Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Advertisements

The conference that got away: Viva Tech 2018

In an alternate universe, Sunday’s recap of my last week’s work would have included a round of panels at Viva Technology Paris, the growing tech gathering that’s now in its third year. In 2016 and 2017, I moderated a round of discussions and got my travel covered, which was an excellent way to go to one of my favorite cities.

That didn’t happen this year, and I’m the reason why. I didn’t think to e-mail anybody involved with the conference until a third of the way through April, which in retrospect was absurdly late for an event of this size. I got a reply a few days later, saying they were “quite advanced” in assigning panels but wanted to know if there were particular topics I could handle.

My response emphasized my flexibility, which may have been a mistake in that it didn’t say “give me everything open on this topic.” In any case, I didn’t get another e-mail back and then ensured I wouldn’t be going to Viva Tech by not sending any more myself.

(If you listen closely, you may now be able to pick out the sound of a rather small violin playing for me.)

The lesson here is nothing new: Sitting back and waiting for good things to happen is more likely to result in nothing happening. Which in this case not only foreclosed any chance of organizer-paid airfare and lodging but also meant I didn’t get to cover Viva Tech talks by the likes of Facebook’s Mark Zuckerberg and Microsoft’s Satya Nadella.

I did, however, avoid having four weeks in a row of business travel, and being around this weekend meant I could catch up with an old friend from my college paper at a gathering on the roof of his apartment building. That wasn’t so bad.

I will try to be more assertive for next year’s Viva Tech… although its mid-May scheduling may overlap with Google I/O. In which case: le sigh.

My growing transit-card collection

TORONTO–I’m coming home from here with an unusual souvenir: a plastic card with embedded electronics.

Transit cards in TorontoThis city made me do it. Buying a Presto Card to pay for transit, even with its $6 purchase fee, made sense factoring in the slight discount it gets on the Toronto Transit Commission’s streetcars and subways and the much larger break it gives on the Union Pearson Express airport train. With the Collision conference ensuring I’ll travel here for the next three years, I would be crazy to pay cash fares.

The same logic has led me to build a collection of transit smart cards beyond my Metro SmarTrip card. I’ve got a CharlieCard for the T in Boston, a Clipper card for BART and other Bay Area transit agencies, and a TAP card for L.A.’s Metro. The MetroCard I keep for the NYC subway and the Viva Viagem card I use on Lisbon’s Metro aren’t as smart, but they do the same job of freeing me from fumbling with cash at faregates.

And having all these cards handy doesn’t just feed my transit snobbery; eliminating a barrier to hopping on a subway, streetcar or bus saves me real money when I travel.

This isn’t quite the future of transit payments I had in mind when Metro rolled out the SmarTrip card in 1999. But until more transit systems follow the examples of Chicago and London and let passengers pay via NFC with their phones, I’m stuck on this track.

Conference-app feature request: block out my schedule as I pick panels

NEW ORLEANS–My calendar includes a lot of conferences (especially this month), and as a result my phone features a lot of conference apps.

Collision app schedulingThe conference that has me here, Collision, has one such app. As these things go–meaning, let’s set aside how many of their features could be done just as well by Web apps–it’s not bad. But the personalization tool that lets you cobble together a schedule of talks that appeal to you is deeply broken.

The schedule at Collision, as at other conferences with multiple stages and venues, is packed with events that happen at the same time. The app should clear up that clutter by not letting me be in two places at once–meaning, when I add a talk to my schedule, it should gray out every other talk overlapping with that timeslot.

That way, I’d immediately see the opportunity cost of going to one talk versus another. But the Collision app does not do that. And although it is smart enough to stick an orange “Priority” label next to my own panels, it doesn’t even block out talks overlapping with the most important items on my agenda.

This is a common failing with conference apps. I don’t recall the SXSW app doing this kind of schedule triage, even though that’s even more vital at an event with so many more overlapping tracks. The app for Google I/O, my destination next week, definitely omits this function. And since the Web Summit app is built from the same template as the Collision app, it will repeat this omission… unless somebody in management is sufficiently moved by this post. Can y’all hear me out on this?

 

 

Playing hooky for home openers

I watched the Nationals lose a winnable baseball game Thursday. I’ve done that a lot since 2005, but this 8-2 defeat wasn’t just any home game. It was the Nats’ home opener–as far as I can figure out, the 13th that I’ve seen in person, starting with our team’s debut at RFK in 2005.

(The exception was 2007. According to an e-mail I sent to my wife, I listened to the game on the radio from home.)

That also makes this spring pastime one of the few consistent examples of me taking advantage of the flexible scheduling that I should theoretically enjoy as a work-from-home freelancer.

As in: When I wandered into this lifestyle, I had delusions of being able to devote the occasional morning or afternoon to a movie or a museum. Nope!

The reality has been one of compressed chores. My schedule affords enough idle time to let me get in some gardening or expedite a Costco run, but tearing myself away from other obligations for a few hours in a row seems impossible… except for this one rite of spring. I should not complain about that, even when the game in question has us getting lit up by the Mets.

SXSW scheduling: indecision is the key to flexibility

AUSTIN–Looking at the glut of invitations to South By Southwest events that have landed in my inbox in the past few days, two things seem clear: Many publicists think this event starts and ends on Saturday, and I shouldn’t have bothered scheduling anything until this week.

SXSW 2018 logoI know from prior experience that this conference attracts a silly amount of marketing money that gets lit on fire in various #brand-building exercises–most involving the distribution of free tacos, BBQ and beer.

But this year–much like at CES–some sort of happy-hour herd instinct has also led many companies to schedule their events on the same day, in this case Saturday. Looking over the possibilities, it appears I could spend that entire day–starting with a 7:30 a.m. mimosa breakfast–drinking on the dime of one corporate host or another.

(I won’t. I have panels to attend, people to interview, and probably one post to write. I may need a nap too.)

And, yes, a huge number of these invitations came in the last 72 hours. Far be it for me to criticize other people’s just-in-time conduct, but weren’t all of these bars, restaurants and other event spaces booked months ago? I have to assume that after not enough of the A, B and C-list guests responded affirmatively, the sponsor reluctantly decided to invite the D-list.

Considering that you can’t tell which events will be mobbed and how you might be waylaid by random meetings at them, your only safe response is to RSVP to everything and leave your calendar looking like a game of Tetris that you’re about to lose. Then decide where you’ll go based on where you’re standing and what looks interesting nearby–as shallow and impolite as that is.

And that’s how I came to a conclusive answer to this question: What’s a less reliable indication of somebody’s attendance than an Evite response?

Last-minute MWC advice

Having to spend a week in Barcelona at Mobile World Congress ranks as one of the easier problems to manage in the tech industry. I mean, would you rather go to CES?

But if you’re new to MWC, as I was only five years ago, the wireless industry’s global gathering can have its confusing moments. If so, the following advice may help you navigate your way around this trade show.

Fira Gran Via: MWC’s primary venue is a set of eight large halls that you can traverse much faster than the Las Vegas Convention Center, thanks to the overhead passages–most with moving walkways–that knit the Fira together. To get there, take the train: The L9 Sud Metro stops at the Europa | Fira and Fira stations, to the north and south of the Fira, while frequent commuter-rail trains from Espanya also stop at Europa | Fira.

Power and bandwidth: In addition to a plug adapter (you already have that in your bag, right?), you should also pack your laptop’s charger’s extension cord if it came with one. Distance from an outlet has nothing to do with that; a laptop power brick plugged into a plug adapter plugged into a wall outlet can easily fall out, but the extension cord will distribute that weight away from the outlet.

I hope you won’t show up to MWC with a locked phone that will prevent you from popping in a cheap prepaid SIM. But if your locked device is on Sprint or T-Mobile, you at least get free, slow and adequate roaming.

Eating and dining: Barcelona is one of the world’s great cities to eat and drink. Unfortunately, the press room in the Fira does not provide lunch, so you’ll have to forage elsewhere on the show floor (FYI, Ericsson’s exhibit in Hall 2 has offered a great free lunch the last few years). The press room does, however, offer an apparently inexhaustible supply of coffee from a bank of Nespresso machines, and plates of cookies occasionally show up there too.

Remember that dinner happens late in Spain, so don’t turn down a late-afternoon snack.

Getting around: Your MWC registration comes with a transit pass good Monday through Thursday; don’t just use it to commute to the Fira. Railfan tip: Because the L9 Sud line is automated, standing in the front of the train lets you enjoy the view of the tunnel ahead. Cheapskate tip: That line is also the most cost-effective way to and from the airport.

If you normally rely on Apple Maps, set it aside for the duration of MWC. This app still doesn’t offer transit directions in Barcelona–two and a half years after Apple bragged about adding transit navigation, which itself came nearly eight years after Google integrated the same in its own maps.

Barcelona has a not-undeserved reputation for pickpocketing. Don’t leave your wallet in an exposed and open pocket, and hang on to your bag or purse.

Other details:

If you’ve never seen Whit Stillman’s 1994 indie classic Barcelona, try to fix that before you depart. It’s not available on Netflix and Amazon’s free streaming, but you can rent it on Amazon, Google, iTunes and Vudu.

If you have some free time–by which I mean, if being six to nine time zones ahead of your editors gives you unsupervised time–try to spend some of it visiting architect Antoni Gaudí’s masterpieces. The Casa Milà apartment building and the Sagrada Família basilica aren’t as far out of your way from MWC as Park Güell; they all have a kind of magic about them.

On your way home, if you have mid-tier or higher status on American, Delta or United or have a Priority Pass membership, you’re eligible to visit the Sala VIP Miro lounge at BCN, upstairs to the left and downstairs after passport control for non-EU flights. Nobody will mistake it for a Lufthansa Senator Lounge, but it works for a pre-departure snack and a drink or two before a long day spent over the Atlantic.

Updated 3/1/2018 to correct and expand lounge-access directions.