Smashing Security podcast #289: Printer peeves, health data hangups, and Twitter tussles – with Rory Cellan-Jones

Why shouldn't they be cheap? Why should you have to pay £80 for some ink? Because that's the business model.

Go out and change the business model. Start your own printer company where they cost £5,000 and the ink is free. Yes, stop whining.

Smashing Security, episode 289. Printer peeves, health data hang-ups, and Twitter tussles with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 289. My name's Graham Cluley. And I'm Carole Theriault. And this week, Carole, we're joined by a special guest who has returned to the hot seat this week. Rory Kathleen Jones. Welcome to the show, Rory.

Great to be here. I just could not keep away.

Well, yeah, I have been home maybe 36 hours, but I'm still recovering from the experience because Berlin is one great city and I've got stuff to tell you about it later. I don't think I've got your files, but I might have your files and all the secrets of your life will unfold before you.

Oh, my God. Well, before we get to that, let's thank this week's sponsors, Bitwarden, Collide and the Cybersecurity Inside podcast. It's their support that helps us give you this show for free. Now, coming up in today's show, Graham, what do you got? Oh, I'm going to be talking about the worst thing ever. Yep, I've really worked it out.

I look forward to that.

I'm going to be talking about health data. Why are we not allowed to share our health data for essential research without an awful lot of bureaucracy and time wasting?

Sounds fun. And I will bring us into the Twitter Musk Mudge drama. All this and much more coming up on this episode of Smashing Security. Now, chums, I want to ask you a question. What, in your opinion, is the worst problem in IT?

Isn't it the bum on the seat between the keyboard and the screen or something? Or PEBCAC, the problem existing between keyboard and chair, the fleshy human.

Yeah, well, that can be a trendy thing to blame for all IT problems. Any other theories? That's all fine. It is the automatic software update that is still stuck 16 hours after you first activated it. My son got a new laptop from, well, he's just started a new school and he's got a new laptop and it started installing some updating. It just said, don't turn me off, it said.

You've got it. You have got it. I don't know if I agree. You're going to have to convince me. Right. Well, yeah, they would be useful if they worked. I worked with printers. I used to have to print off these packets to basically spam mail to people.

You're faxing people as well. Is that you doing the fax spam? But the printer would always get stuck and I learned how to always fix. I was the printer queen. You could spend hours trying to get that tiny little piece of paper out between the cogs inside your... Well, you might. It took me about 10 minutes. I think computer technology in general has moved on leaps and bounds over the years. But printers are still stuck in the Stone Age. Graham's opened up his thesaurus. But the question is, why are you still printing, Graham?

No, no, I'm not. I try to print something probably every three months.

Ah, that's it. You're not in practice. Exactly. I don't do the necessary voodoo.

Do you have a little oil droplet machine to make sure it's all working perfectly? Occasionally, I go somewhere where they demand a printout. Oh, no, you can't bring a smartphone because it could be a photograph of someone's. What? How is this any different? Were you trying to print this morning that didn't go well and you decided to use this as your soapbox?

I was doing exactly that. That is what was happening to me. And it was a complete nightmare. I've got a confession. We have two printers in our house, one in my wife's incredibly efficient office from which she runs the world, one in my cubbyhole. Yeah, it's great. You're a very lucky man.

I think you're totally being over the top here. Really, really. I don't have these problems at all. I've had the same printer for five years. No issues.

It's just that I've got the problem.

You've got the obvious answer. Just send it round to Carole and she'll print it for you.

Now, now, Rory. Now, now. So my printer, despite having only been used about seven times in the last 18 months, has run out of ink. I wonder what the problem is. Almost like a walled garden, right? Not letting different microchips coming in. Well, of course it is. And they don't want you using other people's ink cartridges.

Go out and change the business model. Start your own printer company where they cost £5,000 and the ink is free. Stop whining. In this particular case, HP, unbeknownst to its users, updated its printer's firmware with something called dynamic security. When was this? This was a few years ago. They rolled this out to lots and lots of printers.

Don't you realise this is the same model applies to your car? Do you go to the car manufacturer to do your servicing? Or do you go to Bob down the street who could do it at half price? Or, Carole, imagine this. Imagine you've bought a car and the manufacturer says, well, you should only really use Ford petrol. You should only use Volkswagen petrol. You, like Napoleon, were leading the charge, no doubt. So that people were saying look legitimate HP cartridges cost more to buy than a brand new printer albeit not a brand new HP printer but you know you could just go out and buy a brand new printer and HP just you know the problem is that you should in a way install these firmware security updates because in March for instance HP alerted its users about various security vulnerabilities in various of its printers there's so many millions of printer models out there some of which were critical, some which could lead to remote code execution malware. You. He said you. You've got to fix it. You're the one with the problem. Exactly. We need to send around all of our printouts to Rory to pass on to his wife to print out for us. And she can fix that. We've solved the problem. Stephen, to pay for their mistake that, right? What dicks?

It is kind of sad these class actions I know I know I know it's really tragic if you know you have a problem with your printer but the idea that you're going to spend years and hire lawyers and obsess over your 150 dollars it's kind of get a life or you know or get a new printer time isn't it

And the lawyers are doing it out of the goodness of their hearts of course they're not making any money out of this on either side yeah yeah

But they should pay right don't you think well that's your whole that's your Whole story I just think having bought probably about a dozen printers over the course of my professional life I think maybe it's time for me to wake up and try and find some other way of I maybe I should just use dirt dirt and blood I don't know I just, some other way of transcribing things from my computer, because I'm not happy with printers.

A little rant? That was gone with the wind, for God's sake.

He's the most arrogant person ever. Thank you very much for sharing, Graham. Thank you. What have you got for us this week? Well, I wasn't going to have a rant.

Because privacy nerds and conspiracy wonks will opt out, right? Yeah. Yeah. People like me. Yeah. I mean, obviously, if you're going to have good results, the more data, the better.

Their reputation. She never got a party invite. Is that what you're saying? Yeah, exactly. Her reputation...

Was massively enhanced. That's why she became a Dame. Dame she felt moved to use an unusual word for a dame the word bollocks in an interview with the Observer she said that any talk of the UK becoming a science superpower after she'd heard of the demise of the Covid vaccine research registry that was bollocks and it may have been an emotional reaction but I kind of sympathize with her. I mean she said it in a more sober way in a tweet, a massive lost opportunity, minimal cost to maintain the registry. Industry would pay for access to recruit UK patients into new clinical trials to test life-saving drugs. All contacts and data lost. We'd hope to expand the registry to help all UK patients with untreated diseases. So she felt there was a lost opportunity. Now, I'm sure the National Institute for Health Research will say, hold on a minute, it's not anything like as bad as she paints it but it does speak to me of what happens when bureaucrats get given back their powers to stop things and as I say I have got some sympathy with them because a lot of the fault is down to people like me the media who are much keener on stories of your health data going amiss yes being at risk than stories about successful medical trials down to the fact that...

This data was available. Normally on our podcast, we are telling stories about things which have gone wrong, about data breaches, about organisations.

One would think so wouldn't one. Yeah all I wonder is whether it goes back to a system of volunteering from the doctors, from the GPs who are very busy, you know, keeping those records up to date, keeping that detail supplied into the database.

My issue, though, from my experiences with the NHS, so doctors, GP offices, emergency rooms, all that, I've not been gobsmacked by the amazing technology they have available to them. Old systems right, old systems, USBs in the back of machines just sitting there still happens and that has made me be one of those people that you don't that is let me just give you as little as I can my.

Personal experience has persuaded me in the opposite direction which is that I deal with three branches of the health service. My GP, my family doctor I've been with for 30 odd years, Moorfields Eye Hospital where I had a very serious eye condition which is still monitored and a consultant for my Parkinson's disease who I've been seeing about three years. None of them bloody talk to each other. None of them share data, I've got all this data and it's all in separate pools. Here's a fantastic example. My eye problem, which was a melanoma behind my left eye, was spotted by a very good high street optometrist with very good machines. And they were the ones who originally sent me to this specialist hospital, one of the best hospitals in the world, Moorfields, to have that sorted. That was all fine. Some years later, the same optometrist spotted another problem that wasn't anything serious, but she thought that the consultants and my GP should be alerted to. But she said, she showed me on her fantastic screen, you know, live video effectively of this membrane over my eye, which is a common thing. And she said, listen, I cannot send this image to your GP or your consultant because I don't have clearance to do it. I could fax it to them. What would he do? But.

I can't work out a printer down.

But seriously, it was due to restrictions on the sharing of data across the NHS. So what she suggested I do, which is what I did, was that I took a picture on my iPhone of this and then took it with me to the doctor.

Right. No, no, no. I think that's a very fair point. I'm going to think a lot about this. You've made a very interesting point that I've never considered before. I've never thought of it from that point of view before.

Well and as Rory says certainly if you want to share your health data what a shame that the powers that be are actually undermining that and preventing your ability or they're very.

Aware the systems need to be I mean part of it is down to the law for instance. I wrote another story on my popular health tech substack always on about links in the show notes, a registry that they're trying to create of equipment put inside people during operations because sometimes those things go wrong.

reviewed yeah yeah.

Carole, what have you got for us this week? Okay, well, put on your hazmat suits, gentlemen, because we're going to enter les eaux de Twitter

I just think he does these sort of things with shits and giggles really doesn't he.

Oh God yeah that's an expensive shits and giggle though that's an expensive one. Just likes the attention.

toilettes with the key players Elon Musk, no intro needed, Twitter itself, and finally the black belt sporting Peter, the Mudge Zacko, the Twitter whistleblower. So quick background for those out there with a life. Elon the richest person in the world perhaps, bored for a few weeks last spring agreed to purchase Twitter for the chump change of 44 billion dollars. Were you guys surprised when that happened or were you thinking oh typical Elon?

For the world's most brilliant man, he's pretty reactive, instinctive, careless about what he gets up to. I'd agree. Because, you know, soon after acting like he was changing his mind about purchasing a particular hoodie, he backtracks, right? Well, the alternative, he having gone in and put a floor under the price of Twitter, was that the stock price would plummet and more people would be sacked, I suppose. So they sued Elon. Elon soon countersues, saying Twitter misrepresented itself, dragged its feet in discovery, yada, yada, yada. Yeah, almost as though Twitter had sort of been started up as a very small operation and suddenly become extremely huge. And they sort of bolted on things over time and held it together with sellotape and string. Exactly. He has cyber clout, doesn't he? He does. He has cyber clout.

No, no, I haven't. And he sounds like the kind of hire that could either be great or could be a nightmare. Absolutely. Just like you and me, Graham.

That's why no one hires us. You know how we sometimes work with developers who are pathologically honest. And that's not necessarily a good thing. It's like, well, yes, that is technically 100% true, but can we just do this thing?

So, yeah, so Peter puts this out. And of course, it somehow got into the hands of the Washington Post. And then like an unfortunate bout of tummy trouble, it exploded all over the place. Lovely. Obviously, the CEO, Parag, I don't know how you say his name. How do you say it? Agrawal? Agrawal, I think, yeah. Agrawal, yeah. He responded to Mudge's charges in an email sent to employees, which, of course, was subsequently posted to Twitter by CNN. And he claimed that Mudge was calling attention to tasks that he was actually accountable for during his tenure. And in the blog post uses terms like false narrative riddled with inconsistencies and inaccuracies, basically not a happy CEO. And, you know, can we blame him given that his buyer is trying to back out and at the same time, a high profile employee of some repute is ringing the cyber alarm bells for everyone to hear.

And he again is in a weird position isn't he because he as you put it is fighting to get a new boss who will definitely sack him.

Yeah give him a huge payoff.

That is true yes oh now the plot thickens as you say. Well it does because Elon right when he hears about Mudge's complaints, frothing at the bit. Rubbing his hands. Right.

Now he feels there's new evidence to support his pulling out of the Twitter purchase and presumably he wants Mudge to show up in court.

Yes, which I think he is. Right. And to say all these things.

And his case was pretty weak until this came along, wasn't it? He basically bought it. Did he do any due diligence before he offered whatever he offered for it? Doesn't sound like it. Buyer beware. But now, if he was intentionally misled, as he'll claim, then all bets are off.

Yeah. Now, Elon wanted something else from the judge, too. He wanted to delay the court date, obviously, to build his case even further, but he didn't manage to do that. The trial of Twitter versus Musk is set for October 17th, next month. Okay, tickets now. Funny you should say that, because Slate yesterday published an article all about what the peanut gallery, so those of us without shares in Tesla or Twitter, which outcome should we root for? And I want to present you with the options and you guys can each pick one.

Oh, okay. Yeah?

Okay. Or come up with an alternative if you can think of an alternative. All right. So option one, root for a settlement that costs Musk a ton of money, but doesn't make him buy Twitter. Okay. Yeah. This is sounding quite attractive so far. Yeah. Okay. Option two, root for Musk. No. Because it'd be bad if he owned Twitter. Yes. And the ship has already sailed on people like him being subject to the same laws of the rest of us. So what am I rooting for there? I'm rooting for Musk to ruin Twitter.

No, no, no, not to ruin. If he wins, he doesn't buy it. Oh, he doesn't buy it still. Oh, okay. All right. If he wins it, he gets out of the whole, you know, buying Twitter deal.

But this is already marginally worse than option one, because option one, he doesn't get Twitter, and it does cost him some money.

Yes, which is, I think, going to be our preference all the way through, isn't it? Is anything which costs Elon Musk some money?

I don't know. Option three, root for Twitter. You know, you want Musk to pay up for a company he doesn't want, and you're willing to accept what his ownership of the company might mean.

Oh no, we don't want Musk in charge of Twitter. That'd be horrible.

You see, you've put it the wrong way around. You've given us the most attractive option first.

Well, option four, last one, root for carnage. Perhaps Twitter wins, but Musk refuses to pay. Or Tesla investors worried about Musk being too distracted tank the share price. Or Musk wins, but continues to fuck with Twitter out of spite.

No, we're not bad people, are we, Graham? Sorry, hang on, let me check. No, yes, that's right. Yes, we're going for option one? We're definitely going for option one. Yes, absolutely.

The final security focus thing I have for you that I think is fascinating on this is that this whole corporate tap dance is going to force Twitter's hand to review and harden its security policies. I can't see how they can get out of it. If they have to go to court, they have to say, well, you know, these things have been addressed. And maybe the big winners are us, the users of Twitter. Thoughts?

Well, I'm that rare thing, a quite satisfied user of Twitter. Maybe it's because I'm a conservative with a small c. I joined it pretty early on in 2007. I like it the way it is. It's annoying from time to time. I don't want an edit button because people will misuse it. I don't want to pay for it. I want things to carry on just as they are, as long as, you know, I'm allowed to block people who annoy me.

Oh, I quite like Twitter, I have to say. I don't like any of the other social networks, but I like Twitter. I would like to pay for it. I feel good about paying for services. I don't like services which have...

You don't like paying HP.

That's true, that's true. But I only use my HP printer once every three months for one page. With shit ink. The cybersecurity inside podcast is a fantastic resource to stay up to date on the latest news and trends whether you're a security expert or just want to know more about cybersecurity you should check it out thom garrison and camille moorhart host industry leaders to help us learn more about the world of cybersecurity make it easy to understand today's most important security and technology topics. Recent episodes of Cybersecurity Insight have covered the ethics of AI and machine consciousness, where we're headed with the cloud, how small businesses get access to cybersecurity resources, and so much more. You're going to walk away smarter about cybersecurity and have fun while you're at it. Check out cybersecurityinsight.com slash smashing to listen to the latest episode. That's cybersecurityinside.com slash smashing or search for Cybersecurity Inside wherever you listen to podcasts. Carole. Smashing Security listeners, did you know that Bitwarden is the only open source cross-platform password manager that can be used at home, on the go or at work? Bitwarden's password manager securely stores credentials spanning across personal and business worlds. And every Bitwarden account begins with the creation of a personal vault, which allows you to store all your personal credentials. These are unique and secure passwords for every single account you access. And it's easy to set up, it's easy to use. I honestly love Bitwarden. I use it at home, use it at work, use it on the go. Get started with a free trial of a Teams or Enterprise plan at bitwarden.com/smashing. Or you can even try it for free across devices as an individual user. Check it out at bitwarden.com/smashing. And thanks to Bitwarden for sponsoring the show. Graham. Collide sends employees important, timely and relevant security recommendations to their Linux, Mac and Windows devices right inside Slack. Collide is perfect for organisations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable. So instead of frustrating your employees, Collide educates them about security and device management while directing them to fix important problems. Sign up today by visiting, enter your email when prompted and you will receive a free Collide goodie bag after your trial activates. You can try Collide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/collide. That's smashingsecurity.com/K-O-L-I-D-E and thanks to Collide for supporting the show. And welcome back. Can you join us at our favourite part of the show? The part of the show that we like to call Pig Of The Week. Pig Of The Week. Pig Of The Week. Pig Of The Week is the part of the show where everyone chooses something that can be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security related necessarily. It better not be. Well, my pick of the week this week is slightly security related. Oh, tsk, tsk. Now, we are big fans of password managers here on the Smashing Security Podcast. Love them. We recommend that you use one because then you don't have to remember your password. Something else is securely storing them and it is generating random, unique passwords for every website you have to access. But there is a problem. There is a problem which is even if you do have different passwords to different websites, as we'd recommend, and their passwords are suitably gibberish and gobbledygook, you might occasionally come across a web form where it doesn't allow you to copy and paste a password into the form. Maybe you're registering for a website and the HTML on the website is preventing you from actually doing a paste of the password you've already entered into the field to confirm yes. Carole. I've had that. Graham. Yeah, it's bloody irritating. Especially when you have 20 character passwords. Tell me about it. You're on the British Gas website, for instance, chosen at random. Not that this has ever been a problem for me. And you find out that it won't let you really enter the password with a copy and paste. And they say, oh, it's for your security. No, it's not for your security. You don't know what you're talking about. So this regularly comes up on Twitter. People complaining about this sort of thing with different websites. And so I have found the solution, ladies and gentlemen. There is an add-on for your browser. I found versions of it for Firefox and for Chrome. And it's called Don't F\ck With Paste. Right. Carole, you'll bleep that appropriately, I presume. So this add-on stops websites from blocking copy and paste actions on password fields and other input fields where you may have completely legitimate, reasonable requirements to paste something in. Yes, Carole. Carole. God, you are so complaining today. He's moany, isn't he? Yes, so moany. Question, how often does this occur? For me in my life, this occurs maybe once a month, if that. Graham. That's enough, because if you have a password, which is 34 characters long, including weird symbols and numbers, and it's complete gobbledygook, and it's also masked on the website as well. You've just seen asterisks. It can be rather difficult to type it all in by hand. And you just think, why can't I just paste this into the field and get on with this? I think our listeners will agree with me. And that's why I look forward to see what they think about this. Install Don't F\ck With Paste, the browser add-on, which will help you with those irritating websites. And that is my pick of the week. Rory, what's your pick of the week? Well, I'm terribly sorry, but mine is to do with security in a roundabout way.

This would be an explosive blog post or even an essay.

Well, no, there was a guy called Timothy Garton Ash who lived there much longer and lived totally in the East. He did go back after 1989 and got his file and found out that all of his friends that he'd made in East Germany were spying on him. Wow. The Stasi. Yeah. So, anyway, it's a fascinating museum which I've got to recommend. The most absorbing place you can visit. Sounds brilliant. Very interesting.

Yeah. I feel guilty that I find most of their furniture and interior design mouth-wateringly gorgeous. And that is very disturbing to me. So, yeah, I'm going to deal with that. Have you told your husband where you like your boiled eggs, how you like your eggs in the morning. Boiled egg. Yes. Draw him a little chart.

I have a wonderful pick of the week, although I think it's rivaled by Rory's this week. And this is not hot off the press. Neither was Rory's. Mine's been around since 2020. But I don't have HBO, so I never saw it. And that is a wacky and utterly fresh docu-comedy series called How To With John Wilson. Have either of you seen it? No. Oh. I haven't, but I heard mention of it the other day. Well, this hopefully will get you off your seat. Oh, I'm excited now. Good. Yeah, so it's available on the BBC now. And I would say don't waste a moment longer. Even stop listening to me, although, Rory, Graham, you stay put. Okay, go watch it now. I was about to say, I'm off. No. So this is a series centered around an explanatory narrative, like an essay, where all the jokes are sort of visually punctuated by this collage of New York City footage. But that kind of wacky, crazy stuff you see all the time in New York, but no one ever kind of films. Just all that insane, crazy stuff. And so the essays would be something like how to make small talk or how to split the check or how to appreciate wine or how to be spontaneous. And John Wilson will do some musings on that and have this imagery of the background of just life of New York happening. But it somehow works with the poetry of the narrative. It's just glorious. And it's human and it's tender and it's funny and it's laugh out loud. And I don't normally do that.

How to. How to with John Wilson. Is that what it's called? Yep, yep. How to with John Wilson. I've got to check it out. It would make a killer podcast, just the essays on their own. But it just makes it glorious because you have these New York City moments that underpin what he says.

Well, that just about wraps up the show for this week. Rory, I'm sure lots of our listeners would love to follow you online and maybe check out your writings as well. What's the best way for folks to do that?

Well, my Twitter feed is full of inane nonsense, but it's also quite compelling. Ruskin147 is my Twitter handle. A warm feeling, that's what they'll get at the very least. And you can follow us on Twitter at Smashing Security, no G. Twitter last ever G. And we've also got a Smashing Security subreddit.

And my Substack, just search for Substack Rory Kathleen Jones. It's called Always On because that's the name of the book I wrote last year, but it's actually about health and technology. You can get it for free or you can pay me some money. You don't get much for the money to be honest, you don't really get anything for the money, but you know it would be a nice gesture.

And huge shout out to this episode's sponsors, Bitwarden, Collide and the Cybersecurity Inside podcast. And of course, to all our wonderful Patreon community. Thanks to them all.

Until next time. Cheerio. Bye bye. Bye. Bye.

This show is free. For episode show notes, sponsorship information, guest lists and the entire back catalog of more than 287 episodes, check out smashingsecurity.com.

Graham, do you think you're losing your voice because you're grumbling too much? Like, even Rory sees it. Even Rory, and you like Rory, you trust him. What do you think about that? It might be true. It might be true. Maybe. Yes, I trust me. It is. And then what career do you have?

It's over. It's all so over.

I could be a Eeyore impressionist. I could sing, I was born under a wandering star. Ha ha ha.