Episode 236: No Nancy Here

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Podcasting 2.0 for September 26th, 2025, episode
236.
No Nancy here.
Hey everybody, the Rodecaster's working.
Don't worry, you won't be subjected to all
kinds of nonsense for hours on end.
No, instead, it is a regularly scheduled board
meeting of Podcasting 2.0 where we discuss
everything going on in podcasting, the history, what's

(00:23):
happening now, and where we are going in
the future.
I'm Adam Curry.
Wait, I forgot to tell you, we're the
only boardroom that rejects work slump in the
office, there it is.
I'm Adam Curry in the heart of the
Texas Hill Country and Alabama, the man who's
my first call in case of a security
breach.
Say hello to my friend on the other
end, the one and the only, the only
pod sage, Mr. Dave Jones.

(00:48):
Are you cleaned up now, are you clean?
Yes, I'm clean, man, I'm clean, I'm clean.
That was kind of interesting.
I have never had a breach in my
life.
You got popped.
I sure did.
That was, I mean, who in their right
mind?

(01:08):
No, but who in their right mind is
thinking, hey, you know what, I'm going to
run a crypto miner on a two gig
Linode instance.
I mean, what are they mining?
They were probably just all kinds of stuff.
I mean, everything you can think of.
They run crypto miners on- Washing machines.

(01:30):
Like home routers and crap.
I mean, if it's got a CPU, they're
going to mine on it.
Collectively, when you're mining on 7,000 hacked
machines, you actually get some horsepower.
So I've always, honestly, I've just always been
too lazy to figure out how to do

(01:51):
all the key stuff.
I'm like, oh, it's SSH.
If it's SSH, then it should be secure.
Then whatever I'm sending should be secure.
How do they actually sniff out my access,
my password, if I'm using SSH from my
machine into the server?
What are they doing that they can sniff
that out?
Well, so the way, it's all credential stuffing.

(02:15):
So you're going to have, there's mass scanners
out there polling for OpenPort 22 all the
time.
Oh, I see that, yeah.
And then as soon as they, they'll get
a list and then they just start throwing
password dictionaries at it as fast as possible.
Can they see usernames?

(02:41):
Don't know about that.
Because I don't have a traditional- But
you had root permit, you had root-
They didn't come in through root.
They didn't come in through root.
They came in through Atom?
No, different names.
None of them were Atom, which is why
I thought it was kind of interesting.
It's like, so how do you guess that?

(03:03):
I mean, it's possible that they came in,
I mean, you haven't really traced that breach
through the logs, but I mean, it's possible
that they came in a different way, but
I would not, that would not be my
first thought.
Interesting.
It's, it could be that- But I'm
pretty sure root access was open.

(03:24):
I'm pretty sure that was open.
So if- So in that case, you've
got root and then you just have to
guess the password.
Yeah, you can look at your, you can
look at your authentication log and see where
the initial hit was.
It should still be in there.
You know, you'll see in your, oh man,

(03:46):
what is the name of that log?
Is it, let's see.
I think it may be in just your
sys log coming in as cron.
I mean, excuse me, as SSHD.
Authentication.
Maybe you need to like, so what happened
was your, one of your boxes got-

(04:07):
Two, two boxes.
Okay, two of your vibe coding boxes got
popped.
Well, one that was actually in production and
it's, you know, it's running an FFmpeg streaming
radio thingamabob with a singular Python script.
And I'm very wary of resources for a

(04:29):
whole bunch of different reasons.
I want to see if I can put
it on a, on a one gig linode,
you know, and keep it even cheaper, even
smaller.
And so I have HTOP running.
I'm like, wow, why is it at a
hundred percent?
And I go looking and it says, okay,
you've got this process called K audit zero
running at 97%.

(04:50):
So that was kind of, that was actually,
it's actually kind of nice because you don't
notice it right away.
You know, it was like my stuff was
still working because it uses very little CPU
and very little overhead.
And there, this K audit zero mining thing,
it just uses CPU.

(05:11):
It doesn't really use a lot of memory.
And so that's how I saw it.
And I'm like, oh crap.
And, and, you know, I could see that
it all happened yesterday because, well, first of
all, I noticed it yesterday and I wasn't
quite sure what it was.
And, but I could see that, you know,
they put in SSH keys and all this

(05:32):
stuff all on the 25th.
So, okay, all right.
Backdoor.
Yeah, cron tabs and all that stuff.
So, I would imagine that, you know, if
you have, if you have anything, if you
have a relatively weak password, it's, it's gonna
be.
Yeah, that's the thing though.
I have, you know, my passwords are generated

(05:54):
by, what do you call it?
Vault warden, bit warden.
So, Your SSH login password?
Yeah, yeah.
It's possible.
So, it's possible that it came in through,
and that's why I would want to do
is check, check the SSH log and see
if that was the actual first hit because

(06:19):
it could have been, they could have come
in through some, through a flaw in some
other part of the system.
I mean, that's possible too.
You have, you have, you know, how much
stuff do you have open on that box
is the question.
Yeah.
And exposed.
You know, which ports do you have open
with running software on it that may not
be secure?

(06:40):
Well, I can see, you know what?
I can see right now, they definitely came
in through root.
Oh, well then that's, that's probably SSH then.
Yeah.
Yeah.
Cause I'm seeing they're trying now.
Oh, really?
Yeah.
Let's see, they're trying port 39550, the port

(07:00):
58232.
That just gotta be a scan then, I
guess.
I just scan the ports.
Well, now what are you, where are you
seeing this at?
In var log auth.log. Okay.
And that's, and those are SSH attempts?
I guess.
It doesn't actually say, it says, yeah, SSH

(07:24):
authentication, authentication failure, root, root, root, root, root,
root.
Yeah.
And then user vios.
Okay.
All right.
So you got, so you got hit by
root then.
Yeah.
Did, had you, did you have a long
password on root?
Yeah.
Oh yeah.
Yeah.

(07:45):
Yeah.
That's, I don't know.
It would be interesting to go back and
see where that first successful login was, you
know, like when it happened.
Let me see.
So that would be, here's how, I'll just
try it one, then we'll give up on
it.
Yeah.
Cotton gin.

(08:05):
He, yeah, he's, he's got it.
He's got root and password logins disabled.
Oh yeah.
They are now.
He's keys all the way down, baby.
Let me see.
Okay.
And this would have to be on the
20.
Oh, interesting.
Hmm.

(08:26):
Binary file matches.
Yeah.
You can ignore that.
What would I be grepping for here?
Well, I mean, just the SSH authentication entries,
you know, SS, var, log, auth, log with
SSH.
You can search it for SSH.
Yeah.
That's interesting.
Nothing past the 27.
That doesn't make any sense.

(08:47):
Well, maybe, I don't know.
So whatever.
As long as you, yeah, as long as,
so, I mean, my standard protocol for this
kind of stuff.
Which I now have.
Thank you very much.
Which you have.
I have the Dave Jones standard protocol.
I'm very happy with this.
If anybody's running servers, you know, Linux servers,

(09:09):
you really, I mean, to me, like bare
minimum is you need to disable, disable root.
If this is in your SSH configuration, you
need to disable root login, disable password login,
disable interactive keyboard login.
Only put your SSH server on a different
port than 22.

(09:31):
Then make, and then enable only key pair
authentication, public key authentication.
And the, what I go, I go one
step further.
Some people don't want to go this far,
but I go one step further and I
restrict access to my SSH port using UFW

(09:54):
to only particular IP addresses.
So I don't, I just, I do not
play around with that stuff.
And it's sometimes, you know, and sometimes it
can be a pain and people don't want
to deal with it because you're on the
road or something and you want to log
into your machine and you, you know, you
can't because you're restricted.

(10:15):
It is a pain, but now with TailScale,
I just restrict everything.
I restrict all the logins to all the
boxes, to my, to the CIDR block that
is part of my residential IP scheme.
And then I just come back.

(10:35):
That way, if I get a new IP
address at my house router, it's not gonna,
you know, I still, I'm still okay cause
I'm on the whole subnet.
And then if I ever need to get
onto it from the road, I just use
TailScale and come back through my house and
just get it that way.
The bottom line is, if you're gone, podcast

(10:56):
index is history.
Hey, Melissa, Melissa.
Okay, just sit in front of the console.
Tell me what you see.
What windows are open?
Oh, this 18 open.
Okay, let me see.
Type in S-S-H.
Go to the dead body.
Is his phone in his pocket?
Can you put his thumb on the authenticator

(11:18):
for me?
Okay.
Hold it in front of his face.
Open his eyes, open the eyelids.
Just open them up with your fingers.
Yeah, okay.
There you go.
Perfect.
Oh, the finger's too cold.
Okay, switch to the face.
That's hilarious.
But not really.
No.
Not really.
Oh man.

(11:38):
And it was, cause you know, I got
a lot going on these days.
So this morning I was like, oh, cause
last night after, after I did no agenda,
I'm pretty tired.
I had modularized, modularized, modularized, modularized, my Python
script, which was actually kind of cool.

(12:00):
Cause you know, and the only reason I
did it is the, the vibe coding machines,
they stopped being able to write the whole
script.
It was like 1200 lines.
And it went, it just kept not completing.
And I learned something else by the way.
If you upload your, this is grok in
this case.
If you upload your scripts, it may truncate

(12:21):
it on the upload.
I said, well, I never had the full
script.
What do you mean?
I uploaded it to you.
Well, no, I never had it.
It got truncated.
Oh, that's good to know.
So it only accepts a certain amount of
input and then you're toast.
Well, unless you paste it in, which is
okay.
That's fine by me.
So I'm like, well, why don't I just
modular, modular.

(12:42):
Why don't I chop it into bits?
I chopped it into bits.
And so I was all excited.
This morning, I got a couple hours like,
ah, it's great.
I'm going to work on this.
I hadn't actually tried it out yet.
I'm sure there were some bugs.
There were, and I'm like, whoa, everything's spiking.
All the machines are spiking.
So I spent a lot of copy and
pasting your instructions on how to do this.

(13:04):
And then once I got it, like, okay,
now I know how it works.
Then I just shored up everything.
Cause I got other machines that haven't been
hacked yet.
And so I started shoring up everything.
But I'm- There's still time.
But I can tell you this box is
just, it's getting hit every second.
Oh, you're- Every second.

(13:24):
You're a target now.
Yeah, now it's trying FTP users.
It's like, it's nonstop.
Oh, really?
Yeah, oh yeah.
My first, my first ever, my first ever
hack experience was at an old job many,

(13:44):
many years ago.
This is probably 96, 97.
I don't remember.
But do you remember the University of Washington
FTP server?
Oh yeah, what was that?
Yeah, it was just kind of like the
standard FTP server that was shipped with like
Red Hat 6.

(14:04):
Yeah, yeah, yeah.
And FreeBSD and all that, you know, OpenBSD,
they all used the UWFTP, the University of
Washington FTP server.
And so I fired it up because I
needed to, I needed to push some files
up from a different location and forgot to

(14:27):
turn it off.
It was only going to be temporary and
forgot to turn it off.
And of course, I mean, like within 24
hours, it was hit.
I got a call saying, hey, our website,
like the front page of our website has
something weird on it.
And I'll go and look at it.
The website had been defaced.
You know, this was back in the days

(14:49):
where hacking wasn't really for money yet.
People just wanted to like deface your website
so they could say, I've been here, look,
I own you.
Exactly.
Back when it was fun, in the good
old days.
We were just having fun, man.
Don't get your panties in a bunch.
Yeah, back before ransomware and all that.
And so I was like, I mean, I

(15:09):
was, gosh, I don't even know how old
I was, 20.
I was like, oh crap, you know, freaked
out, finally figured out where it came from.
And from like then on, I've been Mr.
non-standard port, firewall, everything, just like so
paranoid.
It only takes once.
It only takes once.
No kidding.

(15:30):
So the SSHD config you gave me, that
basically shuts everything off.
There's no, they can't log in any other
way than with the public key.
Right, okay.
Right, yep.
Because I can see that actually trying to
use the password, which is an actual path
on the machine, which is an odd combination

(15:52):
to try.
Now, it's a file path they're using as
the password?
Yeah, I just saw it, just tried that,
trying everything.
This guy's like, man, my Bitcoin, my Bitcoin's
on that machine.
How do I get my Bitcoin?
How do I find that Bitcoin?
Is that Bitcoin on my machine somewhere now?
Man, I had four sats on there, dang
it.
Can't be much more.

(16:14):
Okay, that tells me, actually, that may be,
if they're using a file path, that could
be a file traversal vulnerability and some sort
of web thing that you have going on.
I'm presuming that they were already in there.
I mean, they could be looking at NGINX,

(16:37):
because port 80 is open, 8,000 is
open, 8080 is open.
But they're not on those ports, though.
If they're able to upload, if you have
a file traversal vulnerability or a file upload
vulnerability in one of the web, in one
of your web things that you're serving, then

(17:00):
that would allow an attacker to upload something
to the box into a location on the
file system they specify, then come in later
and address that file they uploaded in an
SSH login or some other attempt.
So they could be, essentially, they backdoor you

(17:22):
by uploading through an existing open hole in
your web.
I mean, I would, you know, there's no
telling what's in that Python script that you're
using.
It may have- Could be all kinds
of groovy stuff in there.
It may be allowing all kinds of stuff.
I mean, is it using like Jenkins or

(17:43):
some sort of Python?
No.
Jenkins?
Web framework or something like that?
Unfortunately, I am using Flask on, I wonder
if Flask has a vulnerability.
It could, yeah, it could.
It's a very common thing in CMS is
to allow- Stick something in there.

(18:05):
Like, oh, I got something for later.
Upload.
A little candy, a little candy for later
on, everybody.
Bastards.
Nah, so far, it seems they're having trouble.
Okay, we're good.
Yeah.
Anyway, so do you have anything on, I
got some stuff, I don't know, do you
have anything on your list for today?
Oh yeah, I've got tons of stuff, always.

(18:28):
And if I could bring up my notes.
You go ahead, I'm trying to bring it
up.
Well, the main thing, I guess, there were
two things on my list.
The big thing was AI tagging, which Power
had, we're talking about that quite a bit
on the show this week.
It's on my list too, yep.
And then censorship is podcast index.

(18:50):
Is it really censorship resistant?
Well, you know, the AI tagging thing, I've
also got that on my list.
And I've also, I just got some, I
mean, I think we just need to probably
talk about AI stuff in general.
I mean, not that we don't talk about
it every freaking week.
Well, for two years, everyone's been saying, oh

(19:10):
yeah, yeah, AI is a new thing in
podcasting.
And here we are.
Surprise, surprise.
It's here.
I mean, I think the word that hit
me this morning was after listening to James's
interview.
Yes, with what the lady's name?

(19:32):
Janine.
Janine.
Wainthright.
No, not Wainthright.
Janine something.
Wainthright.
Right, Janine Wright.
Janine Wright.
Co-founder, CEO of Inception Point AI, yes.
I mean, the thing, the word that hit
me this morning was creative hyperinflation.

(19:55):
I think that's what, I think that's what
we're beginning to live through.
I like that, creative hyperinflation.
Yeah, I mean, like I wrote, as I've
been thinking about this on and off all
week, and we talked a little bit about

(20:16):
this last week, where if there's a way
for somebody to farm content for money, it's
gonna happen.
That, you know, like that guy Tanner Campbell
from a long time ago, I think, did
we have him on the show?
No, I don't remember if we did.
No, I don't think so, no.

(20:36):
But I mean, he had this whole thing
where he's like, here's how you make money
in podcasting.
You go and buy, you put your podcast
on Spotify using Anchor, then you go buy
a bunch of Facebook ads pointing to your
Spotify podcast.

(20:59):
And then you buy, then you do, and
that gives you enough hits to enter Spotify's
mark, like a creator advertising program or whatever.
And that gets you, it was this whole
formula, this spreadsheet saying how you could take,

(21:19):
you could launch a show and within six
months have X number of dollars coming in
through ad revenue using, you know, essentially farming
the system.
Yeah, sure.
And, you know, that's how this stuff works.

(21:40):
And AI is the latest version of a
farming scheme.
I mean, that's what we're dealing with, the,
you know, in Inception Point or whatever, you
know, I think that's the name of that
company.
Inception Point AI.
Yeah, that's what this is.

(22:01):
This is just a, this is a ad
revenue farming mechanism.
And that's not to say, like, that doesn't
mean that it's, I'm not making a moral
judgment on it at this point, because people,
lots of people have been doing this since
the web started.
This content farms, quote unquote, have been around

(22:23):
for many years now on the web.
And at scale, at a high enough scale,
okay, well, let me back up and do
it like this.
So when I'm thinking about whether the index
should ingest this stuff or not, you know,

(22:45):
right now we are, and I don't, I
do not anticipate that we would stop.
But in general, digital has a huge drawback.
And that is that creating new information that
will then have to be stored forever is

(23:07):
too easy.
There's not enough of a cost to it.
You know, imagine if there were a book,
like a physical book, okay.
Imagine if there was a book creation machine
that someone create, that someone built.
In this book creation machine, there's actually a

(23:29):
short story that's very similar to this.
I'll have to look it up and find
a link to it later.
Or it's not about this kind of thing,
but it's very similar.
Imagine if there was a book creation machine
that would create new books at a rate
of like 10 trillion books a day.

(23:53):
Within a few years, the entire surface of
the earth would be covered seven feet deep
in books.
With books, yeah, a lot of books, a
lot of books.
So that's essentially what we have now with
LLMs. We have the ability to create virtually

(24:14):
infinite amounts of, quote, creative.
And that information, if it is then pumped
into standard channels of distribution, it is going
to overwhelm the digital platforms that exist.

(24:39):
So this is actually very interesting because I
kept hearing James talk about, well, whatever the
advertisers want.
And my initial response is, what?
Advertisers don't determine what we do.
But now I get it because the advertisers
are effectively being duped.
Well, and the question is, are they being

(25:00):
duped?
When it comes to downloads, yeah, I think
so.
And so when you have in your model,
so you have 3,000, you have 5
,000 podcasts creating 3,000 episodes a week.
And you can hear that they have two
ads in front of every single one of

(25:20):
them, which probably are not even listened to.
And we know from my own experimentation, you
can create download bots quite easily.
There's only one hosting company that really blocks
anything that they don't see as an approved
user agent.
Everyone else, if you use Mozilla, obviously.

(25:45):
In fact, everyone accepts Mozilla, but not from
certain IP addresses.
So if you're building a bot farm on
Linode, you're gonna be disappointed by at least
one host.
But in general, from what I see, I
could do that for every other hosting company.
And in fact, I could do a version

(26:06):
of what we did when we initially filled
up the podcast index is I could just
get a million, a million downloads, 4 million
downloads or 4 million accesses, whatever you wanna
call it, over time.
And that would be a nice little bit
of pocket change.
I don't think I'd get rich on it,
but yeah, it'd be nice.

(26:26):
Yeah, just some nice little coin in my
pocket.
And so that's the problem.
The whole AI tag is not for you,
not for me, not for Joe, the listener,
because Joe, the listener will know very quickly,
oh, that sucks.
Or it's AI, but I kind of like
the information, but it's the advertisers.
That's who everyone's trying to protect in this
is it's going to flood the advertising ecosystem.

(26:49):
And that's where the problem is going to
be.
I think that's what you're saying.
Yeah, because this is essentially a audio version
of what if it was done on Google,
we would call kind of click fraud.
Yeah, kind of, complete.
Not just kind of, it is click fraud.

(27:10):
I recommend everybody listen to James's interview with
the- Janine Wright.
With Janine Wright.
What was your takeaway?
What's your takeaway from it?
She seemed very uncomfortable.

(27:30):
To me, that was a general sense that
I got.
And I don't blame her, I would be
too.
If there was, I commend her for coming
on the show.
Sure.
And actually doing the interview.
But I think she did sound uncomfortable.
I also think that this sounds very much

(27:52):
like a company who's looking to get purchased.
I don't think this is a long-term
thing for them.
This seems to me more like a, hey,
look what we're doing.
Somebody, we've got some really cool tech.
Somebody needs to come buy us.
And to me, that feels like what this

(28:14):
whole thing is.
It's just essentially like an idea flip.
Interesting.
But, and so in that regard, having, being
on an interview like this, this is an
all news is good news type situation.
People get mad.
Maybe people in the podcast industry get mad,
but that doesn't really mean anything in the

(28:36):
ultimate scheme of things if they flip the
company and get paid.
So for their admittedly pretty cool technology.
And, but then, but, I mean, long-term,
who knows how this thing goes?

(28:58):
I think James's questions, I think what he
was getting at was obvious, which is, it's
not about the AI part.
It's about, is there a human doing anything?
Is there- Oh, even writing the script.

(29:21):
Yeah, even writing the script is where James
was going.
Right.
Yeah, and if there's not, if there's absolutely
no human oversight whatsoever, then it really is
just like the book generator machine.
Yeah, but the point is some of it
may actually be enjoyable.
Some of it may be what people like.

(29:42):
In fact, a lot of it may be
what people like.
If you look at the comments on some
of these AI podcasts, yeah, a lot of
them are like, this is crap, this is
no good, this is AI.
But some of them are like, well, well,
I do that knitting stitch differently and it
works quite well for me.
You know, so not everyone, clearly not everyone

(30:03):
thinks it's slop.
Yeah, my question would be, does anyone think
that it's, does anyone understand that it's actually
AI?
Yeah, I think a lot of people do.
The ones who respond positively.
Do you think- They might not, no,

(30:23):
they might not.
They might not, they, I don't know.
I mean, a lot of people are talking
to their AIs and they don't seem to
have a problem with it.
So if they don't mind their own personal
AI talking to them, maybe they don't mind
a podcast AI.
You know, not everybody in the world is
normal.
Hey, man, some people are weird.
Wow, is this a new discovery that you've

(30:46):
made?
Like somebody who gets their knitting tips from
an artificial intelligence voice, that's- Yeah, you'd
be surprised.
I'm willing to say that not everybody is
like, you know, a hundred percent.
I've been reading this book, I just started
it.
Do you know a guy named Paul Kingsnorth?

(31:07):
No, I don't think so.
Lives in Ireland and he's got an interesting
background.
He's a Catholic brother, but he came from
an, like an ecology, what would you call
that?
Like a, he was part of, do you
remember Earth First?

(31:31):
Why does this ring a bell?
I can't recall it.
They were like a, they were like a
70s version of stop the oil or whatever
those people are that like glue themselves to
the street.
Oh, X something.

(31:56):
Yeah, I know what you're talking about.
Yeah, like it was, they were like a
radical environmentalists.
Okay, and I'm, I don't, yeah, I think
that's a fair thing.
I think they would accept that they were
radical environmentalists.
I think that movement collapsed.
There's actually a book about it that I

(32:16):
have on the shelf.
I haven't even read it yet.
I've only perused it, but it's about the
Earth First movement and how it collapsed and
set back environmentalism a long way.
But he was a member of that and
that kind of thing.
But anyway, so he just wrote a book
called Against the Machine.

(32:41):
And it's a book just about modernism, industrialism,
technology, technologism, that kind of thing.
It's a very, it's just a book that
you would think is pretty fitting for our
time.

(33:02):
And I've got, I actually wanna read a
section of this real quick, because I think
this is kind of like, I think he
captures something here.
He says, and forgive me for the length
of this.
He says, meanwhile, out in what is fondly
called the real world by people who often
don't know very much about reality, you are
living in a metastasizing machine, which is closing

(33:25):
in around you, polluting your skies and your
woods and your past and your imagination.
If you have the kind of sensibility which
prefers Lothlorien to Isengard, this means that you
are a character in a tragedy rather than
a heroic epic.
Most of the things you like are fading
away.
The great forests and the stories made in

(33:45):
and by them, the strange cultures spanning centuries
of time, the little pubs and the curious
uninhabited places, the thrumming temples and dark marshlands
and crooked villages and folktales and conviviality and
spontaneous song and old houses, beaches and wild
hilltops, the chance of getting lost in the

(34:06):
rain forever or discovering something that was never
on any map, a world without maps, a
world without engines.
This world you can see is on the
way out.
If it is not already long gone, the
one thing is manifesting to replace it is
a left brain paradise, all straight lines and
concrete car parks where the corn exchange used

(34:29):
to be.
The future is STEM and chatbots and cashless
parking meters and economic growth and asteroid mining
forever and ever.
There is no arguing with it.
You can feel the great craters that it
makes in the world.
You can feel what is being tarmacked and
neatened and rationalized into oblivion in the depth

(34:51):
of what is leaving, but you cannot explain
or justify it in the terms which are
now the terms we live by.
You just know that something is wrong.
Everybody tells you that you feel this because
you're infected with something called nostalgia or that
you picked up a dose of Luddite-ism
or romanticism at a party or in a
doctor's waiting room.

(35:12):
Basically, there is something wrong with you.
You don't understand progress, which is always and
everywhere a good thing, but you can feel
something going on that is not a good
thing and it doesn't matter how many lies,
damn lies or statistics are produced to prove
otherwise.
You can feel this as something enveloping you.
The Welsh poet R.S. Thomas described it
chillingly in his poem, Other, in a verse

(35:35):
I've never forgotten since I first read it.
The machine appeared in the distance, singing to
itself of money.
Its song was the web.
They were caught in, men and women together.
The villages were as flies to be sucked
empty.
God secreted a tear.

(35:55):
Enough, enough, he commanded, but the machine looked
at him and went on singing.
Now, that's depressing.
It reminds me a little bit of, what
was the Neil Stephens' book?
I think it was, was it Snow Crash?
I think it was Snow Crash.
Snow Crash, yeah.
Yeah, where the only thing left in real

(36:16):
life was food delivery and FedEx.
Yeah, right.
Everything else was online and everything got hacked
all the time, basically.
It says, he says, you can feel something
going on that's not a good thing, and
it doesn't matter how many lies, damn lies,
or statistics are produced to prove otherwise.

(36:36):
You can feel it's something enveloping you.
That's what I heard in that interview.
Yeah.
Is, look, this is fine.
What we're doing is fine because let me
give you some statistics.
Let me tell you why in 24 months
everything's going to be AI and none of

(36:57):
this is even going to be an issue
anymore.
None of those arguments truly matter because you
could tell that what James was was, was
uncomfortable with this.
He's uncomfortable with something about the way this
thing is being done.
Yeah.
And I think the uncomfortableness is what Paul

(37:17):
Kingsnorth is referring to here.
It's, and it's like we talked about a
couple of weeks ago, being part of the
push right now with AI is to get
us to be comfortable with it because so

(37:38):
many of us are.
It's an attempt to flood the zone with
so much AI content that we become sort
of numb to the thing that is, you
know how sometimes you have like a, I

(38:01):
think a lot of us have had this
experience in the past.
Somebody new comes into our life, somebody that's
like a new acquaintance or friend of the
family or something like this.
And this new person comes in and, you
know, and starts to, you know, through connections
that we have in the community or whatever.
And this new friend begins to be around

(38:24):
us more, around our family more and that
kind of thing.
And there's something that just makes you uncomfortable
about this person.
You can't pinpoint it.
You can't, there's nothing explicit that they have
done that is, that you can point and
say that I don't like, I think this
person's dangerous or concerning or whatever.

(38:44):
But there's just something about that person that
you just, that bothers you, makes you uncomfortable.
You think they may not be trustworthy or
whatever.
And the longer you sort of deny that,
that sort of, that internal feeling you have,

(39:04):
you numb yourself to it.
And then you may find out later, you
know, this guy ends up, I don't know,
in jail or something.
Your concerns were validated.
And you think, you know, I knew there
was something wrong with that guy.
I knew it the whole time, but I

(39:26):
sort of seared my conscience against it.
Right.
And I think that's what's happening now with
a lot of the, with AI.
I think we are getting, we're getting, this
is a, we're living through a phase of
desensitization.
Oh, for sure.

(39:46):
You know?
Yeah, oh, definitely.
And honestly, I think that's why podcasting is
so wonderful because I don't believe any AI
in our lifetime will be able to recreate
a human being speaking in your head.
Video takes away so much of the recognition

(40:10):
that, hey, this is not real, because it
just, you look at something and your brain
goes, that's real.
And audio is a whole different beast.
Yeah.
I guess I would say to that, but
what if it does?

(40:31):
Okay.
Then you become jelly.
What more can I say?
You're screwed.
Nate, this is acclimation to institutification.
There's a- More of it, as far
as I'm concerned.

(40:52):
The more, that's the only way.
The more slop we create, the more that's
published, which I'm actually quite happy with, publish
as much slop as possible because ultimately that's
going to lead to entropy.
I just don't see any, I don't see
how they can protect themselves against it.
It just seems impossible.

(41:13):
So we might as well go now.
I mean, again, the no agenda art generator,
which for 15 years, people have been making
art and uploading it.
They've all stopped.
Every single one of them who was making
art by hand.
And they've either gone away or some of
them may be doing some prompting, but it's

(41:35):
crap.
I mean, it's so disappointing.
Yeah, there's a couple of people who have
gotten around some of it, but you can
see it.
You can see the washed out images.
Everything's orange, the cartoon phase, or everything's a
cartoon.
Now you can just see these things ingesting
crap and spitting it back out.
And it's just worse.

(41:55):
I can literally see it.
And now you're, an academic paper could be
written about the no agenda art generator.
Absolutely.
Someone should do that.
And you can see, and now what happens
is your, is the no agenda show album

(42:16):
art is almost indistinguishable from something like the
media round table.
Yes.
Whereas used to, they used to be complete.
You would never associate those two, but now
you scroll through your list.
Since y'all are both essentially having AI
generated artwork, they just kind of blur into,

(42:37):
they look like they're the same thing.
Yeah.
And orange is the predominant color for some
reason.
I'm not sure why.
That's true.
Yeah, I don't know why either.
Orange just seems to keep popping up.
Everything, faces are orange, backgrounds are orange.
Orange is a favorite color.
Fish are orange.
It's just weird.
I'm scrolling.
It's like, everything's orange.

(42:58):
Everything is orange.
I don't have an answer.
And there, that's another part of the desensitization.
I think that one thing I took away
from James's interview was just, he was pushed.
Sadness.
Sadness.
Sadness.
I heard sadness is what I heard.

(43:18):
Melancholy.
Yeah, right, right.
But it's the, he was respectful and did
not push too hard, but it was the
thing, it was the, what was unsaid was
just as powerful.
Yeah.
And it made me think, you know what,
I need, I have got to resist being

(43:39):
consumed by just, oh well, it's the future.
I'm going to push back on that.
I'm going to resist even harder.
On a personal level, you mean?
Yeah.
Yeah.
I mean, like, you know, and ultimately I

(44:00):
don't think that, I don't think that we
need to ban anything out of the index
unless it gets out of control.
Now, if it gets out of control and
you end up with the automatic book creation
machine and people start pumping in a million
podcasts a day, we are going to stop

(44:22):
that.
We're going to, there is a threshold somewhere
of which I do not know where it
is at right now, but there is a
threshold of which we have to take action
against this.
Yeah.
I don't think it's going to get that
far.
I just don't see it.
I mean, the thing with podcasts is there's
no real discovery mechanism.
YouTube, yes, there's this discovery mechanism.

(44:45):
And there's lots of ways you can get
the algos to kick in and do things.
And once you reach certain levels, then you're
kind of golden.
You can fly along and that's when AI
will be perfect.
I mean, just go look for any topic
on YouTube and you have to go through
all the AI generated slop before you get
to something useful, an actual human being.

(45:06):
But with podcasts, like what's the recommendation machine?
This may be the biggest downside to podcasting,
which is you really only hear about other
podcasts from other people in other places.
Like, oh, that's a good podcast.
Oh, I'll go look it up.
The biggest downside to podcasting may be its
biggest defense.
Okay, that's an interesting thing because that was

(45:27):
part of what they were...
Okay, one of the things she said in
there was she was talking about the Charlie
Kirk thing.
And she said, she gave the example of
when Charlie Kirk was assassinated, we had a
podcast out about that within like two hours,
I think is what she said.
Hey, there were books that were published the

(45:47):
day before.
Oh, really?
Well, that's interesting.
If you believe the telegram groups, yeah.
Oh, the telegram, okay.
Such a, so trustworthy.
The old, hmm, how could this book be
published on September 9th when Charlie Kirk died
on the 10th?
Hmm, hmm.
Coincidence?
Interesting coincidence, yeah.
All right, okay.
Yes, like, so she's like, well, we had

(46:10):
a, we had a podcast out within two
hours about Charlie Kirk and it went to
number three on Spotify's list if you searched
for Charlie Kirk.
Wow.
Okay, now, this caught my attention.
Yeah.
Because that's not the way that works.

(46:30):
I'm sorry, but if you don't just create
a podcast, name it something that is like
some other search term and have it show
up at the top of the list of
a platform like Spotify or Apple or even
us.

(46:50):
That you do not get, ranking is not
as simple as naming.
So there's, I don't know what, the only
way that happens is if you pair it,
if you pair your podcast that you just
created and stuck into the directory, if you
pair it with some sort of traffic generation.

(47:13):
Yeah, of course.
You have to have- Popularity.
Yeah, search, search, search, search.
Right, because you don't just create a podcast
called Charlie Kirk and it instantly show up
in the top three.
Well, I would say that people probably went
searching for Charlie Kirk on Spotify and they
came across it.
And if you, you know, juice the machine

(47:34):
a little bit, it might move up far
enough for people to catch it.
But if, how, let me, I'm going to
go to podcast index right now and search
for Charlie Kirk, Charlie Kirk.
And I mean, there's, there's like 30 results

(47:54):
that show up immediately.
I mean, Inception Point AI, let's see, that
is one, two, three, four.
It's number four and number five.
Number four, yeah, I see four and five,
yeah.
How did it get to that level that
fast?
Well, only you know how that works.

(48:16):
It works through traffic.
Right, so you don't think people just searching
for Charlie Kirk biography or Charlie Kirk death?
Those are good titles to search on.
If you search- Let's listen, let's listen
for a second here.
I'm going to get an ad, of course.
When it comes to results.
Okay, I'll wait for the ad to go.

(48:37):
Yeah, I'm giving him money.
Yeah, I'm sorry.
No, I mean, I have to admit, there
must be a lot of metrics.
There's either a ton of metrics- So
you're saying you have to have some kind
of juicing machine inserted in order to get

(48:59):
it there.
It just can't happen organically.
I would love to know if they're using
something like MOPOD or something like that.
At Pismata Valley University, I'm James Carter.
And in this third and final installment of
our series, we turn to legacy, investigation, and
the broader implications of this tragedy.
My role as- They did three episodes

(49:21):
on one day.
Released at 6.59 PM, 7.01 PM,
and 7.03 PM.
So they made it look legit too.
This has got to be, there's got to
be something like one of those services that

(49:43):
are being employed to drive traffic is all
I can think.
No, possible.
You just don't go to the top of
the chart organically that fast.
It's just not possible.
So, I mean, this is not really, to
me, it's not really about the AI so

(50:05):
much as it's about like, you could do
this same thing that they're doing.
You could do that with a thousand anonymous
Indians.
You know?
I mean, at enough scale, at a big
enough scale, people, if you have a sufficient
quantity of people, you can also churn out

(50:26):
as much content as this does.
Yeah.
I mean, you know, if you hired a
thousand anonymous Indians as, you know, like Amazon
did for their, you know, for their stuff,
you could pump out just as much content.
3,000 episodes a week.

(50:46):
And, you know, and it would, all people
just copying, pasting off Wikipedia or something.
Yeah.
So, I mean, to me, it's not this
particular company.
Yes, they're doing it with AI in order
to, you know, increase their profit margin, but
they, you know, it's, this is not, the

(51:07):
AI is not the most interesting part of
this to me.
It's just, how exactly are they juicing this
stuff into the charts?
Right, okay.
So, bottom line, it doesn't really hurt podcasting.
It could hurt platforms like the index.
If we're, you know, if there's a million

(51:28):
submissions a day, the trillion book problem, that
could just be a resource drain that becomes
a problem.
But it doesn't actually hurt podcasting to me
in any way.
It hurts advertisers because they're being scammed.
That's- And the loop is, you know,

(51:48):
now the loop is complete because we already,
we know that download scams are happening whether
it's by putting something in a game that
no one actually listens, it's just a download.
There's a million different ways to do it.
And Silicon Valley is filled with companies who
do this, you know, just before the board
meeting.
Look at our traffic, it's up, it's amazing.
We're spiking, we're doing great, give us more

(52:10):
money.
It happens all the time.
But now the creation part is what's complete.
And so it's, for all intents and purposes,
it's legit.
You know, it's not something I'm interested in,
but it's legit.
It's no less, to me, it's like, all
right, so you created it with AI and
there's content and it may or may not

(52:31):
be interesting to me and it may or
may not be something, a voice that I
want to listen to or copy that I
think is useful, but it's legit creation.
You know, my example is always Eddie Van
Halen.
Eddie Van Halen would, he really, when, what
was the, what was their big album when

(52:54):
they still had David Lee?
What was the one with John and...
Oh, 1984.
84, exactly.
So that was kind of when studios were
really, really upgrading and, you know, punching in
and just creating these unbelievable solos that you

(53:19):
just listened to it like, wow, this guy
is amazing.
So then they went out on the road
and Eddie Van Halen had to learn how
to play those licks that he had basically
created in the studio.
So this is nothing new.
And he really couldn't actually replicate it the
way that it sounded on the record.
It was almost a physical impossibility, just you

(53:41):
don't have enough fingers.
You know, you can't place them.
That's what happened to the band Alabama, the
fiddle player, they got studio musicians to come
in on...
Sweet Home Alabama?
No, no.
That was Lynyrd Skynyrd, I'm sorry.
Yeah, yeah, yeah.
You know, the band Alabama had, I forgot

(54:03):
which song it was.
They had one song where the studio fiddle
player just, I mean, he just set the
strings on fire.
And the fiddle player for Alabama was like,
ho, ho, ho, ho there, champ.
You're gonna have to calm that down.
There's no way I can play that.
He's like, I can't play that in concert.
So they had to like, he had to
tone it down so the real guy could
play it.
Yeah, but my point is like, we've always

(54:25):
had fake stuff.
You know, Milli Vanilli.
They got a Grammy.
They didn't even sing on the record.
I mean, anything can be done.
So if we wanna label it, no one's
gonna adhere to it.
The people who are in this game, they're
not gonna label their content as AI.
They're not gonna.

(54:45):
It's not for the listener.
This is all about the advertiser.
And James kept saying it as such.
Well, it's up to the advertisers, what they
want.
Okay, well, so it's an advertiser problem.
To me, it's not a podcasting problem.
You know, I might actually listen to one
of these podcasts.
I don't know.
It could happen.
I'd be like, oh, that's interesting.
It's AI, but the content industry.

(55:06):
It could be.
You don't know.
Charlie Kirk shows say that they're hosted by
James Carter, a seasoned national news anchor with
a calm, authoritative presence.
It says nothing in here that is AI.
The description was written by AI though.
No, but that's fine.
You know, they're not going to say it.
And why they shouldn't have to.

(55:27):
They use the podcast namespace in their feed.
So I'm happy.
Oh, well, good for them.
These guys, they rock.
Spreaker.
They're awesome.
Spreaker gave them the air legitimacy.
Awesome.
So now that would, as far as tagging,
I mean, I don't, I cannot think of

(55:48):
a way to do it, honestly.
No, there's no, it's like explicit.
Now you're either going to have to have
a way for people to complain and say,
hey, this should have an explicit tag or
this should have an AI tag.
And then the feed is no longer the
source of truth.
The minute we allow that.
I've been wrecking my brain trying to think
of a way to, that this would work.

(56:10):
And I just can't.
Nobody's, I mean, if.
But I don't really care.
The thing is who benefits and who's hurt.
This company benefits short-term and who gets
hurt?
Well, the advertisers, I'm sorry.

(56:31):
You've got a crap metric to start with.
Fix that.
How about that?
If the core problem is not AI podcast,
the core problem is the download metric.
That's the core problem.
Yeah, I mean, there's just not.

(56:52):
Yeah, so yeah, Nathan's right.
I mean, solving the advertiser problem, that's just
not something a tag is going to do.
No.
It's just not.
No.
It's not.
Unfortunately, this is one of those examples of
trying to use.
And by the way, it's only dynamically inserted

(57:14):
ads.
That's the problem.
It's not for host reads.
Yep, yep, because there's not going to be
any.
Yeah.
Because nobody's going to buy that content.
Good, well, good.
Then that scourges out of my life too.
Well, I mean, honestly, the dynamic insertion, I
mean, if you're buying dynamic insertion as an

(57:36):
advertiser, you deserve what you get.
Yeah.
Because that's bottom of the barrel stuff anyway.
Yeah, yeah, exactly.
I mean, I don't know.
I just cannot, for the life of me,
imagine how this would work.
The exact people who are going, who you
would want to tag are the ones that

(57:58):
are not going to put the tag in
there.
So it doesn't matter.
Yeah, exactly.
So this does flow into censorship because, and
classic government censorship is one thing, but at
a certain point, Adam and Dave are going
to say, well, this is hurting our system,
this flood of a trillion books, we're going
to have to censor this, which is a

(58:20):
form of censorship.
Like, no, you can't be in our index.
And that would be the only reason that
I would pull that trigger is because it
is essentially out of platform self-defense.
Yes, platform self-defense.
I mean, there's no other, because, I mean,
what is being said, I mean, we've said

(58:41):
this since the very beginning, we're just not
going to get involved in that.
That's up to the apps.
The apps can layer on top of us
and decide to show whatever they want.
We're not going to be pulling stuff off
based on content.
Exactly.
But, you know, unless it's locally illegal to
us.
Now, I'm sorry.

(59:01):
Go ahead.
No, but if we have to play self
-defense because we're getting overwhelmed with a certain
type of garbage content, like AI generation or
Vietnamese poker SEO, I mean, yeah, we're going
to pull those off.
Those are fun.
Give me access to API.
I need right access to API.

(59:22):
Urgent, urgent.
Urgent, urgent.
Dave, Dave, Dave, I need access.
It's amazing they got your name.
I mean, they were hounding us for a
couple of weeks.
Dave, Dave.
I think they finally gave up.
Give me right access API is very important
for our podcast platform.
Why did you not respond?
You actually did respond once.

(59:44):
We take care of spam.
It's good.
Look now.
Yeah, yeah, we, yeah, shaking now we got
rid of it all.
Okay.
Oh man.
Well, so just because there's so much, I
think we talked about it on the last
show.
There's so much confusion about the FCC.
And to be fair, in other countries, there

(01:00:05):
are organizations who police content.
And this is certainly happening in the EU
and certainly happening in the UK.
And I don't believe they have any jurisdiction
over podcast index.
They could certainly block us, I guess, on
a network level.
That'd be cool.
It would be something different.
Be fine.

(01:00:26):
Yeah, it'd be fine.
So that's certainly something they can do.
In the United States, it really comes down
to one thing and that's liability.
And the reason we can do this at
all is because of section 230.
Yeah.
And of the Communications Decency Act, I think
it is.
And that says that we can have content

(01:00:47):
that is created by other people.
And if there's something, if there's some form
of, what's the term I'm looking for?
Slander or the other term, you have slander,
you have- Libel.
Well, in essence, if someone says, I'm going

(01:01:08):
to kill this person and it's in a
podcast or in a description somewhere, we are
not liable for that.
And if they change section 230, which I
highly doubt they will because that would kill
everybody.
That would kill Facebook.
That would kill X, everything.

(01:01:28):
Every social media site, even Google could run
into trouble then.
So I doubt they're gonna get rid of
that.
But there's no organization, no governmental agency in
the United States that can stop us from
doing anything we want to do, except for
the courts.
And if that happened, if they changed section

(01:01:49):
230, well, that could be difficult.
Then we're just back to bloated apps with
the whole index on it.
I don't know what else we can do
in that case.
SQLite download or whatever, yeah.
Yeah, you just pull in the whole thing.
Yeah, I don't, I mean, there's no, yeah,

(01:02:10):
we're not gonna, I think some, maybe in
the beginning of when we started the index,
it got a little confused that what we
were saying was- Right wing nut jobs.
Yeah, like Alex Jones and stuff like that,

(01:02:31):
which is just like, that's not the case.
I mean, there's no, it does not matter.
That was just who happened to be the
target for censorship at that time.
But the targets for censorship change constantly.

(01:02:51):
That's always been the case.
And your particular political quote enemy today maybe
is- Could be you tomorrow.
Yeah, it could be you tomorrow.
So the thing is just complete, we're just
completely neutral hands off.
And that's the only way you can make

(01:03:12):
anything like that work.
It's just the only, it's the only way
you maintain credibility.
But for sure, Spotify and Apple and others,
I think they take stuff off all the
time.
We know this, we know this from the
hosting companies.
I used to get a lot more in
from Todd, but he died, that sucks.
Like Todd would give you all the dirt.
Todd, that was, I miss you, Todd.

(01:03:33):
That was cool.
Oh, no hacker.
There is no username Celine on my server.
Stop it.
Celine?
Yes.
They're just rolling through the whole index.
I saw Nancy, I saw Celine, I saw
emo.
Nancy?
Nancy.
No username Nancy.
No, no Nancy here.

(01:03:55):
Yes, there's no Nancy here.
That like, you should name all your SSH
users Nancy.
Yeah.
Hi, I'm Nancy.
Hi, I'm Nancy.
How you doing?
Isn't that an old timey term to call
somebody like a wuss?
Yeah, you're Nancy.
Yeah, oh, absolutely.

(01:04:15):
That's right.
You Nancy.
There's no Nancy on this server, go away.
That's funny.
Go ahead.
I was going to move on to something
else.
Yeah, sure.
Did you see the X402 foundation on Coinbase?
The X402 transactions?

(01:04:36):
Yeah, well, there's been a lot of movement
on the 402 thing.
It's very interesting.
Because I think Cloudflare is doing something as
well.
Yes, yes.
Cloudflare is partnering with Coinbase to create the
X402 foundation.
The foundation's mission will be to encourage the

(01:04:57):
adoption of the X402 protocol an updated framework
that allows clients and services to exchange value
on the web, there's my favorite word, using
a common language.
In addition to today's partnership, we are shipping
a set of features, blah, blah, blah, SDK,
et cetera, et cetera.
And the way I see this, this is
your programmable money.

(01:05:18):
This is what we were trying to do
and succeeded with the Lightning Network and with
Bitcoin.
And I think that they've probably got a
very, very decent idea here with 402 payment
required response.
And what you're talking about, and I'm gonna
have to rely on you for this because

(01:05:39):
I have not researched it.
So you're talking about the Coinbase thing right
now?
Well, it's a foundation.
So it's Coinbase and Cloudflare, they're both in
it.
And the idea here is to fully bring
402 out of the like- The dungeon.
The dungeon, the Bitcoin dungeon and make it

(01:06:00):
where it's multi-currency.
Well, what they're using it for is pay
-per-crawl.
You see the Cloudflare guy, who seems like
a pretty decent guy, actually.
I read a long interview with him.
Yeah, I think so too, yeah, yeah.
He said, look, everybody, all the AI companies
are just crawling all of your crap all

(01:06:21):
day long.
Put your stuff behind our Cloudflare wall, wall
of protection, and you can allow bots to
crawl your website, but they have to pay
for it.
And it's an automatic process through this X402
protocol.
They call it pay-per-crawl.

(01:06:41):
Which, I mean, think about that with the
index.
We should set it up regardless.
You never know, we could make some bank
on that.
Pay-per-crawl, everybody.
Man, bot fighting is like a freaking full
-time job.
So, interesting thought.
But it can easily be turned around and
used for good in a positive manner by

(01:07:03):
incorporating it into value-for-value transactions between
podcast apps and podcasters.
The way I see it, I don't see
any way it wouldn't work or any downside
to it.
The upside is probably because it's unavoidable that,
and I've said this before, that Stablecoin is
going to be in our lives all the

(01:07:24):
time, everywhere.
It's a fact, it's just coming.
Then it may not call it Stablecoin, just
be, here's a dollar, you know?
How much?
Oh, you owe me 10 bucks.
Okay, here's 10 bucks.
Oh, you want to boost me three cents?
Here's three cents.
And I think it'll be fee-less, probably.

(01:07:48):
So, the idea here is that perhaps we
could change, I'm trying to think this through.
We could perhaps modify the value tag to

(01:08:11):
use the 402 for payment.
Yeah, but I don't even think you have
to modify it much.
You just have to add, here's another option.
Right.
I mean, they got code and everything.
They got code, man, sample code.
Let's run it.
Let's run it, Nancy.
Yeah, right, just download that thing and run

(01:08:32):
it.
Let's run it, Nancy.
SSH Nancy run code.
I think, this is, yeah, this is interesting
because I never really thought about, and when
I've thought about 402, I always thought about
it in terms of like what Sam is
calling secure and Sam and Russell call secure

(01:08:52):
RSS.
You know, and that's clearly working on TrueFans
and Fountain and Pod2 and, but using it
for, if we had a common API, okay,
all right, well, how would this be?

(01:09:14):
Suppose there's a common API defined and let's
say it could be a continuation or a
fleshing out of Alex's MetaBoost API spec.
Yeah.
So you have that as the interface and
then a hosting company or publisher would publish

(01:09:37):
the callback to that in a value tag.
Let me give you the examples, the examples
they list, okay?
Which is, and someone's going to do this.
Someone is going to do this, whether it's
us or not, I guarantee you.

(01:09:58):
So the examples they give, they say X402
can be used to monetize traditional use cases,
but also enables monetization of a new class
of use cases.
For example, an assistant that is able to
purchase accessories for your Halloween costume from multiple
merchants.
So that's like an AI agent.
Okay, fine, whatever.
Then they have an AI agent, which could
also just be a person on a web

(01:10:19):
browser, pays per browser rendering session instead of
committing to a monthly subscription fee.
And the third example, an autonomous stock trader
that makes micropayments for a high quality real
-time data feed to drive decisions.
So in my mind, it's like you can
listen to this podcast for free, but if

(01:10:41):
you enable your X402, then you will automatically
make micro, and I don't know if they
have like an open-ended payment or if
it's like an invoice that has a number
on it, but you can then decide to
make payments in real-time micropayments for the
high quality real-time data fee of MP3
information that comes back.

(01:11:03):
It's the same thing.
They're just thinking of in commerce and I'm
thinking value for value.
So, you know, it would say payment, let
me see, payment required.
Okay, we know that.
I just don't know if it can be
open-ended.
Chad F., does it do keysyn?

(01:11:25):
Well, that is, it's funny, but that's actually
the question, is does it do bolt 12?
You know, does it, can you have an
open-ended payment requirement or does it have
to be a specific number?
This, I don't know.
Well, it's just, if you're, if you ping

(01:11:46):
the, if we're doing X402 or
L402, I don't know why they could call
it X.
I don't know what that's all about, but
if there's a 402 endpoint that you're hitting,

(01:12:07):
then you're gonna get some, you know, you're
gonna get some sort of token and then
you could use that to make your payment.
And then I'm just thinking that the API
that it's gonna call can hold all of
the, because we're gonna have, you know, what

(01:12:28):
we need is an API that is like
the abstraction layer between whatever the currency is
gonna be and whatever, and what the payer
is sending.
Because it could be anything on either side

(01:12:49):
and it's just gonna get, you know, it
would just get translated.
I don't, this is interesting.
I'm gonna have to think about this.
Because I can see how this would solve,
Bolt12 is just a different form of LNURLP.

(01:13:16):
It's the same thing.
Really, Bolt12 is just LNURLP, but it's been
pulled completely into the Lightning protocol.
Here, you have an answer.
X402 supports variable payment amounts, which can be
adapted for open-ended donations where users specify

(01:13:36):
different values.
The protocol uses HTTP 402 responses to find
payment details, including the exact amount in stable
coins like USDC and allowing flexibility per request,
such as basing the amount on user input
or parameters in a donation flow.
While it's primarily designed for automated micropayments, AI

(01:13:57):
agents, it can handle custom amounts for purposes
like donations through appropriate client-server implementations.
So there'd have to be a back and
forth.
Like, hey, I wanna send you three cents
a minute.
Okay, I'm gonna give you a three cents
a minute token.
Something like that.
Right, Nathan says 402 is just the HTTP

(01:14:19):
response.
I don't believe the version of Cloudflare Coinbase
will support Lightning Network.
No, I understand that, Nathan.
I understand that.
What I'm trying, what I'm thinking, I'm not
being clear because I'm trying to think this
through in real time.
What I'm saying is that if the value
tag is changed to support instead of raw

(01:14:40):
Lightning, if it's changed to support 402 in
whatever flavor that is, whether, you know, this
thing X402 or- Then you need an
API to do some back and forth, is
what you're saying.
Right, right, because right now the API is,
when you're talking about a Lightning value tag,
the API that you're communicating with is already

(01:15:02):
defined.
Right.
It's defined by the RPC, excuse me, by
the either, you know, REST or RPC or
Keysend or Bolt11, all those things, all those
layers of that stack are already there and
we know what they are.
So that's why when you define the method
equals Lightning, that you know how to interface

(01:15:23):
with that.
So if we change the available value tag
method to be something like X402, then the
question is, what does the API look like
on the other side of it?
And we know that X402 is going to
be defined.
Yeah.
That's clear.
They're going to define that, but it's going

(01:15:46):
to be, everybody can implement it.
And so each person's implementation can have its
own flavor.
And so what I'm thinking is that if
we have an X, if we have a
flavor of X402 that is tuned to podcasting's

(01:16:11):
need, it can be backwards, it can be
compatible with X402 in the general sense, but
that it can also have baked into it
the metadata stuff that we need so that
that is an exchangeable.
Right.
Because I'm imagining that X402 itself is not
- There's no metadata.
I don't know this.
No, there's no metadata.

(01:16:32):
Nothing.
Or just something generic.
Right.
Something generic, just like, who knows what that
is?
I haven't looked at the spec yet, but
if it's just something generic, we may be
able to take and shoehorn in the metadata
spec that we need it to be.
So yeah, I know I'm referencing Lightning, but

(01:16:52):
I know they're two separate things, but I
think this, we could make this, we could
make this work, I think.
I think so too.
Okay.
Gonna have to, gonna have to think about,
I wonder, I mean, does anybody have example

(01:17:13):
servers up yet?
Maybe Cloudflare?
Yeah, I have a, they got all kinds
of stuff on Cloudflare, hold on.
Okay.
I'll give it to you.
Because, you know, Alex started writing that MetaBoost
spec, MetaBoost API, I mean, we could, we
could just modify 402 to accept the thing

(01:17:38):
we need it to be.
That's what I would kind of hope for
in this.
And they're taking contributions to the protocol.
So get your code in now.
Yeah.
Well, they got a, they got a GitHub.
I wonder where that is, let me.
Yeah, it's in that link I just sent
you.

(01:17:59):
The Coinbase X402 thing?
Yeah.
Vue docs, I wonder if that's- Hey,
they have a free app.
They have a free app.
A free app?
Yes, a free app.
The free app that makes your internet safer,
now available for even more devices.
What does this app do?
Okay.
It's Warp.
It's the Warp.

(01:18:19):
GitHub Coinbase X402, here we go, okay.
So it's GitHub.com slash Coinbase slash X402.
There you go.
And yeah, it looks like CloudFlare's, yeah, CloudFlare
agent docs, they're also the X402.
So we need to figure out where all
this stuff crosses over.

(01:18:42):
One line of code to accept digital dollars,
no fee, two second settlement, 0.001 cent
minimum payment.
That's cool.
Open standard, the phone will never force reliance.
Yeah, okay, we just need to read through
this.
I'm glad you brought this up because I
had seen it multiple times this week and

(01:19:04):
just had not gotten into it.
Yeah, it's, you know, you know me.
I'm like, this is beautiful.
It's got a payment sequencing, the OCV1 protocol
sequencing, it's like payment method.
Yeah, the question I have is just, where
is the, do they have anything like a

(01:19:24):
sandbox?
That I don't know.
Up and running that you can hit and
see what it does.
Yeah, I haven't looked at it yet.
Not that deep.
I've been fighting hackers who are now at
N for Nokia.
Oh, they're just going through the alphabet.
Went from Nancy to Nokia, took them a
half an hour.

(01:19:45):
Oh boy, you guys, I'm telling you.
Yeah, I'm telling you.
You're going to be there all day.
I hope they packed a lunch.
It's kind of fun.
It's kind of fun to know that someone
is desperately trying to do this.
All these things are probably coming from like
some hacked home router in Brazil, you know?
Oh, it's actually, no, some of it's coming
from Linode.

(01:20:07):
Interestingly enough.
So they're, you know, using a Linode to
hack a Linode.
And- Oh, really?
Some of it, yeah.
A lot of people.
Yeah, what is this one?
Hostingmail, servermail.org is another fine one.
Oh, it's giving you reverse name.
I've got trace routing some of them.
Oh, you're tracing, okay.
Yeah, so they've hacked in all kinds of

(01:20:28):
stuff.
Like, oh, I got someone's mail server.
Cool, we'll use this.
Great, great, yeah.
And you know what?
There's a lot of hacked servers out there,
that's for sure.
Oh yeah, I bet.
It's unbelievable.
Let's see, where is this one coming from?
Oh, interesting.
Dude, I think, what's this from?

(01:20:51):
Global, telemark.brazil, yeah, Brazil.
Yeah, the reason I said Brazil is because
I think Brazil had a huge, I think
they had millions of home internet routers that
were of one particular kind that had like
a horrible flaw in them a few years
ago.
Oh, and they're all pwned.
Yeah, it's like the botnet army of the

(01:21:12):
universe.
Nice.
Hey, let's thank some people, Dave.
I heard some boost coming in, which is
nice.
We got Chad F with 333 and Dreb
Scott with 12345.
12,345 sats.
Go, Nanaia, podcasting.
Yes, I'm with you.

(01:21:33):
Anonymous from CurioCaster222.
AI has already ruined V4V music.
Well, it's ruined all music.
I mean, has it really ruined music?
Has it ruined V4V music specifically?
I don't know.
I mean, has it ruined music?
I don't listen to AI stuff.
Some stuff, I don't know.

(01:21:53):
I mean, I think Taylor Swift is basically
AI anyway.
Yeah, there you go.
SaltyCray on 236.
AI dumbing the world down with one bad
search and song at a time.
Yes.
Chris, you know, 1800 sats.
Stacker.news is up to 26 different lightning
wallets you can connect.
I'd recommend anyone make a free Stacker.news

(01:22:15):
account just to look at stacker.news slash
wallets page, see how many different options are
out there.
Would love to see these options in P2
.0 apps.
Oh, I have to take a look at
that.
Bad signal received from SaltyCray on 777.
Heard that during the opening of the show,
I think.

(01:22:36):
And anonymous podcast guru user with 408 sats.
Oh, I love that guy.
Yeah, he's a good guy.
Any updates on the wallet stuff?
The arguing and blaming people is starting to
turn even more people away or at least
making them feel like they're doing something wrong
for using the tools available to them.
Well, I don't know.
What's the update?

(01:22:58):
Is there any update?
On what?
I don't know, on the wallet stuff.
What is the wallet stuff?
I'm not sure.
Like, you know.
Is it my Albi or something?
I guess.
I mean, I guess the ongoing KeySend versus
LNURL.
I mean, that's.
Well, I mean, that to me, it's just
a done.
It's just that argument's over.

(01:23:18):
KeySend's just a redheaded stepchild.
It's never gonna go.
Nobody supports it.
So, I mean, you can't.
Your massive users are on strike in Cash
App and in those kind of apps.
And they're just not gonna, they're just never
gonna support KeySend.
They're not gonna do KeySend.
It's just not.
It doesn't matter what I think about it

(01:23:39):
or anybody else.
It just matters what happens.
And that's the way the universe is moving.
So, I mean, I'm not blaming anybody.
No, no.
Blame anybody.
It's just the way, just this life.
I mean, we're not, you know.
You can't, you just, that's just the way
it's gotta be.
So we gotta adapt.
And I think we got a good spec.

(01:23:59):
The Bolt 11 stuff is, LN address works.
You know, the metadata thing is a problem,
but, you know, I don't, I'm not convinced
that we actually need the metadata.
I'm just not, you know.
We have, when you send somebody a PayPal,
you see, a lot of times all you
see is a little, a short note in

(01:24:20):
their name.
And that's fine.
And that's fine.
Because what matters is they gave you money.
That's the way I see it.
So, I just, I'm not, if there was
something more specific you were talking about, you
know, to respond, but I don't, I just
think that's where we're at.
I think that's just, that's the future.
No, I love cotton gin.

(01:24:41):
Apple just controls the podcast index.
It's just the way it is.
It's what the universe wants.
No, they don't.
So that's patently not true.
What?
I don't know.
This is, they think you're lame.
You're lame.
Lame answer.
You need to support Keysend.
I can't make Cash App support Keysend, or
Strike, or Coinbase.

(01:25:01):
I can't do, I mean, like, they're just
not going to do it.
I don't know what I can do about
it.
I mean, okay.
That's where, I mean, that's where all the,
most of the Bitcoin is.
That's literally where the money is.
Literally.
Yeah.
Yeah.
My entire claim to starting this project, yeah,
exactly.

(01:25:21):
And that's what we did.
We totally did that.
Apple doesn't control the podcast.
Apple doesn't control podcasting.
That's exactly why we added the value for
value because we had programmable money through the
Lightning Network.
It was very cool.
And then Keysend went away, and then the
wallets went away.
And so now we have to fish or
cut bait.
Either we use LN addresses and everyone is

(01:25:44):
happy with it, or we don't.
Yeah, I mean, Brian on the index this
week, Brian showed the RPC calls for LND.
Now, they will not let you send Keysend
directly through the RPC calls.

(01:26:04):
The- Oh, really?
They're broken.
Really?
On LND, they won't let you do that
anymore?
On LND, they deprecated the RPC call that
had the pub key in as a destination
address.
The new RPC call, Brian of London is
who I'm talking about, the new RPC call

(01:26:25):
in LND that's meant to replace the deprecated
one does not have a public key property
in it to send to.
So whenever that other one, which is marked
deprecated, whenever that other one goes away, Keysend
is gone.
Well, I think what we need to do
because this pops up all the time, aren't
you using Keysend to receive these boosts?

(01:26:47):
Okay, good.
I'm going to remove all the Keysend and
we'll just use LNURL.
That's fine.
I really think there's a disconnect going on
here.
BitPunk, yes, nobody ever said that it doesn't
work right now for everything.
What we're saying, people don't understand, some

(01:27:16):
Keysend still works.
Okay, I'm just going to lay this out.
This is the truth as far as I
understand it right this second.
Some Keysend still works across the board.
Okay, that is a fact.
Keysend does not and will never work on

(01:27:40):
hosted wallet solutions where most of the easy
onboarding is like CacheAppStrike, et cetera.
The deprecation that we were talking about with
Keysend is one layer removed than what you

(01:28:03):
think it is.
Keysend itself is still supported in LND.
The API, LND's own API, the RPC calls
for LND that support Keysend, that has been

(01:28:26):
deprecated, okay?
So the RPC call to send a payment,
they deprecated version one of that call and
replaced it with version two.
Version two does not support a public key
as the destination address, which is what you

(01:28:46):
have to do to send Keysend.
So the call that supports Keysend in LND
RPC has been deprecated, even if Keysend itself
has not been deprecated as a feature.
Because it doesn't matter if Keysend is still
in there.

(01:29:07):
If you can't get to it, then you
can't send it.
And the quote, some guy named Brian, he's
the guy that's quoted in Lightning Lab's documentation
about how to send Keysend.
That's the some guy named Brian.
They literally used his code as the example

(01:29:28):
in their own documentation.
And if you want a better explanation for
this, look back on the podcast index social
from back after the show last week.
And Brian piped in and gave links to
the documents showing the deprecated API calls.
This was discussed right after the show because

(01:29:49):
nobody believes that there was a deprecation issue
going on.
And the confusion is, it's Lightning Labs.
Don't blame me, blame them.
Because they've deprecated the APIs that allow that
stuff to be sent.
Now, the marquee tag in HTML is also
deprecated, but it's still supported by a whole

(01:30:12):
bunch of browsers.
But nobody, but everybody's gonna use CSS animations
instead of marquee because nobody knows when it's
gonna go away.
Because it's officially been deprecated.
So look, just, I don't know what else
to say.
It feels like a losing battle.
So I don't see why we're gonna continue
to fight this.
Yeah.

(01:30:32):
Well, I'll switch our feeds to LNURL.
That's easy.
And we may not get boosts with metadata,
but we'll get payments if people still wanna
send money and support the index.
So I got no problem with that.
Look, I don't like it.
I don't like it.

(01:30:53):
I love KeySend, I love the way it
worked.
It was so simple.
But you're shooting the messenger here, man.
Yeah, exactly.
Okay.
Why don't you read some of the last
boosts we'll ever receive?

(01:31:13):
The Bruce, the ugly quacking duck, 2222 through
podcast guru says, love the testing 73.
Thanks guys.
You're welcome, Bruce.
And let's see, we got, oh wait, we
got Tommy.
Yeah, here it is.
Commissioner blogger, 13710 through fountain.

(01:31:33):
He says, howdy Dave and Adam.
Although I'm agnostic now, in childhood I was
Christian and I even visited the Vatican several
times.
And today I want to recommend a podcast
that can be found by searching for quote
the Charlie Kirk show unquote in podcast apps
or at www.charliekirk.com.

(01:31:54):
After Charlie's murder, new episodes are still being
published.
Thanks to Daniel J.
Lewis for the hint.
Yo, CSB.
Thank you.
We got some, we got some monthlies.
We got Chris Bernardik, $5.
Michael Kimmerer, $5.33. Dreb Scott, $15.
Christopher Reimer, $10.

(01:32:15):
James Sullivan, $10.
Cohen Glotzbach, $5.
Jorge Hernandez, $5.
And Michael Goggin, $5.
All right.
Well, thank you all very much for supporting
the Podcast Index Project.
It all goes into the funds to keep
this thing rolling and to keep us indeed,
keep podcasting independent from Apple or anybody else
for that matter, which is the entire mission.

(01:32:38):
Go to podcastindex.org.
You can read our mission.
It's right there on the homepage.
And below it is a big red donate
button.
We do accept your fiat fund coupons.
And just hit that button to send us
some.
I feel like we're ending on a downer
here, Dave.
Man, I know.
I just want like, the boardroom just went

(01:32:59):
nuts.
Went hostile.
Hostility, hostility.
We have, what do you call it?
Activist investors on the board.
It's a hostile takeover.
Hostile takeover.
All right, everybody.
We'll be back with new lightning addresses on
the Node next week.
Join us then for the board meeting of
Podcasting 2.0. I

(01:33:33):
think they're cool.
You have been listening to Podcasting 2.0.
Visit podcastindex.org for more information.
Go podcasting!
I mean, that is hilarious.

All Episodes

Episode Transcript

Popular Podcasts

Stuff You Should Know

Cardiac Cowboys

The Joe Rogan Experience

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Episode 236: No Nancy Here

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Stuff You Should Know

Cardiac Cowboys

The Joe Rogan Experience

All Episodes

Episode 236: No Nancy Here

Stuff You Should Know