Weekly output: DriveSavers vs. locked smartphones

Yes, I got your CES PR pitch. If it’s of interest, I’ll reply sometime this week… but I reserve the right to redefine “this week” in my favor.

12/6/2018: For $3,900, DriveSavers says it can open locked smartphones, The Parallax

My one post to get published this week (as opposed to three others filed and now in various stages of editing) tried to unpack the puzzling claim by the data-recovery firm DriveSavers that its Password Lockout Data Recovery service could unlock any Android or iOS phone to allow a rescue of the data on the device. The experts I talked to had no solid idea what DriveSavers was talking about–not that the firm’s vague descriptions gave them much to work with–but they did share some theories of how DriveSavers might go about this task.

Advertisements

LastPass shows how to do two-step verification wrong

I finally signed up for LastPass Premium after years of using the free version of that password-management service. And I’m starting to regret that expense even though $2 a month should amount to a rounding error.

Instead of that minimal outlay, I’m irked by LastPass’s implementation of the feature I had in mind when typing in credit-card digits: support for Yubikey U2F security keys as a form of two-step verification.

Two-step verification, if any reminder is needed, secures your accounts by confirming any unusual login with a one-time code. The easy but brittle way to get a two-step code is to have a service text one to you, which works great unless somebody hijacks your phone number with a SIM swap. Using an app like Google Authenticator takes your wireless carrier’s security out of the equation but requires regenerating these codes each time you reset or switch phones.

Using a security key–Yubikey being one brand, “U2F” an older standard, “WebAuthn” a newer and broader standard–allows two-step verification independent of both your wireless carrier and your current phone.

Paying for LastPass Premium allowed me to use that. But what I didn’t realize upfront is that LastPass treats this as an A-or-B choice: If you don’t have your Yubikey handy, you can’t click or type a button to enter a Google Authenticator code instead as you can with a Google account.

A LastPass tech-support notice doesn’t quite capture the broken state of this user experience:

If multiple Authentication methods are used, only one will activate per login attempt. If you disable one, then another will activate on the next log in attempt. Because only one activates at a time, you cannot have multiple prompts during the same log in.

The reality you see if you happened to leave your Yubikey at home or just have your phone closer at hand: an “I’ve lost my YubiKey device” link you’re supposed to click to remove that security option from your account.

This absolutist approach to two-step verification is not helpful. But it’s also something I should have looked up myself before throwing $24 at this service.

Weekly output: Apple Tax on storage, CrowdStrike CEO, Facebook Pages, Rod Rosenstein on security and encryption

This year is officially in the home stretch, but some of this week’s work almost certainly won’t show up in my bank account until 2019. Remembering your clients’ varying payment schedules is essential to keeping some level of freelance accounting sanity.

11/28/2018: New MacBook Air and Mac mini show the Apple Tax on storage lives on, USA Today

As I’d pledged a few weeks ago, I returned to the subject of Apple’s belated updates to the Mac mini and MacBook Air to take a whack at these computers’ stingy entry-level storage allocations and the steep price to upgrade their solid-state drives. Note the correction on this column: I saw that Apple only offered a 256-gigabyte SSD on the entry-level iMac but stupidly neglected to check the storage options on other configurations.

11/29/2018: CrowdStrike CEO on political infosec lessons learned (Q&A), The Parallax

I talked to CrowdStrike chief executive George Kurtz at Web Summit and transcribed my interview on the flight home. Then this writeup–one not pegged to any breaking news–took a little longer to run.

11/30/2018: Facebook still hasn’t fixed this loophole for fake accounts, Yahoo Finance

This post started with some Thanksgiving tech support that revealed some highly sketchy pages in a relative’s News Feed, and then my inquiries with Facebook led the social network to nuke two pages with a combined 3.4 million Likes. Today, a reader pointed me to several other pages apparently run by the same people behind those two removed pages, so you probably haven’t read my last thoughts on this issue.

11/30/2018: Deputy AG Rosenstein calls on Big Tech to protect users, Yahoo Finance

Deputy U.S. attorney general Rod Rosenstein brought two messages to Georgetown Law’s Cybercrime 2020 symposium–and they contradicted each other to a fair amount.

Should I be on Patreon?

I’m not a millennial and I don’t have any tattoos or piercings, so I would appear to be wildly ineligible for Patreon.

Yet I’m still curious about using that crowdfunding site to give people a chance to underwrite my work if they feel so inspired. I can’t tell if that is me being entrepreneurial or vain, so I’m writing this post to try to untangle my thoughts.

I first encountered Patreon when founder Jack Conte gave an exuberant presentation on the site’s backstory at 2013’s XOXO conference. (His talk rambles a bit–which is fine if you enjoy dancing robots–but overall merits 24 minutes of your time.) I decided that letting fans pledge as little as a dollar or two a month to indie creatives was a smart response to declining ad rates and the overall horribleness of the content industry. And then I thought little more about that concept until I started seeing more people and sites I know pop up on Patreon.

You can sum up the Patreon proposition as “Kickstarter over time.” Instead of asking for support for a particular project, creators invite fans to kick in a defined sum each month to support their ongoing efforts–and can also offer extra rewards for contributions above a certain level.

For example, my friend Glenn Fleishman‘s typographic-centric pitch includes exclusive or early access to his articles, science-minded podcaster Rose Eveleth offers a patrons-only newsletter, and the Arlington news site ARLNow.com touts a private Facebook group for more-generous contributors.

After conversations with a few Patreon fans at XOXO this September, I e-mailed Glenn to ask how that was working for him.

His two bits of advice: Find something you can provide to Patreon contributors that they couldn’t get elsewhere, and show what their support lets you do that you couldn’t accomplish otherwise.

I think I have a good answer for that first item: my time. As most people who have e-mailed me can attest, getting my attention when I’m constantly changing channels between stories and clients is… problematic. If I could offer something like a private Slack group or some other closed forum, I’d like to think that would appeal to people who miss the Web chats I did at the Post. (I miss them too.)

The second thing, though, is harder to answer. I think I do a decent job of selling enough stories from each out-of-town event to cover my travel costs… although conferences like the Online News Association’s annual gathering routinely defy my attempts to monetize them. Would that be enough of a what-you-helped-me-do story?

My other concerns: I wouldn’t have enough time to tend a Patreon page (note that I’m typing this near 10 p.m. on a Saturday); nobody would support it; worst of all, nobody would support it, and outsiders would then point and laugh.

At the same time, I like the idea of generating another stream of income, even if it only underwrites one trip a year. Getting acquainted with the inside of a crowdfunding platform seems like an overdue to-do item for me. And the last few months have made me increasingly uneasy about relying on my Facebook page for occupational banter with readers.

Having spent this much time musing about crowdfunding, I might as well crowdsource part of this decision. Please take the poll below, and if you have suggestions for what you’d want me to do at Patreon or another crowdfunding platform, please share them in the comments.

 

Weekly output: Facebook maintenance as Thanksgiving tech support

Once again, time put into helping family members with their gadgetry over this holiday weekend has yielded a pretty good idea for a post–or so I hope my editors will think. 

usat-facebook-thanksgiving-tech-support11/21/2018: Thanksgiving tech to-do: Start a Facebook diet with all the trimmings, USA Today

You can think of this column as a sequel to a post I wrote for Yahoo Finance in August. This time around, I didn’t get so far into the weeds about adjusting Facebook notification settings–having to confine your work to 500+ words instead of as much as a thousand will do that–and used some of the space conserved to explain two newer smartphone features to regulate your time on the social network. A third option may now be available in your iOS or Android Facebook app: “Your Time on Facebook” tracking of the minutes and hours you while away on Facebook. 

Credit where it’s due: Thanksgiving tech support has gotten easier

I spend a lot of time venting about tech being a pain in the neck, but I will take a break from that to confirm that my annual Thanksgiving-weekend routine of providing technical support has gotten a lot easier over the last 10 years.

The single biggest upgrade has been the emergence of the iPad as something usable as the only computer in the house. It took a few years for Apple to make that happen–remember when you had to connect an iPad to a computer for its setup and backups?–but Web-first users can now enjoy a tablet with near zero risk of malware and that updates its apps automatically.

As a result, when I gave my mom’s iPad a checkup Wednesday afternoon, the worst I had to do was install the iOS 12.1 update.

That left me free to spend my tech-support time rearranging that tablet’s apps to keep the ones she uses most often on the first home screen.

Things have gotten easier on “real” computers too. Apple and Microsoft ship their desktop operating systems with sane security defaults and deliver security patches and other bug fixes automatically. The Mac and Windows app stores offer the same seamless updates for installed programs as iOS and Android’s. And while Google Chrome and Mozilla Firefox aren’t in those software shops, they update themselves just as easily.

But the openness of those operating systems makes it easier for people to get into trouble. For example, a few weeks ago, I had to talk a relative through resetting Chrome’s settings to get rid of an extension that was redirecting searches.

Other computing tasks remain a mess. On a desktop, laptop or tablet, clearing out storage to make room for an operating-system upgrade is as tedious as ever, and it doesn’t help when companies like Apple continue to sell laptops with 128-gigabyte SSDs. Password management continues to be a chore unless (duh) you install a password manager.

Social media looks worst of all. Facebook alone has become its own gravity well of maintenance–notifications to disable to curb its attention-hogging behavior, privacy settings to tend, and propaganda-spewing pages to avoid. There’s a reason I devoted this year’s version of my USA Today Thanksgiving tech-support column to Facebook, and I don’t see that topic going out of style anytime soon.

Weekly output: social-media angst at Web Summit

Between Monday being a holiday, me coming down with a cold after Web Summit, and  our kid also home sick with a cold, this was a slow week.

11/12/2018: Should social media be regulated? Support seen at Web Summit for protecting user data, USA Today

I wasn’t quite sure what I’d write for USAT from Web Summit until I watched Cambridge Analytica whistleblower Christopher Wylie’s enraged testimony there. A few other panels after that helped me flesh out this story idea, and I filed my report Thursday evening as the conference wrapped up. Then Wednesday, the New York Times published its account of Facebook’s self-serving, delusional response to early findings of Russian disinformation operations on the social network, and I felt like I’d been all too kind to Facebook in this column.