{"id":33627,"date":"2025-04-20T05:16:36","date_gmt":"2025-04-20T12:16:36","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=33627"},"modified":"2025-04-20T05:17:29","modified_gmt":"2025-04-20T12:17:29","slug":"security-bits-20-april-2025","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2025\/04\/security-bits-20-april-2025\/","title":{"rendered":"Security Bits \u2014 20 April 2025 (Solo) \ud83d\udc23"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Rather aptly for this solo show, NosillaCastaway <em>MildDeamons<\/em> perfectly expressed the reason I much prefer recording with Allison on the <a href=\"https:\/\/www.podfeet.com\/slack\">NosillaCast Slack<\/a> when he posted:<br \/>\n> <em>&#8220;I really enjoy it (and I think most of us do) when you explain things to @podfeet and she tries to wrap her head around them. The best part is when one of you say something that doesn\u2019t quite make \u201csense\u201d to me \u2014 I\u2019m sitting there thinking, &#8216;Hmm, that doesn\u2019t seem right&#8230;&#8217; \u2014 and then @podfeet jumps in with, &#8216;Wait, wait&#8230; do you mean&#8230;?&#8217; And you go on to explain it another way, and them I\u2019m, &#8216;Ahhhh, now I get it!'&#8221;<\/em><\/li>\n<li>Oracle continues to illustrate how not to respond to security breaches by continue to try, and fail, to cover up a breach of their wider cloud services (above and beyond the Oracle Health breach we mentioned last time) \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/oracle-privately-confirms-cloud-breach-to-customers\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Some small but nice progress from Microsoft on some of their on-going efforts we&#8217;ve discussed before:\n<ul>\n<li>Progress on Windows improvements to make incidents like the infamous CrowdStrike outage from last summer less likely in future: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-tests-new-quick-machine-recovery-tool-to-fix-boot-crashes\/\">Microsoft tests new Windows 11 tool to remotely fix boot crashes \u2014 www.bleepingcomputer.com\/\u2026<\/a> (The new feature is branded <em>Quick Machine Recovery<\/em>)<\/li>\n<li>Continuing roll-out of reboot-less security updates \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-adds-hotpatching-support-to-windows-11-enterprise\/\">www.bleepingcomputer.com\/\u2026<\/a> (Branded <em>hotpatching<\/em> it doesn&#8217;t get you zero reboots, but it does get you from monthly to quarterly staying fully patched at all times)<\/li>\n<li>Continuing deprecation of old and insecure technologies: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-blocks-activex-by-default-in-microsoft-365-office-2024\/\">Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>GitHub have responded to the increased abuses of their services by malicious actors by making it easier and cheaper for organisations to buy their advanced security tools \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/github-expands-security-tools-after-39-million-secrets-leaked-in-2024\/\">www.bleepingcomputer.com\/\u2026<\/a> <\/li>\n<li>Google continue to battle the rise of ad-based malware on their platforms: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-blocked-over-5-billion-ads-in-2024-amid-rise-in-ai-powered-scams\/\">Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 We now have an explanation for the embarrassing and illegal <em>&#8216;Signal-Gate&#8217;<\/em> woopsie by the US administration \u2014 the National Security Advisor un-thinkingly accepted a Siri suggestion to update a contact in his phone \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/iphone-contact-mix-up-adds-journalist-to-private-white-house-group-chat-on-military-plans\/\">www.macobserver.com\/\u2026<\/a>\n<ul>\n<li>This was spun as it all being Apple&#8217;s fault by the administration, but it is of course no such thing, it actually perfectly illustrates why secure government communications need to happen on secure and private government channels!<\/li>\n<li>This means the national security advisor was careless twice rather than just once, not sure how that makes anything better? \ud83d\ude15<\/li>\n<li>Humans make mistakes, when you use a public service, not matter how cryptographically secure, those human mistakes can leak secrets to <strong>anyone on planet earth<\/strong>, but similar mistakes on private government channels have much smaller blast-radiuses.<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddec\ud83c\udde7 There is still no outcome, and we still have very little detail, but Apple have succeeded in lifting the veil of secrecy over the UK government&#8217;s attempt to break iCloud Advanced Encryption for the world \u2014 <a href=\"https:\/\/www.cultofmac.com\/news\/spy-icloud-encrypted-uk\">www.cultofmac.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive \u2014 How Apple is Training Apple Intelligence without Breaking their Privacy Promise<\/h2>\n<p><strong>TL;DR \u2014 there is nothing even vaguely nefarious or dangerous going on here, none of this is enabled by default, it&#8217;s all opt-in, and for those who do opt in, it their privacy is provably protected.<\/strong><\/p>\n<p>When you&#8217;re interested in big trends, you don&#8217;t need exact data. In fact, just about every real-world statistic is built on top of noisy and incomplete data because there are very few situations where everything can be known perfectly! What percentage of Americans owns a Ford vehicle? Simple question, we rarely think twice about how those numbers come to be, but for them to be perfectly accurate every single American would need to respond to the analytics company compiling the numbers truthfully. Impossible! So, we base statistics on small samples we hope are representative where we have reason to believe most respondents are truthful. As long as the sample is fairly representative of the total population and the responses are reasonably honest you get usable numbers out the other side.<\/p>\n<p>With computer usage data you can actually get perfectly clean data, but at the cost of everyone&#8217;s privacy. To determine which typos Apple&#8217;s autocorrect fixes most often iOS &amp; macOS could log every change and send them all to Apple! That would utterly violate Apple&#8217;s privacy promises and policies, but Apple still want to get a reasonable understanding of how their tools are used in the real world by actual users, so how can they square that circle? By intentionally adding random gibberish to the data to make it noisy! If you know the accuracy of your sampling (100% for which OS features a user does and does not use), and the accuracy you actually need, you can calculate the amount of intentional lies you can inject into your raw data without ruining your results. This is what Apple have been doing for years for all their OS analytics, and it has the fancy name <em>differential privacy<\/em>. Basically, when you agree to let your iPhone, iPad, or Mac send Apple analytics data, each piece of data gathered will be replaced with an intentional lie a specific percentage of the time. This means no one piece of data can ever be used as evidence of anything, because you know for a fact how likely it is to be a lie, and yet, when you aggregate it all together, the signal still pokes up above the noise, letting Apple make meaningful product decisions.<\/p>\n<p>Apple is now extending this approach to Apple Intelligence \u2014 for tools like image playgrounds and genmoji, the prompts people who <strong>opt in<\/strong> to sending Apple analytics data will be shared with Apple using differential privacy. That works great for AI features powered by short little prompts, but not for AI features that take huge inputs like summarisation.<\/p>\n<p>Here Apple are being wonderfully clever \u2014 instead of training and testing their models on real emails from people&#8217;s actual inboxes, they&#8217;re using generative AI to create fake but realistic emails to use instead. This protects user privacy perfectly because no ones actual emails are ever involved in any stage of the process. <strong>But<\/strong>, the quality of the training entirely depends on the realism of the synthetic data. What Apple need to do is not harvest your emails, but check how similar your emails are to their synthetic ones, and this is something you can achieve safely with the help of differential privacy.<\/p>\n<p>Apple are not going to gather your emails and upload them to their servers, instead, they&#8217;re going to randomly send devices where users have <strong>opted in<\/strong> a few synthetic emails, and on-device, the OS will perform statistical comparisons between users actual emails and the sample synthetic ones, and report those statistics back to Apple&#8217;s servers <strong>with intentional lies mixed into all the replies<\/strong>. So, even without differential privacy this would already not be sending actual emails to Apple, but for extra protection, even the statistics it does send are intentionally noisy, making it mathematically impossible to actually know what emails are on who&#8217;s devices. But, Apple will none-the-less be able to get a good estimate of the quality of their synthetic data.<\/p>\n<p>The key points to note:<\/p>\n<ol>\n<li>None of the data sent to Apple includes any kind of identifier \u2014 no device IDs, no user IDs, and no network identifiers like IP addresses, so what ever is sent is completely anonymous<\/li>\n<li>Everything that is sent is intentionally polluted with lies so no single piece of data can ever be used as evidence of anything<\/li>\n<li>For long pieces of text, users are not sending any actual data to Apple, but returning accuracy scores for Apple&#8217;s synthetic dummy data<\/li>\n<li>All this is opt-in rather than opt-out or compulsory<\/li>\n<\/ol>\n<h3>Links<\/h3>\n<ul>\n<li>Apple&#8217;s blog post explaining what they are doing: <a href=\"https:\/\/machinelearning.apple.com\/research\/differential-privacy-aggregate-trends\">Understanding Aggregate Trends for Apple Intelligence Using Differential Privacy \u2014 machinelearning.apple.com\/\u2026<\/a><\/li>\n<li>Good Summaries:\n<ul>\n<li><a href=\"https:\/\/www.macstories.net\/news\/apple-is-using-differential-privacy-to-improve-apple-intelligence\/\">Apple Is Using Differential Privacy to Improve Apple Intelligence \u2014 www.macstories.net\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.cultofmac.com\/news\/apple-intelligence-privacy-training-data\">How Apple gets AI training data without violating anyone\u2019s privacy \u2014 www.cultofmac.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li>Apple patch just about everything, some OSes twice!\n<ul>\n<li><strong>Current OSes;<\/strong> iOS\/iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4 &amp; visionOS 2.4,  and <strong>legacy OSes;<\/strong> iPadOS 17.7.6, iOS\/iPadOS 16.7.11, iOS\/iPadOS 15.8.4, macOS Sonoma 14.7.5 &amp; macOS Ventura 13.7.5 \u2014 <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/31816\">isc.sans.edu\/\u2026<\/a> (Includes two zero-days!)<\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/25\/04\/16\/apple-releases-security-updates-for-ios-1841-macos-sequoia-1541\">Apple releases security updates for iOS 18.4.1, macOS Sequoia 15.4.1 \u2014 appleinsider.com\/\u2026<\/a> (Fixes two zero-days, and there are also matching updates for tvOS &amp; visionOS)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-april-2025-patch-tuesday-fixes-exploited-zero-day-134-flaws\/\">Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>More details and analysis \u2014 <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/31838\">isc.sans.edu\/\u2026<\/a> &amp; <a href=\"https:\/\/krebsonsecurity.com\/2025\/04\/patch-tuesday-april-2025-edition\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>The April Android Patches are out: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws\/\">Google fixes Android zero-days exploited in attacks, 60 other flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Patch if you can, or consider getting a securable phone if you can&#8217;t)\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/googles-android-is-copying-apple-ioss-auto-restart-security-feature\/\">Google\u2019s Android Is Copying Apple iOS\u2019s Auto-Restart Security Feature \u2014 www.macobserver.com\/\u2026<\/a> (The good kind of copying!)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2025\/04\/google-patches-quick-share.html\">Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent \u2014 thehackernews.com\/\u2026<\/a> (Google&#8217;s AirDrop equivalent)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs\/\">WhatsApp flaw can let attackers run malicious code on Windows PCs \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Windows only bug)<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-lab-testing-provider-exposed-health-data-of-16-million-people\/\">US lab testing provider exposed health data of 1.6 million people \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<em>Laboratory Services Cooperative<\/em>)\n<ul>\n<li><em>&#8220;LSC is a Seattle-based nonprofit organization that provides centralized laboratory services to its member affiliates, including select Planned Parenthood centers&#8221;<\/em><\/li>\n<li>Not clear if victims are being notified, but there is a portal for people who fear they may be caught up on this to get more information (details in the linked story)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\ud83c\uddfa\ud83c\uddf8 The Trump administration continue to undermine the nation and the world&#8217;s cybersecurity \ud83d\ude41\n<ul>\n<li>The Trump administration almost killed the CVE system for cataloging and scoring known security vulnerabilities \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/mitre-warns-that-funding-for-critical-cve-program-expires-today\/\">bleepingcomputer.com\/\u2026<\/a> &amp;  <a href=\"https:\/\/krebsonsecurity.com\/2025\/04\/funding-expires-for-key-cyber-vulnerability-database\/\">krebsonsecurity.com\/\u2026<\/a>\n<ul>\n<li>The CVE database acts as the data source for just about every vulnerability detection tool in use today<\/li>\n<li>The CVSS Scores assigned to vulnerabilities in the CVE database make it possible for people with jobs like mine to triage and priorities our responses to what ever vulnerabilities our scanning tools alert us to<\/li>\n<li>There has always been an independent board overseeing the CVE database, but the contract to do the actual work has always been with the US quasi-governmental agency <a href=\"https:\/\/www.mitre.org\">MITRE<\/a> and paid for by the US government, current via CISA<\/li>\n<li>Moves were already afoot to remove the CVE database&#8217;s sole dependence on US good will, but those moves have now accelerated<\/li>\n<li>At the last minute CISA invoked a clause in the contract with MITRE to <strong>extend<\/strong> the contact, but it has not been renewed, so MITRE&#8217;s work maintaining the CVE database hangs by a thread \ud83d\ude15<\/li>\n<\/ul>\n<\/li>\n<li>The Trump administration have attacked the first ever director of the Cybersecurity &amp; Infrastructure Security Agency (CISA) Chris Krebs for his declarations on the legitimacy of the 2020 elections \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2025\/04\/trump-revenge-tour-targets-cyber-leaders-elections\/\">krebsonsecurity.com\/\u2026<\/a> (Ironically, Krebs was appointed by Trump in his first term)\n<ul>\n<li>Trump launched the attack in a published <em>Presidential Memorandum<\/em> directing all agencies to remove Krebs&#8217; security clearance as well as those from all employees at the company he works for (SentinelOne), and instructs the Attorney General and Secretary of Homeland Security to launch an investigation into Krebs and CISA and propose <em>&#8220;appropriate remedial or preventative actions&#8221;<\/em>\n<ul>\n<li><em>&#8220;Krebs, through CISA, falsely and baselessly denied that the 2020 election was rigged and stolen, including by inappropriately and categorically dismissing widespread election malfeasance and serious vulnerabilities with voting machines.&#8221;<\/em> \u2014 the Trump Memo<\/li>\n<\/ul>\n<\/li>\n<li>Krebs has resigned from SentinelOne to fight the Trump administration full-time, and to protect the company \u2014 <a href=\"https:\/\/arstechnica.com\/tech-policy\/2025\/04\/chris-krebs-who-debunked-2020-election-lies-vows-full-time-fight-against-trump\/\">arstechnica.com\/\u2026<\/a><\/li>\n<li><strong>Opinion from Bart:<\/strong> this is full-on authoritarianism, twisting the power of the state to persecute people and companies in order to force them to accept a false narrative that has simply never stood up to scrutiny. The fiction that the 2020 election was somehow <em>stolen<\/em> from Trump is literally his Hitler-esque <em>Big Lie<\/em>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/appleinsider.com\/articles\/25\/04\/17\/google-has-an-illegal-monopoly-on-online-advertising-judge-rules\">Google has an illegal monopoly on online advertising, judge rules \u2014 appleinsider.com\/\u2026<\/a> (\n<ul>\n<li>Note that this is a second DOJ anti-trust case against Google, this case is entirely separate to the one they lost last year and are currently appealing that found Google has a monopoly in search.<\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/25\/04\/18\/google-claims-it-won-half-of-its-monopoly-case-and-will-appeal-the-rest\">Google claims it won half of its monopoly case, and will appeal the rest \u2014 appleinsider.com\/\u2026<\/a> (The court did not agree with the DOJ that Google&#8217;s acquisition of DoubleClick decades ago was anti-competitive)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029\/\">SSL\/TLS certificate lifespans reduced to 47 days by 2029 \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>March 15 2026 \u2192 200 days for certs &amp; domain control validation<\/li>\n<li>March 15 2027 \u2192 100 days for certs &amp; domain control validation<\/li>\n<li>March 15 2029 \u2192 47 days for certs &amp; 10 days for domain control validation<\/li>\n<li>In effect, this means that if your website uses HTTPS certs and you don&#8217;t already have the process automated using something like Let&#8217;s Encrypt&#8217;s CertBot (which can use any Certificate Authority as the back end if they choose to offer the appropriate API) you&#8217;d better start work on fixing that soon!<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chrome-136-fixes-20-year-browser-history-privacy-risk\/\">Chrome 136 fixes 20-year browser history privacy risk \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>For years, links you visit from any website anywhere on the web are shown in a different colour on every website everywhere on the web<\/li>\n<li>With the advent of CSS and JavaScript it&#8217;s been possible for ages for websites to learn your browsing history by including links to sites of interest on their own pages, perhaps in hidden areas of the page, and checking the colour the browser assigns the links<\/li>\n<li>To combat this data leak, Chrome will only show links are visited from the domains where the user clicked on them<\/li>\n<li>So, if you only ever search the web on Google you&#8217;re not likely to notice anything because all your clicks will originate in Google, so you&#8217;ll still see results you&#8217;ve already been to in purple instead of blue<\/li>\n<li>But, if you search the web from two sites, say Google &amp; Bing, any results you visit in Bing will not show are visited on Google, and <em>vice-versa<\/em>.<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-rolls-out-easy-end-to-end-encryption-for-gmail-business-users\/\">Google rolls out easy end-to-end encryption for Gmail business users \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Purely an enterprise feature as it requires organisations to run their own key server<\/li>\n<li>Only works in the web version of GMail (leverages the browser to do the encryption\/decryption)<\/li>\n<li>Very clever design though with a good delegation of trust<\/li>\n<li>Real-world ready unlike the geek\/hobbyist PGP option<\/li>\n<li>Much easier for organisations of all sizes to deploy than S\/MIME which has existed for decades but failed to gain wide adoption<\/li>\n<li>\ud83c\udfa7 Get the nerdy details in <a href=\"https:\/\/overcast.fm\/+AALUuSf4kxo\">Security Now episode 1020<\/a> (Ignore Steve&#8217;s failure to comprehend that in an enterprise context the <em>&#8216;ends&#8217;<\/em> in end-to-end encryption are the organisations, not the individual mailboxes, so in the context it&#8217;s intended for, it absolutely is true E2E despite his scoffing)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.grc.com\/SN\/1019.jpg\">Steve Gibson&#8217;s Photo of the Week<\/a> recently had a fun overlap with coding:<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.grc.com\/SN\/1019.jpg\" alt=\"Subtle codings choices can land you at the bottom of the canyon\" \/><\/li>\n<li><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Rather aptly for this solo show, NosillaCastaway MildDeamons perfectly expressed the reason I much prefer recording with Allison on the NosillaCast Slack when he posted: > &#8220;I really enjoy it (and I think most [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[],"class_list":["post-33627","post","type-post","status-publish","format-standard","hentry","category-blog-posts","category-security-bits"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/33627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=33627"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/33627\/revisions"}],"predecessor-version":[{"id":33629,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/33627\/revisions\/33629"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=33627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=33627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=33627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}