Credit where it’s due: Thanksgiving tech support has gotten easier

I spend a lot of time venting about tech being a pain in the neck, but I will take a break from that to confirm that my annual Thanksgiving-weekend routine of providing technical support has gotten a lot easier over the last 10 years.

The single biggest upgrade has been the emergence of the iPad as something usable as the only computer in the house. It took a few years for Apple to make that happen–remember when you had to connect an iPad to a computer for its setup and backups?–but Web-first users can now enjoy a tablet with near zero risk of malware and that updates its apps automatically.

As a result, when I gave my mom’s iPad a checkup Wednesday afternoon, the worst I had to do was install the iOS 12.1 update.

That left me free to spend my tech-support time rearranging that tablet’s apps to keep the ones she uses most often on the first home screen.

Things have gotten easier on “real” computers too. Apple and Microsoft ship their desktop operating systems with sane security defaults and deliver security patches and other bug fixes automatically. The Mac and Windows app stores offer the same seamless updates for installed programs as iOS and Android’s. And while Google Chrome and Mozilla Firefox aren’t in those software shops, they update themselves just as easily.

But the openness of those operating systems makes it easier for people to get into trouble. For example, a few weeks ago, I had to talk a relative through resetting Chrome’s settings to get rid of an extension that was redirecting searches.

Other computing tasks remain a mess. On a desktop, laptop or tablet, clearing out storage to make room for an operating-system upgrade is as tedious as ever, and it doesn’t help when companies like Apple continue to sell laptops with 128-gigabyte SSDs. Password management continues to be a chore unless (duh) you install a password manager.

Social media looks worst of all. Facebook alone has become its own gravity well of maintenance–notifications to disable to curb its attention-hogging behavior, privacy settings to tend, and propaganda-spewing pages to avoid. There’s a reason I devoted this year’s version of my USA Today Thanksgiving tech-support column to Facebook, and I don’t see that topic going out of style anytime soon.

Advertisements

Credit-card fraud doesn’t care how much you obsess about security

Once again, I have a credit card cut into pieces and dumped in a trash can, thanks to somebody trying to treat themselves to a spending spree on our account.

This time, the card was a Citi Double Cash MasterCard, and the transaction that got my attention was a $969.90 Lenovo purchase. Neither my wife nor I had any recollection of making that–and neither Citi nor Intuit’s Mint personal-finance app had flagged it as suspicious.

After spotting that in our account, I saw two other, sub-$10 transactions with “OTC Brands” that also didn’t match up with anybody’s memory. A 14-minute call later, Citi had canceled our cards and ordered up replacements–I can already shop online with the new number–and pledged to investigate these three sketchy purchases.

So overall, we got off easy. But the experience has been a useful reminder that sometimes security is entirely out of your hands. There’s nothing we could have done to stop this from happening; at best, Citi’s security would have flagged the Lenovo purchase and asked me to approve or deny it, as it did when an unknown party tried using our card in March of 2016 at a Ukrainian site.

And no, having an EMV chip on this card did not enhance its security for card-not-present transactions. Even if this card had required me to key in a PIN instead of sign for in-person purchases, that also would have likely made no difference online.

Sometimes you just have to hope that the system works–and when it doesn’t, hope that you don’t wait too long for the system to get your money back. Having gotten Equifaxed last year, I can confirm that things could be worse.

It’s been a trying week to keep a politically open mind

For years, one of the non-obvious pleasures of writing about tech policy has been knowing that the good and bad ideas don’t fall along the usual right/left lines.

I might not want to hear Republicans like Rep. Darrell Issa (R.-Calif.) and former Rep. Jason Chaffetz (R.-Utah) say a single word about Benghazi, but they were right on a lot of intellectual-property issues. At the same time, I have not enjoyed seeing Democrats I otherwise find clueful like Sen. Pat Leahy (D.-Vt.) repeat entertainment-industry talking points.

But as the past couple of years and these past few days in particular have reminded me, the GOP looks different these days. When a Supreme Court nominee can snarl about left-wing conspiracies in a way that invites the description “Justice Brett Kavanaugh (R)” as the White House rushes through an investigation of sexual-assault allegations against him, and then all but one Senate Republican approves… well, that didn’t happen under President George W. Bush, as awful as things got then.

As a voter, I find nothing to like about what’s now the party of Trump. I’m struggling to think when I might once again cast a contrarian vote for a Republican for Congress in my deep-blue district–especially since my current representative lacks his predecessor’s history of questionable financial transactions.

But at the same time, it’s not good for my health to turn into a ball of rage, and I don’t want to respond to a bout of tribalism on the Republican side by returning the favor. So I’ve been trying to keep a few thoughts in mind.

One is that coherent political philosophies can deserve respect, but blind loyalty, an unprincipled will to power or rank bigotry do not. I may not agree with your notions on government power or individual responsibility, but if I see you speaking and acting in accordance with them, I can at least try to understand where you’re coming from. If, however, you’ve abandoned past positions because they conflict with fact-starved Trump talking points, why should I take you seriously?

If the logic of your current policy positions boils down to “this will help my team,” the same response applies. And if you spout racist or misogynistic nonsense, crawl back under your rock.
A second is that today’s Republican Party and conservatism aren’t the same thing, as one of this year’s dumber tech-policy debates illustrates. It’s become fashionable to describe (groundless) GOP complaints over social-network bias in terms of unfairness to “conservatives,” but the people doing the whining are solidly in Trump’s corner and back such Trump moves as imposing a hidden tax through massive tariffs and propping up dying resource-extraction industries–neither the stuff of small-c conservatism.

A third is that Democrats left alone can still screw things up. Living in D.C. in the mid 1990s, I had the privilege of helping to pay Marion Barry’s salary with my taxes; I know the risks of unchecked one-party rule. We still need a party that can point out that market forces can solve some problems on their own and that abuse of power isn’t just a sport for big business.

I assume it will take at least one electoral wipeout to break Trump’s spell on the Republican Party and let it try to recover that role–as that bomb-throwing liberal George Will wrote in June. In the interest of not trying to pretend I have no opinion on things I see everyday, I will admit that seeing such a beatdown would not make me sad.

Why I attended two monetization-resistant conferences

I spent the past two weeks betraying a basic rule of self-employment: Don’t go someplace without having enough work lined up to pay for the trip. Worse yet, I paid for a conference badge–twice.

I had my reasons. The XOXO festival in Portland promised a repeat of the mind-expanding, heartening talks I watched with rapt attention in 2013 and 2015, plus the side reward of getting to spend a few days in a city I like but hadn’t visited since 2015. The Online News Association conference in Austin, meanwhile, would bring its usual mix of professional development and catching up with old friends.

XOXO stageI had hopes of selling a post or two from each, but I’d still lose money from each trip (and then I wound up not selling anything at all). So what did I get for my $500 XOXO pass and $439 ONA registration, plus airfare and lodging for each?

This year’s XOXO was not the same independent-creativity pep talk as before, because most of the speakers didn’t address that theme. But there were some seriously compelling talks anyway:

  • Jonny Sun and then Demi Adejuyigbe talked with candor and hilarity about battling impostor syndrome;
  • Jennifer 8. Lee explained how she worked the emoji-governance system (yes, there is one) to get a dumpling emoji added;
  • Claire L. Evans retold some forgotten stories about female computing pioneers;
  • Helen Rosner spoke about being defined by an out-of-context tweet and having to defend her expertise, then led the audience in a recitation of this pithy, profane self-affirmation: “I am really smart, and I am really good at what I do, and you should fucking listen to me.”

Trust me, you will want to watch these whenever the organizers post the video to their YouTube page.

XOXO also had a day of meetups across Portland and endless conversations with fellow attendees. Somehow, this conference manages to attract some of the kindest, nicest people on the Internet; it’s a wonderful contrast to the acid bath that is Twitter on a bad day.

XOXO postcardThe people at ONA may not have been as uniformly pleasant–look, if we journalists had a full set of social skills, we’d all have real jobs–but that event had the advantage of being much more tightly focused on my professional reality. It’s not by accident that I’ve gone to every ONA conference since 2014.

There, too, the talks were terrific:

ONA was as great as ever for networking, I had more than my fill of delicious tacos, and I got to hear Dan Rather give a brief talk at an evening event and then shake his hand afterwards.

In retrospect, XOXO is an expense I wouldn’t repeat–although I’ve yet to go to that festival in consecutive years anyway. My takeaway from this year’s version is that instead of flying across the country to get these different perspectives, I should try harder to find them around D.C.

ONA, however, is pretty much guaranteed to be on my schedule next year–the 2019 conference will be in New Orleans. How can I not do that?

How to pick a panel out of a lineup

AUSTIN–Once again, ONA is bringing some serious FOMO. Like any conference with multiple panel tracks, the Online News Association’s gathering here requires me to choose between as many as 13 talks happening in the same timeslot.

ONA 18 badge backThe past five ONA conferences I’ve attended have featured few lackluster panels, so this choice is not easy unless I think I can sell a story from the talk.

Setting aside that mercenary motivation, when I’m looking at two or three panels of equal interest to me, I have to ask myself a series of questions. Does the talk feature people I’ve heard before and liked? Or would I rather hear from speakers I’ve never seen? Do I want to say hi to the people on the panel afterwards? Will the conversation make me uncomfortable? (That’s usually a good thing.) And will the panel I skip have audio or video posted that I can check out later on?

At least all of ONA’s panels occupy a few floors of the J.W. Marriott here, so it’s not like SXSW and its archipelago of venues. There, the panel choice is often made for you by your location.

As a last resort, I may pick my spot for the next hour on a simpler metric: Does the room have a power outlet open near a chair?

Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Recognize a bad-faith campaign to discredit a journalist when you see one

The latest target of Two Minutes Hate on the Internet is somebody unusual, in that it’s somebody I know. But the story here is manufactured outrage as usual.

Until Thursday, few people outside tech-journalism circles could have name-checked Sarah Jeong or described her Twitter presence. I’ve been following her since sometime in 2014, so I can: sarcastic and often bitterly so, expletive-laced, and grounded in a deep knowledge of how tech intersects culture and the law

That makes Jeong an essential read in my world, and also an amusing one–see her unpacking of the PETA’s monkey-selfie case. She’s also a student of how social networks fuel online harassment and wrote an excellent book about it, The Internet of Garbage, that led me to quote her in Yahoo Finance posts in 2015 and 2016.

Now Jeong is again experiencing the subject of her own research, thanks to a cut-and-paste screencap compilation quoting her saying such mean things about white people from 2013 to 2015 as “it’s kind of sick how much joy I get out of being cruel to old white men.”

Why 2014 tweets in 2018? The New York Times announced Wednesday that it had named Jeong to its editorial board. The creator of that image, who calls himself Garbage Human on Twitter, apparently saw a chance to bully the Times into hitting the Undo button on its hire–what’s happened to other young writers, some right-wing, hired by traditional media outlets.

So is Jeong a racist whom the NYT should dump? That argument is, as Jeong would put it, bullshit.

First: No, she isn’t racist. I have interacted with her, online and in person, more than enough to determine that, and I’ve yet to see any co-workers of her say otherwise. And yes, that insight trumps yours if you hadn’t heard of Jeong until yesterday. Seen in context–as you can, since she hasn’t deleted them–most of the tweets at stake are cranky jokes received as such by white friends. One’s a profane distillation of a multiple-tweet legal argument. Others look like her venting about the misogynistic, racist word vomit that can greet a woman or person of color on Twitter; I will not tone-police people in that position. 

Second, consider the sources. After Garbage Human, whose tweets show a fondness for InfoWars hoaxer Paul Joseph Watson, Jeong’s tweets got publicized by Gateway Pundit, a conspiracy-theory-spouting factory of lies. I first became acquainted with its dreck last January, when it wrongly named my friend Doris Truong as the Asian reporter taking pictures of Rex Tillerson’s notes at his confirmation hearing without bothering to ask her if she was even there.

These are not honest critics, and their arguments are no more founded in a belief in racial equality than GamerGate harassment was about ethics in gaming journalism. You don’t owe time to the talking points of a bad-faith actor, not when it’s based on a context-free sample of a handful of tweets out of 103,203 available.

I know this because I saw this strategy employed successfully against my then-Post co-worker Dave Weigel in 2010. That’s when the journalism-gossip site FishbowlDC and then the Daily Caller (both with a history of ginning up right-wing outrage, facts or context optional) published cranky e-mails about various politicians that Weigel had sent to a private mailing list. Post management did not have the spine to stand up for its new employee against this selective copy-and-paste hit job or the absurd theory behind it that reporters should never share opinions about the stuff they cover, and Weigel resigned.

Five years later, the Post hired Weigel back. He’s been kicking ass at the paper since.

I look forward to Jeong doing the same at the NYT, as it declined to take the bait. Its PR department defended their new hire while adding that it “does not condone” her earlier banter and including Jeong’s tweeted apology that “I deeply regret that I mimicked the language of my harassers.”

Jeong’s current employer until she starts at the Times, The Verge, took a stronger line in a post:

Online trolls and harassers want us, the Times, and other newsrooms to waste our time by debating their malicious agenda. They take tweets and other statements out of context because they want to disrupt us and harm individual reporters. The strategy is to divide and conquer by forcing newsrooms to disavow their colleagues one at a time. This is not a good-faith conversation; it’s intimidation.

Exactly.