Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Advertisements

When your old laptop dies at the perfect time

My old MacBook Air is now not only retired but dead. And it could not have happened at a better time.

I had resolved to donate the 2012-vintage laptop I’d finally replaced with an HP Spectre x360 last fall by donating it to the local Apple user group Washington Apple Pi, whose MacRecycleClinic refubishes still-functional Macs for reuse and scavenges the rest for parts. And since I’m speaking at Saturday’s Pi meeting about the state of computer security–the gathering runs from 9:30 a.m. to noon-ish in Enterprise Hall room 178 at George Mason University’s main campus in Fairfax, with my spot a little after 11 a.m.–I could bring the old Air with me to hand over.

So yesterday afternoon, I made one last backup of the Air’s files, signed it out of its Web services as per Apple’s advice, and rebooted it into macOS Recovery to wipe the drive and re-install macOS High Sierra from that hidden partition. Then I followed the counsel of experts for a USA Today column earlier this month and used Apple’s FileVault software to encrypt its solid state drive all over again.

Several hours later, High Sierra wrapped up that chore. I once again rebooted into Recovery, used Disk Utility to wipe the SSD–and then couldn’t install High Sierra, because the installer reported that the drive’s Self-Monitoring, Analysis, and Reporting Technology (SMART) software had found a problem that left the volume unusable.

After a moment’s irritation, I realized that this timing was perfect. It followed not just five years of trouble-free drive performance but a complete erasure, re-encryption and re-erasure of the volume, so there could be nothing left to recover–and therefore no need to apply physical force to destroy the drive. This Mac has failed me for the last time, and I am okay with that.

Planespotting with purpose: Arlington flyovers

If you live or work within a few miles west of Arlington National Cemetery, you can expect to hear a sound that suggests you’ll on the receiving end of an airstrike: a crescendo of jet-engine noise that rapidly escalates past the volume of a departure from National Airport until a formation of military jets booms overhead.

Flyovers in support of military funerals are a regular ritual at Arlington, but the schedule at the cemetery’s site doesn’t indicate which one will feature an aerial accompaniment. Instead, follow the @ArlingtonNatl Twitter account, which usually tweets out an advisory or two about flyovers in advance under the hashtag #flyover.

You can’t count on a flyover happening exactly on schedule–I’ve seen them happen more than half an hour after the forecast time–but at least you’ll know roughly when to expect the noise.

And, if you’re any sort of avgeek, that will also be your cue to step outside with a camera or binoculars. (Read after the jump for a quick aircraft-recognition tutorial.) The sight of four planes in a missing-man formation is always impressive–and a good opportunity to contemplate the service of the man or woman being laid to rest at Arlington.

Continue reading

Please stop asking for my “best number”

Too many of my interactions with public-relations types and the people they represent conclude with a pointless question: “What’s your best number?”

That query is a waste of time because my phone number, 202-683-7948, should be obvious: It’s in the signature that appears at the end of almost every e-mail I send as well as on my business cards.

Besides, as a self-employed individual in the 21st century, I don’t use any other number for work.

My absence of a desk line should be obvious: Why bother when I already have a smartphone on my person at almost all times? But the number on my wireless plan isn’t my work number either.

You might see me call from a 703-area-code number if both WiFi connectivity and mobile broadband are awful, but there’s no upside to returning my call at those digits. If I have any cellular signal, calls to my work number will ring through to my cell–and even if my phone is offline, they’ll still reach the rest of my devices.

Yes, I’m one of those people using a Google Voice number, even after years of Google’s intermittent neglect of that service. I’ve had this GV number–again, 202-683-7948, which may be easier to remember as 202-OVERWIT–since 2007, when a friend got me an invite to the closed beta test of GrandCentral, the company Google bought before relaunching its service as Google Voice.

And not only do I have those digits mapped to my regular gadgets, they also reach me in WhatsApp and Signal. I would have done the same with WeChat but couldn’t–which turned out not to matter, since my cell number is invisible in that app.

I trust that’s cleared up how to reach me telephonically. Now can you all also remember that if I don’t pick up when you call, you’re supposed to either leave a voicemail or send a follow-up e-mail?

Bandwidth battles in China

SHANGHAI–Crowded gadget trade shows like CES and Mobile World Congress usually entail connectivity complaints. But when you put the gadget show in China, you level up the complexity, thanks to the need to run a Virtual Private Network app to preserve access to U.S. sites blocked by China’s Internet filters.

In theory–and in every PR pitch from a VPN service advertising itself as the surefire way to stop your ISP from tracking your online activity–that should add no difficulty to getting online. You connect, the VPN app automatically sets up an encrypted link to the VPN firm’s servers, and then you browse as usual.

PIA VPN exit-server menu

The reality that I’ve seen at CES Asia this week while using the Private Internet Access Windows and Android apps has been a good deal less elegant.

  • Often, the PIA app will connect automatically to the best available server (don’t be like me by wasting selecting a particular U.S. server when the app usually gets this right) to provide a usable link to the outside world. But it’s never clear how long that link will stay up; you don’t want to start a long VoIP call or Skype conference in this situation.
  • On other occasions, the app has gotten stuck negotiating the VPN connection–and occasionally then falls into a loop in which it waits increasingly longer to retry the setup. Telling it to restart that process works sometimes; in others, I’ve had to quit the app. For whatever reason, this has been more of a problem on my laptop than on my phone.
  • The WiFi itself has been exceedingly spotty whether I’ve used my hotel WiFi, the Skyroam Solis international-roaming hotspot I took (a review loaner that I really, really need to send back), the press-room WiFi or, worst of all, the show-floor WiFi. Each time one of those connections drop, the VPN app has to negotiate a new connection.

If you were going to say “you’re using the wrong VPN app”: Maybe I am! I signed up for PIA last year when the excellent digital-policy-news site Techdirt offered a discounted two-year subscription; since then, my client Wirecutter has endorsed a competing service, IVPN (although I can’t reach that site at the moment). Since I don’t have any other trips to China coming up, I will wait to reassess things when my current subscription runs out next April.

Also, it’s not just me; my friend and former Yahoo Tech colleague Dan Tynan has been running into the same wonkiness.

To compound the weirdness, I’ve also found that some connectivity here seems to route around the Great Firewall without VPN help. That was true of the press-room WiFi Thursday, for instance, and I’ve also had other journalists attending CES Asia report that having a U.S. phone roam here–free on Sprint and T-Mobile, a surcharge on AT&T or Verizon–yielded an unfettered connection.

At the same time, using a VPN connection occasionally left the CES Asia site unreachable. I have no idea why that is so.

What I do know is that I’ll very much appreciate being able to break out my laptop somewhere over the Pacific in a few hours and pay for an unblocked connection–then land in a country where that’s the default condition.

Advanced Mac tinkering: performing a drive transplant on a 9-year-old machine

Friday’s work toolkit got a little weird. It included two suction cups, multiple sizes of Torx screwdriver bits, a pair of tweezers, a can of spray air, a microfiber cloth and a lot of patience.

Were Apple a company that updated its computers on a regular and predictable pattern, I would have replaced this desktop long ago. But first it spent years neglecting its desktops, then my laptop needed replacing first, and now the “new” iMac has gone almost a year without an update.

iMac SSD in placeInstead, two other things got to upgrade my desktop the cheap but hard way. First my backup hard drive died without warning, then I noticed that an SSD upgrade kit was down to $200 and change at the longtime aftermarket-Mac-hardware vendor Other World Computing. That would be a cheap price for a vastly faster storage system, and anyway I couldn’t resist the challenge here. So I placed my order… and then waited two weeks as the Postal Service somehow lost and then recovered the package that it only had to run from the nearest UPS to our front porch.

In the meantime, I did a complete Time Machine on my new backup drive, then used Shirt Pocket’s SuperDuper to put a bootable copy of the iMac’s entire drive on a second partition of that external volume. With those redundant backups done and my schedule somewhat clear Friday, it was time to risk breaking my desktop computer with the sort of involved tinkering I last seriously attempted around the turn of the century, when I owned a Mac clone in which almost everything inside was user-accessible.

Step one–as explained in a how-to video that would have been more effective as written instructions illustrated with animated GIFs–was to get the iMac’s LCD out of the way. I used the suction cups to lift the outer glass off the magnets holding it in place (you can imagine my relief at not having to battle with any glue), then removed eight Torx screws holding the LCD assembly, using the tweezers to ensure they wouldn’t get lost inside the iMac. I carefully tilted that out and held it away from the rest of the computer, then detached four ribbon cables from their sockets inside the computer–each time feeling a little like I was about to fail to defuse a bomb.

The next step was to extract the old hard drive. After removing another two screws and plucking out a further three cables, I just had to undo four other screws to get the hard drive out of its mounting bracket… which is when I realized that the second screwdriver included in OWC’s kit wasn’t the right size.

iMac LCD attachmentFortunately, the second neighbor I checked with had an extensive set of Torx screwdriver bits. After finding one properly sized to liberate the drive bracket, I used the spray air to knock nine years’ worth of dust out of the innards of the computer, then completed the drive transfer by securing the SSD to the bracket, connecting it to the original cables and fastening the new drive to the computer. I did the same routine with the LCD assembly, wiped it and the glass panel with the microfiber cloth, then finally clicked that outer glass back onto its magnets.

With the computer once again whole, I plugged it in, attached the backup drive, pressed the power button–and was delighted to see it boot properly off that external drive.

Installing macOS High Sierra from the backup drive to the SSD went remarkably fast; running a complete Time Machine restore of all my data and apps did not. But by the end of Friday, I had an old computer that no longer felt so old. And the pleasant sense that I haven’t completely lost my DIY-tech skills.

My growing transit-card collection

TORONTO–I’m coming home from here with an unusual souvenir: a plastic card with embedded electronics.

Transit cards in TorontoThis city made me do it. Buying a Presto Card to pay for transit, even with its $6 purchase fee, made sense factoring in the slight discount it gets on the Toronto Transit Commission’s streetcars and subways and the much larger break it gives on the Union Pearson Express airport train. With the Collision conference ensuring I’ll travel here for the next three years, I would be crazy to pay cash fares.

The same logic has led me to build a collection of transit smart cards beyond my Metro SmarTrip card. I’ve got a CharlieCard for the T in Boston, a Clipper card for BART and other Bay Area transit agencies, and a TAP card for L.A.’s Metro. The MetroCard I keep for the NYC subway and the Viva Viagem card I use on Lisbon’s Metro aren’t as smart, but they do the same job of freeing me from fumbling with cash at faregates.

And having all these cards handy doesn’t just feed my transit snobbery; eliminating a barrier to hopping on a subway, streetcar or bus saves me real money when I travel.

This isn’t quite the future of transit payments I had in mind when Metro rolled out the SmarTrip card in 1999. But until more transit systems follow the examples of Chicago and London and let passengers pay via NFC with their phones, I’m stuck on this track.