[MUSIC PLAYING] ANNOUNCER: This is CS50. DAVID MALAN: Hello world. This is the CS50 Podcast, episode 4, zero indexed. My name is David Malan. And I'm here with CS50's own Colton Ogden. COLTON OGDEN: David, I'm curious what the first browser that you ever used was. DAVID MALAN: It was probably like Netscape 1.0 or something. COLTON OGDEN: Netscape Navigator? DAVID MALAN: Maybe, or even one of its predecessors, one of the very first prototypes of a browser. But it was old school for sure. COLTON OGDEN: This would have been on a Windows computer. DAVID MALAN: Gosh, probably. Well, I started off life using Macs, and then I switched I think in college to using PCs and windows. And then, eventually, I think after a few years of teaching CS50 did I switch back to Mac. So-- COLTON OGDEN: I think the meme is that there are a lot of browsers that have come out. There are a lot of popular browsers these days-- Chrome, Firefox, Opera, Edge. On that list is not a particular browser of quite a bit of infamy, that browser being Internet Explorer. DAVID MALAN: Yeah, that one proved the bane of most developers' existence for some time because it was just so non-compliant when it came to certain standards. And Microsoft really did its own thing with various interpretations of the HTML and/or CSS specs. I remember even we had struggled with that for some of our own web apps. Like you'd get it working on Firefox. You'd get it working on Chrome. You'd get it working on Opera. But, damn it, it doesn't actually work as you expect in IE, especially IE6, version 6. COLTON OGDEN: Indeed. I mean, we used to even use BrowserStack internally, which is a website that you can test on multiple-- you can sort of look in a browser and see it working on multiple actual browsers. DAVID MALAN: Yeah, no, and that was in large part because of that, especially if a lot of us develop here on Macs. And so it wasn't really easy to run Internet Explorer, let alone any Windows-based browser. But, yeah, we had some third-party help with that, which was handy. COLTON OGDEN: Yeah, and IE6 was the particular offender because they did have IE7. They did have IE8. And, from what I remember, they improved on some of the noncompliance that IE6 sort of bore at the time. But what's funny is this week, in doing some research for the podcast, I came across an article-- a blog post, rather, by Chris Zacharias. DAVID MALAN: Yeah, no this was wonderful-- "Conspiracy to Kill Internet Explorer 6." COLTON OGDEN: Indeed. He is a former YouTube employee. And this is back in 2009-ish. And, back then, I mean YouTube was huge. You know, it started around 2005, 2006, but 2009 was really when it started to kick off. DAVID MALAN: Yeah, and I think, as the story goes, they had just been YouTube acquired by Google. And they were in the process of being integrated into Google's own software-based workflows. But enough of the developers on the YouTube team were just completely fed up it seemed with having to support IE6, which was still a non-trivial percentage of their user base. And I think, understandably, YouTube and presumably in turn Google didn't want to deprecate support for IE6 because there's a lot of employees at companies whose systems are pretty locked down. There's teachers in schools whose computers are pretty locked down. So there's a lot of users out there who can't just follow your instructions to update to another browser. They need like the IT department to actually do it for them. So I was an understandable business concern. But, as I understand it, the developers wanted nothing to do anymore with IE6. And so they started sneaking into YouTube's own code base a little banner advert essentially urging IE6 users to upgrade to any number of suggested other browsers. And they gave some direct links. COLTON OGDEN: Yeah, no, it was pretty crazy. And one of the stories that Chris even talked about in his blog is empty source tags in images would just load whatever the document root was. And this would have the effect of essentially recursively loading, similar to an iframe, all of the server's contents. DAVID MALAN: Yeah, and that was just one of the bugs I think that kept tripping them up. COLTON OGDEN: And that one had the-- from what I remember reading, it actually could cause blue screens of death on Windows machines. DAVID MALAN: Yeah, no, I believe it. And I'm amazed that bugs like that persist. And, even if they do eventually get fixed though, if you have a lot of systems out there that are not 100% up to date, then you're stuck dealing with these kinds of issues. But what was funny, I thought, about the blog post disclosure years later, after which they couldn't really get all that into trouble, presumably, was how, coincidentally, the Google Docs team had recently started advertising a similar message on top of Google Documents, which of course was already owned by Google. And that too was encouraging users to upgrade to a newer version of a browser. So they kind of snuck in under the radar there, but, even when it was detected, it sounds like there was some internal tensions with the lawyers, with the managers. But, in the end, it kind of worked out OK. But it's kind of a fascinating-- I think, if you take a step back at it, it's kind of a fascinating risk for any company. Unless you are constantly auditing your own lines of code, or you have really a robust process in place, it's possible for one or a few developers to slip something past the others, for better or for worse. Now this seemed to work out for the best in the end. In fact, I think you noted IE's usage plummeted actually, coincidentally or causally, after this particular change because YouTube was so popular. But you could imagine some adversarial employees using this power of the ability to change their code base for more evil purposes, if you will. COLTON OGDEN: Yeah, and, on that note, I can certainly understand why companies, especially as large as Google or Facebook, want to instate these code review processes and ensure that this doesn't happen and to make sure there are no sort of committing back doors to production, directly to production, so to speak. DAVID MALAN: Yeah, absolutely. We just spoke recently about a new feature that you can use on sites like GitHub where you can have the notion of code ownership so that, if a colleague changes a particular file or a line of code really that you or I wrote, we can actually have the whole pipeline notify us before that change to code is approved. But it seems like the YouTube team here benefited from a bit of superpowers when it came to who could actually push code, probably some changing processes because it's not that easy presumably to integrate an acquisition like YouTube into Google. So they had this window of opportunity where they were actually able to do something very developer friendly, but not necessarily managerial or lawyerly friendly. COLTON OGDEN: Indeed, I like to think it turned out well in the end. DAVID MALAN: It did. In fact, no one really worries about IE6 anymore, let alone IE, which has now been replaced by Edge. And even Edge now is based in part on the same core processor that essentially Chrome itself is. So things are starting to converge perhaps, which is interesting. COLTON OGDEN: Indeed. And I mean even modern browsers aren't immune to sort of some of the issues that plague-- I guess any software at large, you know, every piece of software is susceptible to issues. In particular, this week, Firefox had a major issue over the weekend. DAVID MALAN: Yeah, I heard that someone didn't renew their certificate, so to speak. COLTON OGDEN: Indeed. So Firefox ships with a certificate that sort of basically verifies that the add-ons that are installed onto the browser are verified by Mozilla as being legitimate and not malicious. And it turns out that they forgot to renew that certificate over the weekend or by the weekend's arrival. And, therefore, all Firefox users sort of over time, because it doesn't happen immediately, but, within about a 24-hour period, all of their add-ons were no longer functioning. DAVID MALAN: I know. And that's a pretty big deal because the people are relying on add-ons or extensions or plug-ins, however you want to think about them. To have all of your features stop working is not that exciting or not that good. And I should concede that this is a not uncommon problem. At least, I like to think I'm in good company here because I have, for instance, been guilty of not renewing some of our certificates in time. In fact, this happened just a few months ago where one of our certificates for CS50's website, so similar in spirit in that these things too have an expiration date just like code signing certificates can, I had set a reminder to actually renew this certificate. And I thought we had migrated all of our certificates to an auto-renewal process on Amazon's cloud platform. And so I literally kept ignoring, ignoring, ignoring the email reminders that I was being sent because I thought we had automated it all. But, nope, it turns out that one certificate was not yet configured to auto-renew. And so, at the stroke of midnight or whatever it was, the darn thing stopped working. We and some of our students noticed. And, thankfully, it only took a few minutes to fix, but it turns out that constant email reminders and a Google Calendar reminder is not sufficient, at least when I'm in charge of the certificates. COLTON OGDEN: Yeah, no, problems like that are somewhat easy to solve. Unfortunately, Firefox had some problems because their certificates were actually deployed with the browser itself. They had to remote deploy a new certificate through their sort of system called-- what's the series called? I think it's called series, actually. I don't think I wrote it down here. But the system is called Normandy. And they have a system that allows them to actually remote deploy the new certificates. Or, actually, well, it lets them perform research studies. Studies was the name of it. They have a tool called Studies, which allows them to remote deploy and remote test sort of behavior in folks' browsers. And this allowed them to ship a new certificate, which they signed because this is actually technically an add-on, this feature. They signed this with a new certificate that they then shipped with this feature. DAVID MALAN: I see. COLTON OGDEN: Yeah, but it's interesting that, somewhere in the process, there's presumably someone who had set a reminder that didn't quite go off or didn't quite get noticed. So it happens to the best of us, perhaps. DAVID MALAN: Yeah, thankfully, Mozilla, in their blog where they sort of break down this process, a-la how Facebook recently broke down how their passwords were stored in plain text, they outlined sort of the ways that they got this right, I guess, in fixing the problem, but they also did disclose the issues that they faced and ways that they would approach making sure that it doesn't happen again. COLTON OGDEN: Yeah, no it was really, to their credit, a nice post-mortem online, so to speak, which is worth reading. If you go to hacks.mozilla.org, you can find it under the May 2019 listings. DAVID MALAN: Indeed. We don't really use Chromebooks here at CS50, but we have some of them lying around. We've seen some folks using them, but Chromebooks have up to this point, up until fairly recently, been a fairly limited operating system in as much as they're essentially Chrome on a computer. COLTON OGDEN: Yeah, dedicated. So it's meant to be used really only in cloud. There isn't any client-side software or at least the appearance thereof, even though there actually is, even though it supports Google Docs and Gmail and Google Calendar and some other apps too that can be used offline. But, of course, you can't actually send and receive mail and other such notifications if you're actually offline. So it's kind of a product that's a little ahead of its time. I mean, honestly, I do think it's kind of inevitable that we'll see more of this once you have omnipresent internet access, both on the ground and in the sky and elsewhere on Earth, so to speak. But what's interesting is that underneath the hood is an underlying Linux-based operating system that traditionally hasn't really been exposed. It really is meant to be more of an appliance of sorts, an internet appliance. But now I gather that you'll actually be able to run Linux on these things so much more easily than in the past, which is great for power users who want access to pretty cheap hardware, but, nonetheless, with the ability to do something with Linux on it. DAVID MALAN: Indeed. Yeah, now folks will be able to actually fire up a terminal and interact with a Linux kernel. And it is actually called Termina. It runs on a VM. But the Linux kernel is actually directly interfaced with Chrome OS itself. And, in this case, therefore, you can pull up graphical applications and use them directly on Chrome OS like you would use on a Gnome or the like. COLTON OGDEN: Yeah, and, to come back to price too, what's been compelling historically about Chromebooks is that you can get a decent computer for like $100, $200. And that's really compelling. In fact, there's some school districts, certainly in the US and presumably abroad, that actually have their students use Chromebooks because it's so much more of an economical approach to equipping kids with hardware for the classroom. Of course, the catch is-- and we've encountered this with some of our students out in more rural areas-- they are sometimes allowed by their schools to take the laptops home, but they can't actually use them very much because, if they don't have internet access and, therefore, Wi-Fi at home, it's not all that useful a device except for, of course, purely offline access. But letting people actually use it for multiple purposes now I think is pretty compelling, especially given those price points. DAVID MALAN: Indeed, and, to your point, I mean I think it is pretty inevitable that we do have internet, even commoditized like utilities maybe eventually in the future just given how essential it is to modern life. But I can see, prior to maybe the last couple of years, it's not guaranteed that you'll always have internet access everywhere you go and that it'll be quality internet access. But, for those folks out there who are trying to learn more about computing, learn more about Linux, I mean it's a great device, kind of device. And there's a bunch of different versions made by bunches of different companies. It's a great device to kind of hack on and sort of just play around and learn the ropes. Back in the day, when I was growing up, I used to use actual little tower computers because there weren't really laptops in as great supply, let alone at those price points. They were much more expensive, but it's a great device to just learn and play on I would say. COLTON OGDEN: I think I've seen one of those desktops lying around somewhere. DAVID MALAN: Yeah, we still have them in the corner somewhere for parts. COLTON OGDEN: Well, awfully coincidentally, though, Microsoft, it turns out, for Windows 10, they're going to be shipping a full Linux kernel with their Linux subsystem, Windows' subsystem for Linux. DAVID MALAN: Yeah, you know, Microsoft, to their credit, has really gotten a lot more accommodating of Linux-type usage, previously with Windows 10, the earlier incarnation of it, just being able to run Bash, a so-called shell program, so that you have a much better command prompt than the actual software called historically Command Prompt, which, in yesteryear, was an actual DOS prompt-- so terribly limited. I mean my god. In like Windows XP and I think even later, you couldn't even copy-paste in the program very easily by default. And this is in stark contrast to like any X Window interface on Linux or Unix or Solaris or even on macOS. So they just really didn't adapt for this. And, frankly, given just how powerful it is to have a command-line interface on a Mac or a PC or a Linux Box, it just seemed very silly to sort of expect users to go to third-party utilities and not to optimize for what a lot of power users and certainly developers might want. COLTON OGDEN: Indeed, it is kind of a barrier, especially when so much documentation online too for developers is catered towards Linus environments. DAVID MALAN: Yeah. COLTON OGDEN: To their credit, to your point, they just announced the Windows Terminal, actually, which is an upgraded terminal. So it won't be replacing the Command Prompt. For legacy purposes, they want to ensure a backwards compatibility for so much software that relies on it, but they will be releasing this as a separate application that folks can download. And it actually looks quite pretty. It looks really nice. DAVID MALAN: And, hopefully, it'll improve the performance too for people, which is compelling as well. COLTON OGDEN: Indeed. Yeah, it's nice to see sort of this, I guess, all these companies embracing Linux and really sort of bringing their computers to a more usable I guess, end point. DAVID MALAN: I guess so. Though, I feel like we're going to invite some religious debate there if we claim it's more usable, but I do agree. COLTON OGDEN: For developers, I should say for I guess in a development environment. DAVID MALAN: Yeah, absolutely. I think there's great power that comes with the command line and just making it more user friendly. And there's decades of experience and expertise when it comes to all of these shell-based systems that might as well, I think, make it easier for people to use them still. COLTON OGDEN: Indeed. Have you heard of a KeePass? DAVID MALAN: I maybe had, but I really heard about it in the context of what I think you're about to tell us about. COLTON OGDEN: Yeah, so KeePass in an open-source password manager. And they are hosted at keepass.info, which an interesting choice for a domain name. DAVID MALAN: Oh, yeah. It sounds legit. COLTON OGDEN: Well, it turns out that keepass.info is legit, but keepass.com is not legit. DAVID MALAN: Yeah, I gather keepass.com, the illegit site, actually has had and maybe still has some malware built into it. So it's malicious software that you are duped into installing. And yet, the site, I actually pulled it up before the podcast today. It actually looked pretty legit. And, if you search for just KeePass, K-E-E-P-A-S-S, and hit Enter, thankfully, the first hit is indeed the legit one, keepass.info. But I think, for my browser, third or fourth among the search results on Google was keepass.com, which is the illegitimate site. So you can't even use Google search results necessarily as a compelling signal as to which one is the official one when they're so close together, frankly. COLTON OGDEN: Yeah, it's kind of alarming. And there's a point here about I guess the responsibility of, as a developer, as a company, making sure that you purchase the right domains for your application to reach the most users without giving room to nefarious actors to I guess kind of trick users into thinking that they're you. DAVID MALAN: Yeah, no, this is a tricky one because often there's squatters, people who have bought domain names in anticipation of other people wanting them. And I can only guess that keepass.com was taken when the authors of the software decided to get keepass.info. But, honestly, there's so many TLDs or Top-Level Domains now, hundreds, you certainly can't afford, most people, to get all of them-- so keepass.com, keepass.org, keepass.net, and the like-- just to kind of protect yourself. And even then you're vulnerable to typographical errors, even malicious ones. We, for instance, in a class I used to teach used to talk all the time about bankofthewest.com, which is the legitimate website for a bank out west in the United States. But someone very cleverly years ago bought bankofthe V-V-E-S-T .com, which, in a small font, looks like Bank of the West-- I can't even pronounce it now-- because two Vs together, of course, look like a W. And, honestly, at that point, especially if that one happens to bubble up in search results for whatever reasons, is even harder to spot as well. So this is kind of a fundamental challenge, I think, when it comes to distinguishing legitimacy on the web. COLTON OGDEN: I feel like I've seen this too with like the Russian alphabet has a Y, but it's actually an "oo." It's an "oo" character. DAVID MALAN: Yeah. COLTON OGDEN: And I feel like I've seen this in URLs. Like you can actually get tricked if the URL has that character in the place of a Y, like yahoo.com with that character. It's actually not technically the same character. It's an Unicode character. DAVID MALAN: No, and, thanks to Unicode, there's so many variants that there's actually other characters that look quite like the typical English alphabet that might trick folks like you and me. And I used to advise students that, all right, if you're not sure what the address of the URL, at least rely on your search engine. So search for the name of your bank, or search for the name of this product, KeePass in this case, and see what bubbles up. And, granted, the first hit is indeed the legitimate one, but you could imagine, if keepass.com gets talked about enough, and somehow the owners of that site sort of game the system in enough ways that their result bubbles up above the legitimate one, you could trick users even then. So, frankly, at this point, I'm wondering how do you avoid this. You kind of want to maybe start poking around in various articles, maybe in tech blogs or tech websites, and see what some legitimate authors are recommending people do. And, hopefully, they haven't been duped. And, if you see the same URL appearing again and again on websites that you do trust, various news outlets or blogging sites, then at least that's one additional signal you can take into account. But then I dare say you as the human are reinventing what Google calls page rank where you're sort of analyzing in your mind the number of people that are all recommending this particular URL. And so with high probability it must be legit. I mean, frankly, that's what the search engine is supposed to do, but, clearly, those results can be gamed, as we're seeing here on my own browser. COLTON OGDEN: I don't know if Google does already, but having some sort of flag for a malicious website such that it shows up very blatantly with maybe some red div or some red tag somewhere that says this site is reportedly nefarious. DAVID MALAN: Yeah, they do do that sometimes. And I don't know in this case. Is keepass.com intentionally being malicious, or was it compromised such that it's now distributing malware because someone got into it? COLTON OGDEN: Well, it turns out that there are a lot of other similar sites recently within the last 10 months that look very identical to this website. DAVID MALAN: Oh, interesting. COLTON OGDEN: 7-Zip, BlueStacks, UNetbootin, and GIMP, which is a very popular image editor, Snapseed, and a bunch of others-- 10 months this has been going on. It's a pattern that the-- actually, this was originally revealed in the form of a tweet by berkcgoksel. And they show this and reference the other web pages. DAVID MALAN: Interesting. Now there is a solution in the SSL world where you have a security certificate for your website that, if you pay for an expensive enough one, browsers will actually show you a verified signal with an additional padlock or check mark in the browser's URL bar indicating that this belongs to Bank of the West comma Inc based in Seattle, Washington or wherever they happen to be or California. And that's an additional signal, and they do charge more for it to do the additional verification. But, of course, all it takes then is for an adversary with a few dollars to spend to actually buy one of these same legitimate ones somehow and still trick users into clicking it. So it's a real problem of trust, which is sort of omnipresent on the web and ever more so with examples like this. COLTON OGDEN: And ever present in our podcasts. DAVID MALAN: Indeed, and even in the real world. In fact, you came across an article recently, if we might transition to the physical world, where some tenants in an apartment building were upset that the owner of the building had installed not physical key-based locks, but rather digital locks that required an app in order to unlock your door. Now, at first glance, I think this sounds fantastic. I mean it's kind of cool. It's trendy. You can unlock the door from your phone. Maybe there's food being delivered, and you won't have to go all the way downstairs to let them in. So there's a lot of like compelling use cases for this, but this is also a potential invasion of privacy because now the owner of the building knows exactly who is coming and when and what time of day and how frequently or how infrequently, not unlike a hotel. But, in this case, these are people's homes that they're paying for or renting. And, therefore, it's a little more worrisome that someone can effectively then track all of their movements. COLTON OGDEN: Yeah, and funny too, KeePass, we talk about digital keys. And now we're talking about physical keys. The main issue with this is definitely that it's putting the power into the people that are leasing the building, like an unjust amount of power. And, thankfully, the court decided that it was in the favor of the tenants. The tenants actually won a settlement. They ended up suing the landlords for invasion of privacy and other difficulties related to this whole process, one of them being, for example, one of the tenants was actually 93 years old and couldn't leave their own room because they were locked in. And they couldn't figure out how to use the app, which would have been circumvented had they had just a basic physical key to open their door with. DAVID MALAN: Yeah, absolutely. And I think, I mean, even if just your phone dies because it's out of battery-- you don't have it with you-- I mean, there's other reasons where this would be annoying. Now, to be fair, that could happen with physical keys as well. So I'm inclined to say that maybe the happy medium is to have both, physical key as well as the digital key. But the catch is physical keys have been insecure for years. Locks can certainly be picked, more so physically perhaps than digitally, especially if you have some software-based defenses in place, much like iPhones and Androids do these days. And, of course, there's probably a whole lot of locks out there such that, when a tenant moves, and someone else moves in, the old tenant may very well have copies of those original keys because a lot of landlords probably don't bother spending the money to change the locks every time someone new moves in. So it kind of goes both ways. It's arguably more secure in some ways, but it's less secure in others. But it's hands down more invasive because your movements are being tracked. Now, then again, you can imagine CCTVs and just security cameras also violating that same tenant, but, again, this seems like an interesting tension when it comes to sort of convenience and user experience and also privacy and security I'd say. COLTON OGDEN: Yeah, and, at least with a CCTV, the onus is on the landlord to actually spend all that time looking at the video if they want. I mean, I guess they could use sensors probably to programmatically figure out when people go in and out of a place. DAVID MALAN: But software can do this a lot quickly, you know? You could have a little alert saying ho, ho, ho. Look who came home really late last night. COLTON OGDEN: Yeah, no, it's a magnifier, the technology. DAVID MALAN: Yeah, I think that's a good way of putting it. And it'll be interesting to see how this plays out because, in this case, the situation was indeed settled. So there's not necessarily new case law around it, but it would be interesting to see how this evolves over time and how it just becomes more economical and more compelling security-wise to track, as a side effect, users' movements in this way in the interests of having software-based security instead. COLTON OGDEN: Still on the note of physical keys too, one of the things that I recently learned, which was pretty fascinating, is just how easy it is, even given an image of a key, just to create a duplicate of it because they're standardized. DAVID MALAN: Yeah, no, and that's true even of those car clickers, right? Supposedly, if you walk around like the Disney World parking lot with your own personal key clicker, and you walk far enough, eventually, you might very well unlock someone else's car because the address space isn't necessarily that large. And that's absolutely true for physical keys. They just rely on probability that no two people are going to have the same two keys. COLTON OGDEN: Yeah, it's pretty alarming. When humans are motivated, they'll find a way to get into just about anything. DAVID MALAN: Yeah, at that point, though, it's probably easier just to break a window than to walk up and down the aisles of Disney World and get caught on any number of cameras. So there are some I think downward pressures on these actual risks, but it's a trade-off, right? It's going to probably cost more time or more money or more metal to actually make these things more secure. COLTON OGDEN: That's true. We talk about so many things that are kind of depressing, negative, but it's fun occasionally to maybe shine a brighter spotlight on some of the more positive, fun things going on. And you actually brought this to my attention. They released a 30th anniversary edition of Hitchhiker's Guide to the Galaxy, which is a game that you remember playing years back. DAVID MALAN: Yeah, and it's probably my favorite book by Douglas Adams, Hitchhiker's Guide to the Galaxy. I've read it a few times. And I'll admit I've started reading it more times than I've actually finished reading it, but I do really enjoy it. And, years ago, growing up, there was a company called Infocom that made a text-based adventure game around Hitchhiker's Guide to the Galaxy where there is no GUI, no Graphical User Interface. It's all text. And so the first line in the game is essentially a statement along the lines of you wake up, and it's dark. And you have to start typing commands like look around or turn on lights-- sorry, spoiler, 30 years later though-- in order to figure out where you are and what you can do next. And it was a really rich game textually because the authors would describe what it is you're seeing. And so it kind of puts into your mind's eye what the scene is without actually having to see anything. And, in fact, fast forward to decades later when the Hitchhiker's Guide to the Galaxy movie came out, like probably 10 years plus ago now, it really did not look anything like the book looked and the game looked like in my own head, which was an interesting contrast. But it was such fun. And, indeed, last weekend I sort of escaped into the virtual world of this game, thanks to the simulator that's now online. Frankly, one of the downsides of playing it on an online simulator now 30 years later is that they've added to it some images, which is nice. It's sort of static images, akin to what you'd see every few pages in a nice black and white printed book. But it also kind of spoils the imagination that I had. And so I didn't click around enough, but I'm hoping there's a button with which to turn that off so you can just play the purely text-based version. COLTON OGDEN: Yeah, you'd probably even get that probably as a terminal program. DAVID MALAN: Probably, if I dug a little deeper. And I will admit I got as far as lying in the mud in front of the bulldozer where Arthur Dent's house is about to be knocked down. That's not really a spoiler. That happens like in the first few pages of the book, but then I got distracted or fell asleep or bored or something. So I'm going to have to try to come back to it this weekend and see how far I get. COLTON OGDEN: It is pretty cool. And it sort of reminds me of the podcast where we talked about those Infocom games coming out. I'm guessing they're related. They probably are. DAVID MALAN: Yeah. Well, and you mentioned another release of a game from yesteryear that you really liked had come out. COLTON OGDEN: Yeah, I mean, the old and the new, we've talked about this. So, with the old, this is an older game. It's 30 years old. But Minecraft is a very famous game, very popular. It was really huge, especially in the early 2010s. But it's approaching its 10-year anniversary. And they just released Classic Minecraft free to play in the web browser. DAVID MALAN: Oh, interesting. Yeah, I never really got into that, but it's been big and gotten bigger I think in recent years. COLTON OGDEN: Yeah, no, I mean, I would say it probably reached its peak in maybe 2015, 2016, but, even to this day, it's still pretty popular. It's not Fortnite popular. That's the new-- that's the new hotness. And even that I would imagine is probably going to be out-competed at some point in the near future. I think it's just the inevitability of games. They come out. People play them. They get so enraptured by them. And then the next big game comes out, and everyone just sort of jumps ship, more or less. DAVID MALAN: Absolutely. But I do have a fondness. Granted, I grew up with these older games, albeit not Minecraft in this case, where it's just kind of fun to play these older 8-bit games or even black and white games for which you have such fond memories. And even though, admittedly, they don't necessarily hold my interest as much anymore, I mean they really were wonderfully done and were cutting edge at the time. And I think they really do speak to the fact that some of the best games really are about story or about puzzles and about challenges and not necessarily about like 3D-rendered graphics and all that, which is certainly nice and immersive and all the more compelling. But you can have all of that, but not have a good game, nonetheless. So that's not what's perhaps core to some of the best games from yesteryear. COLTON OGDEN: Yeah, when I played Minecraft in virtual reality, I was terrified. [LAUGHTER] DAVID MALAN: The blocks almost got you? COLTON OGDEN: There was a cave in the distance. And I've never been more scared to go and do anything. And that's a testament to how powerful VR is. And I can't wait to see-- I can't wait to get 3D movement with like those treadmill devices and VR altogether. DAVID MALAN: Yeah, that will be amazing. COLTON OGDEN: That is going to be-- that is going to be cutting edge. DAVID MALAN: Gaming of the future I do think will be all the more immersive and escapist for sure. COLTON OGDEN: Yeah, we've got to get some of that. So takeaways then for today's episode, what would you recommend? DAVID MALAN: Play Hitchhiker's Guide to the Galaxy. If you Google this and type in emulator, you can find the anniversary edition on the BBC's website, the British Broadcasting Company, which has the simulator. You might have to create-- actually, you do have to create an account on their website if you want to be able to save your progress because I very quickly realized, wow, you die constantly in the text-based adventure by taking too long or by typing the wrong command. So definitely go ahead and do that. COLTON OGDEN: And play Minecraft. DAVID MALAN: And play Minecraft. So I think the takeaways there are, despite all of these dangers and threats in the world to your privacy and security and the like, there is plenty of ways to escape it, including this weekend. COLTON OGDEN: And I guess, when trying to download software, be mindful of the domains. You know, find out for sure, if you're not 100% sure what product you're downloading or buying, that you're at the right place for it because it's so easy now, especially to your point of all these TLDs that are now available. Someone could easily trick you into thinking that you're going to photoshop.info or what not. And you're not getting Photoshop. You're getting malware installed on your computer. DAVID MALAN: Yeah, absolutely. Do own photoshop.info? Is that what's happening here? COLTON OGDEN: I cannot confirm or deny. [LAUGHTER] DAVID MALAN: Well, maybe google Photoshop in order to download Photoshop. COLTON OGDEN: But, yeah, I think that's probably a huge thing. DAVID MALAN: Awesome. Well, thanks so much to everyone for tuning in. And, by all means, chime in online if you'd like to suggest some topics for future episodes. We'd love to chat about those as well. COLTON OGDEN: Indeed. This is the CS50 Podcast, episode 4, zero indexed. DAVID MALAN: Take care. COLTON OGDEN: Bye bye.