Tech Brew Ride Home - Thu. 03/21 - Santa Tim Has Forsaken Us!
Episode Date: March 21, 2019Reset the x number of days without a Facebook scandal calendar, Microsoft launches Virtual Desktop but begins sunsetting Windows 7, European Wikipedia goes dark, and the hottest coin in crypto is maki...ng people remember the glory days of 2017. Sponsors: GetQuip.com/ride Metalab.co Links: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years (Krebs on Security) Can Duruk's Tweet Storm Windows Virtual Desktop is now in public preview (TechCrunch) Microsoft launches previews of Windows Virtual Desktop and Defender ATP for Mac (VentureBeat) Microsoft warns Windows 7 users of looming end to security updates (TechCrunch) European Wikipedias have been turned off for the day to protest dangerous copyright laws (The Verge) Hottest Crypto Coin's Massive Rally Echoes Bitcoin's Glory Days (Bloomberg) APPLE IPAD MINI REVIEW: NO COMPETITION (The Verge) Subscribe to the ad-free feed! Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the tech meme ride home for Thursday.
March 21st, 2019.
I'm Brian McCullough.
Today, reset the X number of days without a Facebook scandal calendar.
Microsoft launches virtual desktop but begins sunsetting Windows 7.
European Wikipedia goes dark.
And the hottest coin in crypto is making people remember the glory days of 2017.
Here's what you miss today in the world of tech.
Another day, another whatever this is.
This morning, Krebs on security reported that a tipster had alerted them to the fact that Facebook had been storing some users' passwords in plain text form in systems searchable by employees.
The source said that between 200 and 600 million user passwords were kept in these systems in this way.
Quote, my Facebook insider said access logs showed some 2,000 engineers or developers made approximately 9 million internal queries for data.
elements that contained plain text user passwords, end quote.
Now, note that at least at this point, there appears to be no malicious intent here,
we think.
This was just sloppiness again, we think.
Facebook immediately posted a statement saying it will soon notify hundreds of millions
of Facebook users and thousands of Instagram users about this issue if their accounts were
affected.
Quoting Facebook's Pedro Kanahadi, the VP of,
of engineering for security and privacy, quote,
to be clear, these passwords were never visible to anyone outside of Facebook,
and we have found no evidence to date that anyone internally abused or improperly accessed them, end quote.
When was it that I did that rant about Facebook and the line between a move fast and break things culture
and a culture of straight up incompetence?
The great Kandaruk had this tweet thread today that I'll just quote from sections of,
quote, how does Facebook, supposedly one of the more capable engineering firms,
have such shoddy security and such shoddy internal controls?
It's one thing to store passwords in plain text.
Bad.
It's another thing to have that many people have access to a database that have them.
Bad.
I can see how the first one can happen.
A team builds a new product really fast.
Grow!
And it doesn't bother to use proper solutions to store credentials.
Whose fault is that?
Maybe the credential store, culprit number one, is so cumbersome that the growth-oriented team,
culprit number two, had to build something sketchy to meet their manager's culprit number three KPIs.
This stuff is systemic.
It's easy and fun to blame individual engineers, but as cliche as it sounds, this stuff is organizational issues.
Nothing about storing passwords or building ACLs is rocket science.
By making sure you have secure systems that can be used, think entire private,
product lifecycle easily and making people understand that PII is as much of a liability as
it's an asset, especially at companies like Facebook, is very hard.
I don't think Facebook will ever get there for what it's worth.
A company whose product exists as a function of the data you wished you didn't share
won't respect your data.
Okay, bye.
Subscribe to my newsletter, end quote.
Last year, Microsoft announced Windows Virtual Desktop, which it called a comprehensive
desktop and app virtualization service running in the cloud. Today, it launched Windows virtual desktop
in a limited preview, quoting TechCrunch. It's worth noting that this is very much a product
for businesses. You're not going to use this to play Apex Legends on a virtual machine somewhere
in the cloud. The idea here is that a service like this, which also includes access to Office 365
Pro Plus, makes managing machines and the software that runs on them easier for enterprises.
It also allows employers in regulated industries to provide their mobile workers with a virtual desktop that ensures that all of their precious data remains secure.
One standout feature here is that businesses can run multiple Windows 10 sessions on a single virtual machine, end quote.
At the time of this writing, Windows Virtual Desktop is only available in the U.S. East 2 and U.S. Central Azure regions,
and you need to be a Microsoft 365 Enterprise customer to work with this in the first place.
It is part of the subscription you already pay for, but you may need an additional Azure subscription on top of that to run multiple virtual machines in the cloud.
But wait, Microsoft announced more today, including Desktop Defender Advanced Threat Protection for MacOS, also in limited preview.
What's that exactly?
Quoting from Venture Beat, if you did a double take here because you thought it was called Windows Defender, you're not wrong.
Microsoft is extending its endpoint protection platform to additional operating systems starting with MacOS.
And so with the release of Microsoft Defender ATP for Mac in limited preview, Windows Defender is now Microsoft Defender.
Microsoft Defender ATP gives MacOS users, quote, next gen, antivirus protection, but Microsoft is also promising to add endpoint detection and response and threat vulnerability management capabilities in public preview next month.
TVM is designed to help security teams discover, prioritize, and remediate known vulnerabilities and misconfigurations exploited by hackers, end quote.
There were plenty more in the weeds announcements made by Microsoft today around Office 365 and Windows 10.
So if this is your METIA, do hit the Venture Beat link in the show notes for more details.
Also, P.S. Microsoft says that official support for Windows 7 will end on January 14th,
2020, though enterprise customers can pay for extended support until 2023. Why am I mentioning a nearly
10-year-old OS that you probably shouldn't be using still anyway? Well, because chances are a good
proportion of you are still using it because Windows 7 still makes up about 40% of the overall
desktop market. If you are one of these recalcitrant holdouts, Windows recently released a software
patch that will now start automatically warning you of the impending deadline. So to keep your stuff
safe and secure, maybe start transitioning away now. Microsoft doesn't patch end-of-life software
generally, though in 2017, it did make a rare exception by releasing a security patch for Windows
XP, which had been officially retired for three years at that point in order to prevent the
spread of the Wanna Cry ransomware attack. Remember that scary EU copyright law that is making
its way through the European Parliament. We've been tracking it for the better part of a year now.
Well, four European Wikipedia sites are dark right now and directing users to contact their
EU representatives today, March 21st, to protest the copyright directive. Other sites like
Reddit, Twitch, and Pornhub are doing the same, though they have not shut down access to do
so. A final vote on the legislation is scheduled for Tuesday, March 26th, as the Verge
reminds us, quote. The law in question is the EU copyright directive, a long-awaited update to
copyright law. Although the directive mostly contains common sense changes for the internet age,
two provisions have been singled out by critics as potentially dangerous. These are Article 11,
which lets publishers charge platforms if they don't link to their stories, the so-called link
tax, and Article 13, which makes platforms legally responsible for users uploading copyrighted
material, the so-called upload filter. Champions of the directive say these laws will give publishers
and content creators the tools they need to reclaim the value of their work from U.S. tech giants.
But critics say the politicians behind the legislation do not understand the breadth of the laws
they are proposing and that the directive, if implemented, will harm free expression online, end quote.
There's one crypto coin that is still partying like its New Year's Eve, circa 2017.
Allow me to introduce you to Binance coin, which has more than tripled in price in the last three months,
surpassing a $2 billion market cap.
Binance coin is the coin minted by Binance, the world's third largest crypto exchange by volume.
Binance was founded in the midst of the 2017 crypto boom,
and after run-ins with regulators and authorities in Japan and Hong Kong,
decamped to crypto-friendly Malta, where the exchange is still domiciled.
quoting Bloomberg, this is the best executing team in crypto, said Tushar Jane managing partner at hedge fund multi-coin capital management in Austin, Texas.
We expect to hold them for the foreseeable future, end quote.
Binance coin, also known as BNB, is used by holders to pay the fees levied by the exchange for trading.
It's also on the way to becoming a favorite medium of exchange for issuers of initial coin offerings,
allowing startups to raise money by listing on one of the most liquid crypto exchanges
with about $1 billion in daily trading volume.
What's made Binance Coin particularly attractive is the company's practice of tying the performance of the exchange
to the amount of tokens in circulation.
After an ICO issued 200 million of the coins in July 2017,
the company plans to spend 20% of its profits each quarter to buy back and destroy Binance coins.
An undertaking that may continue for the next 10 years, founder Zhao Zhang Peng said,
an interview. About 50% of the coins were allocated to company employees and investors, end quote.
The iPad mini reviews are in, so as per usual, let me just do a quick whip around the horn.
Generally, everyone was like, look, it's an iPad mini. If you know it and you love it, you'll know this
and love this. Wired says, quote, the mini feels personal in a way that other devices no longer do,
not because of its actual newness, but because it is still here and slightly reinvented once again.
Matthew Panzerino at TechCrunch said, quote,
it's small, sleek, now incredibly fast and well-provisioned with storage.
The smallness is a real advantage, in my opinion.
It allows the mini to exist as it does without having to take part in the iPad as a replacement for laptops debate.
It is very clearly not that, while at the same time still feeling more multipurpose and useful than ever.
I'm falling in real strong like all over again with the mini,
and the addition of pencil support is the sweetener on top, end quote.
Some people were dismissive because some people are just dismissive of the concept
and place in the world of the iPad mini these days.
Here's Chris Velasco at Engadgett, quote,
There will always be reasons to keep the mini around.
As you read this, it's being used in point-of-sale kiosks
and in airplane cockpits and on Chili's dining room tables,
and that's great for them.
For you and me, though, and for most actual users, I suspect this year's mini will come off more as a capable curiosity than a must-own tablet, end quote.
But Nilai Patel was more aligned with my, at this point, well-known position on this device, quote,
people who love the iPad Mini really love the iPad Mini.
It's easy to forget that because Apple seemingly forgot that it made the iPad Mini.
The last update, the iPad Mini 4, came in 2015, and it's barely been mentioned since.
Most people both in and out of Apple assumed the minis.
middle-sized market position would eventually be snuffed out of existence by ever larger phones and
the repositioning of the iPad as a laptop replacement. But people really love their iPad minis,
and they just kept buying the iPad Mini 4, even as the rest of the iOS lineup was updated and
improved over time. Apple told me it was surprised to find that people were buying the Mini
primarily because of its size, not because of its price. And if people are going to keep buying
something, it's worth updating, end quote. And if I may say so,
Long may that last.
Finally, today, a bit of audio levity.
Yesterday at an Economic Club event in Washington, D.C.
AT&T CEO Randall Stephenson was being interviewed on stage
live in front of C-SPAN cameras when his Apple Watch started buzzing,
distracting him.
It was a robocall.
It was a huge M&A activity that I was got to be part of.
You were the CFO for many of that?
I was, yeah, for a lot of that.
and I'm getting a robo call too.
You get a message now right now?
It's literally a robocall.
From President Trump or somebody?
He doesn't call me.
He doesn't call you? Okay.
So, yes, the scourge of robocalls is so all-pervasive, not even the CEO of one of the largest telecos in the world is immune.
I kind of wish he had taken that call and then tried to reach actual human beings.
So he could be like, do you know who this is?
By the way, I think I've mentioned before that the various telcos are launching various systems to combat robocalls, AT&T, and Comcast, have been testing verified calls using digital signatures.
It's the new so-called shaken-stirr technology, which, though it won't stop robocalls completely promises to give you more control over verifying the calls you get inbound.
Every day, for me, at 11.15 a.m.ish or about there, same call every day. In Chinese. I never even know what the robocaller is trying to tell me, but it is adorable when my iPhone tries to transcribe the voicemail message.
No Santa Tim announcements today. Sad. That air power thing is still coming, I swear. That is all for today.
though. I've been your host,
Brian McCullough. You can follow me on Twitter at
Brian MCC. The podcast subreddit
is R slash ride home.
The link to subscribe to
the ad-free version of the show is
at the very bottom of the show notes.
And by the way, I haven't reminded you
of this in a while, but do rate us and
review us on whatever platform you're listening
on, on Google Podcasts, on
Spotify, on your podcast app.
If it has a rate and review feature,
rate us five stars, and
write a review if you have the time.
especially on Apple Podcasts slash iTunes.
There are a couple of negative reviews on iTunes
that came in over the last couple weeks
that I want to bury.
But honestly, rating and reviewing
helps us grow the mutant podcast army.
So thanks to all of you who do
or have done so in the past.