Placeholder Image

Subtitles section Play video

  • [MUSIC PLAYING]

  • ANNOUNCER: This is CS50.

  • DAVID MALAN: Hello world.

  • This is the CS50 Podcast, episode 4, zero indexed.

  • My name is David Malan.

  • And I'm here with CS50's own Colton Ogden.

  • COLTON OGDEN: David, I'm curious what the first browser that you ever used

  • was.

  • DAVID MALAN: It was probably like Netscape 1.0 or something.

  • COLTON OGDEN: Netscape Navigator?

  • DAVID MALAN: Maybe, or even one of its predecessors,

  • one of the very first prototypes of a browser.

  • But it was old school for sure.

  • COLTON OGDEN: This would have been on a Windows computer.

  • DAVID MALAN: Gosh, probably.

  • Well, I started off life using Macs, and then I

  • switched I think in college to using PCs and windows.

  • And then, eventually, I think after a few years of teaching CS50

  • did I switch back to Mac.

  • So--

  • COLTON OGDEN: I think the meme is that there are

  • a lot of browsers that have come out.

  • There are a lot of popular browsers these days--

  • Chrome, Firefox, Opera, Edge.

  • On that list is not a particular browser of quite a bit of infamy,

  • that browser being Internet Explorer.

  • DAVID MALAN: Yeah, that one proved the bane

  • of most developers' existence for some time

  • because it was just so non-compliant when it came to certain standards.

  • And Microsoft really did its own thing with various interpretations

  • of the HTML and/or CSS specs.

  • I remember even we had struggled with that for some of our own web apps.

  • Like you'd get it working on Firefox.

  • You'd get it working on Chrome.

  • You'd get it working on Opera.

  • But, damn it, it doesn't actually work as you expect

  • in IE, especially IE6, version 6.

  • COLTON OGDEN: Indeed.

  • I mean, we used to even use BrowserStack internally, which is a website that you

  • can test on multiple--

  • you can sort of look in a browser and see

  • it working on multiple actual browsers.

  • DAVID MALAN: Yeah, no, and that was in large part because of that,

  • especially if a lot of us develop here on Macs.

  • And so it wasn't really easy to run Internet Explorer, let alone

  • any Windows-based browser.

  • But, yeah, we had some third-party help with that, which was handy.

  • COLTON OGDEN: Yeah, and IE6 was the particular offender because they did

  • have IE7.

  • They did have IE8.

  • And, from what I remember, they improved on some of the noncompliance

  • that IE6 sort of bore at the time.

  • But what's funny is this week, in doing some research for the podcast,

  • I came across an article--

  • a blog post, rather, by Chris Zacharias.

  • DAVID MALAN: Yeah, no this was wonderful--

  • "Conspiracy to Kill Internet Explorer 6."

  • COLTON OGDEN: Indeed.

  • He is a former YouTube employee.

  • And this is back in 2009-ish.

  • And, back then, I mean YouTube was huge.

  • You know, it started around 2005, 2006, but 2009 was really

  • when it started to kick off.

  • DAVID MALAN: Yeah, and I think, as the story goes,

  • they had just been YouTube acquired by Google.

  • And they were in the process of being integrated into Google's

  • own software-based workflows.

  • But enough of the developers on the YouTube team

  • were just completely fed up it seemed with having

  • to support IE6, which was still a non-trivial percentage of their user

  • base.

  • And I think, understandably, YouTube and presumably in turn Google

  • didn't want to deprecate support for IE6 because there's

  • a lot of employees at companies whose systems are pretty locked down.

  • There's teachers in schools whose computers are pretty locked down.

  • So there's a lot of users out there who can't just follow your instructions

  • to update to another browser.

  • They need like the IT department to actually do it for them.

  • So I was an understandable business concern.

  • But, as I understand it, the developers wanted nothing to do anymore with IE6.

  • And so they started sneaking into YouTube's own code base

  • a little banner advert essentially urging

  • IE6 users to upgrade to any number of suggested other browsers.

  • And they gave some direct links.

  • COLTON OGDEN: Yeah, no, it was pretty crazy.

  • And one of the stories that Chris even talked about in his blog

  • is empty source tags in images would just

  • load whatever the document root was.

  • And this would have the effect of essentially recursively loading,

  • similar to an iframe, all of the server's contents.

  • DAVID MALAN: Yeah, and that was just one of the bugs

  • I think that kept tripping them up.

  • COLTON OGDEN: And that one had the--

  • from what I remember reading, it actually

  • could cause blue screens of death on Windows machines.

  • DAVID MALAN: Yeah, no, I believe it.

  • And I'm amazed that bugs like that persist.

  • And, even if they do eventually get fixed though,

  • if you have a lot of systems out there that are not 100% up to date,

  • then you're stuck dealing with these kinds of issues.

  • But what was funny, I thought, about the blog post disclosure years later,

  • after which they couldn't really get all that into trouble,

  • presumably, was how, coincidentally, the Google Docs team had recently

  • started advertising a similar message on top of Google Documents,

  • which of course was already owned by Google.

  • And that too was encouraging users to upgrade

  • to a newer version of a browser.

  • So they kind of snuck in under the radar there, but, even when it was detected,

  • it sounds like there was some internal tensions with the lawyers,

  • with the managers.

  • But, in the end, it kind of worked out OK.

  • But it's kind of a fascinating--

  • I think, if you take a step back at it, it's

  • kind of a fascinating risk for any company.

  • Unless you are constantly auditing your own lines of code,

  • or you have really a robust process in place,

  • it's possible for one or a few developers

  • to slip something past the others, for better or for worse.

  • Now this seemed to work out for the best in the end.

  • In fact, I think you noted IE's usage plummeted actually,

  • coincidentally or causally, after this particular change because YouTube

  • was so popular.

  • But you could imagine some adversarial employees

  • using this power of the ability to change their code base for more

  • evil purposes, if you will.

  • COLTON OGDEN: Yeah, and, on that note, I can certainly

  • understand why companies, especially as large as Google or Facebook,

  • want to instate these code review processes and ensure that this doesn't

  • happen and to make sure there are no sort

  • of committing back doors to production, directly to production, so to speak.

  • DAVID MALAN: Yeah, absolutely.

  • We just spoke recently about a new feature

  • that you can use on sites like GitHub where

  • you can have the notion of code ownership

  • so that, if a colleague changes a particular file or a line of code

  • really that you or I wrote, we can actually

  • have the whole pipeline notify us before that change to code is approved.

  • But it seems like the YouTube team here benefited from a bit of superpowers

  • when it came to who could actually push code,

  • probably some changing processes because it's not that easy presumably

  • to integrate an acquisition like YouTube into Google.

  • So they had this window of opportunity where they were actually

  • able to do something very developer friendly, but not necessarily

  • managerial or lawyerly friendly.

  • COLTON OGDEN: Indeed, I like to think it turned out well in the end.

  • DAVID MALAN: It did.

  • In fact, no one really worries about IE6 anymore,

  • let alone IE, which has now been replaced by Edge.

  • And even Edge now is based in part on the same core processor

  • that essentially Chrome itself is.

  • So things are starting to converge perhaps, which is interesting.

  • COLTON OGDEN: Indeed.

  • And I mean even modern browsers aren't immune to sort

  • of some of the issues that plague--

  • I guess any software at large, you know, every piece of software

  • is susceptible to issues.

  • In particular, this week, Firefox had a major issue over the weekend.

  • DAVID MALAN: Yeah, I heard that someone didn't

  • renew their certificate, so to speak.

  • COLTON OGDEN: Indeed.

  • So Firefox ships with a certificate that sort of basically

  • verifies that the add-ons that are installed onto the browser

  • are verified by Mozilla as being legitimate and not malicious.

  • And it turns out that they forgot to renew that certificate over the weekend

  • or by the weekend's arrival.

  • And, therefore, all Firefox users sort of over time,

  • because it doesn't happen immediately, but, within about a 24-hour period, all

  • of their add-ons were no longer functioning.

  • DAVID MALAN: I know.

  • And that's a pretty big deal because the people are

  • relying on add-ons or extensions or plug-ins,

  • however you want to think about them.

  • To have all of your features stop working

  • is not that exciting or not that good.

  • And I should concede that this is a not uncommon problem.

  • At least, I like to think I'm in good company

  • here because I have, for instance, been guilty of not renewing

  • some of our certificates in time.

  • In fact, this happened just a few months ago

  • where one of our certificates for CS50's website, so similar in spirit

  • in that these things too have an expiration date just like code signing

  • certificates can, I had set a reminder to actually renew this certificate.

  • And I thought we had migrated all of our certificates

  • to an auto-renewal process on Amazon's cloud platform.

  • And so I literally kept ignoring, ignoring, ignoring the email reminders

  • that I was being sent because I thought we had automated it all.

  • But, nope, it turns out that one certificate was not

  • yet configured to auto-renew.

  • And so, at the stroke of midnight or whatever it was,

  • the darn thing stopped working.

  • We and some of our students noticed.

  • And, thankfully, it only took a few minutes to fix,

  • but it turns out that constant email reminders and a Google Calendar

  • reminder is not sufficient, at least when I'm in charge of the certificates.

  • COLTON OGDEN: Yeah, no, problems like that are somewhat easy to solve.

  • Unfortunately, Firefox had some problems because their certificates

  • were actually deployed with the browser itself.

  • They had to remote deploy a new certificate

  • through their sort of system called--

  • what's the series called?

  • I think it's called series, actually.

  • I don't think I wrote it down here.

  • But the system is called Normandy.

  • And they have a system that allows them to actually

  • remote deploy the new certificates.

  • Or, actually, well, it lets them perform research studies.

  • Studies was the name of it.

  • They have a tool called Studies, which allows them

  • to remote deploy and remote test sort of behavior in folks' browsers.

  • And this allowed them to ship a new certificate, which

  • they signed because this is actually technically an add-on, this feature.

  • They signed this with a new certificate that they then

  • shipped with this feature.

  • DAVID MALAN: I see.

  • COLTON OGDEN: Yeah, but it's interesting that, somewhere in the process,

  • there's presumably someone who had set a reminder that didn't quite go off

  • or didn't quite get noticed.

  • So it happens to the best of us, perhaps.

  • DAVID MALAN: Yeah, thankfully, Mozilla, in their blog where they sort of break

  • down this process, a-la how Facebook recently broke down

  • how their passwords were stored in plain text, they outlined sort of the ways

  • that they got this right, I guess, in fixing the problem,

  • but they also did disclose the issues that they faced

  • and ways that they would approach making sure that it doesn't happen again.

  • COLTON OGDEN: Yeah, no it was really, to their credit,

  • a nice post-mortem online, so to speak, which is worth reading.

  • If you go to hacks.mozilla.org, you can find it under the May 2019 listings.

  • DAVID MALAN: Indeed.

  • We don't really use Chromebooks here at CS50,

  • but we have some of them lying around.

  • We've seen some folks using them, but Chromebooks

  • have up to this point, up until fairly recently,

  • been a fairly limited operating system in as much

  • as they're essentially Chrome on a computer.

  • COLTON OGDEN: Yeah, dedicated.

  • So it's meant to be used really only in cloud.

  • There isn't any client-side software or at least the appearance

  • thereof, even though there actually is, even

  • though it supports Google Docs and Gmail and Google Calendar

  • and some other apps too that can be used offline.

  • But, of course, you can't actually send and receive

  • mail and other such notifications if you're actually offline.

  • So it's kind of a product that's a little ahead of its time.

  • I mean, honestly, I do think it's kind of inevitable that we'll

  • see more of this once you have omnipresent internet access,

  • both on the ground and in the sky and elsewhere on Earth, so to speak.

  • But what's interesting is that underneath the hood

  • is an underlying Linux-based operating system that traditionally hasn't really

  • been exposed.

  • It really is meant to be more of an appliance of sorts,

  • an internet appliance.

  • But now I gather that you'll actually be able to run Linux on these things

  • so much more easily than in the past, which is great for power users who

  • want access to pretty cheap hardware, but, nonetheless,

  • with the ability to do something with Linux on it.

  • DAVID MALAN: Indeed.

  • Yeah, now folks will be able to actually fire up a terminal

  • and interact with a Linux kernel.

  • And it is actually called Termina.

  • It runs on a VM.

  • But the Linux kernel is actually directly interfaced

  • with Chrome OS itself.

  • And, in this case, therefore, you can pull up graphical applications

  • and use them directly on Chrome OS like you would use on a Gnome or the like.

  • COLTON OGDEN: Yeah, and, to come back to price too, what's

  • been compelling historically about Chromebooks

  • is that you can get a decent computer for like $100, $200.

  • And that's really compelling.

  • In fact, there's some school districts, certainly in the US and presumably

  • abroad, that actually have their students use Chromebooks

  • because it's so much more of an economical approach

  • to equipping kids with hardware for the classroom.

  • Of course, the catch is-- and we've encountered this with some

  • of our students out in more rural areas--

  • they are sometimes allowed by their schools to take the laptops home,

  • but they can't actually use them very much

  • because, if they don't have internet access and, therefore, Wi-Fi at home,

  • it's not all that useful a device except for, of course, purely offline access.

  • But letting people actually use it for multiple purposes now I think

  • is pretty compelling, especially given those price points.

  • DAVID MALAN: Indeed, and, to your point, I

  • mean I think it is pretty inevitable that we do have internet, even

  • commoditized like utilities maybe eventually in the future just given

  • how essential it is to modern life.

  • But I can see, prior to maybe the last couple of years,

  • it's not guaranteed that you'll always have internet access everywhere you go

  • and that it'll be quality internet access.

  • But, for those folks out there who are trying to learn more about computing,

  • learn more about Linux, I mean it's a great device, kind of device.

  • And there's a bunch of different versions

  • made by bunches of different companies.

  • It's a great device to kind of hack on and sort of just

  • play around and learn the ropes.

  • Back in the day, when I was growing up, I

  • used to use actual little tower computers because there weren't really

  • laptops in as great supply, let alone at those price points.

  • They were much more expensive, but it's a great device

  • to just learn and play on I would say.

  • COLTON OGDEN: I think I've seen one of those desktops lying around somewhere.

  • DAVID MALAN: Yeah, we still have them in the corner somewhere for parts.

  • COLTON OGDEN: Well, awfully coincidentally, though,

  • Microsoft, it turns out, for Windows 10, they're

  • going to be shipping a full Linux kernel with their Linux subsystem,

  • Windows' subsystem for Linux.

  • DAVID MALAN: Yeah, you know, Microsoft, to their credit,

  • has really gotten a lot more accommodating of Linux-type usage,

  • previously with Windows 10, the earlier incarnation of it,

  • just being able to run Bash, a so-called shell program,

  • so that you have a much better command prompt than the actual software called

  • historically Command Prompt, which, in yesteryear, was an actual DOS prompt--

  • so terribly limited.

  • I mean my god.

  • In like Windows XP and I think even later,

  • you couldn't even copy-paste in the program very easily by default.

  • And this is in stark contrast to like any X Window interface on Linux

  • or Unix or Solaris or even on macOS.

  • So they just really didn't adapt for this.

  • And, frankly, given just how powerful it is

  • to have a command-line interface on a Mac or a PC or a Linux Box,

  • it just seemed very silly to sort of expect

  • users to go to third-party utilities and not

  • to optimize for what a lot of power users and certainly developers

  • might want.

  • COLTON OGDEN: Indeed, it is kind of a barrier, especially when

  • so much documentation online too for developers

  • is catered towards Linus environments.

  • DAVID MALAN: Yeah.

  • COLTON OGDEN: To their credit, to your point,

  • they just announced the Windows Terminal, actually,

  • which is an upgraded terminal.

  • So it won't be replacing the Command Prompt.

  • For legacy purposes, they want to ensure a backwards compatibility

  • for so much software that relies on it, but they

  • will be releasing this as a separate application that folks can download.

  • And it actually looks quite pretty.

  • It looks really nice.

  • DAVID MALAN: And, hopefully, it'll improve the performance too

  • for people, which is compelling as well.

  • COLTON OGDEN: Indeed.

  • Yeah, it's nice to see sort of this, I guess, all these companies

  • embracing Linux and really sort of bringing their computers

  • to a more usable I guess, end point.

  • DAVID MALAN: I guess so.

  • Though, I feel like we're going to invite some religious debate there

  • if we claim it's more usable, but I do agree.

  • COLTON OGDEN: For developers, I should say for I

  • guess in a development environment.

  • DAVID MALAN: Yeah, absolutely.

  • I think there's great power that comes with the command line

  • and just making it more user friendly.

  • And there's decades of experience and expertise

  • when it comes to all of these shell-based systems that

  • might as well, I think, make it easier for people to use them still.

  • COLTON OGDEN: Indeed.

  • Have you heard of a KeePass?

  • DAVID MALAN: I maybe had, but I really heard about it

  • in the context of what I think you're about to tell us about.

  • COLTON OGDEN: Yeah, so KeePass in an open-source password manager.

  • And they are hosted at keepass.info, which

  • an interesting choice for a domain name.

  • DAVID MALAN: Oh, yeah.

  • It sounds legit.

  • COLTON OGDEN: Well, it turns out that keepass.info is legit,

  • but keepass.com is not legit.

  • DAVID MALAN: Yeah, I gather keepass.com, the illegit site,

  • actually has had and maybe still has some malware built into it.

  • So it's malicious software that you are duped into installing.

  • And yet, the site, I actually pulled it up before the podcast today.

  • It actually looked pretty legit.

  • And, if you search for just KeePass, K-E-E-P-A-S-S, and hit Enter,

  • thankfully, the first hit is indeed the legit one, keepass.info.

  • But I think, for my browser, third or fourth among the search

  • results on Google was keepass.com, which is the illegitimate site.

  • So you can't even use Google search results necessarily

  • as a compelling signal as to which one is the official one when

  • they're so close together, frankly.

  • COLTON OGDEN: Yeah, it's kind of alarming.

  • And there's a point here about I guess the responsibility of,

  • as a developer, as a company, making sure

  • that you purchase the right domains for your application to reach the most

  • users without giving room to nefarious actors to I guess kind of trick users

  • into thinking that they're you.

  • DAVID MALAN: Yeah, no, this is a tricky one

  • because often there's squatters, people who

  • have bought domain names in anticipation of other people wanting them.

  • And I can only guess that keepass.com was

  • taken when the authors of the software decided to get keepass.info.

  • But, honestly, there's so many TLDs or Top-Level Domains now, hundreds,

  • you certainly can't afford, most people, to get all of them-- so keepass.com,

  • keepass.org, keepass.net, and the like--

  • just to kind of protect yourself.

  • And even then you're vulnerable to typographical errors, even

  • malicious ones.

  • We, for instance, in a class I used to teach

  • used to talk all the time about bankofthewest.com,

  • which is the legitimate website for a bank out west in the United States.

  • But someone very cleverly years ago bought bankofthe V-V-E-S-T .com, which,

  • in a small font, looks like Bank of the West--

  • I can't even pronounce it now-- because two Vs together, of course,

  • look like a W.

  • And, honestly, at that point, especially if that one

  • happens to bubble up in search results for whatever reasons,

  • is even harder to spot as well.

  • So this is kind of a fundamental challenge, I think,

  • when it comes to distinguishing legitimacy on the web.

  • COLTON OGDEN: I feel like I've seen this too with like the Russian alphabet has

  • a Y, but it's actually an "oo."

  • It's an "oo" character.

  • DAVID MALAN: Yeah.

  • COLTON OGDEN: And I feel like I've seen this in URLs.

  • Like you can actually get tricked if the URL has

  • that character in the place of a Y, like yahoo.com with that character.

  • It's actually not technically the same character.

  • It's an Unicode character.

  • DAVID MALAN: No, and, thanks to Unicode, there's

  • so many variants that there's actually other characters that

  • look quite like the typical English alphabet that

  • might trick folks like you and me.

  • And I used to advise students that, all right,

  • if you're not sure what the address of the URL, at least

  • rely on your search engine.

  • So search for the name of your bank, or search for the name of this product,

  • KeePass in this case, and see what bubbles up.

  • And, granted, the first hit is indeed the legitimate one,

  • but you could imagine, if keepass.com gets talked about enough, and somehow

  • the owners of that site sort of game the system in enough ways

  • that their result bubbles up above the legitimate one,

  • you could trick users even then.

  • So, frankly, at this point, I'm wondering how do you avoid this.

  • You kind of want to maybe start poking around in various articles,

  • maybe in tech blogs or tech websites, and see what some legitimate authors

  • are recommending people do.

  • And, hopefully, they haven't been duped.

  • And, if you see the same URL appearing again and again on websites that you

  • do trust, various news outlets or blogging sites, then

  • at least that's one additional signal you can take into account.

  • But then I dare say you as the human are reinventing

  • what Google calls page rank where you're sort of analyzing in your mind

  • the number of people that are all recommending this particular URL.

  • And so with high probability it must be legit.

  • I mean, frankly, that's what the search engine is supposed to do,

  • but, clearly, those results can be gamed,

  • as we're seeing here on my own browser.

  • COLTON OGDEN: I don't know if Google does already,

  • but having some sort of flag for a malicious website

  • such that it shows up very blatantly with maybe some red div or some red tag

  • somewhere that says this site is reportedly nefarious.

  • DAVID MALAN: Yeah, they do do that sometimes.

  • And I don't know in this case.

  • Is keepass.com intentionally being malicious,

  • or was it compromised such that it's now distributing malware

  • because someone got into it?

  • COLTON OGDEN: Well, it turns out that there are a lot of other similar sites

  • recently within the last 10 months that look very identical to this website.

  • DAVID MALAN: Oh, interesting.

  • COLTON OGDEN: 7-Zip, BlueStacks, UNetbootin, and GIMP,

  • which is a very popular image editor, Snapseed, and a bunch of others--

  • 10 months this has been going on.

  • It's a pattern that the--

  • actually, this was originally revealed in the form of a tweet by berkcgoksel.

  • And they show this and reference the other web pages.

  • DAVID MALAN: Interesting.

  • Now there is a solution in the SSL world where

  • you have a security certificate for your website

  • that, if you pay for an expensive enough one,

  • browsers will actually show you a verified signal

  • with an additional padlock or check mark in the browser's URL

  • bar indicating that this belongs to Bank of the West comma Inc

  • based in Seattle, Washington or wherever they happen to be or California.

  • And that's an additional signal, and they do charge more for it

  • to do the additional verification.

  • But, of course, all it takes then is for an adversary with a few dollars

  • to spend to actually buy one of these same legitimate ones

  • somehow and still trick users into clicking it.

  • So it's a real problem of trust, which is sort of omnipresent on the web

  • and ever more so with examples like this.

  • COLTON OGDEN: And ever present in our podcasts.

  • DAVID MALAN: Indeed, and even in the real world.

  • In fact, you came across an article recently,

  • if we might transition to the physical world, where

  • some tenants in an apartment building were

  • upset that the owner of the building had installed

  • not physical key-based locks, but rather digital locks that required

  • an app in order to unlock your door.

  • Now, at first glance, I think this sounds fantastic.

  • I mean it's kind of cool.

  • It's trendy.

  • You can unlock the door from your phone.

  • Maybe there's food being delivered, and you

  • won't have to go all the way downstairs to let them in.

  • So there's a lot of like compelling use cases for this,

  • but this is also a potential invasion of privacy

  • because now the owner of the building knows exactly who is coming

  • and when and what time of day and how frequently or how infrequently,

  • not unlike a hotel.

  • But, in this case, these are people's homes

  • that they're paying for or renting.

  • And, therefore, it's a little more worrisome that someone can effectively

  • then track all of their movements.

  • COLTON OGDEN: Yeah, and funny too, KeePass, we talk about digital keys.

  • And now we're talking about physical keys.

  • The main issue with this is definitely that it's

  • putting the power into the people that are leasing the building,

  • like an unjust amount of power.

  • And, thankfully, the court decided that it was in the favor of the tenants.

  • The tenants actually won a settlement.

  • They ended up suing the landlords for invasion of privacy

  • and other difficulties related to this whole process,

  • one of them being, for example, one of the tenants was actually 93 years old

  • and couldn't leave their own room because they were locked in.

  • And they couldn't figure out how to use the app, which

  • would have been circumvented had they had just a basic physical key to open

  • their door with.

  • DAVID MALAN: Yeah, absolutely.

  • And I think, I mean, even if just your phone dies because it's out

  • of battery-- you don't have it with you--

  • I mean, there's other reasons where this would be annoying.

  • Now, to be fair, that could happen with physical keys as well.

  • So I'm inclined to say that maybe the happy medium is

  • to have both, physical key as well as the digital key.

  • But the catch is physical keys have been insecure for years.

  • Locks can certainly be picked, more so physically perhaps than digitally,

  • especially if you have some software-based defenses in place,

  • much like iPhones and Androids do these days.

  • And, of course, there's probably a whole lot of locks

  • out there such that, when a tenant moves, and someone else moves in,

  • the old tenant may very well have copies of those original keys

  • because a lot of landlords probably don't

  • bother spending the money to change the locks every time someone new moves in.

  • So it kind of goes both ways.

  • It's arguably more secure in some ways, but it's less secure in others.

  • But it's hands down more invasive because your movements

  • are being tracked.

  • Now, then again, you can imagine CCTVs and just

  • security cameras also violating that same tenant,

  • but, again, this seems like an interesting tension

  • when it comes to sort of convenience and user experience

  • and also privacy and security I'd say.

  • COLTON OGDEN: Yeah, and, at least with a CCTV,

  • the onus is on the landlord to actually spend all that time looking

  • at the video if they want.

  • I mean, I guess they could use sensors probably to programmatically figure out

  • when people go in and out of a place.

  • DAVID MALAN: But software can do this a lot quickly, you know?

  • You could have a little alert saying ho, ho, ho.

  • Look who came home really late last night.

  • COLTON OGDEN: Yeah, no, it's a magnifier, the technology.

  • DAVID MALAN: Yeah, I think that's a good way of putting it.

  • And it'll be interesting to see how this plays out because, in this case,

  • the situation was indeed settled.

  • So there's not necessarily new case law around it,

  • but it would be interesting to see how this evolves over time

  • and how it just becomes more economical and more compelling

  • security-wise to track, as a side effect, users'

  • movements in this way in the interests of having software-based security

  • instead.

  • COLTON OGDEN: Still on the note of physical keys too, one of the things

  • that I recently learned, which was pretty fascinating,

  • is just how easy it is, even given an image of a key,

  • just to create a duplicate of it because they're standardized.

  • DAVID MALAN: Yeah, no, and that's true even of those car clickers, right?

  • Supposedly, if you walk around like the Disney World parking

  • lot with your own personal key clicker, and you walk far enough,

  • eventually, you might very well unlock someone else's car

  • because the address space isn't necessarily that large.

  • And that's absolutely true for physical keys.

  • They just rely on probability that no two people

  • are going to have the same two keys.

  • COLTON OGDEN: Yeah, it's pretty alarming.

  • When humans are motivated, they'll find a way to get into just about anything.

  • DAVID MALAN: Yeah, at that point, though,

  • it's probably easier just to break a window

  • than to walk up and down the aisles of Disney World

  • and get caught on any number of cameras.

  • So there are some I think downward pressures on these actual risks,

  • but it's a trade-off, right?

  • It's going to probably cost more time or more money or more metal

  • to actually make these things more secure.

  • COLTON OGDEN: That's true.

  • We talk about so many things that are kind of depressing, negative,

  • but it's fun occasionally to maybe shine a brighter

  • spotlight on some of the more positive, fun things going on.

  • And you actually brought this to my attention.

  • They released a 30th anniversary edition of Hitchhiker's Guide

  • to the Galaxy, which is a game that you remember playing years back.

  • DAVID MALAN: Yeah, and it's probably my favorite book by Douglas Adams,

  • Hitchhiker's Guide to the Galaxy.

  • I've read it a few times.

  • And I'll admit I've started reading it more times

  • than I've actually finished reading it, but I do really enjoy it.

  • And, years ago, growing up, there was a company

  • called Infocom that made a text-based adventure

  • game around Hitchhiker's Guide to the Galaxy

  • where there is no GUI, no Graphical User Interface.

  • It's all text.

  • And so the first line in the game is essentially

  • a statement along the lines of you wake up, and it's dark.

  • And you have to start typing commands like look around or turn on lights--

  • sorry, spoiler, 30 years later though--

  • in order to figure out where you are and what you can do next.

  • And it was a really rich game textually because the authors would

  • describe what it is you're seeing.

  • And so it kind of puts into your mind's eye

  • what the scene is without actually having to see anything.

  • And, in fact, fast forward to decades later when

  • the Hitchhiker's Guide to the Galaxy movie came out, like probably 10 years

  • plus ago now, it really did not look anything like the book looked

  • and the game looked like in my own head, which was an interesting contrast.

  • But it was such fun.

  • And, indeed, last weekend I sort of escaped

  • into the virtual world of this game, thanks

  • to the simulator that's now online.

  • Frankly, one of the downsides of playing it

  • on an online simulator now 30 years later

  • is that they've added to it some images, which is nice.

  • It's sort of static images, akin to what you'd see every few pages

  • in a nice black and white printed book.

  • But it also kind of spoils the imagination that I had.

  • And so I didn't click around enough, but I'm

  • hoping there's a button with which to turn that off so you can just

  • play the purely text-based version.

  • COLTON OGDEN: Yeah, you'd probably even get that probably

  • as a terminal program.

  • DAVID MALAN: Probably, if I dug a little deeper.

  • And I will admit I got as far as lying in the mud in front of the bulldozer

  • where Arthur Dent's house is about to be knocked down.

  • That's not really a spoiler.

  • That happens like in the first few pages of the book,

  • but then I got distracted or fell asleep or bored or something.

  • So I'm going to have to try to come back to it this weekend

  • and see how far I get.

  • COLTON OGDEN: It is pretty cool.

  • And it sort of reminds me of the podcast where we talked about those Infocom

  • games coming out.

  • I'm guessing they're related.

  • They probably are.

  • DAVID MALAN: Yeah.

  • Well, and you mentioned another release of a game

  • from yesteryear that you really liked had come out.

  • COLTON OGDEN: Yeah, I mean, the old and the new, we've talked about this.

  • So, with the old, this is an older game.

  • It's 30 years old.

  • But Minecraft is a very famous game, very popular.

  • It was really huge, especially in the early 2010s.

  • But it's approaching its 10-year anniversary.

  • And they just released Classic Minecraft free to play in the web browser.

  • DAVID MALAN: Oh, interesting.

  • Yeah, I never really got into that, but it's

  • been big and gotten bigger I think in recent years.

  • COLTON OGDEN: Yeah, no, I mean, I would say it probably

  • reached its peak in maybe 2015, 2016, but, even to this day,

  • it's still pretty popular.

  • It's not Fortnite popular.

  • That's the new-- that's the new hotness.

  • And even that I would imagine is probably

  • going to be out-competed at some point in the near future.

  • I think it's just the inevitability of games.

  • They come out.

  • People play them.

  • They get so enraptured by them.

  • And then the next big game comes out, and everyone just sort of jumps

  • ship, more or less.

  • DAVID MALAN: Absolutely.

  • But I do have a fondness.

  • Granted, I grew up with these older games,

  • albeit not Minecraft in this case, where it's just kind of fun

  • to play these older 8-bit games or even black and white games for which you

  • have such fond memories.

  • And even though, admittedly, they don't necessarily hold my interest as much

  • anymore, I mean they really were wonderfully done

  • and were cutting edge at the time.

  • And I think they really do speak to the fact that some of the best games

  • really are about story or about puzzles and about challenges

  • and not necessarily about like 3D-rendered graphics and all

  • that, which is certainly nice and immersive and all the more compelling.

  • But you can have all of that, but not have a good game, nonetheless.

  • So that's not what's perhaps core to some of the best games from yesteryear.

  • COLTON OGDEN: Yeah, when I played Minecraft in virtual reality,

  • I was terrified.

  • [LAUGHTER]

  • DAVID MALAN: The blocks almost got you?

  • COLTON OGDEN: There was a cave in the distance.

  • And I've never been more scared to go and do anything.

  • And that's a testament to how powerful VR is.

  • And I can't wait to see--

  • I can't wait to get 3D movement with like those treadmill devices and VR

  • altogether.

  • DAVID MALAN: Yeah, that will be amazing.

  • COLTON OGDEN: That is going to be-- that is going to be cutting edge.

  • DAVID MALAN: Gaming of the future I do think

  • will be all the more immersive and escapist for sure.

  • COLTON OGDEN: Yeah, we've got to get some of that.

  • So takeaways then for today's episode, what would you recommend?

  • DAVID MALAN: Play Hitchhiker's Guide to the Galaxy.

  • If you Google this and type in emulator, you

  • can find the anniversary edition on the BBC's website, the British Broadcasting

  • Company, which has the simulator.

  • You might have to create--

  • actually, you do have to create an account on their website

  • if you want to be able to save your progress because I very

  • quickly realized, wow, you die constantly in the text-based adventure

  • by taking too long or by typing the wrong command.

  • So definitely go ahead and do that.

  • COLTON OGDEN: And play Minecraft.

  • DAVID MALAN: And play Minecraft.

  • So I think the takeaways there are, despite all of these dangers

  • and threats in the world to your privacy and security and the like,

  • there is plenty of ways to escape it, including this weekend.

  • COLTON OGDEN: And I guess, when trying to download software,

  • be mindful of the domains.

  • You know, find out for sure, if you're not 100% sure what product you're

  • downloading or buying, that you're at the right place for it

  • because it's so easy now, especially to your point of all these TLDs

  • that are now available.

  • Someone could easily trick you into thinking that you're

  • going to photoshop.info or what not.

  • And you're not getting Photoshop.

  • You're getting malware installed on your computer.

  • DAVID MALAN: Yeah, absolutely.

  • Do own photoshop.info?

  • Is that what's happening here?

  • COLTON OGDEN: I cannot confirm or deny.

  • [LAUGHTER]

  • DAVID MALAN: Well, maybe google Photoshop in order

  • to download Photoshop.

  • COLTON OGDEN: But, yeah, I think that's probably a huge thing.

  • DAVID MALAN: Awesome.

  • Well, thanks so much to everyone for tuning in.

  • And, by all means, chime in online if you'd

  • like to suggest some topics for future episodes.

  • We'd love to chat about those as well.

  • COLTON OGDEN: Indeed.

  • This is the CS50 Podcast, episode 4, zero indexed.

  • DAVID MALAN: Take care.

  • COLTON OGDEN: Bye bye.

[MUSIC PLAYING]

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it