1 00:00:00,000 --> 00:00:00,500 2 00:00:00,500 --> 00:00:02,778 [MUSIC PLAYING] 3 00:00:02,778 --> 00:00:04,710 ANNOUNCER: This is CS50. 4 00:00:04,710 --> 00:00:08,108 5 00:00:08,108 --> 00:00:09,150 DAVID MALAN: Hello world. 6 00:00:09,150 --> 00:00:12,280 This is the CS50 Podcast, episode 4, zero indexed. 7 00:00:12,280 --> 00:00:13,480 My name is David Malan. 8 00:00:13,480 --> 00:00:15,760 And I'm here with CS50's own Colton Ogden. 9 00:00:15,760 --> 00:00:19,000 COLTON OGDEN: David, I'm curious what the first browser that you ever used 10 00:00:19,000 --> 00:00:19,960 was. 11 00:00:19,960 --> 00:00:22,965 DAVID MALAN: It was probably like Netscape 1.0 or something. 12 00:00:22,965 --> 00:00:24,340 COLTON OGDEN: Netscape Navigator? 13 00:00:24,340 --> 00:00:27,640 DAVID MALAN: Maybe, or even one of its predecessors, 14 00:00:27,640 --> 00:00:29,770 one of the very first prototypes of a browser. 15 00:00:29,770 --> 00:00:31,100 But it was old school for sure. 16 00:00:31,100 --> 00:00:33,475 COLTON OGDEN: This would have been on a Windows computer. 17 00:00:33,475 --> 00:00:34,690 DAVID MALAN: Gosh, probably. 18 00:00:34,690 --> 00:00:36,760 Well, I started off life using Macs, and then I 19 00:00:36,760 --> 00:00:39,580 switched I think in college to using PCs and windows. 20 00:00:39,580 --> 00:00:44,110 And then, eventually, I think after a few years of teaching CS50 21 00:00:44,110 --> 00:00:45,250 did I switch back to Mac. 22 00:00:45,250 --> 00:00:46,810 So-- 23 00:00:46,810 --> 00:00:49,228 COLTON OGDEN: I think the meme is that there are 24 00:00:49,228 --> 00:00:50,770 a lot of browsers that have come out. 25 00:00:50,770 --> 00:00:52,960 There are a lot of popular browsers these days-- 26 00:00:52,960 --> 00:00:56,530 Chrome, Firefox, Opera, Edge. 27 00:00:56,530 --> 00:01:00,790 On that list is not a particular browser of quite a bit of infamy, 28 00:01:00,790 --> 00:01:02,508 that browser being Internet Explorer. 29 00:01:02,508 --> 00:01:04,300 DAVID MALAN: Yeah, that one proved the bane 30 00:01:04,300 --> 00:01:06,580 of most developers' existence for some time 31 00:01:06,580 --> 00:01:09,670 because it was just so non-compliant when it came to certain standards. 32 00:01:09,670 --> 00:01:13,150 And Microsoft really did its own thing with various interpretations 33 00:01:13,150 --> 00:01:15,190 of the HTML and/or CSS specs. 34 00:01:15,190 --> 00:01:18,190 I remember even we had struggled with that for some of our own web apps. 35 00:01:18,190 --> 00:01:19,868 Like you'd get it working on Firefox. 36 00:01:19,868 --> 00:01:21,160 You'd get it working on Chrome. 37 00:01:21,160 --> 00:01:22,690 You'd get it working on Opera. 38 00:01:22,690 --> 00:01:25,090 But, damn it, it doesn't actually work as you expect 39 00:01:25,090 --> 00:01:27,515 in IE, especially IE6, version 6. 40 00:01:27,515 --> 00:01:28,390 COLTON OGDEN: Indeed. 41 00:01:28,390 --> 00:01:31,870 I mean, we used to even use BrowserStack internally, which is a website that you 42 00:01:31,870 --> 00:01:33,550 can test on multiple-- 43 00:01:33,550 --> 00:01:35,290 you can sort of look in a browser and see 44 00:01:35,290 --> 00:01:36,915 it working on multiple actual browsers. 45 00:01:36,915 --> 00:01:39,665 DAVID MALAN: Yeah, no, and that was in large part because of that, 46 00:01:39,665 --> 00:01:41,860 especially if a lot of us develop here on Macs. 47 00:01:41,860 --> 00:01:45,130 And so it wasn't really easy to run Internet Explorer, let alone 48 00:01:45,130 --> 00:01:46,420 any Windows-based browser. 49 00:01:46,420 --> 00:01:48,910 But, yeah, we had some third-party help with that, which was handy. 50 00:01:48,910 --> 00:01:51,340 COLTON OGDEN: Yeah, and IE6 was the particular offender because they did 51 00:01:51,340 --> 00:01:52,150 have IE7. 52 00:01:52,150 --> 00:01:53,660 They did have IE8. 53 00:01:53,660 --> 00:01:57,550 And, from what I remember, they improved on some of the noncompliance 54 00:01:57,550 --> 00:02:00,590 that IE6 sort of bore at the time. 55 00:02:00,590 --> 00:02:04,110 But what's funny is this week, in doing some research for the podcast, 56 00:02:04,110 --> 00:02:05,800 I came across an article-- 57 00:02:05,800 --> 00:02:07,889 a blog post, rather, by Chris Zacharias. 58 00:02:07,889 --> 00:02:09,639 DAVID MALAN: Yeah, no this was wonderful-- 59 00:02:09,639 --> 00:02:12,370 "Conspiracy to Kill Internet Explorer 6." 60 00:02:12,370 --> 00:02:13,450 COLTON OGDEN: Indeed. 61 00:02:13,450 --> 00:02:15,580 He is a former YouTube employee. 62 00:02:15,580 --> 00:02:19,220 And this is back in 2009-ish. 63 00:02:19,220 --> 00:02:20,890 And, back then, I mean YouTube was huge. 64 00:02:20,890 --> 00:02:23,680 You know, it started around 2005, 2006, but 2009 was really 65 00:02:23,680 --> 00:02:24,850 when it started to kick off. 66 00:02:24,850 --> 00:02:26,933 DAVID MALAN: Yeah, and I think, as the story goes, 67 00:02:26,933 --> 00:02:29,317 they had just been YouTube acquired by Google. 68 00:02:29,317 --> 00:02:31,900 And they were in the process of being integrated into Google's 69 00:02:31,900 --> 00:02:33,580 own software-based workflows. 70 00:02:33,580 --> 00:02:36,790 But enough of the developers on the YouTube team 71 00:02:36,790 --> 00:02:39,130 were just completely fed up it seemed with having 72 00:02:39,130 --> 00:02:43,200 to support IE6, which was still a non-trivial percentage of their user 73 00:02:43,200 --> 00:02:43,700 base. 74 00:02:43,700 --> 00:02:46,450 And I think, understandably, YouTube and presumably in turn Google 75 00:02:46,450 --> 00:02:49,210 didn't want to deprecate support for IE6 because there's 76 00:02:49,210 --> 00:02:52,960 a lot of employees at companies whose systems are pretty locked down. 77 00:02:52,960 --> 00:02:55,865 There's teachers in schools whose computers are pretty locked down. 78 00:02:55,865 --> 00:02:58,990 So there's a lot of users out there who can't just follow your instructions 79 00:02:58,990 --> 00:03:00,198 to update to another browser. 80 00:03:00,198 --> 00:03:03,200 They need like the IT department to actually do it for them. 81 00:03:03,200 --> 00:03:05,510 So I was an understandable business concern. 82 00:03:05,510 --> 00:03:09,640 But, as I understand it, the developers wanted nothing to do anymore with IE6. 83 00:03:09,640 --> 00:03:13,480 And so they started sneaking into YouTube's own code base 84 00:03:13,480 --> 00:03:16,080 a little banner advert essentially urging 85 00:03:16,080 --> 00:03:20,380 IE6 users to upgrade to any number of suggested other browsers. 86 00:03:20,380 --> 00:03:22,720 And they gave some direct links. 87 00:03:22,720 --> 00:03:25,210 COLTON OGDEN: Yeah, no, it was pretty crazy. 88 00:03:25,210 --> 00:03:28,990 And one of the stories that Chris even talked about in his blog 89 00:03:28,990 --> 00:03:32,140 is empty source tags in images would just 90 00:03:32,140 --> 00:03:34,810 load whatever the document root was. 91 00:03:34,810 --> 00:03:37,930 And this would have the effect of essentially recursively loading, 92 00:03:37,930 --> 00:03:40,263 similar to an iframe, all of the server's contents. 93 00:03:40,263 --> 00:03:42,430 DAVID MALAN: Yeah, and that was just one of the bugs 94 00:03:42,430 --> 00:03:43,780 I think that kept tripping them up. 95 00:03:43,780 --> 00:03:45,280 COLTON OGDEN: And that one had the-- 96 00:03:45,280 --> 00:03:46,990 from what I remember reading, it actually 97 00:03:46,990 --> 00:03:49,330 could cause blue screens of death on Windows machines. 98 00:03:49,330 --> 00:03:50,140 DAVID MALAN: Yeah, no, I believe it. 99 00:03:50,140 --> 00:03:52,270 And I'm amazed that bugs like that persist. 100 00:03:52,270 --> 00:03:54,312 And, even if they do eventually get fixed though, 101 00:03:54,312 --> 00:03:57,190 if you have a lot of systems out there that are not 100% up to date, 102 00:03:57,190 --> 00:04:00,500 then you're stuck dealing with these kinds of issues. 103 00:04:00,500 --> 00:04:03,670 But what was funny, I thought, about the blog post disclosure years later, 104 00:04:03,670 --> 00:04:06,128 after which they couldn't really get all that into trouble, 105 00:04:06,128 --> 00:04:10,600 presumably, was how, coincidentally, the Google Docs team had recently 106 00:04:10,600 --> 00:04:13,957 started advertising a similar message on top of Google Documents, 107 00:04:13,957 --> 00:04:15,790 which of course was already owned by Google. 108 00:04:15,790 --> 00:04:18,130 And that too was encouraging users to upgrade 109 00:04:18,130 --> 00:04:20,769 to a newer version of a browser. 110 00:04:20,769 --> 00:04:24,370 So they kind of snuck in under the radar there, but, even when it was detected, 111 00:04:24,370 --> 00:04:27,340 it sounds like there was some internal tensions with the lawyers, 112 00:04:27,340 --> 00:04:28,810 with the managers. 113 00:04:28,810 --> 00:04:31,690 But, in the end, it kind of worked out OK. 114 00:04:31,690 --> 00:04:33,380 But it's kind of a fascinating-- 115 00:04:33,380 --> 00:04:35,213 I think, if you take a step back at it, it's 116 00:04:35,213 --> 00:04:37,120 kind of a fascinating risk for any company. 117 00:04:37,120 --> 00:04:40,180 Unless you are constantly auditing your own lines of code, 118 00:04:40,180 --> 00:04:43,060 or you have really a robust process in place, 119 00:04:43,060 --> 00:04:45,310 it's possible for one or a few developers 120 00:04:45,310 --> 00:04:49,150 to slip something past the others, for better or for worse. 121 00:04:49,150 --> 00:04:51,580 Now this seemed to work out for the best in the end. 122 00:04:51,580 --> 00:04:56,210 In fact, I think you noted IE's usage plummeted actually, 123 00:04:56,210 --> 00:04:59,470 coincidentally or causally, after this particular change because YouTube 124 00:04:59,470 --> 00:05:00,460 was so popular. 125 00:05:00,460 --> 00:05:03,310 But you could imagine some adversarial employees 126 00:05:03,310 --> 00:05:06,700 using this power of the ability to change their code base for more 127 00:05:06,700 --> 00:05:08,110 evil purposes, if you will. 128 00:05:08,110 --> 00:05:10,360 COLTON OGDEN: Yeah, and, on that note, I can certainly 129 00:05:10,360 --> 00:05:13,480 understand why companies, especially as large as Google or Facebook, 130 00:05:13,480 --> 00:05:17,502 want to instate these code review processes and ensure that this doesn't 131 00:05:17,502 --> 00:05:19,210 happen and to make sure there are no sort 132 00:05:19,210 --> 00:05:22,700 of committing back doors to production, directly to production, so to speak. 133 00:05:22,700 --> 00:05:23,950 DAVID MALAN: Yeah, absolutely. 134 00:05:23,950 --> 00:05:26,080 We just spoke recently about a new feature 135 00:05:26,080 --> 00:05:27,970 that you can use on sites like GitHub where 136 00:05:27,970 --> 00:05:29,810 you can have the notion of code ownership 137 00:05:29,810 --> 00:05:34,420 so that, if a colleague changes a particular file or a line of code 138 00:05:34,420 --> 00:05:36,610 really that you or I wrote, we can actually 139 00:05:36,610 --> 00:05:42,370 have the whole pipeline notify us before that change to code is approved. 140 00:05:42,370 --> 00:05:46,300 But it seems like the YouTube team here benefited from a bit of superpowers 141 00:05:46,300 --> 00:05:48,400 when it came to who could actually push code, 142 00:05:48,400 --> 00:05:51,880 probably some changing processes because it's not that easy presumably 143 00:05:51,880 --> 00:05:54,130 to integrate an acquisition like YouTube into Google. 144 00:05:54,130 --> 00:05:56,500 So they had this window of opportunity where they were actually 145 00:05:56,500 --> 00:05:59,410 able to do something very developer friendly, but not necessarily 146 00:05:59,410 --> 00:06:01,887 managerial or lawyerly friendly. 147 00:06:01,887 --> 00:06:04,720 COLTON OGDEN: Indeed, I like to think it turned out well in the end. 148 00:06:04,720 --> 00:06:05,590 DAVID MALAN: It did. 149 00:06:05,590 --> 00:06:08,440 In fact, no one really worries about IE6 anymore, 150 00:06:08,440 --> 00:06:10,900 let alone IE, which has now been replaced by Edge. 151 00:06:10,900 --> 00:06:15,040 And even Edge now is based in part on the same core processor 152 00:06:15,040 --> 00:06:16,900 that essentially Chrome itself is. 153 00:06:16,900 --> 00:06:19,608 So things are starting to converge perhaps, which is interesting. 154 00:06:19,608 --> 00:06:20,483 COLTON OGDEN: Indeed. 155 00:06:20,483 --> 00:06:22,930 And I mean even modern browsers aren't immune to sort 156 00:06:22,930 --> 00:06:25,960 of some of the issues that plague-- 157 00:06:25,960 --> 00:06:29,170 I guess any software at large, you know, every piece of software 158 00:06:29,170 --> 00:06:32,020 is susceptible to issues. 159 00:06:32,020 --> 00:06:35,623 In particular, this week, Firefox had a major issue over the weekend. 160 00:06:35,623 --> 00:06:37,540 DAVID MALAN: Yeah, I heard that someone didn't 161 00:06:37,540 --> 00:06:39,185 renew their certificate, so to speak. 162 00:06:39,185 --> 00:06:40,060 COLTON OGDEN: Indeed. 163 00:06:40,060 --> 00:06:44,620 So Firefox ships with a certificate that sort of basically 164 00:06:44,620 --> 00:06:48,190 verifies that the add-ons that are installed onto the browser 165 00:06:48,190 --> 00:06:52,270 are verified by Mozilla as being legitimate and not malicious. 166 00:06:52,270 --> 00:06:55,780 And it turns out that they forgot to renew that certificate over the weekend 167 00:06:55,780 --> 00:06:58,660 or by the weekend's arrival. 168 00:06:58,660 --> 00:07:03,970 And, therefore, all Firefox users sort of over time, 169 00:07:03,970 --> 00:07:07,540 because it doesn't happen immediately, but, within about a 24-hour period, all 170 00:07:07,540 --> 00:07:09,430 of their add-ons were no longer functioning. 171 00:07:09,430 --> 00:07:09,700 DAVID MALAN: I know. 172 00:07:09,700 --> 00:07:11,825 And that's a pretty big deal because the people are 173 00:07:11,825 --> 00:07:13,780 relying on add-ons or extensions or plug-ins, 174 00:07:13,780 --> 00:07:15,430 however you want to think about them. 175 00:07:15,430 --> 00:07:17,460 To have all of your features stop working 176 00:07:17,460 --> 00:07:20,350 is not that exciting or not that good. 177 00:07:20,350 --> 00:07:25,090 And I should concede that this is a not uncommon problem. 178 00:07:25,090 --> 00:07:27,010 At least, I like to think I'm in good company 179 00:07:27,010 --> 00:07:29,593 here because I have, for instance, been guilty of not renewing 180 00:07:29,593 --> 00:07:31,150 some of our certificates in time. 181 00:07:31,150 --> 00:07:33,160 In fact, this happened just a few months ago 182 00:07:33,160 --> 00:07:37,880 where one of our certificates for CS50's website, so similar in spirit 183 00:07:37,880 --> 00:07:41,440 in that these things too have an expiration date just like code signing 184 00:07:41,440 --> 00:07:45,730 certificates can, I had set a reminder to actually renew this certificate. 185 00:07:45,730 --> 00:07:48,340 And I thought we had migrated all of our certificates 186 00:07:48,340 --> 00:07:51,460 to an auto-renewal process on Amazon's cloud platform. 187 00:07:51,460 --> 00:07:55,300 And so I literally kept ignoring, ignoring, ignoring the email reminders 188 00:07:55,300 --> 00:07:58,750 that I was being sent because I thought we had automated it all. 189 00:07:58,750 --> 00:08:01,390 But, nope, it turns out that one certificate was not 190 00:08:01,390 --> 00:08:02,830 yet configured to auto-renew. 191 00:08:02,830 --> 00:08:05,110 And so, at the stroke of midnight or whatever it was, 192 00:08:05,110 --> 00:08:07,150 the darn thing stopped working. 193 00:08:07,150 --> 00:08:09,130 We and some of our students noticed. 194 00:08:09,130 --> 00:08:11,370 And, thankfully, it only took a few minutes to fix, 195 00:08:11,370 --> 00:08:14,380 but it turns out that constant email reminders and a Google Calendar 196 00:08:14,380 --> 00:08:17,763 reminder is not sufficient, at least when I'm in charge of the certificates. 197 00:08:17,763 --> 00:08:20,680 COLTON OGDEN: Yeah, no, problems like that are somewhat easy to solve. 198 00:08:20,680 --> 00:08:23,860 Unfortunately, Firefox had some problems because their certificates 199 00:08:23,860 --> 00:08:26,590 were actually deployed with the browser itself. 200 00:08:26,590 --> 00:08:29,650 They had to remote deploy a new certificate 201 00:08:29,650 --> 00:08:33,370 through their sort of system called-- 202 00:08:33,370 --> 00:08:34,539 what's the series called? 203 00:08:34,539 --> 00:08:35,740 I think it's called series, actually. 204 00:08:35,740 --> 00:08:37,198 I don't think I wrote it down here. 205 00:08:37,198 --> 00:08:38,830 But the system is called Normandy. 206 00:08:38,830 --> 00:08:41,409 And they have a system that allows them to actually 207 00:08:41,409 --> 00:08:44,423 remote deploy the new certificates. 208 00:08:44,423 --> 00:08:46,840 Or, actually, well, it lets them perform research studies. 209 00:08:46,840 --> 00:08:48,747 Studies was the name of it. 210 00:08:48,747 --> 00:08:50,830 They have a tool called Studies, which allows them 211 00:08:50,830 --> 00:08:55,960 to remote deploy and remote test sort of behavior in folks' browsers. 212 00:08:55,960 --> 00:09:00,220 And this allowed them to ship a new certificate, which 213 00:09:00,220 --> 00:09:04,300 they signed because this is actually technically an add-on, this feature. 214 00:09:04,300 --> 00:09:06,550 They signed this with a new certificate that they then 215 00:09:06,550 --> 00:09:08,248 shipped with this feature. 216 00:09:08,248 --> 00:09:09,040 DAVID MALAN: I see. 217 00:09:09,040 --> 00:09:12,040 COLTON OGDEN: Yeah, but it's interesting that, somewhere in the process, 218 00:09:12,040 --> 00:09:15,190 there's presumably someone who had set a reminder that didn't quite go off 219 00:09:15,190 --> 00:09:16,910 or didn't quite get noticed. 220 00:09:16,910 --> 00:09:18,790 So it happens to the best of us, perhaps. 221 00:09:18,790 --> 00:09:22,040 DAVID MALAN: Yeah, thankfully, Mozilla, in their blog where they sort of break 222 00:09:22,040 --> 00:09:24,580 down this process, a-la how Facebook recently broke down 223 00:09:24,580 --> 00:09:29,710 how their passwords were stored in plain text, they outlined sort of the ways 224 00:09:29,710 --> 00:09:32,680 that they got this right, I guess, in fixing the problem, 225 00:09:32,680 --> 00:09:35,500 but they also did disclose the issues that they faced 226 00:09:35,500 --> 00:09:38,860 and ways that they would approach making sure that it doesn't happen again. 227 00:09:38,860 --> 00:09:40,360 COLTON OGDEN: Yeah, no it was really, to their credit, 228 00:09:40,360 --> 00:09:43,030 a nice post-mortem online, so to speak, which is worth reading. 229 00:09:43,030 --> 00:09:48,010 If you go to hacks.mozilla.org, you can find it under the May 2019 listings. 230 00:09:48,010 --> 00:09:49,030 DAVID MALAN: Indeed. 231 00:09:49,030 --> 00:09:52,247 We don't really use Chromebooks here at CS50, 232 00:09:52,247 --> 00:09:53,830 but we have some of them lying around. 233 00:09:53,830 --> 00:09:56,290 We've seen some folks using them, but Chromebooks 234 00:09:56,290 --> 00:09:58,750 have up to this point, up until fairly recently, 235 00:09:58,750 --> 00:10:01,390 been a fairly limited operating system in as much 236 00:10:01,390 --> 00:10:03,290 as they're essentially Chrome on a computer. 237 00:10:03,290 --> 00:10:04,540 COLTON OGDEN: Yeah, dedicated. 238 00:10:04,540 --> 00:10:06,457 So it's meant to be used really only in cloud. 239 00:10:06,457 --> 00:10:09,350 There isn't any client-side software or at least the appearance 240 00:10:09,350 --> 00:10:11,660 thereof, even though there actually is, even 241 00:10:11,660 --> 00:10:14,840 though it supports Google Docs and Gmail and Google Calendar 242 00:10:14,840 --> 00:10:17,030 and some other apps too that can be used offline. 243 00:10:17,030 --> 00:10:19,155 But, of course, you can't actually send and receive 244 00:10:19,155 --> 00:10:22,000 mail and other such notifications if you're actually offline. 245 00:10:22,000 --> 00:10:24,500 So it's kind of a product that's a little ahead of its time. 246 00:10:24,500 --> 00:10:27,125 I mean, honestly, I do think it's kind of inevitable that we'll 247 00:10:27,125 --> 00:10:29,750 see more of this once you have omnipresent internet access, 248 00:10:29,750 --> 00:10:34,010 both on the ground and in the sky and elsewhere on Earth, so to speak. 249 00:10:34,010 --> 00:10:36,530 But what's interesting is that underneath the hood 250 00:10:36,530 --> 00:10:39,830 is an underlying Linux-based operating system that traditionally hasn't really 251 00:10:39,830 --> 00:10:41,150 been exposed. 252 00:10:41,150 --> 00:10:44,720 It really is meant to be more of an appliance of sorts, 253 00:10:44,720 --> 00:10:45,860 an internet appliance. 254 00:10:45,860 --> 00:10:49,440 But now I gather that you'll actually be able to run Linux on these things 255 00:10:49,440 --> 00:10:53,090 so much more easily than in the past, which is great for power users who 256 00:10:53,090 --> 00:10:56,840 want access to pretty cheap hardware, but, nonetheless, 257 00:10:56,840 --> 00:10:59,447 with the ability to do something with Linux on it. 258 00:10:59,447 --> 00:11:00,280 DAVID MALAN: Indeed. 259 00:11:00,280 --> 00:11:03,320 Yeah, now folks will be able to actually fire up a terminal 260 00:11:03,320 --> 00:11:05,270 and interact with a Linux kernel. 261 00:11:05,270 --> 00:11:06,980 And it is actually called Termina. 262 00:11:06,980 --> 00:11:08,210 It runs on a VM. 263 00:11:08,210 --> 00:11:10,970 But the Linux kernel is actually directly interfaced 264 00:11:10,970 --> 00:11:12,320 with Chrome OS itself. 265 00:11:12,320 --> 00:11:15,740 And, in this case, therefore, you can pull up graphical applications 266 00:11:15,740 --> 00:11:19,020 and use them directly on Chrome OS like you would use on a Gnome or the like. 267 00:11:19,020 --> 00:11:21,320 COLTON OGDEN: Yeah, and, to come back to price too, what's 268 00:11:21,320 --> 00:11:23,237 been compelling historically about Chromebooks 269 00:11:23,237 --> 00:11:26,022 is that you can get a decent computer for like $100, $200. 270 00:11:26,022 --> 00:11:27,230 And that's really compelling. 271 00:11:27,230 --> 00:11:30,470 In fact, there's some school districts, certainly in the US and presumably 272 00:11:30,470 --> 00:11:32,960 abroad, that actually have their students use Chromebooks 273 00:11:32,960 --> 00:11:35,150 because it's so much more of an economical approach 274 00:11:35,150 --> 00:11:37,397 to equipping kids with hardware for the classroom. 275 00:11:37,397 --> 00:11:39,980 Of course, the catch is-- and we've encountered this with some 276 00:11:39,980 --> 00:11:43,000 of our students out in more rural areas-- 277 00:11:43,000 --> 00:11:46,580 they are sometimes allowed by their schools to take the laptops home, 278 00:11:46,580 --> 00:11:48,680 but they can't actually use them very much 279 00:11:48,680 --> 00:11:52,010 because, if they don't have internet access and, therefore, Wi-Fi at home, 280 00:11:52,010 --> 00:11:55,957 it's not all that useful a device except for, of course, purely offline access. 281 00:11:55,957 --> 00:11:58,790 But letting people actually use it for multiple purposes now I think 282 00:11:58,790 --> 00:12:01,010 is pretty compelling, especially given those price points. 283 00:12:01,010 --> 00:12:02,030 DAVID MALAN: Indeed, and, to your point, I 284 00:12:02,030 --> 00:12:05,540 mean I think it is pretty inevitable that we do have internet, even 285 00:12:05,540 --> 00:12:08,720 commoditized like utilities maybe eventually in the future just given 286 00:12:08,720 --> 00:12:12,020 how essential it is to modern life. 287 00:12:12,020 --> 00:12:14,632 But I can see, prior to maybe the last couple of years, 288 00:12:14,632 --> 00:12:17,840 it's not guaranteed that you'll always have internet access everywhere you go 289 00:12:17,840 --> 00:12:19,863 and that it'll be quality internet access. 290 00:12:19,863 --> 00:12:23,030 But, for those folks out there who are trying to learn more about computing, 291 00:12:23,030 --> 00:12:25,520 learn more about Linux, I mean it's a great device, kind of device. 292 00:12:25,520 --> 00:12:26,900 And there's a bunch of different versions 293 00:12:26,900 --> 00:12:28,580 made by bunches of different companies. 294 00:12:28,580 --> 00:12:30,872 It's a great device to kind of hack on and sort of just 295 00:12:30,872 --> 00:12:32,272 play around and learn the ropes. 296 00:12:32,272 --> 00:12:33,980 Back in the day, when I was growing up, I 297 00:12:33,980 --> 00:12:36,897 used to use actual little tower computers because there weren't really 298 00:12:36,897 --> 00:12:40,910 laptops in as great supply, let alone at those price points. 299 00:12:40,910 --> 00:12:43,340 They were much more expensive, but it's a great device 300 00:12:43,340 --> 00:12:45,140 to just learn and play on I would say. 301 00:12:45,140 --> 00:12:47,510 COLTON OGDEN: I think I've seen one of those desktops lying around somewhere. 302 00:12:47,510 --> 00:12:50,480 DAVID MALAN: Yeah, we still have them in the corner somewhere for parts. 303 00:12:50,480 --> 00:12:51,830 COLTON OGDEN: Well, awfully coincidentally, though, 304 00:12:51,830 --> 00:12:54,420 Microsoft, it turns out, for Windows 10, they're 305 00:12:54,420 --> 00:12:58,580 going to be shipping a full Linux kernel with their Linux subsystem, 306 00:12:58,580 --> 00:12:59,930 Windows' subsystem for Linux. 307 00:12:59,930 --> 00:13:02,263 DAVID MALAN: Yeah, you know, Microsoft, to their credit, 308 00:13:02,263 --> 00:13:05,090 has really gotten a lot more accommodating of Linux-type usage, 309 00:13:05,090 --> 00:13:07,760 previously with Windows 10, the earlier incarnation of it, 310 00:13:07,760 --> 00:13:11,160 just being able to run Bash, a so-called shell program, 311 00:13:11,160 --> 00:13:14,750 so that you have a much better command prompt than the actual software called 312 00:13:14,750 --> 00:13:18,950 historically Command Prompt, which, in yesteryear, was an actual DOS prompt-- 313 00:13:18,950 --> 00:13:20,180 so terribly limited. 314 00:13:20,180 --> 00:13:20,780 I mean my god. 315 00:13:20,780 --> 00:13:22,880 In like Windows XP and I think even later, 316 00:13:22,880 --> 00:13:26,100 you couldn't even copy-paste in the program very easily by default. 317 00:13:26,100 --> 00:13:30,320 And this is in stark contrast to like any X Window interface on Linux 318 00:13:30,320 --> 00:13:32,930 or Unix or Solaris or even on macOS. 319 00:13:32,930 --> 00:13:35,750 So they just really didn't adapt for this. 320 00:13:35,750 --> 00:13:37,940 And, frankly, given just how powerful it is 321 00:13:37,940 --> 00:13:41,660 to have a command-line interface on a Mac or a PC or a Linux Box, 322 00:13:41,660 --> 00:13:44,420 it just seemed very silly to sort of expect 323 00:13:44,420 --> 00:13:46,565 users to go to third-party utilities and not 324 00:13:46,565 --> 00:13:49,700 to optimize for what a lot of power users and certainly developers 325 00:13:49,700 --> 00:13:50,267 might want. 326 00:13:50,267 --> 00:13:52,850 COLTON OGDEN: Indeed, it is kind of a barrier, especially when 327 00:13:52,850 --> 00:13:55,280 so much documentation online too for developers 328 00:13:55,280 --> 00:13:56,980 is catered towards Linus environments. 329 00:13:56,980 --> 00:13:58,130 DAVID MALAN: Yeah. 330 00:13:58,130 --> 00:14:00,710 COLTON OGDEN: To their credit, to your point, 331 00:14:00,710 --> 00:14:02,900 they just announced the Windows Terminal, actually, 332 00:14:02,900 --> 00:14:04,430 which is an upgraded terminal. 333 00:14:04,430 --> 00:14:06,630 So it won't be replacing the Command Prompt. 334 00:14:06,630 --> 00:14:09,380 For legacy purposes, they want to ensure a backwards compatibility 335 00:14:09,380 --> 00:14:11,900 for so much software that relies on it, but they 336 00:14:11,900 --> 00:14:15,422 will be releasing this as a separate application that folks can download. 337 00:14:15,422 --> 00:14:16,880 And it actually looks quite pretty. 338 00:14:16,880 --> 00:14:17,755 It looks really nice. 339 00:14:17,755 --> 00:14:20,338 DAVID MALAN: And, hopefully, it'll improve the performance too 340 00:14:20,338 --> 00:14:22,080 for people, which is compelling as well. 341 00:14:22,080 --> 00:14:22,955 COLTON OGDEN: Indeed. 342 00:14:22,955 --> 00:14:26,990 Yeah, it's nice to see sort of this, I guess, all these companies 343 00:14:26,990 --> 00:14:29,480 embracing Linux and really sort of bringing their computers 344 00:14:29,480 --> 00:14:33,070 to a more usable I guess, end point. 345 00:14:33,070 --> 00:14:34,070 DAVID MALAN: I guess so. 346 00:14:34,070 --> 00:14:36,560 Though, I feel like we're going to invite some religious debate there 347 00:14:36,560 --> 00:14:38,630 if we claim it's more usable, but I do agree. 348 00:14:38,630 --> 00:14:40,010 COLTON OGDEN: For developers, I should say for I 349 00:14:40,010 --> 00:14:41,150 guess in a development environment. 350 00:14:41,150 --> 00:14:41,870 DAVID MALAN: Yeah, absolutely. 351 00:14:41,870 --> 00:14:43,730 I think there's great power that comes with the command line 352 00:14:43,730 --> 00:14:45,313 and just making it more user friendly. 353 00:14:45,313 --> 00:14:47,600 And there's decades of experience and expertise 354 00:14:47,600 --> 00:14:50,900 when it comes to all of these shell-based systems that 355 00:14:50,900 --> 00:14:53,870 might as well, I think, make it easier for people to use them still. 356 00:14:53,870 --> 00:14:54,745 COLTON OGDEN: Indeed. 357 00:14:54,745 --> 00:14:56,060 Have you heard of a KeePass? 358 00:14:56,060 --> 00:14:58,588 DAVID MALAN: I maybe had, but I really heard about it 359 00:14:58,588 --> 00:15:01,130 in the context of what I think you're about to tell us about. 360 00:15:01,130 --> 00:15:04,760 COLTON OGDEN: Yeah, so KeePass in an open-source password manager. 361 00:15:04,760 --> 00:15:08,473 And they are hosted at keepass.info, which 362 00:15:08,473 --> 00:15:10,140 an interesting choice for a domain name. 363 00:15:10,140 --> 00:15:11,057 DAVID MALAN: Oh, yeah. 364 00:15:11,057 --> 00:15:12,300 It sounds legit. 365 00:15:12,300 --> 00:15:14,970 COLTON OGDEN: Well, it turns out that keepass.info is legit, 366 00:15:14,970 --> 00:15:17,880 but keepass.com is not legit. 367 00:15:17,880 --> 00:15:20,670 DAVID MALAN: Yeah, I gather keepass.com, the illegit site, 368 00:15:20,670 --> 00:15:23,970 actually has had and maybe still has some malware built into it. 369 00:15:23,970 --> 00:15:27,257 So it's malicious software that you are duped into installing. 370 00:15:27,257 --> 00:15:30,090 And yet, the site, I actually pulled it up before the podcast today. 371 00:15:30,090 --> 00:15:31,830 It actually looked pretty legit. 372 00:15:31,830 --> 00:15:37,050 And, if you search for just KeePass, K-E-E-P-A-S-S, and hit Enter, 373 00:15:37,050 --> 00:15:40,470 thankfully, the first hit is indeed the legit one, keepass.info. 374 00:15:40,470 --> 00:15:43,440 But I think, for my browser, third or fourth among the search 375 00:15:43,440 --> 00:15:47,860 results on Google was keepass.com, which is the illegitimate site. 376 00:15:47,860 --> 00:15:50,670 So you can't even use Google search results necessarily 377 00:15:50,670 --> 00:15:54,780 as a compelling signal as to which one is the official one when 378 00:15:54,780 --> 00:15:56,280 they're so close together, frankly. 379 00:15:56,280 --> 00:15:58,030 COLTON OGDEN: Yeah, it's kind of alarming. 380 00:15:58,030 --> 00:16:03,630 And there's a point here about I guess the responsibility of, 381 00:16:03,630 --> 00:16:06,030 as a developer, as a company, making sure 382 00:16:06,030 --> 00:16:09,660 that you purchase the right domains for your application to reach the most 383 00:16:09,660 --> 00:16:15,210 users without giving room to nefarious actors to I guess kind of trick users 384 00:16:15,210 --> 00:16:16,628 into thinking that they're you. 385 00:16:16,628 --> 00:16:18,420 DAVID MALAN: Yeah, no, this is a tricky one 386 00:16:18,420 --> 00:16:20,212 because often there's squatters, people who 387 00:16:20,212 --> 00:16:23,640 have bought domain names in anticipation of other people wanting them. 388 00:16:23,640 --> 00:16:26,100 And I can only guess that keepass.com was 389 00:16:26,100 --> 00:16:30,030 taken when the authors of the software decided to get keepass.info. 390 00:16:30,030 --> 00:16:33,960 But, honestly, there's so many TLDs or Top-Level Domains now, hundreds, 391 00:16:33,960 --> 00:16:38,610 you certainly can't afford, most people, to get all of them-- so keepass.com, 392 00:16:38,610 --> 00:16:42,300 keepass.org, keepass.net, and the like-- 393 00:16:42,300 --> 00:16:44,410 just to kind of protect yourself. 394 00:16:44,410 --> 00:16:47,370 And even then you're vulnerable to typographical errors, even 395 00:16:47,370 --> 00:16:48,270 malicious ones. 396 00:16:48,270 --> 00:16:50,640 We, for instance, in a class I used to teach 397 00:16:50,640 --> 00:16:54,690 used to talk all the time about bankofthewest.com, 398 00:16:54,690 --> 00:16:58,020 which is the legitimate website for a bank out west in the United States. 399 00:16:58,020 --> 00:17:04,859 But someone very cleverly years ago bought bankofthe V-V-E-S-T .com, which, 400 00:17:04,859 --> 00:17:07,978 in a small font, looks like Bank of the West-- 401 00:17:07,978 --> 00:17:10,770 I can't even pronounce it now-- because two Vs together, of course, 402 00:17:10,770 --> 00:17:11,700 look like a W. 403 00:17:11,700 --> 00:17:13,950 And, honestly, at that point, especially if that one 404 00:17:13,950 --> 00:17:17,460 happens to bubble up in search results for whatever reasons, 405 00:17:17,460 --> 00:17:19,523 is even harder to spot as well. 406 00:17:19,523 --> 00:17:21,690 So this is kind of a fundamental challenge, I think, 407 00:17:21,690 --> 00:17:24,150 when it comes to distinguishing legitimacy on the web. 408 00:17:24,150 --> 00:17:27,442 COLTON OGDEN: I feel like I've seen this too with like the Russian alphabet has 409 00:17:27,442 --> 00:17:29,220 a Y, but it's actually an "oo." 410 00:17:29,220 --> 00:17:30,210 It's an "oo" character. 411 00:17:30,210 --> 00:17:30,770 DAVID MALAN: Yeah. 412 00:17:30,770 --> 00:17:32,280 COLTON OGDEN: And I feel like I've seen this in URLs. 413 00:17:32,280 --> 00:17:34,620 Like you can actually get tricked if the URL has 414 00:17:34,620 --> 00:17:38,760 that character in the place of a Y, like yahoo.com with that character. 415 00:17:38,760 --> 00:17:41,400 It's actually not technically the same character. 416 00:17:41,400 --> 00:17:42,540 It's an Unicode character. 417 00:17:42,540 --> 00:17:44,010 DAVID MALAN: No, and, thanks to Unicode, there's 418 00:17:44,010 --> 00:17:46,510 so many variants that there's actually other characters that 419 00:17:46,510 --> 00:17:48,870 look quite like the typical English alphabet that 420 00:17:48,870 --> 00:17:51,050 might trick folks like you and me. 421 00:17:51,050 --> 00:17:53,550 And I used to advise students that, all right, 422 00:17:53,550 --> 00:17:56,550 if you're not sure what the address of the URL, at least 423 00:17:56,550 --> 00:17:58,230 rely on your search engine. 424 00:17:58,230 --> 00:18:01,470 So search for the name of your bank, or search for the name of this product, 425 00:18:01,470 --> 00:18:03,690 KeePass in this case, and see what bubbles up. 426 00:18:03,690 --> 00:18:06,390 And, granted, the first hit is indeed the legitimate one, 427 00:18:06,390 --> 00:18:10,770 but you could imagine, if keepass.com gets talked about enough, and somehow 428 00:18:10,770 --> 00:18:14,250 the owners of that site sort of game the system in enough ways 429 00:18:14,250 --> 00:18:16,740 that their result bubbles up above the legitimate one, 430 00:18:16,740 --> 00:18:18,090 you could trick users even then. 431 00:18:18,090 --> 00:18:21,690 So, frankly, at this point, I'm wondering how do you avoid this. 432 00:18:21,690 --> 00:18:24,690 You kind of want to maybe start poking around in various articles, 433 00:18:24,690 --> 00:18:29,460 maybe in tech blogs or tech websites, and see what some legitimate authors 434 00:18:29,460 --> 00:18:31,183 are recommending people do. 435 00:18:31,183 --> 00:18:32,850 And, hopefully, they haven't been duped. 436 00:18:32,850 --> 00:18:36,450 And, if you see the same URL appearing again and again on websites that you 437 00:18:36,450 --> 00:18:39,393 do trust, various news outlets or blogging sites, then 438 00:18:39,393 --> 00:18:42,060 at least that's one additional signal you can take into account. 439 00:18:42,060 --> 00:18:44,227 But then I dare say you as the human are reinventing 440 00:18:44,227 --> 00:18:47,850 what Google calls page rank where you're sort of analyzing in your mind 441 00:18:47,850 --> 00:18:51,630 the number of people that are all recommending this particular URL. 442 00:18:51,630 --> 00:18:53,880 And so with high probability it must be legit. 443 00:18:53,880 --> 00:18:55,920 I mean, frankly, that's what the search engine is supposed to do, 444 00:18:55,920 --> 00:18:57,628 but, clearly, those results can be gamed, 445 00:18:57,628 --> 00:18:59,310 as we're seeing here on my own browser. 446 00:18:59,310 --> 00:19:01,393 COLTON OGDEN: I don't know if Google does already, 447 00:19:01,393 --> 00:19:03,660 but having some sort of flag for a malicious website 448 00:19:03,660 --> 00:19:07,780 such that it shows up very blatantly with maybe some red div or some red tag 449 00:19:07,780 --> 00:19:11,415 somewhere that says this site is reportedly nefarious. 450 00:19:11,415 --> 00:19:13,290 DAVID MALAN: Yeah, they do do that sometimes. 451 00:19:13,290 --> 00:19:14,540 And I don't know in this case. 452 00:19:14,540 --> 00:19:17,040 Is keepass.com intentionally being malicious, 453 00:19:17,040 --> 00:19:19,650 or was it compromised such that it's now distributing malware 454 00:19:19,650 --> 00:19:21,690 because someone got into it? 455 00:19:21,690 --> 00:19:25,470 COLTON OGDEN: Well, it turns out that there are a lot of other similar sites 456 00:19:25,470 --> 00:19:28,732 recently within the last 10 months that look very identical to this website. 457 00:19:28,732 --> 00:19:29,940 DAVID MALAN: Oh, interesting. 458 00:19:29,940 --> 00:19:32,610 COLTON OGDEN: 7-Zip, BlueStacks, UNetbootin, and GIMP, 459 00:19:32,610 --> 00:19:36,605 which is a very popular image editor, Snapseed, and a bunch of others-- 460 00:19:36,605 --> 00:19:37,980 10 months this has been going on. 461 00:19:37,980 --> 00:19:39,570 It's a pattern that the-- 462 00:19:39,570 --> 00:19:43,680 actually, this was originally revealed in the form of a tweet by berkcgoksel. 463 00:19:43,680 --> 00:19:46,320 And they show this and reference the other web pages. 464 00:19:46,320 --> 00:19:47,362 DAVID MALAN: Interesting. 465 00:19:47,362 --> 00:19:49,320 Now there is a solution in the SSL world where 466 00:19:49,320 --> 00:19:52,020 you have a security certificate for your website 467 00:19:52,020 --> 00:19:55,350 that, if you pay for an expensive enough one, 468 00:19:55,350 --> 00:19:58,650 browsers will actually show you a verified signal 469 00:19:58,650 --> 00:20:02,010 with an additional padlock or check mark in the browser's URL 470 00:20:02,010 --> 00:20:05,810 bar indicating that this belongs to Bank of the West comma Inc 471 00:20:05,810 --> 00:20:09,260 based in Seattle, Washington or wherever they happen to be or California. 472 00:20:09,260 --> 00:20:12,320 And that's an additional signal, and they do charge more for it 473 00:20:12,320 --> 00:20:14,150 to do the additional verification. 474 00:20:14,150 --> 00:20:17,210 But, of course, all it takes then is for an adversary with a few dollars 475 00:20:17,210 --> 00:20:20,270 to spend to actually buy one of these same legitimate ones 476 00:20:20,270 --> 00:20:23,120 somehow and still trick users into clicking it. 477 00:20:23,120 --> 00:20:26,742 So it's a real problem of trust, which is sort of omnipresent on the web 478 00:20:26,742 --> 00:20:28,450 and ever more so with examples like this. 479 00:20:28,450 --> 00:20:30,440 COLTON OGDEN: And ever present in our podcasts. 480 00:20:30,440 --> 00:20:32,440 DAVID MALAN: Indeed, and even in the real world. 481 00:20:32,440 --> 00:20:34,970 In fact, you came across an article recently, 482 00:20:34,970 --> 00:20:37,670 if we might transition to the physical world, where 483 00:20:37,670 --> 00:20:39,800 some tenants in an apartment building were 484 00:20:39,800 --> 00:20:42,500 upset that the owner of the building had installed 485 00:20:42,500 --> 00:20:46,610 not physical key-based locks, but rather digital locks that required 486 00:20:46,610 --> 00:20:48,433 an app in order to unlock your door. 487 00:20:48,433 --> 00:20:50,600 Now, at first glance, I think this sounds fantastic. 488 00:20:50,600 --> 00:20:51,560 I mean it's kind of cool. 489 00:20:51,560 --> 00:20:52,130 It's trendy. 490 00:20:52,130 --> 00:20:53,960 You can unlock the door from your phone. 491 00:20:53,960 --> 00:20:55,580 Maybe there's food being delivered, and you 492 00:20:55,580 --> 00:20:57,872 won't have to go all the way downstairs to let them in. 493 00:20:57,872 --> 00:21:00,260 So there's a lot of like compelling use cases for this, 494 00:21:00,260 --> 00:21:03,410 but this is also a potential invasion of privacy 495 00:21:03,410 --> 00:21:07,100 because now the owner of the building knows exactly who is coming 496 00:21:07,100 --> 00:21:11,840 and when and what time of day and how frequently or how infrequently, 497 00:21:11,840 --> 00:21:13,010 not unlike a hotel. 498 00:21:13,010 --> 00:21:14,900 But, in this case, these are people's homes 499 00:21:14,900 --> 00:21:16,550 that they're paying for or renting. 500 00:21:16,550 --> 00:21:19,790 And, therefore, it's a little more worrisome that someone can effectively 501 00:21:19,790 --> 00:21:21,512 then track all of their movements. 502 00:21:21,512 --> 00:21:24,470 COLTON OGDEN: Yeah, and funny too, KeePass, we talk about digital keys. 503 00:21:24,470 --> 00:21:27,580 And now we're talking about physical keys. 504 00:21:27,580 --> 00:21:31,610 The main issue with this is definitely that it's 505 00:21:31,610 --> 00:21:34,695 putting the power into the people that are leasing the building, 506 00:21:34,695 --> 00:21:36,555 like an unjust amount of power. 507 00:21:36,555 --> 00:21:39,680 And, thankfully, the court decided that it was in the favor of the tenants. 508 00:21:39,680 --> 00:21:41,263 The tenants actually won a settlement. 509 00:21:41,263 --> 00:21:45,620 They ended up suing the landlords for invasion of privacy 510 00:21:45,620 --> 00:21:48,260 and other difficulties related to this whole process, 511 00:21:48,260 --> 00:21:52,177 one of them being, for example, one of the tenants was actually 93 years old 512 00:21:52,177 --> 00:21:54,760 and couldn't leave their own room because they were locked in. 513 00:21:54,760 --> 00:21:57,010 And they couldn't figure out how to use the app, which 514 00:21:57,010 --> 00:22:00,830 would have been circumvented had they had just a basic physical key to open 515 00:22:00,830 --> 00:22:01,580 their door with. 516 00:22:01,580 --> 00:22:02,700 DAVID MALAN: Yeah, absolutely. 517 00:22:02,700 --> 00:22:05,060 And I think, I mean, even if just your phone dies because it's out 518 00:22:05,060 --> 00:22:06,320 of battery-- you don't have it with you-- 519 00:22:06,320 --> 00:22:08,130 I mean, there's other reasons where this would be annoying. 520 00:22:08,130 --> 00:22:11,140 Now, to be fair, that could happen with physical keys as well. 521 00:22:11,140 --> 00:22:13,880 So I'm inclined to say that maybe the happy medium is 522 00:22:13,880 --> 00:22:17,690 to have both, physical key as well as the digital key. 523 00:22:17,690 --> 00:22:20,960 But the catch is physical keys have been insecure for years. 524 00:22:20,960 --> 00:22:24,718 Locks can certainly be picked, more so physically perhaps than digitally, 525 00:22:24,718 --> 00:22:27,260 especially if you have some software-based defenses in place, 526 00:22:27,260 --> 00:22:29,690 much like iPhones and Androids do these days. 527 00:22:29,690 --> 00:22:32,480 And, of course, there's probably a whole lot of locks 528 00:22:32,480 --> 00:22:35,960 out there such that, when a tenant moves, and someone else moves in, 529 00:22:35,960 --> 00:22:38,720 the old tenant may very well have copies of those original keys 530 00:22:38,720 --> 00:22:40,428 because a lot of landlords probably don't 531 00:22:40,428 --> 00:22:43,940 bother spending the money to change the locks every time someone new moves in. 532 00:22:43,940 --> 00:22:46,220 So it kind of goes both ways. 533 00:22:46,220 --> 00:22:49,280 It's arguably more secure in some ways, but it's less secure in others. 534 00:22:49,280 --> 00:22:52,370 But it's hands down more invasive because your movements 535 00:22:52,370 --> 00:22:53,120 are being tracked. 536 00:22:53,120 --> 00:22:55,790 Now, then again, you can imagine CCTVs and just 537 00:22:55,790 --> 00:22:58,820 security cameras also violating that same tenant, 538 00:22:58,820 --> 00:23:01,310 but, again, this seems like an interesting tension 539 00:23:01,310 --> 00:23:04,400 when it comes to sort of convenience and user experience 540 00:23:04,400 --> 00:23:07,130 and also privacy and security I'd say. 541 00:23:07,130 --> 00:23:09,230 COLTON OGDEN: Yeah, and, at least with a CCTV, 542 00:23:09,230 --> 00:23:12,347 the onus is on the landlord to actually spend all that time looking 543 00:23:12,347 --> 00:23:13,430 at the video if they want. 544 00:23:13,430 --> 00:23:16,880 I mean, I guess they could use sensors probably to programmatically figure out 545 00:23:16,880 --> 00:23:18,827 when people go in and out of a place. 546 00:23:18,827 --> 00:23:21,410 DAVID MALAN: But software can do this a lot quickly, you know? 547 00:23:21,410 --> 00:23:22,940 You could have a little alert saying ho, ho, ho. 548 00:23:22,940 --> 00:23:24,830 Look who came home really late last night. 549 00:23:24,830 --> 00:23:27,442 COLTON OGDEN: Yeah, no, it's a magnifier, the technology. 550 00:23:27,442 --> 00:23:29,900 DAVID MALAN: Yeah, I think that's a good way of putting it. 551 00:23:29,900 --> 00:23:33,410 And it'll be interesting to see how this plays out because, in this case, 552 00:23:33,410 --> 00:23:35,330 the situation was indeed settled. 553 00:23:35,330 --> 00:23:37,880 So there's not necessarily new case law around it, 554 00:23:37,880 --> 00:23:41,120 but it would be interesting to see how this evolves over time 555 00:23:41,120 --> 00:23:44,900 and how it just becomes more economical and more compelling 556 00:23:44,900 --> 00:23:48,860 security-wise to track, as a side effect, users' 557 00:23:48,860 --> 00:23:52,380 movements in this way in the interests of having software-based security 558 00:23:52,380 --> 00:23:52,880 instead. 559 00:23:52,880 --> 00:23:54,980 COLTON OGDEN: Still on the note of physical keys too, one of the things 560 00:23:54,980 --> 00:23:57,350 that I recently learned, which was pretty fascinating, 561 00:23:57,350 --> 00:24:00,527 is just how easy it is, even given an image of a key, 562 00:24:00,527 --> 00:24:03,110 just to create a duplicate of it because they're standardized. 563 00:24:03,110 --> 00:24:06,650 DAVID MALAN: Yeah, no, and that's true even of those car clickers, right? 564 00:24:06,650 --> 00:24:09,230 Supposedly, if you walk around like the Disney World parking 565 00:24:09,230 --> 00:24:12,080 lot with your own personal key clicker, and you walk far enough, 566 00:24:12,080 --> 00:24:14,648 eventually, you might very well unlock someone else's car 567 00:24:14,648 --> 00:24:16,940 because the address space isn't necessarily that large. 568 00:24:16,940 --> 00:24:19,010 And that's absolutely true for physical keys. 569 00:24:19,010 --> 00:24:21,980 They just rely on probability that no two people 570 00:24:21,980 --> 00:24:24,140 are going to have the same two keys. 571 00:24:24,140 --> 00:24:25,070 COLTON OGDEN: Yeah, it's pretty alarming. 572 00:24:25,070 --> 00:24:27,980 When humans are motivated, they'll find a way to get into just about anything. 573 00:24:27,980 --> 00:24:29,210 DAVID MALAN: Yeah, at that point, though, 574 00:24:29,210 --> 00:24:31,002 it's probably easier just to break a window 575 00:24:31,002 --> 00:24:33,200 than to walk up and down the aisles of Disney World 576 00:24:33,200 --> 00:24:35,030 and get caught on any number of cameras. 577 00:24:35,030 --> 00:24:38,183 So there are some I think downward pressures on these actual risks, 578 00:24:38,183 --> 00:24:39,350 but it's a trade-off, right? 579 00:24:39,350 --> 00:24:42,500 It's going to probably cost more time or more money or more metal 580 00:24:42,500 --> 00:24:44,380 to actually make these things more secure. 581 00:24:44,380 --> 00:24:45,463 COLTON OGDEN: That's true. 582 00:24:45,463 --> 00:24:49,400 We talk about so many things that are kind of depressing, negative, 583 00:24:49,400 --> 00:24:52,220 but it's fun occasionally to maybe shine a brighter 584 00:24:52,220 --> 00:24:55,130 spotlight on some of the more positive, fun things going on. 585 00:24:55,130 --> 00:24:57,200 And you actually brought this to my attention. 586 00:24:57,200 --> 00:24:59,840 They released a 30th anniversary edition of Hitchhiker's Guide 587 00:24:59,840 --> 00:25:03,170 to the Galaxy, which is a game that you remember playing years back. 588 00:25:03,170 --> 00:25:06,340 DAVID MALAN: Yeah, and it's probably my favorite book by Douglas Adams, 589 00:25:06,340 --> 00:25:07,880 Hitchhiker's Guide to the Galaxy. 590 00:25:07,880 --> 00:25:08,980 I've read it a few times. 591 00:25:08,980 --> 00:25:11,022 And I'll admit I've started reading it more times 592 00:25:11,022 --> 00:25:13,730 than I've actually finished reading it, but I do really enjoy it. 593 00:25:13,730 --> 00:25:15,940 And, years ago, growing up, there was a company 594 00:25:15,940 --> 00:25:18,220 called Infocom that made a text-based adventure 595 00:25:18,220 --> 00:25:21,520 game around Hitchhiker's Guide to the Galaxy 596 00:25:21,520 --> 00:25:24,550 where there is no GUI, no Graphical User Interface. 597 00:25:24,550 --> 00:25:25,420 It's all text. 598 00:25:25,420 --> 00:25:27,953 And so the first line in the game is essentially 599 00:25:27,953 --> 00:25:30,370 a statement along the lines of you wake up, and it's dark. 600 00:25:30,370 --> 00:25:34,540 And you have to start typing commands like look around or turn on lights-- 601 00:25:34,540 --> 00:25:36,880 sorry, spoiler, 30 years later though-- 602 00:25:36,880 --> 00:25:40,300 in order to figure out where you are and what you can do next. 603 00:25:40,300 --> 00:25:43,690 And it was a really rich game textually because the authors would 604 00:25:43,690 --> 00:25:45,400 describe what it is you're seeing. 605 00:25:45,400 --> 00:25:47,800 And so it kind of puts into your mind's eye 606 00:25:47,800 --> 00:25:50,860 what the scene is without actually having to see anything. 607 00:25:50,860 --> 00:25:53,680 And, in fact, fast forward to decades later when 608 00:25:53,680 --> 00:25:56,950 the Hitchhiker's Guide to the Galaxy movie came out, like probably 10 years 609 00:25:56,950 --> 00:26:01,270 plus ago now, it really did not look anything like the book looked 610 00:26:01,270 --> 00:26:05,267 and the game looked like in my own head, which was an interesting contrast. 611 00:26:05,267 --> 00:26:06,100 But it was such fun. 612 00:26:06,100 --> 00:26:08,620 And, indeed, last weekend I sort of escaped 613 00:26:08,620 --> 00:26:10,870 into the virtual world of this game, thanks 614 00:26:10,870 --> 00:26:12,328 to the simulator that's now online. 615 00:26:12,328 --> 00:26:14,120 Frankly, one of the downsides of playing it 616 00:26:14,120 --> 00:26:16,060 on an online simulator now 30 years later 617 00:26:16,060 --> 00:26:18,850 is that they've added to it some images, which is nice. 618 00:26:18,850 --> 00:26:22,570 It's sort of static images, akin to what you'd see every few pages 619 00:26:22,570 --> 00:26:25,130 in a nice black and white printed book. 620 00:26:25,130 --> 00:26:27,697 But it also kind of spoils the imagination that I had. 621 00:26:27,697 --> 00:26:29,530 And so I didn't click around enough, but I'm 622 00:26:29,530 --> 00:26:31,960 hoping there's a button with which to turn that off so you can just 623 00:26:31,960 --> 00:26:33,480 play the purely text-based version. 624 00:26:33,480 --> 00:26:35,855 COLTON OGDEN: Yeah, you'd probably even get that probably 625 00:26:35,855 --> 00:26:36,790 as a terminal program. 626 00:26:36,790 --> 00:26:38,790 DAVID MALAN: Probably, if I dug a little deeper. 627 00:26:38,790 --> 00:26:42,460 And I will admit I got as far as lying in the mud in front of the bulldozer 628 00:26:42,460 --> 00:26:45,253 where Arthur Dent's house is about to be knocked down. 629 00:26:45,253 --> 00:26:46,420 That's not really a spoiler. 630 00:26:46,420 --> 00:26:48,730 That happens like in the first few pages of the book, 631 00:26:48,730 --> 00:26:51,612 but then I got distracted or fell asleep or bored or something. 632 00:26:51,612 --> 00:26:54,070 So I'm going to have to try to come back to it this weekend 633 00:26:54,070 --> 00:26:55,120 and see how far I get. 634 00:26:55,120 --> 00:26:55,940 COLTON OGDEN: It is pretty cool. 635 00:26:55,940 --> 00:26:59,170 And it sort of reminds me of the podcast where we talked about those Infocom 636 00:26:59,170 --> 00:26:59,878 games coming out. 637 00:26:59,878 --> 00:27:01,140 I'm guessing they're related. 638 00:27:01,140 --> 00:27:01,890 They probably are. 639 00:27:01,890 --> 00:27:02,800 DAVID MALAN: Yeah. 640 00:27:02,800 --> 00:27:05,020 Well, and you mentioned another release of a game 641 00:27:05,020 --> 00:27:07,170 from yesteryear that you really liked had come out. 642 00:27:07,170 --> 00:27:10,212 COLTON OGDEN: Yeah, I mean, the old and the new, we've talked about this. 643 00:27:10,212 --> 00:27:12,160 So, with the old, this is an older game. 644 00:27:12,160 --> 00:27:14,260 It's 30 years old. 645 00:27:14,260 --> 00:27:17,740 But Minecraft is a very famous game, very popular. 646 00:27:17,740 --> 00:27:21,580 It was really huge, especially in the early 2010s. 647 00:27:21,580 --> 00:27:23,480 But it's approaching its 10-year anniversary. 648 00:27:23,480 --> 00:27:26,732 And they just released Classic Minecraft free to play in the web browser. 649 00:27:26,732 --> 00:27:27,940 DAVID MALAN: Oh, interesting. 650 00:27:27,940 --> 00:27:29,470 Yeah, I never really got into that, but it's 651 00:27:29,470 --> 00:27:31,810 been big and gotten bigger I think in recent years. 652 00:27:31,810 --> 00:27:34,102 COLTON OGDEN: Yeah, no, I mean, I would say it probably 653 00:27:34,102 --> 00:27:37,280 reached its peak in maybe 2015, 2016, but, even to this day, 654 00:27:37,280 --> 00:27:38,860 it's still pretty popular. 655 00:27:38,860 --> 00:27:40,090 It's not Fortnite popular. 656 00:27:40,090 --> 00:27:42,540 That's the new-- that's the new hotness. 657 00:27:42,540 --> 00:27:44,463 And even that I would imagine is probably 658 00:27:44,463 --> 00:27:46,880 going to be out-competed at some point in the near future. 659 00:27:46,880 --> 00:27:48,520 I think it's just the inevitability of games. 660 00:27:48,520 --> 00:27:49,000 They come out. 661 00:27:49,000 --> 00:27:49,810 People play them. 662 00:27:49,810 --> 00:27:52,960 They get so enraptured by them. 663 00:27:52,960 --> 00:27:56,590 And then the next big game comes out, and everyone just sort of jumps 664 00:27:56,590 --> 00:27:57,790 ship, more or less. 665 00:27:57,790 --> 00:27:58,330 DAVID MALAN: Absolutely. 666 00:27:58,330 --> 00:27:59,372 But I do have a fondness. 667 00:27:59,372 --> 00:28:01,840 Granted, I grew up with these older games, 668 00:28:01,840 --> 00:28:04,780 albeit not Minecraft in this case, where it's just kind of fun 669 00:28:04,780 --> 00:28:08,880 to play these older 8-bit games or even black and white games for which you 670 00:28:08,880 --> 00:28:09,880 have such fond memories. 671 00:28:09,880 --> 00:28:13,047 And even though, admittedly, they don't necessarily hold my interest as much 672 00:28:13,047 --> 00:28:15,340 anymore, I mean they really were wonderfully done 673 00:28:15,340 --> 00:28:16,870 and were cutting edge at the time. 674 00:28:16,870 --> 00:28:20,260 And I think they really do speak to the fact that some of the best games 675 00:28:20,260 --> 00:28:23,890 really are about story or about puzzles and about challenges 676 00:28:23,890 --> 00:28:26,720 and not necessarily about like 3D-rendered graphics and all 677 00:28:26,720 --> 00:28:29,980 that, which is certainly nice and immersive and all the more compelling. 678 00:28:29,980 --> 00:28:33,370 But you can have all of that, but not have a good game, nonetheless. 679 00:28:33,370 --> 00:28:36,980 So that's not what's perhaps core to some of the best games from yesteryear. 680 00:28:36,980 --> 00:28:38,830 COLTON OGDEN: Yeah, when I played Minecraft in virtual reality, 681 00:28:38,830 --> 00:28:39,610 I was terrified. 682 00:28:39,610 --> 00:28:40,110 [LAUGHTER] 683 00:28:40,110 --> 00:28:41,735 DAVID MALAN: The blocks almost got you? 684 00:28:41,735 --> 00:28:43,960 COLTON OGDEN: There was a cave in the distance. 685 00:28:43,960 --> 00:28:47,030 And I've never been more scared to go and do anything. 686 00:28:47,030 --> 00:28:49,300 And that's a testament to how powerful VR is. 687 00:28:49,300 --> 00:28:50,620 And I can't wait to see-- 688 00:28:50,620 --> 00:28:55,220 I can't wait to get 3D movement with like those treadmill devices and VR 689 00:28:55,220 --> 00:28:55,720 altogether. 690 00:28:55,720 --> 00:28:56,620 DAVID MALAN: Yeah, that will be amazing. 691 00:28:56,620 --> 00:28:58,570 COLTON OGDEN: That is going to be-- that is going to be cutting edge. 692 00:28:58,570 --> 00:29:00,010 DAVID MALAN: Gaming of the future I do think 693 00:29:00,010 --> 00:29:02,367 will be all the more immersive and escapist for sure. 694 00:29:02,367 --> 00:29:04,450 COLTON OGDEN: Yeah, we've got to get some of that. 695 00:29:04,450 --> 00:29:09,265 So takeaways then for today's episode, what would you recommend? 696 00:29:09,265 --> 00:29:11,390 DAVID MALAN: Play Hitchhiker's Guide to the Galaxy. 697 00:29:11,390 --> 00:29:13,223 If you Google this and type in emulator, you 698 00:29:13,223 --> 00:29:17,590 can find the anniversary edition on the BBC's website, the British Broadcasting 699 00:29:17,590 --> 00:29:18,970 Company, which has the simulator. 700 00:29:18,970 --> 00:29:20,053 You might have to create-- 701 00:29:20,053 --> 00:29:22,512 actually, you do have to create an account on their website 702 00:29:22,512 --> 00:29:24,970 if you want to be able to save your progress because I very 703 00:29:24,970 --> 00:29:28,720 quickly realized, wow, you die constantly in the text-based adventure 704 00:29:28,720 --> 00:29:31,090 by taking too long or by typing the wrong command. 705 00:29:31,090 --> 00:29:32,775 So definitely go ahead and do that. 706 00:29:32,775 --> 00:29:34,150 COLTON OGDEN: And play Minecraft. 707 00:29:34,150 --> 00:29:35,110 DAVID MALAN: And play Minecraft. 708 00:29:35,110 --> 00:29:37,750 So I think the takeaways there are, despite all of these dangers 709 00:29:37,750 --> 00:29:40,542 and threats in the world to your privacy and security and the like, 710 00:29:40,542 --> 00:29:43,420 there is plenty of ways to escape it, including this weekend. 711 00:29:43,420 --> 00:29:46,930 COLTON OGDEN: And I guess, when trying to download software, 712 00:29:46,930 --> 00:29:48,630 be mindful of the domains. 713 00:29:48,630 --> 00:29:53,020 You know, find out for sure, if you're not 100% sure what product you're 714 00:29:53,020 --> 00:29:56,247 downloading or buying, that you're at the right place for it 715 00:29:56,247 --> 00:29:59,080 because it's so easy now, especially to your point of all these TLDs 716 00:29:59,080 --> 00:30:00,220 that are now available. 717 00:30:00,220 --> 00:30:02,553 Someone could easily trick you into thinking that you're 718 00:30:02,553 --> 00:30:05,505 going to photoshop.info or what not. 719 00:30:05,505 --> 00:30:06,880 And you're not getting Photoshop. 720 00:30:06,880 --> 00:30:08,560 You're getting malware installed on your computer. 721 00:30:08,560 --> 00:30:09,230 DAVID MALAN: Yeah, absolutely. 722 00:30:09,230 --> 00:30:10,450 Do own photoshop.info? 723 00:30:10,450 --> 00:30:11,710 Is that what's happening here? 724 00:30:11,710 --> 00:30:13,420 COLTON OGDEN: I cannot confirm or deny. 725 00:30:13,420 --> 00:30:14,320 [LAUGHTER] 726 00:30:14,320 --> 00:30:16,403 DAVID MALAN: Well, maybe google Photoshop in order 727 00:30:16,403 --> 00:30:17,660 to download Photoshop. 728 00:30:17,660 --> 00:30:20,800 COLTON OGDEN: But, yeah, I think that's probably a huge thing. 729 00:30:20,800 --> 00:30:21,700 DAVID MALAN: Awesome. 730 00:30:21,700 --> 00:30:23,470 Well, thanks so much to everyone for tuning in. 731 00:30:23,470 --> 00:30:25,262 And, by all means, chime in online if you'd 732 00:30:25,262 --> 00:30:27,460 like to suggest some topics for future episodes. 733 00:30:27,460 --> 00:30:29,450 We'd love to chat about those as well. 734 00:30:29,450 --> 00:30:30,325 COLTON OGDEN: Indeed. 735 00:30:30,325 --> 00:30:33,042 This is the CS50 Podcast, episode 4, zero indexed. 736 00:30:33,042 --> 00:30:34,000 DAVID MALAN: Take care. 737 00:30:34,000 --> 00:30:35,690 COLTON OGDEN: Bye bye.