If your computer is one of those which has an Intel CPUs released in recent years (it probably does) then there’s some big news on the security front.
As The Register reports, a newly-discovered design flaw has been found on Intel CPU hardware that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory.
Precise details of the security vulnerability – which is known variously as KPTI (Kernel Page Table Isolation), KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) and even F*CKWIT (Forcefully Unmap Complete Kernel With Interrupt Trampolines) – have not been made public, and with good reason.
The very real fear is that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer’s memory which may be storing sensitive information. Think passwords, private keys, credit card data…
Intel isn’t able to push out a firmware update to its chip. That means operating systems like Microsoft Windows, Linux, and Apple macOS, which relied upon Intel’s hardware to provide some of these essential security services, will have to push out their own low-level updates to do the job that they were previously relying upon Intel to do.
Meanwhile cloud services like Amazon EC2, Microsoft Azure, and Google Compute Engine are are also likely to be at risk and will need to be updated.
The good news is that it sounds as if this flaw has been known about (but kept quiet) for a couple of months, and major vendors have been working feverishly on fixes. You can expect the likes of Microsoft and Apple to start rolling out security updates as matter of priority before the flaw is maliciously exploited.
The bad news is that no-one likes to make such low level security updates, particularly under such time-sensitive conditions. Inevitably some businesses will find themselves disrupted by the process.
And going forward, the fact that the operating system has to do more because Intel chips have dropped the ball, may mean that some computer operations take a performance hit.
And few of us are rarely happy with our computers slowing down…
Update: Spectre? Meltdown? F*ckwit? Calm down and make yourself some tea
For more discussion on this topic, be sure to listen to this episode of the Smashing Security podcast:
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Due to security and integrity concerns, they have to say adieu to their personal devices when in the West Wing, and that means everything— phones, laptops, Roombas, fridges, whatever.
Nothing's getting in.
Nothing's getting in.
You never know, maybe someone wants to bring one in, keep their office clean. Are the cleaners at the West Wing that bad? I'm gonna have to bring my own vacuum cleaner in.
It's the only way to deal with this. There's so many breadcrumbs.
It's the only way to deal with this. There's so many breadcrumbs.
Smashing Security, Episode 60. Ransomware, Meltdown, Spectre, and personal devices in the White House with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 60. My name is Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 60. My name is Graham Cluley.
I'm Carole Theriault.
And we rehearsed this before we started, and I completely failed to come in on cue. Oh dear. Welcome to 2018, everyone.
Who are you? Who are you? What are you doing here?
And I am David McClelland.
Hi, David. Good to have you back on the show yet again. Is everyone having a nice New Year? Wait, it's not New Year anymore, is it? Everyone recovered? Back to work, I suppose?
The grind?
The grind?
I have malaise. I have malaise. I have January malaise.
Oh.
It's dark. It gets dark in this country so early. Hate it. I'm just holding up until it gets sunny again.
We are getting close to Blue Monday, which I think is Monday the, well, 13th? 15th or something that. And that is, yes, the most depressing day of the year.
So I'm not alone.
Is that the one where we all have to listen to Joy Division songs? What's the—
Hey, there's nothing wrong with Joy Division.
I have a Joy Division t-shirt.
Not on Blue Monday.
Okay. Wear it on Monday.
All right. Well, usual story after the break, we are going to talk about some of the interesting stories that we've seen in the world of security in the last week.
Smashing Security is supported by Cloudberry. Now listen to this.
With Cloudberry, you can back up files, folders, and system images to the cloud storage of your choice with built-in 256-bit encryption, ensuring your precious data remains private.
Cloudberry supports over 30 cloud storage providers, working on Windows, Mac, and Linux. Plus, no subscription. You pay only once. So download a free trial at cloudberrylab.com.
But there's more. You could also go to smashingsecurity.com/cloudberrylab to get a whopping 30% off the Windows desktop version. That goes for about $20.
With Cloudberry, you can back up files, folders, and system images to the cloud storage of your choice with built-in 256-bit encryption, ensuring your precious data remains private.
Cloudberry supports over 30 cloud storage providers, working on Windows, Mac, and Linux. Plus, no subscription. You pay only once. So download a free trial at cloudberrylab.com.
But there's more. You could also go to smashingsecurity.com/cloudberrylab to get a whopping 30% off the Windows desktop version. That goes for about $20.
Boom.
On with the show.
And welcome back. Well, I think, you know, 2018, it really started with a bang, didn't it?
More a clunk flush.
Well, it all started with fuckwit, didn't it?
Excuse me?
What?
You all know what fuckwit is, right? Right.
There's gonna be a lot of bleeping. So anyone can actually hear what you're actually saying.
I'm talking about forcefully unmap complete kernel with interrupt trampolines.
Of course you were, Graham. Of course you were.
Which was the nerdy and somewhat understandably vulgar name given to a vulnerability on Intel CPU chips.
Not by Intel, presumably.
No, not by them. By people who had the problem of dealing with it.
And this vulnerability could lead to data being leaked from somewhere on your computer that it simply shouldn't have been possible to leak data.
And this vulnerability could lead to data being leaked from somewhere on your computer that it simply shouldn't have been possible to leak data.
This was indeed the biggest story, wasn't it, of the last few weeks?
It was huge. But at first we all thought it was just an Intel chip problem, but oh, unfortunately, it turned out that AMD and ARM chips were also at risk.
And at which point, of course, the acronym got a new name and some funky logos. And we all began to talk about something called Meltdown and Spectre.
And this has caught the imagination of many in the media. It's suddenly escaped from the purely technical press.
And at which point, of course, the acronym got a new name and some funky logos. And we all began to talk about something called Meltdown and Spectre.
And this has caught the imagination of many in the media. It's suddenly escaped from the purely technical press.
Tech firms are rushing to patch a security hole that is affecting billions of computers and smartphones.
It's caused by two major flaws in computer chips called Meltdown and Spectre.
It's caused by two major flaws in computer chips called Meltdown and Spectre.
The bugs could potentially allow hackers to get a hold of users' passwords, photos, and emails.
Homeland Security has even jumped into the fray here in the last couple of hours, warning businesses to act on Intel's alerts and heed warnings about the flaws and figure out how to patch this hole.
Effectively, what people were being told was that the hardware chips inside your computers, inside your smartphones, inside potentially some other devices, maybe even your car, could be vulnerable to an attack, to information being hacked and information being stolen.
Maybe your private keys, maybe your passwords. And not really very easy to fix that kind of problem.
Maybe your private keys, maybe your passwords. And not really very easy to fix that kind of problem.
I think this is too huge for even most people to actually comprehend. You know, it's just too big.
Well, the thing is, normally when there's a vulnerability, what you can do is you can update your version of Adobe Flash, say, aha, I fixed it.
Or, you know, can update your operating system or install the latest version of iOS and that solved it.
But when the problem is actually residing on your hardware chip, what are you meant to do? And at first, I think US CERT actually gave the advice.
They said, well, just replace the chips when you want to.
Or, you know, can update your operating system or install the latest version of iOS and that solved it.
But when the problem is actually residing on your hardware chip, what are you meant to do? And at first, I think US CERT actually gave the advice.
They said, well, just replace the chips when you want to.
Really?
Well, that's not going to happen, is it?
Gosh.
That was what they first advised.
Great.
I can imagine my Auntie Marge doing that. You know, it's not really likely to happen. So inevitably it was left up to software developers to jump to the rescue.
And there are no finer superheroes, I think, than software developers. You can imagine them right now.
Pulling on their Y-fronts over their trousers and leaping out of the window to rescue us all. What they had to do was they had to update operating systems.
They had to update the software, which was actually talking to the chips because they had previously been relying upon the chips to control these sensitive parts of memory and make sure that data wouldn't leak from one program to another.
And now the operating systems had to do that for them, which meant potentially operating systems are having to do more.
At a very low level and maybe would slow your computer down as well, which frankly I think is something that we all relish, isn't it? We all want slower computers.
Apple, Microsoft, Amazon cloud services, all of these chaps started pushing out updates.
And so you may have seen the headline saying, oh, all iPhones are at risk, followed very rapidly by install the latest version of iOS or install the latest version of macOS.
If you can. But there have been problems as well. So Microsoft have had a fix for what we won't call fuckwit, what we'll call Meltdown and Spectre.
But it turned out that some of Microsoft's fixes wouldn't necessarily work with all antivirus programs.
In fact, if you were running some antivirus programs and applied Microsoft's patch, your computer would start to blue screen. Gee! Which is worse than the vulnerability.
A vulnerability, by the way, which no one's seen any evidence of being maliciously exploited.
And there are no finer superheroes, I think, than software developers. You can imagine them right now.
Pulling on their Y-fronts over their trousers and leaping out of the window to rescue us all. What they had to do was they had to update operating systems.
They had to update the software, which was actually talking to the chips because they had previously been relying upon the chips to control these sensitive parts of memory and make sure that data wouldn't leak from one program to another.
And now the operating systems had to do that for them, which meant potentially operating systems are having to do more.
At a very low level and maybe would slow your computer down as well, which frankly I think is something that we all relish, isn't it? We all want slower computers.
Apple, Microsoft, Amazon cloud services, all of these chaps started pushing out updates.
And so you may have seen the headline saying, oh, all iPhones are at risk, followed very rapidly by install the latest version of iOS or install the latest version of macOS.
If you can. But there have been problems as well. So Microsoft have had a fix for what we won't call fuckwit, what we'll call Meltdown and Spectre.
But it turned out that some of Microsoft's fixes wouldn't necessarily work with all antivirus programs.
In fact, if you were running some antivirus programs and applied Microsoft's patch, your computer would start to blue screen. Gee! Which is worse than the vulnerability.
A vulnerability, by the way, which no one's seen any evidence of being maliciously exploited.
Yet.
Yet, exactly.
It does sound as though you've got to construct quite a house of cards to get anywhere near being able to exploit this vulnerability.
And, you know, this is a— I guess it's a bigger point because, you know, it's all well and good security researchers pointing out, oh, look, there's a potential vulnerability here or there or somewhere else with this bit of code or this bit of hardware, but I think we need sometimes to take a bigger picture view to say, okay then, on a score between 1 and 10 or on a red, amber, green, you know, whatever, how likely, how dangerous, how urgent is this?
And I guess that's my question for what we've been seeing here with Meltdown and Spectre.
What is the real risk to people who are listening to this podcast, you know, to their PCs and their phones?
And, you know, this is a— I guess it's a bigger point because, you know, it's all well and good security researchers pointing out, oh, look, there's a potential vulnerability here or there or somewhere else with this bit of code or this bit of hardware, but I think we need sometimes to take a bigger picture view to say, okay then, on a score between 1 and 10 or on a red, amber, green, you know, whatever, how likely, how dangerous, how urgent is this?
And I guess that's my question for what we've been seeing here with Meltdown and Spectre.
What is the real risk to people who are listening to this podcast, you know, to their PCs and their phones?
Yeah. And what can they really do about it anyway? I mean, I was interviewed by a few people and they said, well, what should people do about it?
And I said, just don't panic, make yourself a cup of tea. You know, there's nothing that you can do whatsoever about this problem other than wait for a patch.
Now, unfortunately, some of these patches have had problems with certain products and Microsoft has actually halted pushing out its patch for PCs with AMD chips because devices were getting bricked as well.
So you can certainly argue that some of these patches have caused much, much more of a problem than the vulnerabilities themselves.
And I said, just don't panic, make yourself a cup of tea. You know, there's nothing that you can do whatsoever about this problem other than wait for a patch.
Now, unfortunately, some of these patches have had problems with certain products and Microsoft has actually halted pushing out its patch for PCs with AMD chips because devices were getting bricked as well.
So you can certainly argue that some of these patches have caused much, much more of a problem than the vulnerabilities themselves.
Because they're sitting there hurrying to get them out. Someone's probably pulling an all-nighter to work on it and it, they ran through testing and then was slammed out quick.
Well, it's not quite as bad as that because the researchers, and there were 3 different research groups, I think, who found these vulnerabilities.
It's a fascinating story of how they all found it at the same sort of time. But they told these vendors months ago about these problems.
It's only been made public in the last week or so. So there has been some time.
I'm still impressed because suddenly people will have worked over the holiday period to get these things ready and to get them out as soon as possible.
But, okay, so maybe right now there's only a small chance of anyone being attacked by this.
But imagine if you were in a critical, maybe government position and you had secrets on your device. It may not be beyond the nous of enemy, enemy, of enemy. You have to be careful.
Oh dear.
It's a fascinating story of how they all found it at the same sort of time. But they told these vendors months ago about these problems.
It's only been made public in the last week or so. So there has been some time.
I'm still impressed because suddenly people will have worked over the holiday period to get these things ready and to get them out as soon as possible.
But, okay, so maybe right now there's only a small chance of anyone being attacked by this.
But imagine if you were in a critical, maybe government position and you had secrets on your device. It may not be beyond the nous of enemy, enemy, of enemy. You have to be careful.
Oh dear.
Have fun editing that out.
Of enemy intelligence agencies putting their resources into investigating these problems because now they've been sort of pointed in the right direction.
Yeah.
And so, you know, you still want to take it seriously.
In the case of the problem with antivirus software, what Microsoft have done is they've said, look, there are some antivirus programs right now which are breaking the rules.
They're doing some naughty, cheeky tricks. They're doing double somersaults in order to access features of the chip, for instance, which are incompatible with our fix.
And so therefore, if you have our fix and these antivirus programs, your computer may blue screen.
In the case of the problem with antivirus software, what Microsoft have done is they've said, look, there are some antivirus programs right now which are breaking the rules.
They're doing some naughty, cheeky tricks. They're doing double somersaults in order to access features of the chip, for instance, which are incompatible with our fix.
And so therefore, if you have our fix and these antivirus programs, your computer may blue screen.
Jesus.
And what they've actually done is they've said, unless your antivirus is certified as being compliant, you aren't going to get any more Microsoft fixes.
This is such a nightmare for home users. It's such a nightmare for them.
Well, potentially, yes. I mean, my expectation is that antivirus products will be certified.
They will make sure that they're playing the game as Microsoft want them to play because they have to, frankly.
No one's going to accept that their antivirus is preventing them from getting other security patches. So I think it will work from that point of view.
But I think many of us, especially because the consumer press got hold of this, they're going to be alarmed because people have got old— I've got an old iPad Mini, for instance, right?
They will make sure that they're playing the game as Microsoft want them to play because they have to, frankly.
No one's going to accept that their antivirus is preventing them from getting other security patches. So I think it will work from that point of view.
But I think many of us, especially because the consumer press got hold of this, they're going to be alarmed because people have got old— I've got an old iPad Mini, for instance, right?
So do I.
And my old iPad Mini can't run iOS 10. Let alone 11. You know, there's no upgrade path for me.
And I'm used to complaining about Android having an appalling upgrade path, but it's equally true of many applications.
And I'm used to complaining about Android having an appalling upgrade path, but it's equally true of many applications.
What are you doing on your old iPad Mini other than, you know, games?
I'll tell you what I'm doing. It's a little bit naughty.
Okay.
I've got a great place where I can hook up my iPad Mini. I can sort of hook it over. God, I'm going to argue about this. You know, on baths? No, no, no, no.
You know, on baths, you get those sort of old telephone handle receiver things where you put the shower head.
I can hook it round there and then I can have a bath and my iPad Mini is up there and I can go on YouTube.
You know, on baths, you get those sort of old telephone handle receiver things where you put the shower head.
I can hook it round there and then I can have a bath and my iPad Mini is up there and I can go on YouTube.
Must be so annoying when you get the sound wrong. You've got yourself all settled.
And I can get my wet pork fingers. But anyway, so I can.
I don't know if I want to know.
David, what have you got for us this week?
Well, as you know, I'm a gadget guy and I was going to try and cover off some security news coming from the CES Tech Fest that kicked off today, yesterday in Las Vegas.
But I have to say, I didn't really see anything interesting yet by the time we're recording right now.
However, something else did catch my eye this week that I thought might be worth bringing up.
So many others, I've looked on with interest over the last, I guess, couple of months or so as this bitcoin roller coaster has soared and dived and soared again.
And it's been quite a ride for those who join the queue early doors. Sadly not me. But of course, bitcoin isn't the only crypto roller coaster in town.
The thrill seekers have been jumping aboard things Litecoin, Ethereum, Dogecoin. I don't know if we got to the bottom of what that's actually called. Dogecoin.
But I have to say, I didn't really see anything interesting yet by the time we're recording right now.
However, something else did catch my eye this week that I thought might be worth bringing up.
So many others, I've looked on with interest over the last, I guess, couple of months or so as this bitcoin roller coaster has soared and dived and soared again.
And it's been quite a ride for those who join the queue early doors. Sadly not me. But of course, bitcoin isn't the only crypto roller coaster in town.
The thrill seekers have been jumping aboard things Litecoin, Ethereum, Dogecoin. I don't know if we got to the bottom of what that's actually called. Dogecoin.
Yeah.
And also to another one that I hadn't really noticed or given much time to before called Ripple. CNBC says that bitcoin's value rose by 1,500% last year. That's a pretty tidy rise.
But Ripple, that rose by a staggering 35,000% and is now vying for second place alongside Ethereum, which many more people have heard of to be the biggest cryptocurrency by market cap behind bitcoin.
So what's this got to do with security, you might ask? Well, I'm coming to that.
So on the podcast, I have been listening, you've been talking about secure cryptocurrency wallets with Mikko Hypponen and Peter Ulrich over the last couple of weeks.
But Ripple, that rose by a staggering 35,000% and is now vying for second place alongside Ethereum, which many more people have heard of to be the biggest cryptocurrency by market cap behind bitcoin.
So what's this got to do with security, you might ask? Well, I'm coming to that.
So on the podcast, I have been listening, you've been talking about secure cryptocurrency wallets with Mikko Hypponen and Peter Ulrich over the last couple of weeks.
Excellent pronunciation.
Thank you very much. Things like that Trezor USB device that I think you've got, Graham, and also Peter mentioned that Jaxx mobile wallet app, which sounded really interesting.
Well, I came across this Danish firm called ByChip that's just announced that its microchip implant will make sure your cryptocurrency is always close at hand by storing it literally inside your hand.
So these are those implantable— I guess they're rice-grain-sized RFID NFC chips.
And, you know, they've been very popular as a party trick at tech conferences for a number of years, and they commonly let you exchange business cards and open hotel room doors and even use public transportation and so on.
Well, I came across this Danish firm called ByChip that's just announced that its microchip implant will make sure your cryptocurrency is always close at hand by storing it literally inside your hand.
So these are those implantable— I guess they're rice-grain-sized RFID NFC chips.
And, you know, they've been very popular as a party trick at tech conferences for a number of years, and they commonly let you exchange business cards and open hotel room doors and even use public transportation and so on.
That's exactly what I want to store inside my arm, right? Business cards. Yeah, baby.
It's the ultimate handshake. You shake hands with someone and you've exchanged some data. Fantastic.
You know what I'd want to do? Because people give me business cards, right? I probably shouldn't say this on the podcast. I don't want to keep business cards, right?
They give them to me. I just think, oh, I'm going to do this. So maybe if I claim that I've got a business card receiver in my hand, I can say, oh, just put it there, right?
And I don't actually have to have the chip implanted, right?
They give them to me. I just think, oh, I'm going to do this. So maybe if I claim that I've got a business card receiver in my hand, I can say, oh, just put it there, right?
And I don't actually have to have the chip implanted, right?
It's a lot less painful for a chip. Yeah.
Let's hope they don't have any alerts set up for received, you know, accepted by recipient.
Oh yeah. Oh yeah. I hadn't thought of this through, had I? Okay.
But what ByChip is working on, it says now, is a system that will actually let you make cryptocurrency payments using your hand just by waving it over a receiver.
Now, I know, I've got a few questions around this story. We'll put a link to it in the show notes, I'm sure.
And there's not a lot of information about ByChip online, but I thought it was an interesting theme nonetheless, because obviously when you've got things like this embedded in your hand, there are some security implications, also some moral ones I've been learning too.
So Graham, Carole, do either of you have any of these implants, or would you?
Now, I know, I've got a few questions around this story. We'll put a link to it in the show notes, I'm sure.
And there's not a lot of information about ByChip online, but I thought it was an interesting theme nonetheless, because obviously when you've got things like this embedded in your hand, there are some security implications, also some moral ones I've been learning too.
So Graham, Carole, do either of you have any of these implants, or would you?
Sorry, a bit personal. We're talking about implants in our hands, right? We're not looking for any other kind.
The audience no doubt we're talking about these.
Because you said, you know, maybe the security implications have been there on the end of your dangly arm. Maybe you need to put it somewhere less dangly or wherever.
We're not going there again, are we?
He can't help it. Would I have it? Well, obviously, I don't really like the thought of anything being inserted into me.
I mean, it's all right for the dog, you know, if the dog gets lost.
I mean, it's all right for the dog, you know, if the dog gets lost.
I don't think there's any way I would ever have an implant unless I was forced.
But, you know, we had that chap on, Scott Helmee, didn't we? And he'd had something implanted into him.
I thought he was nuts.
Well, yeah, he was totally nuts. Yeah, we told him so, didn't we? But he seemed to think it was a very handy thing around his smart home.
Let me turn the tables on you, David McClelland.
Let me turn the tables on you, David McClelland.
Go on.
Okay. Technology journalist, right? Would you—
Gadget guy.
Yeah, you're the gadget junkie, right? You're the one who's embracing all of these things all the time. Would you agree to do this?
Would you take your BBC pass and have that injected into your hand? Would you allow your personal information to be embedded in you in some fashion?
Is that something which makes you feel comfortable?
Would you take your BBC pass and have that injected into your hand? Would you allow your personal information to be embedded in you in some fashion?
Is that something which makes you feel comfortable?
Well, I guess there's a couple of things.
First of all, I'm as squeamish as a baby, and I pass out at the slightest hint of the colour red, let alone actual dirty great big needles going into my hand.
So as much as I'm curious, I must admit that there is a bit of me that's curious about this, I don't think I could go through with it because I am such a crybaby.
But, you know, I did cover a news story last year whereby a US firm was offering this to its staff, and I think it was a vending machine firm in the United States were offering this to the staff, and the staff were queuing up to have it done.
They were more than happy because it means they didn't have to carry around their security pass anymore.
They didn't have to hand over any actual cash or, you know, a cashless vending card. They could just wave their hand to buy their lunch.
So, you know, when you look at it like that, it seems like it's, you know, not that big a deal.
First of all, I'm as squeamish as a baby, and I pass out at the slightest hint of the colour red, let alone actual dirty great big needles going into my hand.
So as much as I'm curious, I must admit that there is a bit of me that's curious about this, I don't think I could go through with it because I am such a crybaby.
But, you know, I did cover a news story last year whereby a US firm was offering this to its staff, and I think it was a vending machine firm in the United States were offering this to the staff, and the staff were queuing up to have it done.
They were more than happy because it means they didn't have to carry around their security pass anymore.
They didn't have to hand over any actual cash or, you know, a cashless vending card. They could just wave their hand to buy their lunch.
So, you know, when you look at it like that, it seems like it's, you know, not that big a deal.
No, no, no, no, no, David. No, sorry, David, you're completely wrong.
Because what's happening there is they're all inside the organisation, there's all this peer pressure, and they're thinking, oh, this is a normal thing to do because my boss is doing it, and Sandra over there in marketing, she seems to think it's all right.
Maybe my concern—
Because what's happening there is they're all inside the organisation, there's all this peer pressure, and they're thinking, oh, this is a normal thing to do because my boss is doing it, and Sandra over there in marketing, she seems to think it's all right.
Maybe my concern—
It's going to help with my bonus.
Next thing you know, they'll all be on a plane to Guyana with Jim Jones drinking Kool-Aid.
So people have got to actually stand up for themselves, say, no, I'm sorry, this is crazy and unnecessary.
And furthermore, if I'm the one with the implant, I'm gonna be the one who keeps, you know, I'll have to be the one who keeps going to the vending machine, aren't I?
It's not like you can get your pal to do it instead and say, here's a pound coin, go and get me a drink as well.
So people have got to actually stand up for themselves, say, no, I'm sorry, this is crazy and unnecessary.
And furthermore, if I'm the one with the implant, I'm gonna be the one who keeps, you know, I'll have to be the one who keeps going to the vending machine, aren't I?
It's not like you can get your pal to do it instead and say, here's a pound coin, go and get me a drink as well.
David, imagine if you actually got one done and then you really had to get it out quickly. You'd have to do it yourself with a nail file. That'd be pretty upsetting, right?
Even thinking about it, don't pass out.
Even thinking about it, don't pass out.
Please don't. I guess the difference is, you know, with wearable tech, with a watch or whatever else, we can take that off.
You know, I go to bed at night, you know, I go swimming, whatever else, I can just leave that behind. I can turn my phone or my laptop off. That's easy.
But when you've got something under your skin like that, it's kind of there, and to get rid of it's going to be a lot of pain.
You know, I go to bed at night, you know, I go swimming, whatever else, I can just leave that behind. I can turn my phone or my laptop off. That's easy.
But when you've got something under your skin like that, it's kind of there, and to get rid of it's going to be a lot of pain.
Exactly.
So a bit of research I did into this a couple of years ago showed me that Sweden is a massive hotspot for— I mean, I guess you can call this biohacking.
Transhumanism is another term. And so these people are also called Grinders, and there's a great conference that takes place every year.
And there's in London, where I live, there's also a— it takes place, I think it's every month, there is a meetup for people who are into body modding.
Transhumanism is another term. And so these people are also called Grinders, and there's a great conference that takes place every year.
And there's in London, where I live, there's also a— it takes place, I think it's every month, there is a meetup for people who are into body modding.
A meetup for grinders?
A meetup for grinders.
Have you been to one of these? You say it's a great conference.
Have you actually participated? I have watched some of the videos from the conference. It looks quite interesting.
There was one body modification whereby you embed it on your chest or in your chest, and it's got a compass built into it.
I kind of called it the homing pigeon modification, and it just gives you a little tap if I remember, whenever you face magnetic north.
And people are like, what on earth is that all about? But people see it as adding extra senses to themselves. Again, that's certainly not something I'd be interested in doing.
But for a certain kind of person, this kind of body modification, adding, augmenting ourselves with different senses, is both an interest and also an art form as well.
And there's lots of art projects where people have embedded different bits of tech under their skins on different bits of their body.
There was one body modification whereby you embed it on your chest or in your chest, and it's got a compass built into it.
I kind of called it the homing pigeon modification, and it just gives you a little tap if I remember, whenever you face magnetic north.
And people are like, what on earth is that all about? But people see it as adding extra senses to themselves. Again, that's certainly not something I'd be interested in doing.
But for a certain kind of person, this kind of body modification, adding, augmenting ourselves with different senses, is both an interest and also an art form as well.
And there's lots of art projects where people have embedded different bits of tech under their skins on different bits of their body.
Well, yay to them. Yay to them.
Well, thank you very much, David. It's interesting to hear that we are developing a new breed of human, half man, half pigeon, who can tell if they're pointing north. Fantastic.
Carole, what have you got for us this week?
Carole, what have you got for us this week?
This week sees the White House ban all personal devices from the West Wing. So if Trump did indeed have a— what is it called? Injectable?
An implant?
An implant. If Trump had an implant, I'm not even sure he'd be allowed in there.
Just to be fair to him, just for one second, I don't believe he has had an implant. He might have had several extracts, but I don't think he's had anything implanted in him.
So this ban doesn't just impact visitors and journalists, but also staff.
So late last week, White House Press Secretary Sarah Huckabee Sanders released the following statement, which I've shortened slightly.
The security and integrity of the technology systems at the White House is a top priority.
Starting next week, the use of all personal devices for both guests and staff will no longer be allowed in the West Wing.
Staff will be able to conduct business on their government-issued devices.
So in other words, due to security and integrity concerns, they have to say adieu to their personal devices when in the West Wing.
And that means everything— phones, laptops, Roombas, fridges, whatever. Nothing's getting in.
So late last week, White House Press Secretary Sarah Huckabee Sanders released the following statement, which I've shortened slightly.
The security and integrity of the technology systems at the White House is a top priority.
Starting next week, the use of all personal devices for both guests and staff will no longer be allowed in the West Wing.
Staff will be able to conduct business on their government-issued devices.
So in other words, due to security and integrity concerns, they have to say adieu to their personal devices when in the West Wing.
And that means everything— phones, laptops, Roombas, fridges, whatever. Nothing's getting in.
People—
You never know, maybe someone wants to bring one in, keep their office clean.
Are the cleaners at the West Wing that bad? I'm gonna have to bring my own vacuum cleaner in. It's the only way to deal with this. There's so many breadcrumbs.
You may have OCD, for example, and you may want to keep it spick and span.
However, there are rumors that this ban is actually the result of the publication of a tell-all romp of Trump's first year as pres called Fire and Fury: Inside the Trump White House, penned by Michael Wolff.
So some juicy morsels that were pre-released include, "Trump didn't expect to win!" and "Trump is semi-illiterate!" and "Ivanka wants to be the first female president!" It wouldn't really be a surprise if Trump hadn't expected to win.
However, there are rumors that this ban is actually the result of the publication of a tell-all romp of Trump's first year as pres called Fire and Fury: Inside the Trump White House, penned by Michael Wolff.
So some juicy morsels that were pre-released include, "Trump didn't expect to win!" and "Trump is semi-illiterate!" and "Ivanka wants to be the first female president!" It wouldn't really be a surprise if Trump hadn't expected to win.
I don't think any of us actually expected him to win, did we? Seriously.
Yes. Yeah, I don't think they even knew.
Yeah. But this book has been causing quite a hoo-ha, hasn't it?
The Fast and the Furry. It has. And you know what? It's already a bestseller. And it's only been out since the 5th.
I think it's almost the Barbra Streisand effect as well, because Trump and his team of legals brought so much attention to it saying, "Don't read this book, we're going to try and get rid of this book, erase it from history." All of a sudden people were alerted to the presence of this upcoming book.
It was the best publicity they could dream of.
It was the best publicity they could dream of.
Yeah, we should really try and get our podcast banned, or at least have him urge people.
If we can get Sarah Huckabee Sanders to say that I've heard Graham Cluley and Carole Theriault and that dreadful David McClelland have been saying some outrageous things about Donald Trump.
That could really help us on the iTunes chart.
If we can get Sarah Huckabee Sanders to say that I've heard Graham Cluley and Carole Theriault and that dreadful David McClelland have been saying some outrageous things about Donald Trump.
That could really help us on the iTunes chart.
Now, despite the fact that this book is the bestseller, I've not read the book. I'm not likely ever to, but according to The New Yorker, it's pretty poor.
So they call the author's logic ridiculous. They say the reporting is not actually reporting due to uncorroborated serious factual errors. But who are they to judge?
Interestingly, Trump actually agrees with The New Yorker on this one occasion.
On the 5th of January, he tweeted that Michael Wolff is a total loser who made up stories in order to sell this really boring and untruthful book.
He used sloppy Steve Bannon, who cried when he got fired and begged for his job. Now sloppy Steve has been dumped like the dog by almost everyone. Too bad.
So they call the author's logic ridiculous. They say the reporting is not actually reporting due to uncorroborated serious factual errors. But who are they to judge?
Interestingly, Trump actually agrees with The New Yorker on this one occasion.
On the 5th of January, he tweeted that Michael Wolff is a total loser who made up stories in order to sell this really boring and untruthful book.
He used sloppy Steve Bannon, who cried when he got fired and begged for his job. Now sloppy Steve has been dumped like the dog by almost everyone. Too bad.
So can I just remind everyone, that was the United States president just speaking I see.
So is he tweeting that from a government-issued device, or is he doing that from his personal device?
I don't think, Carole, that they've initiated this new rule to stop Donald tweeting. I think they've resigned themselves to that circumstance.
You think he's going to be allowed— see, it's not clear if there's anyone who doesn't have to follow these bans. So it's not clear yet who is kind of—
I imagine once you're US president, you can ask the security services for a smartphone which also has Twitter installed. If you're the president, you can probably get away with it.
So he probably does have a secure one, doesn't he? I mean, obviously they're concerned about leaks, I would think.
So he probably does have a secure one, doesn't he? I mean, obviously they're concerned about leaks, I would think.
Well, they've had quite a few, haven't they?
And so if people are forced to use government-issued devices, then they have greater insight into what people are sending, what messaging apps may be installed, you know, and have some visibility on that.
Whereas if they are private devices, it all becomes so much more difficult. Because there are secure messaging apps out there.
Whereas if they are private devices, it all becomes so much more difficult. Because there are secure messaging apps out there.
Now, hey, do you know how big the West Wing is? So I was just wondering when I was reading this, how many people are actually affected by this, right? So how big do you think it is?
How many people do you think might work in the West Wing?
How many people do you think might work in the West Wing?
How much carpet can the average Roomba handle? That surely will answer that question.
Well, there's the Oval Office.
Oh, well, Roombas would be good in an oval. That's not so tricky. Yeah.
What if one gets just not very good on the stairs? So maybe you're only allowed to use your personal devices on the staircase? I don't know.
Anyway, there are 7 floors. There are 7 floors.
That's a lot of stairs.
Yeah, and there's a lot of people working there.
The White House Chief of Staff Office, Counselor to the President, Senior Advisor to the President, White House Press Secretary, and all their supporting staff are in there.
So this means that whilst they do their average of 12-hour days, they can't easily access their family, right?
So, there's a lot of people complaining about this, but it got me thinking how, whether this will become a trend in actual offices, right?
Do we think that companies might start having secure rooms where people are not allowed to bring in any devices?
Because let's just face it, these phones now are basically very powerful computers that can record video, audio quickly and upload it to the cloud in seconds.
The White House Chief of Staff Office, Counselor to the President, Senior Advisor to the President, White House Press Secretary, and all their supporting staff are in there.
So this means that whilst they do their average of 12-hour days, they can't easily access their family, right?
So, there's a lot of people complaining about this, but it got me thinking how, whether this will become a trend in actual offices, right?
Do we think that companies might start having secure rooms where people are not allowed to bring in any devices?
Because let's just face it, these phones now are basically very powerful computers that can record video, audio quickly and upload it to the cloud in seconds.
Well, it is a concern certainly for some organizations where they have sensitive information.
And I think the typical company probably actually has begun to embrace BYOD a bit or has actually given more flexibility to the typical employee as to which devices they use.
I'd like to think, though, that there is some middle ground here rather than saying you can only use these particular devices.
But I think the White House is in a particularly unusual position right now.
And I think the typical company probably actually has begun to embrace BYOD a bit or has actually given more flexibility to the typical employee as to which devices they use.
I'd like to think, though, that there is some middle ground here rather than saying you can only use these particular devices.
But I think the White House is in a particularly unusual position right now.
I know, but I just, I feel for people because if the government-issued phones are fully scanned and looked at and say you have some very personal issue that you don't necessarily want to discuss on that phone, you know, you're kind of limited.
So what happens if I'm a journalist, for instance, if I go to the White House and if I go into the West Wing, do I have to hand my phone over to somebody at that point?
I think that's exactly what you have to do and you get it when you get out.
Well, that raises a few concerns, doesn't it? Because if you—
You wouldn't take your phone with you.
Yeah, because if you are writing about the Trump administration and you're having to put it into a little plastic bucket and then you go in there for a couple of hours, what is happening to your phone in the meantime?
That would make me somewhat uncomfortable. I wonder how we could get in. So imagine, right, so we all know Donald Trump is a big fan of the show.
If we were to approach him about appearing and we went to visit him in the Oval Office and we're not allowed to take our phones, how could we take some sort of electronic device in with us to record it?
Because this may be our only chance to get him on the show, Carole.
That would make me somewhat uncomfortable. I wonder how we could get in. So imagine, right, so we all know Donald Trump is a big fan of the show.
If we were to approach him about appearing and we went to visit him in the Oval Office and we're not allowed to take our phones, how could we take some sort of electronic device in with us to record it?
Because this may be our only chance to get him on the show, Carole.
I think you'd have to do an old-fashioned tape recorder. I'm not sure that counts as a device.
A big reel-to-reel machine. I've still got one. I've got one of those in the loft.
Perfect.
Bring David with you. You guys are sorted. I look forward to the show.
Sounds fantastic. It's going to be like one of those cartoons where all the animals are standing on each other's shoulders and they're wearing a great big long Mac.
And there's one in the middle who's got this reel-to-reel tape recording, recording round and round. Fantastic. Or we could do brass rubbings, something like that.
And there's one in the middle who's got this reel-to-reel tape recording, recording round and round. Fantastic. Or we could do brass rubbings, something like that.
Brass rubbings.
Yeah.
Court sketches.
Carry a pigeon.
Oh, yes.
Stop the pigeon.
Bad on devices, but birds, just come on in.
We should probably say hi to Donald Trump if you're listening.
Yeah. And Donald, hey, look, we are the podcast that Garry Kasparov turned down.
So if you do want to come on the show, we'd be happy to have you and let you do your bit for the allotted 7 minutes. That'd be fantastic. It'd be great to have you. Okay.
We'll be back after this break with our picks of the week.
So if you do want to come on the show, we'd be happy to have you and let you do your bit for the allotted 7 minutes. That'd be fantastic. It'd be great to have you. Okay.
We'll be back after this break with our picks of the week.
Remember CloudBerry? With them, you can back up files, folders, and system images to the cloud storage of your choice.
There's no subscription, plus you get 20% off the Windows desktop version if you go to smashingsecurity.com/cloudberry. On with the show.
There's no subscription, plus you get 20% off the Windows desktop version if you go to smashingsecurity.com/cloudberry. On with the show.
And welcome back. And it's that part of the show which we like to call Pick of the Week. Everyone on the show chooses something that they like.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like. It doesn't have to be security-related necessarily.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like. It doesn't have to be security-related necessarily.
As long as it's not security-related.
So it's our chance to appear a little bit more human. So we're not just rumbling around in our security echo chamber.
And my choice this week is— oh, by the way, first of all, Carole, I have to thank you for one of your past Picks of the Week because of course we had Christmas recently and, you know, I was stumped.
What on earth am I going to get people? And I was looking back on some of the Picks of the Week and one of the Picks of the Week you suggested was this Snap-on Electric—
And my choice this week is— oh, by the way, first of all, Carole, I have to thank you for one of your past Picks of the Week because of course we had Christmas recently and, you know, I was stumped.
What on earth am I going to get people? And I was looking back on some of the Picks of the Week and one of the Picks of the Week you suggested was this Snap-on Electric—
Snap Circuits.
Snap Circuits. That's the thing. Oh, it's fantastic.
Yeah, they're cool.
And I bought this for my son, but I'll be honest with you, he loves it, but I really love it. Yeah. And you learn a lot of stuff.
You do learn a lot of stuff, and it gives you all these exercises.
And people who don't know, it's kind of like Meccano or Lego, but with electronics, and you build electrical circuits, and you have fans and light bulbs, and it's really, really cool and fun.
And so that was one Christmas present which I got my son.
And then another Christmas present I got him— we have a Nintendo Switch at home and I have been playing a terrific game with him called Portal Knights, which I don't think is that well known, but it is tremendous.
It is a 3D open world game.
I've included a link in the show notes which you guys are welcome to check out as well if you want to, a YouTube video where you can see the game in action.
And it's a bit like Minecraft in a way, but with much better graphics, and to my mind, a whole lot more charm. It's an open-world game where you can build—
You do learn a lot of stuff, and it gives you all these exercises.
And people who don't know, it's kind of like Meccano or Lego, but with electronics, and you build electrical circuits, and you have fans and light bulbs, and it's really, really cool and fun.
And so that was one Christmas present which I got my son.
And then another Christmas present I got him— we have a Nintendo Switch at home and I have been playing a terrific game with him called Portal Knights, which I don't think is that well known, but it is tremendous.
It is a 3D open world game.
I've included a link in the show notes which you guys are welcome to check out as well if you want to, a YouTube video where you can see the game in action.
And it's a bit like Minecraft in a way, but with much better graphics, and to my mind, a whole lot more charm. It's an open-world game where you can build—
It's a bit Zelda-y.
It is Zelda-y, exactly, because you kind of have battles in that Zelda fashion as well, and you go from world to world.
You have little quests, there's an RPG element as well, and you can play it in co-op mode, so both of you can be on the screen sat on the sofa together helping each other as you're building or as you're beating up skeletons.
You can also play it online. It's also available on Steam, Xbox, PlayStation.
I think it may even have come out for smartphones too, but it's utterly charming, good fun, and the video is very nostalgic of Zelda. I agree, it is.
You have little quests, there's an RPG element as well, and you can play it in co-op mode, so both of you can be on the screen sat on the sofa together helping each other as you're building or as you're beating up skeletons.
You can also play it online. It's also available on Steam, Xbox, PlayStation.
I think it may even have come out for smartphones too, but it's utterly charming, good fun, and the video is very nostalgic of Zelda. I agree, it is.
And of course, it's another amazing title for the Nintendo Switch.
Oh, amazing title.
Well, yeah, the Zelda game is one of the other games we've been playing. Unbelievable.
I'm very jealous.
I must admit, as Black Friday happened and the sales over the festive period happened, I was looking at the Nintendo Switch and I was kind of getting twitchy fingers as to whether I should go for that or go for a PlayStation 4.
I must admit, as Black Friday happened and the sales over the festive period happened, I was looking at the Nintendo Switch and I was kind of getting twitchy fingers as to whether I should go for that or go for a PlayStation 4.
Switch, switch, switch, switch, switchy, switchy, switchy.
I've got littlies as well.
I'm still living the dream with a Nintendo Wii from, what's that, 10, 11 years ago now, and Mario Kart is pretty much the only game that me and my daughters play.
So obviously Mario Kart's there on the Switch as well.
So as much as I'd like a PlayStation 4 for me, and lots of my friends have PlayStation 4s, that would be good sort of gamer buddy stuff, I think the Switch would get more use in my household.
I'm still living the dream with a Nintendo Wii from, what's that, 10, 11 years ago now, and Mario Kart is pretty much the only game that me and my daughters play.
So obviously Mario Kart's there on the Switch as well.
So as much as I'd like a PlayStation 4 for me, and lots of my friends have PlayStation 4s, that would be good sort of gamer buddy stuff, I think the Switch would get more use in my household.
And the Switch has been a real success for Nintendo after the— the Wii, of course, was fantastic. Then they had the Wii U, which really didn't— wasn't very popular at all.
It was very unfortunate. I thought Nintendo really screwed up. The Switch has seen them reemerge, and it's been selling like hotcakes.
And there are lots of third-party games, including some independent games. I think this is an independent game, which have come out.
I also spoke about another hilarious game for the Switch in a past Pick of the Week called Overcooked.
It was very unfortunate. I thought Nintendo really screwed up. The Switch has seen them reemerge, and it's been selling like hotcakes.
And there are lots of third-party games, including some independent games. I think this is an independent game, which have come out.
I also spoke about another hilarious game for the Switch in a past Pick of the Week called Overcooked.
Oh yeah, yeah, you did, you did.
Which is so much fun, hilarious. You end up shouting at each other like Gordon Ramsay in the kitchen as you're trying to—
You're a lot like Gordon Ramsay.
Anyway, back to my pick of the week, Portal Knights, terrific game, really recommend it. Certainly on the Switch, it's fantastic, and hopefully on the other platforms it is as well.
And that is why it is my pick of the week.
And that is why it is my pick of the week.
Cool.
Very good. Right then, so my pick of the week— hold on to your hats, folks— it's time to sound the productivity app klaxon.
Oh yes, 2018's got off to a great start for me because I felt the need to download something to just make me a little bit more productive, to give me an app-fueled kick up the backside.
So the app that I've been trying out, and I have to say it really has been working for me so far, which is why it's my pick of the week, is called Focus-Productivity Timer.
The dash is a dash, it's not the word dash. But if you just type in Focus in the App Store, you don't really get it.
And it revolves around this thing you may have heard of called the Pomodoro time management technique. And it's perfectly suited to easily distracted freelancers like me.
So whether I'm at home or on a client site, it's really difficult to focus sometimes when there's lots of noise going on around the outside, or when I'm sat in my office at home, I just see loads of jobs happening.
Oh yes, 2018's got off to a great start for me because I felt the need to download something to just make me a little bit more productive, to give me an app-fueled kick up the backside.
So the app that I've been trying out, and I have to say it really has been working for me so far, which is why it's my pick of the week, is called Focus-Productivity Timer.
The dash is a dash, it's not the word dash. But if you just type in Focus in the App Store, you don't really get it.
And it revolves around this thing you may have heard of called the Pomodoro time management technique. And it's perfectly suited to easily distracted freelancers like me.
So whether I'm at home or on a client site, it's really difficult to focus sometimes when there's lots of noise going on around the outside, or when I'm sat in my office at home, I just see loads of jobs happening.
So aren't Pomodoros tomatoes?
Yes, yes, they are tomatoes.
So a Pomodoro, the name comes— there's an Italian guy called Francesco Cirillo, and back in the '80s, I think it was, he created this time management technique where you have 25-minute chunks of time.
And I think 25 minutes was the amount of time that he could twist his tomato kitchen timer around to, whatever you can say, which is where it gets its base.
So a Pomodoro, the name comes— there's an Italian guy called Francesco Cirillo, and back in the '80s, I think it was, he created this time management technique where you have 25-minute chunks of time.
And I think 25 minutes was the amount of time that he could twist his tomato kitchen timer around to, whatever you can say, which is where it gets its base.
And something really, really technical where I believe it gets its name from.
But 25 minutes is actually quite a good amount of time to focus on a task. So what this app helps you to do, it sets you up to focus for that 25 minutes.
You set up your tasks at the beginning of the day and you divide them down into, I think this thing's going to take two Pomodoros, let's say.
So it will tell you to, right, focus 25 minutes, then you've got a 5-minute break, then you do another Pomodoro worth of work and you get 4 Pomodoros before you get a longer break, 20 minutes worth of work.
And this works on my phone, it works on my Mac and on my watch as well. These apps are only as good as what you invest in them.
But I've found that by not checking my emails for 25 minutes, by not, you know, I might just check Twitter for 25 minutes.
Actually, 25 minutes is a good chunk of time for my brain to focus on a particular task.
And when I've got my 5-minute break, I come up for air, I do whatever else needs to be done, and then I go back in again for another 25 minutes' worth of focus.
It's really worked for me. I think it's a great app. And I think that you, if you get easily distracted, might find it useful.
You set up your tasks at the beginning of the day and you divide them down into, I think this thing's going to take two Pomodoros, let's say.
So it will tell you to, right, focus 25 minutes, then you've got a 5-minute break, then you do another Pomodoro worth of work and you get 4 Pomodoros before you get a longer break, 20 minutes worth of work.
And this works on my phone, it works on my Mac and on my watch as well. These apps are only as good as what you invest in them.
But I've found that by not checking my emails for 25 minutes, by not, you know, I might just check Twitter for 25 minutes.
Actually, 25 minutes is a good chunk of time for my brain to focus on a particular task.
And when I've got my 5-minute break, I come up for air, I do whatever else needs to be done, and then I go back in again for another 25 minutes' worth of focus.
It's really worked for me. I think it's a great app. And I think that you, if you get easily distracted, might find it useful.
I have a question.
What if you really, really love the task you're doing? Do you take your 5-minute break or do you ignore it?
Good question.
So, at the end of your Pomodoro, it gives you an option whereby you can extend for another 5 minutes or just skip on to the next, or just skip on to your next chunk of work.
So, you do have some flexibility there. It doesn't completely rule my day, but I found, you know, I just I do 3 or 4 Pomodoros a day.
So, at the end of your Pomodoro, it gives you an option whereby you can extend for another 5 minutes or just skip on to the next, or just skip on to your next chunk of work.
So, you do have some flexibility there. It doesn't completely rule my day, but I found, you know, I just I do 3 or 4 Pomodoros a day.
You're not ruled by tomatoes?
I'm not ruled by tomatoes, you'll be pleased to know.
You've twisted your tomatoes, and if you think, "I'm actually enjoying this right now, I'm going to give them an extra little twist." Yes, 5 minutes worth of twisting is recommended.
Right, okay.
Right, okay.
Anyway, so that is Focus Productivity Timer Pomodoro for Professionals by MasterBuilder, and they're @focusappio on Twitter. That's my pick of the week.
Cute. @focusappio on Twitter. That sounds really interesting, actually. I quite like the idea of that.
If I could combine that with the app Vanja spoke about the other week, the WeCroak, which tells me on a regular basis that I'm definitely going to die.
If I could combine that with the app Vanja spoke about the other week, the WeCroak, which tells me on a regular basis that I'm definitely going to die.
Oh yeah.
You used to yell at me when I tell you that.
I don't need you telling me I'm going to die, especially not with such relish.
I was just pointing out the obvious.
I was trying to get you to change it. You were just saying, just before we recorded the podcast, you were saying, Graham, you know, when you die before me. So, whoa, whoa, whoa.
What's all this? I said I'd miss you.
What's all this? I said I'd miss you.
It was a nice thing.
Still a big assumption there.
Okay, my pick of the week this week is a very loved podcast, and I'm bringing it up this week because it has been on holiday during the Christmas season 3 weeks now, and I've missed it terribly.
So this is an Australian podcast, actually won Australian Podcast of the Year for what that's worth, and it's called Casefile.
So if you like kind of the post-analysis of real crime, this one's for you. The Host Case File is anonymous, so even on the website, there's no entry form, which I kind of love.
It's very kind of factual, well-researched, and really rather gripping.
And what makes it kind of unusual and a bit weird is that the entire show is read almost eerily without emotion or flair.
So very straight reading of a document, and you'd think it would be dull, but it's very not dull.
And I think if I ever suggested that here for this podcast, Graham would poop in his pants. He'd be so shocked at that approach.
But I love I love this podcast and I cannot wait for it to come back on air.
And if anyone has trouble sleeping or just likes to unwind at the end of the day, this is the one for you.
So this is an Australian podcast, actually won Australian Podcast of the Year for what that's worth, and it's called Casefile.
So if you like kind of the post-analysis of real crime, this one's for you. The Host Case File is anonymous, so even on the website, there's no entry form, which I kind of love.
It's very kind of factual, well-researched, and really rather gripping.
And what makes it kind of unusual and a bit weird is that the entire show is read almost eerily without emotion or flair.
So very straight reading of a document, and you'd think it would be dull, but it's very not dull.
And I think if I ever suggested that here for this podcast, Graham would poop in his pants. He'd be so shocked at that approach.
But I love I love this podcast and I cannot wait for it to come back on air.
And if anyone has trouble sleeping or just likes to unwind at the end of the day, this is the one for you.
Perfect. Sounds like a good one if you're an insomniac. Yeah, I agree with you.
Which I am, so there you are.
And that just about wraps it up. Thank you very much, David, for joining us again this week. It's always a pleasure to have you on.
If people want to follow you, where should they do that?
If people want to follow you, where should they do that?
They should do that on Twitter @DavidMcClelland. The spelling of my surname is a real pain, so Yeah, just do your best. You'll find me.
And thank you everybody for tuning in. If you like the show, rate it on Apple Podcasts. It really does help new listeners discover us.
And you can go to smashingsecurity.com for past episodes and for details of how to get in touch with us. Until next time, all that remains is for us to say cheerio, bye-bye.
And you can go to smashingsecurity.com for past episodes and for details of how to get in touch with us. Until next time, all that remains is for us to say cheerio, bye-bye.
Bye, stay safe out there.
Why are you laughing, Carole?
I don't know.
You know, when you say stay safe out there, do you remember a television program back in the '80s called Hill Street Blues?
Yes, yes, stay safe out there.
Yes, exactly. I think it was, but hey, let's be careful out there.
Oh, I like the 'and hey.' Could you do that for us in future, Carole?
I think I'll— okay, I'll go look it up. I'll try it now.
She's actually walking away. Carole's got a big dinner party, I think, in 2 minutes. She's probably answering the door right now.
I made them stay outside at the pub.
If the OS must be patched to cover for Intel chip flaws, presumably those with AMD chips will also suffer the slowdown, even though their chip doesn't suffer from the flaw, or can the patched OS discriminate?
I believe the fix for Linux detects if it is a AMD and doesn't make the change. I hope the same is true for Microsoft and Apple but don't know.
From what I heard, it will patch AMD machines. You have to block it manually I think.
No news on the Windows patch. I'm worried it will be put into the rollup. I'll be upset if it is. Microsoft will want to carpet bomb with this so I have a feeling it's going to be a pain.
A mate from Sweden shared this with me many hours ago. Yes I fear it will take a performance hit. It'll also hit pockets too. Although this box which I built in 2014 (Intel i7 4790k, fourth gen) will probably be okay the other two computers in the house are quite a bit older – 2008 and 2009. Those will have to be upgraded.
But of course Intel first has to introduce new CPUs to fix it (and their CPUs are expensive – you do get what you pay for however). And of course we have to consider new motherboards (different chipset etc.) and RAM and so on. Not nice. Unimpressed to say the least. Yet as a programmer I realise that we all make mistakes and I certainly won't blame them or criticise them. But it's still very frustrating.
Intel's performance is higher than AMD but the question is will systems not upgraded be higher performance? But there's another issue: will Intel's reputation be tainted? Quite possibly. This raises the question of whether or not this is what AMD has been needing for aeons. Time will tell, as it tells everything…
I think you are wrong. My understanding is that it is later CPUs…maybe your 2014 one…and not earlier ones such as 2008/9.
Anyone confirm ?
Whether or not it's vulnerable isn't really relevant: it'll come with the kernel updates (I should say: came with as I updated more than 11 days ago now). And I didn't have any performance hit on any system, which wasn't what I was expecting at all but was very thankful for.
In the end it's not a matter of what hardware is vulnerable; what matters is the actual software that works around the flaw because everyone getting updates will get that.
Yahoo article is now saying that there are two issues, one affecting intel chips only and another affecting all CPUs, Intel, AMD, and ARM.
https://www.yahoo.com/news/design-flaw-found-intel-chips-fix-causes-them-152935477–finance.html