Tech Brew Ride Home - Wed. 05/03 – How A Pixies Song Broke Google Assistant

Episode Date: May 3, 2023

Google releases a new feature to put another nail in the password coffin. Malware merchants are using generative AI. A deep dive into what Bluesky is like right now. The best explainer of quantum comp...uting I’ve ever seen. And how a Pixies song is breaking Google assistant and making people miss their wakeup alarms in the morning. Sponsors: Nutrafol.com/men promocode ride OregonState.edu Links: You no longer need a password to sign in to your Google account (The Verge) Twitter restores free API access for emergency, weather and transportation alerts (Engadget) TSMC Plans for First German Chip Fab With Cost Up to €10 Billion (Bloomberg) Meta Is Trying to Push Attackers to the Brink (Wired) Bluesky showed everyone’s ass (The Verge) Quantum computing could break the internet. This is how (Financial Times) You can blame this Pixies song for Assistant canceling your alarm (AndroidPolice) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Wednesday, May 3rd, 2023. I'm Brian McCullough today. Google releases a new feature to put another nail in the password coffin. Malware merchants are using generative AI, a deep dive into what blue sky is like right now, the best explainer I've ever seen of quantum computing, and how a pixie song is breaking Google assistant and making people miss their wake-up alarms in the morning. Here's what you miss today in the world of tech. Google this morning released Pass Keys, a new Fido Alliance developed, cryptocryptory.
Starting point is 00:01:07 Keyes solution that requires a pre-authenticated device to basically eliminate passwords for all Google accounts and hopefully eventually accounts on other major platforms. Quoting the verge, Google's next step into a passwordless future is here with the announcement that pass keys, a new cryptographic keys solution that requires a pre-authenticated device, are coming to Google accounts on all major platforms. Starting today, Google users can switch to pass keys and ditch their passwords and two-step verification codes entirely when signing in. Pass keys are a safer, more convenient alternative to passwords being pushed by Google, Apple, Microsoft, and other tech companies aligned with the
Starting point is 00:01:46 Fido Alliance. They can replace traditional passwords and other sign-in systems like two-factor authentication or SMS verification with a local pin or a device's own biometric authentication, such as a fingerprint or face ID. This biometric data isn't shared with Google or any other third-party, and pass-keys only exist on your devices, which provides. greater security and protection since there's no password that could be stolen in a fishing attack. When you add a pass key to a Google account, the platform will start prompting for it when you sign in or when it detects potentially suspicious activity that requires additional verification. Pass keys for Google accounts are stored on any compatible hardware,
Starting point is 00:02:24 such as iPhones running iOS 16 and Android devices running Android 9, and can be shared to other devices from the OS using services like ICloud or password managers like Dashlane and OnePassword. You can still use someone else's device to temporarily gain access to your Google account. Selecting the use a pass key from another device option creates a one-time sign-in and won't transfer the pass key over to the new hardware. As Google notes, you should never create pass keys on a shared device because anyone that can access and unlock that device would be able to access your Google account. Users can immediately revoke pass keys in the Google account settings if they suspect that someone else can access the account or if they lose the only device that stored the pass key. Google says that users enrolled in its advanced protection program, a free service that provides additional security protections against fishing and malicious apps, can choose to use pass keys
Starting point is 00:03:14 in lieu of their usual physical security keys. It's going to take a while for pass key support to be widely adopted, so Google accounts will continue supporting existing login methods like passwords for the foreseeable future. This gives folks who may not currently have access to a device that supports biometric authentication, time to transition over to the new technology. It seems Google is planning to eventually transition entirely to pass keys, though by encouraging users to make the switch now and writing in its blog that it would scrutinize other sign-in methods as pass keys gain broader support and familiarity, end quote. I set this up just this morning on a couple of my Google accounts was pretty easy. Haven't been prompted to use it yet, but,
Starting point is 00:03:53 you know, I'm all for this sort of thing. Another day, another one of these, Twitter has restored free API access for verified government or publicly owned services that tweet weather alerts, transportation updates, and emergency notifications. Quoting and gadget. The social media giant outlined a three-tier pricing strategy for its API in March. Normally, free access is limited to bots and testers that only need to write posts. It allows just 1,500 tweets per month and one app ID, which can be limiting for creators that need frequent updates. Basic access costs $100 per month with fixed caps on tweets, while businesses have to use multiple enterprise-level tiers to meet their needs. These can cost tens of thousands of dollars per month. The shutoff broke numerous apps and
Starting point is 00:04:43 services that relied on the free API for sharing and content streams such as Flipboards Reader. It also created issues for developers willing to pay for access, including Echo Box. While Twitter had warned that a cutoff was coming at some point, it didn't notify customers of the exact timing and did little to explain the impact. Government services faced extra pain. New York City's Metropolitan Transportation Authority said it would stop posting service alerts on Twitter after it face a $50,000 per month fee for access. Microsoft also pulled Twitter from its social media tool for advertisers and disabled Twitter screenshot sharing for Windows and Xbox gamers, end quote. Sharing this because this continues the, if you don't control your silicon supply chain, you as a nation state or nation block don't really control your own strategic destiny narrative. sources are telling Bloomberg that TSM is in talks to spend between 7 and 10 billion euro to build a chip plant in Saxony, Germany, working with NXP, Bosch, Infinion, and the German government.
Starting point is 00:05:47 Quote, TSM chairman Mark Liu told shareholders in 2021 that the chipmaker had started assessments on setting up manufacturing operations in Germany, Europe's largest economy. The proposed European plant would focus on chips for the automotive sector, chief executive officer CCWay, has said, Similar projects in Germany have sought as much as 40% of their funding from subsidies as the European Union attempts to double its share of global semiconductor production by 2030. In April, the EU passed a 43 billion-euro-chips Act to boost domestic output after supply chain disruptions during the COVID-19 pandemic and as tensions between the U.S. and China escalate. Any state aid would require approval from the European Commission and the consortium is in talks with officials over the size of the package, the people said. In Japan, where TSM is spending $8.6 billion with partners to build a plant, it will receive about half of the funding from the government. The facility which TSM could approve as soon as August would focus on producing 28 nanometer chips, according to some of the people. If built,
Starting point is 00:06:49 it would be the company's first fab in the EU, end quote. Something something, the AI wave is touching every corner of tech. Meta is warning that malware actors are spreading their infrastructure, across multiple platforms, which is bad news in and of itself, but also that they're now using generative AI-themed lures, quoting Wired. The social media giant meta warned today that it sees many malware actors spreading their attack infrastructure across multiple platforms to make it more difficult for individual tech companies to detect their malicious activity. The company added, though, that it views the shift in tactics as a sign that industry crackdowns are working, and it says it is launching additional resources and protections for business users with the goal
Starting point is 00:07:37 of raising the barriers for attackers even more. On Facebook, META now has added new controls for business accounts to manage, audit, and limit who can become an account administrator, who can add other administrators, and who can perform sensitive actions like accessing a line of credit. The goal is to make it more difficult for attackers to use some of their most common tactics. For example, bad actors may take over the account of an individual who is employed by or otherwise connected to a target company, so the attacker can then add the compromised account as an administrator on the business page. Meta is also launching a step-by-step tool for businesses to help them flag and remove malware on their enterprise devices and will even suggest using third-party malware scanners.
Starting point is 00:08:16 The company says it sees a pattern in which users' Facebook accounts are compromised, the owners regain control, and then the accounts are recompensed because the targets' devices are still infected with malware or have been reinfected. The move to distribute malicious infrastructure across multiple platforms has advantages for attackers. They may distribute ads on a social network like Facebook that aren't directly malicious, but that link to a fake creator page or other niche profile. On that site, attackers can post a special password and link to a file sharing service like Dropbox or Mega. They then can upload their malicious file to the hosting platform and encrypt it with the password from the previous page to make it harder for companies to scan and flag.
Starting point is 00:08:54 In this way, victims follow the breadcrumbs through a chain of legitimate looking services, and no one site has a complete view of every step in the attack. As public interest in generative AI chatbots like ChatGPT and Bard has ramped up in recent months, meta also says it is seen attackers incorporating the topic into their malicious ads, claiming to offer access to these and other generative AI tools. Since March 2023, the company says it is blocked more than a thousand malicious links used in generative AI-themed lures so they can't be shared on Facebook or other meta platforms, and it has shared the URLs with other tech companies.
Starting point is 00:09:27 It also has reported multiple browser extensions and mobile apps related to the malicious campaigns. Meta says the attackers who distribute a known malware strain called Ducktail have increasingly leaned on these techniques in an attempt to compromise a range of victims and take over Facebook business accounts to distribute more of their malicious ads, end quote. Been waiting for someone to post a good summary of what I've been seeing on Blue Sky over the last week, and this one from Sarah Jong at The Verge sums it up nicely, I think. quote, early last week, barely anyone had heard of Blue Sky. On Wednesday, it was just one of many alternatives vying for attention as users grow increasingly dissatisfied with how the new regime
Starting point is 00:10:13 is running Twitter. By Thursday, Blue Sky, still an invite-only beta, had seen an unprecedented jump in the number of users, had attracted the positive attention of several notable politicians and celebrities, and had gotten a pundit besieged by angry, unblockable posts. What's happening on Blue Sky isn't a secret. Screencaps of its madcap exuberant weekend are, all over Twitter. But an invite is necessary to really experience the pandemonium. The question, what's it really like over there is essentially what is driving user growth? From inside these garden walls, among the 55,000 users, I can tell you it's absolutely wild. Yet within the madness, there's an ongoing increasingly weird struggle to establish norms, boundaries, and general vibes.
Starting point is 00:10:55 Also a lot of naked butts. In the midst of the chaos on Thursday, the CEO took a moment to beg people to stop calling posts skeets, a putative amalgam of sky and tweet, but really mostly a slangy reference to seminal omissions. The interface itself only refers to posts as posts. Unfortunately, this plea from on high only provoked users, many of whom were from the most recent influx of Twitter refugees, to insist that posts were definitely skeets. By Monday, CNN anchor Jake Tapper would ask his guests to respond to a statement made by Senator Brian Shats, the first but not only U.S. Senator on Blue Sky. Senator Brian Schatz just skeeted on Blue Sky, said Tapper live on air before reading the skeet out loud. In the midst of this meteoric rise, the relatively small team at Blue Sky has
Starting point is 00:11:41 been grappling with an endless series of problems, some of which are extremely niche, garrulous AI accounts that make threads of replies run so long that the app or website will error out, and some of which are extremely predictable, people constantly posting their butts. Although Blue Sky is currently hosted on only one server under the control of the Blue Sky team, its intention is to eventually become a decentralized protocol for a multiplicity of federated servers with a variety of different moderation practices. The plan is to make moderation customizable through a system of labels for posts. Yes, there are a great many questions raised by this proposal.
Starting point is 00:12:15 The developers had been jiggling between federation and moderation as priorities, CEO Jay Grabber said via her Blue Sky account on Thursday night, only a couple of hours after asking people to stop calling post skeets. The platform is admittedly without a number of standard features that help curb harassment. When the user base suddenly jumped in size, the block function had not yet been added, end quote. The ability to block people got added yesterday. There was also the hell thread event over the weekend when some prankster created a thread that if you participated in it, gave you like a million notifications.
Starting point is 00:12:48 So users were trying to tag each other in it to, you know, you know, rickroll them, I guess, into the hell thread. Read the whole piece for a sense of what blue sky is like right now. No, I do not have any invites yet, because I only got on there last Monday. I should probably save this for the long reads on Friday, but I can't resist doing this now. Check out this piece from the Financial Times about how quantum computing works. It's one of those stories where they use graphics to explain what they're talking about so well that quoting it really wouldn't do it justice. Yes, it is from the Financial Times, but I believe it's not behind their paywall. Just read it. And you'll understand better how quantum computing works and why it works,
Starting point is 00:13:35 and why, as I've mentioned before, it could break the internet. Everyone, governments, businesses, you and me, we need to prepare for Q-day, quote. For several years, the U.S. government has been planning for a quantum world and has been running competitions to find the most secure communication protocols of the future that would forestall the threat of Q-Day. The U.S. National Institute of Standards and Technology is in the process of approving new cryptography systems based on problems other than factorization that are secure against both quantum and classical computers. It's really a race between quantum computers and the fix, which is to stop using RSA, says Beirley. But whatever new security protocols are finally approved, it will take years for governments, banks, and internet
Starting point is 00:14:16 companies to implement them. That is why many security experts argue every company with sensitive data should be preparing for Q-Day today. However, the obstacles to developing one million cubic computer computers remain daunting, with some private sector investors predicting a quantum winter, as they lose faith in how quickly a quantum advantage can be achieved. Even if private sector investment slows, the escalating geopolitical rivalry between the U.S. and China will provide added impetus to develop the world's first robust quantum computer, neither Washington nor Beijing wants to come second in that particular race, end quote. Finally today, to tee up lyrics to end the show with today, quoting from Android police.
Starting point is 00:15:02 It wasn't long ago when Google rolled out a handy feature that made Google Assistant alarms shut up by simply saying stop or snooze. None of that, hey, Google nonsense needed. These quick phrases were first available for alarms and timers on Google Assistant smart speakers and displays like the Nest Hub, but they eventually made their way to Google's phones, starting with the Pixel 6. Now users are reporting some hilarious unintended side effects with this feature. After noticing their alarms didn't seem to go off on certain days, one Redditor woke up early to get to the bottom of the issue. The Pixie's song, Where Is My Mind, started playing since it was in a Spotify playlist
Starting point is 00:15:38 the user had set as their music alarm in the Google Clock app. If you're familiar with the song, it starts with a person saying, ooh, and then someone else cuts them off by proclaiming, stop before music starts playing. Well, Google's quick phrases feature picked up on this and stopped the alarm before it ever really started. We tested this and confirmed the issue, as did other Redditors, but we only noticed it with that one Pixie's song. Other songs that feature a prominent stop in their lyrics kept playing. Songs like You Can't Touch This by MC Hammer or Ice Ice Baby by Vanilla Ice, which begins stop, collaborate, and listen. Whereas my mind is unique in the fact that its stop comes before music really starts playing.
Starting point is 00:16:17 Google's quick phrases feature seems to ignore the command when it's. is backed by instrumentals or vocals, even when the music drops out, as the phrase is said. That lines up with all the user reports we've seen, complaining that assistant never hears them yelling stop over the sound of the music playing when they're actually trying to use this feature, end quote. You know, actually a lot of Pixie songs start with a shout that way, songs like, hey, where Frank starts by saying, hey, been trying to meet you, hey, must be a devil between us, blah, blah, blah.
Starting point is 00:16:54 Maybe hey triggers, hey Google as well. You probably already know where is my mind. But if you're not familiar with the song, Hey, hey, get on that. Search Hey by the Pixies. Good song. Talk to you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.