Episode 81 – It’s Wet Inside Too
Scott: Friends with Brews.
Scott: You sounded so excited when you were counting us down, Peter.
Scott: I feel like…
Peter: It’s a lazy Sunday afternoon.
Peter: The weather is completely crappy.
Peter: It’s wet outside and I can’t run, so I’m not very happy.
Scott: Well, at least it’s wet outside and not wet inside.
Peter: No, it’s wet inside too, because you may hear them as we’re recording today.
Peter: I have my neighbor’s three dogs staying with me, and they were outside, but then they came back inside.
Peter: And they’re like little swiffers that shake themselves when they come inside.
Peter: So yeah, my feet, wearing a nice pair of new cloud socks, I don’t remember the exact brand, but it’s like cloud socks, I think is what they’re called, are now wet mop socks.
Peter: So I’m grumpy.
Scott: Wet cloud socks, rainy cloud socks, which is perfect for your weather.
Peter: Yeah, it’s great.
Scott: Peter, you’re very bitter, but what are you drinking?
Scott: Is it bitter?
Peter: It is not bitter.
Peter: Today I am drinking Wegmans Earl Grey Black Tea made from teabags.
Peter: I technically it’s…
Scott: Wait, is it grey or is it black?
Peter: Wegmans Just Tea Earl Grey.
Scott: Is it just tea or is it grey tea or is it black tea or is it grey black tea or is it black grey tea?
Peter: Grey black tea.
Scott: Or is it black?
Peter: That’s actually not true.
Scott: Tea with grey stripes.
Peter: It is Just Earl Grey Black Tea with lemon.
Peter: So I did squeeze half a lemon into this, and it’s quite delightful.
Peter: Not at all inspired by my finishing Making It So by Patrick Stewart this morning.
Scott: Both black and stripes are very slimming.
Scott: So a black tea with grey stripes is going to make you sleek and slim.
Peter: Then it’s a rail.
Scott: Yep.
Scott: Then it’s a rail.
Scott: Speaking of rails, this has nothing to do with rails.
Scott: I wanted to play a clip from one of the shorter episode, not the main episode of Risky Beas, but it’s one of the Grook episodes.
Scott: I don’t remember what they’re called.
Scott: But he was talking about a company that I think was trying to create or test a backdoor for iOS, for iPhone.
Scott: And they were surprised to get a certain notification.
Scott: That’s just classic.
Scott: They’re trying to attack an iPhone, and they’re getting a notification that their iPhone is being targeted by a nation state attack.
Peter: You’re being attacked.
Scott: Okay, I’m going to attack my drink next, and my drink, Peter, is the same drink that I had last week.
Scott: And there’s a reason that I’m already doing a repeat so rapidly.
Scott: And this is the Sterling Coffee Roasters Kenya, Kiamagumo AB.
Scott: And I said, and I know this because I just finished editing it yesterday.
Scott: I said that, although I originally got it through Trade Coffee, it was no longer available in Trade Coffee.
Scott: However, it was still available on the Sterling Coffee Roasters website, and therefore it’s a real flavor that you can go buy today.
Scott: Guess what’s no longer on the Sterling Coffee Roasters website?
Scott: This…
Peter: A real flavor…
Scott: .
Scott: blend of…
Scott: yes, the real flavor.
Scott: However, the stuff that I’m drinking today, we bought in Portland at Sterling Coffee Roasters last week.
Scott: So…
Scott: and it was already not on their website.
Scott: So though it’s not on their website, it was in the store.
Scott: Are they selling this particular blend out and it won’t be available anymore?
Scott: I don’t know.
Scott: I have no idea.
Scott: So I didn’t lie to anyone on purpose.
Scott: I may have lied anyway, but not on purpose.
Scott: Full transparency, Peter.
Scott: I have a website called The Doge, and it’s got all the transparency.
Peter: Does it have maximal transparency?
Scott: Maximal transparency.
Scott: The funny thing is, remember that press conference you were talking about where his little boy was picking his nose and stuff while he was in the Oval Office?
Peter: I do.
Scott: They were saying during that press conference that they had a website with everything that Doge was doing with maximal transparency, and at the time, all it had on it was a Doge logo.
Scott: That’s it.
Scott: Nothing else.
Peter: Maximal.
Scott: Now they have more, but according to 404 Media, anybody could modify the website at one particular point in time.
Peter: Yeah.
Peter: So essentially, they had an open database connection.
Peter: So these rocket surgeons that Elon has drafted to run the Department of Government Efficiency, which by other accounts are a bunch of fresh graduates from high school and or college who may or may not have Nazi ties online, who go by really mature handles online like big balls, et cetera, et cetera.
Peter: Apparently, when they spun up the Doge website, they left their database open and anybody could just push updates to it.
Peter: And this is not even Security 101, okay?
Peter: This is Security 001, right?
Peter: So, like, totally inexcusable, and it’s perfectly reasonable to think, hey, if these are the same people who are securing our government systems and going in and rating these systems, they probably made other mistakes too.
Scott: Wait, are you saying that the person who made this updatable by anybody on the internet shouldn’t necessarily be the guy making live edits to the treasury payments system?
Scott: Are you thinking that that’s a bad idea?
Peter: Not if he’s this much of a noob.
Scott: But doesn’t the…
Scott: you’re right.
Scott: But maybe the treasury payment system doesn’t run on WordPress and so it’s okay.
Peter: Sure.
Peter: Sure.
Peter: I’m sure that’s what it is.
Scott: Let’s go with that.
Scott: Okay, anyway, I still like my coffee.
Scott: It’s still good.
Scott: I still don’t know if I taste the raspberry.
Scott: I still don’t know what a demererera sugar is compared to any other sugar.
Scott: But this is a good coffee and I would pretty much recommend anything by Sterling anyway.
Scott: So even though I can’t link to this particular coffee, I will link to Sterling and you can buy any of their stuff.
Scott: What?
Peter: To be clear, this sugar, you’re supposed to be tasting notes of this?
Peter: Is that what that is?
Peter: Got it.
Peter: Got it.
Peter: Okay.
Peter: Okay.
Scott: It’s good.
Scott: I still think AeroPress squeezes some of the flavor out.
Peter: Have you been experimenting though?
Peter: I have pretty much standardized for mine.
Peter: I’ve been standardizing on the French roast grind and style.
Peter: So when I make it, I’ve pretty much that’s become my default these days.
Peter: What about you?
Scott: Yeah, we just talked about that in the episode that I published today.
Scott: However, I will say this.
Scott: In the episode that I published today, I was telling you that I had the grind, even for AeroPress, set way over to nine or 10 or something.
Scott: I have it on six now, which is a lot closer to your four or five or whatever you’re using.
Peter: Okay.
Scott: I’m not willing to go too much below it because I did go down to like four, and I did not like the taste of it coming out of my.
Scott: And remember, I’m drinking these black.
Scott: I drink most of my coffee, even my decafs, I drink black now because grinding at six in the…
Scott: What do we have?
Scott: The fellow opus?
Peter: Fellow opus, yes.
Scott: Grinding at six on the fellow opus, especially with the particular decafs that I have, it’s a very good smooth taste coming out of the AeroPress, and I can drink it black, and therefore I don’t have to have the extra calories from the oat milk or whatever.
Scott: Sometimes I dump a little in as a treat just to make it different.
Scott: But yeah, so I’ve pretty much standardised on that grind setting on the fellow opus, which will mean nothing to anybody with any other grinder.
Scott: But basically, it’s right in the centre at a six.
Peter: Cool.
Scott: Sticking straight forward.
Peter: Yeah.
Scott: And that’s it, and I’m using the regular AeroPress method with the, what did I call it?
Scott: I had a term for that cap.
Peter: The flow control cap?
Scott: Yeah, yeah, yeah.
Scott: The flow control cap, and a standard AeroPress thing.
Scott: I’m using a metal filter now because I ran out of the paper filters.
Scott: And so what I could do is I could just push it straight down.
Scott: Obviously, I don’t want to do that.
Scott: I want to push it down over a little bit of time, not instant, because the metal filter doesn’t give a lot of pressure, a lot of pushback with that grind.
Scott: So what I do is I push it down very slowly.
Scott: So it probably takes me 20 to 30 seconds to get to the bottom of the, to get to where it starts pushing air.
Scott: And once it starts pushing air, I stop immediately.
Scott: I don’t keep going and push air through the grinds.
Peter: And that’s French press style too, though, right?
Peter: You do so slowly when you’re gently expelling the coffee grinds, you know, or coffee through the grinds.
Scott: I try to always expel gently.
Scott: If you’re not expelling gently, Peter, it means you need to take some sort of oral medicine.
Peter: Oh, you can get nosebleeds too.
Peter: So yeah, that’s not fun.
Peter: It’s true.
Scott: Okay, what do we want to talk about today?
Scott: I think, so I followed up on my coffee.
Scott: That was really important to me.
Peter: Yes.
Scott: I followed up on my Opus grind settings for AirPress that was really important to me.
Scott: Oh, Peter, if you’ve ever thought you had the dumbest job candidate ever come to you and interview or fill out an application or just send you an email saying, I want a job.
Peter: I’ve definitely worked with that person before, and I’ve definitely hired or I’ve definitely interviewed his cousin.
Peter: But no, tell me, tell me more about this person.
Scott: I don’t, you’ve never talked to any of my cousins.
Scott: I, Peter, speaking of Risky Business Podcast, they were looking for a podcast editor.
Peter: Yeah, I know.
Peter: I told you about that.
Scott: And because they want somebody that can also do video and social media, I was like, yeah, video takes a lot of time.
Scott: I don’t, I don’t know.
Scott: But I thought, here’s what I’ll do.
Scott: I’ll send him an email saying, I know that I’m not in the right time zone for you, and I know that I don’t probably have as much video experience as you would like, although I have some.
Scott: I said, what I will do is apply, and if I can be helpful to you filling in while you look for your perfect candidate, then fine, consider me as that kind of option.
Scott: However, however, one thing, I didn’t know that Adam Wallow was full-time Risky Biz now.
Scott: I thought he was still just a guest with a different full-time job.
Scott: But I addressed it to Adam instead of Patrick, Patrick Gray, who’s the main guy.
Scott: And based on my at the time thinking that Patrick Gray was full-time Risky Biz and Adam Wallow wasn’t, I should have addressed it to Patrick.
Scott: But I didn’t.
Scott: I addressed it to Adam.
Scott: So then I sent a follow-up saying, sorry, I meant to say Patrick.
Scott: But I didn’t say, sorry, I meant to say Patrick.
Scott: I said, sorry, I meant to say Pettick.
Scott: So here I am saying I’m detail-oriented, and I’m sending it to the wrong person, and then I’m sending it to the right person as a clumsy follow-up and misspelling the right person’s name.
Scott: That’s the level of detail orientation you can expect from Scott Wallaby, because I think that’s my name.
Scott: I’m not 100% sure.
Scott: Scott Wallaby, editing podcasts, whatever those even are.
Scott: So there you go, Peter.
Peter: Yeah, that’s true.
Scott: I didn’t get the job.
Scott: I didn’t get a reply.
Peter: Really?
Scott: However, they haven’t blocked me on social media, and I still am able to listen to their podcast episodes, so they didn’t block my IP address either.
Scott: So good news.
Peter: I guess that’s good, right?
Scott: Yep.
Peter: Okay.
Scott: Okay.
Peter: Sure.
Scott: Anyway, I thought it was pretty amazing.
Scott: It was just one of those days where I was just like, why?
Scott: Oh my god.
Scott: I’m making the Doge boys look confident here, Peter.
Peter: Yeah.
Peter: I mean, I guess I wouldn’t hire you to, I don’t know, secure my website or hack the government.
Peter: Or then again, maybe I would.
Peter: But I don’t know.
Peter: I don’t know.
Peter: I don’t think you’re Nazi enough and I’m not sure about your criminal records.
Scott: That’s true.
Scott: Yeah.
Scott: I haven’t hung out with enough other misogynists a little.
Scott: What do they call those people who don’t have sex but not on purpose?
Scott: What do they call those?
Scott: There’s a term for that.
Peter: Nerds?
Scott: No.
Scott: In cells, right?
Scott: Yes, in cells.
Peter: Oh, is that what that stands for?
Peter: I didn’t even know what that meant.
Scott: Yeah.
Scott: Involuntary celibate.
Peter: Oh, is that what that means?
Peter: I learned something new today.
Peter: I had no idea.
Scott: Okay.
Scott: So we’ve talked about pretty much everything.
Scott: What else were we going to talk about?
Scott: It seemed like we had a lot more to talk about.
Scott: There was something you wanted to ask me about, and then I’ll end with the last item in the list and forget all the rest.
Scott: But there was something you wanted to talk to me about, and I don’t know why.
Peter: I think you know why.
Scott: Okay, Peter, let’s assume that I know why.
Scott: Go ahead, Patek.
Scott: Tell me, ask me the questions that you want to ask me.
Scott: Let’s dive into the topic, Adam.
Peter: Do I have to talk like Adam Waller or use Patek’s accent for this?
Peter: I hope not.
Scott: You should.
Scott: Yeah, you should.
Peter: So, you recently had some experience with a client who sustained a ransomware attack.
Scott: They did sustain it.
Scott: Yes, they did.
Peter: And so, I was wondering, given that I think this was your first ransomware rodeo, what you observed and what you saw, and what do you think, what were the lessons that you took away from that?
Scott: The lessons that I took away from this particular one are several, and one of the first things that I learned in recent research is that apparently ransomware groups aren’t making as much money as they used to from giant companies.
Scott: They’re not as successful anymore in ransoming huge companies that can pay out millions and millions of dollars for various reasons.
Scott: One is probably better practices.
Scott: Two is probably better responses, including incident response teams.
Scott: And three is a lot of companies just aren’t paying.
Scott: Yep.
Scott: But smaller businesses that have some money and some level of employees, those are still ripe for attack.
Scott: And that pretty much meets the definition of this company.
Scott: So whether it’s coincidence or not, and how they decided to target this particular company, or whether it was an opportunism thing, because this was basically a supply chain attack, if you will.
Scott: I’m not sure.
Scott: I don’t know the answer to that.
Peter: So what leads you to that?
Peter: You said this was a supply chain attack.
Peter: Well, what do you elaborate?
Scott: They have a vendor that they use for a specific software service, that I won’t detail, but they have a vendor that they use to provide them with a specific software service, and that vendor was compromised, or that is how they got through to them, was through that vendor.
Scott: And through an account that the vendor had access to that was associated with their company.
Scott: Okay.
Scott: And so, the moral of the story with that is, supply chains are always a problem, but an even bigger problem is, if you have a supply chain doing things for you, and you provide the supply chain with an account, make sure you have excellent security policies on those accounts.
Peter: Okay.
Scott: And, your account security policies in general for your internal users, your employees, your server accounts, your admin accounts, accounts that you give to vendors, and what level of access you give vendors.
Scott: All of these things should have policies, and you should be very careful about never giving anybody more access than they need.
Scott: You should never share accounts, you should never share passwords, you should never share anything, never be a sharing caring person.
Scott: When it comes to accounts and people’s access.
Peter: Okay.
Peter: So walk me through this again.
Peter: So they had a vendor get compromised, and they in turn were compromised by an account that this vendor had?
Scott: Yes, that’s correct.
Scott: And it basically allowed them way more access level than they should have had.
Scott: And it allowed them to ransomware a bunch of their files.
Scott: Now, what they didn’t do was they didn’t ransomware backups of these files.
Peter: So what you’re saying is your client that got hit had valid backups?
Scott: They did have backups, yeah.
Scott: Okay.
Scott: So there was a restoration process available to them that would not compromise them to use, and they were able to use that to restore themselves.
Scott: But they also engaged a response team to analyze the attack, what happened, next steps.
Scott: They deployed anti-mil war software, which they should have had to begin with.
Peter: Oh, so they didn’t have they didn’t have antivirus or EDR?
Scott: They had it on one server, and that server was not compromised.
Peter: Oh, well, that’s good.
Scott: Yeah, but they didn’t have it on any of the other servers, and they were compromised.
Peter: Oh, well, that’s bad.
Scott: Yes, that’s it.
Scott: That’s bad.
Scott: So that’s another takeaway for them is they need to take the security of their systems seriously, and they need to carefully choose and use a software for basically system protection and monitoring.
Scott: So, okay.
Peter: Well, those are a few things that pretty much everybody should be doing, if you ask me.
Scott: Yeah, it was actually very easily preventable, very simple, basic things that were done wrong in regards to accounts and server and client computer setups.
Scott: So, it’s easily remedied, but they’re lucky, they’re very, very lucky that they had backups that they can use, because it would have been entirely possible for the perpetrators to just poke around, find out what their backup mechanisms were, and neutralize those backups.
Peter: Certainly within the realm of possibility, if you don’t have immutable backups.
Scott: So, yeah, and it’s happened before, right?
Scott: Like other companies have been pwned, and the perpetrators destroyed or encrypted their backups as well.
Scott: Yeah.
Peter: Yep, absolutely.
Peter: So, one more thing too, you said something about the vendor account having too much privileges, or too much.
Peter: So, what can you say a little bit about that?
Scott: Let’s just say that I don’t think there are very many circumstances in which you’re giving a software-as-a-service vendor domain admin privileges, and being able to look at yourself in the mirror later.
Scott: Just don’t do it.
Scott: Don’t do that.
Scott: Don’t ever do that unless you absolutely need to, and as soon as they’re done doing whatever it is they need to do, revoke their privileges on that account, or deactivate it, or step it down, do something, but don’t keep that account hanging there with those privileges unless there’s a specific project they’re working on at that moment.
Peter: Bingo.
Peter: Yep.
Peter: No, that makes perfect sense.
Peter: So essentially, it was over-provisioned.
Peter: It had too many rights, right?
Peter: It did more than it needed to do, and also likely had them for too long, right?
Peter: That account was allowed to last.
Peter: Yeah.
Peter: So, okay.
Peter: Interesting.
Peter: That lines up pretty much with what you had told me earlier.
Peter: So, yeah.
Peter: Very interesting.
Scott: It was interesting, yeah.
Scott: The biggest interesting thing to watch for me was the response team that their insurance had them use in order to respond to this.
Scott: And the response was basically analysis of what happened, making sure the perpetrators are out of the system, locking it down, and deploying anti-malware software, that kind of stuff.
Peter: Yeah.
Peter: Pretty standard routine from what I’ve, you know, from IR work that I’ve done.
Peter: So, yeah, sounds pretty straightforward.
Peter: So, cool.
Peter: Well, did you take anything away now?
Peter: Are you able to, did you learn anything that you can in turn apply to your work?
Scott: Yes.
Scott: I did learn to think much harder about how Windows account privileges are set up, how password policies are determined and implemented, and using things like organizational units and groups in Windows in your domain to organize your accounts so that you can more easily make sure that you know what accounts are doing what, give specific permissions to specific accounts, and always have a very clear idea of what accounts are doing what, and what accounts are needed, what accounts are not needed.
Scott: And also doing things like just taking a good old look at things like listing out your accounts and when was the last time any of these accounts have logged in, making sure that you therefore can point out that, hey, you don’t seem to have a policy in place for retiring accounts when they’re no longer needed.
Scott: And why is that?
Scott: And having a policy in place for people to retire accounts that aren’t needed anymore is a big one because there were a startling number of accounts in this case that seemed to do nothing and haven’t done anything for a long time.
Peter: So what’s a way that a business can defend against that like right off the bat, like as they’re setting up, say I’m bringing in a new vendor into my business right now.
Peter: How can I proactively guard against that sort of thing about their account being active when it’s no longer needed?
Scott: Yeah, you can set a time that the account will become inactive.
Peter: Boom.
Peter: Yep.
Peter: Exactly.
Peter: So you just set an expiration date.
Scott: Exactly.
Scott: Yeah.
Scott: Yep.
Peter: That makes perfect sense.
Scott: And then as far as employees go, you should have an off-boarding process.
Scott: You want an off-boarding process anyway, because you need to have determined in your mind, what is your risk of angry employees finding out that they’re not working for you anymore?
Scott: And between that and the time they no longer have access to stuff, what do they have access to?
Scott: What’s the likelihood that they’re going to do something you don’t want them to do?
Scott: So you already have to have an off-boarding process.
Scott: And part of that off-boarding process should be, I’m going to deactivate this account as soon as that person’s not supposed to be inside the building anymore.
Peter: Bingo.
Peter: Right.
Peter: So as soon as their access should be terminated, it should be terminated, right?
Peter: That’s self-evident.
Peter: But what I was thinking was the first point was at the time of provisioning, you say like, if this account has a finite lifespan, then I will expire it at the end of said lifespan.
Peter: You can always extend it, right?
Peter: So it’s just like checking out a library book, right?
Peter: I just recently read Making It So by Patrick Stewart.
Peter: I picked out the book.
Peter: They didn’t give it to me forever, right?
Peter: They said, we need this back in two weeks.
Peter: I was like, OK.
Scott: Was it a physical copy or an e-copy?
Peter: In this case, I took an e-book version.
Scott: OK, then they can literally, if it was a physical copy, they can tell you, you can’t have this forever, but you can have it forever.
Scott: I know, because how many times that I ever go to the library as a kid and they told me, we don’t have that book right now because somebody stole it.
Peter: I don’t know what recovery services my local library has.
Peter: I mean, we got a lot of Italians in this town, so, you know.
Peter: Hey, Mr.
Peter: nikolaidis, you got that books?
Peter: Be ashamed if something happens to your kneecaps, you know.
Scott: Those are some good reading eyeballs you got there.
Peter: Oh, yee.
Peter: So, yeah, but essentially, it all follows a very simple principle called least privilege, right?
Peter: And you set the account to expire when it’s no longer needed, right?
Peter: Because at that time, it needs zero privilege.
Peter: So you set it up so that at that time, it will have zero privilege.
Scott: And you don’t go straight to domain admin level.
Scott: You give it the level you think they need, and then if you need to adjust things, you can, but start off low.
Peter: And our listeners may or may not know, but in Windows networks, domain admin by default can pretty much do literally anything.
Peter: Right?
Peter: So they have full rights to do anything on any computer anywhere in the network.
Peter: Right.
Scott: And one thing they could do if you’re not careful and you’re not keeping track of your accounts is, what’s the case here is, they could just make themselves a whole bunch of generic accounts to do different things with that you don’t even know exists.
Peter: But I thought you told me that what they did was instead, they found a legacy account that was lying around.
Peter: They didn’t make a new one.
Peter: They found another old one, you said.
Scott: That’s correct.
Peter: But the point I want to key in on though is, is finding a leftover account and reusing it is less likely to trip alarms than creation of a new admin account.
Peter: So what I’ve seen very often in MDR providers and MSSP’s, they will trip on the creation of new admin accounts and send an email, send an alert.
Scott: I don’t think these guys would have tripped on that.
Peter: Right.
Peter: Well, they don’t necessarily, when I say trip, I mean trip and alert, right?
Peter: So they would say, bingo, we just did that.
Scott: Right.
Scott: That’s what I mean.
Peter: What I don’t see as much is, hey, this formerly inactive account was just re-enabled.
Scott: Yeah.
Scott: Yeah, yeah, yeah.
Peter: Right.
Peter: Or this, you know, I do see this account was granted administrative rights.
Peter: I see that a lot, right?
Peter: But if you have a leftover dormant admin account that just gets, oh, you know, it was just lying around, we just reset the password on it and we’re good.
Peter: As they say on the Risky Business Podcast, Robert’s your mother’s brother.
Scott: Right.
Scott: Or as Max Verstappen said, if my head had balls, she’d be my uncle.
Peter: If you say that’s what they said, then sure.
Scott: Yeah.
Scott: It also does depend that you’re monitoring set up properly and you’re actually monitoring things.
Scott: You’re actually getting alerts and that you’re actually paying attention to alerts.
Scott: Yeah.
Scott: And I’m not so sure that would have been the case with these guys.
Peter: But so that was lessons learned, very technical for this podcast anyway.
Peter: So that was pretty cool.
Scott: Yeah, it was.
Scott: And again, I want to stress to people that I do general computer work.
Scott: I’m not a security expert.
Scott: I would not be the person to call in to respond to a situation like this.
Scott: I was a person on a team of people looking at stuff that needs to be done and doing things.
Scott: But it’s still a good learning experience.
Scott: By no means am I declaring that, hey, I know how to handle this.
Scott: I know everything about it.
Scott: No, not even close.
Peter: No, but you learned a lot on your first rodeo, so that’s pretty cool.
Scott: Yeah, it was.
Peter: All right, cool.
Peter: Should we go through a couple of little quick wrap ups, close and loose ends?
Scott: Do you have anything for us, by the way?
Scott: How are your shoulders doing?
Scott: It sounded to me like you have begun the running process again.
Scott: You began running away from your troubles again, Peter.
Peter: Barely.
Peter: I started running, but my my knee is kind of achy, so I’m taking it easy.
Peter: So we’ll see how that goes.
Scott: The way you phrased it to me yesterday was, your good knee is having pain.
Peter: Yeah.
Peter: Well, at this point, I don’t have a good knee.
Peter: So so I also back a few weeks ago, I ordered some Fermu glasses.
Peter: I said I wanted to give an update.
Peter: Your comment was they turned out to be complete shit.
Peter: And my comment is I did not say that.
Scott: No, no, it was with a question mark.
Scott: I was asking if that’s what you were going to say.
Peter: That is not what I was going to say.
Peter: And I am not going to say that.
Peter: So I think they are fine.
Peter: I think the problem that I’m having is a combination.
Peter: The size of them, they’re very big relative to the other ones that I’ve been wearing.
Peter: So that puts the focal point in the progressives, you know, like the sweet spot in an area that I’m not always used to looking.
Peter: That’s one problem.
Peter: The other problem is that my allergies over the last few weeks have come back, which is weird in the dead of winter.
Peter: But I am constantly dealing with dry, gritty, itchy eyes.
Peter: So that affects things.
Peter: So I’m having to like, you know, just take Zyrtec pretty much daily and douse my eyes with, you know, lubricating eye drops a lot.
Scott: Which means it’s very difficult for you to tell if focal problems are your eyes, the glasses, what?
Peter: It sucks.
Peter: But I have not terribly dissimilar experience with my new Warby Parkers as well.
Peter: It’s fairly similar.
Peter: So as I suspected, just using them for driving is fine, right?
Peter: Because, you know, I just generally need to glance down at the map or at the information cluster or something like that.
Peter: They work fine for that.
Peter: The only part was hard was like sitting and reading long, like, you know, long term, like reading the phone or something like that.
Peter: But a quick glance at something is fine.
Peter: But if I’m going to sit there and read for some time, I don’t know why you’d think that if you gave yourself a little bit of time, you’d be able to dial it in and find the right spot.
Peter: But it seems to me like the longer I need to stare at something up close, the harder it gets.
Scott: So well, I wanted to make a joke about how you were putting the dry and driving, but you’re actually not.
Scott: You’re putting the dry and reading.
Scott: And that’s not nearly as good of a joke.
Peter: Are we done?
Scott: Oh, I thought you forgot about the fact that you were looking for a new co-host who has to speak Brazilian Portuguese.
Peter: We already put that out last time.
Peter: So I have though, I have a fun little nifty.
Peter: And I showed you this the other night and I thought it was pretty cool.
Peter: Now, apparently, if I had ever watched an episode of Survivor, this would not be news in any way.
Peter: But I connected with my running buddy.
Scott: Wait, Survivor, you’re talking about that show where they go out in the wilderness?
Peter: And they survive, I guess?
Peter: I don’t know.
Peter: I’ve never seen an episode.
Peter: So my running buddy, apparently, though, he watches Survivor a lot.
Peter: And I know this because we have often been out running.
Peter: He’s like, I gotta get home this season from, you know, premiere of Survivor’s Tonight or something like that.
Peter: That’s not where I learned this.
Peter: I learned this on a running hiking channel that came across my YouTube feed.
Peter: So now I’m going to try to tell you this is an audio podcast primarily.
Scott: I don’t know if anyone’s going to see the video on this, but primarily you mean only that’s pretty primary.
Peter: So if you take a neck gator, also known apparently as a buff, I was not aware of that.
Peter: You can call these things buffs.
Scott: Oh, God, that’s even worse than gator.
Peter: And I hate the word gator, which is funny because in like in Dungeons and Dragons or World of Warcraft online games, buffs are like when you have a condition applied that increases your strength or your speed, you know, buffs you up.
Peter: Right.
Peter: So what I found is like, I generally only wore my neck gator in like one or two ways.
Peter: Like I would put it over, you know, pull it down over my head, like a chimney, and then my head pops out, but it’s still pretty much hanging over my ears and over my nose.
Peter: So it keeps the bottom half of my head, my face warm.
Peter: That’s how I have always worn these things.
Peter: And that’s pretty much it.
Scott: That’s how everybody wears them.
Peter: Right.
Peter: But there’s more.
Peter: So what you can do is if you take it and then take the top of that and put it up to like the top of your forehead around your hairline, and then cinch the bottom part of the gaiter up so that it comes to the bottom of your ears, you can essentially turn it into just a head slash ear warmer.
Peter: So now it’s keeping my forehead and my ears and the back of my head warm.
Peter: Okay, that’s pretty cool.
Scott: And it literally looks like a big, tall headband.
Peter: It does.
Peter: It’s acting just like a big, tall headband, right?
Peter: And that’s all you need to do.
Peter: So that’s option one, I thought was pretty cool.
Peter: Another option, which was pretty cool, is you take it, and again, now I’m pulling the chimney up over my head, and I’m taking the backside, the top rim of the gaiter, if you will, and I’m pulling it forward so that it’s around my hairline again.
Peter: So I have like this window that I can sort of peek out through, right?
Peter: But now, this is the hardest to describe.
Scott: You look like a criminal who’s very proud of their forehead.
Scott: That’s what you look like right now.
Peter: Yes.
Peter: So you start to grab the front top edge, the top of the front edge, which is now hanging down around my nose.
Scott: It’s the bottom of the hole, yeah.
Peter: And roll, yeah, bottom of the hole, but not the bottom of the gaiter, the bottom of the gaiter is on my neck.
Peter: You start to grab the front of the top lip and roll it inside.
Peter: So you grab it and then just tuck it and start rolling it inwards.
Peter: And just keep doing that until it essentially makes a hinge.
Peter: You just tuck it in and it turns itself into a balaclava.
Peter: And it’s amazing how well this stays in place.
Peter: I had no idea.
Scott: And it looks like you bought a balaclava for snowboarding or skiing, and you, yeah, exactly.
Peter: It’s like, yeah, and I walked up to my running buddy.
Peter: I was wearing like this.
Peter: And I was like, you know, I was like, yeah, what’s up?
Peter: And I told him about this.
Peter: I think you can turn a neck gator into a balaclava.
Peter: He said, wait, what are you wearing?
Peter: I said, this is a neck gator.
Peter: I thought it was a balaclava.
Peter: Like, no, it’s not.
Peter: So that’s pretty cool.
Peter: But the coolest out of all of them, I gotta say, I’m gonna take it off now.
Peter: Now this is probably the hardest one to describe.
Peter: So you take your neck gator and you hold it.
Peter: You stick your hand inside the gator.
Scott: Never stick your hand inside a gator, Peter.
Peter: Not if you want it back.
Peter: Stick your hand in the gator and then flip your palm facing up.
Peter: Now, the gator should be hanging on your hand so that the bottom side is just along your wrist, like right where your watch would be sitting.
Peter: From here, you can imagine yourself doing a face palm, but you’re really just doing a forehead palm.
Peter: Especially if you can get that sound, you know, for emphasis, you really get to slap it right in place.
Peter: Now, you grab the part of the gator that is touching the back of your hand, and just pull that backwards to the back of your head.
Peter: And what it does is it turns the gator into a bandana.
Peter: And it’s amazing.
Peter: It holds itself in place.
Peter: It’s perfectly snug.
Peter: It hangs down the back of your neck, so it covers a little bit of, you know, keeps like snow or rain or wind off the back of your neck.
Peter: And it also holds my AirPods in place perfectly.
Scott: It kind of looks like a do-rag.
Peter: It’s functionally, it is a do-rag.
Scott: Yeah.
Peter: So this is amazing.
Peter: I learned these things just a few days ago.
Peter: I had no idea.
Peter: I mean, I’m sure I’ve seen people doing this before and had no clue that that’s what they were wearing.
Peter: So I just threw that out as a nifty, because this is a cool little thing that anybody, you know, could benefit from theoretically.
Scott: Anybody who’s willing to stick their hand in a gator can benefit from this.
Scott: That is a nifty.
Scott: I like it.
Scott: I got one more thing.
Scott: First, I want to do real quick.
Scott: I want to tell people about Wikitalk.
Scott: I have the URL in the show notes.
Scott: It’s wikitalkwithtok.versell.app.
Scott: And it worries me a little bit that this guy is just using his versell URL instead of having a custom URL.
Scott: It makes me wonder how long this is for the world.
Scott: But this is really cool.
Scott: What it is, is it’s TikTok-like in that you scroll and you see pictures as you scroll.
Scott: But the pictures are pictures from and with overlaying text about topics from Wiki…
Scott: What’s it called?
Scott: Wikimedia?
Scott: Wikipedia?
Peter: Wikipedia?
Scott: Yes, Wikipedia.
Scott: And you basically get a nice picture with a title of what the topic is, a little explanatory paragraph.
Scott: And you can click on the Read More link to go to the Wikipedia article about the topic.
Scott: And it’s just totally random.
Scott: One minute you might be looking at the Holy Transfiguration Monastery Church, and the next minute you might be looking at the World Athletics U-20 Championships.
Peter: So it just gives you random Wiki articles.
Scott: Totally random, but they’re all fascinating.
Scott: Like I have followed many of these articles down the rat hole or the rabbit hole or the wiki hole or the gator hole or the gator hole.
Scott: And yeah, it’s very interesting.
Peter: Isn’t that a isn’t that a college game?
Peter: The gator hole, isn’t it?
Scott: Wiki hole, the gator hole?
Scott: Probably.
Peter: Don’t they play that in Florida?
Scott: I mean, Florida is a bit of a hole, but I guess they have a wiki hole or a gator hole.
Scott: Okay, Peter, anyway, that’s it.
Scott: I just wanted to bring people’s attention to wiki talk.
Scott: If you listen to ATP, I think you’ve already heard about it, because I think that’s where we heard about it.
Scott: Are they the ones that talked about it?
Peter: I don’t recall hearing about it.
Scott: Hmm, okay.
Peter: So until now.
Scott: I thought it was Casey-less Casey-less, Caseless Casey-less.
Peter: Could be, I don’t know.
Scott: Anyway, check that out, check out the gator, stick your hand in it, drink the black gray tea, and go push some updates to the Doge website.
Peter: Tell your friends.
Scott: Tell your friends.
Scott: Tell your friends.