Next week would normally only have four workdays, thanks to Monday being Presidents’ Day, but for me it’s more like three–Friday I start my journey to Barcelona for MWC. I made that trip for the first time 10 years ago, and I’ve learned a few things about both the wireless industry and international travel since.
After I’d vented my annoyance–on Twitter, then Mastodon–about Apple repeating its practice of not giving users any heads-up that a security fix patches a zero-day vulnerability, I decided I might as well write about this for a paying client.
This would have been a shorter post, except that thinking that I should remind readers of how Facebook features can take time to show up in your account reminded me that I’d written about one such feature last July that I’d never seen in my own account, which in turn led me to discover that Facebook’s help page about that Feeds tab had incorrect instructions. And apparently nobody at Facebook had noticed that error until I e-mailed their PR department to ask about that.
Multiple times this week, I’ve updated mobile devices with security patches from Apple and Google. And every time, the user experience has left me feeling that these companies don’t think I need to know anything about the content of those patches.
On my iPad mini 6 and my Google Pixel 5a, and then later on a review iPhone 11 (I don’t know why Apple PR hasn’t started charging me late fees on that loaner), the notice of a security patch came with a description no more specific than “bug fixes and security updates,” the vague phrasing shown on my tablet.
Each update notice also came with a link that should have provided more details but did not. On the iPad and iPhone (plus the Mac mini on which I’m typing this post), Apple sent me to the same “Apple security updates” page I’ve been visiting for years–“a dusty bookshelf of a page indexing patches going back to Jan. 8, 2020,” as I described it at PCMag. My Android phone’s notification, meanwhile, sent me to a “Pixel Community” page that led off with a “Featured Posts” list of the past few months’ worth of updates for Pixel devices.
So on each device, I had to tap further to see just what was getting patched. In Apple’s case, it was a serious vulnerability in its WebKit browser framework: “Processing maliciously crafted web content may lead to arbitrary code execution.” And somebody was already exploiting this to attack users: “Apple is aware of a report that this issue may have been actively exploited.”
That kind of “zero-day” vulnerability deserves a more direct description, so people will know that it’s worth having their devices unusable during the install process (more than 6 minutes on the iPhone 11) to lower the odds of getting hacked.
Google’s February 2023 patch, meanwhile, revealed itself to include patches for accessibility, audio, Bluetooth, and calendar features, plus security fixes that were not specified in any way until after three more taps of links. Except that the Pixel update bulletin I unearthed itself only listed the vulnerabilities by “CVE” (Common Vulnerabilities and Exposures) numbers that I then had to Google for more details.
The one issue that the Pixel bulletin labeled a “high” risk turned out to be a memory bug that, per the National Institute of Standards and Technology’s vulnerabilies database, could allow “local information disclosure with no additional execution privileges needed.” I read that as an opportunity for a hostile app to snoop on my data and was then relieved to see that NIST did not describe this “vuln” as already being exploited.
I’m not saying that you should hold off on security fixes until you get a detailed breakdown of their code; your safest course is to trust Apple, Google and Microsoft and install their patches as soon as possible, because the developers there spend more time on this than you possibly can. I am saying that it should be basic software manners for these companies to allow their more curious customers to enlighten themselves about these updates as fast as possible. That means in one click, not two, four, or more.
All of my writing this week appeared over two days, and I wrote most to all of three of them on a single day–a pace that may have contributed to a couple of dumb mistakes in one of them.
Google gave me an advance on the announcement of the first developer-preview release of the next major version of Android. I took care to remind readers that their own Android phones might see Android 14 some time after it lands on Google’s Pixel phones–or might not ever see it.
I got another advance briefing for Qualcomm’s news of an upcoming lower-power, cheaper and smaller X35 modem intended for connected gadgets that don’t need full 5G speeds. But Qualcomm was weirdly stingy on details about this hardware, such as any hard numbers for its size or power consumption.
I spent Wednesday and Thursday at the Commercial Space Transportation Conference, where SpaceX chief operating officer and president Gwynne Shotwell shared some news about that company’s giant Starship rocket during an onstage interview. I rushed to write that up but in the process I identified Shotwell’s onstage interlocutor as former congressman Mike Rogers of Alabama, not the Mike Rogers of Michigan who did the honors. And between writing the first paragraph and the third one, I somehow decided that Starship had 31 engines in its first stage, not the correct 33.
The PR people at 1Password gave me an exclusive on their news of an upcoming move to offer subscribers the option of authentication via the new passkeys standard–with no master password needed for this password-manager service.
My contribution to this week’s edition of my industry-analyst friend’s podcast was to discuss Washington’s escalating conflict with large tech companies, as seen in such developments as the Department of Justice’s antitrust lawsuit against Google and President Biden’s (brief) calls for digital-privacy regulations in the State of the Union address.
The explainer about the Matter smart-home standard that USA Today ran last week was my 451st column for the paper’s site, if my count is correct. It was also my last: Management at USAT’s corporate parent Gannett ordered up yet another round of cuts, and this time some freelance contributors wound up inside the blast radius.
A 2018 how-to about secure disposal of a hard drive that included my recap of taking a crowbar to a drive in my driveway, leaving the pavement “flecked with small bits of drive platter mixed with finer particles of destroyed circuitry — a sort of cybernetic sand that I had to sweep up.”
The budget axe first swung in my direction in 2015, when my column got trimmed by about a third with a corresponding reduction in pay; in 2019, management reduced the column frequency from four times a month to twice. Seeing two friends and longtime fixtures of USAT’s tech coverage exit the place over the next two years–Ed Baig in 2020, Jefferson Graham a year later–did leave me grateful to have my column as a constant through the gruesome year of 2020. But it did not leave me with too many illusions about the long-term stability of my gig.
Those previous trims to my role at USAT mean I’m now losing only a small fraction of my income, one that shouldn’t be too hard to replace. (I don’t know how much Gannett is saving in total with this latest budget cut, but it has to be vastly less than the $7.7 million in salary, stock awards and bonuses that chairman and CEO Michael Reed collected in 2021.) I will, however, miss having the USA Today name to throw out when registering for an event.
I will also miss knowing that a request for tech support from a friend, family member or reader could be the start of my next column. But please don’t let that stop you from e-mailing me with a tech query–and rest assured that if your problem is interesting enough, I will find a reasonably well-paying place to write about it.
I blew off work Friday to do something I hadn’t done in four years: go downhill skiing. Slope conditions were not awesome and I had snow guns blowing in my face most of the time, but it still easily beat spending those hours in a warm, dry home office.
My editor at this trade pub asked me to summarize a rather technical report from Signals Research Group that found signs of a significant capacity upgrade in progress at T-Mobile–which that carrier had not talked up before but confirmed when I asked about it.
After writing last summer about Apple signing this deal with Major League Soccer, I had to follow up with the pricing details Apple announced Wednesday.
The lengthy report the National Telecommunications and Information Administration posted on Wednesday didn’t break any major news about the ways Apple and Google have run their mobile app stores, but its recommended remedies were still interesting.
I’d had this topic on my to-do list for a while, and then Federal Communications Commission chair Jessica Rosenworcel offered an update on the FCC’s connectivity-cartography efforts at an event Tuesday.
I first read about Next Level Networks from Ars Technica’s Jon Brodkin, then learned that this Bay Area startup was building a fiber network at a development in Sonoma County, Calif.–not far from where I was already spending the holidays with my wife’s family.
2/3/2023: Twitter offers ad revenue share to creators, Al Jazeera
I was able to jump on Skype to offer a value judgment about Elon Musk’s insultingly vague promise of a share of advertising revenue to undefined “creators” who also pay $8 a month for Twitter Blue because I got back from skiing maybe 25 minutes before scheduled airtime.
Upgrading from my iPad mini 5 to an iPad mini 6 almost two weeks ago hasn’t made a huge difference in my tablet usage aside from my needing to remap Touch ID fingerprint unlocking from a large button below the screen to a power button at the top right. But it’s already yielded a huge improvement every time I need to charge the thing: I don’t need to find a Lightning cable.
Because this tablet has a USB-C port instead, I can plug it into the same cables that I’d use to charge my phone, my previous phone and my old and any new laptop. Not having to worry about proprietary charging accessories is a welcome, if overdue luxury in my history of Apple gadget ownership, and it’s enough to outweigh the mini 6 omitting a headphone jack.
(I do have a pair of Bluetooth headphones–after interviewing Nothing co-founder Akis Evangelidis at Web Summit in 2021, he gave me a pair of that company’s Ear (1) earbuds. I still need to buy a USB-C headphone-jack adapter if I’m going to use any other headphones I own, especially the Bose QC25 noise-cancelling headphones I’ve grown to appreciate on long flights.)
Unfortunately, I can’t get away from Lightning when I’m at my desk at home: The Magic Keyboard with Touch ID and Numeric Keypad on which I’m typing this post has a Lightning connector for recharging (and for working around the occasional Bluetooth dropout). I can’t think of any engineering reason to have this $179 wireless peripheral charge via Lightning instead of USB-C, but Apple can’t seem to let this connector go.
And then there’s the mouse next to the keyboard–which is not Apple’s $79 Magic Mouse. Instead, I am still using the AA battery-powered wireless mouse that came with the iMac I bought in 2009. This rodent continues to function fine at steering a cursor around a screen–notwithstanding the times, more often than with the keyboard, when the Bluetooth connection drops because reasons. And when the mouse runs out of a charge, it takes me well under a minute to pop the two spent AAs out of the thing and replace them with two charged AAs from the charger next to my desk.
Apple’s current, not-so-magic mouse, meanwhile, must be set aside while it charges because its port is on the bottom–an idiotic configuration that the design geniuses in Cupertino have stuck with since 2015. And that charging port requires a Lightning cable, again for no discernible reason besides “Apple said so.” So while I had no big hang-up over spending $550 and change on a tablet with 256 GB of storage (on sale for $100 off), I just don’t want to spend even a small fraction of that to underwrite Apple’s Lightning fetish.
I’ve been following the @HelicoptersofDC Twitter account for two years and change, so it was a treat to see Andrew Logan, the guy behind this aircraft-tracking project, explain how it works and how he’s dealt with obstacles ranging from uncooperative government agencies to Elon Musk.
My take on this antitrust lawsuit targeting Google’s display-ads practices: If people as politically opposed as U.S. Attorney General Merrick Garland and Texas Attorney General Ken Paxton all think you’re guilty, you’d better lawyer up.
The notion that DirecTV’s owners–gigantic telecom conglomerate AT&T and the private-equity firm TPG–are somehow members of the woke mob is dumb beyond belief. And yet that claim also fits right into a pattern of performative victimhood in the Trumpian part of today’s Republican Party.
Tuesday night treated me to the first space launch I’d seen in person–meaning close enough to hear it–since 2018. And unlike the previous three launches that I have been privileged to experience from that close, this one did not require a flight to Florida.
A press pass issued by Rocket Lab granted a much closer view of its “Virginia is for Launch Lovers” mission, just two miles away from a spare concrete pad next to the Atlantic. At ignition about 40 minutes after sunset, Electron lit up the shore, a brilliant beacon shooting into the sky. The sound rolled out to us about two seconds later–a steady low-frequency roar that might have been an especially loud jet engine, except jets can’t shoot anything into Earth orbit. A clear sky let me track the rocket through first-stage separation, then follow the second stage as its exhaust left a plume dozens of miles up.
If you’re reading this around the D.C. area, you should have multiple chances to experience that, as Rocket Lab plans four to six launches from Wallops this year. Things to know in advance:
• The range at Wallops doesn’t shout “space flights here,” lacking the giant gantries of the Kennedy Space Center; the tallest structure is a water tower emblazoned with NASA’s “meatball” circular blue logo.
• Wireless coverage can get really bad, so you should not bank on being able to Instagram launch photos.
• Don’t expect the same show you’d get at a KSC launch. At liftoff, Electron’s thrust is 43,000 pounds, while at launch Antares (with one launch left this year) is good for 864,000 pounds. In comparison, SpaceX’s Falcon 9 and Falcon Heavy have 1.7 and 5.1 million pounds of sea-level thrust sending them skyward. But while you won’t have the experience of feeling a giant rocket’s sound rush over you like an acoustic avalanche, it is still a kind of magic to see something people made leave the ground and soar into the black, all the way to space.
• If you can’t make the trip, you should still be able to see a Wallops launch from around D.C. That’s more easily done at night, when you don’t have to distinguish one contrail from everything else in the sky; you just have to spot a rocket’s red glare.
The post I wrote after Samsung gave me an advance copy of their press release noted the limited number of replacement parts offered under this program, but Technica’s Ron Amadeo–who has a lot more experience with Samsung gadgets than I do–went into detail about how much it doesn’t cover.
I watched a brief but fairly info-dense speech by FCC chair Jessica Rosenworcel about privacy and security risks to U.S. wireless networks and their customers.
Betteridge’s law of headlines suggests that the answer to that question is “no.” A look at the last decade of Congressional inaction on privacy also points to a negative answer.
This column got published considerably after I filed it, and I don’t exactly know why. Fortunately (or unfortunately, if you’re a LastPass customer), LastPass hasn’t provided any more clarity about its data breach since I wrote the piece.
The Washington Auto Show’s public-policy day didn’t feature an enormous amount of news, but two panels featuring Biden administration representatives yielded some useful details about efforts to electrify government vehicles and support building out hundreds of thousands of new car chargers.
Information-security lawyer Harley Geiger gave an amusing and informative talk at the ShmooCon conference about the state of computer-crime laws and how they can menace legitimate security research.
Somebody with a 17-year-old vehicle in their driveway should be the easiest mark possible at an auto show. Any new car on display there should offer an immense advance in comfort and convenience–and an even greater leap in efficiency when the vehicle has a battery-electric drivetrain.
And yet my visit Thursday to the Washington Auto Show on its public-policy day left me relieved that our 2005 Toyota Prius–somehow still only the second car I’ve owned–keeps rolling along.
It’s not that this year’s show didn’t offer an intriguing selection of electric cars, even with VW sitting out the entire event. Multiple automakers now have not-too-big EVs on the market at not-crazy prices that offer decent range and charge quickly.
(If a tree fell on our Toyota tomorrow, I’d probably make a Kia EV6 and a Hyundai Ioniq 5 our first test drives.)
But the selection will only expand as automakers–here I have to note that decades of poor judgment at Toyota have left it shamefully far behind in EVs–race to bring more electric cars to the market. And each new model year represents another 12 months for manufacturers to improve on existing designs and for batteries to get more efficient. And each new month means more car chargers springing up along the nation’s roads, soon to be accelerated with nearly $5 billion in funding from the 2021 infrastructure law.
Our own house would need its own wiring upgrade before we’d want to park an EV in the driveway. That probably won’t get any cheaper and may cost a lot more than expected, depending on what kind of quirky work lurks inside our century-old abode.
Meanwhile, living in a walkable and Metro-served neighborhood, with no driving commutes for me or my wife, affords us the luxury of not having to use our vehicle that much. And of not even having to think that much about what’s become a relatively low-mileage old car–except, perhaps, when I’m surrounded by shiny new alternatives to it.
2/13/2020: Update Now: Apple Ships Fixes for Zero-Day Vulnerability in Macs, iPhones, iPads, PCMag
Rob Pegoraro 