AI is coming to an app near you. We discuss how these features will affect work, and the potential security implications of AI tools snarfing up files in businesses. We also discuss how to set up an old – or new – Mac as a home server. It’s a useful tool if you have multiple Macs.
- The Three Laws of Robotics
- ChatGPT banned in Italy over privacy concerns
- Malicious Keylogger Malware “BlackMamba” Made Using ChatGPT
- AI cracks passwords this fast, how to protect yourself
- Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype
- AI-Based Chat is Coming for Your Privacy: Should We Pause Development of Large Language Models?
- Google is adding AI to its work apps; Here’s what that means
- How to set up your own Mac server (with an old or new Mac)
Transcript of Intego Mac Podcast episode 289
Doug Adams 0:00
This is the Intego Mac Podcast–the voice of Mac security–for Thursday, April 27 2023.
This week’s Intego Mac podcast is a special edition. We’ll have a look at two topics. First, we’ll have a basic discussion on the current state of artificial intelligence apps. And then we’ll have some suggestions for using an old Mac computer as a home server. Now, here are the hosts of the Intego Mac podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s. Chief Security Analyst, Josh Long.
What are the currently known security implications with using ChatGPT?
Kirk McElhearn 0:37
I’d like to remind you of Asimov’s Three Laws of Robotics, a robot may not injure a human being or through inaction allow a human being to come to harm. A robot must obey the orders given it by human beings except where such orders would conflict with the first law. A robot must protect its own existence as long as such protection does not conflict with the first or second law. And the zero-th law, technically the fourth one, a robot may not harm humanity or by inaction, allow humanity to come to harm. Now we’re going to talk in the first half of this episode about AI ChatGPT. When you hear ChatGPT, that’s what everyone’s talking about. It’s a lot more than just ChatGPT. There are a lot of AI tools that are out there. First of all, we need to define AI. It’s neither artificial nor intelligent. These are what are called large language models that attempt to present a statistically relevant response to a question. It can do other things, it can summarize an article, it can give you a recipe when you give it a half a dozen ingredients, because it’s read all those recipe pages on the internet for the ones that are 2000 words along with someone talks about how they first discovered this food when it was six years old. And it can do all sorts…it can write poems. It can write limericks into all sorts of things. So it’s not intelligent. It’s not really artificial. But this is posing a lot of threats. Now, two weeks ago, Italy banned ChatGPT over privacy concerns. But Italy now says that ChatGPT can return if OpenAI takes useful steps. So I think in Italy, they read Asimov’s “I, Robot”, which had the three later four rules of robotics. This is a vast topic. And we’re going to talk about this particularly in terms of security, because there’s security of the data that you send and receive from AI models like this. There’s the ability of AI to crack passwords and do other malicious things. Where do you want to start, Josh?
Josh Long 2:41
Well, maybe let’s start with the implications for malware. We talked about this earlier this year. But there’s some more recent malware that has been created using ChatGPT. When we first talked about this, before some additional controls had been put in place. Remember, we talked about “DAN”–do anything now–where users were able to jailbreak ChatGPT and get it to do things that it wasn’t supposed to do. It’s not supposed to allow you to do things that are obviously malicious, you can’t tell ChatGPT Hey, I want you to write some malware for me. So do it, it’s not going to just comply if it thinks that the intent of the user is malicious.
Kirk McElhearn 3:24
That’s the first law of robotics. A robot may not injure a human being or through inaction allow a human being to come to harm.
Josh Long 3:31
However, people were figuring out ways around this. And there are still ways to sort of jailbreak ChatGPT. But it’s getting increasingly difficult because OpenAI, the company behind it is adding more controls in place and figuring out more ways that users are able to circumvent its safety controls. And they’re patching those as they come up.
Kirk McElhearn 3:55
In some ways, it’s almost surprising that we’re all beta testing this stuff. That they released this last year, and it got a lot of attention around December, January. And all these things are being discovered because obviously people were trying to push it to the limits trying to subvert it.
Josh Long 4:13
Oh, absolutely. Yeah. And so as time has gone on, we’re still going to be kind of beta testing it for them and experimenting with it. One security research group more recently than what we talked about earlier in the year, on March 7, published a newer piece talking about “Black Mamba”, they were able to use AI to generate polymorphic malware, and specifically they were able to create keylogging malware using ChatGPT. Now in this case, this Black Mamba malware could be compatible with Windows, Linux and even Mac even though Mac has a better reputation. Generally for security. We know that Mac malware is a real thing. We’re talking about it like almost every week on the podcast. And how, because there’s constantly new Mac malware. And it’s even making headlines. Because there’s new new Mac malware like not just variants of existing stuff. Black Mamba is malware that was created entirely using ChatGPT. It created some Python code that is able to run cross platform. So malware is one aspect of this OpenAI is going to continue to modify it continue to find ways to prevent people from doing things that might be potentially malicious. But remember, any tool can be used for good or evil. And so if you’re able to convince ChatGPT, that whatever code that you’re asking for, is for some good positive purpose, you might still be able to trick it into doing something that could be used for malicious purposes. And that’s where it can get a little a little bit tricky.
Kirk McElhearn 5:52
Josh Long 8:35
Well, okay, there’s this new AI based password cracking technology that’s called PassGAN. And the G A N part of it stands for generative adversarial network. I love the sound of that. That sounds so cool.
Kirk McElhearn 8:51
Oh, dude, I want that on a t shirt.
Josh Long 8:54
In any case, so keep in mind, this is like a first generation. But this the whole idea behind this is, let’s see if we can make an AI based tool that’s able to crack passwords more quickly than brute forcing can crack a password. So this team of researchers came together and decided to create this tool. And there’s some interesting things that they published in their report about this. They say that supposedly 51% of all common passwords were cracked in less than one minute. And 65% of all common passwords were cracked in less than an hour. 71% In less than a day and 81% in less than a month. That sounds good, I guess except for the “all common passwords” part. So if it’s a common password, that means it’s already in a data breach. And that means it’s already going to be in dictionary based attacks anyway. So I don’t know that those statistics are all that interesting. They do recommend that you stick with passwords that are eighteen plus characters now they say that those are safe from AI cracking for now, by the way, we’ll link to a couple of different articles on this. The first article is from 9 to 5 Mac. And they pretty much just summarize the research. And then there’s another article that we’ll link to from Ars Technica, written by Dan Goodin. And his takeaway was, well, this is kind of mostly hype for now, he points out where some of the failings were of this particular AI. And you know, of the report in general. So it’s not perfect. But again, this is like a first pass. And just the fact that people are researching, like, how to do this and already have code that can do some of this kind of stuff is interesting. And it means that they’re going to continue to evolve this technology and find better ways of cracking passwords as time goes on.
Kirk McElhearn 10:51
He points out at the end of the article that there was one password, momof3g8kids, okay, all in lowercase.
Josh Long 11:00
I think I know what that probably is. Gate is gifted and talented education in the US. So it’s probably mom of three gate kids, like my kids are really smart gate kids.
Kirk McElhearn 11:09
Okay, so traditional methods, that password was cracked in minutes to hours PassGAN would need 14 billion years to guess it. So I it’s not that. I think he’s kind of underplaying the importance here. Because no one is going to use just one or the other, they’re going to use both of them and run them simultaneously. So if the traditional method finds it, in minutes to hours, boom, that’s over, it’s not going to take 14 billion years. Although I do like the idea of shifting to 18 characters just in case I’ve been using 14 character random passwords for a long time, I have seen websites where 14 characters is too long for them. So sometimes you have to kind of truncate the passwords.
Josh Long 11:52
Yeah, depending on the site that I’m using it’s probably around like 20. Sometimes they make it a little more a little less than that. But it does take a long time to type a 20 character pseudo randomly generated password, though,
Kirk McElhearn 12:05
What? You type it? I use my password manager to automatically fill it.
Josh Long 12:09
Sometimes there are cases where I can’t just copy from my password manager and put it into another computer or something like that.
Kirk McElhearn 12:16
Okay, the last thing we want to talk about about AI is what about all your personal data that you give to ChatGPT? What about businesses who are going to be using these tools, let’s say with Microsoft Office, who’s already announced they’re going to roll this out under the name of “Copilot”. Microsoft seems to be planning to sell businesses, additional services, their Azure servers, for instance, the big, I don’t know how you describe it, it’s a big server of thing that runs functions securely. And they’ll sell you the cloud space, and they’ll sell you the access. And this way, you can have the database that’s totally secure. I looked up the size of the actual data. GPT3 was about 17 gigabytes GPT4 its 45 gigabytes. That may sound like a lot. But for a business who’s got servers with multi terabyte disks, that’s nothing at all. There’s another tool that OpenAI makes called Whisper which does speech to text transcription. Now, if you’ve noticed, we’ve been adding transcripts of this podcast on the Intego Mac security blog. If you haven’t noticed, you can go back and see the last eight or 10 episodes, we have transcripts. And we run these through Otter, which is an online service that does a really good job. And Whisper actually is almost as good, but it doesn’t have the kind of things like recognizing voices that Otter does. So the Whisper model, you can get an app called Mac Whisper, I’ll put a link in the show notes. It’s only a few euros, it’s a European app. And it’s about a three gigabyte download to be able to transcribe not just English, but multiple languages. So in some cases, you’ll be able to use these tools on your own computer with all the data you need. And you won’t need to send any data to a cloud service or enterprise implementations. They’ll set up their own server to make sure this is secure. However, if you’re just in Bing asking questions, don’t tell Bing any secret stuff.
Josh Long 14:11
Yeah, this is worth pointing out. I don’t think this is probably a big deal for most people. Because unless you’re asking, like really personal questions, you probably don’t need to worry too much about this. But, you know, I definitely would say that anything that you would not be comfortable, let’s say posting on social media, I would not discuss with a chatbot.
Kirk McElhearn 14:31
Right. But it’s more concerning about businesses. For example, one of the use cases that Microsoft pointed out is you’ve got an Excel spreadsheet, and there’s a bunch of data and you’ve got a document talking about a company and you want GPT to formulate this into a report. So this is data that your company hasn’t announced yet, that could have an effect on its share price, for example. So you want to make sure that this data is not going to the cloud where maybe someone’s doing a man in the middle to collect data to find data about your company. I mean, industrial espionage is huge, right? So any company who is going to be running this stuff seriously, it’s going to have to have their own server. Okay, we’re going to talk more about AI in the future because personally, I find this fascinating and these rules of robotics and all these science fiction novels I read decades ago are finally coming true. But we’re going to take a break. And when we come back, we’re going to talk about setting up a server on an old Mac.
Doug Adams 15:25
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego Mac Premium Bundle X9 includes VirusBarrier, the world’s best Mac anti-malware protection, NetBarrier, powerful inbound and outbound firewall security, Personal Backup, to keep your important files safe from ransomware, and much more to help protect, secure, and organize your Mac. Best of all, it’s compatible with macOS Ventura and the latest Apple silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today, when you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode show notes at podcast.intego.com. That’s podcast.intego.com, and click on this episode to find the special discount link exclusively for Intego Mac podcast listeners. Intego, world-class protection and utility software for Mac users made by the Mac security experts.
What are some good ideas for using an old Mac as a home server?
Kirk McElhearn 16:41
For some time now the most popular article on the Intego Mac security blog has been “How to Install macOS Ventura or Monterey on Unsupported Macs for Security Improvements”. And this is initially based on Josh’s 2002 iMac that was originally released with macOS 10.0 or whatever. No, I don’t think it’s that old. And after a while, Josh asked me to write an article about how to set up a server for an old Mac. Now, I wanted to talk about the old Mac for Josh’s use case. But I also wanted to talk about doing it with a new Mac. Because I recently bought an M2 Mac mini. And I wanted to replace my Synology NAS just because the Synology software is so annoying. It’s like Linux had a date with Windows and you know, ended up with a lovechild, that kind of thing. It’s so much easier to use a Mac for a server. And so what I use the server for is Time Machine backup of my MacBook Air. I use it to store my Plex library and some other files, really limited use. But it’s really easy to set up a Mac as a server. So we want to talk about, first of all doing this with an old Mac and just doing this in general. Josh, do you want to quickly give us a two minute introduction about why you’re still running that old iMac that dates back from the 1950s?
Josh Long 18:02
Okay, well, I like using older Macs, as long as they’re still functional, they serve a purpose. I don’t necessarily want to spend 1000s of dollars or even $500 to buy a new computer, right? If as long as the one that I’ve got is already serving its purpose very well. And I don’t have a specific need to upgrade. I like having that old computer be perfectly functional for for various purposes, right. So, for example, you mentioned my, actually it’s mid 2007 iMac that is running a current version of macOS. But I also have a mid 2011 iMac that I use as kind of a server as well, mostly headless I, it just kind of sits in the corner, and it serves my iTunes library. So yes, it still has iTunes on it. So it’s got all of those videos and audio files and everything else that I’ve collected over the years, they’re actually stored on an external hard drive attached to that iMac. And then it acts as a media server that I can access from, for example, my Apple TV, or from the Music app on one of my other computers. So it’s very useful for that purpose. And I just haven’t really felt the need to replace it.
Kirk McElhearn 19:19
No, it’s a valid point. Because if you’ve got an old Mac, and let’s say, you bought a Mac, you stopped using it and you handed it down to one of your kids and they stopped using it because they got another hand me down. You can’t really sell that old Mac for anything. You’re not going to just keep it in the closets, you might as well keep it running. And this things you can do now as you say, one of the biggest uses is as a media storage center. A lot of people use Mac minis a lot of people who are into audiophile music use Mac minis to store their music. Because it’s small, it’s quiet, it doesn’t use a lot of power. You can run it headless, which is what I’m doing with mine. So headless means that there’s no monitor connected to it. You use Screen Sharing to share the screen to see what it’s doing to do all the configuration etcetera. You said your Mac has an external drive. And if you think about an old Mac, that has an old hard drive and is only 20 gigabytes, and that’s not going to even get you two movies to store on it, you can buy a four terabyte hard drive for, I want to say $100. But the hard drives have actually gone up recently. But you can put, you know, multiple hard drives connected to a Mac. When we talk about servers, web servers, right, they have to handle millions of requests, they have to have memory and fast processes. When we’re talking about a home server, you don’t need anything, you just need memory and a processor, it’s simply moving files around is all it’s doing in the kind of work you’re doing. Now, there is one exception to that if you want to use Plex, so I use Plex for my media library. If you want to use Plex, the Plex app runs as a server on the server, and it does need certain levels of CPU to process the files. So if you aren’t going to run Plex, you might want to check to see what you need to do. I don’t know 4k 5.1 files if you’ve been ripping the latest blu rays. So file sharing is the basic reason to have a home server. And as I mentioned, you can do Time Machine backups. So if you have multiple discs connected to the server, you set one up as a Time Machine disk. And in my article on the Intego Mac security blog, I explained how to do this. And at that point, any other Mac on the network will see that disk is being available for Time Machine. So if you have some laptops, and you just can’t remember to plug in an external drive to back it up, that’s a good way to do it. Now if you use Intego Personal Backup, it’s the same thing. You can choose a network volume as a destination for your backups. And you can backup all your Macs without having to have disks connected to them.
Josh Long 21:43
Now you first need to make sure that you have sufficient space to back all of those computers up to if you have several computers that you want to all backup to the same Time Machine server. So that is something to keep in mind. But as you say, like if if you’re talking about a multi terabyte drive, and you don’t really have a ton of files on most of those computers, it shouldn’t be a problem for a lot of people. You talk in this article about a lot of different use cases and how to set it up initially. I remember back in the day, macOS Server used to be a thing, right? Originally, Apple had separate versions of the operating system that were server versions of the OS, I think that was all the way up until maybe Snow Leopard was the last one or maybe was a macOS Lion? Somewhere around there, I think they made the transition from having a separate server version of the operating system to having a macOS server app that you would then get from the App Store. And that was how you turn your regular consumer Mac into a server.
Kirk McElhearn 22:43
Not only that, but the initial macOS Server 10.0 cost $499 for a 10 client version. With macOS Mountain Lion, you could buy the server software for $20. And the reason was that the computers were fast enough. All the server elements were built into macOS. And we don’t mention often enough anymore, that macOS is built on a sort of a Unix foundation. So it had all of these server tools. And when you bought this $20 server software, you were just basically buying a server app that gave you an easy way to configure the server services instead of going into the command line. And I ran this for a couple of years on an older Mac mini and it was really practical. Now, in 2018, Apple started deprecating that and they warned that some of these features were going to be removed. And in fact, before we started recording, we were talking about how you used to be able to run a web server on your Mac, it had Apache web server built in. And you may remember back in the day, you had a Sites folder inside your Home folder. And this was to run a local web server. Now that doesn’t exist anymore. A lot of these features have been removed. Let’s face it, most people didn’t need Macs as servers in the past, they certainly don’t need them now, because most servers run in the cloud. And it makes a lot more sense. But there are these useful features. Another one I want to mention is called Content Caching. Now, let’s say you have a family with a couple of Macs, a couple of iPhones, etc. And everyone’s downloading updates for all their devices. If you turn on Content Caching on a server, or on any Mac, it doesn’t have to be a specific server. The first time someone requests an update, that Mac will keep a copy of it. So the next time someone requests that update, it’ll come local, it won’t use your bandwidth. It won’t take a long time. And this works for operating system updates, apps, films, music, anything that you get from Apple.
Josh Long 24:33
This is probably one of the most useful features aside from the Time Machine backup over the network. Content Caching can be really useful, especially if you have a slow internet connection. And also especially if you have let’s say that you have three people maybe you’ve got I don’t know kids who are all using the same generation of iPhone SE right. They’re all going to need the latest iOS update when it comes out. And so if you’ve got Content Caching on, then it just gets downloaded once to your caching server, and then automatically becomes available to all other devices that would need to use that same iOS package for similar hardware. Same thing with other updates as well. And like you mentioned, even apps that you get from the App Store, those are also cached in the same way. So if you’ve got the same apps on a bunch of devices, those will all update very quickly. Again, if you have like really fast bandwidth, if you’re lucky enough to live in an area where you’ve got gigabit internet speeds, not not a big deal for you probably, but if you are still using DSL, or really slow cable modem service, or heaven forbid, dial up, I mean, you have to have content caching, there’s no way you can survive without it.
Kirk McElhearn 25:50
For me, it’s more the ability to store files to do the Time Machine backup, etc. Now, there’s one other feature that’s really practical, but might not be for everyone. Do you own a printer, Josh?
Josh Long 26:01
I do. But mine is a network printer, I mean, of course, I’m gonna get a printer that plugs into the network or is available wirelessly. But if you don’t, if you’ve got a USB printer, this feature that you’re going to talk about is pretty cool,
Kirk McElhearn 26:14
Right. There’s a feature called Printer Sharing. And basically you select the printer and you share it and everyone can print it, and they’ll see the printer in the print dialog when they go to print the document. Now, the reason this might be practical is maybe you’ve got a couple of printers, right, and you’ve got one cheap printer over Wi Fi, but you’ve got a fancy photo printer that you want to plug in so multiple people can access it. Or if you work from home, you’ve got a laser printer that needs to be used for work compared to a cheaper Wi Fi printer. The reason I asked you have a printer is so many people I know don’t even own printers anymore. When I have to return something to Amazon, you don’t even have to print a label anymore, you can get a QR code that the postman scans with his device when he comes to pick it up from you, or that you take to the post office and you show on your phone. So you really don’t even need a printer for most things.
Josh Long 27:03
True. Yeah, it all depends, right? I mean, there’s there’s still enough use cases for me to print things out that I still have a printer.
Kirk McElhearn 27:11
In any case, if you’ve got an old Mac, it’s a good idea to repurpose it. This is really good for an old laptop, because it doesn’t take up a lot of space. It’s really good for a Mac mini it’s a little bit more complicated with an iMac, you kind of want to put this in the closet someplace because you don’t want it to be in the way. Ideally, you’ll connect it over Ethernet to get the fastest bandwidth. If not, if it’s Wi Fi, well, then a really old Mac’s gonna have slow Wi Fi. So that could be a problem. But think about what you need. Think about what you have, I bought the latest Mac mini because at that price, you know, it’s a very usable computer. It’s also a backup computer in case something goes wrong with my iMac, I only bought it with eight gigs of RAM and 256 gigs of storage. Because using a server you don’t need a lot of RAM. And I’m not using the internal storage. It’s all on external drives. Here’s a tip, make sure you encrypt your external drives. Once you mount them, right click them in the Finder and encrypt this drive. So if anyone breaks into your house and steals the computer or the drives, then your data is at least protected.
Josh Long 28:15
Yeah, that’s really important. And that’s called File Vault. By the way, make sure to turn that on. As soon as you get your computer I especially recommend that you do that on your mobile computers because you definitely don’t want somebody to be able to steal files off your hard drive. Even if they can’t get into your computer, they could still potentially steal things from your drive. So definitely want to turn on File Vault as well. One more quick thing, you mentioned a little bit about how to manage that computer remotely. We talked about headless computers. And so you don’t even need a screen attached necessarily if you’ve turned on remote management, if you’re really geeky. The other thing you can turn on is remote login, which gives you command line access so that you can do things like that as well, which is kind of fun for geeks but not something that the average person will want to use.
Kirk McElhearn 29:05
Okay, until next week, Josh, stay secure.
Josh Long 29:07
All right, stay secure.
Doug Adams 29:10
Thanks for listening to the Intego Mac podcast, the voice of Mac security, with your hosts Kirk McElhearn, and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like, or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode podcast.intego.com The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.
If you like the Intego Mac Podcast podcast, be sure to rate and review it on Apple Podcasts.
Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.