The Vergecast - Meltdown and Spectre will kill us all
Episode Date: January 5, 2018CES is next week, and we'll get to it, but first we need to talk to security expert Russell Brandom to make sure we won't all be dead from CPU security vulnerabilities before then. Also, stay tuned fo...r Paul Miller's excellent and enlightening sci-fi short story allegory for how Meltdown actually works. He did a great job. Nilay Patel and Dieter Bohn, the world's foremost experts on what to expect from the world's most important technology tradeshow, make their CES predictions, and Paul does his weekly segment "Mustard, back off!" So wow, what a great episode. Sorry about the sad stuff where computers are fundamentally flawed and nothing is safe. 2:56 - Meltdown and Spectre 42:17 - Paul's weekly segment "Mustard, back off!" 48:14 - CES preview Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Hello and welcome to the Vergecast, the flagship podcast of theverge.com.
This is like a very special Vergecast because there's a bomb cyclone in New York City.
A bomb cyclone.
That's the technical term for the snowstorm that's happening.
So all of us are like hunkered down in various snow shelters.
Can I say something that might be controversial?
Yeah.
It just kind of looks like it's snowing outside.
Yeah, bomb cyclone.
And Paul, you're in the office right now.
Yeah, I made it.
I survived the bomb cyclone.
It's like just you and Lauren.
Yeah, Lauren Grouch is tweeting pictures of her like doing like some Martian-esque survival tactics in the office.
She's like building forts and biomes.
She's definitely growing potatoes here.
By the way, in case you're wondering who these people are who are talking,
because you have foolishly chosen this to be.
the first episode of the Vergecast you've ever listened to.
I'm Nealai Patel.
Paul Miller is in the office.
Hello.
Deider Bone is in San Francisco.
Is it snowing in San Francisco?
I am in San Francisco, not in New York, where it's not snowing because we're not, we're
fine.
Everything's fine.
You guys have an earthquake.
We did have an earthquake this morning.
And you know what we did when we had the earthquake this morning?
We went back to bed.
That's what you do.
72 and Sunny.
It's going great.
And that fourth voice you're hearing is our friend Russell Branden.
Hey, Russell.
Hi.
Happy to be here.
Yeah.
So we should just start.
So we've got a couple of things to talk about.
We were obviously off last week.
We're headed to CES next week.
So we've got to talk about what's going to happen in CES.
At CES, we won't be doing a regular Vervecast,
but Dieter and Paul and I will be hosting the Circle Breaker show live on Twitter.
Each and every day, which just saying it out loud seems like a foolish
decision, but we're going to do
it, and it's going to be great. So we'll have all
the gadgets from the show, we'll have hands-ons, we'll be posting
that. I think our producer, Andrew Marino,
is going to be doing some special
behind-the-scenes stuff in the Vergecast feed
from CES. No traditional Vergecast
will just be doing the circuit breaker show.
So we're going to talk about what's going to come up at CES.
But we got to start with why Russell's
here, which is
just gigantic news. The biggest
news, potentially, of the year
for computer security.
The year is 4.000.
days old. I know. That's why I said it. Let's measure that statement. Let's see if it's
real. Okay. But right. I mean, it's, it's, the year has begun and there's already this
gigantic news, um, that certainly all intel processors for one of the vulnerabilities,
and potentially all processors, period, all modern processors for the other one, are compromised
in some way. Russell, can you explain what's going on here? Yeah. So, um, essentially
there is a lot of data that is on your computer that you don't want all the programs on your computer to have access to.
Kernel memory, right? This is the thing. And they figured out some, because of the way the processors were sort of dealing with kind of running things in parallel, right?
Like running more things in parallel has been a big way that we've gotten processors to run faster over the last 20 years.
And it turns out one of the ways that we were doing it, which was speculative execution,
sort of allows you to find out things about kernel memory,
which is really bad.
And potentially you can use this to just extract passwords
and encryption keys and all the, like, the crown jewels.
So there are two bugs here, right?
Yeah, although maybe there are three.
It's kind of weird.
It's like, how do you divide them up?
It's tricky.
Yeah.
Well, so, okay, there are two categories.
One is called Meltdown.
Yeah.
And that is the one that affects certainly all Intel processors.
Yeah.
And then the one that you are just describing
Speculative Execution, which we should explain what that is,
is called Spector.
Well, no, so speculative execution is what the chip does,
and they're all, and so chips have been doing this for 20 years,
and they're, this is like the core thing
that both of the, both of these are, like, exploiting.
Well, the only thing I was getting to is the research
to develop the bugs said they named it Spector
because it was related to Specter execution.
Oh, yeah.
And then they're like, also the Spector,
of this will haunt us for years to come.
I had this image of
them typing that and like smiling and being
like, Larry, I put a joke in.
We're all doomed.
Paul has been talking
all day about like different metaphors
for how this, what this works.
There was on Twitter there was a great like
library metaphor
where like the librarian
is bringing books to you on a cart
and the cart is the cash
of the cash memory of the
processor and then by asking
for books, even though she doesn't give you the books, you can tell which books are on the cart.
I don't know, Paul, what was your, like, favorite metaphor for this?
So here's how I've been thinking of it.
So that there's the two main bugs meltdown relates to out-of-order execution of instructions.
And Spector is speculative, which is this thing called branch prediction.
So, but basically, if you're a program and you want to look at memory that you're not,
allowed to look at an exception is thrown and you have to basically handle that exception or your
program is terminated right so what google's meltdown exploit does is it it tries to access that
memory it gets shut down but after the instruction to access the bad memory it does stuff
that basically is like a like a big semaphore in the the cache of
here's what I found.
So while...
Wait, wait, wait, wait on.
Like, communicating with flags across...
Yeah.
For the listeners who aren't familiar with semaphore.
Semaphore is how boat captains say storms are coming.
Here's my bad analogy.
I'll try to fix it up.
You're going to rob a bank, right?
You walk up to the door.
You don't rob the bank.
But a parallel version of you in a different universe
goes into the bank,
goes into the vault
and picks up a piece of paper
that has Neely's Netflix password on it
and reads it.
But how computers are supposed to work
is that person gets,
that version of you and that parallel reality
gets shot.
And that's how computers are running all the time.
They're doing stuff that is impossible
or illegal because this out-of-order
execution, like it's not supposed to happen,
but it does physically happen on the CPU
but just all the results are thrown away.
So you don't get any results from that illegal thing happening,
but the illegal thing does actually happen.
And so what Google developed is a special machine
so that while you, the version of you that just stood outside the bank
is waiting,
the version of you that did go into the bank in that parallel universe,
reads the Netflix password,
whispers it, gets shot,
but you have a special listening device
to hear
across parallel universe boundaries
the Netflix password
that's all I've ever wanted
Is this like
there was that scene with the flash
in Batman versus Superman
where he shows up and he's like
watch out like this is a warning
from the parallel universe
it's like Martha
the Netflix password is Martha
aren't
aren't metaphors supposed to make things easier
to understand
not more complicated
yeah at one point
is a bank robber doing semifor.
Why is the bank robber asking for Netflix passwords?
He's in a bank.
He should be asking for money.
Wait, actually, before we go further down this, Paul, you've now mentioned twice that it's Google who did this.
Yeah.
Because they, but they did it like sort of like officially, right?
They participated in Intel's bug bounty.
Talk about the people who discovered these bugs.
Russell can probably talk to this better, but it's Project Zero, right?
Yeah, yeah.
So Project Zero.
who I like desperately want to write about,
and they apparently are very secretive about these things.
But basically, Google for a long time has been really invested in, like,
finding vulnerabilities, and they're just really good at it.
They're, like, extremely good at finding vulnerabilities and commonly used software,
and not just Google software, which sometimes gets, like, Microsoft mad at them.
And they're also very aggressive about sort of disclosing it.
Like, really 90 days is what you get, and that's it.
Now, I don't know, this one is interesting because we're saying Intel, and I think the early
rumor when people were talking about it was that it was an Intel-specific bug. And then as we kind
of get more into it, it's kind of more complicated than that. There are certainly variants of this
infect AMD. There are certain things that like, I mean, everyone's having to patch, right? Like,
every operating system has had to patch every sort of, like, it's kind of everyone's problem
because everything's running on Intel processors,
but also, I mean, or AMD processors or any of this,
but it really is, as kind of technology gets more integrated,
and it's more people building, like, on top of things other people have built,
more and more of the vulnerabilities are just,
it's hard to be like, this is the person,
this is the single company that needs to know about this.
It's just how many people can we tell before criminals find out
and start actively exploiting this?
Yeah.
And so that was kind of what we saw.
is that everyone knew something was up
as of last week,
and there was,
but certain people were under embargo
and certain people weren't,
and the register kind of came out ahead
being like, well, we're not under embargo,
so we're going to tell you what we know.
And we sort of thought it was specific to Intel,
but also didn't know the whole story.
Would you say the register bit the hand that feeds IT?
Well, I mean, it's like, I mean, embargoes are always like a tricky thing, right?
I think there are always going to be people who get them and people who don't get them.
And then if you don't get them, then you don't honor them.
And so you're either inside the tent or you're not.
I do think this one was just too broad to really be sustainable.
There were too many people who had to know.
I was really at the point of that the register waited until.
Google runs this huge security research division called Project Zero.
They're the ones who discovered these two vulnerabilities.
Well, there were like academic researchers too.
It kind of all ran through Google Zero.
eventually. Okay. So then there's two vulnerabilities. We're just like already so deep in the
weeds. I'm just trying to be like. Oh, yeah. Yeah. Here's what happened. So Google in
partnership with academic researchers discover these two very serious vulnerabilities. One, which
apparently involves pirates in a bank with flags. It's called Meltdown. That's they, the pirates get your
Netflix password. The other one is called Spector and that has to do with speculative execution.
Paul, can you explain that?
Because that one appears to be the more serious one.
Like, Meltdown is already being patched all over the place.
It seems pretty focused on Intel, right?
So in Google's papers,
wait, Dieter's been trying to say something.
Deeter, what were you trying to say?
I was going to make a joke about boffins.
Just move on.
Okay.
Okay, good.
Okay, so Meltdown,
in Google's paper, Google has two PDFs,
one's for Meltdown, one's for Specter.
In the Meltdown paper, they say,
we haven't been able to reproduce this on AMD processors,
but we don't know for sure that it's impossible.
Google has almost developed a new technique of attack,
and all the implications are not necessarily known.
I heard somewhere that AMD basically saying that the version of you
that goes into the parallel universe and into the bank vault is literate.
Like their architecture doesn't allow out-of-order memory reads,
It's just executions, like, so the CPU can do stuff out of order, but you can't read memory in that out of order, and therefore they're safe from this.
Specter is based on branch prediction.
So branch prediction in computers is that, like, you know, like when you kind of warm up a process and it starts working better over time, it's because the CPU is figuring, hey, I'm in this loop, and this loop keeps going as long as it's true.
but it keeps on being true.
So I'm just going to assume I'm going to do this.
And I'll do it like a whole bunch of times.
And if I'm told that, oh, wait, I went too far,
then I'll, like, discard all those results
and pretend it never happened.
And so what they're basically doing
is they're reading legitimate memory
and then they read past the end
of that legitimate memory into the bad zone.
And then, as far as I know,
they do the same sort of simiport thing,
which I can attempt to explain if you want me to,
but they signal the information that they found
once they got past where they're supposed to be.
And the thing with Spector is that it can't get at kernel memory
like Meltdown can, but it can get at any other memory in the same process.
And guess what has a bunch of sensitive information
all running in the same process?
Your web browser.
And you can do Spector.
They've done Spector with JavaScript.
Wow.
So right now, as far as I know, Russell, please correct me if I'm wrong, a rogue actor could create a JavaScript Specter attack by some ad space on a bad website that doesn't vet its ads and hack whatever else it can find in that running process.
Is that correct?
So a lot of people are saying that they've patched against Specter, and we're sort of evaluating those claims.
It's kind of tricky. A lot of people are patching, but then the patch is not really any clearer than the bug.
But, I mean, I do think the scenario you describe where, like, there's a weird JavaScript thing that's running on your computer, and then suddenly it gets all of your passwords, is exactly the thing people are worried about.
Because for this to work, it has to be running on your computer,
but it can be running at the sort of lowest possible privilege level,
as long as it can get stuff into the processor,
then it can find out the other stuff that's in the processor.
What's so scary about these is this is really an attack on the basic building blocks
of what makes computer secure.
Like the whole reason your browser is secure is because it's an isolated process.
Well, why is an isolated?
process because the CPU
doesn't allow that isolated process
to look at memory outside of it.
It's protected kind of at the
CPU level and this is
an attack on that
basic foundation of security.
Yeah, and I think that's why it's so
hard to predict exactly
what the implications
are because it's sort of this was this basic
logical building block that we had
for computer systems that
like there's memory, like there's
this kernel and you can't get
into the kernel, but you can ask it questions.
And like, that's just a basic sort of move that we thought we knew how to do.
And now it turns out we've been doing it wrong this whole time.
I would have loved to be, sorry, things are falling over behind me.
But, yeah, so we don't really know what to do with that other than, like, rip all the chips out of our computers.
I would love to have just been in the room when these researchers are like, let's burn it all down.
But no, like this, this to me is really fascinating.
And Russell, maybe you could talk about this a little bit.
But like there's this whole embargo.
There's all these researchers.
There's a bunch of people that know it's coming and are like quietly patching or getting ready to quietly patch.
And then a little thing leaks out.
And then all of a sudden there's this rush.
And it's not just, hey, here's a research paper.
It's, hey, here's a research paper.
Here's another research paper.
Here's a website with an FAQ.
Here's two cute little logos.
Oh, yeah.
The logos are like, people complain about the logos.
Here's some cute, cutesy names to, like, let you grab onto them.
And with, like, previous, like, you put all that together.
It's like a whole media strategy from these security researchers.
And typically when you see that sort of thing, and I, you know, I keep on thinking about
Harplead, like, it's designed so that a regular person can be, can hear about this thing on the news
and be like, oh, yeah, the blah, blah, blah, virus.
I can actually, or the blah, blah, security vulnerability.
can pay attention to that.
That makes me think I should go act on this problem and then they go and they update their
stuff.
But here it's like, oh yeah, the blah, blah, blah thing.
I guess I just have to hope that Amazon cloud services update their shit.
Like there's a whole lot of like noise and fury getting created, but I can't tell who it's
getting directed at, you know?
Update your windows, right?
I mean, that's like a thing that you should do.
Microsoft issued that patch.
Yeah.
Apple's been pretty quiet, but anyway.
Yeah.
So this is, I think, the question I've had since the beginning, the, you know, the white
papers and the researchers, they're like, this affects smartphones.
Spector affects any processor that does out-of-order execution.
But I haven't seen a clear, speculative execution.
Branch prediction.
Branch prediction.
Any pirates with flags.
Some are, but I haven't seen a clear link to,
between this and iOS devices or Apple's A-series processors.
Are they implicated in this?
Yeah, we don't know.
I mean, I think the point Paul was making about AMD,
like there's a lot of, they kind of tried to do this on as many processors as they could,
and they made it work on, like, some version of an AMD chip that they had, like,
sort of physically changed to make it more hackable, so it's not, like, a great
representation of the AMD chips that are just in someone's computer. I don't know that they've
really taken a run at the Apple chips at this point. The question of, has this been demonstrated on
this chip is really just maybe there wasn't time to try. They thought all of this was going to
break a week from now, and they were certainly going to be trying a lot of things in that period
of time. That's one of the big unknowns. I also think given the like core nature of it, that a lot of chips
are doing these things.
This is stuff that the industry learned 20 years ago
you could do to make your chip run faster
and handle more commands at once.
And so everyone's just doing it now.
Maybe there's some reason why it wouldn't work on Apple chips,
but it's weird to say default assumption.
I mean, the default assumption has to be
that it kind of works on everything,
which is part of what's so alarming about it.
I mean, these are very universal ways software works.
like this is built in like to see and C++ the idea of exceptions.
The idea that if you are trying to read some memory and you go out of bounds of where you're actually supposed to be,
you get an exception and your program dies, crashes, or you handle that exception.
So you do that a lot and it's the completely common architecture of computers.
And from reading the papers, it sounds like Google has like, for a lot of these things like,
Okay, here are like three or four ways that we think we could do this.
This one seemed like the easiest one.
So this is the one we actually did, and here it is working.
But there are these more difficult ways that possibly maybe somebody with, you know, more time or worse intentions could employ and get it to work in more scenarios.
So here's the other weird thing.
So the big question is like, what do we do now?
You can patch it, and patches are going out.
I mean, and the really interesting and important patch is what the firmware of the chip, right?
How can the chip behave differently so that you can't do this so it doesn't work, right?
The easy answer is just don't do the stuff that was slowing things down, or I mean, don't do the stuff that was speeding things up,
so that you will just sort of roll back this innovation in chip processing.
And so people were looking at this from afar and saying this is going to start.
slow down every processor in the world by 15%.
Right?
I mean, this is a thing that people believed, you know,
it was a very real possibility we were looking at.
It was like between 12 and 30% by some estimates.
Yeah.
Well, so now they're saying, I don't know.
Google has just said we have this way of doing it
that will not cause,
what causes negligible slowdowns.
And Intel says that they have a similar thing.
I mean, Intel, you figure they're maybe not the most reliable source at this point,
but I don't see why Google is.
angry is Intel right now that the story broke specific to them.
And like that just nobody can shake it, right?
Because everybody else is like, all right, well, this is Intel's problem.
Well, this is the thing.
The Meltdown one.
So we let them think that.
But the Meltdown one was Intel's part.
The Meltdown one was sort of like focused on them.
And it was the most exploitable.
So I wonder as things were leaking out if that was just the thing that leaked out.
Yeah.
But yeah, I mean, it is, it is tricky.
But so the interesting thing is,
It could be that there's a patch out there that we figured out some better way to do this
that isn't sort of susceptible to this attack, and it doesn't really slow down the chips
and we just sort of push it out to everyone and everything's fine.
Or the other scenario is once all the pitches, or once all the patches go out,
everything is 10% slower.
Or like, two years, right?
We're turning back the clock on Moore's Law.
by two years,
because,
which is an insane thing
to think about
in the context
of consumer technology
where so much of the
assumption is
you want the new
computer because it's
like measurably faster
than any computer
you've used in your life
and you can use
all of these programs
that you know,
you can't use on a two-year-old
computer because it just doesn't
have the power.
I don't know,
have you tried a new MacBook Pro?
You're still sitting right there.
Well, so here's my question.
Right. So it broke specific to intel.
I feel like we didn't have a show last week, but last week was the Apple battery situation.
Yeah, we talked about it a bit.
We had it.
We had a little bit of Vergecast about that, but not like the full extent of the madness.
Yeah, they apologize.
Yeah.
But it seems like we're just in a moment where software that slows down your computer to solve some problem is it's like a solution that is just like appearing now.
All of a sudden, it seems like, well, we're a little, we're like, we're a little too far over our skis with processor performance.
If we actually just throttle this back, we can solve some of these bigger problems.
Does that seem like a trend, or is that just two unrelated data points?
Well, I wonder, I mean, people were talking about maybe the low-hanging fruit with Moore's Law and speeding up processors is kind of over.
and we've been like over-optimizing for, you know,
giga-hurtz, which is not in the end that useful compared.
If you had to choose, like, giga-hurt's battery life,
like it is actually from a consumer perspective,
they probably care less about it than the people working in the industry do.
Yeah.
Yeah, I mean, just anecdotally,
we've heard about Apple stores being, like, inundated with people who just want a new battery.
Like, they can't quite keep up.
And it's like, yeah, people, if you give them the same phone with the same performance,
with the battery lasts as it did, you know, a new battery, like, they'll take it.
They're like happy to pay the 30 bucks.
I think as it relates to this, like, they're totally different problems.
But would you pick a more secure computer that ran a little bit slower?
I think the answer is like undoubtedly yes.
So I just wonder, like, are we in a bit of a recalibration?
And does this give, honestly, does this give Intel some space?
Right.
Like, it's all targeted Intel, but they make the most.
chips, especially for like these cloud applications, that obviously the most chips and desktop
PCs, of course it's focused on them. The question to me is, is it work on arm processors?
Like, are Samsung chips affected, our Qualcomm chips affected, our Apple chips affected.
Arm processors are, we do know that there are at least some instances where it affects Arm.
I think it is like they're, they've kind of become like a second fiddle in the story.
And AMD was really loudly saying it's not us and people were like, I'm not sure.
But, I mean, it is other places.
I think the other thing is these, this, you know, even if it were just Intel, they are so dominant in the industry and their chips are so just inescapable.
Anything you do in technology is going to be relying on this at some point, just at some stage of the stack, that one basic design flaw really is an industry-wide problem, even if it's just this one company.
Yeah, we wrote that, we had the story that was like the big problem here is all.
all these cloud computing providers.
Yeah, so a couple things about that.
Like, one, I mean, we've, we've, we've had the parallel universe metaphor,
the semaphore metaphor, and it didn't quite explain.
No, the semaphore happens in the parallel universe.
Oh, God.
Universe.
But the deal, my understanding is the deal is, if there's a bunch of different apps running
and all, they all use the same processor, use the same kernel,
they're not supposed to fight out each other's information.
But that's on your computer, that's one thing, right?
Maybe a web page will do it.
If someone has physical access, they could do it.
Like, that's one thing.
But on a cloud server, on AWS or Google Cloud or whatever, there are like hundreds of apps that are basically the web services you use every day that are running off of these giant servers.
And that is a much more terrifying vulnerability.
So that's what Russell explained in his article.
But like the thing that I'm trying to wrap my head around, and maybe by the time this episode airs, it really,
the state of play will change.
But it seems like our initial take on Spector was,
we're doomed for 20 years.
We're doomed until every processor gets replaced.
But now, like, Google and Amazon,
or at least Google is coming out and saying,
actually, no, it's fixed.
We know how to deal with Spector.
It's fine.
And like, I don't know.
I have no way to judge whether or not that's true.
It's very odd.
Yeah, Russell, let's you read on sort of the lightning fast whiplash here.
Well, I think because of the,
the way it came out, the first people to say that there isn't going to be a slowdown and we can
deploy the patch and it's not a big deal was Intel, who in some sense should know, but at that
moment there was not a lot of impulse to trust Intel when they said that because I think
people had first, well, first they said that other chipmakers were affected, which turned out
to be true. But then they also said there isn't, the work.
is high, or the slowdown is highly workload dependent. And I think there just was not a lot of
trust. There was sort of like they're going to, they're going to say this. There was also this
weird thing about the CEO selling stock and people were kind of, and the embargo had been
holding and holding and holding people were kind of more and more frustrated by it. But I think,
I don't know why Google or Amazon would go out on a limb and say, we fixed it this fast. Like I think
the fact that they're saying that is more compelling to me.
I still don't know if I want to take them completely at their word.
And I also think, I mean, the other thing about sort of deeper level vulnerabilities like this is they don't stay dead.
Stage fright is the example I always use where, you know, I think for nine months,
Google had a new stage fright fix out with every monthly Android security bulletin,
just because people kept finding like, oh, okay, well, you fixed against if I write it that way,
but what if I write it this way? And it comes around this other angle. And I mean, to go to Paul's
metaphor, now it's my cousin, but he looks like me. It's not a parallel universe. It's an identical
twin. You can sort of keep playing this game. And it's very hard to sort of fix everything.
So I do think to the extent that there is a patch against the variance that we're aware of right now.
And again, the ones we're aware of are also the ones, hopefully the bad guys are aware of.
And so those are the important ones to patch first.
But the big question mark for me is how robust is this fix at all?
And we don't really know anything about what they're saying they did.
Like Google, I don't know, 20 minutes ago came out with the most detail.
explanation of what they did. But like, I mean, I'm asking the researchers who found it.
Like, is this plausible? And they're saying, well, I don't know what Intel is working with.
I don't know what they did. So I can't tell you whether it's plausible or not. Like, it just,
this is a black box to me.
What's the good news here is that Dieter, and hopefully me, but Deeter, at least, well, it depends on
schedules. At CES, we're going to have Brian Kuzanich on the Circularberg show.
Yeah. I mean, for not for nothing.
But Intel is giving the keynote speech at CES.
Like, Chris Ash is going to be on stage at the biggest, like, electronic show of the year,
three days, four days after all of this has gone down.
And that's going to be a very interesting moment.
You're going to put Intel processors in everything.
It's fine.
I do want, I don't know.
I don't have any special love for Intel.
But I don't really think of these as bugs.
This isn't like a dumb or careless engineer made, like did a typo or like forgot to include a line or something like that.
Right.
This was a carefully designed defense against security problems.
And it was, you know, there are definitely a lot of bugs in Intel CPUs and they're not like perfect.
but this was working as intended in a sense
and Google's attack was just better than it
smarter than it
do you think it was more or less like the movie sneakers
a lot like the movie sneakers for sure
great
sorry body
can I try to describe the sim before thing
yes
because I think it's really interesting this whole time
this also relates to cryptography
there's
what's called a side channel attack.
And basically after your cousin or whoever goes into the bank vault, it reads the password,
that piece of code rewrites the cache in a real, like, in a real, like, special shape.
And so you, because you're still not allowed to actually read this data that's in the cache, it's still protected memory.
but by writing it in such a like a kind of a loud way,
they're able to see a signal in that noise
and slowly pull data out of that signal that's created.
It's like, you know, the cache is meant for ones and zeros,
but they're making much larger shapes
that end up representing ones and zeros in the cache.
And the similar stuff is done with cryptography.
I think it's really,
it's really interesting and it's probably going to be, you know, a longstanding thing in computer security
that the fact that no matter how secret something is supposed to be in the computer,
it's still a physical process that actually happens.
And so, you know, something actually, some work is actually done and therefore it's detectable.
And there's a lot of defenses in CPUs and an operating system to sort of randomized memory layout.
and randomize the execution of things
and try not to, in the way
like cryptography algorithms are designed
to not like give themselves away
for what they're actually doing.
But ultimately, something actually has to happen
on your computer physically.
And therefore, if you can find a way to observe that,
you know the secrets.
I think that's fat.
Like no one thinks about their computer that way, right?
Especially as computers have become
more and more, like, essentially solid state devices.
Like, we've stripped out moving parts from computers left and right.
And the idea that there's, like, a physical process happening inside of a smartphone, I think, is very opaque to people.
Because, first of all, you certainly can't see it, right?
Like, something else that is able to detect it has to see it.
Apollo, are you saying that with regard to smartphones, you're a strict materialist?
That there's...
Yes, absolutely. Okay.
Well, I do think there's something cool about, like,
because that's something that comes up over and over again
with, like, security problems in general.
And I think even if it's not reading information,
there's a way in which computer programming
is kind of arranging these logical elements,
and everyone's been thinking of the kernel
as, well, you put it in the kernel,
because that's the thing you can't see.
And they had to establish that in a physical,
way, or sort of the underlying components of that, everyone assumed held, upheld these logical
sort of, this was this line in the sand. And then those elements break down. And that's what every
security vulnerabilities is in some ways, is some logical thing that everyone assumed it, you know,
this sort of sentence will hold no matter what, and we're going to build a program around
it, this little block doing this thing. And then it turns out that, well, you didn't
really pay enough attention to how it was working, and there's this other thing, and the logic
doesn't hold anymore.
One thing I'm curious about, have you guys heard of Risk V?
It's like a new open source processor architecture.
And I'm really curious to see if it turns out it's vulnerable as well.
Because one thing I'm seeing from some programmers is that these CPUs are so, so complicated.
And there are simpler ways to design CPUs, and there's also less opaque ways to design CPUs.
You know, there's lots of undocumented instructions in Intel processors because they're not, you know, open source.
So when Microsoft was having tons of problems with Windows, and it felt like, wow, maybe we can never make a secure Windows.
Like, maybe we should start over from scratch.
They started a branch in Microsoft to develop a new operating system from scratch as just, just as, just as,
like a safety fallback
in case they couldn't ever get Windows right
or if they were just sued
by a bunch of world governments for
putting unsafe software on people's
computers.
And they eventually shut down that
project because it turns out they were
able to get Windows safe enough.
But I wonder if you
could see more tech companies, because
there's a lot of tech companies already supporting
Risk V as like a really like low
cost, you know, like
something like a controller you can put
a hard drive or something.
But more tech companies might be interested in supporting something like RiskV as like,
okay, we need a simpler, more transparent processor architecture so that we can be more sure
that we're safe.
I think it's very idealistic.
So I think the RiskV thing is really interesting.
Like the idea of the open architecture, it tends to imply that problems will be solved
more efficiently because more people can.
see into it. But I think the challenge here is that you have to then apply the patch.
Right. So the fact that like there's only a handful of vendors who are in control here
means that you get efficiency in patching. Right. So like Intel can just like fix it and then like
send the patch out to its processors. If you have to trust Intel obviously. But you have a pure open thing
and it breaks. It's like who is going to patch it and then how does that get done?
distribute it. I'm waiting. I'm waiting for the other shoe to drop with arm processors.
Like, if it ends up affecting iPhones, Apple will patch every single iPhone on the planet. And they'll
do it, you know, tomorrow. And then they'll do a patch three days later because they actually
broke something because they're really bad at software patches lately. But if it affects Android phones
in a really easily exploitable way, like if I can go to a web page on the Chrome browser
my Android phone and they can execute some JavaScript that can get into this thing, or it, you know,
it gets into the Play Store, whatever.
Then, like, this is yet another instance,
and it seems like we have one of these, like,
with increasing frequency of,
is Google going to figure out how to get Android phones patched better?
They've gotten way better than they have in the past couple of years,
but it's still, like, at some point,
something has to give there where, like,
it has to be, like, truly solved on a more permanent basis.
You're saying we need a name.
National Telecom.
Oh, boy.
The nationalized the shit.
So I will just say, Google in its mitigation sort of report said that on the Android platform,
exploitation has been shown to be difficult and limited on the majority of Android devices.
Okay.
But that's not, like, impossible?
Yeah.
Like, so, I mean, timing mitigation for arm processors was a patch that went out.
But it's all still kind of haphazer.
I mean, I don't know how much that's going to hold.
hold. The other thing I would say on the open source front, the reason that it broke early and that there were all these
rumors about it was because it went out to Linux developers. Because you need to patch the OS. And I mean,
there are all of these servers things, you know, a lot of Linux-based programs running on servers
that are extremely vulnerable to this on, you know, on vulnerable processors that really did need to be
part of the rollout.
Right.
But also, then it was just in some open list serve.
And you would get someone saying, well, I have this patch.
It slows down the program by 17%, but we have to install it because there was this problem.
And I can't tell you any details about the problem because, hey, by the way, I'm under A NDA.
But it's all Intel's fault.
That was a list service.
That was all we had to go on for like weeks and weeks.
So, you know, open source has its drawbacks too.
Yeah. This is why there should apparently only be one vendor,
and that vendor should only allow certain developers
to pay a fee to write application software in strict sandboxes.
Right? Isn't that the Apple way?
There's like a question is like,
does iOS even let you do this unless you go back the phone?
By the way, I don't believe that's true.
I'm just saying that's like Apple has its advantage there
because it's very hard to even.
It's kind of hard to do formal verification of a program
to tell for sure that it doesn't ever.
exceed an array boundary.
If you had a capability,
like people do do a lot of work to try to test programs to hope that they don't.
But for like a regular C or C++ program,
there's still a lot of errors out there as evidence by any time anything bad happens
with your software.
Like the thing is like most,
this is exploiting something that,
basically looks like what a typical...
The reason exceptions exist
is because programmers mess up sometimes.
Well, they should just stop doing that.
Right.
Obviously.
So Russell, what's the takeaway
and what's next for sort of the average person
listening to this?
Well, definitely update your computer.
And I would say definitely be aware
of the fragility and impermanence
of all that surrounds us.
That's just good life advice.
Yeah, I don't know if I have anything beyond that.
I think it's tricky because we still,
there is still so much we don't know
compared to like most of the things we write about
on Theverge.com where like there's just a lot of stuff
that's falling into the cracks
between companies and between implementations.
And so I feel like we don't really know
what the one sentence takeaway
way on this is going to be yet.
Right.
Yeah.
I'm telling you, this is the story of the year, calling it four days in.
Wow.
I'm probably wrong.
But, you know, you got to start the year with the bang.
All right.
So here's the deal.
We don't have ads today because this is actually like we weren't going to do a show.
But then we're all, I'm sitting here in the snow.
We should do a show.
But we don't have a normal place to take a break.
So, Paul, here's my idea.
Yeah.
Every week, you do a segment in this week.
that segment will serve as the bridge
from the Spector discussion
into CES discussion
That's great
I'll do it as an ad
So what's your
Yeah it's always got the same name though
What's that name again?
Mustard back off
Oh I'm so mad about this
You know when you get mustard
All over your laptop
Don't you hate it
You're there you are
Just living your
life and your mustard jars are surrounded your laptop.
And then you knock one over and there's just mustard everywhere.
Well, do I have a solution for you?
Oh, my God.
Dell is bringing a new version of its Xbox 13 series laptops to CES this year.
And they're mustard resistant.
Wait, wait.
I have a number of questions.
The first is haven't laptops traditionally been mustard resistant?
But this one is white.
And so like there's a bunch of new materials happening to laptops.
There's Alcantara fabric.
And then like the pixel book has its advanced silicone variant, whatever the hell.
And the question is, will that stay white or not?
Because computers just always get grimy.
Mine is definitely getting grimy.
Yeah, Dell's new thing is that their white version of their XPS is mustard resistant.
Yeah, it has a woven carbon fiber texture on the palm rest.
And that's white.
And they say, it claims that if you get permanent marker, mustard, and other staining
materials on the white surface, you'll be able to wipe them off within a week without any issue.
Within a week?
Yeah.
So you don't, if you leave the mustard on your laptop for more than a week, no guarantees from doubt.
So hang on.
Like, I'm very angry about this new XPS 13.
Okay.
Probo code.
Did they move the camera?
Adds over.
This is one I'm very angry.
The promo code is mustard.
The XPS 13 has, was for years, the default de facto go to, this is the best Windows
laptop.
It had the best design.
It was super thin.
It was great.
It had tiny, non-existent bezels on the left side, on the right side, on the top of
the screen, but not on the bottom, because that's,
where the camera was.
And everybody hated that camera because it shot directly up your nose.
And we've been waiting for them to come out with a new version of the XPS 13 that could
finally dethrone the Surface laptop from Microsoft to the Surface book and be the next
version of the thin, ultralight Windows computer that could be in the same category as Apple's
like little, any bitty MacBook, but have all the power of a full Intel processor and not
the crappy thing that Apple has been sticking in the MacBook.
and it would run Windows, and it would be great.
And I was very, very excited when I saw that it was also going to be mustard-proof.
So I clicked that link.
And I saw, they added the Windows Hello camera, it looks like,
because there's two cameras so it can do the Windows Hello login,
which is awesome.
But it's on the bottom again.
They just don't, like, they just want that tiny bezel
and they can't figure out how to, like, just shift everything down.
And so it's just on the bottom again.
They want to take secret pictures of your knuckles.
Yeah.
I mean, it's going to be 0.46 inches thick.
It's going to weigh 0.2 pounds less.
It's like, it's going to be so good.
Everything is going to be great.
And they fixed the camera.
Instead of being in the lower left, it's now in the lower middle.
Well, so now, I mean, we have to review this laptop and put mustard on it.
Yes.
First of all.
Absolutely.
And also on our face.
Put some mustard on it.
Like the rapper.
Yeah.
I'm with you.
We've got a, I don't know, man.
I know what you're doing, Del.
All right.
So that, I mean, like, if you have a super popular product that people love and there's but one complaint about it,
shouldn't you solve that problem before adding mustard resistance?
Yes.
Yes, you should.
They're, like, whiteboarding the priority.
and they're like,
mm.
Here's my question.
Angela,
you've got some great ideas
about camera placement,
but Steve here is
working on mustard resistance.
I think we're going to go with that.
Like,
what the fuck are you doing?
Is mustard like a more,
does it work with like ketchup and mayo?
Yeah,
like,
can you spill an entire sandwich?
Why would you lead with mustard?
They say permanent markers.
I just think they were trying to be like informal
and anecdotal.
No,
because if you're eating a sandwich
and you're like, do the thing and like the, you know,
the condiments squeeze out.
Mayo's fine.
Mayo's white.
No one's ever like, I got mayo stains.
Ketchup's red.
Ketchup is red, Paul.
Thousand Island dressing is beige.
Relish is green.
We got to stop this.
Tweet us your favorite condiment in its color.
To add future Paul.
And we'll make sure to spill it on XPS 13.
when we get one in for review.
All right, this brings us in the gadgets.
Yeah.
This next week is CES.
We are expecting a, you know, a medium flood of gadgets, I would say.
Mm-hmm.
Every year CES seems to get a little bit smaller and a little bit more about cars.
Yep.
It's always the same level about TVs.
Mm-hmm.
So there's already like 8K TVs.
Roku's going to announce, they've already announced some, like, new voice control stuff that we'll probably see there.
Do I really want a Roku voice voice?
consistent. Is that what I want in my life?
No. I don't know why they're doing this.
Yeah. Thank you. It also announced something called Roku Connect, which lets you more easily
pair a soundbar to your Roku. And it just seems like you are solving a problem that people
don't have. Yep. At least as far as I can tell.
But like, I mean, we can basically guess right now that LG's like 88 inch 8K
super TV, OLED TV is going to be the thing, right? It's going to be the TV that we need to
go take a picture of and then we'll publish it and say, you can't tell from this picture,
but this TV looks amazing.
Like that's going to be the thing we do day one.
LG also hilariously adding Google Assistant to WebOS,
which I think is a delight.
So its new WebOS TVs are now on Google Assistant,
which I think is very funny.
Yeah.
It really makes WebOS on a TV seem.
They should just switch it to Android and be done.
But I think they're like to invest it in it.
You know, it's interesting how LG is true of all TVs.
They're putting out these TV.
every, you know, it's like WebOS,
and then the 2017 TVs came out
and WebOS had more features,
but the old TVs running WebOS didn't get those features.
And now the new ones are going to get Google Assistant.
And I couldn't tell you if that will come
to its other products running WebOS,
which I think is very irritating if you were buying a $3,000 TV.
That's all.
It's the Twitter.
What else are you expecting, Peter?
I mean, we're going to see a bunch of electric car stuff.
I'm actually pretty excited that whatever La Eco tries to do,
everybody will laugh them out of the room.
I don't even know if they're going to be there at this point.
There's a new HDR format war because we haven't had enough of that.
So there'll be another standard there that we need to deal with.
We're going to see a bunch of wearables,
but I am expecting there'll be zero Android wear.
And a lot of it's going to be a little bit more health-focused,
which means that there's going to be a lot of like bogus health claims to deal with,
which is always a blast and a bunch of AR stuff, I think.
I think that VR is still going to be there.
Disclosure, my wife works for Oculus, et cetera, et cetera.
Maybe Oculus will actually show off some of the stuff that they announced at Oculus Connect.
But I think that like a bunch of the other little guys are like, we've got an AR2,
and like here's our app and here it is on a phone and here's some crazy glasses.
like a bit of Uyzik's who does the glasses with like that they look like Google Glass but they're like
they're more industrial.
I think they're going to be all over the place.
Do you think so?
I think so.
I think they're thirsty.
They're always all over the place.
Yeah.
My expectation of this show is like last year was all Alexa.
Yep.
Right.
Alexa was suddenly in every product.
That as near as I can tell didn't mean anything to anyone.
There's not a single Alexa enabled device that.
came out
except from Amazon
well son else won
but that didn't happen
at CES
I think there's gonna
yeah I think it's gonna be
like Ford announced
like cars
yeah we're gonna see a bunch
of Google assistant stuff
in the same way we saw
a bunch of Alexa stuff
and I think it's gonna come to nothing
in the same way that Alexa stuff
was like yeah sure Alexa
they're just not caught up
yeah but I'm like
literally Ford
announced it in cars
and then Nat
reviewed a Ford
with a Lexa
Alexa in it and it was like horrible.
Right?
Like what are you going to do?
Like I,
there's something.
If Amazon wants Alexa to be its windows, which is apparently what it wants.
Like it's overwhelming platform on a huge range of products and services, it's got to be it.
They've got to somehow make it compelling on devices that aren't made by Amazon.
And thus far, it just hasn't been.
Well, and it needs to just do a better job of sort of understanding.
I don't know, the rest of your digital life.
Like everything, like Alexa, you can use Alexa to command other things,
and then everything becomes dependent on the quality of those other things.
And it breaks down very, very quickly when you're doing something outside the context of your home.
Like when you're in a car, like those other things don't work as well.
They don't know where you are and what's going on in your life.
And so Alexa needs to do a better job of, like, gathering that information
and doing useful stuff with it directly.
And, you know, this is, this has been Apple's big claim and especially Google's big claim that they know more about you and where you are and what's going on.
And so they can make that interaction a little bit more natural.
But they don't have the tonnage of support of apps and skills and whatever else that Alexa does.
And so it's, it's this weird, it's this weird, I don't know, is it an uncanny valley of functionality?
It's like, we got all the stuff.
We figured out alarms and timers and music.
And we know that we can do all this other stuff.
But in between here and there is just a whole lot of, like, awkward voice crap that is just not fun.
Yeah.
And maybe I'm just angry at Amazon's Alexa app on phones.
It's just awful.
It's just the most frustratingly terrible thing.
Well, you know, it's interesting is that Amazon, I think it reports this week that Amazon is already trying to figure out how to layer ads into Alexa or like shopping promotions.
And obviously it was the holidays.
I have a lot of Amazon boxes here.
You know, they're sort of like Amazon Prime tape that they put on all the boxes.
Literally the box I have here, it says, shop with Alexa, exclusive discounts for Prime members.
Yeah.
And it's like, you are not ready.
I don't, this thing isn't useful enough for me to, for me, for me to accept Amazon making it crappier with advertising.
Yeah.
Like it was so useful.
I'd be like, all right, I'm going to deal with the fact that.
It wants me to ask for prime deals every day.
Or it randomly starts speaking at me and being like, buy more toothpaste, like, whatever it's going to do.
Alexa, buy a case of toothpicks.
That's a toothpaste.
No, I think toothpacks is funny.
Because if a listener actually gets a case of toothpicks, they'll be able to like make a little toothpick for it.
They can like, Alexa, buy wood glue.
Right?
And now, like, we're setting up a whole arts and crafts project for every.
This is great.
I like it.
Yeah, buy crayons.
Do you think, so you think this is going to be the year of Google Assistant?
I think they're going to try, and I don't know how well it's going to work.
In the same way that a bunch of stuff got announced with Alexis support at CES last year,
and then we like saw some of it get released and some of it not,
and some of it worked and most of it didn't.
But like, it's supposed to be coming, right?
There's supposed to be more stuff that supports Google Assistant,
both on the app side
but also specifically on like the speaker side
because if Google wants to keep pushing on this thing,
they need to keep playing catch up
with like a larger ecosystem of devices to support it
with Amazon before Amazon like
finishes its job of becoming the de facto standard.
Meanwhile, you know, Apple hasn't even released the home pod.
Oh God, if Apple like puts out some home pod news
and then it'll see it because they always do something.
Yeah, they always do something.
And it's going to be HomePod.
I'm sure you're right.
Can I tell a sad story?
Yeah.
On January, sorry, the end of the year, what's December 31st watching TV with my roommates,
but we're like, hey, we don't want to miss midnight.
So we're like, Siri, count down the midnight for us.
Siri just does not know what we're talking about.
It's not giving us, like, weird answers.
So we were like set an alarm for midnight.
And Siri can't do that.
Wait, really?
Or what was it?
We wanted like a timer.
Yeah, that's the problem.
We asked for a timer to count down to midnight.
But Siri can set alarms for a specific time or a timer for an amount of time.
So we set an alarm for like four minutes before midnight.
And so the alarm went off.
And we're like, all right, it's almost midnight.
Let's talk, you know, we spent like three minutes, like,
talking about what our favorite parts of, you know, the year and what we're looking forward
to and stuff like that.
And we forgot to count down to actual midnight.
And it's all series full.
That's great.
Yeah.
That's amazing.
I spent my holidays at home with my family and I will tell you, I made a list.
Dear, I'm going to do the thing.
I'm going to do it to myself.
Okay.
I'm going to sign myself a story that I now have to publish.
Uh-huh.
I literally kept a list.
of the insane tech questions I got when I was home with all of our various families.
Yeah.
Number one of that list is should I buy Bitcoin?
Right.
Becky's like middle-aged aunts or like pulling me aside me like, this Bitcoin.
I'm deep.
I was like, what's happening here?
It's amazing.
But the amount of things that people have that are just broken and they're just accepting
of how broken they are and like creating behaviors just to avoid the brokenness
is like out of control.
And like we talk about the software bugs and the security vulnerabilities.
And I think us and our listeners were like, okay, I got to go hit the patch.
I'm going to go do it.
I saw people running iOS 9 on their phones.
Like they just don't care.
They see that pop up and it's annoying and they just close it and they don't update the phone.
And like it's just this endless list of broken things.
I'm going to publish the list of questions.
I'm going to try to like abstract them a little bit.
But to me it was just like a huge indictment, especially as I think about gearing
up to go to CES. It's this huge indictment of how complicated this industry has become and how many
just fundamental assumptions about using things all of the tech companies are making right now.
So like everyone thinks Alexa listens to them all the time. Right. Like that's just a assumption
that exists in the world. It's like literally always listening. Everyone thinks Facebook is listening
to serve you ads, whether or not you believe like, A, they are or B, there exists the sophisticated
general AI in the world to process that much voice data, pull keywords, and then target you
specifically with ads. That's a lot of assumptions, but people are just like, yep, all of that's
true. So, yeah, it's, I spent my entire holiday, just like listening to people talk about technology
and realizing, like, most people have no idea how it works. And when things break, they just avoid
fixing it and they create other things. And the tech industry has no idea how to deal with that.
I spent, I spent my holiday, the New Year's in particular, just,
being amazed at how clever Netflix is,
they have created on-demand, streamable New Year's Eve countdown shows for children.
So we were able to count down New Year's at 9.30 at night with, you know, a five-year-old and an eight-year-old.
And they're like, oh, sure, this makes sense in my world.
We counted on to midnight.
We watched the cartoon.
We cheered.
And they went to bed.
And it was great.
That's amazing.
Yeah.
Okay.
Here's my favorite one on this list.
I'm not going to give them all away.
we a bunch of people I know got new iPhone 8s and new iPhone 10s everyone calls it the X of course
most of those people thought they had to charge the lightning headphones in the box what because it's a lightning plug
so they they were like just like I need to plug these in every night wow because that plug to them
is a power plug and that's how the pencil that's how the pencil charges yeah it's like it was just
like it was just this like incredibly common thing I ran into
people are like, I hate these new headphones.
I have to charge them.
I was like, no, you don't.
Like, you're going to kill yourself.
Like, something terrible will happen if you do that.
In my bizarre world, I got an Osmo mobile, the thing that, like, you know, the gimbal that keeps your phone steady, right?
Yeah.
It charges via a 3.5 millimeter jack.
No.
Yes.
It's a USB on one side and 3.5 jack on the other.
Isn't that how you would charge the, like, the second?
Second generation
shuffles or something.
Yes.
Yeah.
Just incredible.
Well, I got a switch,
which is wonderful.
It's like exhilarated
to my USBC adoption.
But I would say this.
I also got a new DSLR.
I got a Nikon D-750-500.
Because of the baby
and we want to take photos
with the baby.
I,
smartphone cameras suck.
I don't know what we've been
saying or doing
this whole time.
They're terrible.
You should get a real camera.
they're great.
It's incredible.
It's also huge and inconvenient,
but it's,
yeah,
it's got like the Bluetooth's to a phone.
You take a picture,
it instantly sends it over.
It doesn't even like wait.
Right.
Everyone should get this $1,500.
You're living in the future,
you're like,
you did.
By the way,
I feel like I was talking about this
months ago when I bought my camera.
Are you missing anything?
Russell,
you getting hang good?
Um,
I mean,
I got a Bluetooth speaker.
Bluetooth speaker is great.
Love a good, you know, I can listen to music while I'm doing the dishes.
It's wonderful.
Yeah.
Everyone loves the books.
Do you have Alexa in your home?
I feel like it's our resident security reporter.
You're not the sort of person that's like a government microphone.
I don't even like, I mean, I don't even like talking to my phone, honestly.
Like, by friends who will just say, you know, directions to 61st and forth, and they'll just say it out loud on the street.
And I'm very uncomfortable with that.
It's just not the relationship to technology that I want.
Yeah.
I'm trying.
I got my sister in Echo Show.
And literally all anybody wants to use Echo Show for is when you set lots of timers in the kitchen, it tells you which of them are.
I also highly recommend doing this.
You can set a timer with a person's name.
So you can be like, Alexa, set a timer called Dieter for five minutes.
And then you can just walk in the room and be like, Alexa, how much time does Dieter have left?
Dieter has five minutes left
It's a joke that never gets old
It's so ominous and weird
To ask a computer
How much time a person has left
Okay, I think that's it
Yeah
Anything else we need to talk about
Any other big stuff, Deeter in this world?
No, I'm in watch us on Secret Breaker Live next week
This week, whenever you hear this episode
Check it out.
It's gonna be fun at CES
Yeah, it's gonna be a little batty
I'm cautiously optimistic about
Mark Zuckerberg's
2018 project
where he's going to work at Facebook
He's going to take charge of Facebook?
I just think
I think there's a real moment
where there's a growing backlash
for a lot of these companies
and they have a chance
to continue what they've been doing
which is only optimize
for time and money
like the amount of time
and money they get from their customers
or they could optimize
for how,
satisfied their customers are.
Like, like, not how much time did I spend on Facebook, but was the brief moment I was on
Facebook satisfying and useful to me.
And if they just tried to optimize for that, I feel like they could turn the ship around.
I don't know.
By the context here is every year Zuckerberg has a New Year's project, right?
So last year, he's like, he ran a mile every day or whatever.
The year before, he only ate meat if he killed it himself.
So, like, they're like these, like, esoteric personal development.
projects.
And this year he was like, I should work on making Facebook a better place.
Well, he's talking about like, he's like, he mentioned decentralization, like something
that's really interesting that's going on is like cryptocurrencies and stuff like that.
The problem with decentralization is the lack of control.
That is the problem.
But maybe he'll be able to solve it so that he can have perfect control over decentralized phase.
Well, yeah, it's funny because the Winklevoss twins own all the Bitcoin.
His name is his name is like, really?
Some of the Bitcoin.
I mean, like a lot of the Bitcoin.
They own a lot of Bitcoin.
Like, it's a lot as an amount of money.
It's a lot.
I'm just saying, like, it's Zuck versus the Winkle Vi once again.
Yeah.
David Fincher, get on the phone, dude.
Honestly, the Winklevoss angle is like the worst thing about the, like, rise of Bitcoin prices.
and there are a lot of bad things,
but that's like the worst thing.
Yeah.
All right.
Well, hopefully we get that movie.
Well, I think that's it.
Like Dieter was saying,
watch us on Circuit Breaker Live at CES.
We're doing it,
what's it, four episodes?
Yeah, Monday through Thursday.
Monday through Thursday.
The last episode,
we have very foolishly scheduled
the day after our staff party at CES.
That one's going to be a real hoot
in case you are a fan of our previous
extremely tired CES programming.
it's going to be great.
We're going to, our friend Sam Schaeffer is going to be on the Circle Breaker show.
He's coming to CS with us to run around and go on adventures.
I think that's going to be fun.
Beef.
Bust.
Wait, no beef.
No, it's going to be beef.
It's going to be beef.
God.
He's sitting at the hype desk.
We can't have him on without rebuilding the hype desk.
We're doing it.
We still don't know exactly what it means, but it's going to be great.
Lauren and Ashley be joining us to the Circuit Breaker Show.
Paul will be on the Circuit Breakers Show.
It's going to be a good time.
fun. And CES is happening.
There's also other programs to listen to if you're not interested in CES.
You can listen to the fine, stable programs on the Recode Network.
Lauren Good host Too Embarrassed Ask with Caroushwisher, which is great.
Carriess Fisher host Recode Decode.
Peter Cofco hosts Recode Media.
They're all wonderful.
There will be another season of Why'd You Push That Button with Caitlin Tiffany and Ashley
Carman.
Love that show.
Got a huge response, super into it.
Taking a little bit of a break between seasons to come up with some new topics, new ideas.
We'll be rolling that out soon.
Casey Newton, our friend Casey Newton,
is going to be starting to show this year too.
So look out for all that stuff as it happens,
and we will see you at CES.
Rock and roll.