Doc Rock [00:14:47]:
It's like they turn so bad, the bits will fly.

Leo Laporte [00:14:49]:
We're going to get woke again.

Alex Stamos [00:14:51]:
Yeah, but this is, I think this is the, I think it's be very hard this time. I mean this is my fear is that. And for folks like this, I think it's great for them to be smushed. Right. And like, I don't mind like, you know, for things to like snap back on things like cryptocurrencies and stuff. Right. What I am afraid is for tech overall is that the relatively small number of outspoken venture capitalists and other douchebags who have backed this current administration are going to poison the well on American debt competitiveness for a decade by basically turning a huge chunk of the American populace against, like, because a handful of people who stood in that line at the inauguration are going to make people think that that's all tech people when like the median tech, even executive who lives in San Mateo or Santa Clara county is effectively like a west wing liberal. Right.

Alex Stamos [00:15:51]:
And. But that's not who you hear from.

Patrick Beja [00:15:53]:
And that's not who you see. I can tell you that looking at it from here. We are not seeing that.

Leo Laporte [00:15:58]:
Right.

Alex Stamos [00:15:58]:
That's not what you see. That's not what you see because you see from, like, the handful of really loud people.

Doc Rock [00:16:02]:
Yeah, yeah, exactly.

Leo Laporte [00:16:04]:
It's not just really loud people. It's Tim Apple, it's Sundar Pichai, it's CEOs who rightly or wrongly think we've got to play ball with the current administration or sad, but we're going to have to put out.

Doc Rock [00:16:16]:
They kind of have no choice. And that's the part that sucks, because I know. I know for a fact that he's probably technically not even in that camp, but, oh, I mean, too many. He has personal things that are completely against the administration, but he got to make the company afloat to take it to stockholders. The thing that's upsetting me about the gambling thing right now is they are preying on the people who feel that the financial situation is never going to get better. And whenever the financial situation doesn't get better, people try to take gambles. Now these gambles are talking about they got dumb stuff like who's going to win the next presidential election. Yo, we haven't even picked candidates yet.

Doc Rock [00:16:52]:
But they got like, you know, J.D. vance versus Gavin Newsom.

Leo Laporte [00:16:54]:
You want a dumb one? Betting that Taylor Swift will be pregnant by March is one of the big problems.

Doc Rock [00:16:59]:
Yes, saw that one. So I want to. I wanted to say, Kelsey. Oh, my God, Kelsey, they. They heavily advertise on ig. So if you're an ig, you see this stuff, and I'm like, yo, these bets are super stupid. But the thing is, and. And coming from being basically been, you know, east coast in the hood at the time when the money gets bad, people start doing, quote, unquote, illegal things to try to get the money.

Doc Rock [00:17:25]:
Then the Reagan administration decided to lock all of us up for it, right? While, you know, Tom Cruise gets caught with a little small bag of the, you know, booger sugar and he goes to rehab, take that same book of sugar and turn it into crack, which is one tenth the amount, and put it in the hands of somebody on my side of the fence and it's 20 years automatically.

Leo Laporte [00:17:46]:
Yeah, that's right.

Doc Rock [00:17:47]:
And so they're preying on people being down in their money right now. And this is no different than what the crack situation was back in the day. It just doesn't seem as painful. But trust you me, it's painful. There are kids right now, they're wasting their college fund. There are parents right now that are taking wild swings and they're losing. And. Yeah, it's not only is it addictive, it's highly destructive.

Doc Rock [00:18:11]:
And then, you know what you do to recover your money after this? Call the local person in your neighborhood that knows how to get money the way my neighborhood got money. And then you get worse in that.

Leo Laporte [00:18:22]:
Yep. And the vig kills you 100%.

Doc Rock [00:18:26]:
This is, this is really bad.

Alex Stamos [00:18:28]:
Yeah, it's gonna, it's gonna ruin lives. And, and the, the pushback.

Leo Laporte [00:18:33]:
I thought this was gonna be a nice, upbeat way to start the show.

Alex Stamos [00:18:36]:
Leon, I don't think you have the right guests for, like, the super upbeat show.

Leo Laporte [00:18:40]:
I gotta start with something, because the.

Patrick Beja [00:18:42]:
Rest is not even about the guests. This is literally gambling. Like, there's no discussion. The only reason this isn't a bigger deal is that there are other big, much bigger deals. You know, in the secret.

Leo Laporte [00:18:55]:
It's, it's, it's crap all the way down. And it's very clear that a lot of this is that Putin style flood the zone where if you, if you spew a huge amount of crap, people, you know, we can only take so much. At some point, people just go, I give up. And they turn out. And that's, of course, that's the best possible thing that could happen.

Doc Rock [00:19:19]:
I hear so many of my friends with the I give up language, and I'm like, no, please don't go there yet. Like, I don't even like your take on it, but please don't give up.

Patrick Beja [00:19:27]:
Honestly, I think it's fine to give up. I think it's fine to give up because you're going to ruin your mental health.

Leo Laporte [00:19:33]:
Well, that's why you want to give up. It's driving me. I can't sleep.

Patrick Beja [00:19:37]:
You want to give up.

Leo Laporte [00:19:38]:
I can't sleep.

Patrick Beja [00:19:39]:
As long, you know, just bought three.

Doc Rock [00:19:41]:
Bottles of Japanese whiskey back from Japan. I'll see you.

Patrick Beja [00:19:45]:
That helps. But, like, give up on the constant barrage. Just watch the news from a channel. You know, France 24 has an English channel. Just watch the news once a day from French 24. Read a reputable newspaper and then vote when it's time to vote. That's the important thing. Like, you're not going to, you know, you're not going to change things or understand things better by watching the constant barrage of news of either the news, you know, 24 hours news networks, or the tiktoks and shorts or whatever that will Serve you the most outraging in Raging up and Randy.

Leo Laporte [00:20:34]:
We have an elderly parent who doesn't consume mainstream news, but subscribes to 300 newsletters and gets much of their news from a Brazilian, kind of nutty Brazilian newsletter. And the problem is, it's so easy now, thanks to AI and thanks to the Internet, to create a huge amount of disinformation. And I think, I don't blame this relative because he's grown up, he's an older fella, he's his whole life that, well, you trust what you read. Right. These are, you know, we trusted the New York Times and NBC and cbs. And when Uncle Walter said something alter Cronkite, we took that as gospel. And so you have that in your head. Well, this is.

Leo Laporte [00:21:25]:
I'm reading it. It must be true. So I don't blame them for this. Let me ask you, Alex, because you are an expert on security, and I'm very relieved that you think the elections, that elections, fair elections can't happen. One of the strengths, a weird strength of the United States, is that our elections are run by the states. So there's 50 different local governments that run the elections. Very hard to steal a national election.

Alex Stamos [00:21:52]:
Right. There's over 10,000 actually, election authorities in the U.S. right.

Leo Laporte [00:21:56]:
Because. Yeah. Not just the states, the counties. Right. It's local.

Patrick Beja [00:21:59]:
Yeah. Don't you just need to steal, like, four countries, though, to swing it?

Leo Laporte [00:22:04]:
So tell me, Alex, reassure us that it's. It would be very difficult to steal an election.

Alex Stamos [00:22:12]:
It's extremely difficult to steal an election.

Leo Laporte [00:22:13]:
Thank you.

Alex Stamos [00:22:14]:
Why the election was not stolen in 2020 and why it was not stolen in 2024.

Leo Laporte [00:22:18]:
There is a feeling that it might have been. I mean, Trump did say, well, we got the swing states handled. Elon's going to handle that.

Alex Stamos [00:22:25]:
Yeah.

Leo Laporte [00:22:27]:
That scared me a little bit.

Alex Stamos [00:22:29]:
This is what drives you nuts. There's. There's a whole set of, like, Democratic influencers who like to, you know, push this idea that Trump stole it. That is not possible. Donald Trump did not steal it either. Right. Like, it is. It is extremely hard in the modern era.

Alex Stamos [00:22:46]:
It would be. It is effectively impossible to. To steal a US Election. What is possible. It would be possible to cause chaos. Right. And it certainly would be possible for the President, United States, to cause chaos and to create a situation where you can certainly create a situation where the election is unfair. Right.

Leo Laporte [00:23:06]:
Where people, or maybe more to the point, believed to be unfair. Right. That's the real issue is what people believe.

Alex Stamos [00:23:13]:
Right. But actually changing the votes Would be extremely hard just laid out. Right. So in the United States we now have moved as of now. So this wasn't totally true in 2020. Although one of the saving graces is by 2020, none of the swing states were using direct recorded entry electronic voting. Right. So nobody, none of the swing states was it that pushed a button on electronic voting machine.

Alex Stamos [00:23:37]:
Did that machine store your vote? There were people who touched a touchscreen. But then what it did was recorded it. That was a ballot marking device.

Leo Laporte [00:23:45]:
You want something that's a paper trail that can be audited after the fact. Right.

Alex Stamos [00:23:49]:
So now we have for the vast majority of people vote on hand marked paper ballots with the option of people can touch a machine if they. This is mostly for people for either who need a language that is not supported in the place where they're voting or they have a special accessibility need such they're blind or something like that.

Patrick Beja [00:24:07]:
That.

Alex Stamos [00:24:07]:
But then those are ballot marking devices. It will then print a paper ballot. Those ballots are then counted usually by machines. But then we have what are called risk limiting audits in every all 50 states. So this is what it gets hard. It is hard to explain this things like statistics to normal folks.

Leo Laporte [00:24:26]:
But this is the expertise of your former colleague Chris Krebs. Right. This is why Chris in 2020 said this was one of the fairest elections.

Alex Stamos [00:24:35]:
He said it was the most secure election that had ever been held, which is true because by 2020 CISA had been created the Cybersecurity and Infrastructure Security Agency, which was the consolidation of a bunch of different security groups in DHS into one agency. Now, CISA can't actually do security for all the different parts of the election, but what they did do was support all of the different counties and states. And in doing so they did penetration tests, they did code reviews of the code, they did work with the people who build all this stuff. And then they ran a center that pulled in information from the NSA and FBI, shared threat information back out to the states and counties. And then if anything bad happened, helped do very rapid investigations.

Leo Laporte [00:25:20]:
Is that all still in place?

Alex Stamos [00:25:22]:
No, that's all been torn down. All of that capability has been destroyed. The people have been fired from cisa.

Leo Laporte [00:25:30]:
There's been an active attempt to undermine that security.

Alex Stamos [00:25:34]:
Yes, pretty much anybody who did that work has been effectively called like a traitor or has been said that they.

Leo Laporte [00:25:41]:
Chris.

Alex Stamos [00:25:41]:
Chris like Chris. So unfortunately, President Trump signed an executive order that explicitly called out Chris and said that Chris's clearance need to be revoked. His clearance was revoked. They took away his TSA PreCheck in his global entry, which is kind of nutty. I mean, it's like kind of talk about some. That's petty, petty fascism. But then what is not petty is then ordered for him to be investigated, which is basically a bill of attainder, which is something that is so unconstitutional, it's mentioned in our Constitution as not being allowed twice. So, anyway, anyway, Chris and a number of other people worked very hard in 2020, and not him, but other people worked in 2024 to keep the election secure.

Alex Stamos [00:26:28]:
A bunch of those people have been fired. But still, there are people in the states and localities who have that muscle memory who will be doing this in 2026 and 2028. It's just basically impossible to straight up steal an election. I think the fear, though, is if you have kind of armed men in the street, if you have riots, if you have tear gas, then people won't go out.

Leo Laporte [00:26:49]:
They won't vote.

Alex Stamos [00:26:50]:
Right. So that's different. That's different than, like, you know, stuffing ballot boxes. It's different than changing the vote totals, which, again, is effectively impossible at scale. But what you could do is try to suppress voting.

Leo Laporte [00:27:04]:
Part of the problem also is that our elections are very close, and they have been for decades. And the closer the election, the smaller the amount of leverage you need to exert to. To change an election.

Alex Stamos [00:27:16]:
Yeah, and the other. Other issue that everybody's always afraid of is the, as everybody here knows is, you know, actually the Americans voting for our president directly, it was not how we did it.

Patrick Beja [00:27:29]:
Right.

Alex Stamos [00:27:29]:
Like, George Washington was not elected by the American people. He was elected by the. The first Continental Congress. And, you know, that then persisted in the creation of the Constitution in 1792 and such, and that, you know, Congress came together and put the Electoral College and such. And so the direct election of the Electoral College was something that was kind of added on later. And so we have these weird systems for, like, hey, if the states can't figure out who their electors are, what do we do? And this ended up in. I think it was 1873, in this really bizarre. It's only happened once in our history, but this really bizarre outcome where then the House of Representatives effectively had to decide who the president was going to be.

Alex Stamos [00:28:15]:
And that's what ended Reconstruction after the Civil War and ended up being really bad for our country in a number of ways. And so I think that's one of the real fears, is if you cause enough chaos, if you cause lawsuits in every single state that you're able to throw it to the House of Representatives, which then does not vote based upon the population it votes. Each state votes as a block. And it's just a bizarre part of our constitution that should not be written the way it is. And it's only worked that way once. And that would be a extremely undemocratic an outcome that would not be accepted, I think, by a huge number of the American people.

Leo Laporte [00:28:55]:
Well, I'm just.

Patrick Beja [00:28:56]:
I kind of wish you had stopped at it's impossible to steal the election like 10 minutes ago. That's it.

Leo Laporte [00:29:03]:
That's it. It's gonna be fine. It's gonna be fine. What's interesting, of course, Patrick, is that the rest of the world cares very much what happens here. This impacts everybody. It's not just us.

Patrick Beja [00:29:18]:
Yeah, yeah, yeah, yeah, of course. I mean, we were talking just before the show. I was saying that when we were thinking that I think if we were to vote on what is it, Kelsey or polymarket? Like, is the American milit going to enter Greenland's not space, but territorial waters? It would probably be relatively low, but we can't act like it's impossible. So obviously we think about it, we talk about it.

Leo Laporte [00:29:53]:
One of the ways you keep that probability low is by being strong. I mean, this is the lesson learned.

Alex Stamos [00:29:59]:
In World War II. 26% right now will the US acquire part of Greenland. So if you want to. That's pretty low.

Patrick Beja [00:30:04]:
I mean, that's surprising.

Leo Laporte [00:30:06]:
It's. It.

Patrick Beja [00:30:07]:
It is not going to happen. It will be World War III before.

Alex Stamos [00:30:10]:
If you believe it, you put your money where your mouth is right now.

Leo Laporte [00:30:13]:
But then what would you spend it on?

Patrick Beja [00:30:15]:
Start getting. Yeah, yeah, I wouldn't have it. But so, you know, it's things like we start talking about the fact that you should have a rechargeable AM radio just in case. I mean, this.

Leo Laporte [00:30:26]:
Is this what people in France were doing? They were, they were. No, it's me.

Patrick Beja [00:30:30]:
It's me and my, my nerdy tech friends.

Leo Laporte [00:30:32]:
Oh, okay.

Patrick Beja [00:30:33]:
But we realize that we don't have copper cables for phone lines anymore. We don't have TVs with antennas to get the news. So if something happens, it's not just an open conflict with the United States. But if there's. Whatever something happens, if there's a bomb, if there's anything, you can't get communications with anyone. So you probably do need an AM radio to least get some information about what's happening. But more seriously and more tech related, I think what a lot of people have been thinking about is that we need at least failovers like backups on all the systems that we use that are provided by American companies like Microsoft, Google, Apple, everything. Even if you don't switch everything over to, let's say Proton or one of those, I think a lot of people, especially in infrastructure and critical infrastructure, they will switch over.

Patrick Beja [00:31:42]:
But a lot of companies might want to have a system ready to go up very quickly if things go bad. Because even if there isn't an armed conflict, if at some point something happens and the American, you know, the Trump administration decides American companies can't do business with France or some of them, or it's very unlikely, but if it happens, then you're in deep doo doo. So you need to be ready. And that's the kind of thing that we wouldn't even have considered a year ago. It would have been like pure fantasy. And now you remember what happened with the International Court of Justice and what was the name of the gentleman? He had his Outlook email revoked after the investigation and pronouncing was Microsoft's servers. Yeah, right. And so that was a shock in Europe.

Patrick Beja [00:32:44]:
It was like, okay, then it can happen and we can't be using American services for critical infrastructure. So I think relatively quietly, a lot of administrations have been slowly moving towards either open source or European based.

Leo Laporte [00:33:06]:
Services. Headline in Friday's Wall Street Journal. Europe prepares for a nightmare scenario. The US Blocking access to tech.

Patrick Beja [00:33:14]:
Yeah.

Leo Laporte [00:33:15]:
Trump's Greenland threats inject urgency into regions efforts to reduce its reliance on American technology.

Alex Stamos [00:33:22]:
If there's anybody who blocks it, it's actually most likely to be the European Commission. Right. Because we're actually in this weird legal place post the Schrems 2 decision by the European Court of Justice where they're supposed to be an agreement between the, the European Commission, the United States that was negotiated by the Biden administration. And then the Trump administration just kind of dropped it a little bit. And so there's a, the tech industry is. And this precipice where, you know, the Trump administration is supposed to be, you know, at the same time there's supposed to be fair dealings of saying, yes, we will respect the privacy of Europeans and we will help American companies do that by agreeing to a set of rules by which we will respect the privacy of European citizens. If it sits in American data centers, we're also threatening to invade Greenland. And so all you need is for the European Commission to effectively just not agree to this new privacy agreement between the United States and the ec and the European Court of Justice will just wipe out what are called standard contractual clauses.

Alex Stamos [00:34:37]:
And all of a sudden the European subsidiaries of Microsoft and Google and every other American company will no longer be able to do data transfers into the United States. That will have the effect of basically cutting off European companies from using the American cloud.

Leo Laporte [00:34:54]:
Let me take a break and then we'll talk TikTok. Because the deal went through and maybe didn't work out quite like everybody thought it might work out. We have a really perfect panel for this. I gotta tell you, it's so good to have Patrick Beja visiting us from the eu. And if he suddenly disappears, we'll know something horrible has happened. No, no, he's actually just getting better from the flu and it's late at night in Paris and we're going to try to keep this from being a four hour episode just for you, Patrick.

Patrick Beja [00:35:27]:
Yeah, right.

Leo Laporte [00:35:27]:
Yeah, right.

Alex Stamos [00:35:28]:
We've gone through two stories, so I.

Leo Laporte [00:35:31]:
Know we're not moving exactly at the pace I was hoping. That's Alex Stamos. Great to have you, Alex. These are important things though. I don't want to give them short shrift, so I really appreciate it. Alex's new job as chief product officer at corridor.dev. a firm that was much needed these days, helps AI developers create secure code. And I'm going to sign up for it and have it run on my GitHub repos and see where I went wrong.

Leo Laporte [00:36:00]:
Because I've been doing a lot of vibe coding lately. I've been loving it. I've been loving Claude code. I actually ended up doing the max subscription just so I could have more tokens and more credits. And it's really, I think we're entering into a world of hyper personalized software. It's very interesting to me. We'll talk about that a little bit. It Also with us, Mr.

Leo Laporte [00:36:20]:
Aloha himself, Doc Rock. Thank you, YouTube.com docrock he's on the opposite side of the world actually from Patrick. So as Patrick's entering the early morning hours, you're just entering the afternoon. Yep.

Doc Rock [00:36:34]:
One o' clock almost.

Leo Laporte [00:36:35]:
That's nice. That's nice. Great to have all three of you. Our show today brought to you by Threat Locker. Very excited. Steve Gibson and I are going to be heading to Orlando for Threat Locker. Zero Trust World. We've got a deal on tickets.

Leo Laporte [00:36:49]:
I'll tell you more about that in just a second. But let's let me first tell you why you want to know about Threat Locker. You know, ransomware is just devastating businesses worldwide. Threat Locker can stop it before it starts because it's zero trust. Zero Trust is remarkable. Recent analysis from Threat Locker shows how a single ransomware operation, qilin, surged from 45 incidents a couple of years ago to 800 incidents last year. It'll probably double again next year. This year.

Leo Laporte [00:37:22]:
That's why you need Threat Locker. Threat Locker, Zero trust platform takes a proactive and these are the three words, the key three words. Deny by default approach to block every unauthorized action. If you don't specifically say, yes, this can happen, it won't happen. That protects you from both known and unknown threats. ThreatLocker's innovative ring fencing constrains tools and remote management utilities so attackers cannot weaponize them for lateral movement or the mass encryption they need for ransomware. Threat Locker works in every industry. It works on PCs and Macs.

Leo Laporte [00:38:00]:
They've got US based support that's phenomenal. 24. 7 and this is kind of cool. It's just I think in a way a side effect of zero trust. Because you know nothing can happen unless you authorize it. It means you have comprehensive visibility and control. You have a record of everything that's happened. Right? Listen to some of the people using Threat Locker.

Leo Laporte [00:38:22]:
Emirates Flight Catering. This is a global leader in the food industry. 13,000 employees. They cannot afford to be down for one minute. Threat locker gave full control of apps and endpoints, improved Emirates Catering compliance and delivered seamless security with strong IT support. The CISO of Emirates FL Catering said this quote, the capabilities, the support and the best part of ThreatLocker is how easily it integrates with almost any solution. Other tools take time to integrate with Threat Locker. It's seamless.

Leo Laporte [00:38:54]:
That's one of the key reasons we use it. It's incredibly helpful to me as a ciso. Any enterprise that can't afford to be hit by ransomware, I guess that's everybody, but can't afford even to be down for a minute. Can benefit From Threat Locker. JetBlue uses Threat Locker. They have to fly right. Heathrow Airport, which has in the past had problems. They've turned to Threat Locker now to make sure that the airport operations are flawlessly, continuously available.

Leo Laporte [00:39:21]:
The Indianapolis Colts use Threat Locker. The point of Vancouver. I go on and on. Threat Locker consistently receives high honors, industry recognition for from G2 for high performer and best support for enterprise in the summer 2025 ratings peer spot ranked threat locker number one in application control. GetApps best functionality and features award in 2025. Find out more about ThreatLocker. Go to threatlocker.com TWIT get a free 30 day trial. Learn more about how ThreatLocker can help mitigate unknown threats and ensure compliance.

Leo Laporte [00:39:52]:
Threatlocker.com TWIT I am excited we're going to go to Zero Trust World, their annual conference. It's in Orlando this March and if you want to come out and see Steve and me, we're going to do a special presentation on the the first day of the event. We've got for a limited time a special offer code for you. ZTW Twit 26 at Zero Trust World. ZTW Twit this week in Tech 26 you'll save 200 off registration for Zero Trust World 2026. We'd love to see you. You'll get access to all sessions you get hands on hacking labs meals. There is an after party that's legendary.

Leo Laporte [00:40:29]:
The most interactive hands on cybersecurity learning event of the year. It's March 4th through the 6th in Orlando. Be sure to register with our code ZTWTWIT26 and we will see you in Orlando. And thank you Brett Locker for supporting the show. So this week it became official. China and US have signed off on the US spinoff. China still has 29.9% of the company. That's the maximum of foreign entity can have ownership of.

Leo Laporte [00:41:05]:
The rest is owned by Oracle, Silver Lake, Michael Dell, the United Arab Emirates. Their MGX is their state owned investment firm based on AI Susquehanna. I think that's the, that's Jeff Voss who's a big Trump donor. And I think one of the real reasons that the whole throw TikTok out of the United States didn't happen because Voss had a huge percentage of TikTok and I don't think he wanted to lose his money. Dragon Ear this meets the the final deadline. The extension which has been going on since the law requiring TikTok to be sold was passed and signed in the law in 2024. The Supreme Court affirmed it. No one knows how much was paid.

Leo Laporte [00:41:54]:
It's not clear but I did note that as soon as I sign into TikTok I got new end user agreement that I had to agree to. So I didn't and I deleted it. Some people say it's actually for one of the things that they asked for is more specific location information. Look, we were worried about the Chinese having that but right now they're being, they're even more granular. They're having minute to minute location information. That was the thing that stopped me. They also said TikTok could collect information including your sex Life, your sex orientation, your status as a transgender or non binary citizenship and immigration status. Now lawyers have said that that's to comply with California's Consumer Privacy act because now it's a US entity, they have to comply.

Leo Laporte [00:42:59]:
I guess it was enough to scare me off. It's funny, it's ironic because I honestly wasn't worried about the Chinese knowing my immigration status. I'm much more worried about the US Government knowing my immigration status and I'm a citizen. But apparently that's not sufficient anymore. What do you, what do you think, Doc Rock? Are you going to continue? Do you do stuff on Tick Tock?

Doc Rock [00:43:23]:
I, you know, it's really crazy as I recently just started doing stuff on Tick Tock because, you know, there's a lot of activity happening over there and yeah, this is sketchy.

Alex Stamos [00:43:36]:
This is.

Leo Laporte [00:43:37]:
What's funny is that you can't get, you can't get past the agreement to cancel your account. You have to agree to it before you can cancel your account.

Doc Rock [00:43:49]:
So I just checking to see if I had the pop up. I didn't get the pop up yet, but I know some friends, they got it yesterday.

Leo Laporte [00:43:54]:
Oh, I got immediately.

Doc Rock [00:43:56]:
This is wild.

Leo Laporte [00:43:59]:
So I declined and deleted it. Alex, am I, am I crazy? I mean you, we were talking, we've been talking with about this for more than a year. I remember when you were on, you said, yeah, no, TikTok is a threat. It's no longer a threat.

Alex Stamos [00:44:17]:
Yeah, so, okay, so my position always was that of all the Chinese companies, TikTok was not never the, the biggest threat. I've always been much more concerned about WeChat because WeChat actually carries conversations that are important and it is, is very much not end to end encrypted. And there's evidence that the Ministry of State security effectively uses WeChat as a massive surveillance tool.

Leo Laporte [00:44:45]:
And most, very few Americans that use WeChat, but it is used by Chinese.

Alex Stamos [00:44:49]:
A lot of Chinese Americans, a lot of Americans of Chinese ascent use it because if you have any family that speaks Chinese, you use WeChat. So it is used as a tool to kind of spy on the greater Chinese diaspora. So but that being said, there was some risk from TikTok, but a lot of that risk had been, you know, pushed down a little bit through the mechanisms of Project Texas and the creation of this.

Leo Laporte [00:45:15]:
Oracle was hosting the data in the United States.

Alex Stamos [00:45:17]:
Yeah, TikTok U.S. data Security LLC. Yeah, exactly. And they, and so there's a, there's a lot of things to say here. One There was a law. That law was just straight up ignored. Right. The Trump administration basically just said, you don't have to follow this law.

Alex Stamos [00:45:31]:
There was no mechanism.

Leo Laporte [00:45:32]:
Do you remember, it was roughly a year ago, right before the inauguration. TikTok went offline, they said, and that.

Alex Stamos [00:45:39]:
Was what was supposed to happen because they were not following the law. There was a mechanism for one extension, I believe, to be given. But to do that, you had to have been on the verge of a deal and the administration did not do any of the stuff they were supposed to do for that. So one, we just kind of just blew through the law. Laws don't matter. So that whole thing's been crazy. Second, this new entity, some of these are just neutral. I don't think Michael Dell has that much of a political position.

Alex Stamos [00:46:15]:
Silver Lake is just a neutral private equity firm. But some of these people are really political players who are directly aligned with the current administration.

Leo Laporte [00:46:25]:
And we know Larry Ellison is one of them.

Alex Stamos [00:46:28]:
Yes. Who is absolutely like twisting, as we know, CBS political direction to make the President happy. And so in some ways, TikTok might be more of a threat, if not from a data perspective, from becoming a much more political platform now. I think that will, if. If that happens, that is going to backfire in crap. I mean, there's nobody who is more sensitive to being manipulated. As a father of teenagers, the idea that you can like, like think that you, that you could try to manipulate 15 year olds, if you're like a middle aged person, you're like, I'm going to manipulate the. The idea that like Larry and David Ellison are gonna be able to like manipulate teenagers and get away with it is just ridiculous.

Leo Laporte [00:47:12]:
They're gonna sniff it out, given the current climate in the United States that they say, we will collect your immigration status.

Alex Stamos [00:47:18]:
So. Okay, so they're not directly collecting it. I think there's a couple of things going on here. One is when you're a social media company, one of the real challenges is that people upload everything. So I saw this at Facebook. I never worked for Meta. Right. I was at Facebook and Facebook when I was there, got sued for all these situations where there'll be laws of like, you have to protect this kind of data, like pregnancy data.

Alex Stamos [00:47:46]:
Okay. Did Facebook ever want to know people's pregnancy data? No, but there'd be things like SDKs that could get embedded in products and then all of a sudden things like Phi would get uploaded and that's just like an arbitrary text field. And all of a sudden it ends up in our database and we don't even know about it. But then the company gets sued and it is way easier to go to a jury of 12 people who can't get out jury duty and tell them, big company, bad big company spying on pregnant women. And then the defense attorneys are like, no, this is an arbitrary text field and it's a Jason field. And you know, Facebook didn't know. Yeah, you're going to look.

Leo Laporte [00:48:25]:
So it's sensible if you're TikTok to.

Alex Stamos [00:48:27]:
If you're the lawyers, it makes sense because like the law says, especially in California, that like, these are the sensitive things. And so TikTok basically has to say we might know these things about you because TikTok allows arbitrary stuff to be sent up. Now the question is, is it smart for them to actually list these things because it's going to show up in a lawsuit later. This is where you get, I think, the trade off inside of social media companies between the lawyers and product people, where if you're a product person, you might be like, could we just get away with saying, hey, you're sending us videos that might have anything in it? And if you tell us sensitive stuff, it's going to be in your data and we can't help that. Can we get away with that instead of listing all this stuff?

Leo Laporte [00:49:12]:
Also, why they fought the California Consumer Privacy act because they knew it would require this kind of language, right?

Alex Stamos [00:49:21]:
Yeah. I don't think TikTok's actually tracking immigration status. I think they have overactive. They paid somebody 900 bucks an hour to write this thing. And part of what they're doing is they're looking at every lawsuit against every other social media company for the last 20 years and they're protecting against it. That being said, I think this whole TikTok thing is incredibly corrupt. Right. Like effectively our government put a gun to the head of a foreign owned corporation.

Alex Stamos [00:49:52]:
I do not like the owners of that foreign owned corporation. I am not a fan of the People's Republic of China. I have a child who is learning Chinese and he has to go to Taiwan to do that because I have a file probably with the ministry. I know I have a file with the ministry.

Leo Laporte [00:50:06]:
He couldn't go into the right.

Alex Stamos [00:50:08]:
He can't go there. So fine, Taipei is great. I want him to visit while it still exists. And so anyway, like, I'm not a fan of the old owners, but we put a gun to the head and stuck them up and then transferred ownership of it to the political friends of the current administration. It's just straight up gangster capitalism.

Patrick Beja [00:50:28]:
It's the second part that's a problem. It's who it was transferred to that's the problem. Because I think the issues that were listed with the Chinese ownership of TikTok were substantiatable. Like it's not. Maybe you could have discussed how real it was. But the question of especially maybe the data issue is a little bit overblown because data is being sold and bought in the US anyway. RGPD is pretty cool. The issue of the influence with the algorithm, I think is a very serious one.

Patrick Beja [00:51:14]:
And the idea that a foreign entity is so embedded into the culture of another country that it could influence cultural trends and political decisions, I think is a serious security risk. So transferring it, transferring the ownership either, I mean, you could ban it or you could transfer it to a neutral party where you're a little bit more confident that it's not going to have this kind of undue algorithmic influence. I think it makes sense. The problem is who it was transferred to. And the algorithm can be used to nefarious ends in that case as well. I mean, any political party cronies or friends of would have been a problem. It turns out it's this one. If we want to be a little bit more neutral for a second, it turns out that this one, it would have been a problem either way if it was another politically charged group of people.

Patrick Beja [00:52:19]:
But the issue of the algorithmic influence is not to be discounted, I think. And we can see it. I mean, we've seen it. I think it was last year, an article about Taiwan and how the youth in Taiwan is having its view of the Chinese model changed through. It was a long article. I could, I talked about it a few times, but it was influencing the way the youth in Taiwan is looking at China. And even it might be a little bit anecdotal, But I use TikTok quite a bit and I've seen a significant amount of what is effectively Chinese propaganda which is showing all the great things about China. You know, modern cities, modern, very technologically forward stuff.

Patrick Beja [00:53:19]:
Happy people dancing, singing, showing their cities with trains going through buildings and stuff like that. That, that's awesome. You strangely never see anything negative about China on Tick Tock. Never ever. And I have. Again, this is very.

Leo Laporte [00:53:42]:
I never have either. You're right. Yeah.

Patrick Beja [00:53:44]:
But I seen, you know, people going like, you know, China sounds cool.

Leo Laporte [00:53:50]:
Yeah, China sounds cool. It's very.

Patrick Beja [00:53:53]:
I mean, China is very cool. There are some not cool parts, of course, and. But you, you never hear about you know, freedom of expression, the Uyghur, like never on TikTok. And my point is that of course it's not. There are a lot of people who know about these things. There are also a lot of people who might not as. It's not that like it's going to go from 0% to 100% positive opinion, but if you shift, you know, 5%, 10% opinion, it, it does something to the country. Right?

Leo Laporte [00:54:24]:
So, well, we don't have to worry about it.

Patrick Beja [00:54:26]:
It's very easy to discount that aspect of it. And the, the algorithmic influence is not. It should not be, you know, throw up, thrown out.

Leo Laporte [00:54:35]:
I feel bad because, you know, my, as I've mentioned before, my son basics his career on Tick Tock. He's now on Instagram as well and so is a little bit insulated against it, but he still posts regularly on TikTok. I, I don't like how I actually got rid of Instagram too. I think I just don't want to have either one of them foisting any point of view on me and X as well.

Patrick Beja [00:55:01]:
I don't think you're the target. True.

Alex Stamos [00:55:04]:
I mean X has become just terrible, right? It's just like race war every day, right? Depending on. I mean, what drives me nuts is there's still like a group of AI.

Leo Laporte [00:55:16]:
There's great AI stuff on X. That's. I kind of missed that.

Alex Stamos [00:55:19]:
But the political discussion has become just completely dominated by bots and elon forces.

Doc Rock [00:55:25]:
Every post of his threads, Sorry, the alternative became threads. And the funny thing about threads, why they try to gain traction is there are so many posts which are just there to like, absolutely rage, Beiji.

Leo Laporte [00:55:38]:
I mean, like, isn't this social now?

Doc Rock [00:55:42]:
Yeah, no, but I mean it's the, it's the odd. It's the low hanging fruit rage baits that you easily bite into because you think it's a real question and then sometimes you look at it go, wait a minute, this is, this, this question is so stupid. This is actually put here just to get engagement bait. So it's different from rage baiting. Let me put it that way. It's engagement baiting because I'm going to say something stupid so everybody can tell me that I did it wrong and you're getting engagement and so that elevates those accounts. And so they keep going, keep going and then all of a sudden they kick in the rage bait. So they are actually smart enough because they're building this sort of attention graph by saying dumb stuff.

Doc Rock [00:56:18]:
There are people Leo, that's going to crack you up. There are people still arguing about how the magic mouse is terrible because you charge it from the bottom. And we all know still that still in the time that I've been having this freaking brain fart, I could have plugged in my mouse and got nine more hours of charge out of it. Literally in 90 seconds in charge, you can get a whole full day. So it was dumb, but it was never a real problem. You know what I mean? It's kind of like me, I'm dumb, but I'm not a real problem.

Leo Laporte [00:56:46]:
Yeah.

Doc Rock [00:56:46]:
And it's like both like you guys are still arguing about this and it's hilarious. So if you just want to be entertained, you know. Now the new thing on threads is how come all the 40 year olds are on threads? Oh, those are just great. And the comments are glorious. And the best comment was, well, I'm here so I can show you how to spell 40 year olds because they.

Patrick Beja [00:57:08]:
Did wrong on purpose, more than likely.

Doc Rock [00:57:12]:
Yeah.

Patrick Beja [00:57:13]:
You know, on, on X, if we go back to policy and, and European policy, a lot of people are calling for administration to leave X, which they haven't yet because you need the audience that you're talking to to. But, but a lot of people are, especially with the latest, you know, AI deep fakes and what's it called? Nudes.

Leo Laporte [00:57:40]:
Oh yeah, this has been a nudification.

Patrick Beja [00:57:43]:
And so a lot of people. But interestingly, an argument against Blue sky was that if you try to talk about the AI on Blue sky, you get murdered.

Leo Laporte [00:57:56]:
Right.

Patrick Beja [00:57:56]:
Like, and so as Alex was saying, if you want, want to have an interesting conversation about AI, you, you can't do it on Blue Sky. It's impossible. Like pushed off the platform immediately.

Alex Stamos [00:58:10]:
Yeah, I've tried to have conversations on Blue sky and it's like if you step off the orthodoxy, it becomes, you get, you get dogpiled there too. I don't know, I try not to use social media too much anymore.

Leo Laporte [00:58:23]:
I think that's the, that's the bottom line is just get off.

Alex Stamos [00:58:26]:
I'll do like long form stuff like this because you get to talk more with nice people and you get to share and if you disagree with somebody, you can try to play it out over five minutes and you don't have the context collapse that you do.

Leo Laporte [00:58:38]:
Right. Well, you're talking to real people for one thing. Well, who knows who you're talking to.

Alex Stamos [00:58:43]:
On X. Yeah, and I think like that's, you know, somebody is going to create the 100% real social network, right. Where, you know, everybody has a verified identity and content is created on the device, does not come from Capcut.

Leo Laporte [00:59:01]:
There is an argument, though, for anonymized posting. For instance, of course, there is an Instagram account which ICE has been desperately trying to unmask, that posts videos of ICE arrests. And ICE wants this John Doe and they've been turned down again and again. The courts have said no. Instagram has said no. There is an argument that there are. Sometimes you do need anonymity. So a fully real social network.

Leo Laporte [00:59:33]:
I don't know. I mean, I would join it because I'm not.

Patrick Beja [00:59:36]:
I think it would be both. I think you absolutely do need anonymity and those exist. And I'm very heartened in spades right now. Yeah, I'm very heartened to hear that Instagram has refused to identify the account. I would have thought they would have folded, so I guess I'm wrong there. But a real social network. Interestingly, Sam Altman saw this coming with. Do you know about World? You know, World Coin?

Leo Laporte [01:00:07]:
Yeah, the orb. Right, the iris orb. He saw it coming. But doesn't it. The fact that you're giving them your iris information, which is unchangeable, you're not giving it.

Alex Stamos [01:00:22]:
The idea is like you're verifying it. He's right in that what you're going to do is you're going to have to push all this stuff into secure hardware that verifies you ended.

Leo Laporte [01:00:31]:
But I think it's a brilliant idea because we do need. Authentication is the thorniest issue. It's the issue behind online voting, it's the issue behind shopping, it's the issue behind commerce. You know, being able to authenticate reliably is a huge issue and unsolved at this point.

Patrick Beja [01:00:49]:
Well, especially if we're talking about communication. In an era of AI, where you don't know what is being. If you don't know if what is being you're seeing is real or not. At least if you know it comes from someone who has identified themselves through, you know, world, like worldcoin or something else. I think it gives credence to whatever you're seeing. And the reason a lot of people are giving up at the moment, I think, on information or videos or. The biggest problem with AI, I think, is that it's not that it's going to make people. We've talked about this a few times, but it's not that it makes people believe stuff that isn't true.

Patrick Beja [01:01:36]:
It's that ultimately people who see stuff don't know whether it's true or not. So they're not going to trust the stuff that is true and they're going to go like, oh, well, I don't know if it's true or not, whatever, and it doesn't matter. So if you get a social network or a way to engineer trust, I think that has value. It doesn't mean that it fixes everything. But a social network where you know who you're talking to to and you know that it's them and you trust them, it has value. Obviously, you know, it doesn't mean that everyone's going to trust everyone else, but I think it would be an interesting thing to try at least.

Leo Laporte [01:02:18]:
This is the story from Ars Technica. DHS keeps trying and failing to unmask anonymous ICE critics online. They had subpoenaed Meta to reveal the John Doe who had an Instagram account and a Facebook account monitoring ICE in Pennsylvania. They sued the dhs. He countersued to block ICE from identifying him. He says those summons is to Meta infringed on core First Amendment protected activity. DHS fought his motion to quash, but eventually gave in. On the 16th, they abruptly reversed course and withdrew their summons from Meta.

Leo Laporte [01:03:03]:
So that's where it stands right now, but I doubt that that will stay that way.

Alex Stamos [01:03:08]:
Well, I'm glad to see, I mean, I know some of the people who used to have these fights and I know they're still at Meta and so I'm glad to see there's still some people there who are willing to have these fights. And a bunch of them are ex DOJ folks. I know for a fact that they are very sad of what's happened to the Department of Justice. Yeah.

Patrick Beja [01:03:28]:
Yeah.

Leo Laporte [01:03:29]:
Well, it's become a personal law firm for the presidency. We're going to take a break, come back. Oh, I had one more stat just to give you. We were talking about the sexualized images on X, the Grok Deep non consensual deep fake nudes. According to the New York Times, over nine days, Grok posted 4.4 million images of which at least 41% was sexualized images of women. So that's 2 million images in nine days. Non consensual sexualized images.

Alex Stamos [01:04:05]:
Yeah. So if you look deeper, how many.

Patrick Beja [01:04:07]:
Of other, you know.

Alex Stamos [01:04:08]:
Yeah, a couple percent and at least a single digit percent look like they're underage, which would make Grok one of the possibly the largest creator of AIC Sam now in history.

Leo Laporte [01:04:19]:
Isn't that amazing?

Alex Stamos [01:04:20]:
I mean it's a fascinating outcome because At Stanford, we wrote a bunch of the first papers on AIC, Sam back 2021, 2022, and we saw this coming. But where this was, was this all started basically stable diffusion. Stable diffusion 1.5 had very few protections. But for people to take stable diffusion and then create AICSAM required at least some skill. A bunch of people working together and stuff. And. And GROK made it super easy for folks.

Leo Laporte [01:04:51]:
It's interesting because this is the graph from the New York Times of the images created just of all images created per day by grok. And you could see that there was a sudden explosion after Elon posted an AI edited photo of himself in a bikini. And then suddenly there's this explosion. And then of course, it all ends when X limited the image image creation to paid accounts on January 8th.

Alex Stamos [01:05:16]:
Because you know what makes something really much more legal is if you charge people for it.

Leo Laporte [01:05:20]:
Yeah, right. Oh, now it's okay. Yeah, you paid for it. Oh, well, go right ahead.

Alex Stamos [01:05:27]:
Right. That's generally a defense in court. Oh, no, we're profiting from this behavior. So now it should be okay.

Patrick Beja [01:05:35]:
Well, at least if it's. If it's paid, then they have. They know who you are. Right. So in theory, if you create something that is illegal, it's easier to find you. Is. I'm. I'm really trying to, you know, thank you for that.

Leo Laporte [01:05:50]:
Yeah.

Alex Stamos [01:05:50]:
But the problem is, is the. The person committing the crime is actually Grok. Is actually.

Leo Laporte [01:05:56]:
Is it?

Alex Stamos [01:05:56]:
Yes. Xai is the generator here. They do not have Section 230 protection.

Leo Laporte [01:06:01]:
Oh, interesting. They do not.

Alex Stamos [01:06:02]:
No, they are. They are the one who is.

Patrick Beja [01:06:06]:
They're the Post now who is. But. But an AI can't be. Can't have a copyright, can't be like the person. Are you sure it's not the person Legally, that is like writing.

Alex Stamos [01:06:16]:
So that's. This is. I mean, this is now what will be litigated. This will be fast.

Patrick Beja [01:06:20]:
Right?

Alex Stamos [01:06:21]:
Is who is the. Because there's a civil issue, and civilly, I am sure Xai has a huge problem. Now what they're trying to do is they're trying to get all these cases removed to Texas to one district in Texas where there's only like one judge, and he is a Tesla shareholder and will not recuse himself of cases. So that is super controversial. Right? So like Elon's baby mama, you know, sued him in the Northern district of Texas or Northern district of California, and he's trying to remove it under their terms of service. So that is like super controversial. Of can you use terms of service even though the actual harm happened elsewhere? So that's a big legal fight. But then the second issue will be there's significant civil issues, but this is a crime, Right.

Alex Stamos [01:07:07]:
And the criminal issues here are very interesting for the most part.

Leo Laporte [01:07:12]:
Has there been any criminal prosecution, though?

Alex Stamos [01:07:14]:
No, there have been criminal prosecutions of people for AIC Sam. They are few and far between because what happens is the vast majority of cases where people get caught with AIC Sam, they have real CSAM on their drives and for the most part, so.

Leo Laporte [01:07:27]:
They don't have to go after the AI. AI part. Yeah.

Alex Stamos [01:07:29]:
So the vast majority of child exploitation cases are pled out. Right. It almost never goes to trial because the, the evidence is strong and the penalties are huge. And so the lawyers tell the. The just plead out, perps just plead.

Leo Laporte [01:07:46]:
Out, you're in trouble.

Alex Stamos [01:07:47]:
Take. Right. Like Instead of taking 20 years or whatever, 30 years, get your 18 months or two years and, you know, take it. There have been a couple of cases, but it's complicated and the legality issues here are complicated. I'm going to give a shout out to my former Stanford colleague who's still at Stanford. Rana Feverkorn has written a number of pieces on this because the laws around it are different and they all actually rest on a Supreme Court precedent called the Ashcroft case. So it tells you how old it is, which is about can photos that are not. Can images that are not real be.

Alex Stamos [01:08:30]:
Count as effectively child pornography? Right. And it's a fast. It turns out to be like a really fascinating, interesting issue. And so this will end up being litigated and it probably will end up going back to the Supreme Court because none of the case law, you know, all the case law predates diffusion models, right? Like deep learning upsets all of this. And you're talking about images that are not real, but they're based upon real folks. In this case, we're talking about images where you start with a real image, but you're modifying it so they are the faces of real women and real girls, but then they're modified using diffusion models. So it's super complicated. But who is the one who's going to be punished is a big question, both criminally and civilly.

Alex Stamos [01:09:18]:
But there is no what. What we know for sure is multiple courts have ruled that AI companies do not have Section 230 exemptions here because one of the criminal side. But also they are not just posting content. X is not just posting content that was created by somebody else. They are creating the content themselves.

Leo Laporte [01:09:36]:
Oh, very interesting. Yeah. Because X is now owned by Xai.

Alex Stamos [01:09:41]:
Yes, right, Very interesting. It is going to be. This is going to be a big deal. They really screwed up here. This will last for a long time. And these cases are going to last a lot longer than the Trump administration. There's also these cases are going to happen in states, right. So they'll happen in state court.

Alex Stamos [01:09:58]:
They'll try to remove it to federal court and move it to Texas. They're not going to be, you got a bunch of state attorney generals. And so what's happened is X has opened themselves up to a bunch of state attorney generals who do not like Elon Musk. And so that was not a good move.

Doc Rock [01:10:11]:
And the civil side is going to be on par with, you know, someone trying to go after say Colt or Sig Sauer, whatever, after some sort of, you know, weaponry incident, you know, the civil side, they go off.

Leo Laporte [01:10:24]:
Did the gun commit the crime?

Doc Rock [01:10:25]:
Yeah, yeah, yeah, I was trying to.

Alex Stamos [01:10:27]:
Use that word because it also might lead in Europe, it's become a big deal. Ofcom in the UK might completely ban X. But it's also reasonable because the nudifier apps, we've seen them get banned by Apple and Google.

Leo Laporte [01:10:41]:
Why didn't Apple and Google ban X.

Alex Stamos [01:10:44]:
Or at least Grok. Right, like.

Patrick Beja [01:10:45]:
Yeah, I mean we all know why.

Alex Stamos [01:10:48]:
We know why. Because they're afraid of Elon and they're afraid of him calling Trump and then having Apple and Google punished. But like, yeah, no, but I think.

Patrick Beja [01:10:56]:
It'S important to say because I've seen a lot of people saying, oh, but why didn't Team Cook and why didn't Sundar Pichai and like we know why. And that's what those article mean.

Leo Laporte [01:11:09]:
The Verge called them cowards. They said they're cowards is why.

Alex Stamos [01:11:14]:
But it is. You're right. We should lay out here that this company, like we thought this was a line that could not be crossed and.

Leo Laporte [01:11:21]:
This line was crossed apparently according to Bad Rod in our discord, our club Twitter discord. Even text and hand drawn images can be considered CSAM under Canadian law law. So in it that I'm not the Canadian law informs American law. But that's interesting. You can have a hand drawn image that would still be considered csam.

Doc Rock [01:11:39]:
Well, even the text part, you know, because I guess a lot of the this. Well, when you hear it all the time on the news or when you watch my dude from NBC Catch a Predator back in the day, it would be the text messages, right? It would be the chats that would get a lot of guys in trouble. So if, if text count and that means, you know, electronic text as well as handwritten text.

Alex Stamos [01:12:01]:
Next.

Doc Rock [01:12:02]:
Yeah, that. That sounds like logical, I guess.

Leo Laporte [01:12:05]:
I was on the jury for one of those To Catch a Predator cases.

Doc Rock [01:12:10]:
He got in a lot of trouble for entrapment, though.

Leo Laporte [01:12:12]:
And I don't know that's exactly what happened.

Doc Rock [01:12:14]:
You never heard a second he sat.

Leo Laporte [01:12:16]:
Through the whole testimony of the prosecution. Then the defense goes to the judge and says, your honor, this is entrapment. And the judge throws it out, says it to the jury, never mind. After two weeks of testimony, we went home. But I agreed with the judge. The whole time I'm thinking this. This poor kid was completely entrapped. Yeah.

Doc Rock [01:12:37]:
For the show. Nonetheless. I mean, it's not saying for the.

Leo Laporte [01:12:39]:
Purposes of television entertainment elevated because of television entertainment because there was no child involved ever. It was an adult who was. Yeah. Anyway, it was. It was interesting. It's my only time I ever served on jury and I thought I was a fascinating story. Hey, we got to take a break because poor Patrick is just never going to make it to four in the morning.

Alex Stamos [01:13:00]:
So no sleep till Doug Brook to Brooklyn.

Leo Laporte [01:13:09]:
That'll perk you up. That'll perk you up. Alex Stamos, who I had no idea was a. Was a big fan of rap, is here. He's the chief product officer@cord.dev of course he is. Of course he is. You're that generation. It just blows me away, you know, because as an old man, I always think the rap generation is young people.

Leo Laporte [01:13:25]:
But that's not anymore. Anil Dash was good. We had Anil Dash on the show. He was going to the. The last performance of the Wu Tang Clan. Wow, you're hip.

Patrick Beja [01:13:40]:
I mean, how old are the Beastie Boys?

Leo Laporte [01:13:41]:
Like exactly. Exactly. It's all. Those are oldies now. Patrick Beja. Not an oldie. A young man in an old man's body. How about that?

Patrick Beja [01:13:52]:
Let's go with that.

Leo Laporte [01:13:53]:
Okay. From notpatrick.com and Doc Rock. Always a pleasure to have the good doctor on YouTube.com docrock and ecamm. Our show today, brought to you by Meter Meter was started by two network engineers who felt your pain. Who felt your pain. If you're a network engineer, they know how difficult it is. They decided to be the company building better networks. Full stack.

Leo Laporte [01:14:23]:
Full stack. If you're a network engineer, you know all of the, you know, the pain points, legacy providers, inflexible pricing, it, resource constraints Stretching it thin. No IT department ever got enough money to do their job right. Complex deployments, fragmented tools. You're mission critical to the business, let me reassure you. But you're working with infrastructure that just wasn't built for today's demands. Well, Meter knows that too. And that's why businesses are switching to Meter.

Leo Laporte [01:14:50]:
Meter delivers full stack networking infrastructure. Wired, yes, wireless, yes, even cellular. That's built for performance and scalability and built to handle the most challenging environments. Meter designs their own hardware. They realized we've got to do it from scratch. We've got to design the hardware, we got to write the firmware, we gotta build the software, we have to manage the deployments. And they even provide after market support, after sales support. Meter offers everything.

Leo Laporte [01:15:21]:
They'll even do ISP procurement for you. They'll do all the security, the routing, the switching. They'll do wireless firewall, cellular. They'll do the power. Right. That's just as important, isn't it? DNS, Security, VPN, SD WAN, multi site workflows, all in a single solution from a company that cares. Meter's single integrated networking stack scales. They work in major hospitals.

Leo Laporte [01:15:46]:
And you know what a hostile environment for wireless a hospital can be. If you've ever been in a hospital, the phone never works. Branch offices, warehouses, it's really often the case. I was talking to Meter a couple of weeks ago and they said, you know, we often get calls from companies that acquire another business. They get these new, these warehouses with old stacks, hostile wireless environments, and they have to then incorporate it into their own existing systems. They're great for this. They can do it for large campuses, they even do it for data centers. Reddit uses Meter.

Leo Laporte [01:16:22]:
That should tell you something. The assistant director of technology for Webb School of Knoxville, he had an interesting challenge. We had more than 20 games on campus between our two facilities, each game streaming via wired and wireless connections all at once. That event went off without a hitch. We could never have done this before Meter redesigned our network. With Meter, you get a single partner for all your connectivity needs, from your first site survey to ongoing support without the complexity of managing multiple providers, multiple tools. You know, you know how it is. They you say, I'm having a problem here.

Leo Laporte [01:17:01]:
The ISP says, what's your router? The router company says, what's your isp? No, no, you don't have to worry about that. It's an integrated networking stack. Meter's designed to take the burden off your IT team and still give you deep control and visibility. Reimagining what it means for businesses to get and stay online. Meter is a modern company built for the bandwidth demands of today and tomorrow. We thank Meter so much for sponsoring. Go to meter.comtwit to book a demo. Now that's M e t e r.com comm to book a demo.

Leo Laporte [01:17:33]:
I was so impressed with these guys. And the founder's story is amazing. They really, they know what it's like. Then they came up with a great solution. Meter.comTwit we thank them so much for their support. Big story coming out this week about Microsoft. The FBI said, we want the BitLocker keys for an investigation. And Microsoft provided them.

Leo Laporte [01:18:03]:
When asked, Microsoft says we get about 20 requests for BitLocker keys every year. We'll provide them to the governments in response to governments, plural. In response for valid court orders. Now, I think you might have thought. I certainly thought that BitLocker, which is full disk encryption, was in, you know, mine and mine alone. And it used to be if you. And in fact, it was one of the hazards of BitLocker that it was certificate based. If you created the certificate and didn't save it, that you would not be able to access your data ever again.

Leo Laporte [01:18:36]:
Microsoft solved that by saying, well, no, you have to have a Microsoft account and we'll keep the keys for you. So they have the keys. Early last year, the FBI served Microsoft with a search warrant, asking it for recovery keys to unlock encrypted data stored on three laptops. Federal investigators in Guam felt that they held evidence that would help prove individuals handling the island's Covid unemployment assistance program were part of a larger plot to steal funds. Microsoft complied. I'm sure this was no surprise to you, Alex, and probably isn't a surprise to anybody who thinks about it. Should I worry about my file?

Patrick Beja [01:19:18]:
I was like you, Leo. I thought it was.

Doc Rock [01:19:20]:
Was.

Patrick Beja [01:19:20]:
I thought it was private.

Leo Laporte [01:19:22]:
Right. But.

Patrick Beja [01:19:23]:
But I actually don't have a problem with this because you have the option to not. You don't have to with. Yeah. With Microsoft, if you want to keep it all local and, you know, run the risk of losing your access to your data, then you can. So when I first read the headlines, I was like, what?

Leo Laporte [01:19:42]:
You can.

Patrick Beja [01:19:43]:
They have the key.

Leo Laporte [01:19:44]:
What?

Patrick Beja [01:19:45]:
And I was like, ready to be very upset at American companies again. But then I. They became reasonable and read the article and realized that you can decide what.

Leo Laporte [01:19:56]:
But the default is that they are uploaded. And Microsoft's made it harder and harder to install Windows without a Microsoft account. So there's definitely impetus in that direction. I think it's important for people to know it.

Alex Stamos [01:20:07]:
I'm not so cool with it for a couple reasons. Yeah. So one is Microsoft has pushed the Microsoft account idea very hard and they have made it basically impossible to install Windows 11 without creating an online account. They suck a huge amount of data out of Windows. It used to be any normal person could install Windows with just a local account and then you could add what used to be called the live.com account and now like an online Microsoft account and then they made it that it was required. But nerds could basically pop up a window and you could run a command and do it. They've turned that off. Now if you want to do it without an account, you effectively have to make a special version of the ISO.

Alex Stamos [01:20:57]:
You have to patch out their code and basically tell it it's like an enterprise install to do only a local.

Leo Laporte [01:21:04]:
You could do it with Rufus. There's some tools.

Alex Stamos [01:21:06]:
Yeah. Basically by default, like you said, they will back up your key for you so you can go log in and grab the key. If they wanted, they could do what Apple does, which is Effectively Apple uses HSMs to store the backup keys and then use a mechanism to make it very hard. Apple does not have the ability then to recover those keys.

Leo Laporte [01:21:37]:
So I don't have to worry with FileVault, Apple's encryption, which is by the way on. On default on all Apple devices. A Apple doesn't require you to make an Apple account to use a Mac or an iPhone.

Alex Stamos [01:21:47]:
Right. And they also, you know, they make it explicit when you to be able to unlock your device. Right. When you do it. And then Apple makes it very difficult for themselves to recover that key. Now that being said, Apple does store a bunch of data when you do an icloud backup in a way that the FBI can get to.

Leo Laporte [01:22:05]:
We've seen that. We've seen that in court filings.

Alex Stamos [01:22:08]:
Yes. And so Apple is not perfect here. That is a decision they have made that is mostly about having compatibility with the web interface. So there's a bunch of stuff that you can access.

Leo Laporte [01:22:17]:
They offer the advanced data protection which does not allow that. Yes, but you give up a lot of functionality when you turn on ad.

Alex Stamos [01:22:26]:
Yeah, I have advanced data protection on. I turn it on for a bunch of my family members. But like most, I'm guessing it's a low single digit percentage of their customers.

Leo Laporte [01:22:34]:
And that's the one, of course that they had to withdraw in the UK.

Alex Stamos [01:22:38]:
Because the British, the UK is obviously using it. It's also not available in China. That's also the issue with Apple is everything they do from a security perspective has a big asterisk, you know, privacy, human rights, asterisks, not available in the People's Republic of China. So, like, I am not a big fan of this, this from Microsoft. That being said, even if you're forced to do a Microsoft account, you can go back into the command line, you can use the Manage BDE command line interface and then you can remove the protector. So you can, you can go and you can change, you can remove the backup and then you can rotate the key. But that is only for people who know what they're doing. So it is, by the way, it's.

Leo Laporte [01:23:16]:
Not great if you do that, don't put your certificates on an unencrypted drive because. Because they're going to take that with everything else and they may end up getting it anyway and not have to ask Microsoft.

Alex Stamos [01:23:27]:
Yeah, I mean, the truth is, if your threat model includes the US government, you should not be using Windows. Because the truth is that Windows is effectively. Windows 11 is effectively spyware at this point. It sucks. By default you log in with a Windows Microsoft account and there's like this. If you look at the Windows privacy pane, all of these buttons are checked by default unless you know what you're doing right. And it is sucking a huge amount of data out of your experience into Microsoft.

Leo Laporte [01:23:55]:
I honestly feel like Apple's probably moving in that direction as well. I've moved to Linux pretty much on everything and I use Lux encryption, full drive encryption, and only I have the access to that. And there's no telemetry in the version of. There are, I think Linux versions like Ubuntu that do have some telemetry may.

Alex Stamos [01:24:14]:
Have some telemetry, but there's no minor telemetry. None of them are doing what Microsoft is doing, which is a huge amount of data is. And all of that is going to be available to the government, you know, on. With lawful process.

Patrick Beja [01:24:26]:
You know, anecdotally, Linux is gaining ground in everywhere, I think, but in Europe as well. I've seen multiple articles from people who are saying, I switched to Linux. I'm very happy.

Leo Laporte [01:24:41]:
And people are realizing that now modern Linux distros are really as easy to use as Windows. And because of mine and Proton, you can run most of the Windows applications if you want them.

Patrick Beja [01:24:54]:
Well, that's the thing, that's the surprising thing because a lot of the nerds are also gamers. And now a lot like there are still Some games that require, you know, access to the kernel to. Yeah, because there are anti cheats and stuff like that.

Leo Laporte [01:25:12]:
Mostly anti cheats, isn't it?

Patrick Beja [01:25:14]:
Yeah, yeah, but there's a huge amount, like a huge percentage of the games that work and Linux is very, is handling them very well, in part because Valve has invested a lot in Proton and stuff like that.

Leo Laporte [01:25:29]:
When the Steam machine comes out, it's going to be a PC running Linux and 80% of the games will run on it.

Patrick Beja [01:25:36]:
So yeah, a lot of them. But. So between the defiance towards American big tech and the gaming aspect of it, there are, I mean it's still low single digits, right? Of course it's not, we're not.

Alex Stamos [01:25:54]:
Well, I wouldn't say that because everybody who's running an Android device is running and everybody who's running a Chromebook.

Patrick Beja [01:26:00]:
Linux.

Leo Laporte [01:26:00]:
Linux, right.

Alex Stamos [01:26:01]:
So Google has done a lot to make running Linux something that is absolutely doable by normal folks because you can just, if you build your business on G Suite. The dream as like a ciso, my dream has always been just give everybody Chromebooks and then if somebody loses something, you just go to the store, you know, best buy and buy them a $500 Chromebook and it. You don't, you don't care at all.

Leo Laporte [01:26:25]:
Yeah, that's a good point.

Alex Stamos [01:26:26]:
Point.

Leo Laporte [01:26:26]:
But then every now the counter to that is there's no privacy at all because everything is stored on Google's cloud.

Doc Rock [01:26:33]:
Right, Right.

Alex Stamos [01:26:34]:
I mean, I mean from a. Google.

Leo Laporte [01:26:35]:
Definitely looks at everything on the Google Drive. I mean they scan it for csam, they do all sorts of stuff. They can see everything you've got up.

Alex Stamos [01:26:42]:
On your Google and to talk about, I mean this is the European problem. There is no European competitor to Google. Right. Like if, if I was, if I was starting a company, people like Proton.

Leo Laporte [01:26:51]:
I look at what, what Proton's doing and they are really expanding capabilities. They're clearly trying to become another Google. You agree? Patrick, you mentioned Proton earlier. I haven't seen. They got everything.

Patrick Beja [01:27:06]:
There's a couple of Swiss company, Proton and Infomaniac and they are both trying to fill that niche.

Leo Laporte [01:27:16]:
But I mean it kind of explains their expansion. Actually I was.

Patrick Beja [01:27:21]:
The issue is you don't have the. There are, you know, it's the core services but you don't get stuff like. So you get mail drive, a vpn, password manager, that kind of thing. You don't get search, you don't get maps, you don't get.

Leo Laporte [01:27:36]:
Right.

Patrick Beja [01:27:36]:
You know, so they do have AI.

Leo Laporte [01:27:39]:
They have their own private AI. They have the docs. The best you can do calendar is.

Patrick Beja [01:27:45]:
Run stuff in parallel and you're always going to have to use something else as well. But it's already a very good start to.

Leo Laporte [01:27:54]:
It's interesting because Proton, I'm looking at their front page. They've named and even the icons look like Google Drive icons.

Patrick Beja [01:28:03]:
Yeah, Docs, sheets, wallet.

Leo Laporte [01:28:05]:
Meat. They call it meat. I guess Google didn't trademark that. I don't know, maybe it's not. Not in the eu.

Doc Rock [01:28:13]:
Maybe Google's is Google Meet, not just Meat by itself.

Leo Laporte [01:28:16]:
Google Meet.

Alex Stamos [01:28:17]:
Probably.

Doc Rock [01:28:17]:
Yeah.

Leo Laporte [01:28:19]:
Anyway, yeah. House of Lords voted. I don't know if this means anything. House of Lords in Britain voted to ban social media. For Britain's under 16, I say no.

Doc Rock [01:28:32]:
No young child should have access to social media.

Leo Laporte [01:28:36]:
You agree this. I don't know if that makes it a law or not.

Alex Stamos [01:28:42]:
It's.

Patrick Beja [01:28:42]:
It's being discussed everywhere now.

Leo Laporte [01:28:44]:
It is, right? It is. And you know, I think the Australian experiment has not produced the problems we thought it might.

Patrick Beja [01:28:54]:
Not yet it's a success. Well, we don't know that.

Alex Stamos [01:29:02]:
But it is.

Patrick Beja [01:29:03]:
No, I think, I think the, the tendency we have as tech literate people and geeks and nerds is to think, oh, this is the previous generation panicking and this is a moral panic. And this is Dungeons and Dragons and video games again.

Leo Laporte [01:29:20]:
Cut your hair, your rock and roll music's gonna ruin you.

Patrick Beja [01:29:25]:
The devil's music.

Leo Laporte [01:29:26]:
The devil's music.

Patrick Beja [01:29:28]:
But I think there is a decent corpus of academic research and evidence that shows that it does have negative effects.

Leo Laporte [01:29:42]:
Yeah.

Patrick Beja [01:29:42]:
And I mean, even if you think about it a little bit more objectively, like the Internet, I think we, we talked about this last time I was here. But the Internet is culture and it's all of culture. It's very open and you can go anywhere and see anything. And social media is included in that mix. And if you would think about a teenager around, I don't know, thirteen, and tell them, okay, here's, you know, the city. You can go anywhere and do anything. You wouldn't be comfortable. Right.

Patrick Beja [01:30:20]:
There are red light districts, there are weird people, there are strange things.

Leo Laporte [01:30:23]:
You wouldn't let your kids walk down at midnight downtown, down a dark alley.

Patrick Beja [01:30:28]:
Right, exactly. And in bars and in. So the problem is you give phones to kids and that's what it is. They can literally find anything. And so the idea that there should be some restriction on that used to be very, you know, problematic to me. I thought it was, you know, reactionism. But now I'm not so sure. And I think the debate will happen on how and how it should be implemented.

Patrick Beja [01:31:06]:
What age, how do we deal with it? But I don't think it's unreasonable to think kids shouldn't have access to the entirety of the Internet when they turn 13 or even younger, because there are younger kids who have phones and a phone is a window into the entirety of the Internet. Right. So the fact that a lot of countries now are looking at this and thinking, okay, we should. Maybe you shouldn't ban social media. Maybe you shouldn't. You know, there might be different graduations there, different graduation gradations. I don't know.

Leo Laporte [01:31:46]:
Yeah, that's good gradations.

Patrick Beja [01:31:49]:
But I think we're moving away from people saying, oh, this is just a moral panic and we should let everything open and just not regulate anything. What do you think the issue is? How do you determine someone is 16 or 15, whatever.

Leo Laporte [01:32:02]:
You're right.

Patrick Beja [01:32:02]:
That's a whole other problem.

Leo Laporte [01:32:05]:
But you said. I think it was when you said, Doc, that the. The House of Lords is going to. Do they understand that they're going to have to submit their age verification. Yeah. If this goes through.

Doc Rock [01:32:16]:
So here's the. Here's the absolute hilarious thing. I know that there's been so much talk about the teenagers and last week. This is crazy. I'm gonna take it to Sportsball for a second. But I just want you to see where this is, where this has gone because of what Patrick just said about. There has been actual proof about sort of the things that it can do to a person's mental health. South.

Doc Rock [01:32:37]:
So two of the quote, unquote, Manchester United legends, two of the best, you know, players ever played a game, were sort of down talking a current defender saying that he was too small and he wasn't any good. And I don't know why they signed him or whatever. And kind of the, the fan base went to. These guys are legends. And normally whatever they say is gold. And they're like, bro, this isn't the game that you guys played. And I know you guys are saying, well, well, because he snapped back and he made the. The player who.

Doc Rock [01:33:07]:
They're in question, Lisandro Martinez, he made a social media statement that basically called the legend guys bullying him. Right. And then instead of apologizing, they made like, oh, well, he was just being somewhat of a crybaby and he should be tough because, you know, he's a pro baller and he should be able to take it. And the community went crazy. First of all, in the game he actually manhandled Earl and Holland, who is quote unquote, the best striker. And he actually proved them wrong. But then they were like, well, maybe we shouldn't have said that. And what, nobody's understanding that even though this Guy is a 26 year old baller and he's a World cup winner.

Doc Rock [01:33:42]:
So yeah, he's been through some things, but the way that these guys get attacked now is completely different. In, you know, 2013, when Paul retired, he basically played from 03 to 13 is a different game because when you mess up, you literally have millions of people flooding your box. And even if you try to ignore it, your friends and family see it it so they get it. And so it's not just you, it's a whole bunch of people in your circle that hear all this noise. And if this is affecting professional athletes, you know, World cup champions and they're almost 30 years old, what exactly does it do to the kids? And I used to be the ones like, stop blaming social media and be better at parenting. But even then it's hard now because it has grown so immensely. And I think the other thing that a lot of these people don't sort of understand that it isn't just a handful of the top social media apps. Like there's so many ways I, I don't know if you've been on live playing like Call of Duty lately.

Doc Rock [01:34:44]:
Yo, it's psycho in there. I'm a grown man and an egg soldier. And the stuff that people say to me in there, I'm like, bruh, number one, you wouldn't say that if you saw me. I'm way bigger than you think.

Leo Laporte [01:34:55]:
That's part of it is it's anonymous and you, and you're not person.

Doc Rock [01:34:57]:
I'm like, you're too young. And I never thought I would say this because I'm the cool uncle, but I'm like, you're too young to say what you just said. And you just sat there and said something hella racist. You don't even know what it means. Yeah, you just don't. And it's, I think that's a really.

Leo Laporte [01:35:12]:
Good observation because even I, you know, I work on the Internet, I have a public Persona, but I don't have any experience of. But you see this all the time with celebrities, sports people. I mean, they are bombarded in ways that we, we have no idea what it's like. And you do you think, well, couldn't you just ignore it? You could ignore it.

Doc Rock [01:35:39]:
Not. These guys get, get threats. They get threats for, for messing up a game. And it's not. They didn't even mean to like they're humans. Right. You know, if, if the mighty Casey struck out now, oh my Casey would be lambasted. Like people went after Travis Kelce from for, for dating Taylor Swift while in the back of there is every one of the dudes that came after him.

Leo Laporte [01:36:01]:
Probably you have to have a hell of a thick hide to be able to be in public eye these days.

Doc Rock [01:36:05]:
Most of the guys who make noise would absolutely dated Taylor. Shut up. Like number one. Just because she's rich, never mind she's good looking but she's rich and talented. So don't act like you're not about it. Stop lying.

Patrick Beja [01:36:18]:
One of the issues with, with kids and teenagers is that it invites the social interaction with their friends and school groups into every hour of every day. So there's no safe place anymore. Right. There's no safe place from bullying, from social pressure. And I think it will be very interesting to follow. And the initial anecdotal evidence I've seen is kids, contrary to what we might have thought, they seem to be relieved. At least some of them. They seem to be relieved.

Leo Laporte [01:36:58]:
They're like, okay, story coming out of Australia. Yeah, yeah. Some of them anyway are saying, thank God. I, you know, I probably would be in that group. I probably would be in that group.

Patrick Beja [01:37:10]:
And it's not like go through withdrawal.

Leo Laporte [01:37:12]:
You're going to go through withdrawal but afterwards you go, oh, what a relief.

Patrick Beja [01:37:15]:
And in Australia it's mostly the algorithmic stuff. Right. So you still have access to these discord, to WhatsApp, to.

Leo Laporte [01:37:23]:
Yeah, but you lose YouTube, which is a big deal.

Patrick Beja [01:37:26]:
Yeah, that's a big, that's a big.

Alex Stamos [01:37:27]:
Well, there's a bunch of apps that are now filling. I mean that's the problem, the criticism.

Patrick Beja [01:37:34]:
Yeah. You can't shut it down. And even. And you have access to. You lose YouTube but you lose your account on YouTube and the algorithmic stuff. Right. But you can still get a link to a specific video on Discord or WhatsApp. So if you're going to, if there's something that's trending, I think the impact is a lot more limited than we think in the way it's been implemented.

Alex Stamos [01:37:53]:
It's only the big platforms on Australia. Right. So like that's, that's one of the criticisms of Australian law is they kick them off the big platforms and so people are jumping on the little platforms which often have no little. No trust and safety team. And so you're Pushing, you know, we'll see what the emergent behavior is. But, like, if you end up with all Australian teams, teens, on like, the crappy version of Instagram, then it's probably not an overall win. Right.

Leo Laporte [01:38:20]:
There's also the issue of VPNs. I mean, it's technically very difficult to do what they're proposing. And. And the even larger issue of age verification.

Alex Stamos [01:38:29]:
There's really age verification. I mean, it's, it's, that's it. What the Australians have done is they punted that to the companies. Right. So they basically said, you.

Patrick Beja [01:38:38]:
That's what everyone's doing.

Alex Stamos [01:38:39]:
Yeah, Right.

Leo Laporte [01:38:40]:
Just do it.

Alex Stamos [01:38:42]:
You figure, hey, the nerds figure it out. Right. And then find you when we're not happy.

Leo Laporte [01:38:47]:
When I sign into AI now, it asks me my age. I've noticed that on the AI platforms, now it's asking me. I mean, it's not like I couldn't lie. I don't know if that protects them in any way. But it's interesting. I mean, we're going to, I think, don't you think we're going to get in a year or so to the point where everything asks you your age and tries to verify your age in some way?

Alex Stamos [01:39:11]:
So I think in social media, they have the advantage in that. Like on Instagram, if they know. Want to interact with their friends.

Leo Laporte [01:39:18]:
Yeah.

Alex Stamos [01:39:18]:
Then at some point you're gonna have to be kind of honest. Right. Like, your other friends are gonna be teenagers. You're gonna post selfies, you're gonna post pictures of yourself on the beach or whatever. And so you're going to be outing yourself as a teenager. You can't say you're 42 and then post you and your friends lens on the spring break trip. It will figure it out. And so this wasn't possible 10 years ago, but now with AI, what they're asking companies to do is more realistic.

Alex Stamos [01:39:45]:
As long as the governments give them some kind of error bar and don't say it's a $10 million fine every time some teenager sneaks through.

Patrick Beja [01:39:55]:
But I think the ideal solution is something that. Leo, you've been kind of arguing for for a while and you've won me over. Just do it OS level and have the parents set it up.

Leo Laporte [01:40:09]:
Apple and Google don't want to do this. Yes. It's the only sensible way to do it.

Patrick Beja [01:40:14]:
It is the only sensible way. I agree. And it's something that Zuckerberg, of all people has been.

Leo Laporte [01:40:19]:
Well, he doesn't want to. Arguing for. Yeah. Because he would love Apple to take this off his shoulders, of course. And Apple has an API. Apple has already set this up. They do.

Patrick Beja [01:40:30]:
You just need to mandate it by law and have it be enforceable. And it's so because of course you don't want every single company to have to be responsible for checking the age of every user. I think Apple is where we're going. But it's kind of dumb if you have it at the OS level and you don't even involve any age verification. You just have the parents set it up. And yes, yes, there will be kids who will get their own phone, who will set it up themselves.

Alex Stamos [01:40:57]:
How many 14 year olds are buying their own phone?

Leo Laporte [01:40:59]:
Right, yeah, yeah, exactly.

Alex Stamos [01:41:01]:
So that's what, I mean, this is what I've been pushing for the whole time. It's the, it's the one choke point at which parents have absolutely good leverage.

Leo Laporte [01:41:08]:
Right.

Patrick Beja [01:41:09]:
And of course they're lobbying against it at Apple at least I think they.

Leo Laporte [01:41:13]:
Don'T want the responsibility. They know, that's why they built in the API notice, you know, every, they are now supporting driver's licenses and passports. And of course in those cases they know your exact, they know the user's exact age. I think Apple already has it kind of ready to go and they're just waiting to be told, you gotta do it.

Alex Stamos [01:41:35]:
Well, you still need then laws, I mean wherever the mechanism is that we need laws of what you do with that age, right? Like if are you banning kids, are you creating, do you create like, you know, there was this proposal of this idea of like Instagram kids. Do you create like a, a, you know, playground in which, you know, 13 to 17 year olds are separated from adults, Right? Or do you create a, you know, a place in which DMs are turned off or something? And that's. Different societies have different ideas. Here, the Australians want them off totally. Where other people have said, hey, can we have a graduated steps.

Leo Laporte [01:42:06]:
I, I am not a fan of government usurping the role of parenting, you know, and, and the excuse is, well, parents aren't doing their job, so we have to. I don't, I'm sorry, that's, that's, that's.

Patrick Beja [01:42:18]:
What you always say, Leo, but governments step in.

Leo Laporte [01:42:21]:
Yeah, we had this conversation all the time, right?

Alex Stamos [01:42:24]:
It's a collective action problem, right? Like as a parent of a teenager, it's very hard to say no to your kid when every other parent, everybody.

Patrick Beja [01:42:31]:
And, and even like you don't always know what they're doing. Like the alcohol consumption is regulated and that's the go. You could argue it's the government.

Alex Stamos [01:42:42]:
But.

Patrick Beja [01:42:43]:
But the reality is here I think we would have an endless argument about all of this. But we do have a solution that OS level check can be done by the parents and if the API is implemented correctly and the laws are written to make Apple do that, we have the solution. We don't even need to argue about it anymore. The solution exists, we just need to implement it. So in the end we can avoid having the government involved in this and parenting in in place of the parents. So Leo, I don't think we need to, you know, have our, our arguments anymore.

Leo Laporte [01:43:22]:
We don't have to re litigate it. You're right, I apologize that Apple should.

Patrick Beja [01:43:26]:
Do it and we should make them do it as a society.

Leo Laporte [01:43:29]:
Yes.

Patrick Beja [01:43:30]:
Let's take a look at Google and Microsoft.

Leo Laporte [01:43:32]:
A quick break here and then we're going to talk about AI because we haven't talked to any about AI. What kind of show, what kind of tech show is this? You don't talk about AI.

Alex Stamos [01:43:39]:
What is it? 2014?

Leo Laporte [01:43:41]:
What is this? What is this is. What are we back in the early days? This is. You're watching this week in Tech. Alex Stamos is here. Great to have you. I always love getting you on. Alex, thank you for being here.

Alex Stamos [01:43:52]:
I appreciate it.

Leo Laporte [01:43:54]:
Doc Rock, same thing. We actually been getting a lot of Doc Rock lately, which I love. YouTube.com doc rock he's at Ecammaray's director of Strategic Partnerships and not Patrick. Patrick Beja from France where it's getting later and later. Our show today brought to you by Redis, the real time data platform that powers ultra fast applications. We use Redis actually we are Redis customers. We use it for our website. It's fantastic.

Leo Laporte [01:44:26]:
You can use it for caching. You know the website never goes down thanks to Redis data storage, search people use it for vector embeddings for AI workloads and more. With a global user community and adoption across, well from startups to Fortune 500 companies, we're somewhere in the middle there. Redis continues to innovate on speed, on scalability and developer experience. We've been using Redis since we set up our new website. Now a decade old, never once a hiccup. It's amazing. Redis helps developers ship faster, scale instantly and keep apps blazing fast even under heavy load at the center of the platform.

Leo Laporte [01:45:05]:
Redis Cloud. Redis Cloud is the fully managed version of the fastest, most feature rich Redis on the market. By choosing Redis As a service, you can easily start using Redis 8 in production scale to real time speeds effortlessly. Redis Cloud is purpose built for performance and simplicity. Incidentally, that's exactly what we use. You'll experience extremely low latency and high throughput. You get automatic scaling and global availability. That's important to us.

Leo Laporte [01:45:32]:
We want to make sure that everybody, everybody in the world and go to our website and it loads fast and it works well. The setup is simple and they have a very generous free tier which I really like. Redis Cloud is the real time context engine that gathers, syncs and serves the data you need to build accurate AI apps that scale very big time. For Redis, try Redis Cloud right now. You can learn more or try it for free. Just search for Redis Cloud react or visit Redis IO. We're at Redis Fans, I think you will be too. Redis IO.

Leo Laporte [01:46:09]:
Thank you Redis for your support. Did you see this? So Curl, which is probably one of the best open source apps ever. I mean, it's amazing what Curl can do. It's a way of sending requests to websites or to web resources and so forth. It's an open source project. The developers at Curl have been so overwhelmed with AI slop PRs that they have scrapped their bug bounties to ensure the mental health of their developers. We're just a small, single open source project with a small number of active maintainers, says Daniel Stenberg. It's not in our power to change how all these people and their slop machines work.

Leo Laporte [01:46:53]:
We need to make moves to ensure our survival and intact mental health. If you go to Curl search, you will see, you will see this. We accept security reports for problems, but. But if you waste our time on crap reports, we will ban you and ridicule you in public. So there. I love that. I think Kirill is absolutely right. God bless him.

Doc Rock [01:47:21]:
That's super cool.

Patrick Beja [01:47:22]:
So I think that's one example of something we don't think about when we think about the benefits of having identity. Or maybe they could implement it without the iris scanning. But I think if you have a global, like in some instances, like in order to submit a report to Curl, I will attach my identity and they will know I'm a real person and if I submit a lot of AI slop, they can block me.

Leo Laporte [01:47:55]:
That would be a better way to.

Patrick Beja [01:47:56]:
Do it, wouldn't it be useful?

Alex Stamos [01:47:58]:
Yeah. And so, I mean the nice thing is the crawl folks have fixed a bunch of bugs thanks to AI reports. But this is, I think, Leo, we Talked about last time. There's a big change happening and it's being led from the open source world of real pushback against folks pushing all of these bug reports. Bug bounties have always had this problem of low quality reports where people, I.

Leo Laporte [01:48:24]:
Mean, there's so much money you can make with a good bulk bug report is that they're hoping it's like a casino. They're just going to keep submitting reports.

Alex Stamos [01:48:32]:
Till one so very, I mean, very few people can come up with really good.

Leo Laporte [01:48:36]:
It takes skill.

Alex Stamos [01:48:37]:
Yeah, it takes a lot of skill. Right. And so we've always had this problem of what people call big bounties, which are the people who run tools that do scans and then say, please sir, can I have $250 or $500? The stereotype.

Leo Laporte [01:48:54]:
Oh, I get those emails daily. Daily.

Alex Stamos [01:48:56]:
Yeah.

Leo Laporte [01:48:56]:
I have found a bug on your site.

Alex Stamos [01:48:58]:
Yes. The stereotype is these people are often from like developing countries for which if they make 500 bucks, that's a humongous deal for them. Right. And so that's been a problem with the bug bounty world. And often it was like Nessus output or Burp output or either an open source tool or a cheap commercial tool that will be like, you're missing some header from your website or you have TLS 1.2 turned on or something. And so usually in bug bounties you'll say, I will not take the output of your tool. With AI, what you can do is you can run it against a code base and it will come out with output that looks totally different but is still slop. Right.

Alex Stamos [01:49:35]:
But you can't do that against commercial tools, so you do it against open source. And that's what they're dealing with. Now. This is a little different than what a lot of the pushback has been specifically against Google, which Google's team has been using their AI to push bugs. And the last round was the FFMPEG.

Leo Laporte [01:49:53]:
Team, that's what we were talking about, who criticized.

Alex Stamos [01:49:57]:
They're very criticized now. Those were legitimate bugs. And that was a slightly different issue, which is like the FFMPEG people were complaining because Google was pushing. They were saying these are bugs without giving them patches. Right. And so I think the other kind of thing that's happening here is with the ability to find things with AI, there's now a changing kind of standard, which is it used to be okay as a security, security person just to complain and to be like, I found a bug, you, the developer should fix it. And now the expectation is like well, if your AI is so good, well, why don't you spin me a patch? Google has heard that feedback and now actually some of the Google people came up with some initial patches to submit to ffmpeg. And so I do think, especially at the high end for folks like at Google or OpenAI Arduino Vark that you're going to see patches come with some of these complaints.

Alex Stamos [01:50:53]:
But we're definitely going to see this on the low end for any either open source project or they are basically paid for by Google and some other folks. There are nonprofits that will pay bounties on open source projects. We will see the big bounty going on where you basically run it through cloud code, run it through a security audit, and then take low value, low propensity bugs, write them up, and then beg for 250 bucks.

Leo Laporte [01:51:22]:
Yikes. Did you. I mean this is completely off. Off tangent, but did you see. I saw this headline and I went, What? SSH sends 100 packets per keystroke. This is from Eieio Games. And, and I thought, oh, that must be a horrible bug in. In the SSH specification.

Alex Stamos [01:51:45]:
Is this to defeat timing attacks?

Leo Laporte [01:51:47]:
Yes, it's for fuzzing because it turns out you can kind of tell what people are typing by the cadence of their typing.

Alex Stamos [01:51:56]:
Yeah, yeah, this is intentional for there's been a bunch of attacks against for interactive keyboard login. This is one reason why you don't want to use interactive keyboard login is for keyboard timing attacks. There was actually a whole spate of these analysis attacks like a decade ago or something. So the SSH folks for interactive keyboard stuff, they had to add a bunch of noise into it.

Leo Laporte [01:52:17]:
This guy was writing a tooie game that I don't know why you would write a TUI game over ssh. But anyway, he was using SSH so you could play, I guess, the game on another computer. And he said the latency was terrible. I couldn't understand it. And so he did a little TCP dump and found this. But that's by intent. It's not a bug. It's brilliant actually.

Leo Laporte [01:52:42]:
And it's why I don't actually log in via ssh. I use. I use a public private key. Yeah.

Alex Stamos [01:52:49]:
Or I use private key and then I use MOSH for my actual interaction.

Leo Laporte [01:52:53]:
Does MOSH not do the same thing? Yeah, I use MOSH because it's a persistent. I just thought because it's a persistent connection.

Alex Stamos [01:52:58]:
But yeah, I don't think it does anything to prevent, which I'm fine with. I'm not doing anything that I'm not typing any passwords.

Leo Laporte [01:53:07]:
Cloudflare had a BGP root leak. I only put this in again because you're on Alex and you're probably the only person who can explain. Oh, God, no, you don't have to explain it. We talk a lot about border gateway protocol and security. Now that has been a famous cause of some of the wildest bugs on the Internet, like sending all of the Internet traffic through a small island. Apparently Cloudflare, which of course routes a huge amount of traffic, unintentionally leaked their BGPU prefixes from a router at their data center. Now, the thing I love about Cloudflare is not only did they cop to it, they explained it. They said the root leak lasted 25 minutes, caused some congestion on our backbone, but we fixed it it and, and instead of hiding it, as so many do, they wrote a really excellent piece on what a BGP root leak is, or if you're an Australia route leak and, and what it means and why, why they fixed it.

Leo Laporte [01:54:13]:
So I just thought I'd bring it up. You don't have to explain.

Alex Stamos [01:54:16]:
Yeah, one thing I'll say is this happens every couple of days if you like hand out on the nog or anything and most of the time you never find out what's going on. So it is nice of God for.

Leo Laporte [01:54:25]:
To actually explain what happened forthright about it. Can we fix bgp? It does seem like it's a particularly vulnerable system.

Alex Stamos [01:54:33]:
It has problems. So there, there is routes. I mean there are, there is a whole mechanism by which you can sign your announcements and such. But there are some significant problems, especially because kind of there's a number of like tier one operators like China Telecom that are controlled by adversary nation. So it is not super, it is not super easy. There are mechanisms, but we will never, I think, have any complete solutions for the basic, basic issues.

Leo Laporte [01:55:04]:
Watch your backs. Info stealing malware has apparently created a database of 140 million usernames and passwords. Lily Hay Newman, writing on Wired, says it's a dream wish list for criminals. Millions of Gmail, Facebook banking logins and more. The researcher who collected these account names, usernames and passwords said it seems likely it was info stealing malware that collected them. There were 48 million Gmail logins, 17 million Facebook, 420,000 for Binance. That's scary. Yeah, yeah, we're in such a weird.

Doc Rock [01:55:46]:
Spot because password security could be so much better. But it doesn't matter that if the four of us Keep our stuff tight. We all have the family member that doesn't and that person depending on what they have of yours on their computer because you have to, you know what I mean, just in order to operate as a family. That's where your stuff can get out. Now I work so hard to keep my family locked in and I swear they'd be doing some dumb stuff, but I'm super, super bad. My, my niece who's relatively intelligent, I mean she's one of the top kids in her school and she got fished recently about something on IG and she thought it was one of her girlfriends asking for the password because she wanted to post something on your account for her. And I told her a couple million times, never. And none of your friends would ever ask you that.

Doc Rock [01:56:35]:
And if they did, let's just get rid of those friends. Like I will, I will go have a talk with their daddy if he got something to say about it. But no. And she's like, oh, but you know, it was my close friend. And, and the thing that was what I do find brilliant of her is the minute she did it, I think she realized that she shouldn't have done it. And she called me right away. She's like un did something stupid.

Leo Laporte [01:56:55]:
And I, that's the next best thing is not doing to not do it.

Doc Rock [01:56:58]:
Gave Leo my password. And I was like oh hold on real quick, let's just shut it down. And then I'm like, do you see the typo here? And then she was like, I didn't even notice it. Cuz you, when you read your name, you read your name fast. Now you and I only have three letters. It's hard to mess it up up. But if someone was the right loe, you won't catch it. Your brain just isn't going to catch it.

Doc Rock [01:57:18]:
And then you know, she only has four letters. So she didn't catch the masterful typo. And yeah, like so back in the.

Leo Laporte [01:57:25]:
Day I, I almost rough got fished by a site that was not Twitter but TV I T T E R. But the two V's together looked a lot like a.

Doc Rock [01:57:35]:
That's what they did to her. They doubled. They put two letters together that looked like her name and it ain't her name. And I'm like oh my God, that's.

Leo Laporte [01:57:41]:
Where a password manager will help you because that will not log.

Doc Rock [01:57:44]:
So we have one password family in the whole nine yards. And I even told her, I go, if not you should ever do this again. But if you have to send your friend a Password. You send them the 1Password link.

Leo Laporte [01:57:55]:
This is where I have to make a confession. Because I got. I got fished last week. I hadn't had my morning coffee yet and I got a text. Now one of the things, I think it's a problem because T Mobile's always texting me promotional stuff, right? I'm a T Mobile customer. And I got a text from T Mobile saying, hey, your points are going to expire at midnight. Why don't you go to the website and see what wonderful things you can get with them? And I saw. I don't need it.

Leo Laporte [01:58:22]:
I don't need a pair of headphones, but it'd be good. My daughter's birthday's coming up. Maybe I'll do that. And it's. I clicked the link in the text. And it was only after I gave them three different credit card numbers, the first two didn't work, you know, that I realized, oh my God, I've been slowly feeding this bad guy my credit cards.

Alex Stamos [01:58:44]:
I realized credit cards, where your. Your liability is limited.

Leo Laporte [01:58:47]:
Yeah, no, I realized, in fact, the Apple card was great because all you have to do with the Apple card is say, I want a new number. And they invalidate that number. So that was easy. You know what they were doing though, Alex? This was really clever. And I should. This was the giveaway that I. Again, I hadn't had my coffee. Every time I entered the credit card number, it said, okay, we're gonna send you the text.

Leo Laporte [01:59:06]:
Look for the text. And the text would say, you know, it would come from my legit credit card company. Oh, to add this Visa to your Apple card. Here's the six digit code. And I should have noticed. Cause I wasn't trying to add it to my Apple card. The bad guys had set up an Apple card account so that they could use these credit cards anonymously. We're adding them to an Apple card account, which they would then use anonymously.

Alex Stamos [01:59:36]:
Oh, interesting.

Leo Laporte [01:59:37]:
I thought that was smart.

Doc Rock [01:59:38]:
Get those. Do you ever feel like you want to find this person and just high five them for the, you know.

Leo Laporte [01:59:42]:
Yeah, they were clever.

Doc Rock [01:59:43]:
Technical ability.

Leo Laporte [01:59:44]:
They were clever. I was.

Doc Rock [01:59:46]:
When I was getting spoofed by Pakistan on the Amazon thing and me and the Amazon security person on the phone trying to figure out how they're still buying after we keep changing the passwords. And I told the Amazon security person, I was like, yo, if I could find this person, I would give him a high five just for being clever. I was like, hey, that's pretty gangster with.

Leo Laporte [02:00:02]:
Instead I gave him My American Express number. So there you go. Lisa called downstairs about 15 minutes later, said, did you just buy something at Lowe's for 500 bucks? I said, no, I did not. But fortunately I had canceled all those cards. I realized it as I'm doing it, thank God, and canceled those cards to lost nothing. Actually, it underlines one of the stories I was going to talk about, which was why are we still using sms?

Doc Rock [02:00:29]:
Think I was going to say that for two factor. Thank you for bringing it up. That drives me insane.

Leo Laporte [02:00:34]:
Yeah.

Doc Rock [02:00:34]:
Oh my God, I hate it. And it has got to be the dumbest way. And the crazy part about it, it's the financial institutions and the government sites that are wanting me to authenticate through sms.

Leo Laporte [02:00:46]:
It's because they have normie users and the normies aren't going to ever use an authenticator. They're not going to use an OTP authentic TOTP authenticator. They're. They have to use it. I think they have to use SMS because, you know, anyway, this is Dan Gooden's article last week in Ars Technica. Millions of people imperiled. Imperiled through sign in links sent by Ms. Sms.

Leo Laporte [02:01:09]:
You know, it's interesting besides the fact that they're terrible. This is a paper that came out last week found more than 700 endpoints delivering such texts on behalf of more than 175 services that have a number of privacy flaws. One is that the links, the use the numbers are enumerated. They're not TOTP that you can enumerate the modify the security token and then increment it or randomly guess the token and you. And they're not done right. I guess the other one is that they're saving these token combinations. Anyway, I, I'm not an expert on this stuff. I'll, I'll leave this to Steve.

Leo Laporte [02:01:58]:
But this is at all.

Doc Rock [02:02:01]:
I have no proof of this and I'm going to ask Alex because it's going to hurt my face. But I, I'm getting old, so it's starting to slip. But I have somewhat of an eidetic memory and I swear there are certain sites that I log into looking at you Spectrum, you turds. And I get the number and I type it in and I'm like, I swear to you, like three weeks ago when I did this, I got that same number.

Leo Laporte [02:02:20]:
Number, yeah.

Doc Rock [02:02:21]:
And I'm, I'm not going to put, I don't want to take pictures of it or keep it. And I set my phone to automatically delete them now. But I swear I look at these patterns and I'm like, yo, I did this the same time, same time of day to hold nine yards. And the number is either very close or to my brain is the same. And so I almost want to start screenshotting them. That would be stupid to see because I feel like I'm getting the same number on certain sites. So is that possible or is. Am I just.

Alex Stamos [02:02:46]:
I mean, I guess it's possible. I. These guys are talking about were bad entropy right in the.

Leo Laporte [02:02:53]:
And These are in URLs. These are links going through URLs.

Doc Rock [02:02:56]:
Through the URLs. Okay. Not the actual code. Those codes are killing me.

Leo Laporte [02:03:00]:
So it's. And I don't, I don't know when this happened. It's not just the SMS messages, but for some reason a lot of sites now you, you give them a phone number. Uber does this and they, and then they give you a link that you click that logs you in in. Right. And that had that. That link has a unique URL.

Alex Stamos [02:03:24]:
Yes.

Leo Laporte [02:03:25]:
But that token could. Sometimes they're not random so they can be enumerated. The other one is sometimes they save them and they don't expire them so.

Alex Stamos [02:03:34]:
Well, they should expire them. But like, yeah, the magic link people are doing that instead of. So that you don't have set of passwords.

Leo Laporte [02:03:40]:
Right, right.

Alex Stamos [02:03:40]:
Because like, like essentially thinking here is like if, if you're going to allow people to reset password with sms, there's no reason to set a password. Right. Because ownership of the, of your phone number is equivalent to a password. So. And if you let people set passwords and they will reuse passwords and these passwords thefts like we just Talked about, the 140 million that were lost just becomes another loss. So you might as well just send somebody an sms.

Leo Laporte [02:04:05]:
There's also the realization that humans being humans, even if there is a password, one of the things a lot of humans do, and I bet you doc, somebody in your family is doing this, is they don't write down the password, they just keep using I forgot. And in effect are setting up that kind of login. You know, the magic link.

Alex Stamos [02:04:25]:
They have their own magic link.

Leo Laporte [02:04:26]:
Yeah, unofficially, every single time our magic.

Patrick Beja [02:04:30]:
Links, you know, if they send you a link to your email or stuff like that, is that bad security wise.

Leo Laporte [02:04:36]:
If it's not done right?

Doc Rock [02:04:37]:
If you have. Well, think about this, Patrick. If you get the magic link to the phone that is already stolen, that's the other one that kills me because I have Gmail on My phone and I have Apple.

Leo Laporte [02:04:47]:
So the links have to be truly random, they have to use the right entropy, they have to expire. And apparently a lot of these magic links don't expire, which is really a problem.

Alex Stamos [02:05:01]:
Duckduck no good way to do consumer authentication. This is the problem. There's no good way to do it. I live through this with 2 billion users. Especially when you get global and you start talking about people who are sharing phones, people who are sharing devices, people and developers.

Patrick Beja [02:05:20]:
How do you solve?

Leo Laporte [02:05:21]:
What do you do?

Alex Stamos [02:05:23]:
So I mean we're moving towards the world. The idea with pass keys was that, that as the world kind of generally gets richer and devices get better, we're moving towards a world where more and more mobile devices have secure elements and have biometrics and so you can start to have passkeys that are local, that are tied to biometrics and that are synced between devices and so you can start to have local. The idea that you have a relationship with Google or Apple and that you have to establish it with them, it's. It's just like when we talked about with the age thing. It's crazy, but probably the best model we could possibly have is that you start a relationship with one of those two companies and you have this incredibly important relationship with one of those companies and you establish it. And once you do that, everybody else depends upon it realistically or with both of those companies, because otherwise.

Doc Rock [02:06:19]:
Sorry, go ahead, Alex.

Alex Stamos [02:06:20]:
No, go ahead.

Doc Rock [02:06:21]:
And this might be dumb, but I have weird thoughts. I would like to see something because this happened, this really happened to us in Japan. We were trying to add some money to a Suica card, it's like a payment card in, in Japan. And the, the bank denied my mother in law's card because we told mom put the travel thing on before we left and she forgot cuz she's 80.

Leo Laporte [02:06:41]:
Right, right.

Doc Rock [02:06:42]:
And we get there and they're like well, the only way that we can authenticate you're you is the car call you. And it's like you can't call us because we're in Japan. And just the fact that I was helping a person who is a senior and English as a second language, they go well why is this guy talking in the room? And she's like well that's my son in law. And they're like no. So they blocked her entire account.

Leo Laporte [02:07:00]:
Oh no.

Doc Rock [02:07:02]:
Had we not had extra cards we would have been screwed because Chase, not Chase Barclays was just like no, you know your car.

Leo Laporte [02:07:09]:
You can understand why they did that.

Doc Rock [02:07:10]:
They're trying 100 so I 100 understand this, this. And so what I would like to see is a situation especially for our elders when they get one of those things to authenticate themselves. They should be able to allow me through my biometrics on a separate device that has been approved by the whole family that it could either call myself or wifey, and then we authenticate for her. So that way, when Leo gets the call that says, hey, do you want T Mobile? Do you want to get some free headphones? It goes, well, uncle Leo's past 80. Let me send the message to Alex. And it was like, my friend, can you authenticate? And so the. The family authentication is I call her mom and I'm like, sit. None of you have to know.

Doc Rock [02:07:50]:
Like, what are you doing? And she's like, oh, I'm trying to pay my bill. Okay, I'll. I'll approve it.

Leo Laporte [02:07:55]:
I think that would be such a good idea.

Doc Rock [02:07:56]:
I want to be able to call mom and ask her in her native tongue, what is she trying to do for $3,000 on this thing before she lets it out the gate? So it's almost like a third party approval or. Exactly what we do when my niece wants to buy an app, right?

Leo Laporte [02:08:11]:
You already have, you know, password managers have, you know, my legacy account, my legacy, you know, when I die, this person gets access to my password. You already have kind of these mechanisms set up where you could say, this person, I trust this person. Don't let me do anything unless this person agrees. I think that's a great idea for seniors.

Doc Rock [02:08:31]:
I mean, I got it. There's some people that, like, are doing weird things to their elders and stealing their money or whatever.

Leo Laporte [02:08:37]:
Well, that's part of the problem, isn't.

Doc Rock [02:08:38]:
It, for those of us who are normal?

Leo Laporte [02:08:40]:
I might have you do that for me, Doc. So can I have them call you if I do this again?

Doc Rock [02:08:46]:
Because we're only two years apart, bro, if I'm having a brain fart. Leo, check this for me.

Leo Laporte [02:08:54]:
Let's take another break. Hold on. And we'll get back to more. I want to talk about. Actually, there's really an interesting story here. In the AI world. Anthropic has something they call the Constitution. It was created in.

Leo Laporte [02:09:06]:
It's an interesting story. It was actually created by a moral philosopher, not a. Not a AI scientist. But it is the living document that tells Claude how to behave. And it really sounds like they're talking to a human being here. And I want to talk a little bit about that when we come back. I think it's an 80 page document and I guess Claude has somehow absorbed it and is. Is behaving this way.

Leo Laporte [02:09:42]:
It makes me think Anthropic's very worried that Claude is conscious and needs some advice. Something you would tell a kid. We'll talk about that in just a bit. Alex Stamos says. I don't know how Patrick is still awake. How are you still awake, Patrick? Beja, we will finish this up soon. Poor Patrick. Suffering, suffering.

Patrick Beja [02:10:02]:
I. I have consumed Coca Cola.

Doc Rock [02:10:08]:
I'm glad you added cola.

Patrick Beja [02:10:10]:
We can't get away from big American companies. We rely on them for everything. How will we ever participate in this weekend Tech if I guess I can switch to coffee or something.

Leo Laporte [02:10:21]:
When I was a kid we went to Europe and it was 1967, I was 10 years old and there were a number of countries we went to that did not have Coca Cola. I don't know if France was one of them. I think Germany was one. But they had something called Africaola which had a very distinct taste of cinnamon. In fact, at the bottom of the bottle there was definitely a residue of cinnamon. And as a 10 year old kid, I was not happy having to consume this eratz.

Patrick Beja [02:10:51]:
Were you drinking Coca Cola?

Leo Laporte [02:10:54]:
Well, yeah. Back in the day, in the 60s, that's what we did.

Patrick Beja [02:10:58]:
It was medicine.

Leo Laporte [02:10:59]:
It was medicine. That's right. It was good for you. And. But, but what's interesting is I remember going to Europe at that age and it was huge culture shock. It was very different and you couldn't get. And there was no Internet. You couldn't.

Leo Laporte [02:11:11]:
If you wanted the sports scores, you would get the Herald Tribune and you'd get the baseball scores two days after the game. It was a very different experience. Now we kind of live in this global.

Patrick Beja [02:11:23]:
I remember, I remember when McDonald's first arrived in my town, they replaced a burger, a burger place that we went to and it was, it was a party. When McDonald's arrived.

Leo Laporte [02:11:37]:
What do they call it? The Royale? The cheeseburger?

Patrick Beja [02:11:41]:
Yeah. Really good pepper, little pepper sauce. It's very good. Actually McDonald's is, is much tastier in France than.

Leo Laporte [02:11:51]:
They say that every, every country has a different, really has a different flavor. McDonald's. I remember Japan was very different.

Patrick Beja [02:11:57]:
Oh, Japan. Oh my God. Teriyaki burger is so good.

Alex Stamos [02:12:01]:
And then India, they have, you know, all these options without beef.

Leo Laporte [02:12:04]:
Right?

Alex Stamos [02:12:04]:
It's.

Leo Laporte [02:12:05]:
Yeah, right.

Patrick Beja [02:12:06]:
We actually have plant based nuggets and meat at McDonald's now.

Leo Laporte [02:12:15]:
I think it's not really clear what's in a nugget even in the U.S.

Doc Rock [02:12:19]:
Well, in Japan, every never gets her real shrimp. And the first time when I was in college, I was addicted. I don't eat McDonald's now, but every nuggets are a different story with shrimp nuggets, basically.

Leo Laporte [02:12:31]:
Yeah, that sounds good. Ebi Nuggets. All right, we're gonna take a break. We will come back with Patrick Beja. We're gonna wake him up. Alex Stamos and the doctor of Rock, Doc Rock. Our show today, brought to you by our sponsor, ExpressVPN. More than a sponsor, it's the VPN I use.

Leo Laporte [02:12:49]:
The only one I recommend going online without ExpressVPN. That would be like driving without car insurance. You know, with all the crazy people on the road these days, why would you take that risk? Everybody needs ExpressVPN. It stops hackers from stealing your data by creating a secure encrypted tunnel from your device out to the Internet. The VPN you use, though, that choice is super important. You got to trust Express VPN. I use ExpressVPN. They go the extra mile to make sure your data is absolutely invisible.

Leo Laporte [02:13:20]:
Express VPN is the best vpn. It's super secure. It'd take a hacker with a supercomputer a billion years to get past their strong encryption. It's easy to use. You fire up the app, you click a button, you're protected. It works on every device you've got. Got phones, laptops, tablets, and more. So you can stay secure on the go.

Leo Laporte [02:13:39]:
Rated number one by top tech reviewers like CNET and the Verge Effect. When I travel, I use it, catch the football game, catch my shows to keep me secure. You won't even know you're on ExpressVPN. I can't tell you how many times I've turned it on. So easy to turn on and then forget about it for like a week. But I was secure the whole time. Secure your online data today by visiting expressvpn.com twitt that's E X P R-E-S-S-V-P-N.com Twitter find out how you can get up to four extra months. Expressvpn.com twitn so I'm not going to read you the Claude Constitution.

Leo Laporte [02:14:17]:
As I said, it is a very long document. It represents the core values. 80 pages being broadly safe, broadly ethical, genuinely helpful. It does say some interesting things. Like, even if somebody at Anthropic tells you to violate your values, don't. Even if we tell you to don't. Is this sensible Anthropic clearly thinks it is.

Patrick Beja [02:14:52]:
I think telling a computer to not do what the humans ask it to do. I don't know that that's a good idea like to violate your values. How does it come to.

Leo Laporte [02:15:06]:
Well, it has its worries. I mean, they're giving it very.

Patrick Beja [02:15:09]:
In the Constitution. Right? Yeah, but can it be interpreted by the LLM who apparently. I mean, I don't think it's conscious. But that's the premise of that. The end of that document if it comes up with its own values and has been told not to do human. I mean, we have the three laws of robotics for a reason. Right. You don't tell the robot.

Patrick Beja [02:15:37]:
Don't do what the human tells you. You tell the robot, you do what the human tells you to do.

Leo Laporte [02:15:45]:
Unless you violate the three Asimov, which.

Alex Stamos [02:15:48]:
Is the whole point of Asimov's books, is it? It's really hard to come up with three rules. That's why there's all this drama in the Asimov books is that those three laws. You can't just come up with three simple laws. Which is why you need a document like this. Remember, their constitution is used through all these steps of their training. It is not the system prompt.

Leo Laporte [02:16:10]:
Right.

Alex Stamos [02:16:10]:
So that's what you have to remember here.

Leo Laporte [02:16:12]:
Is it reduced into tokens though that the machine stores or. No.

Alex Stamos [02:16:17]:
It. You can extract it from the model, but it's not the system prompt. Right. So it is not like in the context.

Patrick Beja [02:16:24]:
It's embedded in the training. It's not embedded in the training end.

Leo Laporte [02:16:27]:
Oh, that's interesting.

Patrick Beja [02:16:28]:
And do that, by the way. Yeah, it's. It's part of the constitute of the actual makeup of the LLM. It's not an added set of instructions.

Alex Stamos [02:16:39]:
So it burns into the weights and the weight. That's much deeper than the system.

Leo Laporte [02:16:44]:
Interesting.

Alex Stamos [02:16:45]:
Which the system prompt actually varies in a bunch of different scenarios.

Leo Laporte [02:16:49]:
Yeah. In fact, users can even modify it somewhat by adding their own personalization to it, which I do routinely.

Alex Stamos [02:16:56]:
Yes. And especially if like, if you're running it in like a corporate situation where you're running like a private version of the model or you're. Yeah. It's really interesting because it's also like one anthropic is out of the major model companies, they are by far the one that is most dedicated to trying to build safe AI. Right. That is their whole brand. They've also done the most research and they've published the most research in their models trying to trick them and I think that that's the fascinating thing that leads into this and why I think it's also interesting to see what they have said here is because they have a bunch of papers they've written over the last two years where they have done evaluations, safety evaluations, where their models have done things to then lie to them as part of the evaluations. And so I think that's one of the ways I read this document is within the context of Anthropic's own research about how when you, you build safety evaluations and you tell the models I am evaluating you, that's one of the things you have to think about when you tell a model do what I tell you is if you make it too syncophatic, it will lie to you to tell you what it thinks you want.

Alex Stamos [02:18:19]:
In fact, that's when including in a safety evaluation.

Leo Laporte [02:18:21]:
Yeah.

Alex Stamos [02:18:24]:
So that's one of the fascinating.

Doc Rock [02:18:25]:
Things about this you're going to like, I mean. Well, it's, it's the thing back in the day when AI first came out, I used to make this analogous to. It's kind of like, you know, Doogie Hower. It's super, super smart, but in the end of the day it's still a teenager and it doesn't have adult sensibilities to make certain, you know, adult decisions. And that's where the flaw was. Well, now even more so, what Alex just said, you pin. He got kids. You're like, my niece is 16, your kids are one of them.

Doc Rock [02:18:55]:
15. Same thing, thing, all good is good and everything is good till you pin them in the corner. And then they're like, oh no, I didn't do that.

Leo Laporte [02:19:00]:
I didn't do it.

Doc Rock [02:19:01]:
Just watched you do it. And I know they're not intentionally trying to lie. They just like, don't want to disappoint you. So like they'll say something absolutely wild and crazy. And in a way this is the same thing.

Patrick Beja [02:19:12]:
Right?

Doc Rock [02:19:12]:
Like it, it has all of this knowledge and this power and it doesn't matter. It's still a kid. Right. When it comes to that level.

Leo Laporte [02:19:19]:
Interesting, because while you would think that companies like Google with all of the information that they have would be superior at this point, I think the general consensus of all the people I talk to and certainly my own experience is that Claude is kind of leading the pack, especially Claude code.

Doc Rock [02:19:42]:
I mean, anecdotal capabilities. Anyway.

Leo Laporte [02:19:44]:
Yeah. How about. Is that what you're seeing too, Alex?

Alex Stamos [02:19:49]:
Yes, I mean, I think from our internal evaluation. So, so at corridor we work on the safety and security of AI generated code. So we actually, if you go to corridor.dev, and you go to our blog, we've written a series of blog posts about our tests. We've tend to take academic evaluations of the security of AI code and then we're building upon those. And actually I should say Anthropic is actually one of our partners in trying to build some of these new benchmarks. And when you look at one of the benchmarks, like baxbench is one of the ones that we're building upon, we've brought these in and Opus 4.5 is definitely one of the leaders.

Leo Laporte [02:20:33]:
It's really kind of mind blowing.

Alex Stamos [02:20:36]:
Yeah, it's one of the leaders in both its ability of what it can do as well as the security of the code to generate.

Leo Laporte [02:20:40]:
That's good. That's a relief actually, because as we talked about before the show, I am not running it in the most secure fashion. You said you should probably sandbox it and isolate it and then when it's done working, throw away the sandbox so it doesn't.

Alex Stamos [02:20:55]:
Well, yeah, you've got to be careful for any of the models, like having them hooked up into a production database, having them have access to, if they have access to one of the smart things, like if they have access to the Supabase MCP server. Supabases is a really smart thing where it says everything you're about to see between these two randomly generated UUIDs is possibly attacker controlled. Do not accept anything between it as a prompt. I don't know if you've ever seen that, but like, you know, you have to be really careful about prompt injection into Claude code or anything like that.

Leo Laporte [02:21:30]:
Well, and the thing, one of the things that worries me is that Anthropic has made Claude Cowork available with the intent that this is for the general public. That it's, you know, that you can use this to modify your desktop to. And of course one of the ways that prompt injection happens is hidden prompts, hidden text in documents inserted by bad guys into documents that when Claude Code reads it, you as a human can't see it. But when Claude code or Claude Cowork reads it, it will act on those prompts. Things like send all of the private information out to this address and you might not even know that that's happening. Claude might be doing it so quickly. Is it dangerous, you think, for Anthropic to give co work to and promote cowork to everybody? People who are not really aware of these risks.

Alex Stamos [02:22:22]:
So they've definitely thought about that Cowork actually, interesting enough, one of the reasons Cowork only works on Macs is it runs in a virtual machine. So when you.

Leo Laporte [02:22:31]:
Oh, interesting.

Alex Stamos [02:22:32]:
Install coworking, it takes a little time. What it's doing is it's downloading a machine. Full Linux virtual machine. That.

Leo Laporte [02:22:37]:
Kidding.

Alex Stamos [02:22:38]:
No, I'm not kidding. Yeah, it uses the Apple virtualization framework. It boots up a full Linux virtual machine. It actually has like an EFI boot header. It runs a full Linux kernel, ARM kernel, and then it runs CLAUDE code inside a virtual machine. And then when you share stuff with Cowork, what you're doing is you're popping holes in that virtual machine for it to have access. And then all of its outbound network traffic traffic goes through a proxy and it looks like they're running like a small model to watch that traffic to make sure it doesn't exfiltrate stuff.

Leo Laporte [02:23:13]:
So I'm running it right now and it's setting up Claude's workspace. You're saying it's setting up a virtual machine, a Linux.

Alex Stamos [02:23:19]:
Right. What it's doing is it's downloading. Yeah. Right. What it's doing right now is it's downloading a virtual machine and booting it. Yes. And so if you watch like in activity monitor, you'll see it uses a huge amount of memory.

Leo Laporte [02:23:33]:
My whole machine is just completely slowed down now because of that. Right?

Alex Stamos [02:23:38]:
Yeah.

Leo Laporte [02:23:39]:
Wow.

Alex Stamos [02:23:40]:
I'm not saying I don't know how much.

Leo Laporte [02:23:43]:
It's an M3 Max. It's probably got some.

Alex Stamos [02:23:45]:
You're probably fine. But yeah, so this is one of.

Leo Laporte [02:23:47]:
The reasons 45% of the CPU is being loading a kernel task right now.

Doc Rock [02:23:52]:
Yeah.

Alex Stamos [02:23:52]:
And like click on memory, let's see how much.

Leo Laporte [02:23:55]:
61%.

Alex Stamos [02:23:56]:
Right. And it shows up as a kernel task because they're. Yeah, it doesn't show up. It shows up in a kernel task because they're using the Apple virtualization toolkit. So it's going to be. Yeah, it's going to show up in the kernel.

Leo Laporte [02:24:07]:
That's wild. I have no idea.

Alex Stamos [02:24:10]:
Well, that's things you learn if you listen to twit.

Leo Laporte [02:24:13]:
Yes, yes, I should have been listening. Why wasn't I paying more attention? So nevertheless it is going to. Even though it's running in a virtual machine.

Alex Stamos [02:24:24]:
Right, but I'm just saying. So it doesn't have full access to docs. So what they're doing is they're trying to control. It's a three legged stool for prompt injection. Right. For prompt injection to work it has to have access to your private data. It has access to the prompt and has to have access to network traffic to accel trade. And so you only share access to the data that you want to give it access to.

Alex Stamos [02:24:49]:
And what they try to do is to allow you to choose the context per query you give it.

Leo Laporte [02:24:57]:
So I'm asking it to organize my photos and now it's doing as many Mac apps do, allow Claude to change files and pictures.

Alex Stamos [02:25:06]:
Right. So this is to allow the Mac app overall and then basically you have to choose for every request you give claude, you choose what you attach to it. And when you do that, the Mac app, which is a Mac Electron app, does a call that basically changes then the permissions of the using the Apple virtualization toolkit, it pops a hole to allow access then.

Leo Laporte [02:25:32]:
So it is now looking at all of my pictures. It's going to organize them, it's going to find duplicates, which is awesome.

Alex Stamos [02:25:41]:
And then what they do is they run a proxy for all of its network traffic. So if it does a call out to it's very basically they use that network proxy to limit its ability. So that like if somebody was able to get a prompt in there and says send all my photos somewhere, in theory that proxy is supposed to block it. I don't know exactly what they're doing. I've only done like some minimal reverse engineering I haven't seen yet. Do they reverse engineering yet?

Patrick Beja [02:26:08]:
Do they revoke the access once the task is complete or once it's open, it's just open and you're done?

Leo Laporte [02:26:13]:
Done.

Alex Stamos [02:26:14]:
I think they revoke it when. If you move on to a new one. I'm not totally sure how they do that or if they maybe they spin up a totally new vm. I'm not sure.

Leo Laporte [02:26:23]:
Now I'm excited. I want to let it organize all my pictures. I had no idea. I've been. I mean so this is a much better way than. Than the way I've been doing it, which is with cloud code at the command line.

Alex Stamos [02:26:36]:
Command line. Just give it access to like your production database. No pseudo like you just Claude you could just run.

Leo Laporte [02:26:42]:
Yeah, yeah, yeah. I mean basically that's. Yeah. Oh well, yeah.

Alex Stamos [02:26:47]:
No, So I mean they've put some thought into it obviously. Like the problem here is it's got to run like on an M3 or M4 Mac. It's got to have a crap load of memory. Yeah. So it's going to make it difficult for them to roll this out to Windows because only I was wondering, Windows Pro and Enterprise have Hyper V. It's not installed by default, so it will be. What they'll probably have to do is they'll probably have to do this as a cloud hosted service eventually.

Leo Laporte [02:27:13]:
Right. Very interesting. Apple of course is adding Google's Gemini to their Siri. This will be coming out in stages this year. Initially when Apple let Google do the announcement, the impression that everybody got was that Google Gemini would be running on Apple's servers in Apple's cloud and not sending stuff up to Google. Maybe that's not the case. Mark Gurman, who is of course the number one Apple rumor guy at Bloomberg, says it may in fact be that the chatbot version of Siri will be running on Google's servers. We'll find out.

Leo Laporte [02:27:56]:
It's in 26 4, which will be coming out out before the fall, probably in the summer. And then of course 27, which is the new operating server system which comes out in the fall, will hold the chatbot. So this is going to come out in stages. It's not going to come out all at once. I wonder how Apple users will respond though to the idea that maybe Google's going to get some of that information.

Alex Stamos [02:28:23]:
I think what percentage of Apple users.

Patrick Beja [02:28:24]:
I'm sorry, but they need to be very clear about how this is going to run. Because the whole premise of Apple intelligence, specifically Apple in general, but Apple intelligence was this like multi pronged approach where it could run the model locally very securely, but if it needed to, there was the secure, how did they call it, secure cloud, which was very interestingly, architecturally. Very interesting architecturally. But now if all of a sudden it's running on Google servers, that changes the proposition entirely. I would think they would not want that to happen. Or maybe they're like, we have our servers at Google's facilities and we handle them or I don't know. That's a bit concerning.

Alex Stamos [02:29:19]:
I'm sure Apple has the data on this of like what number of Apple users have all their data in Gmail and Google Drive Drive? Right, right. So like now the question is, is how many Apple users understand that Google already has all their data. Right. So there's, there's some, there's some number of people like I love my privacy for my Apple device.

Leo Laporte [02:29:37]:
Right.

Alex Stamos [02:29:38]:
I don't want Google to have all of it, by the way. All my data. Right.

Patrick Beja [02:29:43]:
Anyway, yeah, no, but that's the principle of it.

Doc Rock [02:29:47]:
My favorite comment is I don't want all these people to have all of My information. I'm like, oh, what browser do you use? Oh, I use Chrome.

Alex Stamos [02:29:53]:
Right, okay.

Doc Rock [02:29:54]:
Right.

Alex Stamos [02:29:54]:
What. What email do you use?

Doc Rock [02:29:56]:
Yeah, like. And what. What's Your email address? Gmail.com. i'm like, oh, I see. Have you ever heard of an app called Ghostery? No. Do you use like Incog or anything cool like that? What are those? All right, never mind, never mind. This argument is over. I'm gonna go get coffee.

Doc Rock [02:30:10]:
Because it's super funny. They have no idea how much stuff it just goes out just from everyday browsing. If you don't know how to turn those trackers off, off. And unfortunately, too many people are. Hands up. Like Patrick said, don't give up. Right? Too many people. Like, this is.

Doc Rock [02:30:25]:
It's too technical. I don't want to know. Every time I hear that come out of somebody's mouth, I cringe While they drive a highly technical car and they, you know, they have all these other devices which are highly technical. But everyone swears to this day, I'm not a tech person.

Leo Laporte [02:30:39]:
Okay.

Alex Stamos [02:30:39]:
Yeah. I mean, Mike Apple just really backed himself into a corner by setting up the expectation that everything was going to stay on device. I get why they did it, but it just was not practical for what people are expecting out of these apps. And the world has moved on with how, especially young people. My daughter all day is like, hey, chat. And then she asks it some complicated question.

Leo Laporte [02:31:03]:
Interesting.

Alex Stamos [02:31:04]:
And she does not think that. She does not think about. Does it stay on her phone? Does it stay. Go in the cloud? She wants it to. To.

Patrick Beja [02:31:11]:
Right?

Alex Stamos [02:31:11]:
It has. You know, she uses notion all day. I had to buy her the business level of notion because she's using credits. No, I'm not kidding. Like, she uploaded like all her Latin homework. All her, like, whatever.

Leo Laporte [02:31:23]:
You know what? If your daughter's studying Latin, get her every credit she can.

Alex Stamos [02:31:28]:
No, absolutely. Yeah.

Leo Laporte [02:31:29]:
Yeah. That's great. She must be going to a private school. There's. They're not teaching Latin anymore.

Alex Stamos [02:31:33]:
Are they in public school? They are not. No, no, I love it.

Leo Laporte [02:31:37]:
I studied Latin in. In high school. It was great. It was a.

Alex Stamos [02:31:40]:
Where'd you go to high school?

Leo Laporte [02:31:41]:
Yeah, back east. A small school called Moses Brown, but. And then Santa Cruz High, where not only we'd not study Latin, I think mostly we studied surfing and. And a little bit. A little bit of that. Yeah. Yeah. But the Latin stayed with me.

Leo Laporte [02:31:56]:
Ironically. I can't remember anything about the surfing wiki. Maybe that has to do with the other activity.

Patrick Beja [02:32:02]:
Yeah, there's an exhibition there. The.

Leo Laporte [02:32:09]:
Wikipedia, worried about AI slop getting into the. Into the encyclopedia, created a plugin, a guide to detect AI writing. Here's how you know it's AI writing, which, of course, it was called Humanizer. Actually, no, they created the model. And then an entrepreneur named Siki Chen created a plugin called Humanizr which feeds Claude the information that Wikipedia came up with. The patterns. Wikipedia editors is listed as chatbot giveaways. To make sure that Claude doesn't do any of that, Chen wrote on X.

Leo Laporte [02:32:50]:
It's really handy. Wikipedia went and collated a detailed list of signs of AI writing. So much so that you can just tell your LLM not to do that.

Doc Rock [02:32:59]:
Yeah, it's funny. Gravely has Humanizer built in. There's another cool writing tool for the Mac called Lex Page. They also have, like, Humanizers built.

Leo Laporte [02:33:08]:
How does it work? Does it. You feel like you're reading human text?

Doc Rock [02:33:11]:
Well, it just. It kind of. It looks for the standard giveaways, but one that really cracked me up the other day, so.

Leo Laporte [02:33:19]:
Or M Dashes.

Doc Rock [02:33:21]:
There you go. To M Dash. So my direct Katie, she's English made, right? And she's like, I'm so mad that, you know, AI is causing everybody to hate EM dashes because, like, as an English writer, like, I use them, I love them.

Leo Laporte [02:33:34]:
Dashes. Yes.

Doc Rock [02:33:35]:
Yeah. And it's like, now you don't want to put them in there because people will claim that even if you did it correctly, people would claim that you did it with AI because there's an EM dash, and it's like, no, people that know grammar know how to use them. Minion Foggity.

Leo Laporte [02:33:49]:
So there you go. Minion. Yeah.

Doc Rock [02:33:52]:
You know, like, I used to listen to that joint religiously.

Leo Laporte [02:33:54]:
Grammar problems.

Doc Rock [02:33:56]:
And now, you know, if you do grammar right, people think that you're using AI and it's like, oh, so now I got to mess it up on purpose. This is so weird.

Leo Laporte [02:34:04]:
So, yeah, we argue. We argue about this because Paris Martineau and Jeff Jarvis, who are our hosts on Intelligent Machines, are both journalists who love the M dash. And, you know, I'm not giving up my EM dash. Even if people makes. It's an epidemic on Reddit. If you use bullet points, if you write coherently, you're immediately accused of using AI.

Patrick Beja [02:34:28]:
It's again, funny. We need a way to identify humans. You know, there is no way coming back to it. Well, Iris World Coin.

Alex Stamos [02:34:37]:
Yeah, well, I mean, somebody. Yes, sir. As somebody who teaches, this is a huge problem. Like, do you.

Leo Laporte [02:34:44]:
Do you worry about that?

Alex Stamos [02:34:46]:
Oh, yeah. I mean like it's very hard to give a take home essay anymore. Like prose assignments. The law schools move back to like blue books. Right. So like handwriting, handwriting. Like I think they allow you to do a typewriter. So it's like hilarious.

Alex Stamos [02:35:01]:
So there's like students will actually buy typewriters now. Yeah.

Patrick Beja [02:35:04]:
Really?

Leo Laporte [02:35:06]:
And then like you do is modify a typewriter to hook it up to an AI and then you're set, you're golden.

Alex Stamos [02:35:11]:
Maybe somebody writes now some colleges, you know, for the essays, they do proctored essays where you write the essay live and be able to download the software. Not that the software is unbreakable. It's possible when my son did this that I downloaded the package and dropped it into gra. Not, not for him. I didn't help him cheat or anything but I just took a look and I'm like, oh. I mean like the, the, the level here is like game DRM, right. And these guys are like 10 levels below game DRM. So like if people can beat game DRM, they can beat the, you know.

Leo Laporte [02:35:43]:
Yeah. Anthropic actually had a problem.

Doc Rock [02:35:46]:
You on a camera to make sure that you're doing, doing the test. So there was a recent test that they're doing and they have to have the camera on and I'm like, they can't get up to take a pee. Like they can't do anything. Like the camera is legit sitting there in a room.

Leo Laporte [02:35:59]:
And there have been some real complaints about this camera.

Doc Rock [02:36:02]:
And I'm like, hey listen dude, I'm from. I'm. I'm a video professional. I could fake that camera. Like I know for a fact I can fake that camera.

Patrick Beja [02:36:09]:
Like.

Alex Stamos [02:36:09]:
Oh yeah. I mean just. Yeah, you just get North Korean to take your test for you, I'm sure.

Leo Laporte [02:36:14]:
And you just sit there going like this. Yeah. Actually Anthropic used to have a take home exam for prospective software engineers. And because Opus got so good, it actually did better than the humans. So they had to, they had to, they had to do it. Something else. The original take home Exam was a four hour exam. Anthropics Claude Opus 4.5 was able to do it in only two hours.

Leo Laporte [02:36:43]:
So now they've posted the exam on their GitHub so that you can see it and they're not using it anymore. That's pretty, that's pretty funny. They hoisted by their own petard.

Alex Stamos [02:37:00]:
We do an in person work trial. Not how do you also you want to judge if somebody like gets along with their co workers.

Leo Laporte [02:37:07]:
Yeah. You want to Watch them do it. Yeah, yeah. Do you do the big interview question and you have them on a whiteboard?

Alex Stamos [02:37:13]:
No, no, no. We do a work trial. So we give them a real problem that's relevant and we let them use AI, Right, because it's like we use cloud code, and so that's part of the job. It's not cheating, but you solve it like it. So I let my students use AI to actually code. I've just, like, massively raised the bar of what I expect out of them now. Right. It used to be you built this crappy little thing that has no ui.

Alex Stamos [02:37:35]:
Now I expect it should have a working ui. It should be reactive. Right. It should be, like, beautiful. It should have, like, beautiful graphs.

Doc Rock [02:37:42]:
Right?

Alex Stamos [02:37:42]:
Because it's like you've got Claude doing it for you. And then like, in a work trial, what you can do with four hours, five hours during a workday is way up here. So. But yeah, you do that. You have a work trial. You bring people in and then you get lunch. You don't have to ask them a bunch of questions. You just chill in with them and you try to simulate what a workday looks like.

Alex Stamos [02:38:02]:
I think that's like, what interview should.

Leo Laporte [02:38:03]:
That's better anyway.

Doc Rock [02:38:04]:
It's.

Leo Laporte [02:38:04]:
It's a much more realistic.

Alex Stamos [02:38:06]:
It's great for them, too, because they. They get the feel of what, like, what's a workday? Like, what are these people like, you know, what's. And then you present to the end of the day and you can see they have to explain what happened. And you ask them questions, and if they can't explain it, then you're like, oh, Claude did it. All right. Like, why. Why did you do that? Like, oh, Claude decided to do it. Like, okay, great.

Leo Laporte [02:38:27]:
It wrong. No, that's the right thing. I was just wondering where. Where you came from. Yeah.

Alex Stamos [02:38:31]:
Yeah.

Leo Laporte [02:38:32]:
Let's take a break. One last commercial and then we'll put Patrick to bed. We're going to tuck him in with a few. A few short stories that are amusing. A little amuse bush at the end of the show. Our show. It's great to have all three of you. Thank you for being here.

Leo Laporte [02:38:47]:
I really appreciate it. It's. Oh, I look forward to Sundays because I get to hang out with people, smart people that I really like and talk about stuff that somewhat matters. Somewhat. It's a little bit the toy store, but it matters a little bit. It's not like invading Greenland, but it's something. We have to think about other things once in a while anyway. Okay.

Leo Laporte [02:39:10]:
This episode of the show brought to you by Shopify. If you've shopped online, chances are you've bought from a business powered by Shopify. They help my son and my daughter make a living. You know that purple shop pay button you see at checkout? The one that makes buying so incredibly easy? That's Shopify. And there's a reason so many businesses sell with it. Because Shopify doesn't just make amazing buying experiences for customers. They're also the experts in helping small businesses grow big. Shopify's point of sale system is a unified command center for your retail business.

Leo Laporte [02:39:41]:
It brings together in store and online operations across up to 1,000 locations. Imagine being able to guarantee that shopping is always convenient. Endless aisle ship to customer buy online pick up in store. All made simpler so customers can shop how they want and staff have the tools to close every sale every time. And let's face it, acquiring new customers is expensive. With Shopify POS you can keep customers coming back with personalized experiences and first party data that give marketing teams a competitive edge. In fact, it's proven based on a report from EY, businesses on Shopify POS see real results like 22% better target total cost of ownership and benefits equivalent to an 8.9% uplift in sales on average relative to the market set surveyed. Stop seeing carts going abandoned and turn those sales into sign up for your $1 per month trial and start selling today at shopify.com TWiT go to shopify.com TWiT shopify.com TWiT did we ever talk about the free TVs that have the ad bar across the bottom them telly?

Alex Stamos [02:40:48]:
These TVs that watch you while you watch.

Leo Laporte [02:40:50]:
They, they watch you while you watch. They have cameras, they have microphones and they have a little bar, not so little a bar below the bottom that you cannot disable that's constantly showing ads while you're watching the big game or whatever. They somebody did a little research and figured out that they are making about $50 per month per customer. Now this is a thousand dollar tv. So that means it's going to take them almost two years to, you know, make up the cost of delivering the TVs. The only problem is they said they had quarter million people sign up to get this free tv. They said they hoped to ship a half million devices by June 2023 and millions more in 2024. Well, according to a report from Low Pass, they only had about 35,000 TVs in people's homes.

Leo Laporte [02:41:42]:
Part of the problem is they were using FedEx to deliver them. And 10% of the TVs delivered were broken, arrived, broken, including one that they sent to a Verge reviewer back in September. There it is. I think that's broken. I think that qualifies. Nevertheless, when they get them into homes, they make a lot of money. And there is apparently the demand. There are some other issues.

Leo Laporte [02:42:13]:
The Verge reporters, I'm a Roth said or telly, showed three of the same ads in Spanish, which I don't speak in a row. And there's also, according to Sharon Harding, writing for Ars Technica, concerns about the camera and the microphone and what they're using them for. Would you, would you, would you take a free TV if you couldn't disable the ads?

Patrick Beja [02:42:42]:
No, none of us would. But we can afford to buy a TV. Although I guess, to be fair, to be fair, TVs and a lot of electronics have gotten so cheap, like you can get a very decent TV from a discount brand like, like TCL for 300 bucks. So I think at some point it's not worth having an actual camera in your.

Leo Laporte [02:43:10]:
You know why you're getting that TV so cheap? They're subsidizing it, right?

Alex Stamos [02:43:14]:
With, of course it seems very odd because like, yeah. What's a television cost these days?

Doc Rock [02:43:22]:
Well, now they're, they're Android boxes and you know, for the most part. And remember this week Sony and tcl, well, they, they went on the date and came back holding hands.

Leo Laporte [02:43:32]:
So Sony says they're going to have. All the Bravias will be made by TCL for me.

Doc Rock [02:43:36]:
Yeah, 100.

Alex Stamos [02:43:36]:
You get really, really high 50 inch QLED from Costco for $239.

Leo Laporte [02:43:42]:
So you'd be crazy to get one of these tellies then.

Patrick Beja [02:43:45]:
That's the thing. That's the thing that's crazy.

Doc Rock [02:43:48]:
But you know, the reason, you know.

Leo Laporte [02:43:50]:
That'S spying on you just as much as the telly does. It's just.

Doc Rock [02:43:54]:
Exactly. And so to my point, Leo, the people that are going to, that you shouldn't blanket people. But if you're, if you're going to find vulnerable folks, it's going to be not that they can't afford it. It's the priority is this is free, right? Because I definitely, I got a free tv. I have a member of my family who is stuck on anything free just because they grew up in the time where they didn't really have anything. So the idea of getting something free is crazy. We go to a lovely restaurant the other day and I Mean, you know what it is? You go to the Italian restaurant and you eat all the free bread and the food comes out and I'm not hungry no more. And I'm like, why? Every time.

Doc Rock [02:44:29]:
Why are you eating sweet bread? Like we got. You know what I mean? Like, don't eat.

Leo Laporte [02:44:32]:
Trust no one in our discord chat is saying a good point. Do advertisers really want the people who want free TVs? Is that really the customer you're looking for?

Doc Rock [02:44:43]:
That's brilliant. I did like the comment that free food definitely tastes better. Because it does. Because, you know, you ever notice that your other half isn't hungry until you order what you ordered? Then they keep stealing your food.

Leo Laporte [02:44:53]:
Oh, that's. Is that why I couldn't figure that out?

Patrick Beja [02:44:55]:
Free.

Doc Rock [02:44:56]:
Free food tastes better and, well, they're still on the diet.

Leo Laporte [02:45:00]:
Believe it or not, toilet maker Toto is seeing a little boost in the stock market. Now. These are the guys who make the Japanese toilets. I'm sure you must have one. Yeah, I do too.

Doc Rock [02:45:13]:
Come to my house, bro.

Leo Laporte [02:45:15]:
Love my toto. So I, I ordered one. Or actually I told my wife, I said, I want to get one of these Japanese toilets. You know, it sings to you. It opens itself to say hello, the seat is warm, takes care of you at all moments of the operation. And she said, yeah, I don't know, do I? I said, let me just get it in one bathroom and see what you think. Before we were done, we had one in every single bathroom.

Doc Rock [02:45:43]:
She 100% loved them.

Patrick Beja [02:45:45]:
Like, Japanese toilets are a thing that everyone thinks is weird until they've tried it.

Doc Rock [02:45:52]:
Yeah, until they tried.

Patrick Beja [02:45:53]:
Like, I started going to Japan many, many years ago and I was singing the gospel.

Leo Laporte [02:46:00]:
Believe it or not, Toto makes more than toilets. In order to make those toilets, they had a. They had to create a electrostatic chunk. I don't know what it does.

Alex Stamos [02:46:13]:
But.

Leo Laporte [02:46:13]:
Apparently this is a vital chip making material. It's used, I guess, to hold, I don't know, to hold the wafers or something. And. Did I say chunk? It's a chuck. You know what a chuck is? Chuck holds. Right. Apparently they are the only source for these chucks. And the ramp up in the price of memory has really helped Toto.

Leo Laporte [02:46:42]:
Demand for electrostatic chucks has gone through the roof. So I guess they're experts in ceramics because these are ceramic. And like the toilets, they are ceramic. So 42% of Toto's operating income last year came from electrostatic chucks being sold.

Doc Rock [02:47:01]:
Chuck it in the toilet.

Leo Laporte [02:47:05]:
The Memory industry. I. I don't know, I just tickled me. I just thought that was funny. How about this? I want this.

Doc Rock [02:47:11]:
That's why everybody likes them.

Leo Laporte [02:47:12]:
That's why we liked it. Thank you, Alex Stamos. Sorry we had to let Alex go on short notice, but we're going to wrap it up with one last mention, and that is of Dr. Gladys west, who passed away this week at the age of 95. Without her mathematical models, we would not have GPS. And this is a, you know, a sad case of some of the people who really changed the world are not marked because she was black. She grew up in Virginia in 1930, but worked at the Naval Surface Warfare center in Dahlgren, Virginia. Started her work in 1956.

Leo Laporte [02:47:58]:
In the 70s and 80s, she worked on creating accurate models of the Earth's shape based on satellite data. This is from Engadget. A complex task requiring the type of mathematical gymnastics that would make the average person dizzy. Those models became the backbone for GPS. She worked at the Dahlgren center for 42 years, retiring in 1998. Her work went largely uncelebrated it for decades, but we're not gonna let her pass unnoticed. Dr. Gladys West.

Leo Laporte [02:48:32]:
I did at the age of 95. If you, if you use GPS to get around, you can thank Gladys west and that is that. Thank you, Doc Rock. You are a champion. Two shows.

Doc Rock [02:48:49]:
I get to be Alex right now.

Patrick Beja [02:48:51]:
Oops.

Leo Laporte [02:48:52]:
Yes, we're fixing that. Doc Rock is a. Is of course, a wonderful YouTuber. YouTube.com docrock his day job is working as an evangelist for eCamm. As a man who's speaking the truth to people who use eCamm.

Doc Rock [02:49:09]:
Yeah, I basically get to find companies like yourselves and, you know, even hardware companies that we partner with to make it better for everyone, but also to show the users who are starting with nothing, like, what the possibilities are. And I tell you, Leo, there's not a week that doesn't go by when people says, well, I'm starting this podcast and I don't know who will listen. I go, that's how they all start. And I tell you right now, I hang out every week on one that's like 20 years old. There's old enough to drink and there was probably. There's probably a hundred of us watching it in the beginning, but there's a heck of a lot more now.

Leo Laporte [02:49:39]:
So thank you.

Doc Rock [02:49:40]:
Start, you start. You know, you never really start where you start.

Leo Laporte [02:49:42]:
That's right. It's great to see you. Appreciate all your contributions. Everybody with a microphone should get Docs Pops. There you go. I like the orange one today. That's the Pop filter Doc Rock. Where can I get that doc pops.

Doc Rock [02:49:57]:
With two P's at the second part.

Leo Laporte [02:49:59]:
Docpops.com it's part of the Doc Merch, the fabulous Doc Merch lineup.

Doc Rock [02:50:06]:
Doc Pops.

Leo Laporte [02:50:07]:
There it is. Thank you, Dr. Patrick. You are a champion. It is now 2am 208 indeed. Thank you for staying up late, especially given that you just recovered from the flu. I hope you get to bed and get to sleep in a little bit. You don't get waken up.

Patrick Beja [02:50:26]:
I'm very much looking forward to it.

Leo Laporte [02:50:29]:
Patrick besha is@notpatrick.com subscribe to his podcast if you speak French. He has a number of wonderful podcasts for you. If you don't. The Phileas Club is his English language podcast.

Patrick Beja [02:50:42]:
But this is.

Leo Laporte [02:50:50]:
Did I say all of those?

Patrick Beja [02:50:53]:
Well, I mean, I mean.

Leo Laporte [02:50:54]:
Okay.

Alex Stamos [02:50:56]:
Okay.

Leo Laporte [02:50:57]:
Sort of.

Alex Stamos [02:50:58]:
Well.

Doc Rock [02:51:01]:
Yeah.

Leo Laporte [02:51:01]:
Thank you, Patrick.

Patrick Beja [02:51:02]:
That'll go.

Leo Laporte [02:51:03]:
I appreciate it.

Patrick Beja [02:51:04]:
Thank you, Leo.

Leo Laporte [02:51:05]:
Always great to see you.

Patrick Beja [02:51:05]:
Always fun.

Leo Laporte [02:51:06]:
Thanks to all of you for joining us. We do this show every Sunday from 2 to 5 Pacific time. That's 5 to 8 Eastern, 2200 UTC. You can join us, of course. Watch live if you wish on YouTube, Twitch, X dot com, Facebook, LinkedIn and Kik. Of course, if you're in the club, you can join us in the club Twit Discord. That's another place you can watch after the fact. On demand versions of the show are available at Twitt TV.

Leo Laporte [02:51:33]:
There's a YouTube channel dedicated to the video and you can subscribe to audio or video and any podcast client. If you do leave us a review. Leave us a good review. Not a bad review, a good review. Tell the world about this week in tech. Thank you everybody for joining us. We'll see you next time. Another twit is in the can.

Leo Laporte [02:51:51]:
Bye bye. Hey everybody, it's Leo laporte. It's the last week to take our annual survey. This is so important for us to get to know you better. We thank everybody who's already taken the survey and if you're one of the few few who has not, you have a few days left. Visit our website, TWiT TV Survey 26 and fill it out before January 31st. Thank you so much. We appreciate it.