Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Advertisements

Recognize a bad-faith campaign to discredit a journalist when you see one

The latest target of Two Minutes Hate on the Internet is somebody unusual, in that it’s somebody I know. But the story here is manufactured outrage as usual.

Until Thursday, few people outside tech-journalism circles could have name-checked Sarah Jeong or described her Twitter presence. I’ve been following her since sometime in 2014, so I can: sarcastic and often bitterly so, expletive-laced, and grounded in a deep knowledge of how tech intersects culture and the law

That makes Jeong an essential read in my world, and also an amusing one–see her unpacking of the PETA’s monkey-selfie case. She’s also a student of how social networks fuel online harassment and wrote an excellent book about it, The Internet of Garbage, that led me to quote her in Yahoo Finance posts in 2015 and 2016.

Now Jeong is again experiencing the subject of her own research, thanks to a cut-and-paste screencap compilation quoting her saying such mean things about white people from 2013 to 2015 as “it’s kind of sick how much joy I get out of being cruel to old white men.”

Why 2014 tweets in 2018? The New York Times announced Wednesday that it had named Jeong to its editorial board. The creator of that image, who calls himself Garbage Human on Twitter, apparently saw a chance to bully the Times into hitting the Undo button on its hire–what’s happened to other young writers, some right-wing, hired by traditional media outlets.

So is Jeong a racist whom the NYT should dump? That argument is, as Jeong would put it, bullshit.

First: No, she isn’t racist. I have interacted with her, online and in person, more than enough to determine that, and I’ve yet to see any co-workers of her say otherwise. And yes, that insight trumps yours if you hadn’t heard of Jeong until yesterday. Seen in context–as you can, since she hasn’t deleted them–most of the tweets at stake are cranky jokes received as such by white friends. One’s a profane distillation of a multiple-tweet legal argument. Others look like her venting about the misogynistic, racist word vomit that can greet a woman or person of color on Twitter; I will not tone-police people in that position. 

Second, consider the sources. After Garbage Human, whose tweets show a fondness for InfoWars hoaxer Paul Joseph Watson, Jeong’s tweets got publicized by Gateway Pundit, a conspiracy-theory-spouting factory of lies. I first became acquainted with its dreck last January, when it wrongly named my friend Doris Truong as the Asian reporter taking pictures of Rex Tillerson’s notes at his confirmation hearing without bothering to ask her if she was even there.

These are not honest critics, and their arguments are no more founded in a belief in racial equality than GamerGate harassment was about ethics in gaming journalism. You don’t owe time to the talking points of a bad-faith actor, not when it’s based on a context-free sample of a handful of tweets out of 103,203 available.

I know this because I saw this strategy employed successfully against my then-Post co-worker Dave Weigel in 2010. That’s when the journalism-gossip site FishbowlDC and then the Daily Caller (both with a history of ginning up right-wing outrage, facts or context optional) published cranky e-mails about various politicians that Weigel had sent to a private mailing list. Post management did not have the spine to stand up for its new employee against this selective copy-and-paste hit job or the absurd theory behind it that reporters should never share opinions about the stuff they cover, and Weigel resigned.

Five years later, the Post hired Weigel back. He’s been kicking ass at the paper since.

I look forward to Jeong doing the same at the NYT, as it declined to take the bait. Its PR department defended their new hire while adding that it “does not condone” her earlier banter and including Jeong’s tweeted apology that “I deeply regret that I mimicked the language of my harassers.”

Jeong’s current employer until she starts at the Times, The Verge, took a stronger line in a post:

Online trolls and harassers want us, the Times, and other newsrooms to waste our time by debating their malicious agenda. They take tweets and other statements out of context because they want to disrupt us and harm individual reporters. The strategy is to divide and conquer by forcing newsrooms to disavow their colleagues one at a time. This is not a good-faith conversation; it’s intimidation.

Exactly.

An occupational risk of freelancing: zero words on topic A

The European Commission socked Google with a €4.34 billion fine Wednesday over its treatment of Android device vendors, and I have had zero words published to my name about that blockbuster ruling.

It happens. When you’re not on staff and not in the newsroom as a major story breaks, you can get left aside as staff writers jump on that topic and editors scurry to get their copy posted. That collective rush to publish–and the glut of hot takes about whatever tech issue tops a day’s headlines–may then result in you not being able to sell anything about said storyline before everybody’s moved on to the next breaking topic.

So, yes, I have not opined at length over the EC’s judgment that Google abused its market power in requiring Android vendors to ship its Chrome browser and set its own search as the default if they wanted to bundle the Play Store. I haven’t even gone on radio or TV to spout off on Google getting this roughly $5 billion haircut, leaving only my initial, skeptical tweets as my comments.

I feel like I’ve put my tech-pundit status in jeopardy, especially considering the shameful lack of even unpaid broadcast exposure.

On the other hand, I should appreciate being able to think through this matter instead of having to file 800 words of first-few-hours analysis.

On the other other hand, my self-employed status also means I don’t have to crank out four posts in a day every time Apple commits news. And not being beholden to a single newsroom lets me self-assign less-obvious coverage, as long as I can find a willing client. That occupational flexibility may yet allow me to get back to Topic A in tech news this week, if I can just find the right angle to pitch to the right editor…

The conference that got away: Viva Tech 2018

In an alternate universe, Sunday’s recap of my last week’s work would have included a round of panels at Viva Technology Paris, the growing tech gathering that’s now in its third year. In 2016 and 2017, I moderated a round of discussions and got my travel covered, which was an excellent way to go to one of my favorite cities.

That didn’t happen this year, and I’m the reason why. I didn’t think to e-mail anybody involved with the conference until a third of the way through April, which in retrospect was absurdly late for an event of this size. I got a reply a few days later, saying they were “quite advanced” in assigning panels but wanted to know if there were particular topics I could handle.

My response emphasized my flexibility, which may have been a mistake in that it didn’t say “give me everything open on this topic.” In any case, I didn’t get another e-mail back and then ensured I wouldn’t be going to Viva Tech by not sending any more myself.

(If you listen closely, you may now be able to pick out the sound of a rather small violin playing for me.)

The lesson here is nothing new: Sitting back and waiting for good things to happen is more likely to result in nothing happening. Which in this case not only foreclosed any chance of organizer-paid airfare and lodging but also meant I didn’t get to cover Viva Tech talks by the likes of Facebook’s Mark Zuckerberg and Microsoft’s Satya Nadella.

I did, however, avoid having four weeks in a row of business travel, and being around this weekend meant I could catch up with an old friend from my college paper at a gathering on the roof of his apartment building. That wasn’t so bad.

I will try to be more assertive for next year’s Viva Tech… although its mid-May scheduling may overlap with Google I/O. In which case: le sigh.

Advanced Mac tinkering: performing a drive transplant on a 9-year-old machine

Friday’s work toolkit got a little weird. It included two suction cups, multiple sizes of Torx screwdriver bits, a pair of tweezers, a can of spray air, a microfiber cloth and a lot of patience.

Were Apple a company that updated its computers on a regular and predictable pattern, I would have replaced this desktop long ago. But first it spent years neglecting its desktops, then my laptop needed replacing first, and now the “new” iMac has gone almost a year without an update.

iMac SSD in placeInstead, two other things got to upgrade my desktop the cheap but hard way. First my backup hard drive died without warning, then I noticed that an SSD upgrade kit was down to $200 and change at the longtime aftermarket-Mac-hardware vendor Other World Computing. That would be a cheap price for a vastly faster storage system, and anyway I couldn’t resist the challenge here. So I placed my order… and then waited two weeks as the Postal Service somehow lost and then recovered the package that it only had to run from the nearest UPS to our front porch.

In the meantime, I did a complete Time Machine on my new backup drive, then used Shirt Pocket’s SuperDuper to put a bootable copy of the iMac’s entire drive on a second partition of that external volume. With those redundant backups done and my schedule somewhat clear Friday, it was time to risk breaking my desktop computer with the sort of involved tinkering I last seriously attempted around the turn of the century, when I owned a Mac clone in which almost everything inside was user-accessible.

Step one–as explained in a how-to video that would have been more effective as written instructions illustrated with animated GIFs–was to get the iMac’s LCD out of the way. I used the suction cups to lift the outer glass off the magnets holding it in place (you can imagine my relief at not having to battle with any glue), then removed eight Torx screws holding the LCD assembly, using the tweezers to ensure they wouldn’t get lost inside the iMac. I carefully tilted that out and held it away from the rest of the computer, then detached four ribbon cables from their sockets inside the computer–each time feeling a little like I was about to fail to defuse a bomb.

The next step was to extract the old hard drive. After removing another two screws and plucking out a further three cables, I just had to undo four other screws to get the hard drive out of its mounting bracket… which is when I realized that the second screwdriver included in OWC’s kit wasn’t the right size.

iMac LCD attachmentFortunately, the second neighbor I checked with had an extensive set of Torx screwdriver bits. After finding one properly sized to liberate the drive bracket, I used the spray air to knock nine years’ worth of dust out of the innards of the computer, then completed the drive transfer by securing the SSD to the bracket, connecting it to the original cables and fastening the new drive to the computer. I did the same routine with the LCD assembly, wiped it and the glass panel with the microfiber cloth, then finally clicked that outer glass back onto its magnets.

With the computer once again whole, I plugged it in, attached the backup drive, pressed the power button–and was delighted to see it boot properly off that external drive.

Installing macOS High Sierra from the backup drive to the SSD went remarkably fast; running a complete Time Machine restore of all my data and apps did not. But by the end of Friday, I had an old computer that no longer felt so old. And the pleasant sense that I haven’t completely lost my DIY-tech skills.

Conference-app feature request: block out my schedule as I pick panels

NEW ORLEANS–My calendar includes a lot of conferences (especially this month), and as a result my phone features a lot of conference apps.

Collision app schedulingThe conference that has me here, Collision, has one such app. As these things go–meaning, let’s set aside how many of their features could be done just as well by Web apps–it’s not bad. But the personalization tool that lets you cobble together a schedule of talks that appeal to you is deeply broken.

The schedule at Collision, as at other conferences with multiple stages and venues, is packed with events that happen at the same time. The app should clear up that clutter by not letting me be in two places at once–meaning, when I add a talk to my schedule, it should gray out every other talk overlapping with that timeslot.

That way, I’d immediately see the opportunity cost of going to one talk versus another. But the Collision app does not do that. And although it is smart enough to stick an orange “Priority” label next to my own panels, it doesn’t even block out talks overlapping with the most important items on my agenda.

This is a common failing with conference apps. I don’t recall the SXSW app doing this kind of schedule triage, even though that’s even more vital at an event with so many more overlapping tracks. The app for Google I/O, my destination next week, definitely omits this function. And since the Web Summit app is built from the same template as the Collision app, it will repeat this omission… unless somebody in management is sufficiently moved by this post. Can y’all hear me out on this?

 

 

My Windows laptop doesn’t seem to want to run Windows anymore

A week ago, I was sure I could cure the squirrelly behavior of the laptop I bought less than six months ago the hard way–by wiping the hard drive and reinstalling Windows from scratch. And for at least two days, that worked.

But then the laptop failed to wake from sleep, and when I force-rebooted it, the machine got stuck in the same “Preparing Automatic Repair” state that left this HP Spectre x360 unusable for a few days last month.

And this time, the laptop was back to refusing to recognize the USB recovery drive I’d created on it–even while it did boot up my ancient ThinkPad.

A chat session with HP’s tech support didn’t unearth any fixes for the problem, so the rep said he’d send me a second USB recovery drive. To HP’s credit, that drive arrived the next day.

But while this “Recovery Media” can erase the hard drive and reload all the necessary installation files on its recovery partition, the computer can’t then load Windows off that partition. At some point into the installation process, it gets stuck at a blank screen that features only Windows’ spinning circle of dots.

The Kafkaesque angle to all this: Installing Ubuntu Linux off a flash drive was no problem at all. Alas, this distribution of the open-source operating system doesn’t seem to recognize my laptop’s touchscreen, fingerprint sensor or Windows Hello facial-recognition cameras, so it’s not a long-term solution.

My next attempt will be to create a Windows recovery drive from the disc image you can download off Microsoft’s site. But if that doesn’t work either, this laptop’s next business trip will involve it going back to HP in a box.