Weekly output: Apple security patches, Facebook ad transparency

Next week would normally only have four workdays, thanks to Monday being Presidents’ Day, but for me it’s more like three–Friday I start my journey to Barcelona for MWC. I made that trip for the first time 10 years ago, and I’ve learned a few things about both the wireless industry and international travel since.

Patreon readers got a bonus post this week about a business upside of my broadcasting the demise of my USA Today column.

PCMag Apple security-updates post2/13/2020: Update Now: Apple Ships Fixes for Zero-Day Vulnerability in Macs, iPhones, iPads, PCMag

After I’d vented my annoyance–on Twitter, then Mastodon–about Apple repeating its practice of not giving users any heads-up that a security fix patches a zero-day vulnerability, I decided I might as well write about this for a paying client.

2/15/2023: Facebook Promises More Details on Why Certain Ads Show Up on Your Feed, PCMag

This would have been a shorter post, except that thinking that I should remind readers of how Facebook features can take time to show up in your account reminded me that I’d written about one such feature last July that I’d never seen in my own account, which in turn led me to discover that Facebook’s help page about that Feeds tab had incorrect instructions. And apparently nobody at Facebook had noticed that error until I e-mailed their PR department to ask about that.

Advertisement

Apple and Google could be a lot clearer about their security patches

Multiple times this week, I’ve updated mobile devices with security patches from Apple and Google. And every time, the user experience has left me feeling that these companies don’t think I need to know anything about the content of those patches.

On my iPad mini 6 and my Google Pixel 5a, and then later on a review iPhone 11 (I don’t know why Apple PR hasn’t started charging me late fees on that loaner), the notice of a security patch came with a description no more specific than “bug fixes and security updates,” the vague phrasing shown on my tablet.

Photo of Google Pixel 5a and Apple iPhone 11 with each phone open to the respective company's page purporting to describe the update. The phone are seen from above, resting on a brown background.

Each update notice also came with a link that should have provided more details but did not. On the iPad and iPhone (plus the Mac mini on which I’m typing this post), Apple sent me to the same “Apple security updates” page I’ve been visiting for years–“a dusty bookshelf of a page indexing patches going back to Jan. 8, 2020,” as I described it at PCMag. My Android phone’s notification, meanwhile, sent me to a “Pixel Community” page that led off with a “Featured Posts” list of the past few months’ worth of updates for Pixel devices.

So on each device, I had to tap further to see just what was getting patched. In Apple’s case, it was a serious vulnerability in its WebKit browser framework: “Processing maliciously crafted web content may lead to arbitrary code execution.” And somebody was already exploiting this to attack users: “Apple is aware of a report that this issue may have been actively exploited.”

That kind of “zero-day” vulnerability deserves a more direct description, so people will know that it’s worth having their devices unusable during the install process (more than 6 minutes on the iPhone 11) to lower the odds of getting hacked.

Google’s February 2023 patch, meanwhile, revealed itself to include patches for accessibility, audio, Bluetooth, and calendar features, plus security fixes that were not specified in any way until after three more taps of links. Except that the Pixel update bulletin I unearthed itself only listed the vulnerabilities by “CVE” (Common Vulnerabilities and Exposures) numbers that I then had to Google for more details.

The one issue that the Pixel bulletin labeled a “high” risk turned out to be a memory bug that, per the National Institute of Standards and Technology’s vulnerabilies database, could allow “local information disclosure with no additional execution privileges needed.” I read that as an opportunity for a hostile app to snoop on my data and was then relieved to see that NIST did not describe this “vuln” as already being exploited.

I’m not saying that you should hold off on security fixes until you get a detailed breakdown of their code; your safest course is to trust Apple, Google and Microsoft and install their patches as soon as possible, because the developers there spend more time on this than you possibly can. I am saying that it should be basic software manners for these companies to allow their more curious customers to enlighten themselves about these updates as fast as possible. That means in one click, not two, four, or more.

Weekly output: Android 14, Qualcomm and “5G NR-Light,” SpaceX COO, 1Password, Mark Vena podcast

All of my writing this week appeared over two days, and I wrote most to all of three of them on a single day–a pace that may have contributed to a couple of dumb mistakes in one of them.

2/8/2023: Google Releases First Android 14 Developer Preview, PCMag

Google gave me an advance on the announcement of the first developer-preview release of the next major version of Android. I took care to remind readers that their own Android phones might see Android 14 some time after it lands on Google’s Pixel phones–or might not ever see it.

Screenshot of story as seen in Safari on an iPad mini 62/8/2023: Qualcomm starts connecting the dots on 5G NR-Light, Light Reading

I got another advance briefing for Qualcomm’s news of an upcoming lower-power, cheaper and smaller X35 modem intended for connected gadgets that don’t need full 5G speeds. But Qualcomm was weirdly stingy on details about this hardware, such as any hard numbers for its size or power consumption.

2/8/2023: SpaceX COO Teases Starship 33-Engine Test Fire on Thursday, PCMag

I spent Wednesday and Thursday at the Commercial Space Transportation Conference, where SpaceX chief operating officer and president Gwynne Shotwell shared some news about that company’s giant Starship rocket during an onstage interview. I rushed to write that up but in the process I identified Shotwell’s onstage interlocutor as former congressman Mike Rogers of Alabama, not the Mike Rogers of Michigan who did the honors. And between writing the first paragraph and the third one, I somehow decided that Starship had 31 engines in its first stage, not the correct 33.

2/9/2023: 1Password to Offer Passkey-Only, No-Password Logins, PCMag

The PR people at 1Password gave me an exclusive on their news of an upcoming move to offer subscribers the option of authentication via the new passkeys standard–with no master password needed for this password-manager service.

2/10/2023: S03 E45 – SmartTechCheck Podcast, Mark Vena

My contribution to this week’s edition of my industry-analyst friend’s podcast was to discuss Washington’s escalating conflict with large tech companies, as seen in such developments as the Department of Justice’s antitrust lawsuit against Google and President Biden’s (brief) calls for digital-privacy regulations in the State of the Union address.

A good run at USA Today has reached its end

The explainer about the Matter smart-home standard that USA Today ran last week was my 451st column for the paper’s site, if my count is correct. It was also my last: Management at USAT’s corporate parent Gannett ordered up yet another round of cuts, and this time some freelance contributors wound up inside the blast radius.

I’ve long said that there’s no such thing as a permanent freelance client, but USA Today was about as close as they come. My first column–about Facebook privacy, an anxiety source that had already earned evergreen status–ran right before Christmas of 2011, less than nine months after my exit from the Washington Post had ended my previous tenure as a tech-help columnist. That’s long enough ago in publishing terms for CMS changes to have broken the original link and forced me to the Internet Archive to surface a copy here.

Photo of a column on broadband data caps as it ran in USAT's print edition on July 2, 2020.

The subsequent 11-plus years have seen me revisit social-media privacy many times–along with such other perennial topics as data caps, out-of-reach broadband, the apparently-unlimited interpretations of “unlimited data” on wireless plans, different options to buy new iPhones, and the stupid pricing games that Internet providers play.

Some favorites among those hundreds of columns:

A few of those stories wound up in USAT’s print edition, such as the July 2020 column on data caps in the photo above. And for a while, this relationship also afforded me the possibility of extra business–some of which was fun, like the tech explainers I wrote for Gannett’s short-lived NowU senior-lifestyle site. But then I also once ditched SXSW to spend an afternoon knocking on doors around Austin to try to interview witnesses to the 2018 package bombings.

The budget axe first swung in my direction in 2015, when my column got trimmed by about a third with a corresponding reduction in pay; in 2019, management reduced the column frequency from four times a month to twice. Seeing two friends and longtime fixtures of USAT’s tech coverage exit the place over the next two years–Ed Baig in 2020, Jefferson Graham a year later–did leave me grateful to have my column as a constant through the gruesome year of 2020. But it did not leave me with too many illusions about the long-term stability of my gig.

Those previous trims to my role at USAT mean I’m now losing only a small fraction of my income, one that shouldn’t be too hard to replace. (I don’t know how much Gannett is saving in total with this latest budget cut, but it has to be vastly less than the $7.7 million in salary, stock awards and bonuses that chairman and CEO Michael Reed collected in 2021.) I will, however, miss having the USA Today name to throw out when registering for an event.

I will also miss knowing that a request for tech support from a friend, family member or reader could be the start of my next column. But please don’t let that stop you from e-mailing me with a tech query–and rest assured that if your problem is interesting enough, I will find a reasonably well-paying place to write about it.

Weekly output: OpenAI-enhanced customer support, fixed-wireless upgrades, MLS Season Pass, app-store competition report, FCC broadband map, Matter, Next Level Networks, Twitter offer to creators

I blew off work Friday to do something I hadn’t done in four years: go downhill skiing. Slope conditions were not awesome and I had snow guns blowing in my face most of the time, but it still easily beat spending those hours in a warm, dry home office.

1/31/2023: Can OpenAI Tools Help Customer Service Reps Sound More Human?, PCMag

The PR folks for Intercom gave me an advance on their news about adding GPT-based writing assistance to their widely-used customer-support platform.

1/31/2023: How MU-MIMO could change the FWA game for T-Mobile and Verizon, Light Reading

My editor at this trade pub asked me to summarize a rather technical report from Signals Research Group that found signs of a significant capacity upgrade in progress at T-Mobile–which that carrier had not talked up before but confirmed when I asked about it.

2/1/2023: Apple Invites Soccer Fans to Sign Up for MLS Season Pass, PCMag

After writing last summer about Apple signing this deal with Major League Soccer, I had to follow up with the pricing details Apple announced Wednesday.

2/2/2023: Feds Slam Apple, Google for Abusing App-Store Power (But Mostly Apple), PCMag

The lengthy report the National Telecommunications and Information Administration posted on Wednesday didn’t break any major news about the ways Apple and Google have run their mobile app stores, but its recommended remedies were still interesting.

Screenshot of story as seen in USAT's iPad app2/3/2023: Is broadband available near you? This updated FCC map can tell you. Maybe., USA Today

I’d had this topic on my to-do list for a while, and then Federal Communications Commission chair Jessica Rosenworcel offered an update on the FCC’s connectivity-cartography efforts at an event Tuesday.

2/3/2023: With Matter, Apple HomePod 2 speaker aims to connect to devices no matter who makes them, USA Today

USAT publishing this post (a week and change after I filed it) wraps up my CES 2023 coverage.

2/3/2023: This startup aims to green broadband deserts with an old-school idea: Get customers to pay for the network up front, Fast Company

I first read about Next Level Networks from Ars Technica’s Jon Brodkin, then learned that this Bay Area startup was building a fiber network at a development in Sonoma County, Calif.–not far from where I was already spending the holidays with my wife’s family.

2/3/2023: Twitter offers ad revenue share to creators, Al Jazeera

I was able to jump on Skype to offer a value judgment about Elon Musk’s insultingly vague promise of a share of advertising revenue to undefined “creators” who also pay $8 a month for Twitter Blue because I got back from skiing maybe 25 minutes before scheduled airtime.

An almost Lightning-free gadget existence

Upgrading from my iPad mini 5 to an iPad mini 6 almost two weeks ago hasn’t made a huge difference in my tablet usage aside from my needing to remap Touch ID fingerprint unlocking from a large button below the screen to a power button at the top right. But it’s already yielded a huge improvement every time I need to charge the thing: I don’t need to find a Lightning cable.

Lightning and USB-C cables meet above the Apple logo on the back of an iPad mini 6

Because this tablet has a USB-C port instead, I can plug it into the same cables that I’d use to charge my phone, my previous phone and my old and any new laptop. Not having to worry about proprietary charging accessories is a welcome, if overdue luxury in my history of Apple gadget ownership, and it’s enough to outweigh the mini 6 omitting a headphone jack.

(I do have a pair of Bluetooth headphones–after interviewing Nothing co-founder Akis Evangelidis at Web Summit in 2021, he gave me a pair of that company’s Ear (1) earbuds. I still need to buy a USB-C headphone-jack adapter if I’m going to use any other headphones I own, especially the Bose QC25 noise-cancelling headphones I’ve grown to appreciate on long flights.)

Unfortunately, I can’t get away from Lightning when I’m at my desk at home: The Magic Keyboard with Touch ID and Numeric Keypad on which I’m typing this post has a Lightning connector for recharging (and for working around the occasional Bluetooth dropout). I can’t think of any engineering reason to have this $179 wireless peripheral charge via Lightning instead of USB-C, but Apple can’t seem to let this connector go.

And then there’s the mouse next to the keyboard–which is not Apple’s $79 Magic Mouse. Instead, I am still using the AA battery-powered wireless mouse that came with the iMac I bought in 2009. This rodent continues to function fine at steering a cursor around a screen–notwithstanding the times, more often than with the keyboard, when the Bluetooth connection drops because reasons. And when the mouse runs out of a charge, it takes me well under a minute to pop the two spent AAs out of the thing and replace them with two charged AAs from the charger next to my desk.

Apple’s current, not-so-magic mouse, meanwhile, must be set aside while it charges because its port is on the bottom–an idiotic configuration that the design geniuses in Cupertino have stuck with since 2015. And that charging port requires a Lightning cable, again for no discernible reason besides “Apple said so.” So while I had no big hang-up over spending $550 and change on a tablet with 256 GB of storage (on sale for $100 off), I just don’t want to spend even a small fraction of that to underwrite Apple’s Lightning fetish.

Weekly output: Helicopters of D.C., DOJ sues Google, Rocket Lab launch, DirecTV drops Newsmax

Last week featured my second business trip of the year, and also my third trip to the destination in question since the middle of December.

Screenshot of story as seen in Safari on an iPad mini 6, illustrated with a photo of a UH-60 Blackhawk flying with the Washington Monument in the background.1/23/2023: How Crowdsourced Chopper Spotting Helps ID the Helicopters of DC, PCMag

I’ve been following the @HelicoptersofDC Twitter account for two years and change, so it was a treat to see Andrew Logan, the guy behind this aircraft-tracking project, explain how it works and how he’s dealt with obstacles ranging from uncooperative government agencies to Elon Musk.

1/24/2023: DOJ: Google ‘Corrupted Legitimate Competition’ With Ad-Tech Business, PCMag

My take on this antitrust lawsuit targeting Google’s display-ads practices: If people as politically opposed as U.S. Attorney General Merrick Garland and Texas Attorney General Ken Paxton all think you’re guilty, you’d better lawyer up.

1/25/2023: On Second Try, Rocket Lab’s Electron Leaps to Space From Virginia Coast, PCMag

Almost a month after the first of three road trips to Wallops Island, I got to see a rocket fly to space–the fourth time I’ve done so close enough to hear it, and the first of those times I didn’t have to fly to Florida first. For another take on the experience, see the writeup from Ars Technica’s John Timmer, who had already decided to drive there and back and gave me a lift.

1/25/2023: DirectTV Dumps Newsmax, Citing Fees, Newsmax Cries ‘Censorship’, PCMag

The notion that DirecTV’s owners–gigantic telecom conglomerate AT&T and the private-equity firm TPG–are somehow members of the woke mob is dumb beyond belief. And yet that claim also fits right into a pattern of performative victimhood in the Trumpian part of today’s Republican Party.

The D.C. area’s no-flying-needed way to see a space launch

Tuesday night treated me to the first space launch I’d seen in person–meaning close enough to hear it–since 2018. And unlike the previous three launches that I have been privileged to experience from that close, this one did not require a flight to Florida.

Instead, only a three-hour drive lay between my house and Virginia Space’s Mid-Atlantic Regional Spaceport, hosted at NASA’s Wallops Flight Facility on Virginia’s eastern shore. (Shout out to Ars Technica’s science writer John Timmer for offering a lift.) The occasion was Rocket Lab’s U.S. debut of its Electron rocket, something I had made two earlier trips to Wallops in December to see before those launch attempts got called off.

Electron heads to space, with its second stage leaving a plume that evokes a celestial jellyfish.

Rocket Lab, a startup that first launched Electron from its New Zealand facility in 2017 and had conducted 31 missions from there since, is the newest tenant at Wallops. But this site across an inlet from Chincoteague saw its first liftoff much earlier–in 1945, five years before Cape Canaveral’s first launch. It’s had a quieter existence since, with recent Wallops headlines featuring a flight or two a year of Northrop Grumman’s Antares rockets to send Cygnus cargo spacecraft to the International Space Station. They remain the only space launches that I’ve seen, faintly, from my house.

A press pass issued by Rocket Lab granted a much closer view of its “Virginia is for Launch Lovers” mission, just two miles away from a spare concrete pad next to the Atlantic. At ignition about 40 minutes after sunset, Electron lit up the shore, a brilliant beacon shooting into the sky. The sound rolled out to us about two seconds later–a steady low-frequency roar that might have been an especially loud jet engine, except jets can’t shoot anything into Earth orbit. A clear sky let me track the rocket through first-stage separation, then follow the second stage as its exhaust left a plume dozens of miles up.

If you’re reading this around the D.C. area, you should have multiple chances to experience that, as Rocket Lab plans four to six launches from Wallops this year. Things to know in advance:

• The no-stopping offseason drive should be barely three hours from downtown D.C. to the Wallops visitor center, but woe betide anybody who hopes to make the trip that quickly on weekends from Memorial Day to Labor Day.

• The range at Wallops doesn’t shout “space flights here,” lacking the giant gantries of the Kennedy Space Center; the tallest structure is a water tower emblazoned with NASA’s “meatball” circular blue logo.

• Wireless coverage can get really bad, so you should not bank on being able to Instagram launch photos.

• Don’t expect the same show you’d get at a KSC launch. At liftoff, Electron’s thrust is 43,000 pounds, while at launch Antares (with one launch left this year) is good for 864,000 pounds. In comparison, SpaceX’s Falcon 9 and Falcon Heavy have 1.7 and 5.1 million pounds of sea-level thrust sending them skyward. But while you won’t have the experience of feeling a giant rocket’s sound rush over you like an acoustic avalanche, it is still a kind of magic to see something people made leave the ground and soar into the black, all the way to space.

• You can, however, see a launch from closer than the Cape allows. A launch-viewing guide from photographer Kyle Henry lists one location, not always open, 1.7 miles from the pad, with an always-open spot 2.2 miles away. The NASA Wallops Visitor Center is another option, about 7 miles away.

• If you can’t make the trip, you should still be able to see a Wallops launch from around D.C. That’s more easily done at night, when you don’t have to distinguish one contrail from everything else in the sky; you just have to spot a rocket’s red glare.

Weekly output: Samsung self-repair, FCC chair’s security concerns, tech-policy forecast, password managers, Google layoffs, electric-car progress, legal risks for security research

This week had me head into D.C. for work events four days in a row, something that last happened in early 2020.

1/17/2023: Samsung ‘Self-Repair’ Program Adds Galaxy S22 Phones, Some Galaxy Books, PCMag

The post I wrote after Samsung gave me an advance copy of their press release noted the limited number of replacement parts offered under this program, but Technica’s Ron Amadeo–who has a lot more experience with Samsung gadgets than I do–went into detail about how much it doesn’t cover.

1/18/2023: FCC Chair: 5G Expansion Creates ‘Broader Attack Surface’ for Cyberattacks, PCMag

I watched a brief but fairly info-dense speech by FCC chair Jessica Rosenworcel about privacy and security risks to U.S. wireless networks and their customers.

Screenshot of the story in Safari for iPadOS, illustrated with a photo of the Capitol not long after sunrise.1/18/2023: Is This the Year Congress Finally Tackles Privacy Legislation?, PCMag

Betteridge’s law of headlines suggests that the answer to that question is “no.” A look at the last decade of Congressional inaction on privacy also points to a negative answer.

1/19/2023: Considering an app to manage your passwords? This advice will be key no matter which app you choose., USA Today

This column got published considerably after I filed it, and I don’t exactly know why. Fortunately (or unfortunately, if you’re a LastPass customer), LastPass hasn’t provided any more clarity about its data breach since I wrote the piece.

1/20/2023: Google layoffs, Al Jazeera

I made an in-studio appearance to talk about Google’s layoffs–and made sure to note Google’s aggressive stock buybacks.

1/20/2023: Feds Tout Progress in Electrifying US Fleet, Building Out Car Chargers, PCMag

The Washington Auto Show’s public-policy day didn’t feature an enormous amount of news, but two panels featuring Biden administration representatives yielded some useful details about efforts to electrify government vehicles and support building out hundreds of thousands of new car chargers.

1/22/2023: Good News, Bad News for Security Researchers: Feds Are Less Likely to Charge You, States Are Another Thing, PCMag

Information-security lawyer Harley Geiger gave an amusing and informative talk at the ShmooCon conference about the state of computer-crime laws and how they can menace legitimate security research.

The major purchase I don’t want to make until next year–if not later

Somebody with a 17-year-old vehicle in their driveway should be the easiest mark possible at an auto show. Any new car on display there should offer an immense advance in comfort and convenience–and an even greater leap in efficiency when the vehicle has a battery-electric drivetrain.

A charging port on the side of a Hyundai Ioniq 5

And yet my visit Thursday to the Washington Auto Show on its public-policy day left me relieved that our 2005 Toyota Prius–somehow still only the second car I’ve owned–keeps rolling along.

It’s not that this year’s show didn’t offer an intriguing selection of electric cars, even with VW sitting out the entire event. Multiple automakers now have not-too-big EVs on the market at not-crazy prices that offer decent range and charge quickly.

(If a tree fell on our Toyota tomorrow, I’d probably make a Kia EV6 and a Hyundai Ioniq 5 our first test drives.)

But the selection will only expand as automakers–here I have to note that decades of poor judgment at Toyota have left it shamefully far behind in EVs–race to bring more electric cars to the market. And each new model year represents another 12 months for manufacturers to improve on existing designs and for batteries to get more efficient. And each new month means more car chargers springing up along the nation’s roads, soon to be accelerated with nearly $5 billion in funding from the 2021 infrastructure law.

Our own house would need its own wiring upgrade before we’d want to park an EV in the driveway. That probably won’t get any cheaper and may cost a lot more than expected, depending on what kind of quirky work lurks inside our century-old abode.

Meanwhile, living in a walkable and Metro-served neighborhood, with no driving commutes for me or my wife, affords us the luxury of not having to use our vehicle that much. And of not even having to think that much about what’s become a relatively low-mileage old car–except, perhaps, when I’m surrounded by shiny new alternatives to it.